EN ISO 10218-1:2006

SLOVENSKI STANDARD
01-julij-2006
1DGRPHãþD
SIST EN 775:1998
SIST EN 775:1998/AC:1998
Roboti za industrijska okolja – Varnostne zahteve – 1. del: Robot (ISO 10218-
1:2006)
Robots for industrial environments - Safety requirements - Part 1: Robot (ISO 10218-
1:2006)
Industrieroboter - Sicherheitsanforderungen - Teil 1: Roboter (ISO 10218-1:2006)
Robots pour environnements industriels - Exigences de sécurité - Partie 1: Robot (ISO
10218-1:2006)
Ta slovenski standard je istoveten z: EN ISO 10218-1:2006
ICS:
25.040.30
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD
EN ISO 10218-1
NORME EUROPÉENNE
EUROPÄISCHE NORM
June 2006
ICS 25.040.30 Supersedes EN 775:1992
English Version
Robots for industrial environments - Safety requirements - Part
1: Robot (ISO 10218-1:2006)
Robots pour environnements industriels - Exigences de Roboter für Industrieumgebung - Sicherheit - Teil 1:
sécurité - Partie 1: Robot (ISO 10218-1:2006) Roboter (ISO 10218-1:2006)
This European Standard was approved by CEN on 19 May 2006.
CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European
Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national
standards may be obtained on application to the Central Secretariat or to any CEN member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CEN member into its own language and notified to the Central Secretariat has the same status as the official
versions.
CEN members are the national standards bodies of Austria, Belgium, Cyprus, Czech Republic, Denmark, Estonia, Finland, France,
Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania,
Slovakia, Slovenia, Spain, Sweden, Switzerland and United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
Management Centre: rue de Stassart, 36  B-1050 Brussels
© 2006 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 10218-1:2006: E
worldwide for CEN national Members.

Foreword
This document (EN ISO 10218-1:2006) has been prepared by Technical Committee ISO/TC 184
"Industrial automation systems and integration" in collaboration with Technical Committee CEN/TC
310 "Advanced Manufacturing Technologies", the secretariat of which is held by BSI.

This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by December 2006, and conflicting national
standards shall be withdrawn at the latest by December 2006.

This document supersedes EN 775:1992.

This document has been prepared under a mandate given to CEN by the European Commission
and the European Free Trade Association, and supports essential requirements of EU Directive(s).

For relationship with EU Directive(s), see informative Annex ZA, which is an integral part of this
document.
According to the CEN/CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Cyprus,
Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland,
Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania,
Slovakia, Slovenia, Spain, Sweden, Switzerland and United Kingdom.

Endorsement notice
The text of ISO 10218-1:2006 has been approved by CEN as EN ISO 10218-1:2006 without any
modifications.
ANNEX ZA
(informative)
Relationship between this European Standard and the Essential
Requirements of EU Directive for Machinery 98/37/EC

This European Standard has been prepared under a mandate given to CEN by the European
Commission and the European Free Trade Association to provide one means of conforming to
Essential Requirements of the New Approach Directive for Machinery 98/37/EC, amended by
Directive 98/79/EC.
Once this standard is cited in the Official Journal of the European Communities under that Directive
and has been implemented as a national standard in at least one Member State, compliance with
the normative clauses of this standard confers, within the limits of the scope of this standard, a
presumption of conformity with the corresponding Essential Requirements of that Directive and
associated EFTA regulations.
WARNING: Other requirements and other EU Directives may be applicable to the product(s) falling
within the scope of this standard.

INTERNATIONAL ISO
STANDARD 10218-1
First edition
2006-06-01
Robots for industrial environments —
Safety requirements —
Part 1:
Robot
Robots pour environnements industriels — Exigences de sécurité —
Partie 1: Robot
Reference number
ISO 10218-1:2006(E)
©
ISO 2006
ISO 10218-1:2006(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.

©  ISO 2006
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2006 – All rights reserved

ISO 10218-1:2006(E)
Contents Page
Foreword. iv
Introduction . v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions. 2
4 Hazard identification and risk assessment. 6
5 Design requirements and protective measures . 7
5.1 General. 7
5.2 General requirements. 7
5.3 Actuating controls . 8
5.4 Safety-related control system performance (hardware/software) . 9
5.5 Robot stopping functions . 10
5.6 Reduced speed control . 11
5.7 Operational modes . 11
5.8 Pendant controls. 12
5.9 Control of simultaneous motion . 14
5.10 Collaborative operation requirements. 14
5.11 Singularity protection. 15
5.12 Axis limiting. 15
5.13 Movement without drive power. 17
5.14 Provisions for lifting. 17
5.15 Electrical connectors. 17
6 Information for use . 17
6.1 General. 17
6.2 Instruction handbook . 18
6.3 Marking . 19
Annex A (normative) List of significant hazards . 20
Annex B (normative) Stopping time and distance metric . 22
Annex C (informative) Functional characteristics of 3-position enabling device. 24
Annex D (informative) Optional features. 25
Annex E (informative) Methods for mode labelling . 26
Bibliography . 27

ISO 10218-1:2006(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO 10218-1 was prepared by Technical Committee ISO/TC 184, Industrial automation systems and
integration, Subcommittee SC 2, Robots for industrial environments.
This first edition cancels and replaces ISO 10218:1992, which has been technically revised.
This wholly revised International Standard updates the document to bring it better in line with ISO 12100 and
the requirements to identify and respond in a type C standard to unique hazards, in this standard for industrial
robots. New technical requirements include, but are not limited to, safety-related control system performance,
robot stopping function, enabling device, programme verification, wireless pendant criteria, control of
simultaneous motion, collaborating robot criteria, and updated design for safety requirements.
ISO 10218 consists of the following parts, under the general title Robots for industrial environments — Safety
requirements:
⎯ Part 1: Robot
The following parts are under preparation:
⎯ Part 2: Robot system and integration
iv © ISO 2006 – All rights reserved

ISO 10218-1:2006(E)
Introduction
ISO 10218 has been created in recognition of the particular hazards that are presented by industrial robots
and industrial robot systems.
This document is a type C standard as stated in ISO 12100-1.
The machinery concerned and the extent to which hazards, hazardous situations and events are covered are
indicated in the scope of this document.
When provisions of this type C standard are different from those which are stated in type A or B standards, the
provisions of this type C standard take precedence over the provisions of the other standards for machines
that have been designed and built according to the provisions of this type C standard.
Hazards associated with robots are well recognized, but the sources of the hazards are frequently unique to a
particular robot system. The number and type(s) of hazard(s) are directly related to the nature of the
automation process and the complexity of the installation. The risks associated with these hazards vary with
the type of robot used and its purpose and the way in which it is installed, programmed, operated and
maintained.
NOTE 1 Not all of the hazards identified by ISO 10218 apply to every robot and nor will the level of risk associated with
a given hazardous situation be the same from robot to robot. Consequently the safety requirements and/or protective
measures may vary from what is specified in ISO 10218. A risk assessment may be conducted to determine what the
protective measures should be.
In recognition of the variable nature of hazards with different uses of industrial robots, ISO 10218 is divided
into two parts; Part 1 provides guidance for the assurance of safety in design and construction of the robot.
Since safety in the application of industrial robots is influenced by the design and application of the particular
robot system integration, Part 2 will provide guidelines for the safeguarding of personnel during robot
integration, installation, functional testing, programming, operation, maintenance and repair.
NOTE 2 While noise is generally considered a hazard associated with the industrial environment, the robot as defined
in 3.18 cannot be considered the final machine, rather the robot system as defined in 3.20 is the machine for noise
consideration. Therefore the hazard due to noise will be dealt with in ISO 10218-2.
ISO 10218 is not applicable to robots which were manufactured prior to its publication date.

