Skip to main content

Introduction

The manufacturer of machinery, as well as the user, should apply all technical and organisational measures available in order to ensure the safety of machine operators. This article outlines the general rules for approaching safety issues that should be taken into account by machinery designers in the design process e.g. inherently safe design, safeguarding and complementary protective measures, information for use, etc. Safety measures to be implemented by the user are also discussed.

Common accidents

EUROSTAT statistics demonstrate that in 2021 around 300 fatal accidents occurred at work related to the use of machinery and equipment[1]. These figures show that safety of machinery and work equipment is a key component of managing occupational safety and health (OSH) in many workplaces. According to standard EN ISO 12100:2010[2], both the manufacturers and users of the machinery should implement all the available measures to reduce risks entailed by machine operation.

Placing on the market and putting into service

Directive 2006/42/EC on machinery[3] lays down health and safety requirements for the design and construction of machinery, placed on the European market. Directive 2006/42/EC has been repealed by Regulation (EU) 2023/1230 on machinery[4]. This Regulation applies from 14 January 2027. The key points of the Directive and the Regulation are similar. The Directive (and also the Regulation) defines the mandatory essential health and safety requirements that machinery products must fulfil to be placed on the European market, as well as the procedures for assessing their conformity (see figure 1), while the technical details are mainly provided through European harmonised standards elaborated by European standards organisations. The CE marking indicates that the machinery product meets the health and safety requirements in place and can be traded without restriction in the internal market.

Figure 1: Conformity assessment procedures according to Directive 2006/42/EC

Figure 1: Conformity assessment procedures according to Directive 2006/42/EC

Safety measures should be applied by machinery manufacturers, according to the results of risk assessment taking into account both the intended use of machinery and any reasonably foreseeable misuse. More detailed guidelines for the implementation of safety measures can be found in the standards. The updates of the list of standards harmonised with Directive 2006/42/EC are published in the Official Journal of the European Union. To prove that safety measures have been applied in a proper way during the design and manufacturing processes, machine manufacturers should apply one of the conformity assessment procedures presented in figure 1 prior to marketing any new product[3].

Implementation of safety measures by the manufacturer

The manufacturer’s obligations are specified in Machinery Directive 2006/42/EC, which imposes the requirement that the manufacturer of machinery should eliminate hazards or reduce risks associated with these hazards by applying safety measures in the following order:

  • inherently safe design;
  • safeguarding and implementation of complementary protective measures (see below Complementary protective measures);
  • informing user about the residual risk.

Inherently safe design

Taking the inherently safe design approach is the most efficient risk-reducing safety measure, which consists of:

  • hazard elimination or reduction to the furthest extent possible through the right choice of the machine design features,
  • minimising personal exposure to hazards, through reduction of the number of necessary interventions within the danger zones.

The fundamental principle in machine design stipulates that, where feasible given the intended use of the machine, all accessible parts should have no sharp edges, sharp corners, rough surfaces, protruding parts, etc. Many hazards of the machine can be eliminated by means of choosing proper shapes and employing proper arrangement of mechanical parts. For example, injuries caused by a moving part can be eliminated by placing that part out of the machine operator’s reach.

Safeguarding

The hazards that cannot be eliminated using the inherently safe design approach should be reduced by means of the application of guards or protective devices (safeguarding).

Guards

All types of devices of all types that create a physical barrier between a person and a hazardous mechanical part of a machine and are specifically fitted to ensure the safety of the operator are classified as guards. Therefore, covers, doors, fences, etc. also perform guarding functions. Guards should:

  • be of robust construction,
  • be difficult to remove or switch off,
  • be situated at a proper distance from the danger zone,
  • pose the least possible number of obstacles to the working process,
  • allow performance of required operations like installation, tool changing or maintenance, providing only limited access to the area where the operations are to be performed, and without the necessity for removal, if possible.

Generally, guards can be classified in view of the way they are mounted, their working concept and adjustability. There are two ways of installing guards:

  • securing by means of inseparable connection or with the use of separable connections that prevent opening or removal without (special) tools; often referred to as fixed guards.
  • mounting with the use of mechanical elements, which allows them to be opened without any tools. Guards of this type are called movable guards.

The working principle of the guard may consist of:

  • independent operation of the guard, however the guard is effective only when closed. It should be noted that for a fixed guard, the term “closed" means “connected to the area of its installation",
  • working in combination with an interlock, supplied or not with guard locking.

Guard locking refers to protective measures preventing any operations of the machine that may pose mechanical hazards while the guard is open. Opening of the guard during machine operations results in the stoppage of the machine’s dangerous motions. These functions can be performed when the guard is closed, however the singular action of closing the guard does not actuate those functions. Guards of that type are called interlocking ones.

In all cases where operator’s access to the danger zone in the course of normal working is not required, fixed guards should be used. Movable guards are employed when there is the necessity for the operator to enter the danger zone frequently.

Protective device

When it is impossible to apply guards, sensitive protective devices are used to reduce risk. There are several types of these devices. Optoelectronic protective devices (light curtains, scanning devices like laser scanners) and pressure-sensitive devices (mats, trip bars, trip wires etc.) are often used.

Protective devices that do not create actual physical barriers perform their protective functions by means of generating a signal that stops a dangerous motion of a given machine component after having detected that a part of the operator’s body is too close to the danger zone. In this way, they ensure that a dangerous motion (e.g. that of press slide) will be stopped before the operator could potentially enter the danger zone. For this reason, guards of this type can be used only in machines in which the structure allows for automatic stop of a dangerous motion within a short time frame, sufficient to perform this automatic stop. Besides only stopping, the devices also perform the function of interlocking the dangerous motion of a machine component when the presence of a human has been detected within the protected zone.

When implementing protective devices, consideration should be given to:

  • size, characteristics and positioning of the detection zone,
  • reaction of the device to fault conditions,
  • possibility of circumvention, and
  • detection capability and its variation in time.

Sensitive protective equipment should be integrated into the machine’s operations and associated with the control system so that:

  • a command is given as soon as a person or part of a person is detected,
  • withdrawal of the person or part of a person detected does not, by itself, restart the hazardous machine function(s), and the control system maintains the command given by the sensitive protective equipment until a new command is given,
  • restarting the hazardous machine function(s) is a result of voluntary actuation by the operator of the control device placed outside the hazard zone where this zone can be observed by the operator,
  • the machine cannot operate during interruption of the detection function of the sensitive protective equipment, except during muting phases, and
  • the position and the shape of the detection field prevents, possibly together with fixed guards, a person or part of a person from entering or being present in the hazard zone without being detected.

Functional safety of machinery control system

If failure of a control function performed by a control system can result in an immediate increase in risk, then this function is named a “safety function". Generally, safety functions can be implemented for the reduction of risk associated with the following three groups of hazards:

  • improper machine operation;
  • failure of technological processes caused by a substantial change or deviation in physical parameters from standard values due to unexpected events;
  • mechanical hazards.

The following safety functions are most common:

  • safety-related stop function initiated by a safeguard;
  • manual reset function;
  • start/restart function;
  • local control function;
  • muting function;
  • monitoring of parameterisation of safety-related input values;
  • response time;
  • monitoring of safety-related parameters such as speed, temperature or pressure;
  • reaction to fluctuations, loss and restoration of power sources.

Fault of these functions can increase risk. Therefore designers of the safety related control systems should apply structures that improve their resistance to fault. Control system resistance to fault can be improved through reduction of the probability of fault appearance, or by taking steps to ensure that a possible fault would not be a dangerous one. Improvements can be achieved by applying good practice tools and principles (examples can be found in standard EN ISO 13849-2:2012 Safety of machinery – safety-related parts of control systems – part 2: Validation[5][), and by including additional safety systems that detect faults.

Basic rules for improving control system resistance to fault were formulated in standard EN 954-1:1995 “Safety of machinery. Safety-related parts of control systems – Part 1: General principles for design"[4], where, depending on their behaviour under fault conditions, devices were classified into 5 categories. This standard has been repealed and replaced by EN ISO 13849-1:2023. In this standard, system categories, depending on their resistance to faults, remained the same as those defined in EN 954-1:1995. Additionally, a specified architecture is designated for each category. Each system is characterised by the following parameters: Mean time to failure (MTTF), Diagnostic coverage (DC) and Common cause failure factor (CCF). The 5 performance levels (PL) represent the system resistance to faults.

Standard EN IEC 62061:2021 Safety of machinery - functional safety of safety-related control systems should be applied to machine control systems. The standard classifies safety related systems into 3 safety integrity levels (SILs). 

Complementary protective measures

Protective measures not covered by the categories of inherently safe design, safeguarding (implementation of guards and/or protective devices) and information for use, may still have to be implemented as required by the intended use and reasonably foreseeable misuse of the machine. Such measures include, but are not limited to:

  • components and elements to achieve emergency stop function;
  • measures for escape and rescue of trapped persons;
  • measures for isolation and energy dissipation;
  • provisions for easy and safe handling of machines and their heavy component parts;
  • measures for safe access to machinery.

Information for use

When risks persist despite the adoption of measures for inherent safe design, safeguarding and complementary protection, the user should be informed about residual risk.

Depending on the risk and the point at which information is required for the user and the machine design, it shall be decided whether the information – or parts thereof – are to be given:

  • on the machine itself,
  • in accompanying documents,
  • on the packaging,
  • by other means, such as signals and warnings outside the machine.

Information and warnings on machinery should preferably be provided in the form of readily understandable symbols or pictograms. Warning signals must be unambiguous and easily perceived. The operator must have facilities to check the operation of the warning devices at all times.

Visual signals, such as flashing lights and audible signals such as sirens may be used to warn of an impending hazardous event, such as machine start-up or over-speed. Such signals may also be used to warn the operator before the triggering of automatic protective measures. Machinery shall bear all the necessary markings:

  • for unambiguous identification,
  • in order to indicate compliance with mandatory requirements,
  • for safe use.

The instruction handbook or other written instructions shall contain all information necessary for safe commissioning, operating, adjusting and maintenance of the machine.

