Cobot Safety

The image on the left demonstrates the difference between cobots and traditional industrial robots. The cobot is enabled and electricity is running through its motors, but a factory worker is inside the cobot's workspace. This is not possible with traditional industrial robots.

History - Historically, the Occupational Health and Safety Administration (OSHA) required power to be removed before personnel could access hazardous areas. The workspace of an industrial robot was considered to be a hazardous area, so power had to be removed from the robot's motors before personnel could enter the workspace. This drove safety solutions for industrial robots to fencing. In the early 2000's, OSHA began accepting petitions from companies with solutions based on redundant, fail-safe designs that were so safe as to be considered statistically equivalent to removing power. Today's cobots fall into that category. It is possible, but by no means guaranteed, to design automation solutions where people can safely share a workspace with cobots, without requiring that power be removed from the cobots' motors.

Manufacturer's Instructions - If you are going to do anything except "plug&play" with your cobots (for example, integrate door interlocks, laser curtains, etc.), you must follow standards for safety critical components. To do this you will need to follow the instructions that come in the user manuals for the equipment you buy. For example, a laser curtain will be safety-rated when you buy it. The user manual for the laser curtain will tell you not to connect it to anything that is not safety-rated. Do not connect that safety curtain to a standard relay, especially not a standard solid-state relay. The laser curtain must be connected to a safety relay. Similarly, door interlock sensors need to be safety-rated (not standard switches and especially not normally open, momentary contact switches) that may need to be monitored. Follow the manufacturer's instructions and DO NOT IMPROVISE.

Industry Standards - Most of the literature around cobot safety you will find online references the EN ISO 10218 standard parts 1 & 2 (safety requirements for "traditional" industrial robots) and the ISO/TS 15066 specification (safety requirements for collaborative industrial robots) If you are considering cobots for your factory, someone in your organization should master these standards before you deploy them. If there are machine tools on the factory floor, then the ANSI B11.19 Safeguarding criteria will be important.  Will your system have an emergency stop functionality (besides the functionality that comes with the cobots and the other machines)? If so, then the NFPA 79 Electrical Standard for Industrial Machinery will likely apply. 

The standards discussed above are quite detailed. In the bigger picture, what standards apply to the industry where the cobot will be deployed? In the military & aerospace industry (mil-aero), AS9100 is often considered the industry standard. In the oil and gas industry, American Petroleum Institute Q1 standards may apply. Almost everyone follows ISO9001. These are sometimes called "process" standards. They have processes that are written down and audited for compliance. What ever you do with the safety for your cobot system, it should get into these processes so it is properly documented and audited. For example, consider putting EStop testing in your processes. Specifically how often you test depends on the application, but getting it into your documented processes increases the odds that it will happen. If you are an employer, then compliance with OSHA requirements is mandatory. Generally, when deploying cobots, be mindful of the standards in the industry where the cobots are being deployed, not just the standards around cobot safety.

Emergency Stops (EStops) - It is quite possible that the cobot application you are designing will include emergency stop functionality. NFPA 79 Electrical Standard for Industrial Machinery provides guidance around emergency stops. Suffice to say that you should only use an emergency stop switch that is fail-safe, and designed to be used as an emergency stop switch. As a second step in the design of your emergency stop system (the first was the hazard analysis), write down a list of everything that should happen when someone hits the emergency stop. If that list has one item, "cut power," then you may want to think a bit more about the question. If you remove power from everything, could it make an entrapment situation worse? Maybe you should bleed-off compressed air that is holding clamps closed? Will there be a load in the air that could fall when you cut power? Will it be safe to leave that load in the air without power? Generally, what will happen to stored energy if you cut power to the system? If you are going to design an emergency stop, do some research on how to do it right. Of course, an emergency stop must itself be connected in a fail-safe manner. For example, the system can't keep operating as if nothing happend if the connector from the EStop switch falls off its termination on the back of the Power Distribution Unit (PDU).

Safety Rated Components - Safety rated components provide guaranteed (to a reasonable degree of statistical certainty) performance. For example, a safety-rated, force-guided relay uses mechanical components to force a contact open even if the relay is "welded" shut electrically. Safety-rated components often include monitoring to verify the component is operating as intended. For example, a safety-rated relay will typically have a monitoring connection to verify the relay opens when it is commanded to do so. Monitoring functionality can be used to prevent components from "failing silently." Safety rated components MUST be connected to other safety-rated components. For example, DO NOT connect a door interlock switch to a standard relay. Door interlock switches get connected to safety relays. Generally, any relay that is required for the safe operation of a machine needs to be a safety relay.

Software - If you are writing software to go with your cobots, then you should review  IEC 61508, “Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems.” This has been tailored to specific industries including automotive, machinery, nuclear power, process and rail. Review the appropriate tailored standard if you work in one of these industries. IEC 61508 calls out numerous software engineering principles and processes that may apply, depending on the application. As discussed, it is hard to think of a situation where a system with a cobot wouldn't be considered a safety-related system. Some aspects of safety are designed into cobots, but if you are writing software, you should follow the documentation, design, review, etc. standards for developing safety-related software to the degree appropriate for your industry and application.

Machine Guarding - It is also quite possible your cobot safety application will require guarding. ANSI B11.19 Performance Requirements for Safeguarding provides guidance in the design, construction, installation, operation and maintenance of the safeguarding (e.g., guards, safeguarding devices, awareness devices, safeguarding methods and safe work procedures) used to eliminate or control hazards to individuals associated with machine tools. Some machines the cobot interacts with, such as CNC machines with doors, may have built-in guards. Others, for example a machine that seals plastic with a heated element, may not come with guarding, but will require it when integrated with a cobot and human working together. 

Safe Motion Technology - Cobots and people can work safely and concurrently in the same workspace because of "safe motion" technology. I prefer to call it "guaranteed motion" because it is the way the cobot moves (or doesn't move) that is guaranteed, not the safety of the automation system. As it says in the manual for the Universal Instruments UR5, "The robot is partly completed machinery." It is up to the people deploying the cobot to ensure the entire application is safe.

Risk Assessment - All cobot deployments should create and maintain a risk assessment prior to deployment. This should be documented and archived according to standard procedure. ISO 13849-1 provides guidance for assessing the severity of risk. Hazards that may be found in cobot deployments include: striking, ejecting, pinching, pushing, trapping, crushing & cutting. Most cobot applications will be capable of seriously hurting or killing a person. The safety systems need to be designed accordingly.

Fencing - The ability to work without fencing is often cited as one of the primary benefits of cobots. While this may be true, fencing does provide benefits not available with electronic safety measures. For example, if a work piece can be ejected or thrown from a work cell, then there needs to be a physical barrier between that work piece and the people around the work cell. Fences can also be used to guard many machines. Removing the fencing may well create a multitude of individual, point-of-operation guarding requirements.