1 Learning Objectives

The objective at the end of this chapter is to be able to:

  • recognize the different standard organization and their publications;

  • conduct a risk-assessment procedure on a robotic system and propose risk mitigation measures;

  • know the difference between an industrial robot and a cobot as well as their respective potential hazards;

  • differentiate the types of collaborative operation methods;

  • conduct a risk assessment on a mobile robotic system.

2 Introduction

The deployment of robotic systems always brings several challenges. Among them, safety is of uttermost importance, as these robots share their environment with humans at a certain degree. In this chapter, you will get an overlook of some standards relevant to robotic systems, pertaining mostly to their scope and the organizations issuing them. These standards and others documents such as technical specifications are relevant to conduct the risk assessment of a new system and mitigation of the identified hazards, two critical steps in the deployment of robot cells, mobile manipulators, etc. While we will first focus on conventional industrial robots, we will then move to collaborative robots (cobots), with which human operators’ safety is even more critical considering the intrinsic close proximity, as well as mobile robots. It is important to understand that the information presented in this chapter is only a brief introduction to the process leading to the safe deployment of a robotic system, whether it is a conventional industrial robot, a cobot or a mobile robot. You will need to refer to existing standards, technical specifications, guidelines and other documents that are yet to be released, as it is a field constantly adapting to new technologies. Moreover, a safe deployment goes beyond any written document, as a thorough analysis is critical, which includes elements that may not be considered by any standard.

An Industry Perspective

Camille Forget

Quality assurance manager, Suppliers

Kinova inc.

figure a

I have a bachelor’s degree in automated production. I worked a few years in the metal industry and went back around robotics when I joined Kinova’s quality assurance team four years ago. I always found robots fascinating, which made my job even more interesting to do.

Since we design and manufacture both medical and industrial robots, a big challenge that we have at Kinova in terms of quality is to optimize the quality management system to meet the requirements of medical standards while still allowing rapid and constant development required by the industry. We need to go back to the essence of the requirements and make sure to fulfill them while also keeping the system efficient and flexible.

Absolutely, the robot safety field is in constant evolution as the technology progresses to help create safer and better human-robot collaborative applications. Standards are evolving to help structure the industry and push (things) forward. New technologies are being developed and refined to help integrate the robots more safely and efficiently.

2.1 Terms and Definitions

First, some terminology must be defined. Table 14.1 includes terms commonly found in the field of robotic system safety and they will be used throughout this chapter. The definitions provided here are based on several standards, including new ISO 8373 ISO (2021c) and ISO/DIS 10218-1.2 ISO (2022).

Table 14.1 Definitions
Full size table

2.2 Challenges with the Safe Deployment of Robotic Systems

Several challenges arise in regard to the deployment of robotic systems, particularly in environments where they were not commonly found in the past. Moreover, existing and well-known standards are not necessarily adapted for every new situation. For instance, before late 2020, if you were working with industrial mobile robots (IMR), you would not have found exactly what you were looking for, as IMRs did not fell within the scope of a particular standard. Then, the ANSI/RIA R15.08 ANSI/RIA (2020) was released in December 2020. Both autonomous mobile robots (AMR) and automated guided vehicles (AGV) with a manipulator used in an industrial environment fall under the definition of IMRs, thus are covered by this standard. However, AGVs and AMRs have different scopes: the former follow fixed routes, while the latter use sensors to avoid and go around obstacles by autonomously computing its own trajectory. The ANSI/RIA R15.08 is based on relevant guidance from ANSI/RIA R15.06 ANSI/RIA (2012) and ANSI/ITSDF B56.5 ANSI/ITSDF (2019), which focus on industrial robot safety and guided industrial vehicles, respectively.

Moreover, even if a technical specification, precursor of a full standard, is already established, as it is the case for collaborative robots, the increase in interactions between robots and operators in close proximity also makes risk assessment more complicated, as topics such as the onset of pain must be considered, which was not the case for conventional industrial robots, with which any contact with the robot is prohibited by design.

