Safety of machinery and work equipment

From OSHWiki
Jump to: navigation, search

Marek Dźwiarek, Central Institute for Labour Protection - National Research Institute, Poland


The manufacturer of machinery, as well as the user, should apply all technical and organisational measures available in order to ensure the safety of machine operators. This article outlines the general rules for approaching safety issues that should be taken into account by machinery designers in the design process e.g. inherently safe design, safeguarding and complementary protective measures, information for use, etc. Safety measures to be implemented by the user are also discussed.

Common accidents

EUROSTAT reports that in 2003–2005, about 500 fatal accidents related to machine safety occurred in the EU. In 2005, accidents due to machine and work equipment operation causing more than 3-day work absences occurred in the EU more than 170,000 times. This means that the rate of fatal accidents was 4 per 100,000, while the rate of accidents causing more than a 3-day-absence of machine operators was 7,000 per 100,000. Therefore, according standard ISO 12100:2010, both the manufacturers and users of the machinery should implement all the available measures to reduce risks entailed by machine operation[1].

Placing on the market and putting into service

Figure 1: Conformity assessment procedures according to Directive 2006/42/EC

All safety measures should be applied by machinery manufacturers, according to the results of risk assessment taking into account both the intended use of machinery and any reasonably foreseeable misuse. More detailed guidelines for the implementation of safety measures can be found in the standards published by ISO Technical Committee 199 “Safety of machinery” and IEC Technical Committee 44 “Safety of machinery – electrotechnical aspects”.

In the EU, those standards have been adapted by CEN Technical Committee 114 “Safety of machinery” and CENELEC Technical Committee 44X “Safety of machinery: electrotechnical aspects”. The list of standards harmonised with Directive 2006/42/EC was published in the Official Journal of the European Union. To prove that safety measures have been applied in a proper way during the design and manufacturing processes, machine manufacturers should apply one of the conformity assessment procedures presented in figure 1 prior to marketing any new product[2].

Implementation of safety measures by the manufacturer

The manufacturer’s obligations are specified in Machinery Directive 2006/42/EC, which imposes the requirement that the manufacturer of machinery should eliminate hazards or reduce risks associated with these hazards by applying safety measures in the following order:

  • inherently safe design;
  • safeguarding and implementation of complementary protective measures (see below 3.3 Complementary protective measures);
  • informing user about the residual risk.

Inherently safe design

Taking the inherently safe design approach is the most efficient risk-reducing safety measure, which consists of:

  • hazard elimination or reduction to the furthest extent possible through the right choice of the machine design features,
  • minimizing personal exposure to hazards, through reduction of the number of necessary interventions within the danger zones.

Here, the basic rule for machine design stipulates that, where the intended use of the machine allows that, all accessible parts of the machine should have no sharp edges, sharp corners, rough surfaces, protruding parts, etc. Many hazards of the machine can be eliminated by means of choosing proper shapes and employing proper arrangement of mechanical parts. For example, injuries caused by a moving part can be eliminated by placing that part out of the machine operator’s reach.


The hazards that cannot be eliminated using the inherently safe design approach should be reduced by means of the application of guards or protective devices (safeguarding).


Devices of all types creating physical barriers between a human and a dangerous mechanical part of a machine and having been applied specifically to ensure operator’s safety are classified as guards. Therefore, covers, doors, fences, etc. also perform guarding functions. Guards should:

  • be of robust construction,
  • be difficult to remove or switch off,
  • be situated at a proper distance from the danger zone,
  • pose the least possible number of obstacles to the working process,
  • allow performance of required operations like installation, tool changing or maintenance, providing only limited access to the area where the operations are to be performed, and without the necessity for removal, if possible.

Generally, guards can be classified in view of the way they are mounted, their working concept and adjustability. There are two ways of installing guards:

  • securing by means of inseparable connection or with the use of separable connections that prevent opening or removal without (special) tools; often referred to as fixed guards.
  • mounting with the use of mechanical elements, which allows them to be opened without any tools. Guards of this type are called movable guards.

The working principle of the guard may consist of:

  • independent operation of the guard, however the guard is effective only when closed. It should be noted that for a fixed guard, the term “closed” means “connected to the area of its installation”,
  • working in combination with an interlock, supplied or not with guard locking.

Guard locking refers to protective measures in which the guard prevents performance of any operations of the machine that may pose mechanical hazards while the guard is open. Opening of the guard in the course of performing any of the aforementioned operations results in the stoppage of the machine’s dangerous motions. These functions can be performed when the guard is closed, however the singular action of closing the guard does not actuate those functions. Guards of that type are called interlocking ones.

In all cases where operator’s access to the danger zone in the course of normal working is not required, fixed guards should be used. Movable guards are employed when there is the necessity for the operator to enter the danger zone frequently.

Protective device

When it is impossible to apply guards, sensitive protective devices are used to reduce risk. There are several types of these devices. Optoelectronic protective devices (light curtains, scanning devices like laser scanners) and pressure-sensitive devices (mats, trip bars, trip wires etc.) are often used.

Protective devices that do not create actual physical barriers perform their protective functions by means of generating a signal that stops a dangerous motion of a given machine element after having detected that a part of the operator’s body is too close to the danger zone. In this way, they ensure that a dangerous motion (e.g. that of press slide) will be stopped before the operator could potentially enter the danger zone. For this reason, guards of this type can be used only in machines in which the structure allows for automatic stop of a dangerous motion within a short time frame, sufficient to perform this automatic stop. Besides only stopping, the devices also perform the function of interlocking the dangerous motion of a machine element when the presence of a human has been detected within the protected zone.

When implementing protective devices, consideration should be given to:

  • size, characteristics and positioning of the detection zone,
  • reaction of the device to fault conditions,
  • possibility of circumvention, and
  • detection capability and its variation in time.

Sensitive protective equipment should be integrated into the machine’s operations and associated with the control system so that:

  • a command is given as soon as a person or part of a person is detected,
  • withdrawal of the person or part of a person detected does not, by itself, restart the hazardous machine function(s), and the control system maintains the command given by the sensitive protective equipment until a new command is given,
  • restarting the hazardous machine function(s) is a result of voluntary actuation by the operator of the control device placed outside the hazard zone where this zone can be observed by the operator,
  • the machine cannot operate during interruption of the detection function of the sensitive protective equipment, except during muting phases, and
  • the position and the shape of the detection field prevents, possibly together with fixed guards, a person or part of a person from entering or being present in the hazard zone without being detected.

Functional safety of machinery control system

If failure of a control function performed by a control system can result in an immediate increase in risk, then this function is named a “safety function”. Generally, safety functions can be implemented for the reduction of risk associated with the following three groups of hazards:

  • improper machine operation;
  • failure of technological processes caused by a substantial change or deviation in physical parameters from standard values due to unexpected events;
  • mechanical hazards.

The following safety functions are most common:

  • safety-related stop function initiated by a safeguard;
  • manual reset function;
  • start/restart function;
  • local control function;
  • muting function;
  • monitoring of parameterisation of safety-related input values;
  • response time;
  • monitoring of safety-related parameters such as speed, temperature or pressure;
  • reaction to fluctuations, loss and restoration of power sources.

Fault of these functions can increase risk. Therefore designers of the safety related control systems should apply structures that improve their resistance to fault. Control system resistance to fault can be improved through reduction of the probability of fault appearance, or by taking steps to ensure that a possible fault would not be a dangerous one. Improvements can be achieved by applying good practice tools and principles (examples can be found in standard ISO 13849-2:2003 Safety of machinery – safety-related parts of control systems – part 2: Validation[3]), and by including additional safety systems that detect faults.

Basic rules for improving control system resistance to fault were formulated in standard EN 954-1:1995 “Safety of machinery. Safety-related parts of control systems – Part 1: General principles for design"[4], where, depending on their behaviour under fault conditions, devices were classified into 5 categories.

ISO 13849-1:2006 standard was developed, which included expert knowledge gained when designing programmable machine controllers[5]. In this standard, system categories, depending on their resistance to faults, remained the same as those defined in EN 954-1:1995. Additionally, a specified architecture is designated for each category. Each system is characterized by the following parameters: Mean time to failure (MTTF), Diagnostic coverage (DC) and Common cause failure factor (CCF). The 5 performance levels (PL) represent the system resistance to faults.

Standard EN 62061:2005 “Safety of machinery - functional safety of safety-related electrical, electronic and programmable electronic control systems”, adapting to the functional safety methodology formulated in IEC 61508:2001 “Functional safety of electrical/ electronic/ programmable electronic safety-related systems”[6] should be applied to machine control systems. In EN 62061:2005 standard, safety related systems are classified into 3 safety integrity levels (SILs). For the time being, all three standards (EN 954-1, ISO 13849-1, IEC 62061) are harmonised under Machinery Directive 2006/42/EC[7], however the presumptive conformity date of EN 954-1:1995 cessation is 31.12.2011.

Complementary protective measures

Protective measures not covered by the categories of inherently safe design, safeguarding (implementation of guards and/or protective devices) and information for use, may still have to be implemented as required by the intended use and reasonably foreseeable misuse of the machine. Such measures include, but are not limited to:

  • components and elements to achieve emergency stop function;
  • measures for escape and rescue of trapped persons;
  • measures for isolation and energy dissipation;
  • provisions for easy and safe handling of machines and their heavy component parts;
  • measures for safe access to machinery.

Information for use

When risks persist despite the adoption of measures for inherent safe design, safeguarding and complementary protection, the user should be informed about residual risk.

Depending on the risk and the point at which information is required for the user and the machine design, it shall be decided whether the information – or parts thereof – are to be given:

  • on the machine itself,
  • in accompanying documents,
  • on the packaging,
  • by other means, such as signals and warnings outside the machine.

Information and warnings on machinery should preferably be provided in the form of readily understandable symbols or pictograms. Warning signals must be unambiguous and easily perceived. The operator must have facilities to check the operation of the warning devices all the time.

Visual signals, such as flashing lights and audible signals such as sirens may be used to warn of an impending hazardous event, such as machine start-up or over-speed. Such signals may also be used to warn the operator before the triggering of automatic protective measures. Machinery shall bear all the necessary markings:

  • for unambiguous identification,
  • in order to indicate compliance with mandatory requirements,
  • for safe use.

The instruction handbook or other written instructions shall contain all information necessary for safe commissioning, operating, adjusting and maintenance of the machine.

Implementation of safety measures by the user of machinery and work equipment

Based on the information for use provided by the designer, the machine user should implement safety measures for reducing residual risk that remains despite inherent safe design measures, safeguarding and complementary protective measures adopted.

User obligations for additional safeguards, personal protective equipment, work organisation and training were formulated in Directive 2009/104/EC[8]. The main obligation consists in taking measures necessary to ensure that the work equipment is suitable for the work to be carried out. If necessary, work equipment should be properly adapted to the work in such a way that workers can use it without impairment to their safety or health.

Additional safeguarding

The employer should ensure that work equipment is installed, located and used in a way ensuring that the risks to the operators and other workers have been reduced. In particular, sufficient space between moving parts of work equipment and fixed or moving parts should be allowed. Very often, the application of additional safeguarding is necessary, which might result from a particular location or way of machine installation. In such a case, the application of fixed guards should be considered first. However, if for technological reasons access to danger zones is required, movable guards or protective devices should be applied. The same rules as those formulated for the machinery manufacturer apply when installing additional safeguards.

Use of personal protective equipment

Technical safety measures comprise personal protective equipment (PPE). These are devices or equipment designed to be carried or held by a worker to protect him/her against single or multiple risks that may affect his/her health or safety at work. Personal protective equipment also comprises:

  • a unit constituted by several devices or appliances which have been integrally combined by the manufacturer for the protection of an individual against one or more potentially simultaneous risks; (e.g. a helmet coupled with a visor and/or hearing protection),
  • a protective device or appliance combined, separably or inseparably, with personal non-protective equipment worn or held by an individual for the execution of a specific activity (e.g. clothing or knee protectors included in trousers used for performing work whilst kneeling),
  • interchangeable PPE components essential for satisfactory functioning and used exclusively for such equipment.