INTERNATIONAL STANDARD ISO 10218-1:2006(E)

Robots for industrial environments — Safety requirements —
Part 1:
Robot
1 Scope
This part of ISO 10218 specifies requirements and guidelines for the inherent safe design, protective
measures and information for use of industrial robots, as defined in Clause 3. It describes basic hazards
associated with robots and provides requirements to eliminate, or adequately reduce, the risks associated with
these hazards.
Noise as a potential hazard is not dealt with in this part of ISO 10218, but will be fully covered in Part 2.
This part of ISO 10218 does not apply to non-industrial robots although the safety principles established in
ISO 10218 may be utilized for these other robots. Examples of non-industrial robot applications include, but
are not limited to: undersea, military and space robots, tele-operated manipulators, prosthetics and other aids
for the physically impaired, micro-robots (displacement < 1 mm), surgery or healthcare, and service or
consumer products.
NOTE 1 Requirements for robot systems, integration, and installation are covered in Part 2.
NOTE 2 Additional hazards may be created by specific applications (e.g. welding, laser cutting, machining). These
hazards may need to be considered during robot design.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO 9283:1998, Manipulating industrial robots — Performance criteria and related test methods
ISO 12100-1:2003, Safety of machinery — Basic concepts, general principles for design — Part 1: Basic
terminology, methodology
ISO 12100-2:2003, Safety of machinery — Basic concepts, general principles for design — Part 2: Technical
principles
ISO 13849-1:1999, Safety of machinery — Safety-related parts of control systems — Part 1: General
principles for design
ISO 13850, Safety of machinery — Emergency stop — Principles for design
ISO 13855, Safety of machinery — Positioning of protective equipment with respect to the approach speeds of
parts of the human body
ISO 14121:1999, Safety of machinery — Principles for risk assessment
IEC 60204-1:2005, Safety of machinery — Electrical equipment of machines — Part 1: General requirements
ISO 10218-1:2006(E)
IEC 61000-6-2, Electromagnetic compatibility (EMC) — Part 6-2: Generic standards — Immunity for industrial
environments
IEC 61000-6-4, Electromagnetic compatibility (EMC) — Part 6: Generic standards — Section 4: Emission
standard for industrial environments
3 Terms and definitions
For the purposes of this document, the definitions given in ISO 12100-1 and the following terms and
definitions apply.
3.1
actuating control
a) mechanical mechanism within a control device
EXAMPLE A rod which opens contacts.
b) device which initiates a (un)locking sequence
EXAMPLE Specialized key.
3.2
automatic mode
operating mode in which the robot control system operates in accordance with the task programme
[ISO 8373:1994, definition 5.3.8.1]
3.3
automatic operation
state in which the robot is executing its programmed task as intended
[ISO 8373:1994, definition 5.5]
3.4
collaborative operation
state in which purposely designed robots work in direct cooperation with a human within a defined workspace
3.5
collaborative workspace
workspace within the safeguarded space of the robot work cell, where the robot and a human can perform
tasks simultaneously during production operation
3.6
coordinated motion
control wherein the axes of the robot arrive at their respective end points simultaneously, giving a smooth
appearance to the motion and control wherein the motions of the axes are such that the tool centre point
(TCP) moves along a prescribed path (line, circle, or other)
3.7
cycle
single execution of a task programme
[ISO 8373:1994, definition 6.22]
3.8
drive power
energy source or sources for the robot actuators
2 © ISO 2006 – All rights reserved