3 Standards

Standards are established norms agreed by experts and published by an organization. They cover a large spectrum of topics, ranging from environmental management to IT security, including sustainability as well and, of course, safety in robotics. While reading a standard, you will find similarities regarding the content, such as a section defining clearly the scope of the document with respect to related standards, as well as the definition of the critical terms used.

3.1 Organizations

Organizations issuing standards, technical specifications, norms and codes relevant to safety of robotic systems can be classified into three categories, i.e., 1. international; 2. national; 3. local. Organizations acting at the international level are obviously those usually most well known. It should be noted that standards published by national organizations can be relevant internationally. For instance, the ANSI, an American organization, is well known and is viewed as a reference well beyond the borders of the USA. It is even more true in emerging topics where national institutions have not considered yet. However, you should know that these organizations do not have the power to make their standards compulsory. It is at the local level, through codes and regulations, that legal obligations may appear. Nevertheless, the latter may refer explicitly to standards/technical specifications, as well as generally requiring you to follow well-known good practices, which include them implicitly.

You can also look at the different organizations and levels from another angle. At the local level, there are common rules and good practices from the field. These rules can give rise to codes and regulations. If these codes and regulations are found to be common to a domain, a branch, a type of machine at the national level, this can give rise to standards established by national organizations, such as CSA Group. At another level, if the rules and codes around a subject are of interest beyond the borders of a country, they may fall under an international standardization process and eventually give rise to a technical specification and an international standard.

You should remember that standardization work at both national and international level is the result of the work of experts in the corresponding field from different backgrounds. For example, for the international standardization work of the ISO/TC/299/WG3 group in charge of standards associated with industrial robots, the group consists of

  • manufacturers of industrial robots;

  • industrial robot integrators;

  • companies using industrial robots;

  • academics/researchers;

  • government agencies;

  • prevention organizations.

The international standard thus obtained is the result of a consensus between different experts from different countries. It represents the best practices that can be applied in that field.

International

You have probably heard already about ISO. The International Organisation for Standardisation (ISO) is an federation dating back to 1946 with a membership of more 150 national standard organizations. It has published tens of thousands of standards in numerous fields and has several hundreds of technical committees working on revising and publishing new standards, notably the ISO/TC/299 on robotics mentioned above. This technical committee also relies on the input from more grounded organizations, such as the Robotic Industries Association (RIA),Footnote 1 which publishes guidelines designed for robotics applications based on existing standards.

National

There are more than a hundred national standards organizations around the world; it would be pointless to just list them all here. It should be noted, however, that they issue their own norms and also participate in the elaboration of international norms, released by ISO for example. Among them, we can mention the American National Standards Institute (ANSI) which “is a private, non-profit organization that administers and coordinates the US voluntary standards and conformity assessment system.”Footnote 2 There is also the CSA Group, an organization accredited by the Standards Council of Canada, a governmental corporation promoting voluntary standardization in Canada. Standards from CSA Group also have an international reach, being used notably in China, but the main objective of this organization is to adapt international standards to the Canadian reality.

3.2 Classification and Relevant Technical Specifications/Standards

You can classify ISO’s safety-of-machinery-related standards into three categories, types A, B and C (see Villani et al., 2018 for more information). In Fig. 14.1, we have added standards from other organizations and technical specifications as well (which are precursors to standards, as mentioned above). As you can see in Fig. 14.1, type A standards focus on basic safety. For instance, ISO 12100 ISO (2010) “specifies basic terminology, principles and a methodology for achieving safety in the design of machinery.” It also proposes principles of risk assessment and risk reduction, which we will see later in this chapter and will help you design safe robotic systems. Type A standards apply to all types of machines. Type B standards give you more technological specifications for the design of machinery, and therefore have a more limited scope. For example, you can refer to ISO 13850 ISO (2015) if you need to design emergency stops (e-stops). In other words, type B standards give recommendations and safety requirements that can be applied to different types of machines. They relate to safety aspects or a type of protection device that can be used for a series of machines. For example, emergency stops are not specific to a given machine nor are movable guards.

