EN 62745:2017

SLOVENSKI STANDARD
01-december-2017
9DUQRVWVWURMHY6SORãQH]DKWHYH]DEUH]åLþQRSRYH]DYRXSUDYOMDOQLNRYH
QDG]RUQLKVLVWHPRYVWURMHY,(&
Safety of machinery - General requirements for cableless control systems of machinery
(IEC 62745:2017)
Sicherheit von Maschinen - Anforderungen für kabellose Steuerungen an Maschinen
(IEC 62745:2017)
6pFXULWpGHVPDFKLQHV±([LJHQFHVJpQpUDOHVSRXUOHVV\VWqPHVGHFRPPDQGHVDQVILO
GHVPDFKLQHV,(&
,(&
Ta slovenski standard je istoveten z: EN 62745:2017
ICS:
13.110 Varnost strojev Safety of machinery
35.100.01 Medsebojno povezovanje Open systems
odprtih sistemov na splošno interconnection in general
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD EN 62745
NORME EUROPÉENNE
EUROPÄISCHE NORM
June 2017
ICS 13.110; 29.020; 35.100.01
English Version
Safety of machinery - Requirements for cableless control
systems of machinery
(IEC 62745:2017)
Sécurité des machines - Exigences générales pour les Sicherheit von Maschinen - Anforderungen für kabellose
systèmes de commande sans fil des machines Steuerungen an Maschinen
(IEC 62745:2017) (IEC 62745:2017)
This European Standard was approved by CENELEC on 2017-04-11. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden,
Switzerland, Turkey and the United Kingdom.

European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2017 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. EN 62745:2017 E
European foreword
The text of document 44/783/FDIS, future edition 1 of IEC 62745, prepared by IEC/TC 44 “Safety of
machinery - Electrotechnical aspects" was submitted to the IEC-CENELEC parallel vote and approved
by CENELEC as EN 62745:2017.
The following dates are fixed:
(dop) 2018-01-11
• latest date by which the document has to be
implemented at national level by
publication of an identical national
standard or by endorsement
• latest date by which the national (dow) 2020-04-11
standards conflicting with the
document have to be withdrawn
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights.
Endorsement notice
The text of the International Standard IEC 62745:2017 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standards
indicated:
IEC 60068-2-1 NOTE Harmonized as EN 60068-2-1.
IEC 60068-2-2 NOTE Harmonized as EN 60068-2-2.
IEC 60068-2-6 NOTE Harmonized as EN 60068-2-6.
IEC 60068-2-27 NOTE Harmonized as EN 60068-2-27.
IEC 60068-2-30 NOTE Harmonized as EN 60068-2-30.
IEC 60068-2-64 NOTE Harmonized as EN 60068-2-64.
IEC 60204 (Series) NOTE Harmonized as EN 60204 (Series).
IEC 60870-5-1 NOTE Harmonized as EN 60870-5-1.
IEC 60947-5-8 NOTE Harmonized as EN 60947-5-8.
IEC 61508 (Series) NOTE Harmonized as EN 61508 (Series).
IEC 61784-1 NOTE Harmonized as EN 61784-1.
IEC 61784-3:2016 NOTE Harmonized as EN 61784-3:2016.
ISO 12100 NOTE Harmonized as EN ISO 12100.

Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
NOTE 1 When an International Publication has been modified by common modifications, indicated by (mod), the relevant

EN/HD applies.
NOTE 2 Up-to-date information on the latest versions of the European Standards listed in this annex is available here:
www.cenelec.eu.
Publication Year Title EN/HD Year
IEC 60068-2-31 2008 Environmental testing -- Part 2-31: Tests - EN 60068-2-31 2008
Test Ec: Rough handling shocks, primarily
for equipment-type specimens
IEC 60204-1 (mod) 2005 Safety of machinery - Electrical equipment EN 60204-1 2006
of machines -- Part 1: General
requirements
- -  + corrigendum Feb. 2010
IEC 60947-5-1 2016 Low-voltage switchgear and controlgear - EN 60947-5-1 2016
Part 5-1: Control circuit devices and
switching elements - Electromechanical
control circuit devices
IEC 60947-5-5 -  Low-voltage switchgear and controlgear -- EN 60947-5-5 -
Part 5-5: Control circuit devices and
switching elements - Electrical emergency
stop device with mechanical latching
function
IEC 62061 -  Safety of machinery - Functional safety of EN 62061 -
safety-related electrical, electronic and
programmable electronic control systems
ISO 13849-1 -  Safety of machinery - Safety-related parts EN ISO 13849-1 -
of control systems - Part 1: General
principles for design
ISO 13849-2 -  Safety of machinery - Safety-related parts EN ISO 13849-2 -
of control systems - Part 2: Validation
ISO 13850 -  Safety of machinery - Emergency stop EN ISO 13850 -
function - Principles for design

