ISO/IEC 15067-5:2026

ISO/IEC 15067-5
Edition 1.0 2026-03
INTERNATIONAL
STANDARD
Information technology - Home Electronic System (HES) application model -
Part 5: A safety framework and guidelines for control and data communication
messages
ICS 35.200; 97.120; 35.240.99  ISBN 978-2-8327-1157-6

ISO/IEC 15067-5: 2026-03(en)
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or
by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either
IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC copyright
or have an enquiry about obtaining additional rights to this publication, please contact the address below or your local
IEC member National Committee for further information.

IEC Secretariat Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigendum or an amendment might have been published.

IEC publications search - IEC Products & Services Portal - products.iec.ch
webstore.iec.ch/advsearchform Discover our powerful search engine and read freely all the
The advanced search enables to find IEC publications by a publications previews, graphical symbols and the glossary. With
variety of criteria (reference number, text, technical a subscription you will always have access to up to date content
committee, …). It also gives information on projects, replaced tailored to your needs.
and withdrawn publications.
Electropedia - www.electropedia.org
The world's leading online dictionary on electrotechnology,
IEC Just Published - webstore.iec.ch/justpublished
Stay up to date on all new IEC publications. Just Published containing more than 22 500 terminological entries in English
details all new publications released. Available online and and French, with equivalent terms in 25 additional languages.
once a month by email. Also known as the International Electrotechnical Vocabulary
(IEV) online.
IEC Customer Service Centre - webstore.iec.ch/csc
If you wish to give us your feedback on this publication or need
further assistance, please contact the Customer Service
Centre: sales@iec.ch.
CONTENTS
FOREWORD . 2
INTRODUCTION . 4
1 Scope . 7
2 Normative references . 7
3 Terms, definitions, and abbreviated terms . 7
3.1 Terms and definitions. 7
3.2 Abbreviated terms . 9
4 Conformance . 9
5 Enhancing safety for users of networked products . 9
5.1 Objectives of safety protection . 9
5.2 Messages creating unsafe conditions . 10
5.3 Sources of unsafe message . 10
5.4 Protection from unsafe messages . 10
5.5 Safety protection benefits . 11
6 General guidelines for product safety . 11
6.1 Combining message and product safety . 11
6.2 Design guidelines for product safety . 12
6.3 Installation guidelines for product safety . 12
7 Mitigating safety risks for networked products . 12
7.1 Screening messages that cause unsafe options . 12
7.2 Message types and risks . 13
7.3 Safety and connectivity . 13
7.3.1 Safety for hcs connectivity . 13
7.3.2 Additional safety features for HES connectivity . 14
7.4 Hazard severity for products . 14
7.5 Factors affecting safety . 15
7.6 Requirements for enhancing safe product operation. 16
Annex A (informative) Examples of unsafe messages . 17
A.1 Unsafe messages . 17
A.2 Cook top . 17
A.3 Lighting . 17
A.4 Robotic cleaner . 17
Bibliography . 18

Table 1 – Factors affecting the operational safety of relatively safe products . 15
Table 2 – Factors affecting the operational safety of relatively unsafe products . 16

