EU Machinery Regulation 2023/1230

At the NCK general meeting, there was an interesting presentation by doc. Ing. Petr Blecha Ph. D from VUT in Brno regarding the new EU directive regarding machinery. It deals, among other things, with the limits for the application of artificial intelligence (AI) from the point of view of safety of work. They’re just already thinking about how to do it so the AI ​​doesn’t kill us. And since, for example, ECM already supplies batch handling systems with artificial intelligence, as furnace control systems with self-learning capabilities are being developed, it will be good to learn today.

So, what does this directive say:

Basic health and safety requirements

• Machinery or related products must be designed and constructed to perform their function and to be operated, adjusted and maintained without exposing persons to risk if these operations are carried out under the conditions envisaged, but also taking into account any reasonably foreseeable misuse. The purpose of the protective measures must be to eliminate any risk during the expected lifetime of the machinery or related product, including the stages of transport, assembly, disassembly, decommissioning and scrapping.
• Machinery or related products must be designed and constructed so that the user can, where relevant, test the safety functions. The machinery or related product must be supplied with all special equipment and accessories and, where relevant, a description of the specific functional test procedures necessary for its testing, adjustment, maintenance and safe use.
• Special precautions are taken when handling tools or parts of machinery or related product, even with a light weight, if they could be dangerous.

Ergonomics

• Under the anticipated conditions of use, discomfort, fatigue and physical and mental strain on the operator must be eliminated or reduced as much as possible, taking into account at least the following ergonomic principles:
• enable adaptation to the body dimensions, strength and stamina of the operator;
• avoid the need for demanding postures at work or movements and physical exertion that exceed the operator’s capacity;
• provide sufficient space for the movement of all parts of the operator’s body;
• avoid the pace of work set by the machine;
• avoid control activities that require long attention;
• adapt human-machine interfaces to predictable operator characteristics, including machinery or related product with intended fully or partially self-evolving behavior or logic designed to operate with varying degrees of autonomy;
• in appropriate cases, adapt the machinery or related product with the intended fully or partially self-developing behaviour or logic, which are designed to operate with different degrees of autonomy, so that their responses are sufficient and appropriate for humans (verbal through words and non-verbal through gestures, facial expressions and body movements) and for operators to clearly communicate their intended actions (for example, what they are going to do and why).

.

Protection from damage

The machinery or related product must be designed and constructed so that the connection of another device through any element of the connected equipment itself or through any remote-control device that communicates with the machinery or related product does not lead to a dangerous situation.

A hardware component relevant to the connection or to the access to the software that carries a signal or data and is essential to the compliance of the machinery or related product with the relevant essential health and safety requirements must be designed to be adequately protected against accidental or intentional damage. The hardware or related product collects evidence of authorized or unauthorized tampering with the aforementioned hardware component as relevant to the connection or access to software that is critical to the compliance of the hardware or related product.

Software and data that are essential to the compliance of the machinery or associated product with the relevant essential health and safety requirements must be identified as such and adequately protected against accidental or intentional damage.

The machinery or related product must identify the software installed in it, which is necessary for its safe operation, and must be able to provide this information in an easily accessible form at any time.

The hardware or related product must collect evidence of authorized or unauthorized interference with the software or authorized or unauthorized modification of the software installed in the hardware or related product or its authorized or unauthorized configuration.

Control systems

Control systems must be designed and constructed so that:

• where relevant in view of the circumstances and risks, have withstood the stress of normal use and withstood both foreseeable and unexpected external influences, including reasonably foreseeable malicious attempts by third parties leading to a dangerous situation;
• hardware or control system logic failure did not lead to dangerous situations;
• errors in the logic of the control system did not lead to dangerous situations;
• safety function limits have been established as part of the risk assessment carried out by the manufacturer, but no change to settings or rules generated by the machinery or related product or implemented by the operator must be allowed, even during the learning phase of the machinery or related product, if these changes could lead to to dangerous situations;
• reasonably foreseeable human errors in control did not lead to dangerous situations;

