What It Is
ISO 13849-1 is an international standard titled Safety of machinery — Safety-related parts of control systems — Part 1: General principles for design. It provides a framework for designing, evaluating, and validating safety-related control systems on machinery. The standard assigns one of five discrete Performance Levels (PL a through PL e) to each safety function, where each level corresponds to a quantified probability of dangerous failure per hour (PFHd).
Origin and Maintenance
ISO 13849 is developed and maintained by ISO Technical Committee 199 (ISO/TC 199), Working Group 8, which is responsible for safety of machinery standards. The standard replaced the earlier EN 954-1 (1996), which used a purely qualitative category-based approach. The first ISO edition appeared in 2006, followed by a major revision in 2015. The current fourth edition was published in 2023 and was harmonized under the EU Machinery Regulation when EN ISO 13849-1:2023 appeared in the Official Journal of the European Union in May 2024. The previous edition (2015) remains valid during a transition period that ends on 15 May 2027.
The Problem It Solves
When a machine poses a risk to operators, its control system must reduce that risk to a tolerable level. Before ISO 13849, designers had no unified method to quantify how reliably a safety function would perform over time. The standard solves this by linking a qualitative risk assessment to a quantitative reliability target, then providing the architecture rules and calculation methods to reach that target. This gives machine builders, integrators, and end users a shared technical language for specifying, verifying, and certifying safety functions.
Key Structure
Required Performance Level (PLr)
The process begins with a risk graph defined in Annex A. Three binary parameters determine the required PL:
- S (Severity of injury) — S1: slight, reversible injury; S2: serious, irreversible injury or death.
- F (Frequency and duration of exposure) — F1: rare-to-infrequent and short duration; F2: frequent-to-continuous and long duration.
- P (Possibility of avoidance) — P1: avoidance possible under specific conditions; P2: avoidance hardly possible.
The combination of S, F, and P yields a PLr between a (lowest demand) and e (highest demand).
Performance Levels and Failure Rates
| Performance Level | PFHd range (per hour) |
|---|---|
| PL a | ≥ 10-5 to < 10-4 |
| PL b | ≥ 3 × 10-6 to < 10-5 |
| PL c | ≥ 10-6 to < 3 × 10-6 |
| PL d | ≥ 10-7 to < 10-6 |
| PL e | ≥ 10-8 to < 10-7 |
Architectural Categories
The standard defines five designated architectures (Categories B, 1, 2, 3, 4) that constrain the achievable PL:
- Category B — Single-channel, basic components. Maximum achievable: PL b.
- Category 1 — Single-channel, well-tried components with high MTTFd. Maximum: PL c.
- Category 2 — Single-channel with periodic diagnostic testing (60% ≤ DCavg < 99%). Maximum: PL d.
- Category 3 — Redundant dual-channel with cross-monitoring. No single fault causes loss of the safety function. Maximum: PL e.
- Category 4 — Redundant dual-channel with high MTTFd, DCavg ≥ 99%, and fault accumulation managed. Maximum: PL e.
Design Parameters
The achieved PL is calculated from three quantitative parameters:
- MTTFd — Mean Time to Dangerous Failure of each channel.
- DCavg — Average Diagnostic Coverage across all safety-relevant components.
- CCF — Common Cause Failure score (minimum 65 points required for Categories 2, 3, and 4).
Current Version
The fourth edition, ISO 13849-1:2023, integrates content previously found in ISO 13849-2 (validation). It expands guidance on software safety, provides clearer rules for determining PL, and aligns terminology with the 2023 EU Machinery Regulation (2023/1230). The EN ISO 13849-1:2015 standard remains valid until 15 May 2027, after which only the 2023 edition will be harmonized.
Practical Implications for Manufacturers
Every machine placed on the EU market must have its safety functions assessed against a required PL. This affects component selection, wiring, software development, and validation testing. Achieving PL d or PL e — typical for applications involving robots, presses, or automated packaging lines — requires redundant architectures, diagnostic testing, and formal fault-exclusion arguments. Machine builders must document the PL calculation in their technical file; notified bodies and market surveillance authorities routinely request this documentation.
How TIAL Relates to ISO 13849
The TIAL Schema includes a dedicated safety compliance block that maps to ISO 13849. When an AI system proposes an industrial action that interacts with a machine's control system, the TIAL Schema records the safety context: which Performance Level applies, what AI involvement level is in effect (five levels from informational to autonomous), and whether the action falls within the declared safety envelope of the target adapter. Actions that would exceed the adapter's declared safety limits are blocked before they reach the physical system. This means ISO 13849 compliance is not merely documented after the fact — it is structurally enforced within the action format. For manufacturers integrating AI into safety-relevant production processes, TIAL provides the missing bridge between the AI decision layer and the safety-integrity requirements that ISO 13849 imposes on the control layer.