Information technology -
Home Electronic System (HES) application model -
Part 5: A safety framework and guidelines for control and data
communication messages
FOREWORD
1) ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission)
form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC
participate in the development of International Standards through technical committees established by the
respective organization to deal with particular fields of technical activity. ISO and IEC technical committees
collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental,
in liaison with ISO and IEC, also take part in the work.
2) The formal decisions or agreements of IEC and ISO on technical matters express, as nearly as possible, an
international consensus of opinion on the relevant subjects since each technical committee has representation
from all interested IEC and ISO National bodies.
3) IEC and ISO documents have the form of recommendations for international use and are accepted by IEC and
ISO National bodies in that sense. While all reasonable efforts are made to ensure that the technical content of
IEC and ISO documents is accurate, IEC and ISO cannot be held responsible for the way in which they are used
or for any misinterpretation by any end user.
4) In order to promote international uniformity, IEC and ISO National bodies undertake to apply IEC and ISO
documents transparently to the maximum extent possible in their national and regional publications. Any
divergence between any IEC and ISO document and the corresponding national or regional publication shall be
clearly indicated in the latter.
5) IEC and ISO do not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC and ISO marks of conformity. IEC and ISO are not
responsible for any services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this document.
7) No liability shall attach to IEC and ISO or their directors, employees, servants or agents including individual
experts and members of its technical committees and IEC and ISO National bodies for any personal injury,
property damage or other damage of any nature whatsoever, whether direct or indirect, or for costs (including
legal fees) and expenses arising out of the publication, use of, or reliance upon, this ISO/IEC document or any
other IEC and ISO documents.
8) Attention is drawn to the Normative references cited in this document. Use of the referenced publications is
indispensable for the correct application of this document.
9) IEC and ISO draw attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). IEC and ISO take no position concerning the evidence, validity or applicability of any claimed patent
rights in respect thereof. As of the date of publication of this document, IEC and ISO had not received notice of
(a) patent(s), which may be required to implement this document. However, implementers are cautioned that this
may not represent the latest information, which may be obtained from the patent database available at
https://patents.iec.ch and www.iso.org/patents. IEC and ISO shall not be held responsible for identifying any or
all such patent rights.
ISO/IEC 15067-5 has been prepared by subcommittee 25: Interconnection of information
technology equipment, of ISO/IEC joint technical committee 1: Information technology. It is an
International Standard.
The text of this International Standard is based on the following documents:
Draft Report on voting
JTC1-SC25/3327/CDV JTC1-SC25/3350A/RVC

Full information on the voting for its approval can be found in the report on voting indicated in
the above table.
The language used for the development of this International Standard is English.
This document was drafted in accordance with ISO/IEC Directives, Part 2, and developed in
accordance with ISO/IEC Directives, Part 1, and the ISO/IEC Directives, JTC 1 Supplement
available at www.iec.ch/members_experts/refdocs and www.iso.org/directives.
A list of all parts in the ISO/IEC 15067 series, published under the general title Information
technology - Home Electronic System (HES) application model, can be found on the IEC and
ISO websites.
INTRODUCTION
Improving safety for consumers using appliances connected to a local area network in a home
or building (called "networked appliances") depends on many factors:
– appliance design;
– appliance installation;
– appliance configuration;
– appliance provisioning of features;
– appliance user interface;
– appliance operation;
– appliance field upgrades;
– appliance maintenance;
– appliance repairs.
A network in a home or apartment is also called a "home control system" (hcs). A home control
system is any generic communications network used for home automation. The HES
communications network specified by the HES series of standards (ISO/IEC 14543 series and
related standards) is a subset of home control systems that conforms to the HES standards.
Thus, all HESs are home control systems, but not all home control systems are HESs.
A "networked appliance" (also called a "networked product") is any appliance that can respond
to some home control system commands. The connection can be as simple as a power switch
interposed between the mains and the power cord of a traditional appliance. This power switch
receives on/off hcs signals to apply or cut power to the appliance. A "smart appliance" has a
data connection to an hcs so it can respond to commands beyond on/off, such as queries and
