Functional safety reduces the risk of injury and damage in the interaction between humans and technology. Certification-friendly modules and a dedicated hardware platform can simplify the development of safe, automated machines and systems.
Future topics such as autonomous vehicles or construction machinery would be completely unthinkable without functional safety.
(Image: Microsys)
*Engineer Peter Kemptner is an independent marketing service provider and specialist editor in Salzburg/Austria.
Devices, vehicles, machines, and systems are highly automated today, exchanging data and interacting with each other, sometimes completely autonomously. The Internet of Things accelerates this trend. Nevertheless, there is always direct or indirect interaction between humans and machines.
A crucial prerequisite for the use of automated systems is their safe operation. Therefore, functional safety (Functional Safety; short: Fusa) plays a central role in all technical sectors, from power plants and transport systems to industrial facilities, medical technology, and household and entertainment devices.
To reduce the risk of injuries and damage, Fusa must prevent malfunctions due to design, production, or documentation errors, operational exceptional situations, and misoperations, and put the system into a safe state. To minimize the risk of injury, machinery and equipment manufacturers restrict human access to the moving components of complex machines. A breach of protection by opening doors or covers, as well as activating an emergency stop switch, leads to the shutdown of the system.
Safer and more productive
For a long time, safety circuits were implemented through hard wiring in relay technology. These were completely independent of the control electronics and made it difficult to have flexible reactions beyond a sudden system shutdown. Additionally, their lack of flexibility made it difficult to modify or expand the protected systems. Increasingly complex machines and systems, often modularly constructed and changeable during operation, require a more differentiated response to various protection breaches. Moreover, it is not always simple to fence in machines or systems. This option is not available especially for mobile work machines or transport systems, while their increasing degree of automation raises the safety requirements for their control systems.
As a result, freely programmable safety controllers have now become standard. Along with these, advanced safety-oriented sensing technology forms the basis for both user-friendly and effective safety engineering. Devices such as 360° laser scanners and Time-of-Flight (ToF) cameras enable more secure detection of objects and people, serving as the foundation for the safe operation of Automated Guided Vehicles (AGVs) and Autonomous Mobile Robots (AMRs).
In modern Fusa concepts, data exchange with I/O modules, sensors, and actuators is carried out via data buses. In Ethernet-based networks, the Black-Channel principle is commonly applied, where potential sources of error in the transmission path are intercepted by safety data protocols. At the telegram level, for example, data is duplicated and protected by checksums or cryptographic measures. This allows messages to be confirmed and the transmission path to be periodically checked for function.
With safety more freedom
This allows safety-oriented controls and I/O modules for connecting sensors to be placed anywhere in the system. Additionally, today's electric drives offer numerous alternatives to mere shutdown with safety-oriented functions according to EN 61800-5-2, such as Safe Torque Off (STO), Safe Direction (SDI), Safe Limited Speed (SLS), and Safe Limited Acceleration (SLA).
The use of these softer mechanisms to protect personnel helps, among other things, to avoid damages caused by abrupt safety shutdowns. A safe state without complete shutdown facilitates setup operations and enabled the development of collaborative industrial robots, known as cobots. These are sufficiently safe to work hand in hand with human colleagues, even without separate protective devices.
Through the common bus, the non-safe control unit can also query the current state of the safety sensors. This allows for easy commissioning or diagnostics during fault conditions. Moreover, in the event of safety-related shutdowns, problematic plant conditions in the pre or post sequences can be prevented through appropriate process adjustments. A parametrizable and thus modifiable Fusa programming can also allow for needs-based changes to the configuration of modular machines or systems, enabling them to meet the challenges of Industry 4.0.
Safety through availability
While it is common practice for industrial machines and plants to bring them into a defined state with reduced hazard potential, such a state often does not exist at all in other applications. Consider an engine or control failure in a flying airplane, a brake failure in a train, or a steering malfunction in an automobile.
Date: 08.12.2025
Naturally, we always handle your personal data responsibly. Any personal data we receive from you is processed in accordance with applicable data protection legislation. For detailed information please see our privacy policy.
Consent to the use of data for promotional purposes
I hereby consent to Vogel Communications Group GmbH & Co. KG, Max-Planck-Str. 7-9, 97082 Würzburg including any affiliated companies according to §§ 15 et seq. AktG (hereafter: Vogel Communications Group) using my e-mail address to send editorial newsletters. A list of all affiliated companies can be found here
Newsletter content may include all products and services of any companies mentioned above, including for example specialist journals and books, events and fairs as well as event-related products and services, print and digital media offers and services such as additional (editorial) newsletters, raffles, lead campaigns, market research both online and offline, specialist webportals and e-learning offers. In case my personal telephone number has also been collected, it may be used for offers of aforementioned products, for services of the companies mentioned above, and market research purposes.
Additionally, my consent also includes the processing of my email address and telephone number for data matching for marketing purposes with select advertising partners such as LinkedIn, Google, and Meta. For this, Vogel Communications Group may transmit said data in hashed form to the advertising partners who then use said data to determine whether I am also a member of the mentioned advertising partner portals. Vogel Communications Group uses this feature for the purposes of re-targeting (up-selling, cross-selling, and customer loyalty), generating so-called look-alike audiences for acquisition of new customers, and as basis for exclusion for on-going advertising campaigns. Further information can be found in section “data matching for marketing purposes”.
In case I access protected data on Internet portals of Vogel Communications Group including any affiliated companies according to §§ 15 et seq. AktG, I need to provide further data in order to register for the access to such content. In return for this free access to editorial content, my data may be used in accordance with this consent for the purposes stated here. This does not apply to data matching for marketing purposes.
Right of revocation
I understand that I can revoke my consent at will. My revocation does not change the lawfulness of data processing that was conducted based on my consent leading up to my revocation. One option to declare my revocation is to use the contact form found at https://contact.vogel.de. In case I no longer wish to receive certain newsletters, I have subscribed to, I can also click on the unsubscribe link included at the end of a newsletter. Further information regarding my right of revocation and the implementation of it as well as the consequences of my revocation can be found in the data protection declaration, section editorial newsletter.
Such cases require a different form of safety, namely protection against system failure through high availability. This so-called fault tolerance is usually achieved through redundantly configured computer systems. This can range from a simple duplication of computing channels with information redundancy—both having access to input/output data—to multiple redundant-dissimilar systems with 5-15 control computers, featuring various fallback levels and emergency operating modes in the aviation sector.
Dissimilarity in computing channels is particularly sought after in applications with very high hazard potential, such as in aviation, but also for applications in the highest safety levels, SIL3 and SIL4, in industrial and railway applications. To address single-event upsets, memory errors, or particularly difficult-to-resolve error cascades, as well as common-cause failures, different processors are typically used in the redundant computing channels. This also protects against batch errors from a manufacturer, which must be considered when target failure rates are below 10^-9 or 10^-10 per operating hour.
Modular Safety
For the safety-oriented design of machines or systems for industrial production, commercially available safety systems certified according to IEC 61508 from established automation system manufacturers are suitable. For many other tasks, as well as for the development and manufacturing of these Safety CPUs, it is necessary to approach it from a different hardware level.
As a more economical and less risky alternative to a complete redevelopment from the semiconductor up, the use of System-on-Modules (SoMs) is often advantageous. These modules offer the benefit that system manufacturers do not need to grapple with the complex processor-proximate issues and those reaching deep into physics given today's clock rates when developing electronic assemblies. This allows them to focus on software development and managing manageable interfaces at the module boundaries during system development.
The Bavarian manufacturer Microsys Electronics, as a Gold Partner of the European processor manufacturer NXP, develops and produces SoMs based on its processor technology. "Modern multicore processors from NXP like the S32G are not only very powerful but are better suited than many others for the development of safe control systems due to their specific architecture," explains Jörg Stollfuß, Field Application Engineer at Microsys Electronics. "On this basis, we created easy-to-integrate modules with a certification-friendly design as an alternative to proprietary Fusa developments at the board level."
The Miriac SoMs from Microsys come with all the necessary provisions to avoid hardware-related barriers on the path to certification, when paired with appropriate external circuitry and software. This includes features such as separate monitoring of the power supply, which also enables the implementation of an independent watchdog timer. Additionally, Microsys installs components in the Miriac SoMs that are qualified according to the strict automotive standard AEC-Q100 to cover increased demands on the manufacturing quality of semiconductors. However, the application-specific software significantly influences the certifiability of computer systems. Therefore, unlike safety-oriented sensors, SoMs are not available as pre-certified generic safety elements.
Application Ready Platform
The multi-core processor architecture of modern processors does not readily allow for the parallel execution of safe and non-safe applications (mixed-criticality) on a single processor. Furthermore, due to the various common-cause failure potentials and the general base failure rate of complex semiconductors, it is even less suitable for constructing redundant systems or multi-channel systems for highly secure applications based on a single processor.
Therefore, Microsys developed the hardware for a task-specific, but not customer-specific, control platform as a ready-to-install complete system, initially primarily for mobile work machines. The core product is a carrier board that, besides the central Miriac MPX-LX2160A, has three M.2 slots that can be used for up to three SSD storage modules or one to two Hailo-8 AI processor modules. Optionally, an expansion with a Miriac MPX-S32G274A or Miriac MPX-S32G399A is considered. In this way, it can achieve very high computing power for complex tasks or alternatively maintain an independent, dissimilar internal computation channel. This setup can achieve the safety level SIL 3.
