Designing a Safe Robot System

In addition to ensuring safe operation of the robot, it is also important that robot users give careful consideration to safety for the entire robot system that is designed.

This section explains the minimum requirements that must be observed when using Epson robots in your robot systems.

Please design and manufacture robot systems by following the principles described in this manual.

Environmental Requirements

Be sure that the environment where the robot and robot system are installed meets the requirements contained in the manuals for all equipment used in the system.

System Layout

When designing the layout for a robot system, be sure to fully take into account the possibility of interference between robots and peripheral equipment. Particular attention must be paid to emergency stops because a robot will stop after following a path that is different from its normal movement path. The layout design should provide adequate margins for safety. The layout should also ensure adequate space for maintenance and inspection.

When using high speed manual mode (T2), maintain a clearance of 500 mm between the robot and surrounding buildings, structures, perimeter protection, and other equipment.

When designing a robot system to restrict the area of motion of the robots, do so by following the methods described in the Manipulator manual. Limiting is done either by Soft Axis Limiting or by mechanical stops. For Soft Axis Limiting, refer to the following manual.
"Robot Controller Safety Function Manual"
For limiting by mechanical stops, refer to the following manual.
"Manipulator Manual"

Ensure to install the emergency stop switch at a location near the operation unit for the robot system where the operator can easily access the switch to immediately press it in an emergency.

Do not install the Controller at a location where water or other liquids could enter the Controller. Never use water or other liquids to clean the Controller.

To ensure that lockouts are implemented safely during servicing and maintenance, disconnectors should be located outside the safety barriers wherever possible.

Disabling Power to the System Using Lockout/Tagout

Disconnect the Controller's power supply using the lockout/tagout procedure to ensure a third party does not accidentally turn on the robot while a worker is inside the safety barriers for maintenance or repair. For more information on lockout, refer to the following section.
Part Names and Their Functions

Hand Design

Perform the wiring and piping work so that the robot hand will not release the workpiece (object being grasped) even when the robot system power is shut off.

Design the robot hand such that its weight and moment of inertia do not exceed the allowable limits. Use of a robot hand that exceeds the allowable limits can subject the robot to excessive loads. This will not only shorten the service life of the robot but can lead to unexpectedly dangerous situations due to the additional external forces applied to the hand and the workpiece.

Be sure to select the size of the hand with care because the robot body and robot hand could interfere with each other.

Peripheral Equipment Design

When designing equipment that removes and supplies parts and materials to the robot system, ensure that the design enables adequate safety for the operator. If it is necessary to remove or supply materials without stopping the robot, install a shuttle device, use SLP, or take other measures to ensure that the operator does not need to enter a potentially hazardous zone.
For details on SLP, refer to the following section.
Safety Functions

Ensure that an interruption to the power supply (power shutoff) of peripheral equipment will not lead to a hazardous situation. In addition to taking measures to prevent release of held workpieces as mentioned in "Hand Design," measures must also be taken to ensure peripheral equipment other than the robots can stop safely. Verify equipment safety to ensure that no hazardous situations will occur if the power is cut off.

Remote Control

For the safety of the overall robot system, safety measures must be implemented to eliminate the risks associated with the starting and stopping of peripheral equipment by remote control.

With this product, the robot system can be operated remotely by assigning a remote function to the Controller I/O. Refer to the following section.
I/O Remote Settings
When the remote function is enabled, motion command execution and I/O output are available only from a remote source.

Power Off During Manipulator Operation

Do not turn off the Controller while the Manipulator is operating.
If the Manipulator is stopped by turning off the Controller while it is operating, the following problems may occur.

  • Reduced life and damage to reduction gear
  • Position shift at the joints

Also, if the Controller power was cut off due to a power outage or similar situation while the Manipulator is operating, be sure to check for any of the following points after power is restored.

  • Damage in reduction gear
  • Shifting of the joints from their proper positions
    If there is any position shift, perform zero position adjustment.

Emergency Stop

Each robot system needs equipment that will allow the operator to immediately stop the system's operation. Install an emergency stop device by using emergency stop input from the Controller or other equipment.
Refer to the following section.
Emergency Stop Input Connector
Safety I/O Connector

Before using the emergency stop switch, be aware of the following points.

  • The emergency stop switch should be used to stop the Manipulator only in case of emergencies.
  • Besides pressing the emergency stop switch when an emergency occurs, to stop the Manipulator during program operation, use the Pause or STOP (program stop) statements assigned to a standard I/O.
    The Pause and STOP statements do not turn off motor energization, and so the brake is not locked.