Fig. 14.1
figure 1

Safety standard pyramid (ISO equivalent, adapted from Villani et al., 2018)

Full size image

While basic (type A) and generic safety (type B) standards are not specifically written for mobile and collaborative robots, they should still be taken into account in all deployment scenarios of robotic systems. Finally, type C standards focus specifically on machine safety and are of particular relevance for robotics. They can be categorized depending if it is an industrial robot, a mobile robot, a collaborative robot, a service robot or a personal-care robot. Many of the current-standards target manufacturing robots, e.g., fixed (and recently some industrial mobile robots), collaborative devices, automated guided vehicles (AGV), automated agricultural machines, etc. The scope of a standard or a technical specification is one of the first element defined in the corresponding document. A chart, taken from ANSI/RIA R15.08 and displayed in Fig. 14.2, details the different scopes of IMRs (ANSI/RIA R15.08), AGVs without an attached manipulator (ANSI/ITSDF B56.5) and IRSs (ANSI/RIA R15.06), based on their characteristics.

Fig. 14.2
figure 2

Scope of application of several notable standards (adapted from ANSI/RIA R15.08)

Full size image

The ANSI B11 series of standards and technical reports are particularly interesting, as they focus on machinery safety. Similarly to ISO publications, they are classified in types A, B and C. A full list can be found online.Footnote 3

Table 14.2 Some relevant standards and technical specifications for robots used in industrial environments
Full size table

You will find a summary of the some relevant standards to robotic systems’ safety in Table 14.2. For example, ISO/TS 15066 is of particular interest, because it focuses on collaborative robots, which are addressed later in this chapter. You should not see this list as exhaustive, because only a selection of standards/technical specifications are included and new ones are currently being written/revised.

4 Industrial Risk Assessment and Mitigation

In this section, we will focus on isolated industrial robotic system first and how to conduct a risk assessment. The global procedure is depicted in Fig. 14.3. The following section covers the elements shown in this figure. Particularities pertaining to collaborative and mobiles robots will be addressed in the subsequent sections.

Fig. 14.3
figure 3

Risk assessment procedure (adapted from ISO 12100) with subsequent integration, validation and monitoring

Full size image

4.1 Risk Assessment

Risk assessment is a critical and essential process before deploying a new robotic system. Your first step will be to identify the limits of the robotic system application in terms of use, space and time throughout its life cycle. This step amounts to defining the expected use of the machine and the environment in which it is to perform these functions. It is therefore essential to have proceeded, before the risk identification stage, to a functional design process of the robotic system. For instance, this stage includes defining the place where the robot will be installed, the surrounding objects, the parts handled, the number of operators and their training, the tasks that the robot will perform, etc.

Then, you must identify every potential sources of harm, known as hazards. It is necessary to conduct a first analysis to estimate, i.e., quantify, the risk posed by each hazardous situation. It is an iterative process, therefore the analysis is conducted again after implementing the risk-reduction measures (mitigation) to validate the desire outcome has been reached. The approach is unique to every industrial robotic system application, which means you should avoid a “one-size-fits-all” solution, as it may be too restrictive for the application, ultimately leading to frequent bypass of some safeguards to accomplish a task. The risk analysis is, in fact, specific to a particular machine and installation. Therefore, it is necessary to carry out a new risk assessment if the environment, tasks or operators change (as part of a machine move, for example).

Potential Causes of Hazards

A non-exhaustive list of potential hazard causes involving isolated industrial robotic system (as opposed to collaborative and mobile robots, which will be considered later in this chapter) is detailed in Table 14.3. This table not only considers injuries to the human body, but also material damages. You should note, however, that international standards only refer to the former when “harm” is mentioned. For your information, you will find a list of significant hazards in the Annex A of ISO 10218-2.

Table 14.3 Non-exhaustive list of potential causes of hazards involving industrial robotic systems
Full size table

Initial Analysis

The initial analysis is an hypothetical exercise done by the integrators where potential hazards are identified. No risk mitigation measures should be considered while conducting the initial risk analysis: you will therefore have to consider unauthorized access to the robot workspace and unqualified operator, risks that are easily prevented. We will cover the mitigation in the next section (step). Moreover, the operator should always be considered unqualified and the workspace not protected at this stage of the risk assessment. All of this is done to avoid overlooking any potential hazard. You can see this as a worst case scenario. For each risk, you need to estimate two elements or parameters according to ISO 12100:2010:

  1. 1.

    the severity of harm and

  2. 2.

    the probability of that harm.

