Dreamstime Theerapong28 116018241

Achieving Functional-Safety Compliance for Motor-Control Systems

Nov. 20, 2023
Sponsored by Texas Instruments: Though time-to-market often dominates automotive and industrial design efforts, ensuring functional safety has also risen to the top of the engineer’s design checklist.

Members can download this article in PDF format.

For a long time, chip design resembled a relay race—the object was to get to the finish line as fast as you can. And both chip design and relay racing depend on getting timing down and having smooth handoffs. When a mistake was made, a runner could stop and pick up a dropped baton. Similarly, re-spins, though they’d become much more expensive due to increasing mask costs, were possible when first silicon didn’t perform correctly. Unfortunately, either miscue also meant you wouldn’t be standing on the winner's podium.

Recently, though, while engineers still work diligently to accelerate time-to-market, more effort is being spent on keeping accuracy and functional safety at the forefront of a project (Fig. 1). Doing it right and meeting the rigorous requirements of functional-safety standards such as ISO 26262 and IEC 61508 is gaining favor over doing it as quickly as possible.

Sponsored Resources:

That brings us to functional-safety-compliant products. The widespread application of factory automation and control systems has increased the need for functional safety in both the industrial and automotive sectors.

If you’re involved in vehicle electronics, for example, chances are your work is subject to the requirements of ISO 26262, a standard specifically developed for the functional safety of vehicles. It’s not only to prevent damage to the vehicles, but also to avoid the risk of product recalls and/or compensation claims.

Harsh risks are involved in getting it wrong. Functional safety ensures your company isn’t exposed when there’s a malfunction in any system of a design. Neglecting the need to meet safety integrity compliance at the outset also can result in costly delays when introducing systems to market.

Avoiding Functional-Safety Pitfalls in Motor Control

Functional-safety standards specify how to develop systems in a way that reduces the risk. System designs that include functional safety not only lower risk from improper operation, but they also detect faults and minimize their impact.

Functional safety became a formalized industry standard (now known as IEC 61508, 1st Edition), in 1997 (Fig. 2). It should be part of the initial design requirements for, say, a motor drive. The onset of Industry 4.0 and the growth of vehicle electrification and connectivity requires that we update our approach to functional-safety compliance.

Industrial systems that require functional safety have a Safety Integrity Level (SIL) with an associated number from 1 to 4. SIL 1 is the lowest level, and SIL 4 is the highest. Similarly, end equipment can have different SIL levels depending on what’s required by the application.

The goal of functional-safety standards is to manage and mitigate systematic faults while also being able to detect, prevent, and/or render safe random hardware failures when they occur.

TI Functional-Safety Resources

Motor drives are used in a wide range of applications that require drive-based safety functions to reduce the risk from hazardous movement. For instance, the safe torque off (STO) function is a functional-safety provision. The STO can be requested or triggered in case of a system fault.

IEC 61800-5-2 defines STO as a function that prevents torque-producing power from supplying the motor. This safety sub-function corresponds to an uncontrolled stop according to stop category 0 of IEC 60204-1. The STO safety function is also useful where power removal is required to prevent an unexpected startup.

TI has an STO reference design that implements a dual-channel architecture with a hardware fault tolerance (HFT) of 1 according to IEC EN 61800-5-2. As long as a logic 1 (+24 V DC) is present at both STO inputs, the motor is operational. If there’s a logic 0 (0 V DC) at one or both of the STO inputs, the corresponding power supplies to the primary and the secondary side of the six isolated IGBT gate drivers are cut through load switches. Removing the supply voltage to the gate-driver IC disables the insulated-gate bipolar transistors (IGBTs) and thus the torque-producing energy.

Texas Instruments isn’t new to functional safety. The company has been developing, mass-producing, and delivering products into safety-critical applications for approximately four decades. Since 2020, TI has deployed simplified safety parametric search tools and collateral to help engineers be more efficient in their functional-safety designs. The on-chip safety functions and available safety documentation can help streamline your functional-safety system certification according to IEC 61508 and ISO 13849 to create more robust and reliable motor drive systems.


TI can facilitate motor-control design success by helping you establish more accurate and higher bandwidth control of position, torque, and speed. By using TI’s real-time control and communication technology, it can open the door to achieving the highest energy class and lowest latency.

Sponsored Resources: