Two Frameworks, One Goal: Understanding the Standards Landscape
Industrial machine guarding systems must meet one of two internationally recognised functional safety certification frameworks: Safety Integrity Level (SIL), governed by IEC standard 62061, or Performance Level (PL), governed by ISO standard 13849-1. Both frameworks exist to ensure that safety-related control systems on machinery — including guards, interlocks, light curtains, and emergency stops — are designed and verified to reduce risk to an acceptable level. The choice between them depends primarily on the technology type, the complexity of the safety function, and the regulatory environment in which the machine will operate.
The two standards emerged from different traditions. ISO 13849 evolved from the earlier EN 954-1 standard, which used a purely structural, category-based approach to machine safety. IEC 62061 was developed as part of the broader IEC 61508 functional safety family, bringing a more rigorous probabilistic methodology to the machinery sector. In 2010, the two standards were formally harmonised, meaning that compliance with either is accepted as equivalent under the European Machinery Directive and its successor, the Machinery Regulation (EU) 2023/1230, as confirmed by ISO.
Understanding which framework applies — and when both may be used together — is a foundational competency for R&D engineers, safety system designers, and IP professionals working in the industrial automation sector. The patent landscape for machine safety systems is categorised under specific CPC codes including B23Q11, G05B9, and F16P3, which are used by examiners at both the USPTO and the EPO to classify safety controller and guarding inventions.
IEC 62061 and ISO 13849-1 are harmonised under the European Machinery Directive and its successor Machinery Regulation (EU) 2023/1230. Compliance with either standard is accepted as equivalent, and their safety levels can be directly mapped: PL e = SIL 3, PL d = SIL 2, PL c = SIL 1.
How SIL Certification Works Under IEC 62061
IEC 62061 defines Safety Integrity Level as a discrete measure of the safety integrity of a safety function, with three levels applicable to machinery: SIL 1, SIL 2, and SIL 3, where SIL 3 represents the highest achievable integrity for machinery applications. (SIL 4 exists in the parent standard IEC 61508 but is excluded from the machinery scope of IEC 62061.) Each SIL level corresponds to a target range for the Probability of Dangerous Failure per Hour (PFHd) — the core quantitative metric that expresses how likely a safety function is to fail dangerously within any given hour of operation.
Safety Integrity Level (SIL) is defined by IEC 62061 and applies specifically to electrical, electronic, and programmable electronic safety-related control systems on machinery. IEC 62061 defines three SIL levels for machinery (SIL 1, SIL 2, SIL 3), where SIL 3 requires a Probability of Dangerous Failure per Hour (PFHd) below 10⁻⁷.
The SIL determination process under IEC 62061 begins with a risk assessment that produces a Safety Integrity Requirement (SIR) for each safety function. Engineers then design the Safety-related Control System (SCS) — which may include sensors, logic controllers, and actuators — and calculate the achieved PFHd by summing the failure rate contributions of each subsystem. The standard provides detailed guidance on architectural constraints, systematic capability requirements, and the treatment of common cause failures (CCF).
A key feature of IEC 62061 is its focus on the full Safety-related Control System as a functional unit, rather than assessing individual components in isolation. The standard requires manufacturers to document the Safety Function Specification (SFS), define subsystem interfaces, and demonstrate that systematic failures — including software errors in programmable safety controllers — are controlled through structured development processes. This makes IEC 62061 the preferred framework for complex programmable safety systems, including those using safety PLCs from manufacturers such as Pilz GmbH and Rockwell Automation.
“IEC 62061 requires the full Safety-related Control System to be assessed as a functional unit — not just individual components — making it the preferred framework for complex programmable safety controllers in industrial machine guarding.”
How Performance Level Certification Works Under ISO 13849
ISO 13849-1 defines Performance Level as a discrete level used to specify the ability of safety-related parts of a control system (SRP/CS) to perform a safety function under foreseeable conditions. Five performance levels are defined — PL a through PL e — where PL e represents the highest safety integrity and PL a the lowest. Unlike SIL, which is purely probabilistic, PL determination under ISO 13849 combines three parameters: the structural Category of the safety architecture (Categories B, 1, 2, 3, or 4), the Mean Time to Dangerous Failure of each channel (MTTFd), and the Diagnostic Coverage (DC) of the system.
Performance Level (PL) under ISO 13849-1 is determined by combining three parameters: the structural Category (B, 1, 2, 3, or 4) of the safety architecture, the Mean Time to Dangerous Failure (MTTFd) of each channel, and the Diagnostic Coverage (DC). This semi-quantitative approach applies to mechanical, hydraulic, pneumatic, and electrical control systems — not only programmable electronic systems.
The Category system inherited from EN 954-1 describes the structural behaviour of the safety circuit in the presence of a fault. Category B is the baseline — a single channel with no fault detection. Category 1 adds the requirement for well-tried components. Category 2 introduces periodic testing. Categories 3 and 4 require dual-channel architectures capable of detecting and tolerating single faults, with Category 4 additionally requiring that accumulation of undetected faults does not lead to loss of the safety function. This structural approach makes ISO 13849 particularly well-suited to mechanical, hydraulic, and pneumatic safety systems, where purely probabilistic failure data may be limited.
The Required Performance Level (PLr) is determined through a risk assessment process defined in ISO 13849-1 Annex A, which considers the severity of injury, frequency of exposure, and the possibility of avoiding the hazard. The PLr output is one of five levels (a–e), and the designer must demonstrate that the achieved PL of the safety function meets or exceeds the PLr. ISO 13849-1 is supported by ISO 13849-2, which provides validation requirements and lists well-tried safety principles for mechanical, pneumatic, hydraulic, and electrical components.
Explore patent filings from Pilz, Sick AG, and Rockwell Automation across machine safety CPC codes with PatSnap Eureka.
Search Machine Safety Patents in PatSnap Eureka →SIL vs PL: Where the Frameworks Diverge and Converge
The most fundamental difference between SIL (IEC 62061) and Performance Level (ISO 13849) lies in their quantification methodology. SIL is a purely quantitative framework: the achieved safety integrity is expressed entirely as a PFHd value, calculated from failure rate data for every component in the Safety-related Control System. Performance Level is semi-quantitative: it combines the structural Category — a qualitative architectural requirement — with quantitative MTTFd and DC data to arrive at a PL designation from a look-up table in ISO 13849-1 Annex K.
IEC 62061 (SIL) and ISO 13849-1 (Performance Level) are harmonised so that their safety levels map directly to each other: PL e corresponds to SIL 3, PL d corresponds to SIL 2, and PL c corresponds to SIL 1. This mapping allows engineers to combine subsystems assessed under both frameworks within a single machine while maintaining overall safety integrity.
Scope Differences
IEC 62061 is explicitly scoped to electrical, electronic, and programmable electronic (E/E/PE) safety-related control systems. It does not cover non-electrical technologies. ISO 13849-1, by contrast, applies to safety-related parts of control systems regardless of technology — mechanical, pneumatic, hydraulic, electrical, and electronic systems all fall within its scope. This broader technology coverage makes ISO 13849 the more commonly applied standard for legacy machinery, hydraulic presses, and pneumatic guarding systems where non-electrical components form part of the safety function.
Architectural Requirements
Both standards impose architectural constraints on higher-integrity safety functions. Under IEC 62061, the Hardware Fault Tolerance (HFT) requirement increases with SIL level: SIL 2 and SIL 3 functions generally require redundant (dual-channel) architectures. Under ISO 13849, Category 3 and Category 4 architectures require dual-channel designs with cross-monitoring. The practical result is similar — high-integrity machine guarding systems such as Category 4 / PL e / SIL 3 safety light curtains and interlocking guards will typically use dual-channel safety relay or safety PLC architectures from manufacturers including Sick AG and Pilz GmbH.