Work organization and procedures

Proper work organisation is of crucial importance in ensuring safe operation of the work equipment. All operations should be performed according to established safe working procedures. When the use of work equipment is likely to involve a specific risk to the safety or health of workers, the employer should take necessary measures to ensure that the use of work equipment is restricted solely to persons given the task of using it. In the case of high risk (e.g. high voltage), work should be performed by at least two persons. Written permission for conducting such work should be issued. In the case of repairs, modifications, maintenance or servicing, specifically designated workers should carry out such works. .


The machinery user should ensure that workers given the task of using work equipment receive adequate training, including training on any risks that its use may entail. It is especially important in the case of workers carrying out repairs, modifications, and maintenance or servicing tasks.

Inspection of work equipment

Long-term results of using a machine usually consist in constant degradation of its sub-assemblies, due to both material deterioration and mechanical wear. The aforementioned phenomena, if not investigated in a proper way, may cause machine failure. If safety-related elements fail, accidents may happen. Therefore, work equipment should be periodically inspected. The frequency and scope of the inspection should be determined based on the manufacturer’s information enclosed in the “Information for use”. One should also consider the intensity of machine exploitation and the risk level arising in operation of the machine. In individual cases of machines with high-risk levels, the frequency of inspection is specified in Directive 2009/104/EC which specifies the following types of inspection:[8]

  • initial inspection (after installation and before first being put into service) and an inspection after assembly at a new site or in a new location
  • periodic inspections and, where appropriate, testing within the means of national laws and/or practices
  • special inspections each time exceptional circumstances that are liable to jeopardise the safety of the work equipment have occurred, such as work modification, accidents, natural phenomena or prolonged periods of inactivity.

The main goal of those inspections consists in ensuring that health and safety conditions are maintained and that deterioration liable to result in dangerous situations can be detected and remedied in good time.


Using machinery and work equipment exposes workers to multiple risks. Ensuring machine operator safety requires application of safety measures as effective as possible. Technological development allows for designing more and more effective protective devices. The role of control systems as applied to risk reduction becomes more and more significant. Both manufacturers and users of the machine should apply the aforementioned measures. The only way to reduce accident rates in machine operations is through proper application of technical safety means by the machine manufacturer and proper monitoring of them by the user, combined with adequate organisational procedures.


  1. ISO 12100:2010 Safety of machinery — General principles for design — Risk assessment and risk reduction
  2. Directive 2006/42/EC of the European Parliament and of the Council of 17 May 2006 on machinery, and amending Directive 95/16/EC (recast). OJ L 157, 9.6.2006 p. 24.
  3. ISO 13849-2:2003 Safety of machinery - safety-related parts of control systems - part 2: Validation
  4. EN 954-1:1995 Safety of machinery - safety-related parts of control systems - part 1: General principles for design.
  5. ISO 13849-1:2006 Safety of machinery - safety-related parts of control systems - part 1: General principles for design.
  6. IEC 62061:2005 Safety of machinery - Functional safety of safety-related electrical, electronic and programmable electronic control systems
  7. Commission communication in the framework of the implementation of the Directive 2006/42/EC of the European Parliament and of the Council of 17 May 2006 on machinery, and amending Directive 95/16/EC (recast) (Text with EEA relevance) (Publication of titles and references of harmonised standards under the directive) OJ C 110 8.4.2011 p. 1.
  8. 8.0 8.1 Directive 2009/104/EC of the European Parliament and of the Council of 16 September 2009 concerning the minimum safety and health requirements for the use of work equipment by workers at work (second individual Directive within the meaning of Article 16(1) of Directive 89/391/EEC) OJ L 260, 3.10.2009 p. 5.

Links for further reading

EC – European Commission – Directorate-General for Employment, Social Affairs and Equal Opportunities, Causes and circumstances of accidents at work in the EU, 2008. Available at:

EU-OSHA – European Agency for Safety and Health at Work. Maintenance. Available at:

EU-OSHA – European Agency for Safety and Health at Work – European Risk Observatory, The human machine interface as an emerging risk. Available at: