Functional Safety for Mobots

Functional Safety for Mobots

Robots, cobots, and, I am not going the way of the Wizard of Oz, but I am here to chat about mobots in particular.  Matching the words for robots and cobots (collaborative robots), I have heard the term mobots (mobile robots) used to include all of the terms below, and I like it.  

  • AGC – automated guided cart
  • AGV – automated guided vehicle
  • AIV – autonomous intelligent vehicle
  • AIV – automated indoor vehicle
  • AMP – automated mobile platform
  • AMR – autonomous mobile robot
  • Driverless industrial trucks
  • IMR – industrial mobile robots
  • Mobile servant robot – a personal care robot that is capable of traveling
  • SGV – self-guided vehicle
  • Smart carts

I’m not sure what you would call some of the robots from Boston Dynamics, and some others are in a class of their own.

The general terms related to mobile robots are included for a clear understanding. 

Figure 1 some relevant definitions from ISO 19649

The two most relevant terms for me are AGV (automated guided vehicle) and IMR (industrial mobile robots).  An AGV is not autonomous because it follows a pre-set path marked on the floor using magnetic tape or similar.  IMRs, however, are typically smart enough to find their way around.  They can change directions to avoid unexpected obstacles and often build up maps of their environment as they drive around a factory floor or warehouse.  If an AGV can do the job, they are often cheaper and easier to maintain than an IMR and shouldn’t be dismissed in favour of their more capable cousins.  Especially when outdoors, a track buried in the ground can be far more robust than other systems.

Relevant standards for mobile robots include:

  • ISO 3691-4, which defines industrial trucks
  • ANSI R15.08, which defines IMR
  • ISO 13849 since mobots are still machines
  • IEC 61496 for human presence detection
  • IEC 62998 for other means of detection
  • ISO 19649 for the mobile robot vocabulary
  • ANSI/CAN/UL 3100 – standard for safety – automated mobile platforms
  • ISO 10218 for the manipulator mounted on an IMR base
  • ISO 13482 – robots and robotic devices – safety requirements for personal care robots

Some of these standards give guidance for indoor use, and others cover both indoor and outdoor use.

Typical industrial type use cases for such robots include:

  • Carrying raw materials around a factory floor
  • Replacing conveyor belts
  • Order fulfillment in warehouses
  • Truck unpacking
  • Last-mile delivery

But I keep seeing new applications, including mobots driving around a parking lot, charging cars, inspecting chicken sheds, and picking crops.  Some mobots are designed to follow a person, and the basis for other future robots is the Hyundai MobED.

So, where to start.

IMRs, according to ANSI R15.08, come in 3 types.

  • Type A – just the moving robot base
  • Type B – a mobile robot with passive or impassive attachments but not an entire manipulator (robot arm)
  • Type C – a mobile robot with a manipulator

The chart from the standard to assist in the classification is shown below.


Figure 2 – determination of robot type from ANSI R15.08

My understanding of the chart is that the robot below from Boston Dynamics is an example of the most interesting type C, IMR.  It can move itself into the back of a truck and then use its manipulator to start unloading the truck.  I do note all the boxes have the same dimensions, and sometimes it can be hard to beat a human worker.

Figure 3 - Boston Dynamics stretch as an example of a type C IMR - note the perception tower

Following the IMR standard, the manipulator should meet an industrial robot’s requirements from ISO 10218-1.  My previous blogs on SSM and PFL may be helpful references.

Most robot standards use ISO 13849-1 as their main reference for functional safety requirements, but some also defer to IEC 62061 or IEC 61508.  Typically, the maximum functional safety requirement is for PL d, which corresponds to SIL 2.

As regular readers of these blogs will know, I’m not too fond of mandatory architecture requirements.  So some good news is that neither ISO 3691-4 nor ANSI R15.08 requires a category with the default safety function given as PL d with no category requirement.  The risk assessment will often show a requirement for PL d in the forward-moving direction but only PL c in the reverse direction, where it moves far more slowly.  Similarly, when it can turn sideways, that is often a slow procedure, and PL c is sufficient there also – less of an impact if it does collide at the lower speed and more of a chance for someone to get out of its way.

ISO 3691-4 table 1 gives an interesting list of safety functions and an associated minimum PL according to ISO 13849.  An extract from the table is shown below.

