Industrial Robot Integration – How to Do It Right?

Industrial robot integration – how to do it right? Safety in robotic systems doesn’t end with purchasing the equipment. Proper integration with the production line is crucial to achieving full functionality while meeting stringent safety standards. The PN-EN ISO 10218-2 standard, a harmonized Type C standard, precisely outlines how to minimize risks associated with deploying industrial robots.

This article focuses on key integration elements: from risk analysis, system and control system design, to FAT and SAT procedures and system compliance validation. We will also delve into technical safety measures that must accompany every robot to ensure safe collaboration with humans and other machines.

Safe integration is not just about compliance with standards – it’s about real risk reduction and ensuring stable system operation.

Risk Analysis for Integrated Robotic Systems

Every process of industrial robot integration and automation system, including robotic workstations, must begin with risk analysis aimed at identifying all potential hazards associated with robot operation and implementing appropriate protective measures. The PN-EN ISO 10218-2 standard indicates that risk analysis is the foundation of safe integration and refers to the requirements of ISO 12100, which outlines general risk assessment principles.

Hazard Identification

The basis of risk analysis is identifying hazards resulting from:

• robot movements, both intentional and uncontrolled,
• human work near the robot (access to the danger zone),
• maintenance and service activities,
• robot collaboration with other machines and devices.

In an integrated system, special attention should be paid to:

• robot workspace – its physical limitation and the possibility of human intrusion,
• collision points – areas where entrapment, crushing, or impact may occur,
• control systems – risks arising from failures or communication errors.

Risk Assessment

Identified hazards should be assessed in terms of:

• probability of occurrence,
• consequences of an accident (from minor injuries to severe bodily harm or life-threatening situations),
• frequency of human exposure to a given hazard.

Based on the risk assessment results, priorities and technical and organizational measures are determined to minimize this risk.

Hazard Elimination and Risk Reduction

The PN-EN ISO 10218-2 standard emphasizes that risk reduction should follow the so-called hierarchy of protective measures:

1. Hazard elimination at the design stage (e.g., by appropriately limiting the robot’s workspace).
2. Technical protective measures, such as fixed guards, interlocked movable guards, or human presence detection systems.
3. Organizational measures – appropriate training, work procedures, and workspace signage.

Example: If risk analysis reveals the risk of operator entrapment by the robot during service intervention, one can:

• equip the system with presence sensors,
• use safety interlocks that prevent the robot from starting with an open guard,
• design restricted access zones.

Risk Analysis Documentation

All stages of risk analysis should be documented. Documentation must include:

• hazard identification,
• risk level assessment,
• description of applied protective measures,
• evidence of system compliance with safety requirements.

The final risk analysis becomes the basis for further design and industrial robot integration and forms an essential part of the technical documentation required by the Machinery Directive and the Machinery Regulation 2023/1230/EU.

Safe Design of Robotic Systems

Safe design of a system with an industrial robot is a stage that combines risk analysis results with practical technical solutions. The PN-EN ISO 10218-2 standard specifies requirements for control systems, access to the work area, and the use of protective measures. When designing a system, one must consider not only physical protection but also how operators will interact with it.

1. Division of Robot Work Areas

Design begins with defining the danger zone and access areas:

• Robot work area: The area where the robot’s arms and end tools move. It must be physically restricted using fixed or movable guards.
• Monitored area: An area where presence detection systems operate (e.g., scanners, light curtains).
• Safe area: A place outside the danger zone for operators to monitor robot operation or conduct interventions.

The standard requires that access to the robot work area is possible only when the danger has been eliminated, for example, by:

• powering down,
• interlocks with locking functions (according to ISO 14119),
• using technical detection measures.

2. Protective Measures

Protective measures are an integral part of a safe system. Their selection depends on the types of hazards identified in the risk analysis. The PN-EN ISO 10218-2 standard particularly emphasizes the importance of:

• Fixed guards – for areas where access is not required during normal operation.
• Interlocked movable guards – preventing the robot from starting when the guard is open.
• Presence detection systems – scanners, light curtains, or pressure-sensitive mats that stop the robot when a person is detected in the monitored area.

Important: When designing protective measures, remember that each has its limitations.

Example: Light curtains do not protect the area from ejected elements, so additional physical guards may be required.

3. Safe Access to the Robot

The standard thoroughly discusses issues related to robot access:

• Service access: Should be possible only when the power is off and under safe conditions.
• Intervention activities: Must be conducted using systems controlled by the integrator, such as circuit breakers with interlocks.
• Visibility: The operator should be able to monitor the robot’s operation from a safe distance, e.g., using control panels.

Technical Protective Measures for Robotic Systems

Technical protective measures are the foundation of a safe robotic workstation. Their selection depends on the results of the risk analysis, and PN-EN ISO 10218-2 outlines how to properly design and integrate them. This is not just a formality – any negligence can lead to serious accidents.

