ISO 13849 PLe Cobot Certification — PatSnap Eureka
ISO 13849 PLe Certification for Collaborative Robot Force-Limiting Functions
Achieving ISO 13849 Performance Level e for cobot force-limiting demands dual-channel sensor hardware, independent safety controllers, and biomechanically validated thresholds. This page synthesizes patent evidence from 50+ documents filed by Universal Robots, KUKA, Denso Wave, Fanuc, and others to guide your PLe certification strategy.
Why ISO 13849 PLe Demands Independent Dual-Channel Hardware
ISO 13849 Performance Level e — the highest achievable category under ISO's machinery safety framework — requires a Category 4 structure with a mean time to dangerous failure (MTTFd) exceeding 2300 years per channel, diagnostic coverage of at least 99%, and full immunity to common-cause failures (CCF). For collaborative robot force-limiting functions, this means force measurement must be performed by a safety-rated subsystem that is entirely independent of the process controller.
Universal Robots' core architecture — described in its 2022 patent family — places two independent position sensors in each joint: one measuring the gear input side, one measuring the output side. Both channels are processed through separate computation paths, and tool force limits are derived by projecting predicted joint torques into Cartesian space. This dual-encoder approach catches both encoder failure and mechanical transmission faults simultaneously, directly enabling the ≥99% DC demanded at PLe.
The PatSnap IP Analytics platform allows safety engineers to map the full patent landscape for Category 4 cobot architectures across all major jurisdictions, identifying freedom-to-operate risks and design-around opportunities before committing to a hardware architecture. Regulatory context for these requirements is maintained by ISO and cross-referenced with the EU Machinery Directive and OSHA collaborative robot guidance.
Critically, the safety controller hardware must be physically distinct from the process controller. Universal Robots' 2025 scalable safety system patent elaborates this by placing all safety evaluation on separate hardware that reads diverse sensor signals independently — ensuring process software faults cannot propagate into the safety decision path, the structural requirement of ISO 13849 Category 4.
Filing Activity & PLe Technical Requirements — By the Numbers
Patent filing counts by leading assignees in PLe-oriented collaborative robot force-limiting technology, drawn from 50+ documents across five jurisdictions.
Patent Families by Assignee — ISO 13849 PLe Cobot Force-Limiting
Denso Wave leads in safety parameter management tooling (6+ families); Universal Robots leads in safety architecture filings (5+ families).
PLe Architecture Compliance — Five Technical Dimensions
Sensor Redundancy and Controller Independence are the highest-evidence dimensions; Biomechanical Validation has the fewest dedicated patent families.
Adaptive Force Limit Management — Maintaining PLe Across Operating Modes
Static limits cannot cover real collaborative tasks where contact forces vary legitimately across work phases. ISO 13849 permits multiple operating modes provided each transition is controlled by a safety-rated function.
Safety-Controller-Managed Limit Transitions
Basic software defines normal safety limit values (default force, speed, momentum ceilings), while process software may associate alternative limits with process-specific values. Critically, only the safety controller — not the process controller — activates whichever limit set is currently active and triggers violation-stop mode autonomously. The decision-making path is independent of process software, preserving architectural integrity for PLe. This framework is described in the patent A robot arm safety system with run-time adaptable safety limits.
Safety controller manages all transitionsDual-ESM Parallel Monitoring — No Single-Failure Hazard
KUKA's multi-ESM approach activates multiple Extended Safety Monitoring functions (ESM1, ESM2) simultaneously. A safety response — STOP Category 0 — is triggered only when both monitoring functions are simultaneously violated (e.g., force |F| > 10 N AND speed |v| > 1 m/s). Process software continuously adjusts target force Fd and velocity vd to remain within the active ESM envelope. No single monitoring function failure alone can lead to an undetected hazardous state — a formal requirement of Category 4 under ISO 13849.
F > 10 N AND v > 1 m/s triggers STOP Cat. 0Residual-Force Collision Detection for PFL Applications
In PFL collaborative applications, the robot may intentionally receive expected forces from a human operator or workpiece — which must be distinguished from unintended contact. Suzhou Elite's method establishes a dynamics model computing theoretical operating parameters, subtracts predicted expected forces, and compares the residual against safety thresholds covering tool force, elbow force, joint torque, power, and momentum. This residual-based approach prevents both false stops from intended contact and missed detections of genuine collisions.
Residual force comparison across 5 parametersAutomatic Spatial Safety Configuration by Contact Type
ABB's method distinguishes between constrained contact zones (clamping/squeezing, where static force limits apply) and unconstrained zones (free-impact, where kinetic energy or momentum limits are more relevant), automatically assigning different safety parameter profiles to each workspace region. This spatial differentiation is critical to ISO/TS 15066 compliance, which specifies different biomechanical limits for transient and quasi-static contact, and maps directly onto the PLr determination step of ISO 13849's risk graph. Explore related analytics on the PatSnap Analytics platform.
Constrained vs. unconstrained zone auto-configScene-Based Safety Configuration, Validation, and Systematic Failure Prevention
Incorrect safety parameter settings are themselves a systematic failure mode. ISO 13849 addresses this through software category requirements and validation obligations — and leading assignees have built dedicated tooling to suppress parameterization errors.
Deriving Defensible Force Thresholds for PLe-Certified Functions
Determining the correct force threshold values to enter into PLe-certified safety functions requires a defensible biomechanical risk assessment. These patent-based methodologies provide the quantitative inputs needed for ISO/TS 15066 and ISO 13849 PLr determination.
3D Geometry-Based Collision Evaluation (Kyung Hee University, 2021)
The method acquires 3D geometry and mass distribution of the robot, inputs motion profiles, and at regular time intervals computes collision pressure and collision force as a function of effective mass, speed, and direction at each injury-risk body region. A maximum safe speed at which collision parameters satisfy preset force and pressure limits is then calculated — providing the quantitative inputs needed for the force threshold configuration step of any PLe system. Referenced by WHO injury classification frameworks.
Intrinsic Safety Coupling Matrix (Chinese Academy of Sciences, 2021)
This method constructs a coupling matrix between working performance indices and safety performance indices — including static force, clamping force, impact force, and contact pressure — identifying where agility (end speed) and payload couple negatively with safety metrics. This formal coupling analysis enables engineers to set speed and force limits that simultaneously maximize productive capability and remain within biomechanical limits derived from human injury thresholds.
Integrated Collision Risk Assessment Framework (Fraunhofer, 2024)
An evaluation module reads command data and machine parameters, determines hazards using stored hazard profiles, classifies hazard severity, and either outputs risk-reduction actions for user confirmation or issues direct warnings. This structured hazard assessment process mirrors the ISO 13849 risk estimation procedure (severity × frequency × avoidability) and can generate auditable evidence for the PLr determination required before certifying any safety function. PatSnap's life sciences solutions apply similar risk frameworks to medical device safety.
Dynamic Collision Threshold Adjustment (Rainbow Robotics, 2026)
The method calculates a body-collision risk level using predicted force/pressure versus preset limit values, then adjusts the collision detection threshold dynamically based on that risk level. By tightening detection sensitivity in high-risk configurations and relaxing it in low-risk phases, the system maintains a consistent overall probability of dangerous failure — a key metric in the PLe PFHd (probability of dangerous failure per hour) calculation mandated by ISO 13849.
Seven Critical Requirements for ISO 13849 PLe Compliance in Cobot Force-Limiting
Based on the 50+ patent documents surveyed, achieving PLe for collaborative robot force-limiting functions requires addressing all four technical clusters simultaneously: hardware redundancy, controller independence, adaptive limit management, and biomechanical threshold derivation. Failure in any one cluster prevents PLe certification regardless of performance in the others.
The PatSnap customer base includes safety engineers and IP leads at robotics OEMs who use Eureka to track competitor filings and identify design-around paths before architecture decisions are locked. For cobot manufacturers navigating PLe, the patent landscape is dense — Universal Robots alone has five distinct families covering runtime-adaptive safety limits and scalable safety system architectures.
For R&D teams building PLe-compliant systems, the PatSnap Trust Center documents data security and IP protection practices for enterprise users handling sensitive safety architecture data. Developers integrating patent data into internal safety toolchains can access structured data via PatSnap Open API.
ISO 13849 PLe Cobot Force-Limiting — Key Questions Answered
The foundational requirement for ISO 13849 PLe in a force-limiting function is hardware redundancy and independence between measurement channels. Universal Robots deploys two independent position sensors per joint — one on the gear input side and one on the output side — with both channels processed through separate computation paths. The safety controller must be placed on hardware distinct from the process controller, ensuring that process software faults cannot propagate into the safety decision path.
ISO 13849 Performance Level e represents the highest achievable category (Category 4, PL e) for safety-related control system parts, requiring a mean time to dangerous failure (MTTFd) greater than 2300 years per channel, a diagnostic coverage (DC) of 99% or higher, and immunity to common-cause failures (CCF).