IEC 62745 ®
Edition 1.0 2017-03
INTERNATIONAL
STANDARD
colour
inside
Safety of machinery – Requirements for cableless control systems of machinery

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 13.110; 29.020; 35.100.01 ISBN 978-2-8322-4013-7

– 2 – IEC 62745:2017 © IEC 2017

CONTENTS
FOREWORD . 4
INTRODUCTION . 6
1 Scope . 7
2 Normative references . 7
3 Terms, definitions and abbreviations . 8
4 Functional requirements . 11
4.1 General . 11
4.2 Operational preventions . 12
4.2.1 Prevention of inadvertent actuation . 12
4.2.2 Prevention of unauthorised operation . 12
4.2.3 Prevention of unintended commands . 12
4.3 Serial data transfer . 13
4.4 Removal of remote station transmission . 13
4.5 Establishment and indication of transmission and communication . 14
4.6 Safety-related functions of the CCS . 14
4.7 Stop functions of the CCS . 14
4.7.1 General . 14
4.7.2 Safety-related stop functions of a CCS . 14
4.7.3 Classification of stop functions . 15
4.8 Reset . 17
4.9 Cessation of transmission from the remote station . 17
4.10 Latching control functions . 17
4.11 Behaviour on loss of supply . 18
4.12 Multiple remote stations . 18
4.13 Multiple base stations . 18
4.14 Suspension of CCS control . 18
4.15 Configurability protection . 19
5 Verification . 19
5.1 General . 19
5.2 Labelling and markings . 19
5.3 Documentation . 19
5.4 Functional verifications . 19
6 Information for use . 22
6.1 General . 22
6.2 Information to be provided . 22
7 Labelling and markings . 24
Annex A (informative) Logic of stop functions . 25
Bibliography . 27

Figure 1 – Block diagram example of a cableless control system and its interaction with
the machine control system . 12
Figure A.1 – Logic for stop functions . 25

Table 1 – Alphabetical list of definitions . 8
Table 2 – Abbreviations . 8

IEC 62745:2017 © IEC 2017 – 3 –
Table 3 – Overview of stop functions of the CCS . 15
Table 4 – Verification of functional requirements . 21
Table 5 – List of possible verifications to be required to the system integrator . 24

– 4 – IEC 62745:2017 © IEC 2017
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
SAFETY OF MACHINERY – REQUIREMENTS FOR
CABLELESS CONTROL SYSTEMS OF MACHINERY

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 62745 has been prepared by IEC technical committee 44: Safety
of machinery – Electrotechnical aspects.
The text of this standard is based on the following documents:
FDIS Report on voting
44/783/FDIS 44/785/RVD
Full information on the voting for the approval of this International Standard can be found in
the report on voting indicated in the above table.
This document has been drafted in accordance with the ISO/IEC Directives, Part 2.

IEC 62745:2017 © IEC 2017 – 5 –
The committee has decided that the contents of this document will remain unchanged until the
stability date indicated on the IEC website under "http://webstore.iec.ch" in the data related to
the specific document. At this date, the document will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
A bilingual version of this publication may be issued at a later date.

IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.
– 6 – IEC 62745:2017 © IEC 2017
INTRODUCTION
Cableless control systems (CCS) are increasingly being used to provide an operator interface
on a wide range of machinery. The functionality of a CCS and the way in which it interfaces
with the overall machine control system can therefore affect the safety of the machinery.
IEC 62745 specifies requirements for the functionality of a CCS that is interfaced with or is
part of a machine control system for use as an operator control station on a machine.
The extent to which the functionality of a CCS is relied upon to minimise risk on a machine is
a key selection criterion. It is therefore important to select a CCS that provides suitable
control functions with an appropriate safety integrity in accordance with the risk assessment
at the machine.
In some particular applications, the requirements for a CCS can exceed those specified in this
document.
IEC 62745:2017 © IEC 2017 – 7 –
SAFETY OF MACHINERY – REQUIREMENTS FOR
CABLELESS CONTROL SYSTEMS OF MACHINERY

1 Scope
This standard specifies requirements for the functionality and interfacing of cableless (for
example, radio, infra-red) control systems that provide communication between operator
control station(s) and the control system of a machine. Specific requirements are included for
such operator control stations that are portable by the operator.
NOTE The part of the cableless control system that is used as an operator control station is sometimes referred
to as the ‘transmitter’ and the part that interfaces with the machine control system is sometimes referred to as the
‘receiver’. However, to take account of the possibility of bi-directional communication, this standard refers to these
individual parts as the ‘remote station’ and the ‘base station’ respectively.
This document does not deal with cableless communication between parts of a machine(s)
that are not operator control stations.
This document is not intended to specify all of the requirements that are necessary for the
design and construction of a cableless control system. For example, it does not specify
communication protocols, frequency or bandwidth aspects, nor the full range of constructional
requirements such as impact resistance, ingress protection, electromagnetic compatibility,
etc.
The provisions of this document are intended to be applied in addition to the requirements for
electrical equipment in the IEC 60204-1.
This document is a type-B2 standard as stated in ISO 12100.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their
content constitutes requirements of this document. For dated references, only the edition
cited applies. For undated references, the latest edition of the referenced document (including
any amendments) applies.
IEC 60068-2-31:2008, Environmental testing – Part 2-31: Tests – Test Ec – Rough handling
shocks, primarily for equipment-type specimens
IEC 60204-1:2005, Safety of machinery – Electrical equipment of machines – Part 1: General
requirements
IEC 60947-5-1:2016, Low-voltage switchgear and controlgear – Part 5-1: Control circuit
devices and switching elements – Electromechanical control circuit devices
IEC 60947-5-5, Low-voltage switchgear and controlgear – Part 5-5: Control circuit devices
and switching elements – Electrical emergency stop device with mechanical latching function
IEC 62061, Safety of machinery – Functional safety of safety-related electrical, electronic and
programmable electronic control systems
ISO 13849-1, Safety of machinery – Safety-related parts of control systems – Part 1: General
principles for design
– 8 – IEC 62745:2017 © IEC 2017
ISO 13849-2, Safety of machinery – Safety-related parts of control systems – Part 2:
Validation
ISO 13850, Safety of machinery – Emergency stop function– Principles for design
3 Terms, definitions and abbreviations
For the purposes of this document, the following terms and definitions apply.
For an alphabetical list of definitions, see Table 1.
For list of abbreviations see Table 2.
Table 1 – Alphabetical list of definitions
Term Definition number
active stop 3.17
address code 3.7
automatic stop (ATS) 3.19
base station 3.13
cableless control 3.1
cableless control system (CCS) 3.2
disabling of a remote station 3.22
error detection code 3.9
frame 3.6
Hamming distance 3.11
manual stop 3.20
neutral frame 3.10
OFF-state 3.15
operating command signal 3.8
operator control station 3.5
passive stop 3.18
receiver 3.3
remote station 3.12
safety-related stop function 3.16
stop output 3.14
transmitter 3.4
valid signal 3.21
Table 2 – Abbreviations
Term Abbreviation
automatic stop (4.7.3.5) ATS
cableless control system (3.2) CCS
emergency stop (4.7.3.4) EMS
general safe stop (4.7.3.3) GSS