Implementation of safety measures by the user of machinery and work equipment

Based on the information for use provided by the designer, the machine user should implement safety measures for reducing residual risks that remain despite inherent safe design measures, safeguarding and complementary protective measures adopted.

The requirements on the use of work equipment (including machinery) are laid down in Directive 2009/104/EC[6]. The main obligation consists in taking measures to ensure that the work equipment is suitable for the work to be carried out. If necessary, work equipment should be properly adapted to the work in such a way that workers can use it without impairment to their safety or health.

Additional safeguarding

The employer should ensure that work equipment is installed, located and used in a way that the risks to the operators and other workers have been reduced. In particular, sufficient space between moving parts of work equipment and fixed or moving parts should be allowed. Very often, the application of additional safeguarding is necessary, which might result from a particular location or way of machine installation. In such a case, the application of fixed guards should be considered first. However, if for technological reasons access to danger zones is required, movable guards or protective devices should be applied. The same rules as those formulated for the machinery manufacturer apply when installing additional safeguards.

Work organisation and procedures

Proper work organisation is of crucial importance in ensuring safe operation of the work equipment. All operations should be performed according to established safe working procedures. When the use of work equipment is likely to involve a specific risk to the safety or health of workers, the employer should take necessary measures to ensure that the use of work equipment is restricted solely to persons given the task of using it. In the case of high risk (e.g. high voltage), work should be performed by at least two persons. Written permission for conducting such work should be issued (work permits). In the case of repairs, modifications, maintenance or servicing, specifically designated workers should carry out such works.

Use of personal protective equipment

Personal protective equipment (PPE) must be used when the risks cannot be avoided or sufficiently limited by technical or organisational measures. PPE are devices or equipment designed to be carried or held by a worker to protect him/her against single or multiple risks that may affect his/her health or safety at work.

Training

The employer must ensure that workers receive appropriate training on the risks of using machinery. It is especially important in the case of workers carrying out repairs, modifications, and maintenance or servicing tasks.

Inspection of work equipment

Long-term results of using a machine usually consist in constant degradation of its sub-assemblies, due to both material deterioration and mechanical wear. The aforementioned phenomena, if not investigated in a proper way, may cause machine failure. If safety-related elements fail, accidents may happen. Therefore, work equipment should be periodically inspected. The frequency and scope of the inspection should be determined based on the manufacturer’s information enclosed in the “Information for use”. One should also consider the intensity of machine exploitation and the risk level arising in operation of the machine.  Directive 2009/104/EC[6] specifies the following types of inspection:

  • initial inspection (after installation and before first being put into service) and an inspection after assembly at a new site or in a new location
  • periodic inspections and, where appropriate, testing within the means of national laws and/or practices
  • special inspections each time exceptional circumstances that are liable to jeopardise the safety of the work equipment have occurred, such as work modification, accidents, natural phenomena or prolonged periods of inactivity.

The main goal of those inspections consists in ensuring that health and safety conditions are maintained and that deterioration liable to result in dangerous situations can be detected and remedied in good time.

Conclusions

Using machinery and work equipment exposes workers to multiple risks. Ensuring machine operator safety requires application of safety measures as effective as possible. Technological development allows for designing more and more effective protective devices. The role of control systems as applied to risk reduction becomes more and more significant. Both manufacturers and users of the machine should apply the aforementioned measures. The only way to reduce accident rates in machine operations is through proper application of technical safety means by the machine manufacturer and proper monitoring of them by the user, combined with adequate organisational procedures.

Références

[1] Eurostat. Data browser. Accidents at work by sex, age, severity, NACE Rev. 2 activity and material agent of specific physical activity (hsw_ph3_05).

[2] EN ISO 12100:2010. Safety of machinery — General principles for design — Risk assessment and risk reduction. Available at: https://www.iso.org/standard/51528.html

[4] Regulation (EU) 2023/1230 of the European Parliament and of the Council of 14 June 2023 on machinery. Available at: https://osha.europa.eu/en/legislation/directive/regulation-20231230eu-machinery

[5] EN ISO 13849-2:2012 Safety of machinery — Safety-related parts of control systems. Part 2: Validation.

[6] Directive 2009/104/EC of 16 September 2009 concerning the minimum safety and health requirements for the use of work equipment by workers at work. Available at: https://osha.europa.eu/en/legislation/directives/3

Lectures complémentaires

EU-OSHA – European Agency for Safety and Health at Work. Safe maintenance in practice. Report, 2010. Available at: https://osha.europa.eu/en/publications/safe-maintenance-practice

EU-OSHA – European Agency for Safety and Health at Work. The human machine interface as an emerging risk. Literature review, 2009. Available at: https://osha.europa.eu/en/publications/human-machine-interface-emerging-risk

EU Commission. Machinery. Available at: https://single-market-economy.ec.europa.eu/sectors/mechanical-engineering/machinery_en

Contributeur
Klaus Kuhl

Marek Dzwiarek

Central Institute for Labour Protection - National Research Institute, Poland

Mike Draper

Richard Graveling

Karla Van den Broek

Prevent, Belgium