commands regarding operating modes, sensor readings, actuator states, energy consumption,
etc. The smart appliance connection technology is not specified; it can be wired or wireless
using the Internet Protocol (IP) or non-IP.
This document focuses on the safety aspects of "appliance operation" related to network
communications. It specifies safety enhancements for screening and processing digital
messages intended for networked appliances, especially for remotely operated devices. Such
messages include commands for
– turning an appliance on or off, or
– changing an operation setting such as temperature or speed.
These messages are not related to a specific communications protocol, but can use external
and home area network communication protocols to convey the message contents.
This document was developed in consultation with the working group that wrote IEC 63044-4.
IEC 63044-4 addresses many hazards and electrical safety issues. This document addresses
the following issues that were not included in IEC 63044-4:
– screening out messages that can make the operation of appliances connected to a home
network risky and less safe for consumers;
– enhancements provided by the Home Electronic System (HES) gateway such as data
security and extensions of HES gateway services for safer operation of attached networked
devices.
IEC 63044-4 specifies the identification and handling of corrupted messages by discarding or
resending them. However, a particular challenge is recognizing and responding appropriately
to a valid message that can create an unsafe operation because of the particular operating
environment of appliances and devices attached to a home or building network. Examples are
presented in this document.
The specifications in this document provide guidelines for making the operation of appliances
safer when attached to a home control system (hcs) network. An HES network is a type of hcs
that conforms to the family of HES standards consisting of documents related to the Home
Electronic System (HES) prepared by ISO/IEC JTC 1/SC 25. An HES network that includes an
HES gateway enhances the safety of operation of connected products. Thus, an HES network
can provide a higher level of safety for consumers than a generic hcs network.
NOTE ISO/IEC HES standards are identified by HES or "Home Electronic System" in the title.
Additional HES safety protections can be provided by the HES gateway, which is responsible
for:
– a communications interconnection between premises networks and wide area networks;
– a communications interconnection between dissimilar home and building area networks
within the same premises;
– interoperability and functional interworking among dissimilar home devices and
applications;
– a platform for hosting interoperable application services;
– cybersecurity protection of occupants' data, privacy, and safety.
The HES gateway functions are provided by gateway constituents called "service modules".
The HES gateway capability for monitoring message traffic between the home and the outside
provides cybersecurity protection and can enhance user safety when operating connected
devices and appliances remotely.
The HES gateway can include service modules specialized for monitoring and possibly blocking
external appliance messages that are determined to be unsafe. For example, the gateway can
correlate an appliance message with local data about occupancy, time-of-day, and the operation
of related appliances to determine if the message can cause an unsafe operation.
This document is based in part on the following safety-related documents:
a) IEC Guide 110:2014 [1] (second edition, replaced first edition published in 1996)
IEC Guide 110:2014 was developed to provide background information for technical
committees when dealing with safety requirements for products intended to be integrated in
a home control system. IEC Guide 110:2014 includes information on functional (operational)
safety as well as conventional electrical safety aspects relevant to home control systems.
b) ISO/IEC TR 14762:2000 [2]
ISO/IEC TR 14762:2000 extended IEC Guide 110 by providing requirements for functional
safety of home control networks and associated equipment in homes and buildings.
c) ISO/IEC 14762:2009 [3]
ISO/IEC 14762:2009 extensively revised ISO/IEC TR 14762:2000 by providing a list of
hazards and measures to counter them. It specifies safety protections associated with power
feeds (restarting, marking, and construction for proper connections), environmental issues
(heat, mechanical stress, and useful lifetime), foreseeable misuse (configuration and proper
firmware), operational software and communications, remote management, and operation.
d) IEC 63044-4:2021 [4]
IEC 63044-4:2021 is an updated version of ISO/IEC 14762:2009 with most of the original
content preserved, including the same sequence of normative clauses.
___________
Numbers in square brackets refer to the Bibliography.
ISO/IEC 15067-5 extends materials from IEC Guide 110 and ISO/IEC TR 14762 that were not
included in ISO/IEC 14762:2009 or IEC 63044-4:2021:
– remote commands and parameter settings (called "messaging") and the impact on appliance
safety;
– safety-related services for screening messages possibly provided by the HES gateway as
specified in the ISO/IEC 15045-3 series [5] and associated ISO/IEC 18012 series [6];
– risks posed by various categories of messages when appliances are controllable via hcs
networks using remote control from outside and inside the home.