IEC 62745:2017 © IEC 2017 – 9 –
3.1
cableless control
transmission of the machine operator's commands without any wired connection
3.2
cableless control system
CCS
system consisting of at least one remote station and one base station, which uses cableless
control to transmit commands between them
3.3
receiver
part of a cableless control system which receives frames from a transmitter
3.4
transmitter
part of a cableless control system which sends frames to a receiver
3.5
operator control station
assembly of one or more control actuators (part of a device to which an external manual
action is to be applied) fixed on the same panel or located in the same enclosure
Note 1 to entry: An operator control station can also contain related equipment, for example, potentiometers,
signal lamps, instruments, display devices, etc.
3.6
frame
“package” of information exchanged between a remote station and a base station, and
consisting of, for example:
a) address code;
b) operating commands;
c) error detection code;
d) other commands, signals or information
Note 1 to entry: A “frame” is sometimes referred to as a “telegram” or “message”.
3.7
address code
part of a frame that enables a base station or a remote station to recognise frames that are
intended to convey commands to it
Note 1 to entry: The base station or remote station respond to commands that are recognised as having the
relevant address code.
3.8
operating command signal
control signal that is intended to initiate, modify or maintain a machine function
3.9
error detection code
additional information added to each frame to enable the detection of transmission errors
3.10
neutral frame
frame in which all operating command signals are in a state such that when it is received at
the base station it does not activate any outputs intended for control of hazardous operations
of the machine
– 10 – IEC 62745:2017 © IEC 2017
Note 1 to entry: Neutral frames can be used to maintain communication (i.e. a valid signal) between a transmitter
and receiver, for example to preclude automatic initiation of the stop function at a machine.
Note 2 to entry: Neutral frame transmission is intended to prevent hazardous operations of the machine resulting
from establishment or re-establishment of communication.
Note 3 to entry: Neutral frames can contain data, for example parameterisation data, and commands that are not
intended to cause hazardous operations of the machine.
3.11
Hamming distance
number of bit positions in which two frames of the same length differ from each other
3.12
remote station
part of a cableless control system via which an operator interfaces with the cableless control
system
Note 1 to entry: The remote station of a cableless control system is sometimes referred to as a “transmitter”, but
a remote station that is part of a bi-directional cableless control system will incorporate both a transmitter and a
receiver.
Note 2 to entry: The remote station forms the operator control station of a cableless control system.
Note 3 to entry: The remote station can be portable (by the operator), mobile (e.g. installed separately from the
machine on a vehicle or trolley) or fixed (e.g. installed on or near to the machine).
3.13
base station
part of the cableless control system that interfaces with the machine control system
Note 1 to entry: The base station of a cableless control system is sometimes referred to as a “receiver”, but a
base station that is part of a bi-directional cableless control system will incorporate both a receiver and a
transmitter.
Note 2 to entry: The base station may be installed on static or mobile machinery.
Note 3 to entry: The base station is not necessarily a discrete physical entity, but it includes all of the
components that fulfill the requirements specified in this standard for the base station.
3.14
stop output
output circuit of the base station that interfaces with the control system of the machine to
initiate a stop function
Note 1 to entry: Stop outputs can be safety-related or non-safety-related. See also Table 3.
Note 2 to entry: Interfaces to field bus part of a CCS base station can also be considered as an output circuit.
3.15
OFF-state
state of safety-related stop output(s) of the base station, which is intended to be used to
initiate one or more stop functions of a machine
3.16
safety-related stop function
stop function provided by the CCS that results in an OFF-state and whose failure can result in
an immediate increase of the risk(s)
3.17
active stop
stop resulting from transmission of a stop signal from the remote station to the base station