ISO 10218-1:2006(E)
3.9
end-effector
device specifically designed for attachment to the mechanical interface to enable the robot to perform its task
EXAMPLES Gripper, nutrunner, welding gun, spray gun.
[ISO 8373:1994, definition 3.11]
3.10
energy source
any electrical, mechanical, hydraulic, pneumatic, chemical, thermal, potential, kinetic, or other sources of
power
3.11
hazardous motion
any motion that is likely to cause personal physical injury or damage to health
3.12
limiting device
device that restricts the maximum space by stopping or causing to stop all robot motion and is independent of
the control programme and the task programmes
3.13
local control
state of the system or portions of the system in which the system is operated from the control panel or
pendant of the individual machines only
[ISO 8373:1994, definition 5.3.8.2 modified]
3.14
manual mode
control state that allows the generation, storage, and playback of positional data points
3.15
pendant
teach pendant
hand-held unit linked to the control system with which a robot can be programmed or moved
[ISO 8373:1994, definition 5.8]
3.16 Programme
3.16.1
control programme
inherent set of instructions which defines the capabilities, actions, and responses of a robot system
NOTE This programme is fixed and usually not modified by the user.
[ISO 8373:1994, definition 5.1.2]
3.16.2
task programme
set of instructions for motion and auxiliary functions that define the specific intended task of the robot system
NOTE 1 This type of programme is normally generated by the user.
NOTE 2 An application is a general area of work, a task is specific within the application.
[ISO 8373:1994, definition 5.1.1]
ISO 10218-1:2006(E)
3.16.3
task programming
act of providing the task programme (3.16.2)
[ISO 8373:1994, definition 5.2.1]
3.16.4
programmer
person designated to prepare the task programme
[ISO 8373:1994, definition 2.17]
3.16.5
programme path
path traced by the TCP during the execution of a task programme
3.16.6
programme verification
execution of a task programme for the purpose of confirming the robot path and process performance
NOTE Verification may include the total programme path or a segment of the path. The instructions may be executed
in a single instruction or continuous instruction sequence. Verification is used in new applications and in fine tuning/editing
of existing ones.
3.17
protective stop
type of interruption of operation that allows an orderly cessation of motion for safeguarding purposes and
which retains the programme logic to facilitate a restart
3.18
robot
industrial robot
automatically controlled, reprogrammable multipurpose manipulator, programmable in three or more axes,
which may be either fixed in place or mobile for use in industrial automation applications
NOTE 1 The robot includes:
⎯ the manipulator (including actuators);
⎯ the controller including teach pendant, and any communication interface (hardware and software).
NOTE 2 This includes any additional axes which are controlled by the robot controller.
NOTE 3 The following devices are considered industrial robots for the purpose of this part of ISO 10218:
a) hand-guided robots;
b) the manipulating portions of mobile robots;
c) collaborating robots.
[ISO 8373:1994, definition 2.6 modified]
3.19
robot actuator
powered mechanism that converts electrical, hydraulic, or pneumatic energy to effect motion
4 © ISO 2006 – All rights reserved

