Readers of Design Products & Applications magazine and sister title, Panel & System Building are unlikely to have missed the coverage both publications have given over recent months to the new Machinery Directive and, in particular, to the imminent phasing out of EN 954-1 (safety of machinery, safety related parts of control systems, Part 1: general principles of design).
While the schedule is still officially on track for a December 2009 transition (EN 954-1 to EN 13849-1), doubts as to the readiness of the industry for this significant change continue to exercise the collective minds of the Machinery Directive Working Group (MDWG). Machine and control system builders have expressed serious concerns about difficulties in applying the new standard in practice, particularly as it calls for component MTBF (mean time between failures) data that, in many cases, is not currently available.
At the most recent meeting of the MDWG last July, a European Standardisation Committee (CEN) machinery sector paper was tabled, which advocated extending the acceptance of EN954 ‘for a certain time’ beyond the December 2009 date, where harmonised standards continued to reference it. The maximum allowed under CEN house rules is three years, but the MDWG is reportedly seeking a five year extension, which CEN is currently considering.
Pilz consultant, Kevin Ives says EN 954-1 is a standard that machine builders are familiar with and, on the whole, understand and conform to. In a recent Pilz Safety Update email newsletter he says the trouble with EN 954-1 is that it is a relatively simple standard, with an easy-to-follow (too easy, in his opinion) risk graph that helps people establish a safety category for their machine. Safety categories are worked out on a qualitative basis, so the process is also quick. He continues:
“The new EN ISO 13849-1 follows a similar process to define a performance level, but the user then has to perform a number of calculations involving diagnostic coverage, mean time to dangerous failure, architecture and common-cause failures to validate that the performance level has been achieved. In comparison with an EN 954-1 assessment, this is complicated and time-consuming. So the worry is that people will simply carry on doing what they have done for the last 15 years.
“For those people that find themselves using both EN ISO 13849-1 and EN 62061 [the latter only applying to electrical control systems], it is also frustrating - and possibly confusing - that different terminology is used: EN ISO 13849-1 Performance Level b is roughly equivalent to a 'low' EN 62061 SIL 1; Performance Level c is a 'high' SIL 1; Performance Level d is SIL 2; and Performance Level e is SIL3.”
UK based safety compliance consultant, Laidler Associates broadly welcomes the news that the replacement of EN 954-1 is likely to be delayed. Nevertheless, the company expresses concern that the move does nothing to change the fact that EN 954-1 is deficient in many areas. Managing director, Paul Laidler says that for most control system developers and machine builders, this is very good news, since it gives time for the work needed to underpin the new EN 13849-1 standard to be carried out carefully and thoroughly.
Nevertheless, retaining EN 954-1 does have its downside, Mr Laidler warns, as there are many areas that this standard doesn’t cover including, for example, programmable safety equipment, which simply didn’t exist when it was formulated. Control system and machine builders, he says, must be careful about placing too much reliance on EN 954-1 as a way of demonstrating that they have fully met their obligations in relation to control system safety.
So, machine builders appear to have a welcome respite. And despite the fact that a transition must be made at some point in the future, designers may now have several more years enjoying the luxury of choice as to which standard to use for their particular system. However, in making that choice you need to take certain factors into consideration. Kevin Ives again:
“For a simple machine - typically one on which the safety-related control system uses nothing more sophisticated than safety relays - I would usually say use EN 954-1, and I am confident that the HSE would be comfortable with that. However, for more complex machinery, or anything using a programmable safety controller of any sort, I would recommend EN 62061. Complex non-electrical safety-related control systems should be designed to EN ISO 13849-1.”
Les Hunt
Editor