IEC 62745:2017 © IEC 2017 – 11 –
3.18
passive stop
safety-related stop resulting from absence of a valid signal at the base station
Note 1 to entry: A passive stop can be initiated by, for example, an out of range condition, battery failure,
electromagnetic interference.
3.19
automatic stop
safety-related stop initiated without manual actuation of a device by an operator
3.20
manual stop
stop initiated by actuation of a device by an operator
3.21
valid signal
any received frame, including a neutral frame, that is accepted by the error checking routines
of the receiver and contains the relevant address code for the receiver
3.22
disabling of a remote station
deliberate operation that renders a remote station incapable of sending signals to the base
station
4 Functional requirements
4.1 General
Figure 1 illustrates an example of the main elements of a CCS and its interaction with the
machine control system.
– 12 – IEC 62745:2017 © IEC 2017
Machine control system
Operator control stations (3.5)
Cableless control system (3.2)
Remote station (3.12)
Wired Wired
pendant control
Transmitter Receiver
controller(s) station(s)
(3.4) (3.3)
Transmitter
Receiver
(3.3) (3.4)
Control circuits
Base station (3.13)
Wired signals
Wireless signals
IEC
Figure 1 – Block diagram example of a cableless control system
and its interaction with the machine control system
NOTE The references to IEC 60204-1 in this standard could have corresponding requirements in other relevant
parts of IEC 60204 series.
4.2 Operational preventions
4.2.1 Prevention of inadvertent actuation
The remote station and its control actuators shall be designed and arranged so as to minimise
the possibility of inadvertent actuation (for example, caused by dropping to the floor or striking
an obstruction, failure of electronics) generating an unintended hazardous command.
4.2.2 Prevention of unauthorised operation
Where prevention of unauthorised operation of the CCS is required, remote stations shall be
provided with means to prevent unauthorised use (for example, key-operated switch, access
code).
4.2.3 Prevention of unintended commands
Measures shall be taken to ensure that operating command signals:
• affect only the intended base station or remote station (for example, using address code);
• initiate only the intended functions in that base station or remote station.
Such measures shall be resistant to accidental or unintentional change.
Upon detection of malfunction or faults, all relevant safety-related output shall be controlled to
OFF-state with an appropriate safety integrity.

IEC 62745:2017 © IEC 2017 – 13 –
Where hardware switches (for example, DIP) are used for device addressing, additional
measures such as parity checking may be necessary to fulfil the requirements in case of a
fault.
NOTE Typical methods include factory-set coding, which are more robust than user-configurable methods
because they cannot be defeated (either intentionally or inadvertently) by the user.
4.3 Serial data transfer
The serial data transfer shall satisfy one of the following requirements:
• means shall be provided that ensure the probability of an erroneous frame being received
-8 -3
undetected, R(P ), is less than 1 × 10 , given an input bit error probability of P = 10 , if
e e
no better input bit error probability can be proven, or
• the Hamming distance shall be either 4 or the total number of bits in a frame divided by
20, whichever is greater.
-3
NOTE 1 An input bit error probability of P = 10 can be assumed as typical estimate for a wireless channel
e
disturbed by Additive White Gaussian Noise (AWGN) and electromagnetic interference (EMI).
NOTE 2 IEC 60870-5-1 defines a set of possible transmission frame formats.
NOTE 3 Increasing the reliability of serial data transmission only reduces the possibility of errors than can be
occurring in the transmission media.
In addition for safety-related functions of a CCS the residual error probability Λ of undetected
error per hour shall be less than 1 % of the specified PFHD value for the respective function
of the CCS. Residual probability of undetected error per hour Λ shall be calculated by:
Λ(P ) = R(P ) × ν × b [1/h]
e e
where:
Λ(P ): residual probability of undetected error per hour in relation to the input bit error
e
probability
R(P ): residual probability of undetected error per frame in relation to the input bit error
e
probability
P : input error probability. If no better input bit error probability can be proven,
e
-3
P = 1 × 10 applies
e
ν: maximum number of safety-related messages per hour
b: maximum number of listening base stations
NOTE 4 For a definition of PFH see IEC 62061 or ISO 13849-1.
D
NOTE 5 Λ(P ) calculation is based on IEC 61784-3; this approach is valid for cyclic transmission of safety-related
e
messages.
NOTE 6 When using CRC as hash-function, Equation (B.3) or (B.4) from IEC 61784-3:2016 can be applied in
-3
order to determine R(P ) with an input bit error probability of P = 1 × 10 .
e e
The CCS can be equipped with indicator of transmission reliability.
NOTE 7 It is not necessary to provide a separate warning indicator for each condition that can affect transmission
reliability.
4.4 Removal of remote station transmission
Means shall be provided to readily stop transmission from the remote station. This shall be
achieved by one or more of the following:
• a device that interrupts the power supply of transmission for the remote station, where
such a device shall have direct opening action (see IEC 60947-5-1:2016, Annex K), or
• removal of the battery without the use of a tool, or

