HOME Cart(0) Quotation About-Us Policy PDFs Standard-List
www.ChineseStandard.net Database: 189760 (25 Oct 2025)

GB/T 16855.1-2025 English PDF

US$2674.00 · In stock
Delivery: <= 11 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 16855.1-2025: Safety of machinery - Safety-related parts of control systems - Part 1: General principles for design
Status: Valid

GB/T 16855.1: Evolution and historical versions

Standard ID	Contents [version]	USD	STEP2	[PDF] delivered in	Standard Title (Description)	Status	PDF
GB/T 16855.1-2025	English	2674	Add to Cart	11 days [Need to translate]	Safety of machinery - Safety-related parts of control systems - Part 1: General principles for design	Valid	GB/T 16855.1-2025
GB/T 16855.1-2018	English	905	Add to Cart	0--9 seconds. Auto-delivery	Safety of machinery -- Safety-related parts of control systems -- Part 1: General principles for design	Valid	GB/T 16855.1-2018
GB/T 16855.1-2008	English	RFQ	ASK	10 days [Need to translate]	Safety of machinery -- Safety-related parts of control systems -- Part 1: General principles for design	Obsolete	GB/T 16855.1-2008
GB/T 16855.1-2005	English	RFQ	ASK	9 days [Need to translate]	Safety of machinery -- Safety-related parts of control systems -- Part 1: General principles for design	Obsolete	GB/T 16855.1-2005
GB/T 16855.1-1997	English	959	Add to Cart	6 days [Need to translate]	Safety of machinery--Safety related parts of control systems--Part 1: General principles for design	Obsolete	GB/T 16855.1-1997

Basic data

Standard ID	GB/T 16855.1-2025 (GB/T16855.1-2025)
Description (Translated English)	Safety of machinery - Safety-related parts of control systems - Part 1: General principles for design
Sector / Industry	National Standard (Recommended)
Classification of Chinese Standard	J09
Classification of International Standard	13.110
Word Count Estimation	134,188
Date of Issue	2025-08-29
Date of Implementation	2025-08-29
Older Standard (superseded by this standard)	GB/T 16855.1-2018
Issuing agency(ies)	State Administration for Market Regulation, National Standardization Administration

GB/T 16855.1-2025: Safety of machinery - Safety-related parts of control systems - Part 1: General principles for design

---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT16855.1-2025
ICS 13.110 CCSJ09 National Standard of the People's Republic of China Replaces GB/T 16855.1-2018 Mechanical safety control system Part 1.General principles of design (ISO 13849-1.2023, IDT) Released on August 29, 2025 Implementation on August 29, 2025 State Administration for Market Regulation The National Standardization Administration issued

Preface III Introduction V 1 Scope 1 2 Normative references 1 3 Terms, Definitions, Symbols and Abbreviations 2 3.1 Terms and Definitions 2 3.2 Symbols and abbreviations 9 4 General Requirements 11 4.1 Machine risk assessment and risk reduction process 11 4.2 Effect on risk reduction 13 4.3 SRP/CS Design Process 13 4.4 Method 15 4.5 Required Information 15 4.6 Implementing safety functions using subsystems 15 5 Safety Function Specifications 16 5.1 Identification and general description of safety functions 16 5.2 Safety Requirements Specification 16 5.3 Determine the required performance level (PLr) of each safety function 21 5.4 Review of Safety Requirements Specification (SRS) 22 5.5 Decomposing SRP/CS into Subsystems 22 6 Design Considerations 24 6.1 Assessment of achieved performance levels 24 6.2 Combination of subsystems to achieve the overall safety functional performance level 37 6.3 Software-based manual parameterization 38 7 Software Security Requirements 40 7.1 General requirements 40 7.2 Limited Variable Language (LVL) and Fully Variable Language (FVL) 41 7.3 Safety-Related Embedded Software (SRESW) 44 7.4 Safety-Related Application Software (SRASW) 45 8 Verification of achieved performance level 47 9 Ergonomic Design 47 10 Confirmed 47 10.1 Confirmation Principles 47 10.2 Confirmation of Safety Requirements Specification (SRS) 51 10.3 Analysis and Confirmation 51 10.4 Test Confirmation 52 10.5 Confirmation of safety functions 53 10.6 Confirmation of SRP/CS Security Integrity 53 10.7 Confirmation of Environmental Requirements 56 10.8 Confirmation Records 56 10.9 Confirmation of Maintenance Requirements 56 11 Maintainability of SRP/CS 57 12 Technical Documents 57 13 Usage Information 58 13.1 Overview 58 13.2 SRP/CS Integration Information 58 13.3 User Information 58 Appendix A (Informative) Guidance for determining the required performance level (PLr) 60 Appendix B (Informative) Module Approach and Safety-Related Modules Figure 64 Appendix C (Informative) Calculation or evaluation of MTTFD values for individual components 66 Appendix D (Informative) Simplified method for estimating MTTFD of each channel 72 Appendix E (Informative) Estimation of diagnostic coverage (DC) for functions and subsystems 74 Appendix F (Informative) Quantitative Method for Measures to Prevent Common Cause Failures (CCF) 77 Appendix G (Informative) Systematic Failure 80 Appendix H (Informative) Examples of Combinations of Multiple Subsystems 83 Appendix I (Informative) Example of a simplified procedure for estimating the PL of a subsystem 85 Appendix J (Informative) Software 92 Appendix K (Informative) The numerical values in Figure 12 represent 95 Appendix L (Informative) Electromagnetic Interference (EMI) Immunity 98 Appendix M (Informative) Further information on the Safety Requirements Specification (SRS) 102 Appendix N (Informative) Avoiding Systematic Failures in Software Design 105 Appendix O (informative) Safety-related values of control system elements or components 121 Reference 124 Preface This document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for standardization work Part 1.Structure and drafting rules for standardization documents" Drafting. This document is Part 1 of GB/T 16855 Safety of Machinery Safety Control Systems. GB/T 16855 has been published for the following part. --- Part 1.General principles of design; --- Part 2.Confirmation. This document replaces GB/T 16855.1-2018 "Safety-related components of mechanical control systems Part 1.General principles for design". Compared with GB/T 16855.1-2018, in addition to structural adjustments and editorial changes, the main technical changes are as follows. --- Changed the term "control system safety-related parts" to "safety control system" and changed its definition (see 3.1.1,.2018 Version 3.1.1); --- Added the term "safety requirements specification" and its definition (see 3.1.3); --- Changed the definition of the term "category" (see 3.1.4, 3.1.2 of the.2018 edition); --- Added the terms "fault removal" and "permanent fault" and their definitions (see 3.1.9 and 3.1.11); --- Change the term "inhibit" to "silently stop" (see 3.1.15, 3.1.8 of the.2018 edition); --- Added the preferred term "risk reduction measures" (see 3.1.22, 3.1.27 of the.2018 edition); --- Added the terms "sub-function", "cross-monitoring", "mean time between failures" and "dangerous failure ratio" and their definitions (see 3.1.28, 3.1.30, 3.1.33, 3.1.34); --- Change the term “requirement rate” to “demand rate” (see 3.1.38, 3.1.30 of the.2018 edition); --- Change the term “application software” to “safety-related application software” (see 3.1.41, 3.1.36 of the.2018 edition); --- Change the term “embedded software” to “safety-related embedded software” (see 3.1.42, 3.1.37 of the.2018 edition); --- Change the term “high demand or continuous mode” to “high demand or continuous mode” (see 3.1.43, 3.1.38 of the.2018 edition); --- Added the terms "low demand mode", "subsystem", "subsystem component", "channel", "operating mode", "proven safety principle", "proven safety principle" and "proven safety principle". Verified components, "dynamic testing," "realism check," "verification," "validation," "skilled personnel," "black box," "grey box," and "hazards per hour" "Average frequency of failure" and its definition (see 3.1.44 to 3.1.58); --- Deleted the terms "manual reset", "maintenance rate" and "proven in use" and their definitions (see 3.1.9, 3.1.31 and 3.1.32 of the.2018 edition) 3.1.39); --- Added general requirements (see Chapter 4); --- Changed the safety function specification (see Chapter 5, 5.1 of the.2018 edition); --- Changed the design considerations (see Chapter 6, Chapter 4 of the.2018 edition); ---Deleted the categories and their relationship with DCavg, CCF and MTTFD per channel and integrated the technical content into the design considerations (See Chapter 6, Chapter 6 of the.2018 edition); --- Added software safety requirements (see Chapter 7); --- Changed the verification requirements for the achieved performance level (see Chapter 8, 4.7 of the.2018 edition); --- Changed the design requirements for ergonomics (see Chapter 9, 4.8 of the.2018 edition); --- Changed the confirmation requirements (see Chapter 10, Chapter 8 of the.2018 edition). This document is equivalent to ISO 13849-1.2023 "Safety of machinery — Safety control systems — Part 1.General principles for design". The following minimal editorial changes have been made to this document. --- Replace "7.2" in the first column of 10.6.5 with "6.2". Please note that some of the contents of this document may involve patents. The issuing organization of this document does not assume the responsibility for identifying patents. This document is proposed and coordinated by the National Technical Committee for Machinery Safety Standardization (SAC/TC208). This document was drafted by. Pilz Electronics (Changzhou) Co., Ltd., China Machinery Research Institute of Standards and Technology (Beijing) Co., Ltd., Shanghai Chenzhu Instrument Co., Ltd., Lihong Safety Equipment Engineering (Shanghai) Co., Ltd., Rhine Technology-Commodity Inspection (Qingdao) Co., Ltd., Shenzhen Bay Testing Technology Co., Ltd., Beibohua Automation (Nanjing) Co., Ltd., Qijing Kanhai (Hangzhou) Technology Co., Ltd., Jining Keli Optoelectronics Industry Co., Ltd. Company, Shandong Lane Optoelectronics Technology Co., Ltd., Ningbo Weicheng Technology Co., Ltd., EUCHNER Electric (Shanghai) Co., Ltd., Schmidt Sai Industrial Switch Manufacturing (Shanghai) Co., Ltd., Nanjing University of Science and Technology, Suzhou Institute of Quality and Standardization, Shenzhen Yipuxing Technology Co., Ltd., World Testing (Guangdong) Co., Ltd., Aohuang Testing Technology Service (Shanghai) Co., Ltd., Nanjing U-Bei Electrical Technology Co., Ltd., Tairui Machinery Co., Ltd., Shenzhen Dorne Technology Co., Ltd., Lantu Automotive Technology Co., Ltd., Siemens (China) Co., Ltd., Nanjing Forestry University School of Engineering, Sichuan Shuxing Youchuang Safety Technology Co., Ltd., Jinan Foundry and Forging Inspection and Testing Technology Co., Ltd., Geruian (Chongqing) Industrial Technology Co., Ltd. Company, SKF (China) Co., Ltd., Tesla (Shanghai) Co., Ltd., Weikai Testing Technology Co., Ltd., Lego Toy Manufacturing (Jiaxing) Co., Ltd., Central China Normal University, China Railway Construction Bridge Engineering Bureau Group Electrification Engineering Co., Ltd., Dongguan Sanxin Precision Machinery Co., Ltd., Hubei Gaonong Technology Co., Ltd., Jiangsu Zhongrui Safety Technology Development Co., Ltd., Beijing Control Engineering Research Institute, Nantong Weiers Machinery Technology Co., Ltd., China Railway Construction Bridge Engineering Bureau Group Building Assembly Technology Co., Ltd., Shenzhen Ruida Technology Co., Ltd., Wuhan Pudizhen Kong Technology Co., Ltd., Dongguan Guda Machinery Manufacturing Co., Ltd., Nanjing Light Machinery Packaging Machinery Co., Ltd., Nan'an Zhongji Standardization Research INN LIMITED. The main drafters of this document are. Xu Kai, Huang Zhijiong, Zhou Ting, Li Liyan, Cao Yongmei, Meng Zhaorui, Chen Zhuoxian, Xu Yi, Wang Zhenwei, Shao Guangcun, Yin Zhiyao, Li Haiming, Hu Jinfang, Lu Xiaoguang, He Jun, Ju Likai, Li Yantao, Dai Wenjie, Liu Xiaoying, Liu Minghan, Huang Fei, Wang Lin, Wei Jianhong, Yu Heng, Chen Guoliang, Li Jia, Ju Ronghua, Qin Peijun, Lu Jun, Yin Gaojun, Dong Xing, Liu Zhilong, Zhong Jinming, Xu Wenchao, Zhou Chaoliang, Cao Gaohui, Yao Tianjin, Gao Xuegang, You Xiaoyang, Dai Xiaomeng, Ma Rongsheng, Shi Chuanming, Chu Weizhong, Liu Zhiyong, Zhang Shuo, Sun Shuaihua, Chen Nengyu, Zhu Bin, Chen Xiaoquan, Xie Bingxun, Ling Yimin, Zhang Heqing, Jiang Tao, Zhou Cheng, Zhao Xiaodong, Zhang Chuanjia, Yang Jinglong, Fu Yanmin, Zhang Xiaofei, Ma Yan, Zheng Huating, and Zhou Yanwen. This document was first published in.1997, revised for the first time in.2005, revised for the second time in.2008, and revised for the third time in.2018. Fourth revision.

introduction

The safety standard system in the machinery field consists of the following categories of standards. --- Category A standards (basic safety standards) give basic concepts, design principles and general characteristics applicable to all machinery. --- Category B standards (general safety standards) involve a safety feature of machinery or a type of safety device with a wide range of applications. ● Category B1, standards for specific safety features (such as safety distance, surface temperature, noise); ● Category B2, safety device (such as two-hand control device, interlock device, pressure sensitive device, protective device) standard. ---Category C standards (machinery product safety standards) specify detailed safety requirements for a specific machine or group of machines. According to GB/T 15706-2012, this document belongs to Category B1 standard. This document is particularly relevant to the following stakeholders involved in machinery safety. ---Machine manufacturer; ---Health and safety agencies. Other stakeholders affected by the level of machinery safety are. ---Machine users; ---Machine owner; ---Service providers; --- Consumer (for machinery intended for use by consumers). All of the above stakeholders may participate in the drafting of this section. Furthermore, this document is intended for use by standardization bodies drafting Type C standards. The requirements specified in this document may be supplemented or modified by Type C standards. For machines that are within the scope of Category C standards and have been designed and manufactured in accordance with Category C standards, the requirements of Category C standards shall take precedence. Note 1.The main contents and examples of this document are mostly for fixed machines in factories, but this document does not exclude other machines. It does not consider whether some machines (such as mobile machines) have special requirements, but this document is applicable to cross-industry use as much as possible and is used as a Class C standard. The basis for the revision of the quasi-formulation. The safety control system is the part of the machine control system that performs safety functions. GB/T 16855 aims to clarify the various aspects of the safety control system. The requirements of key indicators to ensure the safety functions of the machine and thus the safety of personnel are planned to be composed of two parts. --- Part 1.General principles for design. The purpose is to guide the design of safety control systems and to provide guidance for the formulation and revision of B2 or C standards. For guidance. --- Part 2.Confirmation. The purpose is to guide the evaluation and verification of safety control systems. Take risk reduction measures in the order of intrinsically safe design measures, safety protection and/or supplementary risk reduction measures, and use information to achieve Comply with the risk reduction in GB/T 15706-2012.Designers can reduce risks through risk reduction measures with safety functions. The part of the controller system that is allocated to provide safety functions is called the safety control system (SRP/CS). It can be independent of the machine control system or a component of the machine control system. In addition to safety functions, SRP/CS can also realize operational functions. GB/T 15706-2012 is used for risk assessment of machines. The Class C standard does not specify the safety functions required for SRP/CS to be implemented. When determining the performance level (PLr), the PLr can be determined according to Appendix A. After conducting a risk assessment according to GB/T 15706-2012, it is determined that When risk reduction measures rely on safety functions (such as interlocking protective devices), safety control systems can be used in accordance with this document to perform the safety functions. This document is intended for the design and evaluation of SRP/CS. The scope of this document includes safety related control systems only. Figure 1 shows the relationship between GB/T 15706-2012 and this document. See Figure 2 for details. Note 2.For more information, see ISO /T R 22100-2.2013. a Based on Figure 2 in ISO /T R22100-2.2013. Figure 1 Risk reduction process of integrating this document (GB/T 16855.1) into GB/T 15706-2012 Note 3.Figure 1 shows the contribution of SRP/CS to the risk reduction process step 2 of GB/T 15706-2012.SRP/CS supports A combination of risk reduction measures. The ability of a safety control system to perform safety functions under expected conditions is divided into five levels, called performance levels (PL). The required performance level (PLr) of the overall safety function (depending on the required risk reduction) is determined by the risk assessment. Informative Annex A of this document provides a risk estimation method that can be used to determine the PLr of the safety functions performed by the SRP/CS. Due to the subjective nature of the evaluation criteria, there are differences between different risk estimation methods. Compared with Appendix A, the C-type standard can be used to target specific The machine provides a more specific risk estimation method. The frequency of dangerous failures of safety functions depends on several factors, including but not limited to. hardware and software architecture, the scope of fault detection mechanisms [diagnostic coverage (DC)], component reliability [mean time between dangerous failures (MTTFD), common cause failures (CCF)], design process, operational requirements force, environmental conditions and operating procedures, etc. In order to facilitate the design of SRP/CS and evaluate the achieved PL, this document adopts specific design criteria based on fault conditions (such as MTTFD, DCavg) and prescribed behavior to classify architectures. These architectures are divided into 5 categories. Category B, Category 1, Category 2, Category Category 3, Category 4. Functional safety considers the failure characteristics of components/elements that perform safety functions. For each safety function, its failure characteristics are measured by hourly It is expressed as the frequency of dangerous failures (PFH). Performance levels and categories apply to SRP/CS, for example. ---Control unit (such as control function, data processing, monitoring, etc. logic unit); ---Electrosensitive protection devices (such as light curtains) and pressure-sensitive protection devices. For SRP/CS subsystems that use safety components (elements), their performance levels and categories can be determined. Examples include. --- Protective devices (such as two-hand control devices, interlocking devices); ---Power control components (such as relays, valves); ---Sensors and human-computer interaction components (such as position sensors and enabling switches). This document covers machines ranging from simple ones (such as small kitchen cookers or automatic doors) to complex ones (such as packaging machines, printing machines, presses, machines and integrated manufacturing systems, etc.). This document and IEC 62061 both give requirements for the design and implementation of safety control systems for machinery. Mechanical safety control system Part 1.General principles of design

1 Scope

This document specifies the design and integration methods for safety control systems (SRP/CS) that perform safety functions, including software design. Requirements, recommendations and guidelines. This document applies to SRP/CS including subsystems used in high demand and continuous operation mode, regardless of the technology and Energy (e.g. electrical, hydraulic, pneumatic, mechanical). This document does not apply to low demand operating modes. NOTE 1 For low demand operating mode, see 3.1.44 and IEC 61508 (all parts). This document does not specify safety functions or required performance levels (PLr) for specific applications. Note 2.This document specifies the SRP/CS design method without considering the special requirements of certain machines (such as mobile machines). Such special requirements are covered by the C-type standards. consider. This document does not provide specific design requirements for products/components that build SRP/CS. Specific requirements for the design of certain SRP/CS components are not given in this document. Requirements are covered by applicable ISO and IEC standards. This document does not provide specific measures for physical security, IT security and network security. Note 3.Issues such as physical security, IT security, and network security may affect security functions. For more information, see ISO /T R22100-4 and IEC /T R63074.

2 Normative references

The contents of the following documents constitute the essential clauses of this document through normative references in this document. For referenced documents without a date, only the version corresponding to that date applies to this document; for referenced documents without a date, the latest version (including all amendments) applies to This document. GB/T 15706-2012 Safety of machinery – General principles for design – Risk assessment and risk reduction (ISO 12100.2010, IDT) GB/T 16855.2-2015 Safety of machinery - Safety-related components of control systems - Part 2.Validation (ISO 13849-2. 2012, IDT) GB/T 19876-2012 Safety of machinery - Positioning of safety guards related to approach speeds of parts of the human body (ISO 13855. 2010, IDT) GB/T 20438.3-2017 Functional safety of electrical/electronic/programmable electronic safety-related systems Part 3.Software requirements (IEC 61508-3.2010, IDT) GB/T 42598-2023 General rules for drafting safety instructions for machinery (ISO 20607.2019, IDT) IEC 62046.2018 Safety of machinery - Application of protective equipment for detecting the presence of human bodies IEC 62061.2021 Safety of machinery - Functional safety of safety-related control systems IEC /IEEE82079-1.2019 Preparation of product usage information (instructions for use) Part 1.Principles and general requirements requirements]

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of GB/T 16855.1-2025_English be delivered?

Answer: Upon your order, we will start to translate GB/T 16855.1-2025_English as soon as possible, and keep you informed of the progress. The lead time is typically 7 ~ 11 working days. The lengthier the document the longer the lead time.

Question 2: Can I share the purchased PDF of GB/T 16855.1-2025_English with my colleagues?

Answer: Yes. The purchased PDF of GB/T 16855.1-2025_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.

Question 5: Should I purchase the latest version GB/T 16855.1-2025?

Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 16855.1-2025 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically.