Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.roboticks.io/llms.txt

Use this file to discover all available pages before exploring further.

IEC 62061

IEC 62061:2021, Safety of machinery — Functional safety of safety-related control systems, is the IEC route to demonstrating that a machinery control system reaches the safety integrity its risk assessment requires. It is the sector-specific adaptation of IEC 61508 for machinery, and is harmonised under EU MR 2023/1230 (citation publication in the EU OJ is ongoing). It coexists with ISO 13849-1: both are accepted routes. IEC 62061 uses SIL CL (Safety Integrity Level Claim Limit, 1–3) where ISO 13849 uses PL (Performance Level, a–e). The two are approximately equivalent for the bands where they overlap; the choice between them is most often driven by component-supplier datasheets (which level the component is rated against) and by your safety engineer’s preference.
Roboticks is audit-readiness tooling, not a certified toolchain. We assemble the evidence your notified body, certification body, or QA process ingests. We do not replace tool qualification (DO-178C, ISO 26262-8 TCL) and we do not issue conformity assessments. Verify the regulatory interpretations on this page against the standard text and your accredited assessor.

SIL CL vs SIL

IEC 62061 uses SIL CL for sub-system claim limits and reserves SIL for the integrated function:
SIL CLBands
SIL CL 1Sub-system PFHd in the SIL 1 band
SIL CL 2SIL 2 band
SIL CL 3SIL 3 band
A safety function composed of subsystems aggregates SIL CLs (per the formulas in IEC 62061 Clause 6.6) to a final SIL.

SIL CL ↔ PL approximate mapping

SIL CL (IEC 62061)PL (ISO 13849)
1b / c
2c / d
3d / e
The mapping is approximate; the exact correspondence depends on architecture, MTTFd, DCavg, and CCF. For a given safety function, either route is acceptable — but a single function should be assessed through one route or the other, not both.

What Roboticks supports

  • Clause-level derivation from IEC 62061.
  • SIL CL annotation on requirements via the asil_pl field (SIL CL 1, SIL CL 2, SIL CL 3).
  • Subsystem-level verification evidence — JUnit aggregation per subsystem, coverage per module, static-analysis findings per file.
  • Architecture-as-config — the project’s safety architecture (which subsystems implement which safety functions) lives in roboticks/architecture.yaml; the evidence pack renders the architecture diagram in the PDF.

What Roboticks does not do

  • We do not compute SIL or SIL CL — these are determined by hazard analysis and architectural calculation Roboticks does not perform.
  • We do not validate component supplier SIL CL claims — those rest on supplier-provided certification.
  • We do not generate the IEC 62061 functional-safety plan — that is your safety engineer’s product (though we can attach it as supplementary evidence).

Example SIL CL 2 requirement

- id: REQ-SAF-105
  title: Light-curtain interrupt halts cell motion SIL CL 2
  type: safety
  asil_pl: "SIL CL 2"
  derives_from:
    - standard: iec-62061-2021
      clause: "§6.6 Safety function realisation — subsystem architecture B"
      edition: "2021"
    - standard: iec-61496-1-2020
      clause: "§5.4 Detection capability"
      edition: "2020"
  text: |
    On interruption of the cell light curtain, the cell control system
    shall command a Category 1 stop within 200 ms. The function shall
    achieve SIL CL 2 via dual-channel light-curtain input and
    cross-monitoring of the stop response, with diagnostic coverage
    per IEC 62061 §6.7.
  acceptance:
    - test: tests/cell/test_light_curtain.py::test_interrupt_commands_stop
    - test: tests/cell/test_light_curtain.py::test_response_under_200ms
    - test: tests/cell/test_light_curtain.py::test_dual_channel_symmetry
    - test: tests/cell/test_light_curtain.py::test_diagnostic_on_channel_fault
Cross-derives from IEC 61496, which defines the light-curtain itself.

The architecture-as-config pattern

For projects under IEC 62061, declaring the safety architecture in a structured form pays off across the lifecycle. Roboticks accepts an architecture.yaml: 
safety_functions:
  - id: SF-001
    name: Cell light-curtain interrupt → motion stop
    sil_cl_required: 2
    subsystems:
      - id: SS-LC-A
        name: Light curtain channel A
        type: input
        sil_cl_capability: 3
        supplier: "Acme Sensing"
        pfhd: 5.0e-10
      - id: SS-LC-B
        name: Light curtain channel B
        type: input
        sil_cl_capability: 3
        supplier: "Acme Sensing"
        pfhd: 5.0e-10
      - id: SS-LOGIC
        name: Safety PLC
        type: logic
        sil_cl_capability: 3
        supplier: "Siemens"
        pfhd: 2.0e-9
      - id: SS-DRIVE
        name: Servo drive STO
        type: output
        sil_cl_capability: 2
        supplier: "ABB"
        pfhd: 1.0e-8
    realised_by_requirements:
      - REQ-SAF-105
The platform renders the architecture in the evidence-pack PDF and surfaces it in the dashboard. It does not aggregate PFHd to verify the SIL — that is your safety engineer’s calculation — but it makes the architecture visible alongside the verification evidence.

Suggested test patterns

SIL CLArchitecturePattern
1Single channelNominal-function tests; deadline assertions
2Dual-channelAbove + single-channel-fault injection; cross-check tests
3Dual-channel with high DCAbove + comprehensive fault-detection coverage; periodic-self-test verification

Pinning

rbtk standard pin iec-62061-2021 --project acme-robotics/firmware
IEC 62061 is part of the industrial-robot-eu and amr-eu bulk templates.

Next steps

ISO 13849

The PL-based alternative route.

IEC 61508

The parent standard.

IEC 61496

The protective-equipment standard cross-cited from IEC 62061.