IEC 62745:2017
(Main)Safety of machinery - Requirements for cableless control systems of machinery
Safety of machinery - Requirements for cableless control systems of machinery
IEC 62745:2017 specifies requirements for the functionality and interfacing of cableless (for example, radio, infra-red) control systems that provide communication between operator control station(s) and the control system of a machine. Specific requirements are included for such operator control stations that are portable by the operator.
Sécurité des machines - Exigences pour les systèmes de commande sans fil des machines
IEC 62745:2017 spécifie les exigences de fonctionnalité d'un système de commande sans fil, qu'il soit interfacé avec ou qu'il fasse partie intégrante d'un système de commande de machine destiné à être utilisé comme poste de commande opérateur sur une machine.
General Information
Standards Content (Sample)
IEC 62745 ®
Edition 1.0 2017-03
INTERNATIONAL
STANDARD
colour
inside
Safety of machinery – Requirements for cableless control systems of machinery
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.
IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé Fax: +41 22 919 03 00
CH-1211 Geneva 20 info@iec.ch
Switzerland www.iec.ch
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.
About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.
IEC Catalogue - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
The stand-alone application for consulting the entire The world's leading online dictionary of electronic and
bibliographical information on IEC International Standards, electrical terms containing 20 000 terms and definitions in
Technical Specifications, Technical Reports and other English and French, with equivalent terms in 16 additional
documents. Available for PC, Mac OS, Android Tablets and languages. Also known as the International Electrotechnical
iPad. Vocabulary (IEV) online.
IEC publications search - www.iec.ch/searchpub IEC Glossary - std.iec.ch/glossary
The advanced search enables to find IEC publications by a 65 000 electrotechnical terminology entries in English and
variety of criteria (reference number, text, technical French extracted from the Terms and Definitions clause of
committee,…). It also gives information on projects, replaced IEC publications issued since 2002. Some entries have been
and withdrawn publications. collected from earlier publications of IEC TC 37, 77, 86 and
CISPR.
IEC Just Published - webstore.iec.ch/justpublished
Stay up to date on all new IEC publications. Just Published IEC Customer Service Centre - webstore.iec.ch/csc
details all new publications released. Available online and If you wish to give us your feedback on this publication or
also once a month by email. need further assistance, please contact the Customer Service
Centre: csc@iec.ch.
IEC 62745 ®
Edition 1.0 2017-03
INTERNATIONAL
STANDARD
colour
inside
Safety of machinery – Requirements for cableless control systems of machinery
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 13.110; 29.020; 35.100.01 ISBN 978-2-8322-4013-7
– 2 – IEC 62745:2017 © IEC 2017
CONTENTS
FOREWORD . 4
INTRODUCTION . 6
1 Scope . 7
2 Normative references . 7
3 Terms, definitions and abbreviations . 8
4 Functional requirements . 11
4.1 General . 11
4.2 Operational preventions . 12
4.2.1 Prevention of inadvertent actuation . 12
4.2.2 Prevention of unauthorised operation . 12
4.2.3 Prevention of unintended commands . 12
4.3 Serial data transfer . 13
4.4 Removal of remote station transmission . 13
4.5 Establishment and indication of transmission and communication . 14
4.6 Safety-related functions of the CCS . 14
4.7 Stop functions of the CCS . 14
4.7.1 General . 14
4.7.2 Safety-related stop functions of a CCS . 14
4.7.3 Classification of stop functions . 15
4.8 Reset . 17
4.9 Cessation of transmission from the remote station . 17
4.10 Latching control functions . 17
4.11 Behaviour on loss of supply . 18
4.12 Multiple remote stations . 18
4.13 Multiple base stations . 18
4.14 Suspension of CCS control . 18
4.15 Configurability protection . 19
5 Verification . 19
5.1 General . 19
5.2 Labelling and markings . 19
5.3 Documentation . 19
5.4 Functional verifications . 19
6 Information for use . 22
6.1 General . 22
6.2 Information to be provided . 22
7 Labelling and markings . 24
Annex A (informative) Logic of stop functions . 25
Bibliography . 27
Figure 1 – Block diagram example of a cableless control system and its interaction with
the machine control system . 12
Figure A.1 – Logic for stop functions . 25
Table 1 – Alphabetical list of definitions . 8
Table 2 – Abbreviations . 8
Table 3 – Overview of stop functions of the CCS . 15
Table 4 – Verification of functional requirements . 21
Table 5 – List of possible verifications to be required to the system integrator . 24
– 4 – IEC 62745:2017 © IEC 2017
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
SAFETY OF MACHINERY – REQUIREMENTS FOR
CABLELESS CONTROL SYSTEMS OF MACHINERY
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 62745 has been prepared by IEC technical committee 44: Safety
of machinery – Electrotechnical aspects.
The text of this standard is based on the following documents:
FDIS Report on voting
44/783/FDIS 44/785/RVD
Full information on the voting for the approval of this International Standard can be found in
the report on voting indicated in the above table.
This document has been drafted in accordance with the ISO/IEC Directives, Part 2.
The committee has decided that the contents of this document will remain unchanged until the
stability date indicated on the IEC website under "http://webstore.iec.ch" in the data related to
the specific document. At this date, the document will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
A bilingual version of this publication may be issued at a later date.
IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.
– 6 – IEC 62745:2017 © IEC 2017
INTRODUCTION
Cableless control systems (CCS) are increasingly being used to provide an operator interface
on a wide range of machinery. The functionality of a CCS and the way in which it interfaces
with the overall machine control system can therefore affect the safety of the machinery.
IEC 62745 specifies requirements for the functionality of a CCS that is interfaced with or is
part of a machine control system for use as an operator control station on a machine.
The extent to which the functionality of a CCS is relied upon to minimise risk on a machine is
a key selection criterion. It is therefore important to select a CCS that provides suitable
control functions with an appropriate safety integrity in accordance with the risk assessment
at the machine.
In some particular applications, the requirements for a CCS can exceed those specified in this
document.
