Specifications of the safety functions

System requirements

Required Firmware

  • v4.2.0 or higher

Supported Hardware

  • Servo Node EtherCAT 2000 Safety (E revision or newer) *
  • Servo Node EtherCAT 1000 Safety (E revision or newer)
  • Servo Node EtherCAT 400 Safety (E revision or newer)

* External fuse at main supply (48 VDC) is required for drive 2000 dimensioned according to driven load.

Technical specifications

Safety parameters  
Safety Integration level (SIL) according to IEC 61508:2010 SIL 3
Performance Level (PL) according to ISO 13849-1:2015 PL e cat. 3
Safe Failure Fraction (SFF) 99.99 %
Probability of dangerous failure per hour (PFH d) 1.07*10 -10 /hour
Probability of dangerous failure on demand (PFD avg) 9.41*10 -6
Common Cause Failure (CCF) >65
Hardware Fault Tolerance (HFT) 1
Reaction time 10 ms
De-activation time 10 ms
Mean Time to dangerous Failure (MTTF d) 3035 years (capped to 100 years)
Diagnostic coverage (DC avg) 99%
HW-type Type A
Mission time T M 20 a
Installation requirements  
Max. installation altitude 2000 m
Pollution Degree PD 2
Supported Motors 1 x 3-phase BLDC-Motor and 1 active brake
Safe digital inputs (STO-SBC input)  
Number of digital inputs 2 (dual-channel safety input for activating STO-SBC function)
Digital input type according to IEC61131-2:2007 Type 1
Voltage range 0-60 VDC
Max. transient input voltage 80 VDC
Input voltage, logic 1 15-60 V
Input voltage, logic 0 0-5 V
Input current Max. 6 mA (@24 VDC)
Test pulse toleration (OSSD pulses) Max. 1 ms
Reverse voltage protected Yes
Allowed discrepancy between digital inputs

100 ms

Safe brake output (SBC)  
Number of digital outputs 2 (dual-channel safety output for one brake system)
Max. output voltage Servo drive main power supply (48 VDC)
Min. output voltage 0 V
Max. current. 1 A
Max. peak current. 4 A


Servo drives including the Safety module shall be used only in Pollution Degree environments class PD1 or PD2 according to IEC 61800-5-1: During normal operation only non-conductive pollution may occur, temporarily occurring conductivity caused by condensation may only be expected when the servo drive is out of operation.

Block diagram

Simplified block diagram of servo drive with Safety Module:


For details of the connectors please refer to: