Functional Safety

Anticipating the demands of new European legislation, Turolla has been developing products that help OEMs comply with Machinery Directive 2006/42/EC.

On December 29, 2009, the revised European Machinery Directive, 2006/42/EC, came into force. This legislation affects all OEMs that manufacture or sell off-highway vehicles within Europe.

To help our customers meet the new directive/standards, and enable them to create the mandatory Declaration of Conformity (DoC), Turolla will provide:

  • Data, such as Mean Time To dangerous Failure (MTTFd ), for our standard products
  • Specially designed products, to facilitate compliance with the new functional safety standards (to meet certain SIL or Performance Levels)

As a result, OEMs can speed up system development, reduce total installed costs, and bring off-highway vehicles to market faster.

New Legislation 

All off-highway vehicles manufactured or sold in Europe must comply with the revised Machinery Directive in order to establish an EC Declaration of Conformity (DoC) and CE mark their vehicles. As a result of the new Directive, international safety standards, such as the harmonized EN ISO 13849-1 standard, have been updated. New safety demands are also reflected in industry specific standards, for example, ISO/FDIS 25119 Agriculture and Forestry and ISO 15998 for Earth-moving machinery are considered as best practice when designing new vehicles.

Mandatory Risk Assessment 

According to 2006/42/EC, the manufacturer of machinery or his authorized representative must ensure that a hazard and risk analysis is carried out in order to determine the health and safety requirements which apply to the machinery. The machinery must then be designed and constructed taking into account the results of the risk assessment.

Functional Safety 

The new EN ISO 13849-1 standard extends and replaces the existing EN 954-1 standard (European Norm). EN ISO 13849-1 has been developed within the ISO community to ensure that it is not just a European standard, but a global standard. This new standard introduces a probabilistic approach to function verification based on the MTTFd sum of components and diagnostic coverage (DC).

Machinery Directive 2006/42/EC

The revised Machinery Directive 2006/42/EC replaced Machinery Directive 98/37/EC, (formally 89/392/EEC). The scope of the directive has been extended and the requirement relating to risk assessment has been made more explicit. All OEMs are required to perform and document a comprehensive hazard and risk analysis for all vehicle functions according to, for example, the new EN ISO 13849-1 standard. There is no transition period where both the current and new Machinery Directives are applicable. From December 29, 2009, OEMs must comply with the new Machinery Directive in order to establish an EC declaration of conformity (DoC).


EN ISO 13849-1

EN 954-1 is the standard that OEMs have followed in order to ensure compliance with European safety legislation. However, this standard will be phased out and replaced with EN ISO 13849-1:2009 “Safety of machinery – Safety-related parts of control systems.” In contrast to EN 954-1, the new ISO 13849-1 standard incorporates the quantification of component reliability approach of the IEC EN 61508 standard. This is a more comprehensive and hence more time consuming method of system qualification.

While both standards (EN 954-1 & EN ISO 13849-1) require OEMs to conduct a hazard and risk analysis, it is only the EN 954-1 that allows a deterministic approach of selecting system architecture based on the result of the risk analysis. EN 954-1 does not require component statistical life data in order to validate the system category.

In contrast, the new EN ISO 13849-1 standard introduces a probabilistic approach to function verification. Here the hazard and risk assessment results in Performance Levels (a, b, c, d, and e), which are comparable to the Safety Integrity Levels (SIL: a,1,2,3) from IEC 61508. Based on the derived Performance Level, a system architecture (category) is chosen for the safety function, and then verified. The sum of the components must meet the statistical minimum MTTFd and diagnostic coverage (DCavg), required by the standard (see Figure 2).

The following aspects are evaluated:

1. The category (CAT) / designated architectures
2. The mean time to dangerous failure (MTTFd)
3. The level of diagnostic coverage (DC)
4. The common cause failures (CCF)
5. The software safety requirements


More in this category: « Application know how