1. Guards and Interlocking Devices

Guards separate humans from the danger zone and can take various forms:

• Fixed guards – installed where access is only needed during service. Their removal requires tools.
• Interlocked movable guards – used where access to the robot is necessary during operation. Opening the guard automatically locks the robot’s operation.

For more demanding situations where stopping the robot takes too long, the standard recommends guards with interlocking. The interlocking mechanism prevents access to the work area until the danger is completely eliminated. This is especially important for robots with high inertia, where stopping time is extended.

Tip: Requirements for interlocking and locking devices are detailed in ISO 14119. This is one of the harmonized Type B standards essential for industrial automation integrators.

2. Presence Detection Systems

Where guards are insufficient, human presence detection systems are used. The most commonly used include:

• Light curtains – detect the interruption of a light beam and immediately stop the robot’s movement.
• Laser scanners – monitor the area around the robot, dynamically adjusting the protective area to the situation.
• Pressure mats – react to human presence when their foot steps on the mat’s surface.

Selection of detection system depends on the speed at which a person can approach the robot. Guidelines from the ISO 13855 standard are used for this purpose, which specifies the principles for calculating safety distances and conducting stopping distance tests.

3. Emergency Stop Function (E-Stop)

Every robotic workstation must provide an emergency stop function. The E-Stop button allows for immediate cessation of the robot’s operation in crisis situations, but – and this is very important – it is not a safety device.

• E-Stop operates reactively – it stops the operation but does not prevent hazards.
• It cannot be treated as the main protective measure.

The emergency stop function must comply with the ISO 13850 standard, which specifies design requirements and the placement of emergency buttons.

4. Limiting Robot Movement

To minimize risks associated with robot movement, the following are used:

• Software limiters – define the robot’s movement range in the control system.
• Mechanical limiters – physical barriers preventing the robot from exceeding the safe work area.

Appropriate limitation of robot movement is one of the basic ways to prevent situations where a person could find themselves within its range of action.

Technical protective measures should be well thought out and tailored to real hazards at the robotic workstation. Their effectiveness depends not only on the quality of execution but primarily on proper integration with control systems.

Integration of Industrial Robots: Control Systems

Integrating control systems at a robotic workstation is one of the most demanding stages of an integrator’s work. The control system must provide full control over the robot and collaborating machines while ensuring user safety. The PN-EN ISO 10218-2 standard emphasizes that control systems are responsible for eliminating risks arising from failures, operator errors, and uncontrolled movements.

1. Requirements for Control Systems

An integrated control system must meet functional and safety requirements in accordance with ISO 13849-1 and IEC 62061. Key aspects include:

• Reliability: The system must be resistant to single defects and software errors.
• Redundancy: In case of a component failure, safety functions must be maintained by redundant elements of the system.
• Error detection: The control system should automatically detect errors and transition to a safe state (e.g., stopping operation).

Example: If the system detects a failure of the robot’s position sensor, the control system must halt the robot’s operation and block further movement until the issue is resolved.

2. Integration with Other Devices

The robot rarely operates as a standalone device. In most cases, it collaborates with other machines, conveyors, or vision systems. Control system integration should:

• Ensure coordination of movements between the robot and other devices.
• Guarantee synchronization of safety functions, e.g., a common emergency stop for all devices.
• Eliminate risks arising from intersecting work zones of different machines.

Tip: A good practice is to use decentralized control systems that enable faster response to local hazards.

3. Communication and Diagnostics

Modern robotic workstations use advanced communication systems. Key importance is placed on:

• Secure data transmission: Transmitting control signals and robot status information must be done while maintaining functional safety.
• Real-time diagnostics: The system should monitor the operation of the robot and collaborating devices, report errors, and enable quick fault localization.

Example: Information about opening a movable guard should immediately reach the robot’s control system to activate the stop function.

4. Integration of Safety Functions

Safety functions must be integrated with the control system in a way that leaves no room for errors. Examples of safety functions at a robotic workstation include:

• Safe stop (Stop Category 0 and 1): In accordance with ISO 13850, allows for rapid energy cut-off or controlled robot stop.
• Speed and position monitoring: A function that prevents exceeding safe movement values of the robot.
• Access lock: Stops the robot when opening a guard with an interlock.

Integration of control systems requires precision and compliance with standards. Any error can lead to uncontrolled robot movements, posing a serious threat.

Integration of Industrial Robots: Preventing Uncontrolled Robot Movements

Uncontrolled robot movements are one of the biggest hazards at a robotic workstation. They can occur due to control system failures, programming errors, or improper system integration. The PN-EN ISO 10218-2 standard details how to prevent such situations, considering two security variants that correspond to different risk levels and robot work characteristics.

1. First Variant – Safe Robot Stop

This variant relies on immediately stopping the robot when a hazard or control system error is detected. Two stop categories, compliant with ISO 13850, are crucial here:

• Stop Category 0 – immediate power cut-off and stopping the robot through natural inertia.
• Stop Category 1 – controlled robot stop, maintaining power, followed by energy cut-off.

Key Principles:

• The stop function must be reliable and meet control system requirements described in ISO 13849-1.
• Mechanical movement limiters or other physical means should be used to prevent uncontrolled robot movement after stopping.
• Real-time position and speed monitoring should be applied to immediately detect deviations from set values.

Example: In case of losing the signal from a safety scanner or opening a movable guard, the robot transitions to a safe stop state, preventing further movement until the hazard is removed.

2. Second Variant – Preventing Uncontrolled Start-Up

The second variant focuses on eliminating the risk of uncontrolled robot start-up, for example, after resolving a failure or power interruption. To achieve this, it is necessary to:

• Apply control system security functions that require operator confirmation before restarting the system.
• Introduce safety interlocks – for instance, the robot cannot be started if the movable guard remains open or is not properly locked.
• Ensure automatic system diagnostics that detect and report any control system errors.

Example: After interrupting the robot’s operation, e.g., due to an emergency stop, its restart requires conscious operator action and confirmation that working conditions are safe (closed guards, no human presence in the danger zone).

Monitoring and Validation of Protective Measures

Regardless of the chosen variant, the PN-EN ISO 10218-2 standard requires that:

• All measures preventing uncontrolled movements are tested and monitored continuously.
• The control system detects any anomalies and initiates appropriate protective procedures.
• Applied safety functions comply with safety integrity level (PL) or SIL requirements.

Preventing uncontrolled robot movements is the foundation of safety at a robotic workstation. Properly designing stop functions, interlocks, and diagnostics effectively minimizes risks arising from control system failures.

FAT and SAT – Acceptance Testing and Safety Validation of Robotic Systems

The final stage of integrating a robotic workstation is confirming that the system meets all functional and safety requirements. To this end, the PN-EN ISO 10218-2 standard outlines FAT (Factory Acceptance Test) and SAT (Site Acceptance Test) procedures, which are standardized tools for system acceptance. Of course, in this article, we focus on safety, while functional tests are defined individually between business partners and are not covered by the standard.

1. FAT – Acceptance Tests at the Manufacturer

FAT are tests conducted at the manufacturer’s or integrator’s facility before the system reaches its final installation site. The purpose of FAT is to:

• confirm that the robotic system operates according to the technical specification,
• verify the correct operation of control systems, including safety functions,
• identify any irregularities before the system is installed at the client’s site.

FAT scope includes:

• functional tests: checking robot operation, movements, speeds, and coordination with other devices,
• control system tests: verifying emergency stop functions, guard interlocks, safety zone monitoring,
• emergency situation simulations: checking system response to guard opening, scanner activation, or control component failure.

Example: During FAT, a test is performed to open a movable guard while the robot is operating. The robot must immediately stop movement, and its restart must only be possible after closing the guard and confirming a safe state by the operator.

2. SAT – Acceptance Tests at the Installation Site

SAT are tests conducted at the final site of system use after installation and configuration. The main task of SAT is to confirm that the system operates correctly under real working conditions, considering the environment and interactions with operators and other machines.

SAT scope includes:

• integration of the robotic system with the rest of the plant infrastructure,
• verification of protective measures, including interlocks, scanners, and light curtains,
• safety tests under real conditions,
• operator training on operation and emergency procedures.

Important: SAT does not repeat FAT but focuses on the specifics of the given work environment. Any irregularities detected at this stage must be immediately addressed.

3. Validation of Safety Functions

Safety validation is the final step that confirms that the applied solutions meet the requirements resulting from risk analysis and harmonized standards. Validation includes:

• checking control systems according to ISO 13849-2 or IEC 62061,
• testing the operation of all safety functions, such as emergency stop, speed monitoring, or access locks,
• confirming that residual risk has been minimized to an acceptable level.

Example: After completing integration, a test of the control system’s correctness in the event of a component failure should be conducted to ensure that the system transitions to a safe state.

4. Acceptance and Validation Documentation

The results of FAT and SAT tests and safety validation must be properly documented. Documentation should include:

• detailed report of functional and safety tests,
• record of any defects and corrective actions taken,
• confirmation of system compliance with PN-EN ISO 10218-2 and other applicable standards.

FAT and SAT are not formalities but a guarantee that the robotic system operates not only according to production assumptions but, most importantly, meets safety requirements. Only after successfully passing these tests and validation can the system be considered ready for use.

FAQ: Integration of Industrial Robots