E-Stop
E-Stop is a supplementary protective measure and in no way substitutes a constructive modification to the machine or the implementation of additional protective measures aimed at risk reduction. The purpose of the E-Stop function is to prevent emergency situations that arise due to the behavior of persons or unexpected hazards.
"E-Stop" describes the safe stopping of dangerous movements, whereas "E-Off" refers to the safe shutdown of an energy flow. An E-Stop does not therefore necessarily mean that the energy supply, e.g. the supply voltage of an electrical drive, is also switched off. E-Stop can also be implemented purely at a control technology level so that the electrical voltage can continue to be applied to the drive control system, but a movement has been safely brought to a standstill. "E-Off" shuts down the energy flow safely, but does not necessarily lead to a safe stop. For example, gravity can still cause unbraked vertical axes to drop down even if the compressed air supply has been safely shut down.
As the E-Stop function has to be triggered manually by a person, according to ISO 12100 it must be classified as an organizational and technical measure with correspondingly low priority below technical protective measures and constructive changes. The E-Stop function
- must be available at all times in all life phases, operating modes and uses of the machine,
- must take effect as quickly as possible, but without creating additional dangers,
- must have a risk-reducing effect,
- must, from a control technology viewpoint, have priority over all other control functions of a machine,
- must not impair other safety functions – also in adjacent machines,
- must be unlocked and reset by the deliberate action of a person, whereby this action alone must not immediately start a dangerous movement,
- must include the entire machine, unless this would cause hazards,
- must be designed such that a person recognizes the E-Stop devices as such without thinking and can operate them easily at all times; to ensure this, the actuator must be red and its background must be yellow
- should not be labeled with text, but where necessary with the E-Stop symbol.
An E-Stop device is unnecessary only in cases where it does not contribute to risk reduction, e.g. on hand-guided power tools.
Notes on the correct design of E-Stop and E-Off devices can be found in
- DIN EN ISO 13850:2016, "Safety of machinery – Emergency stop function – Principles for design"
- DIN EN 60204-1:2019, "Safety of machinery – Electrical equipment of machines – Part 1: General requirements"
- Machinery directive 2006/42/EC; 1.2.4.3
The following stop categories are intended for the E-Stop function:
- Stop category 0: Stopping through immediate interruption of the energy supply
- Stop category 1: Controlled stopping while retaining the energy supply until standstill, then interruption of the energy supply
Furthermore, DIN EN 60204-1:2019 requires the following as a control function in addition to the E-Stop:
- Stop category 2: Controlled standstill with permanent retention of the energy supply
The machine may not be started until all E-Stop devices assigned to the machine are unlocked and acknowledged.
The E-Stop function should achieve at least safety performance level PL c. A 1-channel connection of the E-Stop devices may be sufficient for this purpose. Electrical series connection of multiple E-Stop devices is allowed. Electrical E-Stop devices must be designed to be positive opening with interlock.
The actuator of an E-Stop device should be installed at a height between 0.6 m and 1.7 m above the access level. Actuation may not be hindered by simple means (e.g. protective collar). Neither the actuator nor its background should be labeled with text or a symbol.
An E-Stop button must be provided at every operating station. In larger machine systems, additional E-Stop operating devices are required along guards that are located at a maximum distance from each other. Alternatively, pull-cord switches can also be used to enable fast triggering of an E-Stop command. Whereas DIN EN ISO 13850:2016 does not contain any precise specifications regarding the distance of the E-Stop buttons relative to each other, EN 415-10:2014 (packaging machines) stipulates that a person must not need to walk further than 5 m to reach the nearest E-Stop command device and therefore that E-Stop buttons should be no more than 10 m apart. In the case of straight conveyor lines of over 80 m in length, prEN 619:2018 (continuous conveyors) states that the distance can be increased to up to 40 m (max. 20 m distance from the location of a person).
Additional requirements regarding wireless and portable E-Stop devices can be found in the above-mentioned standards.
The sphere of action of an E-Stop command device should, where appropriate, go beyond the individual machine and include e.g. the entire area visible from the position of the E-Stop command device. The spheres of action of various E-Stop command devices can overlap. If an E-Stop command device acts only on a limited area, this must be indicated accordingly. Unfortunately, ISO 13850:2016 does not clearly define how this marking should look.
To distribute the E-Stop beyond an individual machine, each machine control must be able to pass its E-Stop signal to a higher-level E-Stop central control and receive an E-Stop signal from this central control. The higher-level E-Stop central control assigns one or more of its incoming E-Stop signals to each machine control. For this purpose, each machine control requires the following in the case of conventional wiring:
- an additional 2-channel safety-related switching output that ANDs all E-Stop buttons of the machine ⟹ Signal switches to 0 if one of the E-Stop buttons has been actuated,
- an additional 2-channel safety input that integrates the switching signal from the higher-level E-Stop distribution into its own machine control
or exchange via safety bus.