PL e = SIL 3, PL d = SIL 2, PL c = SIL 1. This mapping, established during the 2010 harmonisation of IEC 62061 and ISO 13849-1, allows engineers to design hybrid systems where, for example, a sensor subsystem is assessed under ISO 13849 (PL d) and a programmable logic controller is assessed under IEC 62061 (SIL 2), with the combined system validated against a single safety integrity target.
Common Cause Failure Treatment
Both standards require assessment of Common Cause Failures (CCF) — failures that affect multiple channels of a redundant system simultaneously due to a shared root cause such as a design error, environmental stress, or manufacturing defect. IEC 62061 addresses CCF through a scored checklist approach in Annex F, assigning a CCF score based on measures such as separation, diversity, and environmental testing. ISO 13849-1 uses a similar scored checklist in Annex F, with a minimum score of 65 points required for Categories 3 and 4 architectures. The methodologies differ in detail but converge on the same engineering principles.
Map the full competitive patent landscape for functional safety controllers and machine guarding systems using PatSnap Eureka.
Explore Functional Safety Patent Data in PatSnap Eureka →Patent Classification and the Machine Safety Innovation Landscape
For IP professionals and R&D teams conducting freedom-to-operate analyses or competitive landscape reviews in the machine safety domain, understanding the relevant patent classification codes is essential. Machine guarding and safety control system inventions are primarily classified under three CPC code families: B23Q11 (safety devices for machine tools), G05B9 (fail-safe control systems), and F16P3 (safety devices for machinery in general). These codes are used by patent examiners at the EPO and the USPTO to categorise inventions relating to interlocking guards, safety light curtains, safety relays, programmable safety controllers, and emergency stop systems.
Machine safety guarding patent inventions are primarily classified under CPC codes B23Q11 (safety devices for machine tools), G05B9 (fail-safe control systems), and F16P3 (safety devices for machinery). Prominent patent assignees in this space include Pilz GmbH, Sick AG, Rockwell Automation, and organisations certified by TÜV Rheinland. Targeted searches using assignee names alongside these CPC codes yield the most comprehensive landscape coverage.
Prominent assignees in machine safety patent filings include Pilz GmbH (safety controllers and safety relays), Sick AG (safety light curtains, laser scanners, and interlocking devices), and Rockwell Automation (programmable safety controllers and safety I/O modules). Third-party certification bodies such as TÜV Rheinland do not typically file patents but play a central role in the certification ecosystem by auditing safety systems against IEC 62061 and ISO 13849 requirements. Academic and standards-adjacent literature on functional safety for machine guarding appears in journals including Reliability Engineering & System Safety and Safety Science.
For researchers and engineers seeking to build a comprehensive evidence base on SIL and PL certification innovations, the recommended search strategy combines assignee-focused queries with CPC code filters. Pairing B23Q11 with assignee names such as “Pilz” or “Sick” will return the most relevant patent families. Adding IPC code F16P alongside G05B9 broadens coverage to include guarding hardware innovations beyond electronic control systems. Literature database queries referencing IEC 62061, ISO 13849-1, or EN ISO 13849-2 directly will surface peer-reviewed validation studies and standards-implementation research not captured in patent filings alone.
“A targeted patent search combining CPC codes B23Q11, G05B9, and F16P3 with assignee filters for Pilz, Sick AG, and Rockwell Automation provides the most comprehensive coverage of the machine safety guarding innovation landscape.”
The intersection of functional safety standards and patent strategy is increasingly important as machine builders face pressure to comply with the updated Machinery Regulation (EU) 2023/1230, which replaces the Machinery Directive 2006/42/EC. New requirements for collaborative robots, autonomous mobile robots, and AI-assisted machinery are expected to drive a new wave of SIL- and PL-related patent filings in the coming years, particularly in the G05B and B25J CPC code families covering robotic systems and manipulators.