The latter normally comprises three subparameters:

  1. 1.

    the exposure of the person(s) to the hazard;

  2. 2.

    the occurrence of a hazardous event;

  3. 3.

    the possibilities to avoid or limit the harm.

Fig. 14.4
figure 4

Chart to evaluate the risk level for each dangerous phenomenon (adapted from RIA TR R15.306 RIA, 2016, which is a supplement of ANSI/RIA R15.06-2012)

Full size image

Various risk estimation tools exist in order to rank the severity and probability of the harm. However, not all of those tools cover the same number of parameters. For example, the RIA TR R15.306 proposes the chart illustrated in Fig. 14.4 which comprises three parameters, namely severity, exposure and avoidance:

  • Severity of injury;

    • serious (death, chronicle disease, amputation, etc.)

    • moderate (broken bone, short hospitalization, etc.)

    • minor (bruises, etc.)

  • Exposure to the hazard;

    • high (more than 1 time par day)

    • low (less than 1 time par day)

    • prevented (not used in the initial analysis, since we ignore risk mitigation measures at this stage)

  • Avoidance of the hazard;

    • impossible (insufficient space, caged operator)

    • improbable (insufficient space, but under robot speed limitation, obstructed exit)

    • probable (sufficient space, under robot speed limitation, early warning).

After completing the potential hazards identification and the three criteria quantification, the next step of the initial analysis is to determine the risk level. You can do this with the chart mentioned above (Fig. 14.4).

4.2 Risk Mitigation

Preventive and corrective measures must be put in place and the risk index will then be reevaluated accordingly. These measures can be classified into eight categories according to RIA TR R15.306-2016 RIA (2016) (Task-based Risk Assessment Methodology), in this precise order:

  1. 1.

    elimination;

  2. 2.

    substitution;

  3. 3.

    limit interaction;

  4. 4.

    safeguarding and safety-related part of a control system (SRP/CS);

  5. 5.

    complementary protective measures;

  6. 6.

    warnings and awareness means;

  7. 7.

    administrative controls;

  8. 8.

    personal protection equipment (PPE).

We will see examples for the categories listed above. Some are displayed in Fig. 14.5. Only a brief summary of some mitigation measures will be given here and you must refer to the relevant standards/technical specifications/guidelines for more information.

Fig. 14.5
figure 5

Mitigation measures that can be applied to industrial robot cell (upper left, emergency stop; upper right, safety distance related to projectors; lower left, safety light curtain; lower right, lockout procedure)

Full size image

Elimination: Modifying the industrial robot system’s design (hardware, software, process, layout, etc.). It should be emphasized that this involves the modification of the design of the machine to eliminate the risk inherently. For example, eliminating obstacles that may be the cause of the risk of jamming and thereby eliminating the risk of jamming in an intrinsic way (without resorting to guards and barriers for instance).

Substitution: You can mitigate the risk by a substitution, namely by changing materials handled, and replacing the robot by another less powerful, slower or with a smaller workspace.

Interaction limitation: Limit physical interactions between the operator and the industrial robot within the latter’s workspace.

Safeguarding and safety-related part of a control system (SRP/CS): To reduce the risk of someone coming in close proximity of an industrial robot, the most simple and common measure is to enclose the robot with a perimeter fence, serving as a barrier between the robot and anyone it could harm. According to ISO 13857 ISO (2019), a barrier is necessary if the mechanism potentially dangerous, not necessarily a robot, is lower than 2.5 m above ground. In this case, the same standard recommends rigid panels with certain parameters depending on the dimensions of the system and its workspace. For instance, the minimal height of the panels is 1.8 m, regardless of the system. These fences can include openings necessary for the robot’s operation as well as a door for maintenance. This door must be equipped with a locking mechanism or/and sensors to detect intrusion in the workspace. Machine lockout and sensors are also a possibility to avoid a robot operating at full capacities while an operator is within close proximity or inside the machine/workspace.