SAFETY OF MACHINERY – REQUIREMENTS FOR
CABLELESS CONTROL SYSTEMS OF MACHINERY
1 Scope
This standard specifies requirements for the functionality and interfacing of cableless (for
example, radio, infra-red) control systems that provide communication between operator
control station(s) and the control system of a machine. Specific requirements are included for
such operator control stations that are portable by the operator.
NOTE The part of the cableless control system that is used as an operator control station is sometimes referred
to as the ‘transmitter’ and the part that interfaces with the machine control system is sometimes referred to as the
‘receiver’. However, to take account of the possibility of bi-directional communication, this standard refers to these
individual parts as the ‘remote station’ and the ‘base station’ respectively.
This document does not deal with cableless communication between parts of a machine(s)
that are not operator control stations.
This document is not intended to specify all of the requirements that are necessary for the
design and construction of a cableless control system. For example, it does not specify
communication protocols, frequency or bandwidth aspects, nor the full range of constructional
requirements such as impact resistance, ingress protection, electromagnetic compatibility,
etc.
The provisions of this document are intended to be applied in addition to the requirements for
electrical equipment in the IEC 60204-1.
This document is a type-B2 standard as stated in ISO 12100.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their
content constitutes requirements of this document. For dated references, only the edition
cited applies. For undated references, the latest edition of the referenced document (including
any amendments) applies.
IEC 60068-2-31:2008, Environmental testing – Part 2-31: Tests – Test Ec – Rough handling
shocks, primarily for equipment-type specimens
IEC 60204-1:2005, Safety of machinery – Electrical equipment of machines – Part 1: General
requirements
IEC 60947-5-1:2016, Low-voltage switchgear and controlgear – Part 5-1: Control circuit
devices and switching elements – Electromechanical control circuit devices
IEC 60947-5-5, Low-voltage switchgear and controlgear – Part 5-5: Control circuit devices
and switching elements – Electrical emergency stop device with mechanical latching function
IEC 62061, Safety of machinery – Functional safety of safety-related electrical, electronic and
programmable electronic control systems
ISO 13849-1, Safety of machinery – Safety-related parts of control systems – Part 1: General
principles for design
– 8 – IEC 62745:2017 © IEC 2017
ISO 13849-2, Safety of machinery – Safety-related parts of control systems – Part 2:
Validation
ISO 13850, Safety of machinery – Emergency stop function– Principles for design
3 Terms, definitions and abbreviations
For the purposes of this document, the following terms and definitions apply.
For an alphabetical list of definitions, see Table 1.
For list of abbreviations see Table 2.
Table 1 – Alphabetical list of definitions
Term Definition number
active stop 3.17
address code 3.7
automatic stop (ATS) 3.19
base station 3.13
cableless control 3.1
cableless control system (CCS) 3.2
disabling of a remote station 3.22
error detection code 3.9
frame 3.6
Hamming distance 3.11
manual stop 3.20
neutral frame 3.10
OFF-state 3.15
operating command signal 3.8
operator control station 3.5
passive stop 3.18
receiver 3.3
remote station 3.12
safety-related stop function 3.16
stop output 3.14
transmitter 3.4
valid signal 3.21
Table 2 – Abbreviations
Term Abbreviation
automatic stop (4.7.3.5) ATS
cableless control system (3.2) CCS
emergency stop (4.7.3.4) EMS
general safe stop (4.7.3.3) GSS
3.1
cableless control
transmission of the machine operator's commands without any wired connection
3.2
cableless control system
CCS
system consisting of at least one remote station and one base station, which uses cableless
control to transmit commands between them
3.3
receiver
part of a cableless control system which receives frames from a transmitter
3.4
transmitter
part of a cableless control system which sends frames to a receiver
3.5
operator control station
assembly of one or more control actuators (part of a device to which an external manual
action is to be applied) fixed on the same panel or located in the same enclosure
Note 1 to entry: An operator control station can also contain related equipment, for example, potentiometers,
signal lamps, instruments, display devices, etc.
3.6
frame
“package” of information exchanged between a remote station and a base station, and
consisting of, for example:
a) address code;
b) operating commands;
c) error detection code;
d) other commands, signals or information
Note 1 to entry: A “frame” is sometimes referred to as a “telegram” or “message”.
3.7
address code
part of a frame that enables a base station or a remote station to recognise frames that are
intended to convey commands to it
Note 1 to entry: The base station or remote station respond to commands that are recognised as having the
relevant address code.
3.8
operating command signal
control signal that is intended to initiate, modify or maintain a machine function
3.9
error detection code
additional information added to each frame to enable the detection of transmission errors
3.10
neutral frame
frame in which all operating command signals are in a state such that when it is received at
the base station it does not activate any outputs intended for control of hazardous operations
of the machine
– 10 – IEC 62745:2017 © IEC 2017
Note 1 to entry: Neutral frames can be used to maintain communication (i.e. a valid signal) between a transmitter
and receiver, for example to preclude automatic initiation of the stop function at a machine.
Note 2 to entry: Neutral frame transmission is intended to prevent hazardous operations of the machine resulting
from establishment or re-establishment of communication.
Note 3 to entry: Neutral frames can contain data, for example parameterisation data, and commands that are not
intended to cause hazardous operations of the machine.
3.11
Hamming distance
number of bit positions in which two frames of the same length differ from each other
3.12
remote station
part of a cableless control system via which an operator interfaces with the cableless control
system
Note 1 to entry: The remote station of a cableless control system is sometimes referred to as a “transmitter”, but
a remote station that is part of a bi-directional cableless control system will incorporate both a transmitter and a
receiver.
Note 2 to entry: The remote station forms the operator control station of a cableless control system.
Note 3 to entry: The remote station can be portable (by the operator), mobile (e.g. installed separately from the
machine on a vehicle or trolley) or fixed (e.g. installed on or near to the machine).
3.13
base station
part of the cableless control system that interfaces with the machine control system
Note 1 to entry: The base station of a cableless control system is sometimes referred to as a “receiver”, but a
base station that is part of a bi-directional cableless control system will incorporate both a receiver and a
transmitter.