Control systems for machinery or related products with fully or partially self-evolving behaviour or logic that are designed to operate with varying degrees of autonomy shall be designed and constructed to:

• did not cause the machinery or related product to perform an action exceeding its defined activity and the space intended for its movements;
• recording data on the safety-relevant decision-making process for software safety systems providing safety functions including safety components has been activated after the machinery or related product has been placed on the market or put into service, and to keep said data for a period of one year after its collection solely to demonstrate compliance of machinery or related product with this Annex at the reasoned request of a competent national authority
• it was possible at any time to correct the machinery or the related product in such a way as to preserve its internal safety.
• the machinery or related product must not be put into operation unexpectedly;
• the parameters of the machinery or the related product must not be changed in an uncontrolled manner, if such a change could lead to dangerous situations;
• changes to settings or rules generated by the machinery or related product or by the operator must be prevented, including during the learning phase of the machinery or related product, if such changes could lead to dangerous situations;
• the stopping of the machinery or related product must not be prevented, if the command to do so has already been issued;
• no moving part of the machinery or related product or any object held in the machinery or related product may fall out or be thrown;
• automatic or manual stopping of any moving parts must not be prevented;
• protective devices must remain fully functional or give a command to stop;
• safety-related parts of the control system must act coherently on the whole set of machinery or related products or incomplete machinery or their combination.

The control device must be:

• clearly visible and distinguishable, in appropriate cases using pictograms;
• located in such a way as to enable safe and prompt control without time loss and without the possibility of confusion;
• designed so that the movement of the control device is consistent with its effect;
• located outside the hazardous area, except for certain control devices where necessary, such as emergency stop devices or a manual control panel;
• located in such a way that there is no additional risk during their operation;
• designed or protected in such a way that the desired effect, if it can cause danger, cannot occur without deliberate intervention;
• constructed to withstand the expected stresses, paying particular attention to emergency stop devices which may be subject to significant stress.

If a control device is designed and constructed to allow several different actions, especially where there is a mismatch between the direction and sense of the control and its effect, the action to be performed must be clearly displayed and, if necessary, confirmed.

Control devices must be arranged so that their location, travel and actuation resistance are consistent with the action to be performed, taking into account ergonomic principles.

Machinery or related products must be equipped with indicators to operate safely. The operator must be able to read them from the operator’s station.

From each operating position, the operator must be able to ascertain that no one is in the danger area, or the control system must be designed and constructed so that actuation is not possible if someone is in the danger area.

If this is not possible, an audible or visual warning signal must be given before starting the machinery or associated product. Persons at risk must have time to leave the danger area or prevent the machinery from starting.

Where necessary, it shall be ensured that the machinery or associated product can only be operated from operator stations located in one or more predetermined spaces or locations.

If there is more than one operator’s station, the control system shall be designed so that the use of one of them excludes the use of the others except for stop and emergency stop controls.

If the machinery or related product has two or more operator stations, each station shall be equipped with all necessary control devices without the operators interfering with each other or putting themselves in a dangerous situation.

Launching

Machinery or a related product may only be operated by deliberate action on a control device intended for that purpose.

However, repeated actuation of the machinery or related product or change of operating conditions may be done by deliberate action on other than the control device intended for that purpose, provided it does not lead to a dangerous situation.

For machinery or an associated product operating in an automatic mode, it may be possible to start it, restart it after stopping, or change the operating conditions without intervention, as long as it does not lead to a dangerous situation.

Where machinery or an associated product has several actuating controls, and operators could therefore endanger each other, additional devices shall be used to eliminate such risk. If safety requires that starting or stopping be done in a certain sequence, facilities must be provided to ensure the correct sequence of these operations.

Stopping

Normal stop

The machinery or related product must be equipped with a control device by which it can be safely and completely stopped.

In order to make the machinery or related product safe, each workplace must be equipped with a control device to stop some or all functions of the machinery or related product according to the type of hazard.

A command to stop the machinery or related product must take precedence over commands to start.

After stopping the machinery or related product or its dangerous functions, the power supply to the relevant drive mechanisms must be interrupted.

