Functional safety

What does functional safety mean?

Labyrinth of standards

The causes of hazards and therefore the technical measures applied to avoid them can vary widely. As a result, different types of safety are differentiated, by the cause of potential hazards for example.

“Functional safety” is the term used when safety depends on the correct function of a control system.

Risk assessment plays a central role with regard to functional safety requirements. The steps you need to consider when assessing and reducing risk on machinery come from the standard EN ISO 12100. The evaluation and verification of safety functions are the prevail of the standards EN ISO 13849 and EN IEC 62061, provided the required safeguarding is dependent on a control system. The safety integrity requirements (PL, SIL) are derived from the risk estimation.

Presentation: Functional safety standards – Changes to ISO 13849-1 and IEC 62061

Pilz Automation Days presentation: Functional safety standards – Changes to ISO 13849-1 and IEC 62061

Functional safety standards are in a transition phase. IEC 62061 was republished in 2021, ISO 13849-1 is expected in the summer of 2022. How will this affect the design of safety-related control systems and compliance with the Machinery Directive? Find out more in the presentation!

Request the recording of our presentation for free:

Quo vadis "functional safety"?

Arrows leading to standards

In automation too, there is a trend towards digitalisation. The rising level of complexity means that configurable or programmable control systems are increasingly used to safeguard plant and machinery. When designing machine controllers, this question often arises in the course of the risk assessment: how do you select the required safety level for safety-related control functions? Manufacturers must select and then combine the components in accordance with certain criteria. The risk estimation looks at the probability of a component failing to danger. The probabilities of failure of the various components must then be examined together. The required safety level is determined via graphs, which illustrate the severity of injury and the frequency or duration of exposure. The greater the risk, the higher the controller's safety-related requirements. Every safety function is examined in the process. For example, protection against unintended restart or shutting down via the E-STOP function in the case of danger, or even ensuring that the machine is still safe, should the controller fail. 

Productivity must also be considered alongside demands for a safe machine. If not, the incentive to tamper with safety devices will increase.  

The requirements of safety-related parts of machine control systems are defined in both ISO 13849 and IEC 62061.

Revision of the standards ISO 13849 and IEC 62061

Both standards had to be updated to continue to represent the "state of the art". The latest edition of IEC 62061 was published on 22 March 2021. ISO 13849 has reached FDIS status; that means that the content can no longer be changed. The impetus to revise both standards stemmed not just from the routine revision and upgrade to the state of the art, but also from the many discussions that took place during the failed attempt to unify the two standards within IEC ISO 17305. 

The following changes affect both ISO 13849 and IEC 62061:  

  • Changed methodology for defining the required safety level (PL or SIL) 
  • Changed requirements of the application software, depending on the complexity and the selected programming languages 
  • Allow subsystems that were developed in accordance with one standard to be used in the other 
Changes ISO 13849 - 2022  Changes IEC 62061 - 2021 
  • Overview (Clause 4) 
  • Definition of safety functions (Clause 5) 
  • Software (Clause 7) 
  • Validation (Clause 10 was adopted from EN ISO 13849-2) 
  • Combinations of subsystems (Annex H) 
  • EMC requirements (Annex L) 
  • Typical safety requirements (Annex M) 
  • Software requirements (Use cases, Annex N) 
  • Scope: independent of technology (no longer limited to E/E/PES) 
  • New annexes for failure rates (Annex C), diagnostic coverage (Annex E) and reliability calculations (Annex K) 
  • “SIL CL” renamed “SIL” 
  • New SW level for application software (Clause 8) 
  • Degrees of independence with SW verification and general validation 
  • EMC requirements (Clause 6.6) 
  • SW-based parameter setting clarified (Clause 6.7) 
  • Added requirements for periodic test, e.g. proof test 
  • Security 

ISO 13849–2022 – Planned changes in detail  

ISO 13849 is available as an FDIS and contains internationally unified requirements, referring to the determination of the required performance levels and identification of safety-related control parts, through to implementation of safety functions. The performance level and associated PFHD can be determined via categories, diagnostic coverage, MTTFD and systematic aspects. The standard is to be applied to safety-related parts of control systems, irrespective of the technology and energy used (electrical, hydraulic, pneumatic, mechanical).  