ISO 13849 permits the required Performance Level to be met across multiple operating modes provided each mode transition is itself controlled by a safety-rated function. In Universal Robots' architecture, only the safety controller may activate process-value limits, and the violation-stop decision is made autonomously — preserving PLe integrity across operating modes. The safety controller's decision-making path is independent of process software.
KUKA's dual-ESM architecture activates multiple Extended Safety Monitoring functions simultaneously. A safety response such as STOP Category 0 is triggered only when both monitoring functions are simultaneously violated — for example, force greater than 10 N AND speed greater than 1 m/s. This ensures that no single monitoring function failure alone can lead to an undetected hazardous state, a formal requirement of Category 4 under ISO 13849, while eliminating unnecessary stops.
Setting safety parameters incorrectly is itself a systematic failure mode that ISO 13849 addresses through software category requirements and validation obligations. Biomechanical evaluation methods — such as computing collision pressure and force as a function of effective mass, speed, and direction at each injury-risk body region — provide the quantitative inputs needed to populate PLe-certified force thresholds with defensible values aligned with ISO/TS 15066.
A dual-channel collision detection device integrated into the tool itself, connected to a safety-rated PLC, achieves PLe by ensuring that contact forces at the most hazard-relevant point — the tool-workpiece interface — are monitored through a dual-channel path entirely separate from the joint-level safety system. ZKW Group's patent explicitly cites EN ISO 13849 and EN ISO 10218 as the governing standards for this end-of-arm architecture.
Still have questions about ISO 13849 PLe cobot certification? Let PatSnap Eureka search the patent record for you.
Ask Eureka About PLe ComplianceAccelerate Your ISO 13849 PLe Certification Strategy with AI-Powered Patent Intelligence
Join 18,000+ innovators already using PatSnap Eureka to accelerate their R&D. Search 50+ PLe cobot force-limiting patents, map competitor architectures, and identify design-around opportunities — all in one platform.
References
- Industrial robot with safety function and method for its safety control — Universal Robots, 2022
- Scalable safety system for robotic systems — Universal Robots, 2025
- Scalable safety system for robotic systems — Universal Robots (KR), 2021
- A robot arm safety system with run-time adaptable safety limits — Universal Robots, 2022
- Robot arm safety system with runtime adaptive safety limits — Universal Robots (KR), 2025
- Robotic systems and methods for monitoring them — Universal Robots, 2024
- Method and system for controlling a robot arrangement — KUKA Deutschland, 2019
- Method and system for controlling a robot arrangement — KUKA Deutschland, 2018
- Robot Control System — Denso Wave, 2025
- Robot control system — Denso Wave (CN), 2024
- Setting support device and setting support program — Denso Wave, 2024
- Simulation device and simulation program — Denso Wave, 2024
- Robot control system — Denso Wave, 2024
- Robot Control Device, Robot System, and Robot Control Method — Fanuc, 2025
- Controller of robot, robot system, and control method of robot — Fanuc, 2024
- Method for setting force control parameter in robot work, robot system, and computer program — Seiko Epson, 2023
- Methods for improving robot safety and methods for evaluating safety — Kyung Hee University, 2021
- Methods for improving robot safety and methods for evaluating safety — Kyung Hee University (KR), 2021
- Tools for collaborative robots, robots with tools fixed thereon, and anti-collision methods — ZKW Group, 2024
- Method for automatically setting safety function configurations for robot devices — ABB Switzerland, 2025
- An intrinsic safety design method for collaborative robots — Chinese Academy of Sciences, 2021
- Integrated collision risk assessment between robotic devices and human operators — Fraunhofer, 2024
- A method for force collaboration between a robot and an external object, and a collaborative robot — Suzhou Elite Robot, 2021
- Method of detecting collision for robot and apparatus for performing the same — Rainbow Robotics, 2026
- Safety System Interface and Material Testing System Having Safety System Interface — Illinois Tool Works, 2024
- Method for operating a robotic device and robotic device — Kuka, 2018
- ISO 13849-1:2015 — Safety of machinery: Safety-related parts of control systems — International Organization for Standardization
- OSHA — Collaborative Robot Safety Guidance — U.S. Occupational Safety and Health Administration
- EU Machinery Directive 2006/42/EC — European Commission
All data and statistics on this page are sourced from the references above and from PatSnap's proprietary innovation intelligence platform.
PatSnap Eureka searches patents and research to answer instantly.