To place the robot system in emergency stop mode in a non-emergency (normal) situation, press the emergency stop switch while the Manipulator is not operating.

Do not press the emergency stop switch unnecessarily while the Manipulator is operating normally.
It could shorten the lifespan of the following components.

  • Brakes
    The brakes will be locked, which will shorten the lifespan of the brakes due to worn brake friction plates.

    • Normal brake lifespan:
      About 2 years (when the brakes are used 100 times/day)
      or about 20,000 times

  • Reduction gears
    An emergency stop applies an impact to the reduction gear, which can shorten its life.

Stopping distance of emergency stop
The Manipulator during operation cannot stop immediately after the emergency stop switch is pressed. Also, the stopping time and movement distance vary depending on the following factors.

  • Hand weight, WEIGHT setting, ACCEL setting, workpiece weight, SPEED setting, movement posture, etc.

For the stopping time and movement distance of the Manipulator, refer to the following manual.
"Manipulator Manual - Appendix B. Stopping Time and Stopping Distance at Emergency Stop"

Safeguard (SG)

To maintain a safe working zone, safety barriers must be set up around the Manipulator, and safeguards must be installed at the entrance and exit of the safety barriers.
The term "safeguard" as used in this manual refers to a safety device with an interlock that allows entry into the safety barriers. Specifically, this includes safety door switches, safety barriers, light curtains, safety gates, safety floor mats, and so on. The safeguard is an input that informs the Robot Controller that an operator may be inside the safety barriers. You must assign at least one Safeguard (SG) in Safety Function Manager. Refer to the following section.
Safety I/O Connector

When the safeguard is opened, Protective Stop operates to change to the safeguard open state (display: SO).

  • Safeguard open
    Operations are prohibited. Further robot operation is not possible until either the safeguard is closed, the latched state is released, and a command is executed, or the TEACH or TEST operation mode is turned on and the enable circuit is activated.
  • Safeguard closed
    The robot can operate automatically in an unrestricted (high power) state.

WARNING

  • If a third party accidentally releases the safeguard while an operator is working inside the safety barriers, this may result in a hazardous situation. To protect the operator working inside the safety barriers, implement measures to lock out or tag out the latch release switch.
  • To protect operators working near the robot, be sure to connect the safeguard and make sure that it works properly.

Installing safety barriers
When installing safety barriers within the maximum range of the Manipulator, combine safety functions such as SLP. Carefully take into account the size of the hand and the workpieces to be held so that no interference occurs between the operating parts and the safety barriers.

Installing safeguards
Design the safeguards so that they satisfy the following requirements:

  • When using a key switch type safety device, use a switch that forcibly opens the interlock contacts. Do not use switches that open their contacts using the spring force of the interlock.
  • When using an interlock mechanism, do not disable the interlock mechanism.
  • When using light curtains, keep the safeguard open until the latch condition is released.

Considering the stopping distance
During operation, the Manipulator cannot stop immediately even if the safeguard is opened. Also, the stopping time and movement distance vary depending on the following factors.
Hand weight, WEIGHT setting, ACCEL setting, workpiece weight, SPEED setting, movement posture, etc.

For the stopping time and movement distance of the Manipulator, refer to the following manual.
"Manipulator Manual - Appendix C. Stopping Time and Stopping Distance When the Safeguard is Open"

Please refer to the above values and ISO13855 when performing calculations.
To reduce the distance, use SLS or SLP to apply the necessary restrictions.

Precautions for safeguard operation
Do not open the safeguard unnecessarily while the motor is energized. Frequent safeguard inputs will reduce the life of the relay.

  • Normal relay lifespan: About 20,000 times

Presence Sensing Device

The above-mentioned safeguard interlock is a type of presence sensing device because it indicates the possibility of somebody being inside the safety barriers. When installing a separate presence sensing device, perform a full risk assessment, and pay careful attention to its reliability.

Take note of the following points.

  • Design the system so that an operator cannot enter inside the safety barriers or cannot reach it unless the presence sensing device is activated or the hazard situation has ended.
  • Design the presence sensing device so that it ensures fail-safe operation regardless of the system state.
  • If the robot stops operating when the presence sensing device is activated, ensure that the robot will not restart operation until the detected object has been removed. Make sure that the robot cannot automatically restart by any operation.

Resetting Safeguards

Ensure that the robot system can only be restarted by operation from outside the safety barriers. The robot must never restart by simply resetting the safeguard. Apply this concept to the interlocks and presence sensing devices for the entire system.

Robot Operation Panel

If a robot operation panel is installed, be sure to install at a position where it can be operated from outside of the safety barriers.

Connections

© 2024 Seiko Epson Corp.