– 14 – IEC 62745:2017 © IEC 2017
• a dedicated transmission removal function in accordance with IEC 61508, IEC 62061 or
ISO 13849-1 and ISO 13849-2, with an integrity in accordance with 4.7.2.
NOTE A passive stop will result from the removal of transmission power.
4.5 Establishment and indication of transmission and communication
Power up of the remote station or re-establishment of communication (for example, after
power supply interruption, remote station battery replacement, lost signal condition) shall not
activate any output that is intended for control of hazardous operations of the machine.
Initiation or re-initiation of such operations shall require a deliberate action (for example,
releasing a control actuator from its energised position and then pressing it again).
The base station shall not respond to operating command signals that can activate outputs
intended for control of hazardous operations of the machine until a neutral frame has been
received (i.e. following re-establishment of communication).
When transmission from a remote station is taking place, this shall be indicated on the remote
station (for example, by an indicating light, a visual display indication, etc.).
NOTE It can also be useful to provide a means of indicating when a base station is receiving transmissions from
an associated remote station. For example, an output(s) on the base station can be designated for this purpose,
and/or a confirmation signal can be transmitted to the remote station if bi-directional communication is available.
Where the base station does not provide a designated means of indication, it is important that the information for
use of the CCS includes instructions on how to implement this functionality (for example, using base station stop
outputs).
4.6 Safety-related functions of the CCS
Functions of the CCS that are intended for safety-related applications shall have an
appropriate safety integrity. The requirements of IEC 62061 and/or ISO 13849-1, ISO 13849-2
shall apply.
Upon detection of faults, all relevant safety-related output shall be controlled to OFF-state. In
addition the detection of a fault in the remote station that can lead to the loss of a safety
related function, shall cease the transmission.
NOTE Further information on the design of safety-related aspects of control functions is given in ISO 12100 and
IEC 61508.
4.7 Stop functions of the CCS
4.7.1 General
The CCS shall provide an automatic stop (ATS) function and at least one safety related stop
function that is initiated by a deliberate human action on a control device provided specifically
for that purpose.
Information about logic of stop functions are given in Annex A.
NOTE In most applications this manually-initiated stop function is either a GSS or EMS (see 4.7.3).
4.7.2 Safety-related stop functions of a CCS
Each safety-related stop function of a CCS shall initiate an OFF-state of the relevant stop
output(s) at the base station.
Each safety-related stop function of a CCS shall have a safety integrity of at least SIL1/PLc.
In addition, a single fault in any part of the CCS shall not lead to the loss of any safety-related
stop function, and whenever reasonably practicable, the single fault shall be detected at or
before the next demand on the safety-related stop function.

IEC 62745:2017 © IEC 2017 – 15 –
4.7.3 Classification of stop functions
4.7.3.1 General
Stop functions of a CCS are classified as:
• control stop;
• general safe stop (GSS);
• emergency stop (EMS);
• automatic stop (ATS).
Table 3 describes the characteristics of the different stop functions.
Table 3 – Overview of stop functions of the CCS
Safety- Availability Control actuator
Type of stop
Effect on
Function Clause related &
CCS
(see Fig.2)
Type Colour
function operability
Control stop 4.7.3.2 Either Active, Defined state Operational See Black
of (a) stop when the IEC 60204-1
passive, White
output(s), or CCS is in
of another control of the
or Grey
output machine
active
associated
followed by with release
passive of a hold-to-
run control
actuator
or, if safety-
related:
OFF-state of
all safety-
related stop
output(s)
General safe 4.7.3.3 Yes Active, OFF-state of Operational See 4.7.3.3 Black
stop passive, or all safety- when the (preferred) or
active related stop CCS is in red. Red shall
(GSS)
followed by output(s) control of the not have a
passive machine yellow
background
Emergency 4.7.3.4 Operational Device that Red with a
stop at all times complies with yellow
IEC 60947-5-5 background
(EMS)
Automatic 4.7.3.5 Operational Not Not applicable
stop when the
applicable
CCS is in
(ATS)
control of the
machine
4.7.3.2 Control stop function
A control stop function is always initiated manually by the operator and is available only when
the CCS is in control of the machine.
A control stop function shall be designed in accordance with IEC 60204-1:2005, 9.2.5.3.
NOTE A control stop function can be initiated by releasing a hold-to-run control actuator or by an enabling device
that is not in the run position.
4.7.3.3 General safe stop (GSS) function
The GSS function of a CCS is a safety-related control function.

– 16 – IEC 62745:2017 © IEC 2017
Where the GSS function is provided on a CCS, the remote station shall include a separate
and clearly identifiable means of manually initiating this function, which shall result in an OFF-
state of all safety-related stop output(s) at the base station. See Table 3.
The device that initiates the GSS function shall have direct opening action (see IEC 60947-5-
1:2003, Annex K).
When active operation of the actuator has ceased following initiation of the GSS function, the
effect of the command shall be sustained by engagement of the device until it is disengaged by
a manual action at the remote station. It shall not be possible to generate the stop command
without latching the actuator, and latching of the actuator shall not occur without generation of
the stop command. In case of failure of the latching mechanism, actuation of the device shall
generate a stop command regardless of the latching of the actuator.
When active operation of the control actuator has ceased following initiation of the GSS
function, the effect of the command shall be sustained by engagement of the device until it is
disengaged by an intentional manual action at the remote station.
NOTE 1 The signal produced by the GSS function is intended to be used to initiate either a stop category 0 or a
stop category 1 of the machine in accordance with IEC 60204-1, as determined by the risk assessment.
NOTE 2 Some CCSs perform the GSS function by transmitting a stop command before ceasing transmission (i.e.
an active stop), whereas others only cease transmission (i.e. a passive stop). An active stop can deliver a quicker
stop command to the machine’s control system, because the time delay associated with recognising the loss of a
valid signal before initiating an automatic stop command is absent.
4.7.3.4 Emergency stop (EMS) function
A CCS that provides an EMS function shall comply with the requirements of 4.7.2, 4.7.3.3 and
the following additional requirements (see also Table 3):
a) the actuator shall be marked and/or labelled as an emergency stop device (see
IEC 60204-1:2005, 10.7.3 and shall conform to IEC 60947-5-5;
b) the function shall be available and operational at all times;
c) the initiation of EMS function shall result in an OFF-state of all safety-related stop
output(s) at the base station;
d) relevant requirements of ISO 13850 are satisfied;
e) the information for use (see Clause 6) shall instruct the system integrator who
incorporates the CCS into the machine control system to ensure that the requirements of
this clause are complied with;
f) in the case of multiple remote stations that are concurrently communicating with a base
station, the disabling of a remote station (unavailability of the EMS function of the
disabled remote station) initiates an automatic stop (ATS) function.
NOTE It can be useful to provide an indication on the remote station that the emergency stop is available and
operational, where bi-directional communication facilitates this.
4.7.3.5 Automatic stop (ATS) function
The ATS function of the CCS shall initiate an OFF-state of all safety-related stop output(s) at
the base station, so as to prevent hazardous operation(s) of the machine. See Table 3.
NOTE 1 The stop outputs affected by the ATS function can be the same as those that are switched to the OFF-
state by the GSS function and/or the EMS function.
The ATS function of a CCS is a safety-related control function. The ATS function shall have a
safety integrity that is not less than the highest safety integrity of any other safety-related stop
functions provided by the CCS.
The ATS function of the CCS shall be automatically initiated under conditions that include, but
are not limited to:
IEC 62745:2017 © IEC 2017 – 17 –
• when a fault in a safety-related part of the CCS is detected;
• when no valid signal has been detected at a base station (and where necessary in
accordance with risk assessment at a remote station in a CCS with bi-directional
communication) within a time period declared by the CCS manufacturer. This time period
shall be determined by a risk assessment at the machine, but should not exceed 0,5 s;
• when transmission ceases (see 4.9).
NOTE 2 Potential consequences of loss of ability to control the machine during this time period and the effect on
the overall machine stopping time can be considered by the machine control system designer or manufacturer.
4.8 Reset
Reset after a GSS or EMS initiated at a remote station shall require a deliberate action at that
remote station (and at every remote station where the safety-related stop has been initiated)
before base station outputs that are intended for control of hazardous operations of the
machine can be activated.
If the disengagement of the latched GSS or EMS device results in communication re-
establishment, an additional manual reset action at the remote station can be necessary.
NOTE Depending on the risk assessment, in addition to the reset action(s) at the remote station, it can be
opportune to consider the addition of one or more supplementary fixed reset devices (e.g. pushbuttons) at
location(s) from which the hazard zone(s) can be seen to be clear of persons.
Particular consideration is necessary when the remote station is mobile or portable.
I
...