This blog is part of a series covering robotics topics for 2022. This month I continue with the topic of human presence detection. There are in fact, not one, but at least two and possibly three series of standards covering human presence detection. Today I will cover the newest one.
In machine safety there are two sets of standards for human presence detection. The older IEC 61496 series, which I covered last month, see here, and the newer IEC 62998 series. Both series are being worked on by standards committees in 2022. Both series are developed by IEC TC 44. These standards are designed to augment general purpose functional safety standards such as IEC 61508, ISO 13849 and IEC 62061 with extra information related to the specific sensing function and the impact of environmental conditions on that sensing. If these standards did not exist, it would be very difficult for everyone to agree what were the requirements for such products. With the standards there are a minimum set of requirements that all sensors must achieve to claim compliance with the standards. It's much easier to say – complies with IEC 61496 – that to write out 100 different requirements.
Figure 1 - Machinery human presence sensing standards front pages
IEC 61496 offers good guidance for several sensor types but what if you want to develop a sensor that is outside the scope of IEC 61496, for instance
- You want the scope to include outdoors (Sick outdoorScan3 laser scanner uses IEC 62998)
- You want to use the principle of diffuse reflection but your light source has a wavelength > 950nm (automotive generally appears to use much longer wavelengths and I don’t know why mobots wouldn’t want to use similar) – IEC 62998 covers the range 400nm to 1500nm
- You want to use a technology not covered by the IEC 61496 series such as capacitive, ultrasonic and for now at least radar (see for instance Inxpect radar sensors)
The IEC 62998 series offers such a path. The standard comes in three parts:
IEC TS 62998-1 – is the based standard and was released in 2019
IEC TR 62998-2 – covers the application of the sensors developed according to part 1 and was released in 2020
IEC TS 62998-3 – is still in development and covers sensor technologies and algorithms
Note – a TS (technical specification) is similar to a full standard but requires only 66% majority voting as opposed to 75% for a full standard and is often used for new technology where full consensus may be difficult to achieve. A TR (technical report) is never normative and is used to give example data, test approaches, case studies etc. but without any requirements.
You might want to use IEC 62998 for other reasons
- It doesn’t mandate any minimum level of hardware redundancy with no equivalent of the types from IEC 61496 which mirror the categories from ISO 13849
- It offers guidance on the required coefficient of diffuse reflection when doing whole body detection. IEC 61496-3 originally written for laser scanners assumes detection on one plane and requires a 1.8% coefficient of diffuse reflection
- It gives guidance on the use of AI in safety systems
- It gives guidance on sensor fusion
- It offers guidance on sensors mounted on moving platforms (outside the scope of IEC 61496)
Given Analog Devices announcement on 3D TOF both of IEC 61496 and IEC 62998 are relevant to me at the moment.
So, let’s get into some details.
The IEC 62998 series allows the use any of ISO 13849, IEC 62061, IEC 61508 for risk reduction but points out that these on their own do not offer sufficient guidance.
Figure 2 - An excerpt from IEC 62998 explaining why typical FS standards are not sufficient
As an example of why the typical functional safety standards are not sufficient – they give no guidance on test objects to use and their coefficients of diffuse reflection if using 3D TOF.
Reading the above makes me wonder how automotive manages with just ISO 26262 for guidance? After all, automotive also has requirements for object detection. Perhaps this is part of the reason that automotive needs SOTIF.
Getting back to the details of IEC 62998. IEC uses the terms SRS performance class or SRSS performance class instead of a SIL or PL to indicate the level of safety required or claimed.
SRS – safety related sensor
SRSS – safety related sensor system
The standard offers a table to show which SRS/SRSS is suitable for use in safety functions according to the most relevant machine safety standards.
Figure 3 - Correspondence between SIL or PL and SRS/SRSS performance classes
Reading the above chart, you see that if you need a PL d level of risk reduction you need an SRS with performance class D.
This performance class then comes with various requirements including
- Table 3 gives “maximum accumulated duration of failure to danger per year due to environmental interference” with a value of 5 minutes for an SRS performance class D. That is an availability of 1-9.5e-6 of 0.99999. While it looks like a failure rate it is just a number rather than a rate and I don’t know how to justify it vs the maximum allowed failure rate for a SIL 2/PL d safety function of 1e-5/h.
- For 3D TOF part 3 gives the required coefficient of diffusion for whole body detection varying from 10% to 90% for SRS/SRSS performance class A to 6% for D (for excitation frequencies in the range 780nm to 1100nm).
Other requirements such as a tolerance zone width of 5 sigma, where sigma, represents the measurement noise are common to all SRS/SRSS performance classes.
Sensor fusion is also covered within IEC 62998, with sensor fusion defined as “the act or process of combining or associating data or information regarding one or more entities considered in an explicit or implicit knowledge framework to improve one’s capability (or provide a new capability) for detection, identification, or characterisation of that entity”. An example given in the sensor is the combination of Radar and Lidar sensors. When sensor fusion is used then table 5 shows it is possible to increase the SRRS performance class by one level. The idea is similar to synthesis of elements from IEC 61508-2:2010.
Sensors mentioned in IEC 62998 include ultrasound, wireless local area network, wireless personal area network, radar, passive infrared, thermography camera, infrared gas detector along with the usual lidar, stereoscopic and 3D TOF cameras.
Interestingly it contains information on heights and other aspects of children implying that IEC 62998 can be used in non-industrial environments.
There are several aspects of IEC 62998 I still don’t fully understand and why it requires delivery of confidence information is one of them. Does this mean that the IEC 61496 series is wrong not to give such information? It also implies that the output of a sensor according to IEC 62998 is not simply an OSSD (output signal switching device which can only signal on or off).
Figure 4 - Aside from what is required by the IEC 62998 series let’s look at what is not required by IEC 62998.
IEC 62998-1 has no requirement for HFT=1 or CAT 3 if developing a SIL 2 or PL d safety function. This is useful for sensors based on complex electronics which have high reliability and can achieve high diagnostic coverage figures with a low diagnostic test interval. For some sensor types redundancy may be required due to using lower reliability mechanical components or having poor diagnostic coverage but for other technologies which can higher reliability electronic components with no mechanical parts being able to avoid redundancy will keep the cost down.
While IEC 62998 is new its acceptance is growing and below is one such example from the new industrial mobile robot standard.
Figure 5 - Excerpt from Industrial mobile robots standard ANSI R15.08-1:2020
The newly revised (hopefully released early 2023) ISO 10218 robot safety standard now also includes references to IEC 62998.
Even if you do plan to use IEC 62998 as your development standard for 3D TOF you cannot completely ignore IEC 61496 as the type test requirements from that standard are still good if developing some such as a 3D TOF camera e.g., requirements for testing with black, white, and retroreflective test objects. It would be hard to justify not implementing these requirements even if not mentioned in IEC 62998.
Figure 6 - Excerpt from the scope of IEC 62998
This was the 80th blog in this series of industrial functional safety blogs. For other blogs in this series, see here.
For a complete front end for a CMOS 3D TOF implementation see here.
Note – for completeness – IEC 60947-5-3 – “Control circuit devices and switching elements – Requirements for proximity devices with well-defined behaviour under fault conditions (PDDB)” covers things like capacitive, inductive, and ultrasonic proximity switches. UL 639 covers intruder detection systems.