Note 2 to entry: The base station may be installed on static or mobile machinery.
Note 3 to entry: The base station is not necessarily a discrete physical entity, but it includes all of the
components that fulfill the requirements specified in this standard for the base station.
3.14
stop output
output circuit of the base station that interfaces with the control system of the machine to
initiate a stop function
Note 1 to entry: Stop outputs can be safety-related or non-safety-related. See also Table 3.
Note 2 to entry: Interfaces to field bus part of a CCS base station can also be considered as an output circuit.
3.15
OFF-state
state of safety-related stop output(s) of the base station, which is intended to be used to
initiate one or more stop functions of a machine
3.16
safety-related stop function
stop function provided by the CCS that results in an OFF-state and whose failure can result in
an immediate increase of the risk(s)
3.17
active stop
stop resulting from transmission of a stop signal from the remote station to the base station
3.18
passive stop
safety-related stop resulting from absence of a valid signal at the base station
Note 1 to entry: A passive stop can be initiated by, for example, an out of range condition, battery failure,
electromagnetic interference.
3.19
automatic stop
safety-related stop initiated without manual actuation of a device by an operator
3.20
manual stop
stop initiated by actuation of a device by an operator
3.21
valid signal
any received frame, including a neutral frame, that is accepted by the error checking routines
of the receiver and contains the relevant address code for the receiver
3.22
disabling of a remote station
deliberate operation that renders a remote station incapable of sending signals to the base
station
4 Functional requirements
4.1 General
Figure 1 illustrates an example of the main elements of a CCS and its interaction with the
machine control system.
– 12 – IEC 62745:2017 © IEC 2017
Machine control system
Operator control stations (3.5)
Cableless control system (3.2)
Remote station (3.12)
Wired Wired
pendant control
Transmitter Receiver
controller(s) station(s)
(3.4) (3.3)
Transmitter
Receiver
(3.3) (3.4)
Control circuits
Base station (3.13)
Wired signals
Wireless signals
IEC
Figure 1 – Block diagram example of a cableless control system
and its interaction with the machine control system
NOTE The references to IEC 60204-1 in this standard could have corresponding requirements in other relevant
parts of IEC 60204 series.
4.2 Operational preventions
4.2.1 Prevention of inadvertent actuation
The remote station and its control actuators shall be designed and arranged so as to minimise
the possibility of inadvertent actuation (for example, caused by dropping to the floor or striking
an obstruction, failure of electronics) generating an unintended hazardous command.
4.2.2 Prevention of unauthorised operation
Where prevention of unauthorised operation of the CCS is required, remote stations shall be
provided with means to prevent unauthorised use (for example, key-operated switch, access
code).
4.2.3 Prevention of unintended commands
Measures shall be taken to ensure that operating command signals:
• affect only the intended base station or remote station (for example, using address code);
• initiate only the intended functions in that base station or remote station.
Such measures shall be resistant to accidental or unintentional change.
Upon detection of malfunction or faults, all relevant safety-related output shall be controlled to
OFF-state with an appropriate safety integrity.
Where hardware switches (for example, DIP) are used for device addressing, additional
measures such as parity checking may be necessary to fulfil the requirements in case of a
fault.
NOTE Typical methods include factory-set coding, which are more robust than user-configurable methods
because they cannot be defeated (either intentionally or inadvertently) by the user.
4.3 Serial data transfer
The serial data transfer shall satisfy one of the following requirements:
• means shall be provided that ensure the probability of an erroneous frame being received
-8 -3
undetected, R(P ), is less than 1 × 10 , given an input bit error probability of P = 10 , if
e e
no better input bit error probability can be proven, or
• the Hamming distance shall be either 4 or the total number of bits in a frame divided by
20, whichever is greater.
-3
NOTE 1 An input bit error probability of P = 10 can be assumed as typical estimate for a wireless channel
e
disturbed by Additive White Gaussian Noise (AWGN) and electromagnetic interference (EMI).
NOTE 2 IEC 60870-5-1 defines a set of possible transmission frame formats.
NOTE 3 Increasing the reliability of serial data transmission only reduces the possibility of errors than can be
occurring in the transmission media.
In addition for safety-related functions of a CCS the residual error probability Λ of undetected
error per hour shall be less than 1 % of the specified PFHD value for the respective function
of the CCS. Residual probability of undetected error per hour Λ shall be calculated by:
Λ(P ) = R(P ) × ν × b [1/h]
e e
where:
Λ(P ): residual probability of undetected error per hour in relation to the input bit error
e
probability
R(P ): residual probability of undetected error per frame in relation to the input bit error
e
probability
P : input error probability. If no better input bit error probability can be proven,
e
-3
P = 1 × 10 applies
e
ν: maximum number of safety-related messages per hour
b: maximum number of listening base stations
NOTE 4 For a definition of PFH see IEC 62061 or ISO 13849-1.
D
NOTE 5 Λ(P ) calculation is based on IEC 61784-3; this approach is valid for cyclic transmission of safety-related
e
messages.
NOTE 6 When using CRC as hash-function, Equation (B.3) or (B.4) from IEC 61784-3:2016 can be applied in
-3
order to determine R(P ) with an input bit error probability of P = 1 × 10 .
e e
The CCS can be equipped with indicator of transmission reliability.
NOTE 7 It is not necessary to provide a separate warning indicator for each condition that can affect transmission
reliability.
4.4 Removal of remote station transmission
Means shall be provided to readily stop transmission from the remote station. This shall be
achieved by one or more of the following:
• a device that interrupts the power supply of transmission for the remote station, where
such a device shall have direct opening action (see IEC 60947-5-1:2016, Annex K), or
• removal of the battery without the use of a tool, or
– 14 – IEC 62745:2017 © IEC 2017
• a dedicated transmission removal function in accordance with IEC 61508, IEC 62061 or
ISO 13849-1 and ISO 13849-2, with an integrity in accordance with 4.7.2.
NOTE A passive stop will result from the removal of transmission power.
4.5 Establishment and indication of transmission and communication
Power up of the remote station or re-establishment of communication (for example, after
power supply interruption, remote station battery replacement, lost signal condition) shall not
activate any output that is intended for control of hazardous operations of the machine.