Complementary protective measures: Common complementary measures include elements to achieve e-stop functions, measures for safe access to the robot, handrail, mechanical blocks and additional padding.

Warnings and awareness means: Rotating beacons, alarms, warning panels are among the measures used to increase the operator’s awareness of the potential dangerous phenomenon.

Administrative controls: Organizational-type measures are also essential to reduce risks involving robotic systems. Indeed, some risks cannot be completely eliminated, thus a proper training of the staff is critical to increase awareness. The information shared includes the nature of the risks, existing protection methods, proper safe ways to approach the robot, etc. Other measures include compliance with the manufacturer’s instructions, regular inspections and preventive maintenance of the robot, rewarding workers for safe behavior, etc.

Personal protection equipment: Common examples include glasses, helmet, boots, etc.

While considering potential risk mitigation measures, you should consider the above eight categories in the order they are presented. Therefore, you should favor elimination and substitution rather than administrative controls and PPE. For hazards initially evaluated as medium and above on the risk level scale, mitigation measures must include those within the first four categories, as the four others are not considered enough to reduce the risk, as displayed in Fig. 14.4. You should note, however, that you can still apply mitigation measures, such as elimination and substitution, to potential hazards initially evaluated with a low risk level, even though it is not required by the standard.

4.3 Integration, Validation and Monitoring

After conducting the initial analysis and applying risk mitigation measures, the final step is to analyze again the potential hazards by quantifying the risk parameters mentioned above, but this time taking into account the risk-reduction measures applied. New risk levels will be obtained, allowing the integration of the robotic system deployment.

After the integration comes the validation. This can be done with several methods, for example, (as suggested in ANSI/RIA R15.08 for IMRs, but valid for any robotic system):

  • visual inspection;

  • practical tests;

  • measurement;

  • observation during operation;

  • review of application-specific schematics, circuit diagrams and design material;

  • review of task-based risk assessment;

  • review of specifications and information for use.

A validation step can be, for example, measuring the real contact forces to see if the force and torque limits programmed in the power-and-force (PFL) limitation safety function make it possible to reduce the contact forces below the thresholds prescribed by ISO TS 15066 ISO (2016). Another example is to conduct safety stop tests to ensure that the response time of the stop safety function and that the robot stop time have both been taken into account during the calculation for the positioning of virtual barriers (presence detected by proximity sensors close to the robot workspace).

The continuous monitoring of the system by the users is then needed to reevaluate the risk with new information gathered from experience feedback (incidents, close calls, etc.).

5 Cobots

While the term cobots, created from collaborative robots, can be dated back to 1996 (Colgate & Peshkin, 1997), the idea of robots collaborating with humans in close proximity has been around for much longer, as can be seen in various works of science fiction. However, in reality, robots have been far more often operating in human-free environment for safety reasons. Nowadays, with technological advancements in robotics, cobots are becoming more prevalent, notably in industrial settings. There are many advantages with cobots, including reducing the space used by the robot (no physical isolation) and partially automating tasks which still require a human participation. Because of their close proximity to human workers while performing various tasks, a safe deployment is even more critical. The ISO/TS 15066, previously mentioned in this chapter, focuses on collaborative robots.

5.1 Human-Robot Collaboration

The literature provides various categories of human-robot collaborative tasks. In this chapter, we will consider the three following categories:

  • direct collaboration—the operator and the robot work simultaneously on a task;

  • indirect collaboration—the operator and the robot work alternately on a task;

  • shared workspace—the operator and the robot work on distinct tasks for which they may need to share the same workspace.

5.2 Types of Collaborative Operation Methods

The classification of collaborative tasks with regards to the safety requirements can be divided into three types, detailed below, according to ISO/TS 15066.

  1. 1.

    Hand guiding; The operator manually send commands to the cobot: before the operator enters the collaborative workspace, the robot system achieves a safety-rated monitored stop (drive power remains on); operator grasps hand-operated device (includes an enabling device), activating motion/operation. Non-collaborative operation resumes when the operator leaves the collaborative workspace. Applications: robotic lift assist, highly variable applications, limited or small-batch production.

  2. 2.