ISO 10218-1:2006(E)
3.20
robot system
industrial robot system
system comprising:
⎯ robot;
⎯ end-effector(s);
⎯ any equipment, devices, or sensors required for the robot to perform its task
NOTE The robot system requirements are contained in ISO 10218-2.
[ISO 8373:1994, definition 2.14 modified]
3.21
simultaneous motion
motion of two or more robots at the same time under the control of a single control station and which may be
coordinated or may be synchronous with common mathematical correlation
EXAMPLE 1 Example of a single control station may be a teach pendant.
EXAMPLE 2 Coordination can be done as master/slave.
3.22
single point of control
ability to operate the robot such that initiation of robot motion is only possible from one source of control and
cannot be overridden from another initiation source
3.23
singularity
condition caused by the collinear alignment of two or more robot axes resulting in unpredictable robot motion
and velocities
3.24
reduced speed control
slow speed control
mode of robot motion control where the speed is limited to u 250 mm/s to allow persons sufficient time to
either withdraw from the hazardous motion or stop the robot
3.25
space
three dimensional volume encompassing the movements of all robot parts through their axes
3.25.1
maximum space
space which can be swept by the moving parts of the robot as defined by the manufacturer, plus the space
which can be swept by the end-effector and the workpiece
[ISO 8373:1994, definition 4.8.1]
3.25.2
restricted space
portion of the maximum space restricted by limiting devices that establish limits which will not be exceeded
[ISO 8373:1994, definition 4.8.2 modified]
ISO 10218-1:2006(E)
3.25.3
operating space
operational space
portion of the restricted space that is actually used while performing all motions commanded by the task
programme
[ISO 8373:1994, definition 4.8.3]
3.25.4
safeguarded space
space defined by the perimeter safeguarding devices
3.26
teach (programming)
programming performed by
a) manually leading the robot end-effector; or
b) manually leading a mechanical simulating device; or
c) using a teach pendant to move the robot through the desired actions
[ISO 8373:1994, definition 5.2.3]
3.27
teacher
person who provides the robot with a specific set of instructions to perform a task
NOTE See programmer (3.16.4).
3.28
tool centre point
TCP
point defined for a given application with regard to the mechanical interface coordinate system
[ISO 8373:1994, definition 4.9]
3.29
user
entity that uses robots and is responsible for the personnel associated with the robot operation
4 Hazard identification and risk assessment
Annex A contains a list of hazards that can be present with robots. A hazard analysis shall be carried out to
identify any further hazards that may be present.
A risk assessment shall be carried out on those hazards identified in the hazard identification. This risk
assessment shall give particular consideration to:
a) the intended operations at the robot, including teaching, maintenance, setting, and cleaning;
b) unexpected start-up;
c) access by personnel from all directions;
d) reasonably foreseeable misuse of the robot;
e) the effect of failure in the control system; and
f) where necessary, the hazards associated with the specific robot application.
6 © ISO 2006 – All rights reserved

ISO 10218-1:2006(E)
Risks shall be eliminated or reduced first by design or by substitution, then by safeguarding and other
complementary measures. Any residual risks shall then be reduced by other measures (e.g. warnings, signs,
training).
The requirements contained in Clause 5 have been derived from the iterative process of applying
safeguarding measures, in accordance with Figures 1 and 2 of ISO 12100-1:2003 and ISO 12100-2, to the
hazards identified in Annex A.
NOTE ISO 12100 and ISO 14121 provide requirements and guidance in performing hazard identification and risk