Operational shutdown

If a stop is required for operational reasons that does not interrupt the power supply to the drive mechanisms, the stop state is checked and maintained.

Emergency stop

The machinery or related product must be equipped with one or more emergency stop devices that enable actual or imminent danger to be averted.

This does not apply to:

• machinery or related product for which an emergency stop device would not reduce the risk because it would either not reduce the stopping time or would not allow the necessary special measures against the risk to be applied;
• portable hand-held or hand-guided machinery or related products.

This device must:

• have clearly distinguishable, easily visible and quickly accessible control devices;
• stop the dangerous process as quickly as possible without creating further risks;
• when necessary, initiate or enable the initiation of certain security
• Once the active function of the emergency stop device is interrupted after the end of the stop command, the emergency stop device must maintain this command until it is unblocked by the specified action; the device must not allow unlocking without a stop command; the unlocking of the emergency stop device must only be possible by an appropriate action, whereby the unlocking of this device must not restart the machinery or the related product, but only allow it to be restarted.
• The emergency stop function must be available and operational at all times regardless of the work mode.
• Emergency stop devices must be supplemented by other protective measures, but they must not replace them.

Avoiding the risks of contact leading to dangerous situations and preventing the psychological stress that may be caused by interaction with the machinery adapts to:

• coexistence of man and machine in a shared space without direct cooperation;
• human-machine interaction.

Contents of the instruction manual:

It must contain, among other things, ……….. information on the necessary preventive measures, methods and means for the immediate and considerate rescue of persons;

• if machinery or related products can emit non-ionizing radiation that can cause harm to people, especially people with active or inactive implantable medical devices, data on the radiation to which the operator and vulnerable people are exposed;
• if the design of the machinery or related product enables the machinery or related product to produce emissions of hazardous substances, the characteristics of the capture, filtering or removal devices where such equipment is not provided together with the machinery or related product, and any of this information:
• the flow of emissions of hazardous materials and substances from the machinery or related product;
• the concentration of hazardous materials or substances around the machinery or related product originating from the affected machinery or related product or from materials or substances used together with the machinery or related product;
• the effectiveness of the capture or filtration device and the conditions that must be met to maintain its effectiveness over time.

Technical documentation

Among other things, it must include:

• reports on the results of design calculations, tests, checks and inspections carried out to verify the conformity of the machinery or related product with the relevant basic health and safety requirements or their results;
• a description of the means used by the manufacturer during the manufacture of the machinery or related product to ensure compliance of the manufactured machinery or related product with the design specifications;
• source code or program logic of safety-relevant software for the purpose of demonstrating compliance of the machinery or related product with this Regulation at the reasoned request of a competent national authority, if necessary to enable that authority to verify compliance with the essential health and safety requirements laid down by in Annex III;
• for sensor-regulated, remote-controlled or autonomous machinery or related products, in the event that safety-relevant activities are controlled by data from sensors, if applicable, a description of the general properties, possibilities and limitations of the system used, a description of the data used and development, testing and validation procedures

Declaration of Conformity

All these details must be given in the Declaration of Conformity..

• The subject of the declaration is in accordance with these Union harmonization legislation
• References to the harmonized standards used referred to in Article 20(1) or common specifications adopted by the Commission in accordance with Article 20(3), including the date of publication of the reference to the harmonized standard in the Official Journal of the European Union or the date of adoption of the common specification, or references to other technical specifications, including their date of entry into force, on the basis of which conformity is declared. In case of partial application of harmonized standards or common specifications, the EU declaration of conformity must indicate the parts that have been used:

Regulation effective from 14 January 2027

What to say in conclusion, what is written in the directive seems to me logical and corresponding to the possibility of misuse of AI. Not because robots steal our products, but because they can cause us harm. They will be autonomous, but not stupid. After all, I already caught the news last month that the world’s first robot committed suicide. He probably didn’t want to be with those human creatures anymore. And what follows from this, the nice robot could also shove us straight into the oven…

Jiří Stanislav

10. července 2024