A new enclosure has also been developed that transforms the electronics into a ready-to-install complete system. Dust and waterproof to IP 68 standards, it serves not only to protect the installed electronics but also for heat dissipation. Microsys has managed to limit the power consumption of the fully equipped unit to 60 watts, despite the extremely high processing power and variety of interfaces, and dissipate it completely passively, enabling the device to operate without fans or other active cooling systems.
"With this Autonomous Control Unit based on the SoM module Miriac MPX-LX2160A, Microsys not only offers manufacturers of mobile work machines a ready-to-install, modularly expandable hardware platform for the automation of their products," confirms Ina S. Schindler, Managing Director of Microsys Electronics. "Therefore, they can fully concentrate on the development of the software."
This article was first published on our sister website
:quality(80)/p7i.vogel.de/wcms/af/1e/af1ec4fca4636f521f780ba0ae009c8e/bild3-werkst-c3-bcck-20und-20werkzeug-5204x2928v1v1.jpeg "The main area of application for the new axial gear cutting machine is the production of rotor shafts for electric vehicles. (Image:Profiroll Technologies)")
:quality(80)/p7i.vogel.de/wcms/d1/ab/d1ab452217529e5c29a81add9aca7c22/0128871322v1.jpeg "Only one year to go: the new EU Machinery Regulation makes cybersecurity mandatory. Companies should act now. (Picture: ©Pisit - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/88/53/8853f7df2fe47a3d2c6f1879f6ac38e6/newsimage417073-1500x843v1v1.jpeg "Measuring setup for friction stir welding: Modular acoustic measuring system with flexibly positioned microphones for recording tool wear and process deviations in real time. (Image:Fraunhofer IDMT)")
:quality(80)/p7i.vogel.de/wcms/28/75/28751a17e2bcca46e53a1e7b8a84c433/schmersal-tiepner-029-6749x3796v1v1.jpeg "Tiepner's compact system produces ID cards made of laminated plastic, which are used as customer cards, ID cards or cheque cards, among other things. Left in the picture: Christian Höltge, Managing Director of Tiepner GmbH. (Image:Tiepner GmbH)")
:quality(80)/p7i.vogel.de/wcms/cd/fe/cdfe212a3b3206e2ff09dcdf71c11240/0129219561v1.jpeg "Extended S-series: The new Cobot models from Omron lift up to 30 kilograms and are now also protected against dust and water thanks to protection class IP65. (Image:Omron)")
:quality(80)/p7i.vogel.de/wcms/c3/6d/c36d161e7709095fd1de4cb9de27d927/0129133682v1.jpeg "Nanjing is Siemens' largest research and production center for CNC systems, drives and electric motors outside Germany. (Image:Siemens)")
:quality(80)/p7i.vogel.de/wcms/70/dc/70dc2fbc09e6958a72c63bd15e986e14/0129206156v1.jpeg "The global shoe machine manufacturer Desma relies on automation and has been revolutionizing shoe production—together with ABB Robotics for over 40 years. (Image:ABB Robotics)")
:quality(80)/p7i.vogel.de/wcms/60/fd/60fd12ddfe1fb623568736f27d1cfe61/0128606899v1.jpeg "The future of supply chains: AI and dashboards to ensure optimal OTIF values (Picture: ©immimagery - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/39/38/393873c2ed943bb715a6419d94049b63/geralt-entrepreneur-1340649-1280-1280x720v1v1.jpeg "Visual Components presents its forecast for production simulation in 2026. (Image:Pixabay)")
:quality(80)/p7i.vogel.de/wcms/60/4e/604e2a1ce26f177c5f28c2bff94c2f7d/der-20rotor-20mit-20aktiv-20verwindbaren-20rotorbl-c3-a4ttern-20im-20windkanal-1920x1079v1v1.jpeg "The rotor with actively twistable rotor blades in the wind tunnel: The open measuring section and sound-absorbing wall and model fuselage cladding enable high-quality acoustic measurements. (Image:DLR)")
:quality(80)/p7i.vogel.de/wcms/a8/9a/a89aef1cba3843fa06a1ec1f07cf659b/adobestock-95634179--c2-a9-20crazyforanimeart-20-e2-80-93-20stock-adobe-com-4762x2678v1v1.jpeg "Copied from the octopus: Researchers have developed a film-like thin-film platform that can dynamically change not only its color but also its surface structure. (Image:AdobeStock_95634179_ CrazyForAnimeArt)")
