Functional Safety for Robotics: ISO 13849 Demystified

24 Apr 2026

How Effective Implementation Supports Safer Workplaces and more Reliable Robotic Systems

Functional safety is central to ensuring that robot systems maintain safe behavior even when faults occur. One of the most commonly used standards in this area is ISO 13849, which provides requirements for the design and evaluation of safety‑related control functions. While widely used across the robotics industry, the standard can be challenging to interpret in practice.

This blog provides an explanation of ISO 13849 and highlights what robot designers, integrators, and engineers need to understand when applying it.

Before applying ISO 13849, it is important to determine what safety functions the robot uses, which is derived from a formal risk assessment process. Standards such as ISO 12100 define how hazards are identified, risks are estimated, and decisions are made regarding necessary risk reduction. ISO 13849 then provides the method to ensure that safety-related control functions achieve the required reliability.

Understanding the Purpose of ISO 13849

ISO 13849 is intended to ensure that safety-related parts of control systems achieve an appropriate level of fault tolerance and reliability based on the risks associated with the machine. In robotics, these control functions may include emergency stopping, protective stops, enabling devices, safety-rated speed monitoring, and safe torque-off functions.

The standard does not dictate specific design solutions. Instead, it establishes a framework for selecting architectures, assessing reliability, and validating that the chosen solutions meet the required performance level.

Determining the Required Performance Level (PL_r)

The first step in applying ISO 13849 is determining the performance level required for each safety function. This determination is based on a combination of severity of harm, frequency of exposure, and the possibility of avoiding harm. Robot systems often require performance levels in the upper range because of proximity to human operators and the energy inherent in robotic movements.

The PL_r establishes the minimum safety integrity that the control system must achieve, setting the foundation for all subsequent design decisions.

Selecting an Appropriate Architecture Category

ISO 13849 defines five architecture categories: B, 1, 2, 3, and 4. These categories represent increasing levels of fault tolerance and diagnostic capability. The higher categories introduce redundancy and fault detection. Categories 3 and 4 are quite commonly used in robotics, where redundancy, reliability and continuous monitoring are essential.

Selecting the correct category involves understanding:

• how components behave under fault conditions
• whether faults can remain undetected
• how the system continues to operate or safely stop after a fault

This decision is crucial because architecture impacts not only reliability calculations but also the physical design of the system.

Evaluating Reliability Through MTTF_d and Diagnostic Coverage

Two important metrics within ISO 13849 are:

• Mean Time to Dangerous Failure (MTTF_d)
• Diagnostic Coverage (DC_avg)

These metrics quantify how likely it is for a dangerous failure to occur and how effectively the system can detect such failures. Calculating them requires detailed information about component reliability, monitoring strategies, and diagnostic behavior.

Challenges often arise when manufacturers lack complete component data or rely on assumptions that cannot be substantiated. Accurate evaluation requires careful engineering judgment and, in many cases, consultation with suppliers or functional safety specialists.

Assessing Common Cause Failures (CCF)

Redundancy can only improve safety if redundant channels do not fail for the same reason. ISO 13849 includes a structured method for evaluating the potential for common cause failures, considering factors such as environmental influences, routing and separation of wiring, diversity in components, and protection against contamination or vibration.

Meeting these requirements ensures that the system can tolerate faults without compromising safety.

Validating the Final Design

Validation is a mandatory requirement of ISO 13849. While the design may appear to work on paper, the validation demonstrates its conformance. The validation within ISO 13849 confirms that the correct performance level has been achieved, the architecture and reliability assumptions are correct, protective functions operate as intended, and the diagnostics operate effectively under realistic conditions.

Validation typically includes functional testing, analysis of control logic, simulation of fault conditions where feasible, and documentation describing what was tested and why.

Conclusion

ISO 13849 provides a comprehensive framework for ensuring that safety-related control functions in robotics meet defined integrity and reliability requirements. While the process can appear complex, applying the standard methodically helps ensure predictable system behavior, robust fault tolerance, and compliance with international norms. Effective implementation ultimately supports safer workplaces and more reliable robotic systems. With human-robot interactions increasing, robust functional safety design becomes even more vital to protect users, maintain productivity, and meet global regulatory expectations.