The aim of the Machinery Directive 2006/42/EC is to simplify the free circulation of machinery within the EU, by standardising the approach to safety. Its introduction also signals an important shift in the approach to safety and the key change is in the area of risk assessment. Risk assessment used to be carried out in most cases anyway, but it has now been formalised and must be written down. The routes to compliance are much the same as before, but now you need to have proof of the risk analysis. However, there is no reason to over-specify safety systems because of the new Machinery Directive; existing features will be acceptable in most cases.
Although the Machinery Directive requires machinery to be safe, there is no such thing as zero risk. The objective is to minimise the risk. The Machinery Directive outlines how machine builders should assess what risk equipment poses to users and how they should go about reducing risks as far as possible.
Machine safety has become one of the most rapidly growing areas of importance in industrial automation. Using modern safety systems, it is possible to integrate safety as part of the function of the machine, rather than bolting it on as an afterthought. Traditionally, safety has been achieved by adding electrical and mechanical components once the machine has been completed, sometimes at the cost of productivity. Operators occasionally override these systems as they try to improve productivity, which can lead to accidents.
2006/42/EC is a ‘new approach’ directive, where the legislation only gives broad guidelines to achieve the desired outcome, rather than specific instructions. It takes into account the probability of failure of the entire safety function, not just its components. Unlike the old standard EN 954-1, the new standards embraced by 2006/42/EC (EN ISO 13849-1 and EN 62061) allow the use of programmable safety systems, such as variable speed drives. If a variable speed drive or another programmable safety system is used, the machine builder needs to obtain reliability figures from the manufacturer and include these in the risk assessment.
In practical terms, this can mean that the drive’s Safe Torque Off (STO) function is used instead of a contactor, reducing the amount of hardware required – and hence cost. It can also be more practical to use STO rather than a contactor, as this disconnects power to the inverter (the bit that powers the motor) while maintaining power to the drive electronics. Thus drive diagnostics functions are maintained during a shutdown and it will be possible to analyse the event afterwards. But a note of caution: STO does not isolate the motor, it merely stops it.
STO replaces the two contactors that would normally be used, connected in series. For instance, lathes no longer need to have contactors interlocked with the opening gate, but can now rely on the drive’s STO function while a work-piece is changed.
The road to compliance
The Machinery Directive requires machine builders to carry out a risk assessment (which must be documented) of the Essential Health and Safety Requirements (ESHR) - requirements that the machinery must meet in order to comply and obtain CE marking. Machine parts or incomplete machines must be supplied with a declaration of incorporation that defines which requirements of the directive apply and have been complied with.
There are a number of harmonised European standards (EN standards) for risk assessments that manufacturers can follow to meet the requirements of the Machinery Directive. Using these standards is not strictly necessary, but it is normally the easiest way to achieve compliance.
Implementing the functional safety system involves designing and constructing a safety function that meets the required safety performance. Using certified subsystems, such as variable speed drives, can save the designer a lot of work, as some of the safety and reliability calculations are already made.
Managing functional safety is achieved by implementing a project management and quality management system. Comparable in some ways to, ISO 9001 standards, this management system can be specified in the form of a safety plan that identifies all relevant activities, describes the strategy for fulfilling safety requirements and identifies responsibilities and procedures.
Machine builders can carry out self-certification without a recognised test centre, provided that they have a quality assurance procedure as described in the Directive. However, certification must be inspected by a recognised test centre every five years.
There are two alternative standards that can be followed when implementing functional safety systems in compliance with the Machinery Directive: The International Electrotechnical Commission (IEC) standard and the International Organisation for Standardisation (ISO) standard. Following either standard leads to a very similar outcome, but it is important that the same standard is followed all the way through.
Establishing the safety level
Risk analysis means deciding the limits and intended use for the machine, identifying the hazards that may arise and estimating the identified risks in terms of severity and probability. Risk reduction measures are then applied and any remaining risk is documented. The most effective way is to eliminate the risk by changing the design or work process of the machine. If this is not possible, risks are minimised with additional protective measures, warning signs and operating instructions, and by specifying additional safeguards against the remaining hazards.
Once safety systems have been implemented, they need to be verified to ensure that they achieve their objectives. This verification process should take place alongside the implementation process, not after it, to ensure that the implementation process actually results in a system that meets the specified requirements. The design of the machine must then be documented and relevant user documentation produced before the machine fulfils the requirements set out in the Machinery Directive.
The final step is the conformity assessment. The machine builder has to prove that the machine is implemented in conformance with harmonised standards by compiling all necessary documentation showing that it conforms to the Machinery Directive and other Directives that apply. Once a conformity assessment has been made, the CE marking can be affixed and the machine placed on the market.
Geoff Brown is an applications consultant with ABB