ISO 13849 is probably already on your radar if you work with machinery. But knowing what the standard is and actually applying it correctly are two very different things. This article explains ISO 13849 in practical terms, using step‑by‑step guidance based on real‑world application. It is written for engineers, safety professionals, and machine builders who are actively trying to apply the standard.
Many engineers and machine builders understand the theory. The challenge comes when you have to identify hazards, define safety functions, assign a performance level, and then prove on paper that the system really meets the requirement.
ISO 13849 provides a structured framework for assessing and managing the risks associated with machinery operation.
Understanding the standard is not the same as successfully applying it; practical implementation can be challenging for engineers and machine builders.
Key steps include identifying hazards, defining safety functions, assigning performance levels, and documenting compliance.
The standard is relevant for anyone involved in machinery design, engineering, or safety management.
Applying ISO 13849 in practice requires translating theoretical knowledge into real-world solutions and evidence.
The process supports the goal of making machinery safer by reducing or eliminating the risk of harm.
ISO 13849 is a safety standard that defines requirements for designing and validating safety-related control systems in machinery to ensure systems reduce risk to acceptable levels by assigning Performance Levels (PL a–e) based on reliability, structure, and fault detection capability.
Manufacturers use ISO 13849 to design and assess the safety‑related parts of control systems (SRP/CS) for machinery.
ISO 13849 applies to all technologies and determines the reliability of safety functions through performance levels (PL) from PL a (lowest) to PL e (highest).
In simple terms, it answers one core question:
Can this control system reliably perform its safety function when it is needed?
ISO 13849 focuses on:
It applies to electrical, electronic, programmable electronic, pneumatic, hydraulic, and mechanical safety functions used in machinery.
Functional safety exists because accidents continue to occur, often due to failures in safety-related parts of control systems. The aim is to ensure that these systems operate correctly in response to hazardous situations.
A machine is considered safe only when it’s free from unacceptable risk. In functional safety terms, this means that machinery or equipment operates in a way that minimizes or eliminates the risk of harm to people, property, or the environment, even in the event of a malfunction.
Risk is defined as the combination of the severity of harm and the probability of occurrence. Understanding and managing this relationship is fundamental to ISO 13849.
ISO 13849 provides a structured way to:
In many regions, ISO 13849 is also treated as state of the art. Even where it is not legally mandated, it is often the benchmark used after an incident to judge whether reasonable safety measures were taken.
ISO 13849 provides a structured method for determining the required performance level of a safety function. This approach, described in Annex A of the standard, assumes a worst-case probability of occurrence unless justified otherwise.
Risk acceptability depends heavily on exposure and frequency. For example, a low-frequency activity such as hiking carries a higher level of risk acceptability than high-exposure activities like daily road traffic.
The goal of risk reduction is to move from an intolerable risk to an acceptable one. This is achieved through a combination of:
Different design approaches may distribute risk reduction differently between protective measures and safety functions, but the end goal remains the same: acceptable residual risk.
The ALARP principle (As Low As Reasonably Practicable), referenced in IEC 61508, is commonly applied to guide these decisions.
Functional safety is often seen as a legal-like expectation and not just best practice, largely because it represents the "state of the art". In Europe, machinery directives function as law and reference harmonized standards such as ISO 13849 as a recognized means of demonstrating compliance with directives.
In North America, organisations such as OSHA and the Canadian authorities may not mandate specific standards, but they expect employers to mitigate recognized hazards using industry-accepted, state-of-the-art methods. Following established functional safety standards is one of the most defensible ways to demonstrate due diligence.
ISO 13849 fits within a broader hierarchy of safety standards:
A robust compliance strategy starts with risk assessment, applies appropriate Type B standards, and incorporates Type C standards where applicable.
ISO 13849 hazard identification identifies all potential sources of harm in a machine by analyzing tasks, operating modes, and interaction points. It defines hazards such as mechanical, electrical, thermal, and control failures, which form the basis for risk assessment and Performance Level required (PLr) determination.
ISO 13849 hazard identification starts with a proper risk assessment, typically aligned with ISO 12100 to facilitate the process of identifying risks associated with machine control systems, with the aim of determining the required performance level (PLr) for safety functions.