Initiation or re-initiation of such operations shall require a deliberate action (for example,
releasing a control actuator from its energised position and then pressing it again).
The base station shall not respond to operating command signals that can activate outputs
intended for control of hazardous operations of the machine until a neutral frame has been
received (i.e. following re-establishment of communication).
When transmission from a remote station is taking place, this shall be indicated on the remote
station (for example, by an indicating light, a visual display indication, etc.).
NOTE It can also be useful to provide a means of indicating when a base station is receiving transmissions from
an associated remote station. For example, an output(s) on the base station can be designated for this purpose,
and/or a confirmation signal can be transmitted to the remote station if bi-directional communication is available.
Where the base station does not provide a designated means of indication, it is important that the information for
use of the CCS includes instructions on how to implement this functionality (for example, using base station stop
outputs).
4.6 Safety-related functions of the CCS
Functions of the CCS that are intended for safety-related applications shall have an
appropriate safety integrity. The requirements of IEC 62061 and/or ISO 13849-1, ISO 13849-2
shall apply.
Upon detection of faults, all relevant safety-related output shall be controlled to OFF-state. In
addition the detection of a fault in the remote station that can lead to the loss of a safety
related function, shall cease the
...
IEC 62745 ®
Edition 1.0 2017-03
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Safety of machinery – Requirements for cableless control systems of machinery
Sécurité des machines – Exigences pour les systèmes de commande sans fil
des machines
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.
Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite
ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie
et les microfilms, sans l'accord écrit de l'IEC ou du Comité national de l'IEC du pays du demandeur. Si vous avez des
questions sur le copyright de l'IEC ou si vous désirez obtenir des droits supplémentaires sur cette publication, utilisez
les coordonnées ci-après ou contactez le Comité national de l'IEC de votre pays de résidence.
IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé Fax: +41 22 919 03 00
CH-1211 Geneva 20 info@iec.ch
Switzerland www.iec.ch
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.
About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.
IEC Catalogue - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
The stand-alone application for consulting the entire The world's leading online dictionary of electronic and
bibliographical information on IEC International Standards, electrical terms containing 20 000 terms and definitions in
Technical Specifications, Technical Reports and other English and French, with equivalent terms in 16 additional
documents. Available for PC, Mac OS, Android Tablets and languages. Also known as the International Electrotechnical
iPad. Vocabulary (IEV) online.
IEC publications search - www.iec.ch/searchpub IEC Glossary - std.iec.ch/glossary
The advanced search enables to find IEC publications by a 65 000 electrotechnical terminology entries in English and
variety of criteria (reference number, text, technical French extracted from the Terms and Definitions clause of
committee,…). It also gives information on projects, replaced IEC publications issued since 2002. Some entries have been
and withdrawn publications. collected from earlier publications of IEC TC 37, 77, 86 and
CISPR.
IEC Just Published - webstore.iec.ch/justpublished
Stay up to date on all new IEC publications. Just Published IEC Customer Service Centre - webstore.iec.ch/csc
details all new publications released. Available online and If you wish to give us your feedback on this publication or
also once a month by email. need further assistance, please contact the Customer Service
Centre: csc@iec.ch.
A propos de l'IEC
La Commission Electrotechnique Internationale (IEC) est la première organisation mondiale qui élabore et publie des
Normes internationales pour tout ce qui a trait à l'électricité, à l'électronique et aux technologies apparentées.
A propos des publications IEC
Le contenu technique des publications IEC est constamment revu. Veuillez vous assurer que vous possédez l’édition la
plus récente, un corrigendum ou amendement peut avoir été publié.
Catalogue IEC - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
Application autonome pour consulter tous les renseignements
Le premier dictionnaire en ligne de termes électroniques et
bibliographiques sur les Normes internationales,
électriques. Il contient 20 000 termes et définitions en anglais
Spécifications techniques, Rapports techniques et autres
et en français, ainsi que les termes équivalents dans 16
documents de l'IEC. Disponible pour PC, Mac OS, tablettes
langues additionnelles. Egalement appelé Vocabulaire
Android et iPad.
Electrotechnique International (IEV) en ligne.
Recherche de publications IEC - www.iec.ch/searchpub
Glossaire IEC - std.iec.ch/glossary
65 000 entrées terminologiques électrotechniques, en anglais
La recherche avancée permet de trouver des publications IEC
en utilisant différents critères (numéro de référence, texte, et en français, extraites des articles Termes et Définitions des
comité d’études,…). Elle donne aussi des informations sur les publications IEC parues depuis 2002. Plus certaines entrées
projets et les publications remplacées ou retirées. antérieures extraites des publications des CE 37, 77, 86 et
CISPR de l'IEC.
IEC Just Published - webstore.iec.ch/justpublished
Service Clients - webstore.iec.ch/csc
Restez informé sur les nouvelles publications IEC. Just
Published détaille les nouvelles publications parues. Si vous désirez nous donner des commentaires sur cette
Disponible en ligne et aussi une fois par mois par email. publication ou si vous avez des questions contactez-nous:
csc@iec.ch.