:quality(80)/p7i.vogel.de/wcms/2b/fb/2bfbb9fa26274cb8f6e8979c24a3d08e/0129243542v1.jpeg "In some cases, the new additively manufactured lightweight bearings only reach
11 percent of the weight of comparable steel bearings. (Image:Rosswag Engineering)")
:quality(80)/p7i.vogel.de/wcms/d2/40/d240b49c8edba464bf610f0e0b3628f0/p90629460-lowres-2250x1265v1.jpeg "(Source: BMW Group)")
:quality(80)/p7i.vogel.de/wcms/e9/60/e960f8c34a847b11fc576c54d9d46ea6/0129325747v1.jpeg "Robobuses, like WeRide here, are well on the way to becoming an integral part of local public transport. (Image:WeRide)")
:quality(80)/p7i.vogel.de/wcms/e3/8d/e38d7a9b1bcb87f6ef6546654a2ee40f/bild1v1.jpeg "(Source: InfiMotion)")
:quality(80)/p7i.vogel.de/wcms/a6/cc/a6cc273294dbe8ab9534fb4316fc8d2b/0129255976v1.jpeg "Porsche sees battery expertise as a key strategic competence and has developed the battery modules for the new Cayenne Electric itself. (Image:Porsche)")
:quality(80)/p7i.vogel.de/wcms/6f/8f/6f8ff5bf9b81829ef22736bc790cecca/0129224894v1.jpeg "View of the quantum optics laboratory at the University of Stuttgart: here, researchers are experimenting with new photon sources for quantum computing and quantum networks. (Image:Barz Group, University of Stuttgart)")
:quality(80)/p7i.vogel.de/wcms/52/3a/523ac3157ae4b4f596c7241c89127061/0129260553v1.jpeg "This artistic illustration shows a thermal analog calculator that performs calculations using excess heat and is embedded in a microelectronic system. (Image:Jose-Luis Olivares, MIT)")
:quality(80)/p7i.vogel.de/wcms/d1/f4/d1f4508c6b79ec2f0432b34a6fa33a98/0114966184v1.jpeg "The Infineon headquarters Campeon in Neubiberg, Munich. (Image:Infineon)")
:quality(80)/p7i.vogel.de/wcms/fa/d3/fad3872cf3f110f43411f2dce9e8f23a/0129265762v1.jpeg "Siemens Energy has discovered the USA as a prosperous growth market for network technology and gas turbines! In order to be able to meet demand at some point, the company is already digging deeper into its pockets ... (Image:Siemens Energy)")
:fill(fff,0)/images.vogel.de/vogelonline/companyimg/76800/76895/65.jpg "FAULHABER_120mm.jpg ()")
:fill(fff,0)/p7i.vogel.de/companies/67/eb/67eba621ef6ea/logo2.png "logo2 (Wuxi InfiMotion)"){kind=logo}
:quality(80)/p7i.vogel.de/wcms/86/8a/868a29e2ab9b812a3274f08876c9e057/0120264797v1.jpeg "Future topics such as autonomous vehicles or construction machinery would be completely unthinkable without functional safety (Fusa).(Image: Microsys)")
:quality(80)/p7i.vogel.de/wcms/9b/43/9b433b83edb5eec427ff03a0f6bbb522/0120264392v1.jpeg "The easy-to-integrate System-on-Module (SoM) from Microsys, based on modern multicore processors from NXP, are ideally suited for the development of safe control systems due to their architecture and certification-friendly design.(Image: Microsys)")
:quality(80)/p7i.vogel.de/wcms/7c/47/7c47ab1757cd6584c1370f0315f7af74/0120264395v1.jpeg "The task-specific but not customer-specific developed Autonomous Control Unit can be equipped with up to three SSD storage modules via three M.2 slots, or alternatively one to two Hailo-8 AI processor modules. Optionally, a Miriac MPX-S32G274A or Miriac MPX-S32G399A can also be added. Thus, it forms a ready-to-install, modularly expandable hardware platform for secure automation.(Image: Microsys)")
:quality(80)/p7i.vogel.de/wcms/54/b4/54b4360718d0f3d47452c63ecec1e948/0120264387v1.jpeg "Ina S. Schindler, Managing Director of Microsys Electronics: \"With the Autonomous Control Unit based on the SoM module Miriac MPX-LX2160A as a ready-to-install, modularly expandable hardware platform for safe automation, system manufacturers can fully focus on software development.\"(Image: Microsys)")
:quality(80)/p7i.vogel.de/wcms/73/fe/73fe81ddf28b12d729690653aa6ab900/0126320504v1.jpeg "The AIM13 series from EFCO includes seven fanless IPC models, all equipped with at least 2 x GbE with PoE. Both for PoE and the additional AI hardware accelerator, a supply voltage of 9...36 V DC is sufficient for the internal power supply. (Image:EFCO)")
:quality(80)/p7i.vogel.de/wcms/a8/d7/a8d748a29612695eec22e0fad4cbf61a/0128735143v1.jpeg "The CES takes place in Las Vegas from January 6 to 9, 2026. (Image:Consumer Technology Association (CTA))")