Hazard identification process helps identifiyidentify all potential sources of harm in a machine by analyzing tasks, operating modes, and interaction points. It defines hazards such as mechanical, electrical, thermal, and control failures, which form the basis for risk assessment and Performance Level required (PLr) determination.
The goal is not to jump straight to safety components. Instead, you must first understand:
Key points often missed:
A safety function that is not linked to a real hazard is usually over‑engineered, or worse, under‑engineered.
A safety function is an action that reduces risk by moving the machine to a safe state when a hazardous condition occurs.
Examples include:
A safety function is only meaningful if:
ISO 13849 performance level required (PLr) is calculated using a risk graph that evaluates severity (S1–S2), frequency/exposure (F1–F2), and possibility of avoidance (P1–P2). Combine these three parameters to assign a PLr from a (lowest) to e (highest) based on risk reduction needed.
Important practical point:
ISO 13849 generally assumes a worst‑case probability of occurrence unless you can clearly justify otherwise. Any reduction must be documented and defensible.
ISO 13849 performance level explained (PL a to PL e)
Once PLr is defined, the next step is to check whether the actual system achieves it.
The achieved performance level depends on four parameters:
ISO 13849 categories define the structural reliability of safety-related control systems from Category B to Category 4. Category B and 1 rely on basic safety principles, Category 2 adds periodic testing, and Categories 3–4 ensure fault tolerance with redundancy and continuous fault detection.
MTTFd (Mean Time to Dangerous Failure) measures the average time, in years, until a safety-related component fails in a dangerous way. ISO 13849 uses MTTFd values to quantify reliability, with typical ranges defined as low (3–10 years), medium (10–30 years), and high (30–100 years).
Diagnostic Coverage (DC) is the ratio of the rate of detected dangerous failures to the total rate of dangerous failures, as a percentage.
Common Cause Failure (CCF) in ISO 13849 is the simultaneous failure of different items in a safety-related control system due to a single event, where these failures are not consequences of each other.
All four must be evaluated together. A strong architecture alone does not guarantee a high performance level.
In practice, the process looks like this:
Some of the most common causes of non‑compliance are missing out steps, or treating documentation as an afterthought.
The main difference between ISO 13849 and IEC 62061 is their approach to machine safety design. ISO 13849 uses performance levels (PL a–e) with simpler calculations suited for mechanical systems. IEC 62061 uses safety integrity levels (SIL 1–3) with probabilistic analysis suited for complex electrical systems.
Both standards address functional safety, but they are used differently.
In real projects, the two are often used together especially when software plays a major role. ISO 13849 alone has limitations when dealing with complex software behavior.
Many teams understand the concepts but struggle with:
This is usually where confidence drops. Not because the standard is unclear but because applying it consistently requires experience, structure, and discipline.
After reading our guide to ISO 13849, you’ll understand that ISO 13849 is a framework connecting risk, design, verification, validation, and documentation.
If you are responsible for machinery safety, understanding the standard is essential. But you also need to know how to apply it correctly across real machines, real hazards, and real constraints. This is where your level of expertise really matters if you’re going to ensure that these systems operate correctly in response to hazardous situations.
That gap between understanding and execution is where structured training and expert support become valuable.
Bridging the gap between understanding ISO 13849 and successfully implementing it in real-world scenarios is a challenge that many teams face. Consistently applying the standard to practical situations requires structured training and expert guidance.
Our instructor-led training gives you the chance to gain the competence and confidence you need to successfully tackle safety requirements. You could also become certified in Functional Safety with our Functional Safety Certification Program (FSCP).
Our courses include:
Explore all our functional safety training courses or watch our ISO 13849 Made Practical: Hazard Identification & Risk Reduction webinar on-demand.
TÜV SÜD offers a wide range of services to support you throughout the design, construction and installation of your equipment. Choose us as your trusted functional safety partner to work alongside your design and engineering teams.
Learn how our functional safety services and machinery safety services can support your business.
Site Selector
Global
Americas
Asia
Europe
Middle East and Africa