    Speed and separation monitoring; Operator and robotic system may move concurrently in the collaborative workspace: a minimum separation distance between the operator and the cobot must be maintained at all times for safety. Protective devices are required to decrease the minimum separation distance. Speed is lowered (safety-rated) to keep minimum separation distance. If separation distance falls below the established threshold, a protective stop is required. Applications: simultaneous tasks, direct operator interface.

  3. 3.

    Power-and-force limiting; In this mode, physical contact between the cobot/workpiece and the operator is possible, either intentionally or unintentionally: the cobot must be specifically designed for this mode to take into account potential contacts and the corresponding forces must be limited. The contact (quasi-static/pressure or transient/dynamic) must be detected by sensors and the cobot must react when it occurs. Applications: small or highly variable applications, conditions requiring frequent operator presence.

You can find a fourth type in the literature, called safety-rated monitored stop. However, in the new version of ISO 10218-1, which will be published in 2022, it will no longer be considered a type of collaborative operation. It is defined as a direct interaction between the cobot and the operator under specific circumstances, which include a safety-rated stop condition. Before the operator enters the “collaborative” workspace, the drive power remains on, motion resumes after the operator leaves the workspace (cobot motion resumes without additional action). Protective stop is triggered if a stop condition (to configure) is violated. If the operator is outside the workspace but inside the monitored space, there is no need to stop the robot. The robot can continue to operate as long as a space monitoring safety feature is in place that prevents the robot from exiting its workspace. The potential applications include direct part loading or unloading to the end-effector (tool of the robotic arm), work-in-process inspections, when the robot or the operator moves (not both) in the same workspace, etc. However, keep in mind that it will no longer be considered a collaborative operation according to the new ISO terminology.

5.3 Hazards Inherent to Cobots

Beyond the risks and potential dangerous phenomena detailed earlier in this chapter, some are more specific to cobots. Obviously, the close proximity to humans is a common source for many of them, but some are linked to the task itself. A non-exhaustive list is detailed below, as well as corresponding mitigation measures:

  • physical risks: collisions, crushing, jamming, repetitive impacts, tool used by the robot risk mitigation \(\longrightarrow \) lightweight robot, rounded surfaces, safe speed limitation, safe force and power limitation, training

  • psycho-social risks: isolation, pace difficult to follow by the operator, work transformation risk mitigation \(\longrightarrow \) improving the working conditions of workers

  • risks of musculoskeletal disorders: high repetitivity, excessive efforts, high precision required, inadequate posture that may be required for extended periods of time risk mitigation \(\longrightarrow \) arranging workstations to respect the comfort zones, using appropriate handling techniques, optimizing lighting, choosing the right tools.

5.4 Risk Assessment and Mitigation Measures for Collaborative Applications

The risk assessment with collaborative robots is similar to the process presented earlier in this chapter. It differs by the different measures to be applied and added conditions that must be assessed, as detailed in ISO/TS 15066. Indeed, you will remember that the categories preferred for mitigation measures to obtain an inherently safe design where elimination, substitution and limiting interaction. In the case of cobots, this will translate into reduced energy, robots’ surfaces made of compliant materials, modified tasks, etc. Therefore, a contact between the robot and the operator is still possible, as we mentioned above in power-and-force limiting mode, and you will have to make sure that it will not result in an injury. This is done by:

  • identifying conditions for such contact to occur;

  • evaluating risk potential for such contacts;

  • designing robot system and collaborative workspace so contact is infrequent and avoidable;

  • considering operator body regions, origin of contact event, probability or frequency, type (quasi-static or transient), forces, speeds, etc.

You must prevent contact over the shoulders, and shall avoid any of the robot motion above this level. Considering it may not always be realistic, experts on the standardization committee working on ISO 10218 update are proposing to replace the verb “shall” with “should,” still strongly encouraging to keep the robot’s movements below head level.

For other contacts, ISO/TS 15066 contains specifications on the onset of pain, as shown in Fig. 14.6, as well as transient contact speed limits. An example of risk mitigation in a power-and-force limiting operation is illustrated in Fig. 14.7. Here, we first (1) eliminated pinch and crush points, then (2) we reduced robot system inertia or mass and (3) we reduced robot system velocity. Finally, to reduce the risk of potential injuries, (4) we modified the robot posture such that contact surface area is increased and (5) moved away from sensitive upper body parts.