IEC 62745 ®
Edition 1.0 2017-03
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Safety of machinery – Requirements for cableless control systems of machinery
Sécurité des machines – Exigences pour les systèmes de commande sans fil
des machines
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 13.110; 29.020; 35.100.01 ISBN 978-2-8322-5153-9
– 2 – IEC 62745:2017 © IEC 2017
CONTENTS
FOREWORD . 4
INTRODUCTION . 6
1 Scope . 7
2 Normative references . 7
3 Terms, definitions and abbreviations . 8
4 Functional requirements . 11
4.1 General . 11
4.2 Operational preventions . 12
4.2.1 Prevention of inadvertent actuation . 12
4.2.2 Prevention of unauthorised operation . 12
4.2.3 Prevention of unintended commands . 12
4.3 Serial data transfer . 13
4.4 Removal of remote station transmission . 13
4.5 Establishment and indication of transmission and communication . 14
4.6 Safety-related functions of the CCS . 14
4.7 Stop functions of the CCS . 14
4.7.1 General . 14
4.7.2 Safety-related stop functions of a CCS . 14
4.7.3 Classification of stop functions . 15
4.8 Reset . 17
4.9 Cessation of transmission from the remote station . 17
4.10 Latching control functions . 18
4.11 Behaviour on loss of supply . 18
4.12 Multiple remote stations . 18
4.13 Multiple base stations . 18
4.14 Suspension of CCS control . 19
4.15 Configurability protection . 19
5 Verification . 19
5.1 General . 19
5.2 Labelling and markings . 19
5.3 Documentation . 20
5.4 Functional verifications . 20
6 Information for use . 22
6.1 General . 22
6.2 Information to be provided . 22
7 Labelling and markings . 24
Annex A (informative) Logic of stop functions . 25
Bibliography . 27
Figure 1 – Block diagram example of a cableless control system and its interaction with
the machine control system . 12
Figure A.1 – Logic for stop functions . 25
Table 1 – Alphabetical list of definitions . 8
Table 2 – Abbreviations . 8
Table 3 – Overview of stop functions of the CCS . 15
Table 4 – Verification of functional requirements . 21
Table 5 – List of possible verifications to be required to the system integrator . 24
– 4 – IEC 62745:2017 © IEC 2017
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
SAFETY OF MACHINERY – REQUIREMENTS FOR
CABLELESS CONTROL SYSTEMS OF MACHINERY
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 62745 has been prepared by IEC technical committee 44: Safety
of machinery – Electrotechnical aspects.
This bilingual version (2018-01) corresponds to the monolingual English version, published in
2017-03.
The text of this standard is based on the following documents:
FDIS Report on voting
44/783/FDIS 44/785/RVD
Full information on the voting for the approval of this International Standard can be found in
the report on voting indicated in the above table.
The French version of this standard has not been voted upon.
This document has been drafted in accordance with the ISO/IEC Directives, Part 2.
The committee has decided that the contents of this document will remain unchanged until the
stability date indicated on the IEC website under "http://webstore.iec.ch" in the data related to
the specific document. At this date, the document will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.
– 6 – IEC 62745:2017 © IEC 2017
INTRODUCTION
Cableless control systems (CCS) are increasingly being used to provide an operator interface
on a wide range of machinery. The functionality of a CCS and the way in which it interfaces
with the overall machine control system can therefore affect the safety of the machinery.
IEC 62745 specifies requirements for the functionality of a CCS that is interfaced with or is
part of a machine control system for use as an operator control station on a machine.
The extent to which the functionality of a CCS is relied upon to minimise risk on a machine is
a key selection criterion. It is therefore important to select a CCS that provides suitable
control functions with an appropriate safety integrity in accordance with the risk assessment
at the machine.
In some particular applications, the requirements for a CCS can exceed those specified in this
document.
SAFETY OF MACHINERY – REQUIREMENTS FOR
CABLELESS CONTROL SYSTEMS OF MACHINERY
1 Scope
This standard specifies requirements for the functionality and interfacing of cableless (for
example, radio, infra-red) control systems that provide communication between operator
control station(s) and the control system of a machine. Specific requirements are included for
such operator control stations that are portable by the operator.
NOTE The part of the cableless control system that is used as an operator control station is sometimes referred
to as the ‘transmitter’ and the part that interfaces with the machine control system is sometimes referred to as the
‘receiver’. However, to take account of the possibility of bi-directional communication, this standard refers to these
individual parts as the ‘remote station’ and the ‘base station’ respectively.
This document does not deal with cableless communication between parts of a machine(s)
that are not operator control stations.
This document is not intended to specify all of the requirements that are necessary for the
design and construction of a cableless control system. For example, it does not specify
communication protocols, frequency or bandwidth aspects, nor the full range of constructional
requirements such as impact resistance, ingress protection, electromagnetic compatibility,
etc.
The provisions of this document are intended to be applied in addition to the requirements for
electrical equipment in the IEC 60204-1.
This document is a type-B2 standard as stated in ISO 12100.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their
content constitutes requirements of this document. For dated references, only the edition
cited applies. For undated references, the latest edition of the referenced document (including
any amendments) applies.
IEC 60068-2-31:2008, Environmental testing – Part 2-31: Tests – Test Ec – Rough handling
shocks, primarily for equipment-type specimens
IEC 60204-1:2005, Safety of machinery – Electrical equipment of machines – Part 1: General
requirements
IEC 60947-5-1:2016, Low-voltage switchgear and controlgear – Part 5-1: Control circuit
devices and switching elements – Electromechanical control circuit devices
IEC 60947-5-5, Low-voltage switchgear and controlgear – Part 5-5: Control circuit devices
and switching elements – Electrical emergency stop device with mechanical latching function
IEC 62061, Safety of machinery – Functional safety of safety-related electrical, electronic and
programmable electronic control systems
ISO 13849-1, Safety of machinery – Safety-related parts of control systems – Part 1: General
principles for design
– 8 – IEC 62745:2017 © IEC 2017
ISO 13849-2, Safety of machinery – Safety-related parts of control systems – Part 2:
Validation
ISO 13850, Safety of machinery – Emergency stop function– Principles for design
3 Terms, definitions and abbreviations
For the purposes of this document, the following terms and definitions apply.
For an alphabetical list of definitions, see Table 1.
For list of abbreviations see Table 2.
Table 1 – Alphabetical list of definitions
Term Definition number
active stop 3.17
address code 3.7
automatic stop (ATS) 3.19
base station 3.13
cableless control 3.1
cableless control system (CCS) 3.2
disabling of a remote station 3.22
error detection code 3.9
frame 3.6
Hamming distance 3.11
manual stop 3.20
neutral frame 3.10
OFF-state 3.15
operating command signal 3.8
operator control station 3.5
passive stop 3.18
receiver 3.3
remote station 3.12
safety-related stop function 3.16
stop output 3.14
transmitter 3.4
valid signal 3.21
Table 2 – Abbreviations
Term Abbreviation
automatic stop (4.7.3.5) ATS
cableless control system (3.2) CCS
emergency stop (4.7.3.4) EMS
general safe stop (4.7.3.3) GSS
3.1
cableless control
transmission of the machine operator's commands without any wired connection
3.2
cableless control system
CCS
system consisting of at least one remote station and one base station, which uses cableless
control to transmit commands between them
3.3
receiver
part of a cableless control system which receives frames from a transmitter
3.4
transmitter
part of a cableless control system which sends frames to a receiver
3.5
operator control station
assembly of one or more control actuators (part of a device to which an external manual
action is to be applied) fixed on the same panel or located in the same enclosure
Note 1 to entry: An operator control station can also contain related equipment, for example, potentiometers,
signal lamps, instruments, display devices, etc.
3.6
frame
“package” of information exchanged between a remote station and a base station, and
consisting of, for example:
a) address code;
b) operating commands;
c) error detection code;
d) other commands, signals or information
Note 1 to entry: A “frame” is sometimes referred to as a “telegram” or “message”.
3.7
address code
part of a frame that enables a base station or a remote station to recognise frames that are
intended to convey commands to it
Note 1 to entry: The base station or remote station respond to commands that are recognised as having the
relevant address code.
3.8
operating command signal
control signal that is intended to initiate, modify or maintain a machine function
3.9
error detection code
additional information added to each frame to enable the detection of transmission errors
3.10
neutral frame
frame in which all operating command signals are in a state such that when it is received at
the base station it does not activate any outputs intended for control of hazardous operations
of the machine
– 10 – IEC 62745:2017 © IEC 2017
Note 1 to entry: Neutral frames can be used to maintain communication (i.e. a valid signal) between a transmitter
and receiver, for example to preclude automatic initiation of the stop function at a machine.
Note 2 to entry: Neutral frame transmission is intended to prevent hazardous operations of the machine resulting
from establishment or re-establishment of communication.
Note 3 to entry: Neutral frames can contain data, for example parameterisation data, and commands that are not
intended to cause hazardous operations of the machine.
3.11
Hamming distance
number of bit positions in which two frames of the same length differ from each other
3.12
remote station
part of a cableless control system via which an operator interfaces with the cableless control
system
Note 1 to entry: The remote station of a cableless control system is sometimes referred to as a “transmitter”, but
a remote station that is part of a bi-directional cableless control system will incorporate both a transmitter and a
receiver.
Note 2 to entry: The remote station forms the operator control station of a cableless control system.
Note 3 to entry: The remote station can be portable (by the operator), mobile (e.g. installed separately from the
machine on a vehicle or trolley) or fixed (e.g. installed on or near to the machine).
3.13
base station
part of the cableless control system that interfaces with the machine control system
Note 1 to entry: The base station of a cableless control system is sometimes referred to as a “receiver”, but a
base station that is part of a bi-directional cableless control system will incorporate both a receiver and a
transmitter.
Note 2 to entry: The base station may be installed on static or mobile machinery.
Note 3 to entry: The base station is not necessarily a discrete physical entity, but it includes all of the
components that fulfill the requirements specified in this standard for the base station.
3.14
stop output
output circuit of the base station that interfaces with the control system of the machine to
initiate a stop function
Note 1 to entry: Stop outputs can be safety-related or non-safety-related. See also Table 3.
Note 2 to entry: Interfaces to field bus part of a CCS base station can also be considered as an output circuit.
3.15
OFF-state
state of safety-related stop output(s) of the base station, which is intended to be used to
initiate one or more stop functions of a machine
3.16
safety-related stop function
stop function provided by the CCS that results in an OFF-state and whose failure can result in
an immediate increase of the risk(s)
3.17
active stop
stop resulting from transmission of a stop signal from the remote station to the base station
3.18
passive stop
safety-related stop resulting from absence of a valid signal at the base station
Note 1 to entry: A passive stop can be initiated by, for example, an out of range condition, battery failure,
electromagnetic interference.
3.19
automatic stop
safety-related stop initiated without manual actuation of a device by an operator
3.20
manual stop
stop initiated by actuation of a device by an operator
3.21
valid signal
any received frame, including a neutral frame, that is accepted by the error checking routines
of the receiver and contains the relevant address code for the receiver
3.22
disabling of a remote station
deliberate operation that renders a remote station incapable of sending signals to the base
station
4 Functional requirements
4.1 General
Figure 1 illustrates an example of the main elements of a CCS and its interaction with the
machine control system.
– 12 – IEC 62745:2017 © IEC 2017
Machine control system
Operator control stations (3.5)
Cableless control system (3.2)
Remote station (3.12)
Wired Wired
pendant control
Transmitter Receiver
controller(s) station(s)
(3.4) (3.3)
Transmitter
Receiver
(3.3) (3.4)
Control circuits
Base station (3.13)
Wired signals
Wireless signals
IEC
Figure 1 – Block diagram example of a cableless control system
and its interaction with the machine control system
NOTE The references to IEC 60204-1 in this standard could have corresponding requirements in other relevant
parts of IEC 60204 series.
4.2 Operational preventions
4.2.1 Prevention of inadvertent actuation
The remote station and its control actuators shall be designed and arranged so as to minimise
the possibility of inadvertent actuation (for example, caused by dropping to the floor or striking
an obstruction, failure of electronics) generating an unintended hazardous command.
4.2.2 Prevention of unauthorised operation
Where prevention of unauthorised operation of the CCS is required, remote stations shall be
provided with means to prevent unauthorised use (for example, key-operated switch, access
code).
4.2.3 Prevention of unintended commands
Measures shall be taken to ensure that operating command signals:
• affect only the intended base station or remote station (for example, using address code);
• initiate only the intended functions in that base station or remote station.
Such measures shall be resistant to accidental or unintentional change.
Upon detection of malfunction or faults, all relevant safety-related output shall be controlled to
OFF-state with an appropriate safety integrity.
Where hardware switches (for example, DIP) are used for device addressing, additional
measures such as parity checking may be necessary to fulfil the requirements in case of a
fault.
NOTE Typical methods include factory-set coding, which are more robust than user-configurable methods
because they cannot be defeated (either intentionally or inadvertently) by the user.
4.3 Serial data transfer
The serial data transfer shall satisfy one of the following requirements:
• means shall be provided that ensure the probability of an erroneous frame being received
-8 -3
undetected, R(P ), is less than 1 × 10 , given an input bit error probability of P = 10 , if
e e
no better input bit error probability can be proven, or
• the Hamming distance shall be either 4 or the total number of bits in a frame divided by
20, whichever is greater.
-3
NOTE 1 An input bit error probability of P = 10 can be assumed as typical estimate for a wireless channel
e
disturbed by Additive White Gaussian Noise (AWGN) and electromagnetic interference (EMI).
NOTE 2 IEC 60870-5-1 defines a set of possible transmission frame formats.
NOTE 3 Increasing the reliability of serial data transmission only reduces the possibility of errors than can be
occurring in the transmission media.
In addition for safety-related functions of a CCS the residual error probability Λ of undetected
error per hour shall be less than 1 % of the specified PFHD value for the respective function
of the CCS. Residual probability of undetected error per hour Λ shall be calculated by:
Λ(P ) = R(P ) × ν × b [1/h]
e e
where:
Λ(P ): residual probability of undetected error per hour in relation to the input bit error
e
probability
R(P ): residual probability of undetected error per frame in relation to the input bit error
e
probability
P : input error probability. If no better input bit error probability can be proven,
e
-3
P = 1 × 10 applies
e
ν: maximum number of safety-related messages per hour
b: maximum number of listening base stations
NOTE 4 For a definition of PFH see IEC 62061 or ISO 13849-1.
D
NOTE 5 Λ(P ) calculation is based on IEC 61784-3; this approach is valid for cyclic transmission of safety-related
e
messages.
NOTE 6 When using CRC as hash-function, Equation (B.3) or (B.4) from IEC 61784-3:2016 can be applied in
-3
order to determine R(P ) with an input bit error probability of P = 1 × 10 .
e e
The CCS can be equipped with indicator of transmission reliability.
NOTE 7 It is not necessary to provide a separate warning indicator for each condition that can affect transmission
reliability.
4.4 Removal of remote station transmission
Means shall be provided to readily stop transmission from the remote station. This shall be
achieved by one or more of the following:
• a device that interrupts the power supply of transmission for the remote station, where
such a device shall have direct opening action (see IEC 60947-5-1:2016, Annex K), or
• removal of the battery without the use of a tool, or
• a dedicated transmission removal function in accordance with IEC 61508, IEC 62061 or
ISO 13849-1 and ISO 13849-2, with an integrity in accordance with 4.7.2.
NOTE A passive stop will result from the removal of transmission power.
– 14 – IEC 62745:2017 © IEC 2017
4.5 Establishment and indication of transmission and communication
Power up of the remote station or re-establishment of communication (for example, after
power supply interruption, remote station battery replacement, lost signal condition) shall not
activate any output that is intended for control of hazardous operations of the machine.
Initiation or re-initiation of such operations shall require a deliberate action (for example,
releasing a control actuator from its energised position and then pressing it again).
The base station shall not respond to operating command signals that can activate outputs
intended for control of hazardous operations of the machine until a neutral frame has been
received (i.e. following re-establishment of communication).
When transmission from a remote station is taking place, this shall be indicated on the remote
station (for example, by an indicating light, a visual display indication, etc.).
NOTE It can also be useful to provide a means of indicating when a base station is receiving transmissions from
an associated remote station. For example, an output(s) on the base station can be designated for this purpose,
and/or a confirmation signal can be transmitted to the remote station if bi-directional communication is available.
Where the base station does not provide a designated means of indication, it is important that the information for
use of the CCS includes instructions on how to implement this functionality (for example, using base station stop
outputs).
4.6 Safety-related functions of the CCS
Functions of the CCS that are intended for safety-related applications shall have an
appropriate safety integrity. The requirements of IEC 62061 and/or ISO 13849-1, ISO 13849-2
shall apply.
Upon detection of faults, all relevant safety-related output shall be controlled to OFF-state. In
addition the detection of a fault in the remote station that can lead to the loss of a safety
related function, shall cease the transmission.
NOTE Further information on the design of safety-related aspects of control functions is given in ISO 12100 and
IEC 61508.
4.7 Stop functions of the CCS
4.7.1 General
The CCS shall provide an automatic stop (ATS) function and at least one safety related stop
function that is initiated by a deliberate human action on a control device provided specifically
for that purpose.
Information about logic of stop functions are given in Annex A.
NOTE In most applications this manually-initiated stop function is either a GSS or EMS (see 4.7.3).
4.7.2 Safety-related stop functions of a CCS
Each safety-related stop function of a CCS shall initiate an OFF-state of the relevant stop
output(s) at the base station.
Each safety-related stop function of a CCS shall have a safety integrity of at least SIL1/PLc.
In addition, a single fault in any part of the CCS shall not lead to the loss of any safety-related
stop function, and whenever reasonably practicable, the single fault shall be detected at or
before the next demand on the safety-related stop function.
4.7.3 Classification of stop functions
4.7.3.1 General
Stop functions of a CCS are classified as:
• control stop;
• general safe stop (GSS);
• emergency stop (EMS);
• automatic stop (ATS).
Table 3 describes the characteristics of the different stop functions.
Table 3 – Overview of stop functions of the CCS
Safety- Availability Control actuator
Type of stop
Effect on
Function Clause related &
CCS
(see Fig.2)
Type Colour
function operability
Control stop 4.7.3.2 Either Active, Defined state Operational See Black
of (a) stop when the IEC 60204-1
passive, White
output(s), or CCS is in
of another control of the
or Grey
output machine
active
associated
followed by with release
passive of a hold-to-
run control
actuator
or, if safety-
related:
OFF-state of
all safety-
related stop
output(s)
General safe 4.7.3.3 Yes Active, OFF-state of Operational See 4.7.3.3 Black
stop passive, or all safety- when the (preferred) or
active related stop CCS is in red. Red shall
(GSS)
followed by output(s) control of the not have a
passive machine yellow
background
Emergency 4.7.3.4 Operational Device that Red with a
stop at all times complies with yellow
IEC 60947-5-5 background
(EMS)
Automatic 4.7.3.5 Operational Not Not applicable
stop when the
applicable
CCS is in
(ATS)
control of the
machine
4.7.3.2 Control stop function
A control stop function is always initiated manually by the operator and is available only when
the CCS is in control of the machine.
