Functional Safety in HMI Systems
Functional safety is a critical requirement in modern machines and vehicles. Increasing system complexity—driven by electronics, connectivity, and automation—introduces new failure modes that must be controlled to reduce risk.
Functional safety ensures that systems respond correctly to faults and transition to a safe state, minimizing the consequences of hazardous events.
For OEMs, this is not optional. Compliance with international standards such as ISO 13849, ISO 26262, EU Machinery Regulation (EU) 2023/1230 or IEC 61508 is essential to ensure machine conformity, limit liability, and protect operators.
In this context, APEM acts as a technical partner, providing reliability data, failure analysis, and validated HMI building blocks that contribute to the overall safety concept of the system.
WHAT FUNCTIONAL SAFETY REALLY MEANS
Functional safety is often misunderstood as a product feature. In reality, it is a system-level approach.
It aims to:
Reduce unacceptable risks caused by system failures
Ensure predictable system behavior in case of faults
Guarantee that safety functions achieve a defined reliability level
💡Key insights:
Functional safety applies to the entire machine and its control system, not to a single component.
A component (such as a switch or joystick) can contribute to a safety function, but does not define the safety level on its own.
A STANDARDS-DRIVEN APPROACH
Functional safety is structured by internationally recognized standards. The choice depends on the application and industry.
ISO 13849 – MACHINERY (PERFORMANCE LEVEL, PL)
Widely used in industrial equipment and off-highway vehicles
Defines Performance Levels from PL a to PL e
Based on:
MTTFd (Mean Time To Dangerous Failure)
Diagnostic Coverage (DC)
System architecture (Categories)
IEC 61508 / EN 62061 – SAFETY INTEGRITY LEVEL (SIL)
Generic framework used across industries
Defines SIL 1 to SIL 3 (or 4 in IEC 61508)
Based on probability of dangerous failure
ISO 26262 – AUTOMOTIVE (ASIL)
Dedicated to road and new mobility vehicles
Defines ASIL A to ASIL D
Based on:
Severity
Exposure
Controllability
ISO 19014 – OFF-HIGHWAY MACHINERY
Increasingly relevant for mobile equipment
Inspired by ISO 26262 principles
👉 A key rule: a project must follow one standard consistently—they cannot be mixed arbitrarily.
FROM RISK TO SAFETY LEVEL: HOW OEMS DEFINE REQUIREMENTS
Functional safety starts with the OEM. The process typically follows these steps:
Identification of undesired events
Example: unintended movement, blocked control, loss of function
Risk assessment
Based on:
Severity of potential injury
Exposure to the hazard
Controllability of the situation
Definition of safety goals
Targeting an acceptable residual risk
Allocation to subsystems
Breaking down safety requirements across system elements, including HMIs
👉 This process determines whether a function requires PL e, SIL 2, or ASIL D, for example.
THE ROLE OF APEM IN YOUR SAFETY CONCEPT
Functional safety is a collaborative process between OEM and supplier. APEM supports your safety assessment by providing the technical data required to build it.
What APEM can provide:
Failure mode analysis
Preliminary hazard analysis
Reliability calculations
Product-level safety data (e.g. B10d, MTTFd)
These elements are essential for:
Fault tree analysis
System reliability calculations
Safety validation processes
What APEM requires from OEMs
To ensure relevant support, OEMs must provide:
Application description
Identified undesired events
Targeted safety level (PL / SIL / ASIL)
Technical specifications with safety requirements
KEY RELIABILITY METRICS USED IN FUNCTIONAL SAFETY
Functional safety relies on quantitative evaluation of failure probabilities. These metrics allow OEMs to quantify residual risk and validate safety targets.
MTTFd (Mean Time To Dangerous Failure)
Average time before a dangerous failure occurs
Core parameter for ISO 13849
B10d value
Number of cycles before 10% of the population of components fail will have failed dangerously
Particularly relevant for electromechanical devices
➡️ In accordance with ISO 13849-1, B10d value can be used to calculate the MTTFD value.
Diagnostic Coverage (DC)
Ability of the system to detect dangerous failures
SAFETY ARCHITECTURE: BEYOND INDIVIDUAL COMPONENTS
Achieving a safety level requires system-level design strategies, such as:
Redundancy
- Dual channels or duplicated signals
- Example: dual-contact (NO/NC) switches
Self-diagnostics
- Continuous monitoring of internal states
- Detection of inconsistencies or failures
Fault detection and response
- Error signaling (e.g. via CAN bus)
- Transition to safe state (stop, degrade, alert)
APEM’S FUNCTIONAL SAFETY COMMITMENT
APEM is continuously strengthening its capabilities to support OEM safety strategies:
Publication of reliability data (B10d, MTTFd)
Enhanced failure mode characterization
Cybersecurity resilience
Integration of diagnostic and redundancy features
Alignment with evolving standards (ISO 26262, IEC 62443)
Structured development and validation processes
This ensures that APEM solutions can be reliably integrated into safety-critical applications, across industries such as off-highway vehicles, material handling, and new mobility.
FUNCTIONAL SAFETY RESOURCES
Integrate functional safety into your HMI design
Work with APEM to access reliable data, engineering expertise and HMI solutions designed to support your safety architecture.
Get the help and resources you need quickly with APEM
If you have questions or suggestions, we’re here to listen.
Our sales and support set the standard for helping you.
All the technical documentation you need to make things work...