1 Scope
This document addresses the safety of persons and premises when using devices and
appliances ("products") with interfaces to a communications network in a home or building
("premises"). Such products are called "networked appliances" and "networked products." This
document specifies basic requirements for safer operation of products that can be controlled
remotely via a connection to a communications network. The network can enable such products
to form integrated applications. These products can interact via the premises network and can
be controlled remotely from within the premises and from a wide area network outside
connected to the premises network via a communications gateway.
Recommendations and methods for remote-control message screening and guidelines for
selecting messages to minimize risk are specified. These specifications can enhance safety in
a home control system (hcs).
The safety requirements specified in this document apply together with any relevant product
safety standards.
NOTE 1 ISO/IEC HES standards are identified by HES or "Home Electronic System" in the title.
NOTE 2 This document addresses conditions of normal use and fault conditions throughout the lifetime of a product.
Sabotage, force majeure, and intentional damage are not addressed in this document.
NOTE 3 This document is not intended for safety-related equipment such a fire-detection and suppression system.
NOTE 4 "Networked applications" and "networked products" describe the same category of devices and are used
interchangeably in this document.
2 Normative references
There are no normative references in this document.
3 Terms, definitions, and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following
addresses:
– IEC Electropedia: available at https://www.electropedia.org/
– ISO Online browsing platform: available at https://www.iso.org/obp
3.1.1
cyberspace
whole of interconnected information processing systems, including the Internet, and of data
they are processing
[SOURCE: IEC 60050-171:2019 [7], 171-08-03]
3.1.2
cyberspace security
cybersecurity
freedom from unacceptable risk in cyberspace
[SOURCE: IEC 60050-171:2019 [7], 171-08-04, modified – The term "cybersecurity" has been
added.]
3.1.3
functional safety
part of the overall safety that depends on functional and physical units operating correctly in
response to their inputs
[SOURCE: IEC 60050-351:2013 [8], 351-57-06, modified – Note 1 to entry has been deleted.]
3.1.4
home control system
home network together with all the devices attached to it, including the rules for control,
communication and management among application processes
3.1.5
Home Electronic System
control and sensing system for homes and buildings based on ISO/IEC Home Electronic System
(HES) standards
Note 1 to entry: The referenced ISO/IEC standards normally include HES in the title of each standard.
3.1.6
product
device or appliance
Note 1 to entry: This definition applies to this document as a generic term.
3.1.7
public data network
telecommunication network established to provide data communication services to the public
[SOURCE: IEC 60050-721:1991 [9], 721-16-18]
3.1.8
remote control
control of an operation at a point distant from the controlled switching device
Note 1 to entry: Remote control can be achieved by using a hand-held transmitter that communicates by
electromagnetic or sonic means with a receiver that is part of the appliance.
Note 2 to entry: Remote control enables authorized persons, such as family members, carers, friends and
neighbours, to help at any time, whether this relates to the activation of a rarely used function of a product or in case
the cooking plate has not been switched off. Assistance by means of remote control can also be helpful with complex
operating sequences or in the event of a failure.
[SOURCE: IEC 60050-871:2018 [10], 871-04-26]
3.1.9
remote control unit
device that enables a user to provide remote control of a product
3.1.10
safety
protection from, or unlikelihood of causing, danger or injury
[SOURCE: ISO/IEC 15045-3-1:2024 [11], 3.1.8]
3.1.11
unsafe message
communications message for control or data for a product where the message is structured
properly, syntactically and semantically, and transmitted without detectable errors, but can
cause the product to operate in an unsafe mode
3.2 Abbreviated terms
hcs home control system
HES Home Electronic System
NOTE HES is the name of a related group of ISO/IEC standards specifying communications, interfaces,
applications, interoperability, network gateway, and cybersecurity protection for networks and networked devices on
premises (at a home or building).
4 Conformance
An hcs that conforms to ISO/IEC HES standards shall conform to the requirements for functional
safety specified in this document. Message selections to minimize risk as specified in Clause 6
shall be followed. Message risk assessment to prioritize message screening as specified in
Clause 7 shall be followed.
An hcs that does not conform to ISO/IEC HES standards should conform with the requirements
for functional safety specified in this document. Message selections to minimize risk as
specified in Clause 6 should be followed. Message risk assessment to prioritize message
screening as specified in Clause 7 should be followed.
In addition, the products integrated into an hcs should conform to relevant product safety
standards in combination with the framework for message safety specified in this document.
5 Enhancing safety for users of networked products
5.1 Objectives of safety protection
The intent of this document and related safety standards is to prevent personal injury or
equipment damage that can result from improper or inappropriate messages sent from a remote
control unit to control or deliver data to a product. The remote control unit signal can originate
on a network internal to the premises or from a public data network. The public data network
usually using a wide area network can connect to the local area network via a generic gateway
or an HES gateway.
This document specifies basic requirements for safer operation of appliances connected to a
communications network in the home, possibly with further connections to a public data network
outside the home for remote operation.
Methods to protect products operating in a networked environment can be implemented in the
product or in the HES gateway or in both. Recovery and operating procedures after abnormal
operation or in a fault condition are specified in this document.
This document concerns primarily the safety of occupants and products found in homes and
buildings including products on premises next to the home or building. Examples of such
energy-related products that are often located outside nearby include
– solar panels,
– wind turbines,
– equipment for managing local power (inverters, switches, etc.), and
– electric vehicle (EV) chargers.
5.2 Messages creating unsafe conditions
As IEC 63044-4 [4] specifies, corrupted messages shall be recognized and discarded or resent.
However, a particular challenge is recognizing and responding appropriately to a valid message
that can create an unsafe operation because of the particular operating environment. Examples
of valid messages that can create unsafe conditions are presented in Annex A.
This document addresses protection of persons and products resulting from an unsafe condit
...