As collaboration between humans and machines becomes closer, the level of required safety must increase. It is therefore imperative that functional safety occupies a pivotal position in the design of a Human Machine Interface.
Wherever a human interacts with a machine, there is theoretically a risk of injury or material damage if a technical component fails. Machines and devices must therefore be “functionally safe”.
Safe even in the event of failure
Functional safety describes the ability of a technical system to assume a safer state in the event of errors or hardware failures that pose an unacceptable risk to the safety of people or the system itself. This also applies to Human Machine Interfaces. The most common cause of work accidents is operational errors, for example because the operator did not understand or ignored the information provided by the machine, or simply provided the wrong input. The design of an HMI also plays an important role: a poorly designed Human Machine Interface can cause the operator to perform inappropriate actions, such as using shortcuts or bypassing safety devices.
Human in the centre
Therefore, humans should always be at the heart of the design process for a Human Machine Interface. This human-centered design process is described in DIN EN ISO 9241-210 – it is a good guide for anyone managing an HMI project. The design of the operating sequences, interaction and communication mechanisms, and the structuring of functions and information to be displayed have a significant impact on productivity, the prevention of operational errors and the reduction of training and servicing requirements.
What is the DIN EN ISO 9241?
DIN EN ISO 9241 is a comprehensive series of standards on the ergonomics of human-system interaction. It sets out the ergonomic requirements for different areas such as software, input devices and workplaces.
Even switches must be functionally safe
Even seemingly simple control elements like capacitive switches must be safe. In a car, for example, capacitive HMI systems are being increasingly integrated into the vehicle’s critical functions, where reliable functioning – or safe operation – is required. The start/stop button, for instance, usually requires a Safety Integrity Level up to ASIL B (Automotive Safety Integrity Level risk classification scheme defined by ISO 26262 – functional safety for road vehicles).
Better to ask
Given that incorrect data input, even even when done unintentionally by the operator, can never be completely ruled out in safety-relevant applications, appropriate precautions such as two-button operation, key switches, or safety queries in the software must be taken. This also applies to modern HMIs such as voice control: where the consequences of incorrect data input can lead to damage or injury, there must be a safety mechanism in place. This could be a verbal question, such as “Are you really sure?”, or achieved through another means, such as a manually operated switch.
Person recognition ensures safety
When humans and machines work closely together, systems for automatic person recognition form an important component of safe operation. With the help of various sensors, they monitor hazard areas and determine whether people are present in them. Depending on the monitoring task, there are different detection methods. For monitoring the entire work area, different camera systems such as 3D or multi-cameras are suitable. On the other hand, a 2D laser scanner is suitable for monitoring individual sub-areas. In addition to areal use, sensors can also be attached directly to the machine or the person. Machine-centered sensors such as pressure sensors respond to touch and brake the machine in the event of a collision. Person-related sensors such as radio transmitters are carried by employees during work to determine their position.
Humans and robots work safely together
Especially in view of the increasing interaction between humans and robots, sensor systems and measuring methods for automatic and safe person recognition are of particular importance. Collaborative robots, known as cobots, can cooperate with humans without a protective fence, where human safety must always be ensured. This is enabled, among other things, by power and force limiting: it ensures that biomechanical limits (force, pressure) are not exceeded in the event of contact between persons and robots.
Another possible operating mode for cobots is speed and distance monitoring. This requires technologies for the early detection of dangerous situations (e.g. collisions) between humans and robots. Monitoring can be done, for example, via camera systems. Projectors can also project the relevant safety area onto the floor for the operator. A violation of this area by an interruption of the projection beams is detected by the surrounding cameras. With this solution, safety areas can be dynamically adapted to the work situation and robot configuration.
Localisation for remote control
Remote controls are indispensable not only in robotics but also in many other applications. However, they can pose significant risks with medical and other devices – for example if functions are triggered unintentionally. Therefore, it is essential that critical functions can only be controlled if the remote control is within a certain area. This requires precise and interference-resistant distance measurement – for example, using Ultra-Wideband technology (UWB). It enables device locations to be pinpointed to within half a metre using the Time of Flight (ToF) method.
Safety from the start
There is a multitude of solutions to make interaction between humans and machines safe. Which path is the right one always depends on the application. In any case, safety should already be considered in the design process of an HMI, and it is essential to always consider various different safety systems.
