EMC and Machinery Safety – a new guide
Eur Ing Keith Armstrong C.Eng MIEE MIEEE
Partner, Cherry Clough Consultants
Chair of IEE Working Group on EMC and Functional Safety
Phone: 01457 871 605 Fax: 01457 820 145 Email:
[email protected]Introduction
New guidelines on EMC-related Functional Safety for machinery manufacturers have been developed by
the UK’s EMC Test Labs Association (EMCTLA, UK, www.emctla.org). This article explains why this
guidance is needed, and what is involved in following it.
Due to the increased use of electronic and programmable electronic devices in all aspects of machine
control, inadequate EMC could increase the health and safety risks to machinery operators and third par-
ties. But complying with the EMC Directive (EMCD) and/or its harmonised EMC standards does not
necessarily cover EMC-related functional safety [1].
Cenelec’s R0BT-004:2001 [2] says that all safety issues – including EMC-related ones – are required by
the EC to be dealt with under their safety directives, such as the Low Voltage and Machinery Safety Di-
rectives. But although the MSD tries to cover foreseeable EM disturbances to achieve an adequate level
of safety, it is very weak on this issue and there are conflicting interpretations between machinery manu-
facturers, experts in EMC and/or safety, test laboratories and Notified Bodies.
The EMCTLA guide described here is based upon the IEE’s guide: "EMC and Functional Safety" [1],
[3], [4] and the new functional safety standards IEC/TS 61000-1-2 [5] and IEC/EN 61508 [6].
Safety and the EMCD
The EMCD is not suitable for safety purposes ([2] [7] [8]). Safety must cover issues like foreseeable…
! Overload
! Environmental extremes
! Equipment faults
! Human error and misuse
– but the EMCD only addresses normal operation so it is clearly unsuitable where safety is concerned.
Can we use the harmonised EMC standards?
The generic immunity standards
The industrial generic immunity standard IEC/EN 61000-6-2 [9], states in Note 1 to its Scope that
“Safety considerations are not covered by this standard.”.
It goes on to warn (Note 2) that: “In special cases, situations will arise where the level of disturbances
may exceed the levels specified in this standard e.g. where an apparatus is installed in proximity to ISM
equipment as defined in CISPR11 or where a hand-held transmitter is used in close proximity to an ap-
paratus. In these instances, special mitigation measures may have to be employed.” ISM equipment uses
radio-frequency (RF) energy to process materials, and is not uncommon in certain industries (e.g. plastic
welding/sealing machines used for sealing plastic packages; induction heating for metal treatment; RF-
assisted arc welding; etc.).
The standard does not say what it means by ‘close proximity’ and it also fails to cover foreseeable situa-
tions such as proximity to powerful vehicle-mounted radio transmitters or proximity to the base-stations
of private mobile radio or cellphone systems.
The generic emissions standards
People often forget that the EM disturbances emitted by a new equipment could also be troublesome to
1
�existing safety-related systems. The industrial generic EMC emissions standard IEC/EN 61000-6-4 [10],
states in its Note 1 that: “The limits in this standard may not, however, provide full protection against
interference to radio and television reception when the apparatus is used closer than 30m to the receiv-
ing antenna.” If voice or data radio communications are involved in safety-related functions a 30m ‘ex-
clusion zone’ might be unacceptable. Many modern radio systems operate at frequencies higher than
those for which [10] sets emissions limits. These include the Global Positioning System GPS (renowned
for being prone to interference); GSM at 1800MHz; Bluetooth and IEEE 802.11b at 2.45GHz, etc.
Meeting [10] is no guarantee that these systems will operate even at distances of greater than 30m.
Note 2 in [10] states: “In special cases, for instance when highly susceptible apparatus is being used in
proximity, additional mitigation measures may have to be employed to reduce the electromagnetic emis-
sions further below the specified levels.”
The total set of EM disturbances (threats) that But there is no guidance on what is meant
could occur over the life of the product or system by “highly susceptible” or “proximity”. In
many cases, such information is not forth-
coming from suppliers and the sensitivity of
such apparatus is unknown. Note that the
Low-probability Caused by
electrical faults Provision and Use of Work Equipment Di-
EM disturbances
rective (PUWER) requires safety to be
Commonplace EM disturbances maintained even when machines or their
Caused by
covered by IEC product and environment are changed.
misuse
generic immunity standards
Other harmonised EMC standards
Commonplace EM disturbances not covered
Most harmonised EMC standards include
by IEC product or generic immunity standards statements with the same effect as above.
The figure opposite shows the relationship
between the electromagnetic (EM) envi-
ronment and harmonised EMC standards.
EMC coverage by the Machinery Safety Directive 98/37/EC (MSD)
The only clauses in the MSD that mention EMC-related functional safety are in Annex 1 (specifically:
1.2.1; 1.2.6; 1.2.7; 1.5.10; 1.5.11 and 1.7.4), and these are found not to be comprehensive or to refer to
the EMCD or its standards, which we now know are inadequate where safety issue are concerned.
“Useful facts in relation to 98/37/EC” [12] pages 110 and 111, answering the question: “How to take
account of electromagnetic effects in the context of the machinery directive?” states: “We should bear in
mind that effects of interference on the machine are covered specifically by the EMCD and not the ma-
chinery directive.” This is now directly contradicted by [2].
Most MSD Notified Bodies (and some EMC Competent Bodies) take a more robust approach to EMC-
related functional safety, but there is no legal obligation for manufacturers to involve a Notified Body or
any other third-party when declaring a machine compliant to the MSD (unless the machine is included in
MSD’s Annex IV).
EMC and harmonised Machinery Safety Standards
EN 292-2 [13] clause 3.7.11 covers other measures for preventing hazardous malfunction, and states:
“For all machines, electromagnetic compatibility of electronic equipment shall comply with the relevant
standards.” IEC 60204-1 [14] clause 4.4.2 states: “…the equipment shall have an adequate level of im-
munity to electromagnetic disturbances so that it can operate correctly in its intended environment.”,
but then spoils it by referring to EMCD standards. So [13] and [14] imply (or state) that compliance with
2
� the EMCD and its harmonised stan-
Machinery
Machinery Some existing guides and
Butthe
theEMC
EMC
dards covers EMC-related functional
Safety Directive But
Safety Directive advice on 98/37/EC Directive
Directive safety, although we now know that it
98/37/EC
98/37/EC 89/336/EEC
89/336/EEC does not.
requiresEMC
requires EMCto to
doesnot
does not
beconsidered
considered
be
forreasons
reasonsofof
cover safety
cover safety Annex 18 to [14] describes the technical
for
functionalsafety
functional safety documentation to be provided, but does
Some EMC Competent Bodies and/or
Machinery Notified Bodies advise… not suggest specifying the EM envi-
ronment in which the machine has been
EMCactivities
EMC activities designed to operate safely (e.g. how
relatingto
relating to close walkie-talkies or cellphones are
functionalsafety
functional safety But
Harmonized
Harmonized But permitted to be). Clearly a significant
concerns
concerns harmonized
Machinery harmonized
Machinery (additionaltotoEMC
(additional EMC EMCstandards
standards omission.
standardsrefer
refer EMC
standards Directive
Directive statethat
thatthey
they
toharmonized
harmonized compliance) state The figure opposite tries to show the
to compliance) don’t cover
EMCstandards
EMC standards don’t cover
safety
safety present confusion over the EMC-related
functional safety of machinery.
Machinery hazards and risk analyses
The relevant standard when doing an MSD hazards and risk analysis is EN 1050 [15].Clause 7.3.5 says
“Risk estimation shall take account of the reliability of components and systems. It shall: - identify the
circumstances which can result in harm (e.g. component failure, power failure, electrical distur-
bances)….” But it doesn’t specify analysing
Exampleof
Example ofaapossible
possible
Existing safety standards or the EM environment or of the responses of
industry best-practices are usually
safetyhazard
safety hazard based on the use of traditional or components, equipment or systems to EM
commonplace technologies
disturbances.
Some engineers assume that safety standards
Usingtraditional
Using traditional Usingaanew
Using newtechnology
technology
technology (e.g.electronics
electronicsandandsoftware)
software) cover all possible hazards and reduce their
technology (e.g.
risks to negligible amounts. They argue that,
since inadequate EMC cannot create new
Verylow
Very lowrisks
risks Possiblyvery
Possibly veryhigh
highrisks
risks hazards, nothing need be done. But this ap-
(verylow
(very lowprobability
probabilityof
of (possiblyvery
(possibly veryhigh
highprobability
probability
thehazard
the hazardoccurring)
occurring) ofthe
of thehazard
hazardoccurring)
occurring) proach neglects the ‘risk’ part of ‘hazard and
risk’ analysis. Risk is the probability that the
hazard will occur, and an analysis that ig-
Minimalrisk
Minimal riskreduction
reduction Rigorousrisk
Rigorous riskreduction
reduction nores EMC might assess the risk incorrectly.
measuresrequired
measures required measuresmight
measures mightbe beessential
essential
The figure opposite summarises this general
issue.
The EMCTLA’s new TGN
EMCTLA Working Group B has recently completed its Technical Guidance Note (TGN) on how ma-
chinery manufacturers should set about achieving EMC-related functional safety. These guidelines are
based on the approach taken by the IEE’s 2000 guide [3] [4]. At the time of writing the TGN’s final title
and number has not been allocated, but it will appear in due course on the EMCTLA’s website
(www.emctla.org), in the section on Technical Guidance Documents. An example of applying the draft
EMCTLA guide to a machine is given in [18].
This TGN will be submitted to the MSD Notified Bodies co-ordinating committee – proposing it for
adoption as official guidance under the MSD to replace the present confusion.
3
�Basic guidance
The basic issues a machinery manufacturer should address are:
1. What EM disturbances, however infrequent, might the apparatus be exposed to?
This would normally be achieved by determining all the EM disturbances the machine might be exposed
to during its life cycle. Help is available from the supporting documents listed below.
2. What are the reasonably foreseeable effects of such disturbances on the apparatus?
This should be addressed by applying [5], using the Fault-Tree approach (or similar) as recommended.
3. How might the EMC disturbances emitted by the apparatus affect other apparatus (existing or
planned)? (Don't forget that equipment in use outside the EU, and pre-1996 legacy equipment within
the EU, may never have been designed or tested for EM immunity.)
This should be addressed by applying [5], using the Fault-Tree approach (or similar) as recommended.
4. What could be the reasonably foreseeable safety implications of the above? (In particular, what is the
severity of any hazard, the scale of any risk, and their corresponding safety integrity levels?)
This should be addressed by completing a hazard and risks assessment [15], referencing [6] as required.
5. What level of confidence (verification? proof?) is required that all the above has been fully consid-
ered and all necessary actions taken to achieve the desired level of safety?
Validation (e.g. testing) requirements are addressed in [5].
6. Record what has been done to achieve functional safety in the MSD Technical Documentation, in-
cluding results or reports from any safety-related EMC testing carried out, together with the haz-
ard/risk assessment.
Documents supporting the TGN
These include [4], [5], [6], [15], [16] and [17], plus another Technical Guidance Note that WG(B) are
preparing to help with specifying the EM environment of a machine, which will be similar to Tables 4.1
- 4.3 in [16]. This lists…
• A complete list of all possible EM disturbances and what causes them
• The standards can be used to assess the environment or measure emissions of each type of distur-
bance from equipment
• The types of electromechanical or electronic devices or circuits that are most likely to suffer interfer-
ence from each type of disturbance
• The immunity test standards that can be used to validate equipment against each type of disturbance.
Summary of IEC/EN 61508
[6] is a “basic safety publication” which can be used as it is, but its main purpose is to be referenced by
product-family safety standards (which will generally become harmonised and notified under safety Di-
rectives). It is intended to be applied to the functional safety of complex safety systems involving elec-
tronic devices with or without software, and is already being used by the UK’s Health and Safety Execu-
tive (HSE) as an example of good safety engineering practices for machinery (and other types of equip-
ment). [6] has seven parts…
Part 1 – General requirements
Part 2 – Requirements for E/E/PE systems
Part 3 – Software requirements
Part 4 – Definitions and abbreviations
Part 5 – Methods for determining SILs
4
�Part 6 – Guidelines on applying parts 2 and 3
Part 7 – Overview of techniques and measures
– and it covers the following areas…
• Management of functional safety
• Technical safety requirements for all lifecycle phases
• The competence of the people involved in any safety lifecycle activity
The technical safety requirements of [6] can be summarised as…
• Do a comprehensive hazard and risk analysis
• Derive the safety requirement specification
• Design the safety-related system to meet the safety requirement specification, taking into account all
possible failures, including…
! random hardware faults
! systematic faults in hardware and software
! human factors
Summary of IEC/TS 61000-1-2
At present [5] is an IEC Technical Specification, not a full IEC standard, and in a few years time it is
expected to become a full IEC standard to support [6]. It addresses how to achieve functional safety
having regard to the EM disturbances and specifies procedures for:
• Determining and specifying requirements
• Design aspects including installation of the equipment
• Analytical assessment methods
• Testing recommendations
• Documentation
[5] applies to the influence of the EM environment (including adjacent devices) on equipment. It is in-
tended for use by product standard committees, designers, and the manufacturers and installers of
equipment and systems. It focuses on the safety analysis and testing methods related to electro-magnetic
influences. With regard to quantitative assessment methods, i.e. probability of failures, it recommends
the methods described in [6]. Issues covered by [5] include:
• The achievement of functional safety
• The EM environment
• Safety requirements and failure criteria
• Dependability analyses (e.g. Fault-Tree Analysis)
• EMC testing with regard to safety
• Reporting the influence of EM disturbances on the functional safety of an equipment
There are two examples in [5] showing how it is intended to be used: Annex B.1 describes its applica-
tion to a gas burner controller; while Annex B.2 describes the control and command of a high voltage
substation.