Fig. 14.6
figure 6

Study of the pain onset regarding collaborative operation (adapted from ISO/TS 15066)

Full size image
Fig. 14.7
figure 7

Risk mitigation in a power-and-force limiting operation (adapted from ISO/TS 15066): a before risk mitigation, b after risk mitigation

Full size image

6 Mobile Robots

Mobile robots used in an industrial setting, which include AGVs and AMRs, usually operate alongside operators and other workers in a shared environment. These robots fall under the scope of the ANSI/RIA R15.08. The latter refers to several other standards for particular items relevant to mobile robots. For example, regarding wireless communication, ANSI/RIA R15.08 refers to NFPA 79, IEC 60204-1 and IEC 62745 for specifications that are recommended. This is a critical component, as a mobile robot that does not react fast enough to an order sent by an operator could have catastrophic consequences, such as a collision.

By definition, mobile robots are not located within a caged environment with barriers. Therefore, with mobile robots such as AGVs, collisions must be avoided by safety functions. The robot must be equipped with safety sensors which are able to detect obstacles, including an operator. The robot must have rules to adapt its speed (safety speed monitored by a safety function) and changes its course according to the detected obstacle. If the distance between the mobile robot and the operator drops below a threshold value, a safety stop must be triggered.

6.1 Hazards Inherent to Mobile Robots

The risks posed by hazards identified in the previous sections are multiplied by the presence of the other workers that are not operating the robot while still sharing the same environment. Indeed, we moved from caged industrial robots which should not share their workspace with anyone except on rare occasions to collaborative robots which can share theirs with a limited number of operators to mobile robots with a quasi unlimited workspace. Therefore, making sure everyone is aware of the presence of mobile robots in certain areas is critical, and the capability of IMRs to detect potential dangers (to themselves and others) surrounding them is even more important.

6.2 UAV Operations

Unmanned aerial vehicles (UAVs) are a specific type of mobile robots that falls in a different category with respect to the danger they may present. From teleoperation to fully autonomous flights, the risk of not detecting an obstacle (either by the operator or by the onboard sensors) can have fatal consequences. Several commercial UAVs weights more than 1kg and can harm a person under its fall. Because of the level of danger, and inspired from the aviation field, UAVs safety standards are rather in the form of regulations. However, as UAVs become more commonly used, policy makers are struggling to keep up. A lot of countries have develop regulations (FAA, 2021; Transport Canada, 2019), but without much international cohesion. Regulations can vary, including the maximum height to which aircrafts are able to fly to, the areas they are permitted, the distance they can go to buildings and whether or not identity tags are necessary. In the vast majority of cases, UAVs should only be flown while they are still visible to the pilot. Most countries have structured their regulations with regards to the position of the individual, for instance:

  • UAV pilot—follow training sessions, read the device manual, check the weather and flight zone, etc.;

  • UAV owner—register the UAV and ensure its maintenance;

  • UAV manufacturer—provide the documentation to prove its safety;

  • piloting school—provide the documentation to demonstrate the quality of their curriculum.

6.3 Battery Hazards

Batteries are by their nature one of the most frequent hazards to generate incidents. This is the reason for the severe regulations on their transport, notably on airplanes.Footnote 4 Moreover, with the rapid increase in the number of hybrid and electrical vehicles on the road, as well as the number of mobile robots in operation, risks related to batteries are becoming more frequent. Considering the ever increasing power density of these batteries and their decreasing cost, they should not be taken lightly, quite the contrary. Regarding the standards related to batteries, you can consider, for example, the ISO 26262 on road vehicle for some guidelines, especially regarding the literature focusing on the compliance of batteries (and related systems) to this standard (Tiker, 2017). You can look as well into standards such as the IEC 62133. Globally, as proposed by Ashtiani (2008), we can categorize hazards related to batteries in four categories:

  • electrical (short-circuit, overcharge, soft short);

  • thermal (fire, elevated temperature);

  • mechanical (crush, perforation, drop);

  • system (contactor fail to close, loss of high voltage continuity, chassis fault).

Furthermore, hazard identification and, more generally, the risk assessment of a robotic system with batteries, must consider their full, but limited, life cycle. Indeed, a system initially safe may become dangerous without any human intervention only because the battery has reached its end-of-life. Moreover, even if the robot is not in operation, not powered up or the battery not even installed, there are potential hazards. The risk assessment and mitigation does not end with the robot in operation, as its spare parts such as batteries must be safely kept in storage. You must therefore also consider the charging process of the battery in your risk assessment as well. Manufacturers’ manual are obviously a good starting point regarding potential hazards and mitigation measures. Otherwise, there is an extensive literature on this topic to help you. For example, Ouyang et al. (2019) listed several countermeasures related to thermal hazards.

6.4 Risk Assessment and Mitigation Measures for Mobile Robots

As means of mitigating risks with mobile robots, you will find and implement first safety devices (sensors) which detect operators or any other human being in close proximity of the robot. Safe speed limitation functions and safety stop functions capable of stopping the robot before the collision will be used. Otherwise, here you can find a list of other potential risk mitigation measures intended for mobile robots:

  • keeping the batteries at a good level of charge or else completely change the battery;

  • ensuring a safe form factor of the robot;

  • stable ground surface for the robot;

  • automatic brake when the robot loses control;

  • reducing administrative staff on the site;

  • supervision of the workers’ movement by a site supervisor;

  • pedestrian traffic plan indicating traffic lanes, road markings;

  • reversing alarms;

  • sensitive bumpers for presence detection;

  • permanent lighting on-site allowing easier and safer motion of the robot;

  • road signs.

The validation step at the end of the risk assessment and mitigation process for mobile robots is particularly important, as they operate in unstructured environments. Therefore, the ANSI/RIA R15.08 recommends using test pieces representing adult humans instead of human subjects when conducting tests. The standard guidelines also mention that the test pieces “shall be tested in a number of orientations reflecting persons who are standing, sitting, kneeling, or lying prone.” Finally, other obstacles and hazards you may need to test include

  • overhanging objects;

  • negative obstacles (e.g., floor grates, potholes, or steps);

  • transparent objects (e.g., glass doors or acrylic walls);

  • chain-link fences;

  • narrow support columns (e.g., shelf or table legs, sign posts, or ladders);

  • reflective and retroreflective surfaces.

7 Chapter Summary

In this chapter, we looked into the deployment of a new robotic system from the safety point-of-view. We went over some definitions, the major standards organizations, and some of their relevant standards. We then introduced the concept of risk assessment and mitigation, notably based on the standards discussed previously. We finally tackled briefly elements specific to collaborative robots, cobots and mobile robots regarding safety, focusing mostly on their differences with industrial robotic systems and particular risk mitigation measures.

8 Revision Questions

Question #1

True or false: personal protection equipment can be used alone to mitigate any level or risk.

Question #2

True or false: with cobots, safety stop functions cause the robot to stop once the operator enters the hazardous area and an automatic restart resumes its operation when they exit that area.

Question #3

With conventional industrial robots (i.e., fixed base), the perimeter fence can be made oh rigid panels having a minimal height of:

  1. 1.

    1.5 m;

  2. 2.

    1.8 m;

  3. 3.

    2.0 m;

  4. 4.

    1.0 m.

Question #4

In a warehouse, a rover is equipped with sensors to compute its path and a 6-DOF serial manipulator to perform pick-and-place tasks simultaneously with an operator. This robotic system falls within which category (more than one answer possible):

  1. 1.

    IMR;

  2. 2.

    AVG;

  3. 3.

    AMR;

  4. 4.

    cobot.

9 Further Reading

As mentioned at numerous places in this chapter, before deploying a new robotic system, you should always read the appropriate standards and technical specifications beforehand. While not directly addressed in this chapter, safety with personal-care robots has also been studied in the literature (Salvini et al., 2021) and falls under ISO 13482:2014 (2014). We can also mention ISO 18646:2021 (performance criteria and related test methods) and ISO 22166-1:2021 (modularity) on service robots (ISO, 2021a, b).