Figure 4 - extract of table 1 from ISO 3691-4

Many of today’s mobots appear modular in nature.  The picture below shows the internals of one common mobile robot, which we have looked at in our Catalyst centre here in Limerick.  I hope we can get this mobot back together again now that we have the picture.


Figure 5 - internals of one common mobile robot

Such mobots often rely on laser scanners for navigation and defer to IEC 61496, with some of the more recent standards also allowing the IEC 62998 series.  Typically, two laser scanners are mounted on opposite corners of the mobot.  Often these feature a clever cut-out in the casing so that the laser scanners, in combination, can scan over the full 360 degrees.

Figure 6 - picture taken in ADI Limericks Catalyst innovation centre showing the cut-out so that the laser scanner can see around corners


Figure 7 - Graphic showing how two laser scanners can cover the full 360 degrees around a mobot

Typically, these laser scanners scan in-plane very close to the ground, e.g., <200mm above the ground, which is great to detect somebody lying on the ground but not so great to detect over-hanging objects and cliff edges (for the importance of cliff edge detection see this video) such as the top of stairs or the edge of a loading dock.  Therefore, augmenting the laser scanners with something like a 3D camera is a popular solution as 3D cameras can see the floor and overhanging equipment and use whole body detection rather than just one part of an object or person (at 200mm from the floor).  Often the 3D cameras are not safety rated because their main use is navigation and collision avoidance which are not typically safety functions with the laser scanners still ensuring safety.  Laser scanners currently make up a large part of the cost of some mobots.  If 3D cameras could implement both the safety and navigation functions, they could significantly save costs.

I will cover the certification of 3D TOF cameras in a future blog within this series, hopefully in August 2022.  While I said that collision avoidance is not safety-rated, robot-on-robot collisions can have consequences, as illustrated here.

Figure 8 - laser scanner badge from a mobile robot

How fast can these robots travel?  As with any robot, they must be able to stop before they collide with someone.  So, if it takes 300ms to detect a person and 700ms to stop, and your reliable sensor range is 4m, you could travel at up to 4m/s (4m/(700ms+300ms). In reality, there are other things to allow for, including that a person once detected might be walking towards you at up to 1.6m/s, leaving 2.4m/s for the mobile robot.  You need to allow for degradation of the braking with time with variations dependent on the use case.  ISO 3691-4 defines various operating zones and speed limits in the range of 0.3m/s to 1.2m/s, depending on the zones.  An operating zone is defined as a zone where humans may be present and a restricted zone for when no humans are allowed.  The user manuals for the mobile robots generally contain good information on these calculations.

Figure 9 - an example calculation for mobots

Recently I did a PFL blog covering cobots.  Well, mobots have a similar issue, and ANSI/CAN/UL 3100:2021 specifies that for AMPs using a bump or touch sensor, “The amp shall exert no more than a maximum of 100N (22.5 lbf) impact to a person.” ANSI B56.5 gives a slightly higher value of “134N applied parallel to the floor and opposing the direction of travel with respect to the bumper” and later “bumper activation shall cause a safety stop within the collapsible range of the bumper,” which suggests a mobot relying on bumpers could only move very slowly.

Figure 10 - bumpers and virtual bumpers from ISO 3691-4

Not discussed in today’s blog (and some people wonder why I don’t run out of topics)

  • Issues related to fleets of robots
  • Issues related to interoperability between mobots from different manufacturers
  • Use in public vs. industry – nobody trained, old, infirm, or the very young.
  • Speed limit issues – wheels skidding
  • Battery charging using automotive certified battery monitor ICs
  • Don’t block fire doors
  • Don’t block wheelchair ramps
  • Don’t enter a place with people if the separation from the wall is < 0.5m to allow humans to pass safely.
  • Communications – ANSI R15-08 calls out compliance to IEC 61508-2:2010 7.4.11
  • Whether some of ADI’s crash sensors/accelerometers would be useful for mobots
  • Sensor fusion
  • Relationship to autonomous cars
  • Drones vs. mobots

This blog is part of a series.  See here for the complete set of almost 80 blogs in the series.

The Analog Devices robotics page is available here, where you will find details of products to improve your robot designs.