Skill Guide

Safety-critical systems design (IEC 61508, ISO 13849) and functional safety for AI-augmented lines

The discipline of engineering and certifying industrial systems where AI components operate alongside traditional hardware/software to ensure human safety, governed by international standards IEC 61508 (general) and ISO 13849 (machinery).

This skill is critical for enabling the adoption of AI in high-stakes manufacturing and automation without catastrophic failure, directly impacting regulatory compliance, operational uptime, and brand reputation.

1 Careers

1 Categories

9.1 Avg Demand

15% Avg AI Risk

How to Learn Safety-critical systems design (IEC 61508, ISO 13849) and functional safety for AI-augmented lines

Focus on: 1) Mastering the core vocabulary (SIL, PL, SFF, HFT, CCF). 2) Understanding the V-model lifecycle as defined in IEC 61508. 3) Studying the fundamental difference between hardware and software safety requirements.

Move to practice by: 1) Conducting a Hazard and Risk Assessment (HARA) on a real production line. 2) Performing SIL/PL allocation using risk graphs and matrices. 3) Analyzing failure mode data (FMEDA) for existing safety components to understand diagnostic coverage.

Master the domain by: 1) Architecting hybrid safety systems where AI perception or decision modules are isolated by certified safety PLCs and dedicated safety circuits. 2) Leading a TÜV or equivalent certification audit for an AI-augmented system. 3) Developing internal company standards for qualifying AI models (e.g., data integrity, retraining triggers) within a safety lifecycle.

Practice Projects

Beginner

Project

Safety Requirements Specification for a Robotic Cell

Scenario

A simple 2-axis robot arm with a laser welder is being added to a manual assembly station. The primary hazard is operator intrusion into the weld zone during operation.

How to Execute

1. Define the safety function: 'Initiate a Category 1 stop (per ISO 13849-1) when a light curtain is breached.' 2. Perform a basic risk assessment to assign a required Performance Level (PLr) of 'd'. 3. Draft a Safety Requirements Specification (SRS) document listing inputs (light curtain, E-stop), logic (safety relay), and outputs (robot controller safe stop signal). 4. Select preliminary components (e.g., a PLe rated light curtain, a Category 3 safety relay).

Intermediate

Project

Validating an AI-Based Predictive Maintenance System for Safety Impact

Scenario

An AI model predicts bearing failure in a critical conveyor drive. A false positive causes an unnecessary safe shutdown (loss of production). A false negative could lead to a catastrophic seizure and flying debris. The system must not degrade the existing safety integrity of the drive's emergency stop circuit.

How to Execute

1. Analyze the AI system's outputs: Is it advisory (warning) or commanding (automatic shutdown)? For safety, it must be advisory only to a human operator. 2. Define the failure modes of the AI model (false positive, false negative) and map them to safety requirements. 3. Design the integration such that the AI system cannot directly trigger the safety function; it must go through the certified safety PLC logic. 4. Create a validation test plan that includes injecting erroneous AI outputs to verify the safety circuit's independence and resilience.

Advanced

Project

Architecting a SIL 2 AI-Vision Quality Gate

Scenario

An AI vision system insures a critical safety-related weld on an automotive chassis. Missing a defect could result in a structural failure. The line speed is high, requiring real-time AI inference.

How to Execute

1. Implement a dual-channel architecture: Channel A is the high-performance AI vision system for detection. Channel B is a simple, deterministic, and certified rule-based system (e.g., checking weld length via a photoelectric sensor) acting as a watchdog. 2. The safety logic in the safety PLC will only accept a 'pass' from the AI system if the watchdog system also confirms a valid welding event occurred. A disagreement triggers a controlled stop and rejects the part. 3. Perform FMEDA on both channels, calculating the overall Systematic Capability (SC) and Hardware Fault Tolerance (HFT) to meet SIL 2. 4. Define the qualification process for the AI model, including dataset version control, retraining validation protocols, and runtime performance monitoring to manage systematic failures.

Tools & Frameworks

Standards & Certification Frameworks

IEC 61508ISO 13849-1/-2IEC 62443 (for cybersecurity in safety)

These are the non-negotiable architectural blueprints. IEC 61508 provides the overarching lifecycle and SILs. ISO 13849 is the machinery-specific application with PL and Categories. Refer to them for every design decision and verification step.

Analysis & Documentation Tools

FMEA (Failure Mode and Effects Analysis)FMEDA (Failure Modes, Effects, and Diagnostic Analysis)Fault Tree Analysis (FTA)HARA (Hazard and Risk Assessment)

These are the core analytical techniques. Use HARA to identify hazards early. Use FMEA/FMEDA to quantify component and subsystem failure rates. Use FTA to trace complex system failure logic back to root causes. Their outputs directly feed into SRS and verification reports.

Software & Platforms

RAPS (Risk Assessment and Planning Software) toolsSafety PLC Programming Environments (e.g., Siemens TIA Portal Safety, Rockwell Studio 5000 Logix Designer)Functional Safety Management Software

Use dedicated risk assessment software for systematic SIL/PL allocation. Safety PLC environments are where you implement and certify the safety logic. Functional safety management software tracks requirements, test cases, and deviations throughout the project lifecycle.

Interview Questions

Answer Strategy

The candidate must demonstrate a process for handling a COTS (Commercial Off-The-Shelf) component without a safety certificate. The strategy is to treat it as a black box and focus on integration architecture and validation. Sample Answer: 'I would first perform an FMEA on the AI box itself, defining its failure modes-like output freeze or erroneous data. Then, I would design a safety architecture that uses this box only for non-safety-critical detection, with its output verified by a second, independent, and certified sensing method (e.g., a simple photoeye) before a safety action is taken. The safety function would reside entirely in the certified safety PLC, which uses the AI output only as a condition, not a direct trigger. Finally, I would create a validation plan with extensive fault injection testing on the integrated system to prove the overall PL can be met.'

Answer Strategy

This tests for proactive, methodological thinking beyond hardware random failures. The answer should focus on a process or documentation flaw. Sample Answer: 'In a project, I found that the safety requirements specification (SRS) for a robotic welding cell was ambiguous about the sequence of events for a manual restart after an E-stop. This ambiguity could lead to the operator restarting while the area was still unsafe. I halted the design phase, convened a meeting with the safety engineer and controls team, and revised the SRS to include a precise, step-by-step restart sequence with mandatory physical inspections. This prevented a potential procedural systematic error in the final deployed system.'