Conclusions
Rapidly increasing machinery automation by electronics and software are increasing the likelihood that
EM disturbances will increase safety risks. Correctly taking EMC-related functional safety into account
is now important for the hazards and risks analysis and hence the safety of many types of machines.
5
�At present, the guidance on how to deal with the potential consequences of EM disturbances for the
functional safety of machinery is fragmented and contradictory. Where such guidance suggests that
complying with the EMCD and/or its standards is sufficient for this purpose – it is incorrect.
The EMCTLA’s new Technical Guidance Note describes a method for ensuring that functional safety is
not compromised by foreseeable EM disturbances.
References
[1] EMC and Functional Safety – An introduction to an important new report from the IEE. Keith Armstrong,
York EMC 2000 Conference Proceedings
[2] R0BT-004:2001 EC Directives, Functional Safety and the role of CENELEC standardisation (available from
BSI as PD R0BT-004:2002)
[3] EMC-Related Functional Safety, Keith Armstrong, ITEM UPDATE 2001, pages 52-59
[4] EMC and Functional Safety, guide from the Institution of Electrical Engineers, London, 2000 (downloadable
from: www.iee.org.uk/Policy/Areas/Electro/ as a ‘Core’ document and nine ‘Industry Annexes’ (Note: URL
may be case sensitive)
[5] IEC/TS 61000-1-2:2001 Electromagnetic Compatibility (EMC) – Part 1-2: General – Methodology for the
achievement of the functional safety of electrical and electronic equipment with regard to electromagnetic
phenomena
[6] IEC/EN 61508 Functional Safety of Electrical, Electronic and Programmable Electronic Systems (7 parts)
[7] Considerations on safety and EMC, R De Vré, Annex A to CLC(SG)765 C210(Sec)151 12/05/99, pages 6-7
[8] Report of the SLIM III team on the electromagnetic compatibility directive (89/336/EEC as amended), Final
version, Brussels 24th September 1998 (see paragraphs 12-14 and recommendations R5, R7. SLIM III docu-
ments may be obtained from: http://europa.eu.int/comm/enterprise/electr_equipment/emc/slim/review.htm
[9] IEC 61000-6-2:1999 Electromagnetic Compatibility (EMC) – Part 6-2: Generic standards – Immunity for
industrial environments. (Modified and notified under the EMCD as the EU harmonised standard EN 61000-
6-2:2001.)
[10] IEC 61000-6-4:1997 Electromagnetic Compatibility (EMC) – Part 6-4: Generic standards – Emission stan-
dard for industrial environments. (Modified and notified under the EMCD as the EU harmonised standard
EN 61000-6-4:2001.)
[11] Comments on Directive 98/37/EEC, European Commission, 1999, ISBN 92-828-5659-3, available from:
http://europa.eu.int/comm/enterprise/mechan_equipment/machinery/guide/content.htm
[12] Useful Facts in Relation to the Machinery Directive 98/37/EC, available from the Machinery Directive’s of-
ficial homepage: http://europa.int/comm/enterprise/mechan_equipment/machinery/index.htm
[13] EN 292-2 Safety of machinery – Basic concepts, general principles for design Part 2. Technical principles
and specifications
[14] IEC 60204-1:1997 Safety of machinery – Electrical equipment of machines –Part 1: General requirements.
(As the harmonised EU standard EN 60204-1:1998 this is notified under both the LVD and MSD.)
[15] EN 1050:1997 Safety of machinery – Principles for risk assessment
[16] EMC for Systems and Installations, Tim Williams and Keith Armstrong, Newnes 2000, ISBN: 0 7506 4167 3
[17] IEC 1000-2-5 Electromagnetic compatibility (EMC) Part 2. Environment Section 5. Classification of elec-
tromagnetic environments – Basic EMC Publication
[18] Safety implications of EMC, Approval, March/April (pages 25-29) and May/June 2002 edition