reduction.
5 Design requirements and protective measures
5.1 General
The robot shall be designed according to the principles of ISO 12100-1 for relevant hazards. Significant
hazards, such as sharp edges, are not dealt with by this document.
Robots and robot systems shall be designed and constructed to comply with the following requirements.
NOTE 1 The requirements for this clause can be satisfied by methods of verification including but not limited to:
⎯ A: visual inspection;
⎯ B: practical tests;
⎯ C: measurement;
⎯ D: observation during operation;
⎯ E: analysis of circuit diagrams.
NOTE 2 Recommended methods of verification of various requirements in this clause are shown in a note at the end of
each subclause in the form of [A, B, C, …] corresponding to the methods listed above.
5.2 General requirements
5.2.1 Power transmission components
Exposure to hazards caused by components such as motor shafts, gears, drive belts, or linkages shall be
prevented either by fixed guards or movable guards. Movable guards shall be interlocked with the hazardous
movements in such a way that the hazardous movements come to a stop before the hazards can be reached.
The safety related performance of an interlocking system shall conform to the requirements of 5.4.
NOTE [A, B, C].
5.2.2 Power loss or change
Loss of, or variations in power shall not result in a hazard.
Re-initiation of power shall not lead to any motion.
End-effectors shall be designed and constructed so that loss or change of electrical, hydraulic, pneumatic or
vacuum power shall not result in a hazard. If this is not feasible, then other methods of safeguarding shall be
provided to protect against hazards.
Tool change systems shall be designed and installed to only allow release of tools when the tool is in an
assigned location and release shall not create a hazard.
NOTE 1 See IEC 60204-1 for electrical power supply requirements.
NOTE 2 [B, E].
ISO 10218-1:2006(E)
5.2.3 Component malfunction
Robot components shall be designed, constructed, secured, or contained so that hazards caused by breaking
or loosening, or releasing stored energy are minimized.
NOTE [A, B, D].
5.2.4 Sources of energy
A means of isolating any electrical, mechanical, hydraulic, pneumatic, chemical, thermal, potential, kinetic or
other hazardous energy source to the robot shall be provided. This means shall be provided with capability of
locking or otherwise securing in the de-energized position.
NOTE [A, B, C, E].
5.2.5 Stored energy
A means shall be provided for the controlled release of stored hazardous energy. A label shall be affixed to
identify the stored energy hazard.
NOTE 1 Stored energy can be air and hydraulic pressure accumulators, capacitors, batteries, springs, counter
balances flywheels, etc.
NOTE 2 [B, D, E].
5.2.6 Electromagnetic compatibility (EMC)
The design and construction of the robot shall be in accordance with IEC 61000 to prevent hazardous motion
or situations due to the effects of electromagnetic interference (EMI), radio frequency interference (RFI) and
electrostatic discharge (ESD).
NOTE 1 See IEC 61000-6-2 and IEC 61000-6-4.
NOTE 2 [A, B, C, E].
5.2.7 Electrical equipment
The robot electrical equipment shall be designed and constructed according to the relevant requirements of
IEC 60204-1.
NOTE [A, B, E].
5.3 Actuating controls
5.3.1 General
Actuating controls that initiate power or motion shall be designed and constructed to meet the performance
criteria mentioned in 5.3.2 to 5.3.5.
5.3.2 Protection from unintended operation
Actuating controls shall be constructed or located so as to prevent unintended operation. For example, a
guarded push-button or key selector switch in appropriate locations may be used.
NOTE [A, B].
5.3.3 Status indication
The status of the actuating controls shall be indicated, e.g. power on, fault detected, automatic operation.
NOTE [A, B, D].
8 © ISO 2006 – All rights reserved

