Safety systems (E-stops, guards & safety relays)

A safety system is the protective layer of a machine — the emergency stops, guard interlocks, light curtains and the safety relay that ties them together. Its job is to bring the machine to a safe state when something goes wrong, independently of the normal start/stop control.

That independence is the key idea. Normal control makes the machine do useful things; the safety system's only job is to stop it safely and stay stopped until it's deliberately reset. It's designed and wired to a higher standard than ordinary control, and it's never treated as 'just more control wiring'.

Safety devices use normally-closed contacts so that the safe condition is a made circuit and any fault — a cut wire, a loose terminal, a failed contact — breaks it and trips to safe. That's the fail-safe principle: a break in the loop always stops the machine rather than leaving it running.

Higher-risk machines use dual-channel wiring: two independent contacts in each device, monitored by a safety relay. The relay watches that both channels open and close together, so a single fault (one welded contact, one shorted wire) is detected and won't be hidden. It also requires a deliberate, separate reset — the machine can't simply restart the instant the e-stop is released.

How robust a safety circuit needs to be isn't a guess — it comes from a risk assessment of the machine. The bigger the harm and the harder it is to avoid, the more fault-tolerant the safety system has to be. The machinery safety standard describes this with architecture Categories and an overall Performance Level (PL).

There are five Categories — B, 1, 2, 3 and 4. Category B is the base (the safety parts are simply built and selected for the job). Category 1 adds well-tried, more reliable components. Category 2 adds periodic self-checking of the safety function. Categories 3 and 4 add genuine redundancy — the dual-channel, monitored arrangements — so a single fault doesn't lose the safety function; Category 4 also detects an accumulation of faults. People sometimes loosely call these 'the four categories' above the base, but B is the fifth.

Those architectures combine with how reliable the parts are to give a Performance Level from PL a (lowest) to PL e (highest). The risk assessment sets the required PL; the design then has to meet or beat it. As an electrician on site you're usually maintaining a system someone else has rated — so when you replace a safety device or repair a channel, you put back like for like (same type, same wiring, same monitoring) and never quietly downgrade it from, say, a monitored dual-channel arrangement to a single contact.

Emergency stops are the manual last resort — a latching mushroom button the operator hits, which stays in until twisted to reset. Guard interlocks confirm a guard or gate is closed before the machine can run, and drop out the instant it's opened. Light curtains and safety mats detect a person entering a danger zone and stop the machine without a physical guard.

All of them feed the safety relay (or a safety PLC), which is what actually removes power from the dangerous motion — typically by dropping the contactors that drive it. Often two contactors in series are used so that one welded contact still can't keep the machine running.

When a safety system won't reset, the cause is almost always within the loop: a latched e-stop somewhere on the line, an open guard switch, a tripped light curtain, a single broken channel, or a safety relay that has detected a mismatch and locked out. Work along the loop and find the open device — don't force it.

The one rule that never bends: you do not bypass, strap out, or defeat a safety device to get a machine running. Defeating it removes the protection it exists to provide and can directly cause an injury. Find why it's open, fix that, and let it reset normally. Safety-system design and modification is specialised, licensed work.