A control stop function shall be designed in accordance with IEC 60204-1:2005, 9.2.5.3.
NOTE A control stop function can be initiated by releasing a hold-to-run control actuator or by an enabling device
that is not in the run position.
– 16 – IEC 62745:2017 © IEC 2017
4.7.3.3 General safe stop (GSS) function
The GSS function of a CCS is a safety-related control function.
Where the GSS function is provided on a CCS, the remote station shall include a separate
and clearly identifiable means of manually initiating this function, which shall result in an OFF-
state of all safety-related stop output(s) at the base station. See Table 3.
The device that initiates the GSS function shall have direct opening action (see IEC 60947-5-
1:2003, Annex K).
When active operation of the actuator has ceased following initiation of the GSS function, the
effect of the command shall be sustained by engagement of the device until it is disengaged by
a manual action at the remote station. It shall not be possible to generate the stop command
without latching the actuator, and latching of the actuator shall not occur without generation of
the stop command. In case of failure of the latching mechanism, actuation of the device shall
generate a stop command regardless of the latching of the actuator.
When active operation of the control actuator has ceased following initiation of the GSS
function, the effect of the command shall be sustained by engagement of the device until it is
disengaged by an intentional manual action at the remote station.
NOTE 1 The signal produced by the GSS function is intended to be used to initiate either a stop category 0 or a
stop category 1 of the machine in accordance with IEC 60204-1, as determined by the risk assessment.
NOTE 2 Some CCSs perform the GSS function by transmitting a stop command before ceasing transmission (i.e.
an active stop), whereas others only cease transmission (i.e. a passive stop). An active stop can deliver a quicker
stop command to the machine’s control system, because the time delay associated with recognising the loss of a
valid signal before initiating an automatic stop command is absent.
4.7.3.4 Emergency stop (EMS) function
A CCS that provides an EMS function shall comply with the requirements of 4.7.2, 4.7.3.3 and
the following additional requirements (see also Table 3):
a) the actuator shall be marked and/or labelled as an emergency stop device (see
IEC 60204-1:2005, 10.7.3 and shall conform to IEC 60947-5-5;
b) the function shall be available and operational at all times;
c) the initiation of EMS function shall result in an OFF-state of all safety-related stop
output(s) at the base station;
d) relevant requirements of ISO 13850 are satisfied;
e) the information for use (see Clause 6) shall instruct the system integrator who
incorporates the CCS into the machine control system to ensure that the requirements of
this clause are complied with;
f) in the case of multiple remote stations that are concurrently communicating with a base
station, the disabling of a remote station (unavailability of the EMS function of the
disabled remote station) initiates an automatic stop (ATS) function.
NOTE It can be useful to provide an indication on the remote station that the emergency stop is available and
operational, where bi-directional communication facilitates this.
4.7.3.5 Automatic stop (ATS) function
The ATS function of the CCS shall initiate an OFF-state of all safety-related stop output(s) at
the base station, so as to prevent hazardous operation(s) of the machine. See Table 3.
NOTE 1 The stop outputs affected by the ATS function can be the same as those that are switched to the OFF-
state by the GSS function and/or the EMS function.
The ATS function of a CCS is a safety-related control function. The ATS function shall have a
safety integrity that is not less than the highest safety integrity of any other safety-related stop
functions provided by the CCS.
The ATS function of the CCS shall be automatically initiated under conditions that include, but
are not limited to:
• when a fault in a safety-related part of the CCS is detected;
• when no valid signal has been detected at a base station (and where necessary in
accordance with risk assessment at a remote station in a CCS with bi-directional
communication) within a time period declared by the CCS manufacturer. This time period
shall be determined by a risk assessment at the machine, but should not exceed 0,5 s;
• when transmission ceases (see 4.9).
NOTE 2 Potential consequences of loss of ability to control the machine during this time period and the effect on
the overall machine stopping time can be considered by the machine control system designer or manufacturer.
4.8 Reset
Reset after a GSS or EMS initiated at a remote station shall require a deliberate action at that
remote station (and at every remote station where the safety-related stop has been initiated)
before base station outputs that are intended for control of hazardous operations of the
machine can be activated.
If the disengagement of the latched GSS or EMS device results in communication re-
establishment, an additional manual reset action at the remote station can be necessary.
NOTE Depending on the risk assessment, in addition to the reset action(s) at the remote station, it can be
opportune to consider the addition of one or more supplementary fixed reset devices (e.g. pushbuttons) at
location(s) from which the hazard zone(s) can be seen to be clear of persons.
Particular consideration is necessary when the remote station is mobile or portable.
Interruption and reconnection of power (at either the remote or base station), or a single fault
in any part of the CCS shall not result in the reset of a previously initiated safety-related stop
function such as a GSS or EMS function.
Reset shall not be possible while a detected fault exists within the CCS.
See also 6.2 q) for information to be provided by manufacturer.
4.9 Cessation of transmission from the remote station
Where the CCS is provided with automatic cessation of transmission, neutral frames shall be
transmitted for a period after operating command signal have ceased. The duration of this
period of neutral frame transmission shall be stated by the CCS manufacturer. The CCS shall
initiate an ATS function at the end of this pre-determined period of neutral frame
transmission.
Where automatic cessation of transmission is not provided, neutral frames shall be
transmitted until the next operating command signal.
NOTE Automatic cessation of transmission with an insufficient period of neutral frame transmission will cause the
stop output (and hence for example, the main contactor of a machine) to go to the OFF-state more freque
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.
Loading comments...