ISO 10218-1:2006(E)
5.3.4 Labelling
Actuating controls shall be labelled to clearly indicate their function.
NOTE [A].
5.3.5 Single point of control
The robot control system shall be designed and constructed so that when the robot is placed under local
pendant control or other teaching device control, initiation of robot motion or change of local control selection
from any other source shall be prevented.
NOTE [B, D, E].
5.4 Safety-related control system performance (hardware/software)
5.4.1 General
Safety-related control systems (electric, hydraulic, pneumatic, and software) shall meet the performance
criteria listed in 5.4.2 as a minimum, unless the results of a risk assessment determine that an alternate
performance criteria per 5.4.3 is appropriate. The safety-related control system performance that the piece of
equipment meets shall be clearly stated in the information for use provided with the equipment.
For the purpose of this part of ISO 10218, safety-related control system performance is stated as categories
as described in ISO 13849-1:1999. Other standards offering alternative performance requirements such as
control reliability, performance levels, and safety integrity levels may also be used. When using these
standards to design safety-related control systems, care should be taken to ensure that an equivalent level of
risk reduction is achieved.
5.4.2 Performance requirement
When safety-related control systems are required, the safety-related parts shall be designed so that:
a) a single fault in any of these parts shall not lead to the loss of the safety function;
b) whenever reasonably practicable, the single fault shall be detected at or before the next demand upon the
safety function;
c) when the single fault occurs, the safety function is always performed and a safe state shall be maintained
until the detected fault is corrected; and
d) all reasonably foreseeable faults shall be detected.
This requirement is considered to be a category 3 as described in ISO 13849-1:1999
NOTE 1 This requirement of single fault detection does not mean that all faults will be detected. Consequently, the
accumulation of undetected faults can lead to an unintended output and a hazardous situation at the machine. Typical
examples of practicable measures for fault detection are the connected movement of relay contacts or monitoring of
redundant electrical outputs. A suitable failure mode analysis should be made to determine that all reasonably foreseeable
faults are considered.
NOTE 2 [B, D, E].
5.4.3 Other control system performance criteria
The results of a comprehensive risk assessment performed on the robot and its intended application may
determine that a safety-related control system performance other than category 3 (i.e. categories 2 or 4) is
warranted for the application. Other performance criteria are described in ISO 13849-1:1999.
ISO 10218-1:2006(E)
Selection of one of these other safety-related performance criteria shall be specifically identified, and
appropriate limitations and cautions shall be included in the information for use provided with the affected
equipment.
NOTE [B, D, E].
5.5 Robot stopping functions
5.5.1 General
Every robot shall have a protective stop function and an independent emergency stop function. These
functions shall have provision for the connection of external protective devices. Optionally an emergency stop
output signal may be provided according to Annex D. Table 1 shows a comparison of the emergency stop and
protective stop functions.
Table 1 — Comparison of emergency and protective stops
Emergency stop Protective stop
Location Operator has quick, unobstructed access Determined by the safety distance formula
Initiation Manual Automatic or manual
Safety system ISO 13849-1:1999 category 3 or as determined by ISO 13849-1:1999 category 3 or as determined
performance risk assessment by risk assessment
Reset Manual only Manual or automatic
Infrequent, Variable,
Use frequency
only in emergency every cycle to infrequent
Effect Remove energy sources to all hazards Control the safeguarded hazard
NOTE [B, D, E].
5.5.2 Emergency stop function
Each control station capable of initiating robot motion or other hazardous situation shall have a manually
initiated emergency stop function that:
a) complies with requirements of 5.4 and IEC 60204-1:2005, 9.2.5.4.2;
b) takes precedence over all other robot controls;
c) causes all hazards to stop;
d) removes drive power from the robot actuators;
e) removes any other hazard controlled by the robot;
f) remains active until it is reset; and
g) shall only be reset by manual action that does not cause a restart after resetting, but shall only permit a
restart to occur.
Selection of a category 0 or category 1 stop for the function shall be determined from the risk assessment
according to IEC 60204-1:2005, 9.2.2.
When an emergency stop output signal is provided:
⎯ the output shall continue to function when the robot power is removed; or
⎯ if the output does not continue to function when the robot power supply is removed, an emergency stop
signal shall be generated.
10 © ISO 2006 – All rights reserved

ISO 10218-1:2006(E)
The emergency stop device shall be in accordance with IEC 60204-1:2005, 10.7 and ISO 13850.
NOTE [A, B, D, E].
5.5.3 Protective stop
The robot shall have one or more protective stop circuits (stop category 0 or 1, as described in accordance
with IEC 60204-1:2005, 9.2.2), designed for the connection of external protective devices.
NOTE [B, D, E].
This stop circuit shall control the safeguarded hazard by causing a stop of all robot motion, removing power
from the robot drive actuators, and causing any other hazard controlled by the robot system to cease. This
stop may be initiated manually or by control logic.
The protective stop function performance shall comply with the requirements of 5.4.
NOTE [B, D, E].
5.6 Reduced speed control
When operating under reduced speed control, the speed of the end-effector mounting flange and of the tool
centre point (TCP) shall not exceed 250 mm/sec. It should be possible to select speeds lower than
250 mm/sec.
Reduced speed control shall be designed and constructed so that in the event of any single reasonably
foreseeable malfunction, the speed of the mounting flange and of the TCP shall not exceed the reduced
speed velocity limits.
An off-set feature shall be provided to enable the TCP speed to be adjusted.
NOTE [B, C].
5.7 Operational modes
5.7.1 Selection
Operational modes shall be selected by a secure means that only enables the selected mode; e.g. a key
operated switch or other means that provide an equivalent security (i.e. supervisory control).
These means shall
a) unambiguously indicate the selected operating mode; and
b) by themselves not initiate robot motion or other hazards.
An optional output(s) may be provided to indicate the mode selected. When provided for safety-related
purposes, the output(s) shall comply with the requirements of 5.4 (see Annex D).
NOTE 1 Methods for mode labelling are illustrated in Annex E.
NOTE 2 [B, D, E].
5.7.2 Automatic
In automatic mode, the robot shall execute the task programme. The robot controller shall not be in manual
mode and the safeguarding measures shall be functioning.
Automatic operation shall be prevented if any stop condition is detected.
Switching from this mode shall result in a stop.
NOTE [A, D, E].
ISO 10218-1:2006(E)
5.7.3 Manual reduced speed
Manual reduced speed mode shall meet the requirements of 5.3.4 and 5.6 and shall allow a robot to be
operated by human intervention. Automatic operation is prohibited in this mode. This mode is used for jogging,
teaching, programming and programme verification of the robot; it may be the mode selected when performing
some maintenance tasks.
Information for use shall contain appropriate instructions and warnings that, wherever possible, the manual
mode of operation shall be performed with all persons outside the safeguarded space. Prior to selecting
automatic mode, any suspended safeguards shall be returned to their full functionality.
NOTE 1 Previously, this mode was also known as T1 or teach.
NOTE 2 [B, C, D, E].
5.7.4 Manual high-speed
If this mode is provided, speeds > 250 mm/sec can be achieved. In this case, the robot shall:
a) have a means to select manual high speed mode which requires a deliberate action (e.g. a key switch on
the robot control panel) and an additional confirming action;
b) default to a speed u 250 mm/sec upon selection of manual high speed mode;
c) provide a pendant conforming to 5.8 with an additional hold to run device, exclusive to this mode, that
permits robot motion to continue;
d) provide on the pendant a means to adjust the speed from the default value to the full programmed value;
and
e) provide on the pendant an indication of the adjusted speed (e.g. by a highlight on the pendant display).
NOTE 1 This optional manual mode has previously been known as T2, or high-speed programme verification.
NOTE 2 [B, C, D, E].
5.8 Pendant controls
5.8.1 General
Where a pendant control or other control device has the capability to control the robot from within the
safeguarded space, the requirements in 5.8.2 to 5.8.7 shall apply.
NOTE This applies to any device used to control a robot from within the safeguarded space while drive power is
applied to any of the robot axes. This includes robots with powered lead-through teach, whether using robot-mounted
manual controls or main/secondary teaching controls.
5.8.2 Motion control
Motion of the robot initiated from the pendant or teaching control device shall be under reduced speed control
as described in 5.6. When the pendant contains provisions for selecting higher speeds, the robot system shall
meet the requirements in 5.7.4. All buttons and other devices on the pendant that cause robot motion shall
stop motion when the button or device is released.
NOTE [B, D, E].
12 © ISO 2006 – All rights reserved

ISO 10218-1:2006(E)
5.8.3 Enabling device
The pendant or teaching control device shall have a three position enabling device in accordance with
IEC 60204-1:2005, 10.9 that, when continuously held in a centre-enabled position, permits robot motion and
any other hazards controlled by the robot. The enabling device shall demonstrate the following performance
characteristics:
a) the enabling device may be integral with, or physically separate from (e.g. a grip-type enabling device),
the pendant control and shall operate independently from any other motion control function or device;
b) release of or compression past the centre-enabled position of the device shall stop hazards (e.g. robot
motion) in accordance with 5.4;
c) when more than one enabling switch is used on a single enabling device (i.e. allowing alternating left
and/or right hand operation without stopping), fully depressing any switch shall override the control of the
other switches and cause a protective stop;
d) when more than one enabling device is in operation (i.e. more than one person are in the safeguarded
space with an enabling device), motion shall only be possible when each device is held in the centre
(enabled) position at the same time;
e) dropping the enabling device shall not result in a failure that woul
...