The standard EN ISO 13849 is currently available in two parts. Part 1 deals with general principles for design and Part 2 deals with validation. In the new edition, the normative Part 2 has been adopted into Part 1 and will most likely be published as the standard ISO 13849-1 in 2022. Part 2 of the standard with the informative appendices will initially remain as it is and will be revised afterwards. 

 These are the planned changes:

  • Clearer structure overall, focusing on the implementation of a safety function as a combination of several subsystems 
  • Use of the term "subsystem" throughout the document (instead of SRP/CS)  
  • Improved and extended specification of safety functions (Clause 5) 
  • Improved guidelines and additional requirements relating to the SRS (safety requirements specification) (Clause 5) 
  • Clarifications regarding design aspects (Clause 6); e.g. optimised Category 2 definition, determination of CCF per subsystem and with regard to fault consideration, fault exclusion and well-tried components 
  • Improvements and clarifications regarding software (Clause 7) 
  • Validation (Clause 10); the normative requirements of ISO 13849-2 were revised and incorporated into Part 1  
  • Determination of the required performance level (Annex A); changes with regard to parameter P  
  • Clarification of measures against common cause failures (CCF) - (Annex F) 
  • Guidelines for the management of functional safety were extended (Annex G.5) 
  • Details of how to guarantee that EMC noise immunity is sufficiently high (Annex L) 
  • Supplementary information for the safety requirements specification (Annex M) 
  • Avoidance of systematic failure through software design (Annex N); contains a simple example for software validation 
  • Additional information on safety-related values of components (Annex O), adapted to the approach of VDMA standard sheet 66413 
Compass pointing to ISO 13849

Transition periods and harmonisation

Publication of ISO 13849-1 was originally planned for 2021 and was postponed to 2022. It is far from clear when it will be harmonised into the EU standard EN ISO 13849-1, whether there will be a transition period for publication of the standard in the Official Journal and, if so, how long this might be.

The process of harmonising IEC 62061 to EN IEC 62061 lasted a year. As soon as an international IEC or ISO standard is published as an EU standard in the Official Journal of the European Union, presumption of conformity applies. That means that a manufacturer who abides by the specifications of the standard can assume that they comply with the health and safety requirements of the Machinery Directive and so, as part of the conformity assessment with the declaration of conformity, can affix the CE mark to their machine. The ratified, international standards can be applied as soon as they have been published on the IEC and ISO websites. However, it is advisable to deal with the expected development at an early stage.

Schedule   Status  Schedule  Status 
ISO 13849-1 (FDIS) 
  • Published
IEC 62061 (FDIS) 
  • Published
ISO 13849-1   Planned for 2022 IEC 62061  
  • Published
EN ISO 13849-1  Open EN 62061 
  • Published
EN ISO 13849-1 (harmonised)  Open EN 62061 (harmonised) 
  • Published

Functional safety at a glance

Consultation on functional safety

The aim of functional safety is always to protect humans and machines from hazards. In Europe, the relevant functional safety standards in the engineering sector are listed in the Machinery Directive. Download our "Functional safety" poster now and discover at a glance the procedure for risk assessment and risk reduction in accordance with EN ISO 12100. You can draw on two important standards, derived from this A-standard:

  • EN ISO 13849-1: Applicable for electrical/electronic/programmable electronic/hydraulic/pneumatic/mechanical systems
  • EN IEC 62061: Applicable for electrical/electronic/programmable electronic systems

Important parameters for the reliability of safety-related functions are the safety integrity level (SIL) and performance level (PL).

Download functional safety poster

Safety of machinery - ZVEI flyer on functional safety

The subject of machinery safety is of great importance, not only in Europe but also in many other world regions. In Europe, it's primarily the Machinery Directive that's relevant for the safety of machinery and production plants. This is where the essential health and safety requirements are stated and specified through standards. ZVEI (German Electrical and Electronic Manufacturers' Association) has published a flyer on the two most important standards – EN ISO 13849 and EN 62061 – providing clear information on the application of the two standards and the differences between them.

Download flyer

Download arrow on a tablet

Further information



Pilz Ireland
Cork Business and Technology Park, Model Farm Road

Telephone: +353 21 4346535

Technical Support

Telephone: +353 21 4804983