EN IEC 61508 – a universal foundation for functional safety

EN IEC 61508 (English: IEC 61508) is a standard that is often treated as the “foundation” for other industry documents dealing with functional safety. It sets out principles for reducing risk in control systems based on electrical, electronic, or programmable electronic technology (E/E/PE). Its requirements are built on four pillars:

1. Safety lifecycle (Safety Lifecycle)
   – from the initial concept and hazard analysis through to decommissioning the system.
2. Safety Integrity Levels (SIL)
   – assigned to safety functions to define reliability requirements.
3. Functional safety management
   – clearly defined roles and responsibilities, verification procedures, and competence reviews.
4. Documentation
   – creating, retaining, and updating all relevant data and reports for operation and any potential audits/inspections.

These assumptions mean that 61508 is not limited to a single sector. On the contrary, the standard was designed to be adaptable to the specifics of different industries: from machinery, through rail and aviation, to power generation (including nuclear) and process automation.

Application across different industries

Machinery and production lines: EN 62061 and EN ISO 13849

When it comes to machine design and production lines, we often refer to:

• EN 62061 – “Safety of machinery – Functional safety of electrical, electronic and programmable electronic control systems of machinery”,
• EN ISO 13849-1 – which describes the “Performance level” (PL).

Both of these standards largely build on concepts from 61508, especially when it comes to risk assessment, determining safety integrity, and the principles of redundancy.

Practical examples:

• Automatic packaging line: we use light curtains and emergency stop devices, and we design the control system so that if the beam is interrupted, the machines stop immediately in a safe manner.
• Collaborative robots (cobots): additional requirements for the response to human contact, often taking SIL 2 or SIL 3 into account.

With 61508, we define the overall methodology, while 62061/13849-1 specify, step by step, how to carry out the risk analysis and implement individual safety functions in a machine.

Rail: the EN 5012x series

In the rail sector, the standard references are:

• EN 50126 (RAMS – Reliability, Availability, Maintainability, Safety),
• EN 50128 (railway software),
• EN 50129 (electronic systems for railway signalling).

Each of these, in terms of safety requirements, refers to fundamental rules similar to those in 61508. We also have SIL levels (typically 0–4) and stringent requirements for system independence (channel redundancy) and immunity to disturbances (common-cause failures).

Example:

• Train traffic control: if there is a collision risk, the brakes are applied automatically. If such a system is classified as SIL 4, it must meet extremely demanding reliability requirements and test procedures in accordance with EN 50128/50129.

Process industry: EN 61511

For chemical plants, petrochemicals, refineries, or gas processing facilities, we use EN 61511—which is derived directly from 61508, but focused specifically on so-called SIS (Safety Instrumented Systems).

• We design safety loops (SIF – Safety Instrumented Function) and define the SIL for each one.
• We often use the HAZOP method for process hazard analysis.
• We ensure that sensors and final elements have the required reliability and are tested at regular intervals.

Nuclear power: IEC 61513

Where the risk of failure poses a threat to large areas (nuclear power plants), functional safety standards are even more stringent.

• IEC 61513 (in Poland sometimes referenced as PN-IEC 61513) sets out requirements for protection and control systems in nuclear power plant units.
• Multi-channel redundancy is required (e.g., 2oo3, 2oo4 – “two out of three,” etc.), along with very stringent control of the software design process.

Aviation: DO-178C / DO-254

Although 61508 is not used directly in aviation, the underlying concept is aligned. The DO-178C document (for airborne software) and DO-254 (for hardware) define criticality levels A–E based on the consequences of an error (from minor inconvenience to loss of the aircraft). In practice, the approach to analysis, redundancy, testing, and configuration management is very similar to 61508—while placing emphasis on detailed avionics certification rules.

EN IEC 61508: Assumptions and their practical implications

1. Safety lifecycle
   • Covers phases from concept definition, through detailed design (hardware, software), all the way to installation, acceptance, operation, and modifications.
   • This means you are not limited to a single audit at the end of the project; safety must be assessed and demonstrated throughout the entire period of use.
2. Safety Integrity Levels (SIL)
   • There are four levels: SIL 1 – the least stringent; SIL 4 – the most stringent.
   • Each level defines acceptable limits for the probability of dangerous failure (e.g., PFD for low-demand mode).
3. Risk assessment and documentation
   • Before you start designing, you need to understand what hazards exist and how significant they are.
   • Documentation (analyses such as HAZOP, FMEA, fault tree) forms the backbone of the system—during an inspection or audit, it allows you to demonstrate that your design decisions were reasonable.
4. Independence and redundancy
   • Redundancy is only effective if two (or more) channels do not fail at the same time for the same reason (common-cause failures).
   • Higher SIL most often requires different technologies, separate power supplies, and so on.
5. Competence management
   • People responsible for designing and maintaining safety systems must have the right qualifications and experience (the standard explicitly highlights this).

What do we gain by using EN 61508

1. Fewer failures and less downtime – thanks to better risk control and earlier detection of defects.
2. Regulatory compliance – customers, inspectors, and insurers often require certification to such standards.
3. Increased trust – systems designed in line with 61508 / 61511 / 62061 / EN 5012x are seen as more reliable.
4. Long-term efficiency – although implementation can be costly, it helps reduce potential losses resulting from accidents or legal issues.

EN IEC 61508: The most common mistakes and pitfalls

1. Lack of proper common-cause failure analysis: a redundant system can fail if the channels share the same power source or the same data bus.
2. Relying on a single SIL-certified component: the fact that a sensor or controller has a SIL 2/3 certificate does not automatically mean the entire system has that level—what matters is the complete architecture (sensors, wiring, software, final elements).
3. No periodic testing: for systems that operate infrequently, testing under real conditions is mandatory. Without it, you cannot be sure the safety function will work at the critical moment.
4. Skipping the modification phase: if you change even a portion of the software or replace a valve, you must repeat certain steps of the safety lifecycle—especially the change impact analysis.
5. Neglecting competence: from the designer to maintenance personnel—everyone needs appropriate training to understand how to follow the principles of functional safety.

EN 61508 is the starting point, and sector standards (EN 61511, 62061, EN 5012x, IEC 61513, DO-178C/254, etc.) adapt its principles to the specifics of individual industries. For you, as a designer or user of safety systems, this means:

• Clear, consistent guidance on how to approach risk analysis, SIL determination, and testing of systems.
• The need to produce detailed documentation—from test reports to records of personnel competence.
• Greater confidence that the implemented solutions meet international standards and will be acceptable to customers and supervisory authorities.

Ultimately, although it can be a costly and time-consuming process, proper implementation of EN 61508 (or its “derivatives”) translates into lower accident risk, more stable plant operation, and a stronger reputation in the industry. These standards are therefore not “unnecessary paperwork,” but an effective tool for protecting life, health, and property.