RobotForge
Published·~12 min

Safety and certification: ISO 10218, 13482

The standards that separate a lab demo from a deployed product. What each requires, how to prepare, and the practical roadmap for taking a robot from prototype to certified.

by RobotForge
#frontiers#safety#certification

Building a robot that works is hard. Building a robot that's certified safe enough to deploy is harder, and a different kind of work — paperwork, hazard analysis, redundant safety systems, traceability. Hobbyist projects skip this entirely; production systems can't. Here's the working knowledge for industrial and service robots in 2026.

The two standards that matter most

ISO 10218: industrial robots

The standard for robots in industrial settings. Two parts:

  • ISO 10218-1: requirements on the robot itself (the manufacturer's responsibility).
  • ISO 10218-2: requirements on the integrated robot system (the integrator's responsibility).

Most industrial-arm vendors (UR, KUKA, Stäubli, Fanuc) ship arms compliant with 10218-1. When you integrate them into a workcell, your installation must comply with 10218-2.

Updated in 2025; the 2025 revision adds explicit requirements for collaborative robots and integrated AI-based control.

ISO 13482: personal-care service robots

The standard for service robots that operate around people in non-industrial settings. Vacuum cleaners, hospital delivery, elderly-care robots.

Different categories: mobile robots, physical-assistant robots, person-carrier robots. Each has its own hazard list.

For a delivery robot or home robot, this is the relevant standard.

Other standards by domain

Domain Standard
IndustrialISO 10218 (robots), ISO/TS 15066 (cobot-specific)
Personal careISO 13482
Medical / surgicalIEC 60601-1, IEC 80601-2-77
Autonomous vehiclesISO 26262 (functional safety), ISO 21448 (SOTIF)
DronesFAA Part 107 (US); EU Drone Regulation
Functional safety (SW)IEC 61508 (general), Performance Levels per ISO 13849

The hazard analysis ritual

The first concrete deliverable in certification:

  1. List every plausible failure mode (motor stall, sensor blind, software hang).
  2. Estimate the consequence (cosmetic, minor injury, major injury, death).
  3. Estimate the frequency (rare, occasional, often).
  4. Compute risk = consequence × frequency.
  5. For each high-risk hazard: design a mitigation.
  6. Verify the mitigation works.

Standard format: a hazard analysis spreadsheet (HAZOP-style) with rows for each hazard. Reviewed quarterly.

The mitigation patterns

  • E-stop button: hardware-level kill switch that cuts motor power. Required by every standard.
  • Emergency-stop circuit: dual-redundant; reaches every actuator; tested before every shift.
  • Limited speed mode: when humans are detected, robot drops to ≤ 250 mm/s (per ISO 10218).
  • Force limits: per ISO/TS 15066, contact force on a body region must stay below pain thresholds.
  • Geometric guards: physical barriers, light curtains, safety mats.
  • Watchdog timers: software detects hung control loops; safe-stops.
  • Redundant sensors: critical sensors duplicated; mismatch triggers safe-stop.
  • Diversified architectures: safety-critical loop in HW (PLC, FPGA); convenience loop in SW.

Functional safety levels

For software-controlled safety, use Safety Integrity Levels (SIL) or Performance Levels (PL):

  • SIL 1 / PL b: low. Most consumer robots target this.
  • SIL 2 / PL c–d: industrial cobots; collaborative tasks.
  • SIL 3 / PL e: high; autonomous vehicles, surgical robots.
  • SIL 4: nuclear, aviation. Beyond robotics.

Higher levels require more architectural redundancy + more rigorous testing + more documentation.

The compliance roadmap

For a typical industrial robot:

  1. Concept: identify which standards apply.
  2. Hazard analysis: structured review of all failure modes.
  3. Architecture: design with redundancy, failure-isolation, watchdogs.
  4. Implementation: code with traceability to safety requirements.
  5. Verification: unit + integration tests + safety-specific tests.
  6. Validation: real-world testing, hazard scenarios.
  7. Documentation: technical file, user manual, training materials.
  8. Audit: third-party (TÜV, UL, etc.) reviews everything.
  9. Certification mark: CE, UL, etc. mark on the product.
  10. Continuous compliance: changes require re-validation; field issues feed back.

For a small team: 6–18 months. For a team that's never done this before: longer.

The 2024+ AI safety angle

Standards are catching up to learned controllers. Open questions:

  • How do you certify a neural network whose behavior emerges from training data?
  • How do you do fault tree analysis on a black-box policy?
  • How do you guarantee that a VLA never outputs an unsafe action?

Current answers: layered safety architectures.

  • The neural net is allowed to output anything.
  • A separate safety filter (classical control, signal monitor) constrains those outputs.
  • The safety filter is what's certified.

This pattern is what Tesla's FSD (Autopilot supervisor) and Boston Dynamics' Atlas use. The neural net is a "suggester"; the classical layer is the gatekeeper.

Practical hobbyist takeaways

For a research / hobby robot:

  • Always have a hardware E-stop. Big red button. Cuts motor power, not just software.
  • Soft mat under the robot for first-time deployments.
  • Test with low torque limits first; raise gradually.
  • Don't deploy near humans without explicit safety design.
  • Document failures; the discipline starts now.

For commercialization later, this discipline is the foundation. It's much easier to design with safety in mind from day 1 than to retrofit later.

Why hobbyists can ignore this (but shouldn't entirely)

Liability for hobbyist robots is low — your bedroom isn't a factory floor. But:

  • If you ever monetize, you're suddenly a manufacturer with all the rules.
  • Hobbyist habits (no E-stops, naked motors, hot-wire batteries) cause real injuries every year.
  • The discipline is itself good engineering: hazard analysis catches bugs that pure testing misses.

Cost / time of certification

A typical industrial-grade certification (CE + UL on a serious robot):

  • Internal effort: 1000–3000 person-hours for a startup.
  • External lab fees: $20k–$100k.
  • Wall-clock: 6–18 months.

For a venture-funded company: line item in the budget. For a bootstrapped startup: the wall.

Exercise

For any robot you've built or are designing: write the hazard analysis. List 15 plausible failure modes; rate consequence + frequency; design mitigations for the top 5. The exercise is sobering — you'll find risks you hadn't considered. The 2-hour effort is the cheapest insurance you can buy.

Next

Cost-aware BOM engineering — building a capable robot for a target dollar figure.

← Previous
Embodied reasoning with LLM agents
Next →
Cost-aware BOM engineering

Comments

    Sign in to post a comment.