KUKA - SafeOperation 3.2

KUKA System Technology KUKA Roboter GmbH
KUKA.SafeOperation 3.2
For KUKA System Software 8.3

Assembly and Operating Instructions
KUKA.Sa f e Op -
e ra t io n3.2
Issued: 08.06.2016
Version: KST SafeOperation 3.2 V7

© Copyright 2016
KUKA Roboter GmbH
Zugspitzstraße 140
D-86165 Augsburg
Germany
This documentation or excerpts therefrom may not be reproduced or disclosed to third parties without
the express permission of KUKA Roboter GmbH.
Other functions not described in this documentation may be operable in the controller. The user has
no claims to these functions, however, in the case of a replacement or service work.
We have checked the content of this documentation for conformity with the hardware and software
described. Nevertheless, discrepancies cannot be precluded, for which reason we are not able to
guarantee total conformity. The information in this documentation is checked on a regular basis, how-
ever, and necessary corrections will be incorporated in the subsequent edition.
Subject to technical alterations without an effect on the function.
Translation of the srcinal documentation
KIM-PS5-DOC
Publication: Pub KST SafeOperation 3.2 (PDF) en

Book structure: KST SafeOperation 3.2 V6.2
Version: KSTSafeOperation3.2V7
2 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7

Contents
Contents
1 Introduction .................................................................................................. 9
1.1 Target group .............................................................................................................. 9
1.2 Industrial robot documentation ................................................................................... 9
1.3 Representation of warnings and notes ...................................................................... 9
1.4 Terms used ................................................................................................................ 10
2 Product description ..................................................................................... 13
2.1 Overview of SafeOperation ........................................................................................ 13
2.2 Monitoring spaces...................................................................................................... 14

2.2.1 Coordinate systems .............................................................................................. 16
2.2.1.1 Special cases ................................................................................................... 18
2.2.2 Cell area ............................................................................................................... 19
2.2.3 Cartesian w orkspaces .......................................................................................... 20
2.2.4 Cartesian protected spaces .................................................................................. 21
2.2.5 Axis-specific wo rkspaces ...................................................................................... 22
2.2.6 Axis-specific protected spaces ............................................................................. 23
2.2.7 Space-specific velocity ......................................................................................... 25
2.2.8 Reference stop..................................................................................................... 25
2.3 Safe tools ................................................................................................................... 26
2.4 Velocity monitoring functions ..................................................................................... 27
2.5 Safe operational stop for axis groups ........................................................................ 28
2.6 Reference switch module ........................................................................................... 28
2.7 Connecting cables..................................................................................................... 29
3 Technical data .............................................................................................. 31
3.1 Service life ................................................................................................................. 31
3.2 Reference switch....................................................................................................... 31
3.3 Connector pin assignment of reference cable X42-XS Ref ....................................... 32
3.4 Circuit digram of reference switch XS Ref ................................................................. 33
3.5 Hole pattern for actuating plate .................................................................................. 33
4 Safety............................................................................................................ 35
4.1 General ...................................................................................................................... 35
4.1.1 Liability.................................................................................................................. 35
4.1.2 Intended use of the industrial robot ...................................................................... 35
4.1.3 EC declaration of conformity and declaration of incorporation ............................. 36
4.1.4 Terms used........................................................................................................... 36
4.2 Personnel................................................................................................................... 38
4.3 Workspace, safety zone and danger zone ................................................................. 39
4.3.1 Determining stopping distances ............................................................................ 39
4.4 Triggers for stop reactions ......................................................................................... 40
4.5 Safety functions......................................................................................................... 40
4.5.1 Overview of the safety functions ........................................................................... 40
4.5.2 Safety controller.................................................................................................... 41
4.5.3 Selecting the operating mode ............................................................................... 41
4.5.4 “Operator safety” signal ........................................................................................ 42
4.5.5 EMERGENCY STOP device ................................................................................ 43
Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 3 / 205

4.5.6 Logging off from the higher-level safety controller ................................................ 43

4.5.7 External EMERGENCY STOP device .................................................................. 44
4.5.8 Enabling device .................................................................................................... 44
4.5.9 External enabling device ...................................................................................... 45
4.5.10 External safe operational stop .............................................................................. 45
4.5.11 External safety stop 1 and external safety stop 2 ................................................. 45
4.5.12 Velocity monitoring in T1 ...................................................................................... 45
4.6 Additional protective equipment ................................................................................ 45
4.6.1 Jog mode.............................................................................................................. 45
4.6.2 Software limit switches ......................................................................................... 46
4.6.3 Mechanical end stops ........................................................................................... 46
4.6.4 Mechanical axis range limitation (optional) ........................................................... 46
4.6.5 Axis range monitoring (optional) ........................................................................... 46
4.6.6 Options for moving the manipulator without drive energy .................................... 47
4.6.7 Labeling on the industrial robot ............................................................................ 47
4.6.8 External safeguards ............................................................................................. 47
4.7 Overview of operating modes and safety functions ................................................... 48
4.8 Safety measures........................................................................................................ 48
4.8.1 General safety measures ..................................................................................... 48
4.8.2 Transportation ...................................................................................................... 50
4.8.3 Start-up and recommissioning .............................................................................. 50
4.8.3.1 Checking machine data and safety configuration ............................................ 51
4.8.3.2 Start-up mode .................................................................................................. 53
4.8.4 Manual mode........................................................................................................ 54
4.8.5 Simulation............................................................................................................. 54
4.8.6 Automatic mode ................................................................................................... 55
4.8.7 Maintenance and repair ........................................................................................ 55
4.8.8 Decommissioning, storage and disposal .............................................................. 56
4.8.9 Safety measures for “single point of control” ........................................................ 56
4.9 Applied norms and regulations .................................................................................. 57
5 Installation .................................................................................................... 61
5.1 System requirements ................................................................................................. 61
5.2 Installing or updating SafeOperation......................................................................... 61
5.3 Uninstalling SafeOperation ........................................................................................ 62
6 Operation...................................................................................................... 63
6.1 User groups............................................................................................................... 63
6.2 Opening the safety configuration ............................................................................... 63
6.3 Overview of buttons ................................................................................................... 63
6.4 Display functions....................................................................................................... 64
6.4.1 Displaying information about the safety configuration .. ........................................ 64
6.4.2 Displaying the change log . .................................................................................. 65
6.4.3 Displaying machine data ...................................................................................... 65
6.5 Importing the s afety configuration (XML import) ........................................................ 65
6.6 Exporting the safety configuration (XML export) ....................................................... 67
6.7 Safe robot retraction in case of space violation ......................................................... 68
7 Start-up and configuration .......................................................................... 69

Contents
7.1 System safety instructions ......................................................................................... 69

7.2 Jogging the robot without a higher-level safety controller .......................................... 69
7.3 Start-up and configuration – overview....................................................................... 70
7.4 Information about the safety configuration ................................................................. 71
7.4.1 Safe definition of Cartesian protected spaces ...................................................... 72
7.4.2 Unexpected protected space violation at space corners ...................................... 74
7.5 Configuring safety monitoring functions ..................................................................... 75
7.5.1 Activating safe monitoring ..................................................................................... 75
7.5.2 Defining global parameters ................................................................................... 75
7.5.3 Defining a cell area ............................................................................................... 77
7.5.4 Defining Cartesian monitoring spaces .................................................................. 79
7.5.5 Defining axis-specific monitoring spaces ... ........................................................... 84
7.5.6 Defining axis-specific velocity monitoring ............................................................. 87
7.5.6.1 Parameter Braking time . ............................................................................... 90
7.5.7 Defining the safe operational stop for axis groups ................................................ 91
7.5.8 Defining safe tools ................................................................................................ 93
7.5.9 Defining the reference position ............................................................................. 95
7.5.10 Saving the safety configuration ............................................................................. 97
7.6 Mastering test............................................................................................................ 98
7.6.1 Overview, mastering test ...................................................................................... 98
7.6.2 Programs for the mastering test ........................................................................... 99
7.6.3 Variables for the mastering test ............................................................................ 100
7.6.4 Selecting a reference position .............................................................................. 101
7.6.4.1 Installing the reference switch and actuating plate .......................................... 101
7.6.4.2 Connecting a reference switch ........................................................................ 102
7.6.5 Teaching positions for the mastering test ............................................................. 103
7.6.6 Checking the reference position (actuation with tool) ........................................... 105
7.6.7 Performing a mastering test manually . ................................................................ 105
7.7 Brake test ................................................................................................................... 106
7.7.1 Overview of the brake test .................................................................................... 106
7.7.2 Activating the brake test ....................................................................................... 107
7.7.3 Programs for the brake test .................................................................................. 107
7.7.4 Configuring input and output signals for the brake test ........................................ 108
7.7.4.1 Signal diagram of the brake test – examples ... ................................................ 110
7.7.5 Teaching positions for the brake test .................................................................... 111
7.7.6 Performing a manual brake test ............................................................................ 112
7.7.7 Checking that the brake test is functioning correctly ............................................ 113
7.8 Override reduction for velocity and workspace limits ................................................. 113
7.8.1 Override reduction with spline .............................................................................. 115
7.8.2 Examples of override reduction with spline .......................................................... 115
7.8.3 Variables for override reduction in $CUSTOM.DAT ............................................. 117
7.9 Safety acceptance overview...................................................................................... 117
7.10 Checking that the safety functions are functioning correctly ...................................... 118
7.10.1 Testing Cartesian velocity limits ........................................................................... 119
7.10.2 Testing axis-specific velocity limits ....................................................................... 119
7.10.3 Testing Cartesian monitoring spaces ................................................................... 120
7.10.4 Testing axis-specific monitoring spaces ............................................................... 121
7.10.5 Testing the safe operational stop for an axis group .............................................. 122
7.11 Activating a new safety configuration ......................................................................... 122

7.12 Deactivating safe monitoring..................................................................................... 123

8 Interfaces to t he higher-level c ontroller .................................................... 125
8.1 Safety functions via E thernet safety interface ........................................................... 125
8.1.1 SafeOperation via Ethernet safety interface (optional) ... ...................................... 129
8.1.2 Diagnostic signals via Ethernet interface .............................................................. 133
8.2 SafeOperation via interface X13 ................................................................................ 136
9 Diagnosis ...................................................................................................... 139
9.1 Displaying safe I/Os ................................................................................................... 139
9.2
9.3 Variablesforforspace
Outputs diagnosis ..............................................................................................
monitoring .................................................................................... 139
140
10 Messages ...................................................................................................... 141
10.1 Information about the messages ............................................................................... 141
10.2 System messages from module: CrossMeld (KSS) . ................................................ 141
10.2.1 KSS15016 ............................................................................................................ 141
10.2.2 KSS15017 ............................................................................................................ 141
10.2.3 KSS15018 ............................................................................................................ 142
10.2.4 KSS15019 ............................................................................................................ 143
10.2.5 KSS15033 ............................................................................................................ 144
10.2.6 KSS15034 ............................................................................................................ 144
10.2.7 KSS15035 ............................................................................................................ 145
10.2.8 KSS15036 ............................................................................................................ 145
10.2.9 KSS15037 ............................................................................................................ 146
10.2.10 KSS15039 ............................................................................................................ 146
10.2.11 KSS15040 ............................................................................................................ 148
10.2.12 KSS15041 ............................................................................................................ 149
10.2.13 KSS15042 ............................................................................................................ 151
10.2.14 KSS15043 ............................................................................................................ 152
10.2.15 KSS15044 ............................................................................................................ 154
10.2.16 KSS15045 ............................................................................................................ 155
10.2.17 KSS15046 ............................................................................................................ 158
10.2.18 KSS15047 ............................................................................................................ 159
10.2.19 KSS15048 ............................................................................................................ 159
10.2.20 KSS15049 ............................................................................................................ 159
10.2.21 KSS15050 ............................................................................................................ 160
10.2.22 KSS15051 ............................................................................................................ 160
10.2.23
10.2.24 KSS15052
KSS15053 ............................................................................................................
............................................................................................................ 161
163
10.2.25 KSS15054 ............................................................................................................ 164
10.2.26 KSS15065 ............................................................................................................ 165
10.2.27 KSS15066 ............................................................................................................ 165
10.2.28 KSS15079 ............................................................................................................ 168
10.2.29 KSS15081 ............................................................................................................ 169
10.2.30 KSS15083 ............................................................................................................ 170
10.2.31 KSS15127 ............................................................................................................ 170
11 Appendix ...................................................................................................... 171
11.1 Checklists .................................................................................................................. 171

Contents
11.1.1 Precondition for safety acceptance based on the checklists ................................ 171
11.1.2 Checklist for robot and system ............................................................................. 171
11.1.3 Checklist for safety functions ................................................................................ 172
11.1.4 Checklist for Cartesian velocity monitoring functions ........................................... 175
11.1.5 Checklist for axis-specific velocity monitoring functions ....................................... 176
11.1.6 Checklist for safe operational stop for axis groups ............................................... 180
11.1.7 Checklist for cell area ........................................................................................... 182
11.1.8 Checklist for C artesian monitoring spaces ........................................................... 183
11.1.9 Checklist for axis-specific monitoring spaces ....................................................... 185
11.1.10 Checklist for safe tools .......................................................................................... 190
11.2 Applied norms and directives..................................................................................... 192
12 KUKA Service .............................................................................................. 193
12.1 Requesting support .................................................................................................... 193
12.2 KUKA Customer Support ........................................................................................... 193
Index ............................................................................................................. 201


1 Introduction
1 Introduction
t
1 .1 Target group
t
This documentation is aimed at users with the following knowledge and skills:
 Advanced knowledge of the robot controller system
 Advanced KRL programming skills
For optimal use of our products, we recommend that our customers
take part in a course of training at KUKA College. Information about
the training program can be found at www.kuka.com or can be ob-
tained directly from our subsidiaries.
1 .2 Industrial robot documentation
The industrial robot documentation consists of the following parts:

 Documentation for the manipulator
 Documentation for the robot controller
 Operating and programming instructions for the System Software
 Instructions for options and accessories
 Parts catalog on storage medium
Each of these sets of instructions is a separate document.
1 .3 Representation of warnings and notes
Safety These warnings are relevant to safety and must be observed.
These warnings mean that it is certain or highly probable

that death or severe injuries will occur, if no precautions
are taken.
These warnings mean that death or severe injuries may

occur, if no precautions are taken.
These warnings mean that minor injuries may occur, if

no precautions are taken.
These warnings mean that damage to property may oc-

cur, if no precautions are taken.
These
generalwarnings contain references to safety-relevant information or
safety measures.
These warnings do not refer to individual hazards or individual pre-
cautionary measures.
This warning draws attention to procedures which serve to prevent or remedy
emergencies or malfunctions:
Procedures marked with this warning must be followed

exactly.
Notices These notices serve to make your work easier or contain references to further
information.

Tip to make your work easier or reference to further information.
1 .4 Terms used
Term Description
Axis range Range of an axis in degrees or millimeters within
which the axis moves. The axis range is defined by
a lower and an upper axis limit.
Axis limit An axisishas
There 2 axis and
an upper limitsa which
lower define the axis range.
axis limit.
Stopping distance Stopping distance = reaction distance + braking dis-
tance
The stopping distance is part of the danger zone.
Workspace Monitoring space that the defined axes or the safe
tool are not allowed to leave. The axes or the safe
tool must always move within the limits of the work-
space.
(>>> 2.2.3 "Cartesian workspaces" Page 20)
(>>> 2.2.5 "Axis-specific workspaces" Page 22)
CIP Safety CIP Safety is an Ethernet/IP-based safety interface
for connecting a safety PLC to the robot controller.
(PLC = master, robot controller = slave)
(>>> 8.1.1 "SafeOperation via Ethernet safety inter-
face (optional)" Page 129)
CK Customer-builtKinematics
EtherNet/IP EtherNet/IP is an Ethernet-based field bus (Ethernet
interface).
(>>> 8.1.2 "Diagnostic signals via Ethernet inter-
face" Page 133)
Danger zone The danger zone consists of the workspace and the
stopping distances.
Mastering test The mastering test verifies whether the current posi-
tion of the robot and the additional axes matches a
reference position.
(>>> 7.6 "Mastering test" Page 98)
KL KUKAlinearunit
Alarm space An alarm space signals a workspace violation by
settingassigned
nently an output.toThe
the alarm spacesoutputs
configurable are perma-
of the
interface options PROFIsafe, CIP Safety or X13
(Extended SIB).
Monitoring time During the monitoring time, the user is prompted to
perform the mastering test.
Polygon, convex A convex polygon is a polygon consisting of at least
3 different corners. Triangles and squares are exam-
ples of convex polygons.
(>>> 2.2.2 "Cell area" Page 19)

1 Introduction
Term Description
PROFINET PROFINET is an Ethernet-based field bus (Ethernet
interface).
(>>> 8.1.2 "Diagnostic signals via Ethernet inter-
face" Page 133)
PROFIsafe PROFIsafe is a PROFINET-based safety interface
for connecting a safety PLC to the robot controller.
(PLC = master, robot controller = slave)
(>>> 8.1.1 "SafeOperation via Ethernet safety inter-
face (optional)" Page 129)
Reference group A reference group contains the axes of a kinematic
system that are required for moving to a reference
position and are to be subjected to safe monitoring.
Reference position The reference position is a Cartesian position to
which the robot moves during the mastering test.
(>>> 7.6.4 "Selecting a reference position"
Page 101)
Reference stop Safety stop that is triggered if the mastering test has
not been performed. The reference stop can be acti-
vated for monitoring spaces.
(>>> 2.2.8 "Reference stop" Page 25)
Reference switch To perform the mastering test, a reference button is
required. The reference position is confirmed using
the reference button.
(>>> 2.6 "Reference switch module" Page 28)
Protected space Monitoring space into which the defined axes or the
safe tool are not allowed to intrude. The axes or the
safe tool must always move outside the limits of the
protected space.
(>>> 2.2.4 "Cartesian protected spaces" Page 21)
(>>> 2.2.6 "Axis-specific protected spaces"
Page 23)
SIB SafetyInterfaceBoard
Safety STOP 0 A stop that is triggered and executed by the safety
controller. The safety controller immediately
switches off the drives and the power supply to the
brakes.
Note: This stop is called safety STOP 0 in this docu-
ment.
Safety STOP 1 A stop that is triggered and monitored by the safety
controller. The braking operation is carried out by
the non-safety-oriented section of the robot control-
ler and monitored by the safety controller. As soon
as the manipulator is has stopped, the safety con-
troller deactivates the drives and the power supply
of the brakes.
ment.

Term Description
Safety STOP 2 A stop that is triggered and monitored by the safety
controller. The braking operation is carried out by
the non-safety-oriented section of the robot control-
ler and monitored by the safety controller. The drives
remain activated and the brakes released.
ment.
Safe operational In the event of a safe operational stop, the system
stop monitors standstill of the axes for which the safe
operational stop is configured. When the axes are at
a monitored standstill, they may move within the
configured axis angle or distance tolerances.
(>>> 2.5 "Safe operational stop for axis groups"
Page 28)
Safe tools A safe tool can be modeled using up to 6 configu-
rable spheres. These spheres are monitored against
the limits of the Cartesian monitoring spaces. Each
safe tool has a safe TCP against which the config-
ured velocity limits are monitored.
(>>> 2.3 "Safe tools" Page 26)
Monitoring space A monitoring space can be defined in Cartesian
terms or axis-specifically and as a workspace or pro-
tected space.
(>>> 2.2 "Monitoring spaces" Page 14)
Cell area Cartesian workspace that forms a convex polygon
with 3 … 10 vertices (corners) and is limited in ±Z
direction. The cell area is the maximum permitted
working range of the robot.
(>>> 2.2.2 "Cell area" Page 19)

2 Product description
2 .1
t
Overview of SafeOperation
Functions SafeOperation is a safety option with software and hardware components and
the following functions:
 Safe monitoring of a maximum of 16 user-defined, axis-specific or Carte-
sian monitoring spaces
 Safe monitoring of a user-defined cell area
 Safe monitoring of axis-specific velocities

Safe monitoring of space-specific velocities
 Safe monitoring of Cartesian velocities
 Modeling of up to 16 safe tools with safe TCP
 Safe stop via safety controller
 Safe operational stop for up to 6 axis groups
 Connection to a higher-level controller, e.g. to a safety PLC
 Safe inputs for activation of the monitoring functions
 Safe outputs for status messages of the monitoring functions
 Creation and editing of the safety configuration on the robot controller or
in WorkVisual.
Information about the safety configuration in WorkVisual is contained
in the WorkVisual documentation.
Areas of appli-  Human-robot cooperation

cation  Direct loading of workpieces without an intermediate support
 Replacement of conventional axis range monitoring systems
SafeOperation cannot and must not be used in conjunction with a CK.
Decouplable external axes are not supported by SafeOperation. In

the case of decouplable external axes, safe position sensing is not
possible, as the machine data change while the controller is running.
Functional The components of the industrial robot move within the limits that have been
principle configured and activated. The actual positions are continuously calculated and
monitored against the safety parameters that have been set.
The safety controller monitors the industrial robot by means of the safety pa-
rameters that have been set. If a component of the industrial robot violates a
monitoring limit or a safety parameter, the robot and external axes (optional)
are stopped.

Fig. 2-1: Example of a cell with SafeOperation
1 Referenceswitch 5 Systemcontrolpanel
2 Robot 6 Robotcontroller
3 Loadingstation 7 Bendingmachine
4 Safety mat
Components These software components are included in the SafeOperation package:

 KUKA.SafeOperation 3.2
These hardware components are included in the SafeOperation package:
 Reference switch module
Brake test The brake test serves as a diagnostic measure for the robot axis and external
axis brakes. The brakes are activated for the stop reactions safety stop 0 and
safety stop 1.
If a safety option is installed and the safe monitoring is active, the brake test is
automatically active.
Interfaces Various interfaces are available for connection to a higher-level controller. The
safe I/Os of these interfaces can be used, for example, to signal a violation of
safety monitoring functions.
 Ethernet safety interfaces:
 PROFINET/PROFIsafe
 EtherNet/IP/CIP Safety
 Discrete safety interface for safety options:
 X13 via Extended SIB
2 .2 Monitoring s paces
A maximum of 16 monitoring spaces can be configured. A cell area must also

be configured.

Monitoring space A monitoring space can be defined as a Cartesian cuboid or by means of indi-
vidual axis ranges. Each monitoring space can be set as a workspace or pro-
tected space.
(>>> 2.2.3 "Cartesian workspaces" Page 20)
(>>> 2.2.4 "Cartesian protected spaces" Page 21)
(>>> 2.2.5 "Axis-specific workspaces" Page 22)
(>>> 2.2.6 "Axis-specific protected spaces" Page 23)
For every monitoring space, a space-specific Cartesian velocity can be de-
fined inside or outside the monitoring space.
(>>> 2.2.7 "Space-specific velocity" Page 25)

For each monitoring space, a reference stop can be set that stops the robot if
no mastering test has been carried out.
(>>> 2.2.8 "Reference stop" Page 25)
Monitoring can be activated and deactivated for each individual monitoring
space, or activated by means of safe inputs.
Safe outputs are permanently assigned to the monitoring spaces. The safe
outputs are set if a monitoring space is violated.
Whether or not a stop is triggered at the space limit is a function that can be
configured.
Cell area The cell area is a Cartesian workspace in the form of a convex polygon with 3
to 10 corners and is limited in the ±Z direction.
(>>> 2.2.2 "Cell area" Page 19)
The cell areaactivated

configured, is permanently monitoredindividually.
and deactivated and always active. The corners can be
A safety stop 0 is always triggered at the space limit.
Stopping If the robot is stopped by a monitoring function, it requires a certain stopping
distance distance before coming to a standstill.
The stopping distance depends primarily on the following factors:
 Robot type
 Velocity of the robot
 Position of the robot axes
 Payload
The stopping distance when a monitoring function is triggered varies
according to the specific robot type. This aspect must be taken into
account by the system integrator during parameterization of the mon-
itoring functions as part of the safety assessment.
Further information about the stopping distances and stopping times

can be found in the assembly or operating instructions of the relevant
robot.

Stop reactions
Stopreaction Description Example
Safety stop 0 The stop is triggered in T2, AUT or Robot exceeds the limit of an acti-
AUT EXT mode if a monitoring func- vated workspace in Automatic mode.
tion is already activated and the
robot then exceeds the monitoring
space limit.
Safety stop 1 The stop is triggered if the robot Robot exceeds the limit of an acti-
exceeds a monitoring space limit in vated workspace in T1 mode.
T1 mode.
The stop is triggered if a monitoring A protected space in which the robot
function
the robotishas
justalready
being activated
exceededand
the is currently
safety mat. situated is activated by a
monitoring space limit.
The stop is triggered if a reference After a restart of the robot controller,
stop is activated for an activated the safety controller requests a mas-
monitoring space and the robot tering test. The robot continues to
exceeds the monitoring space limit move during the monitoring time and
after an internal mastering test exceeds in T2 mode the limit of an
request in T2, AUT or AUT EXT activated protected space for which
mode. the reference stop is activated.
2.2.1 Coordinate systems
Overview The following Cartesian coordinate systems are defined in the robot controller:
 WORLD
 ROBROOT
 BASE
 TOOL
Fig. 2-2: Overview of coordinate systems

Description WORLD
The WORLD coordinate system is a permanently defined Cartesian coordi-
nate system. It is the root coordinate system for the ROBROOT and BASE co-
ordinate systems.
By default, the WORLD coordinate system is located at the robot base.
ROBROOT
The ROBROOT coordinate system is a Cartesian coordinate system, which is
always located at the robot base. It defines the position of the robot relative to
the WORLD coordinate system.
By default, the ROBROOT coordinate system is identical to the WORLD coor-
dinate system. $ROBROOT allows the definition of an offset of the robot rela-
tive to the WORLD coordinate system.
BASE
The BASE coordinate system is a Cartesian coordinate system that defines
the position of the workpiece. It is relative to the WORLD coordinate system.
By default, the BASE coordinate system is identical to the WORLD coordinate
system. It is offset to the workpiece by the user.
TOOL
The TOOL coordinate system is a Cartesian coordinate system which is locat-
ed at the tool center point.
By default, the srcin of the TOOL coordinate system is located at the flange
center point. (In this case it is called the FLANGE coordinate system.) The
TOOL coordinate system is offset to the tool center point by the user.
Angles of rotation of the robot coordinate systems
Angle Rotationaboutaxis
Angle A Rotation about the Z axis
Angle B Rotation about the Y axis
Angle C Rotation about the X axis

2.2.1.1 Special cases
Fig. 2-3: ROBROOT coordinate system Jet
In the case of Jet robots, the ROBROOT coordinate system is fixed. They do
not move with the robot.
Fig. 2-4: ROBROOT coordinate system KL
In the case of a KL, the relationship between the ROBROOT coordinate sys-
tem and the WORLD coordinate system changes. The ROBROOT coordinate
system moves with the robot on the KL.

2.2.2 Cell area
Description The cell area is a Cartesian monitoring space that is limited in the ±Z direction.
The safe tool on the mounting flange of the robot is modeled using up to 6 con-
figurable spheres; when the robot moves, these spheres move with it. These
spheres are monitored against the cell area and must only move within this cell
area. If a sphere violates the limits of the cell area, the robot stops with a safety
stop 0.
Cartesian monitoring spaces are only monitored against

the spheres used to model the safe tool. Robot compo-
nents situated outside the tool spheres are not monitored and a space viola-
tion by these components is not detected. Cartesian monitoring spaces and
tool spheres must therefore be designed and configured in such a manner
that the unmonitored robot components do not pose any threat.
The cell area is configured in the WORLD coordinate system as a convex poly-
gon with 3 to 10 corners.
A convex polygon is a polygon consisting of at least 3 different corners. The
line segments between any 2 corners must not be outside the polygon. Trian-
gles and squares are examples of convex polygons.
Fig. 2-5
1 Example of a convex polygon with 6 corners

2 Example of a non-convex polygon with 6 corners
Example The diagram shows an example of a configured cell area.

Fig. 2-6: Example of a cell area
1 Cell area
2 Safely monitored tool spheres
3 Robot
2.2.3 Cartesian wo rkspaces
Description The safe tool on the mounting flange of the robot is modeled using up to 6 con-
spheres are simultaneously monitored against the activated Cartesian work-
spaces and must move within the workspaces.
If a sphere violates the limit of a workspace, the following reactions can occur:
 A safe output is reset (state: “logic 0”).
The safe outputs are set if a monitoring space is not violated (state: “logic
1”).
If interface X13 is used, safe outputs are only available for monitoring
spaces 1 … 6.
 The robot is stopped (configurable).
 Cartesian velocity monitoring is activated (configurable).
Cartesian
the spheresmonitoring spacesthe
used to model aresafe
onlytool.
monitored against
Robot compo-
Only KUKA linear units are supported as ROBROOT kinematic sys-

tems.
Example The diagram shows an example of a configured Cartesian workspace.

Fig. 2-7: Example of a Cartesian workspace
1 Working space
3 Robot
2.2.4 Cartesian protected spaces
Description The safe tool on the mounting flange of the robot is modeled using up to 6 con-
spheres are simultaneously monitored against the activated Cartesian protect-
ed spaces and must move outside the protected spaces.
The length, width and height of a protected space must not fall below the pre-
defined minimum value. This value depends on the global maximum Cartesian
velocity and the radius of the smallest sphere of the safe tool.
(>>> "Minimum protected space dimensions" Page 72)
If a sphere violates the limit of a protected space, the following reactions can
occur:
1”).
spaces 1 … 6.

Only KUKA linear units are supported as ROBROOT kinematic sys-

tems.
Example The diagram shows an example of a Cartesian protected space.
Fig. 2-8: Example of a Cartesian protected space
1 Protected space
3 Robot
2.2.5 Axis-specific wo rkspaces
Description The axis limits can be set and monitored individually for each axis via the soft-
ware. The resulting axis range is the permissible range of an axis within which
the robot may move. The individual axis ranges together make up the overall
workspace, which may consist of up to 8 axis ranges.
A maximum of 8 axes or, in the case of kinematic systems with mas-

ter/slave axes, a maximum of 8 drives can be configured for each
monitoring space.
If the robot violates an axis limit, the following reactions can occur:
1”).
spaces 1 … 6.

Example The diagram shows an example of an axis-specific workspace. The work-

space of axis 1 is configured from -110° to +130° and corresponds to the per-
missible motion range of the robot.
Fig. 2-9: Example of an axis-specific workspace
1 Workspace 3 Stoppingdistance
2 Robot 4 Protectedspace
2.2.6 Axis-specific p rotected s paces
Description The axis limits can be set and monitored individually for each axis via the soft-
ware. The resulting axis range is the protected range of an axis within which
the robot may not move. The individual axis ranges together make up the pro-
tected space, which may consist of up to 8 axis ranges.

monitoring space.
If the robot violates an axis limit, the following reactions can occur:
1”).
spaces 1 … 6.
In the case of axes that can rotate more than 360°, e.g.
axis 1, the configured axis ranges refer to the position of
the axis (including sign) and not to the sector of a circle. Serious injury and
severe damage to the robot can be caused. If, for example, a protected
space of +90° to +270° is configured, the robot can move through the protect-
ed space in the other direction from -90° to -185°. In this case, it is advisable
to configure a workspace from -90° to +90°.

Fig. 2-10: Example of an axis-specific protected space through which the

robot can move
1 Workspace 3 Protectedspace
2 Robot 4 Protectedspacethrough
which the robot can move
Example The diagram shows an example of an axis-specific protected space. The safe-
guarded space and the stopping distances correspond to the configured pro-
tected space. The motion range of axis 1 is limited to -185° to +185° by means
of software limit switches. The protected space is configured from -110° to
-10°. This results in 2 permissible motion ranges for the robot, separated by
the configured protected space.
Fig. 2-11: Example of an axis-specific protected space
1 Permissiblerange1 4 Protectedspace
2 Robot 5 Permissiblerange2
3 Stopping distance

2.2.7 Space-specific velocity
Description For Cartesian and axis-specific monitoring spaces, a Cartesian velocity can be
defined which is monitored if the space is violated or not violated. A safe TCP
is defined for every safe tool. This safe TCP is monitored against a configured
velocity limit. If the safe TCP exceeds the velocity limit, the robot is stopped
safely.
Example The diagram shows an example of a Cartesian workspace. If the safe TCP on
the safe tool exceeds the velocity limit inside the workspace, the robot is
stopped with a safety stop 0.
Fig. 2-12: Space-specific velocity example
1 Working space
3 Robot
2.2.8 Reference stop
Description A reference stop can be activated for monitoring spaces. (= function Stop if
mastering test not yet done)
If the reference stop is activated and the following conditions are met, the robot
can only be moved in T1 mode:
 Monitoring space is activated.
 Mastering test is requested internally.
If the reference stop is activated and the following preconditions are met, the
robot stops with a safety stop 1:
 Monitoring space is activated.
 Mastering test is requested internally.
 Operating mode T2, AUT or AUT EXT

To be able to move the robot again in the stop-triggering operating modes, the
following possibilities are available:
 Perform mastering test in T1 mode.
 Deactivate monitoring spaces.
 Deactivate reference stop.
2 .3 S a f e t o o ls
Description Up to 16 safe tools can be defined. A safe TCP is defined for each safe tool
and monitored against the configured velocity limits.
A safe
are tool can against
monitored be modeled usingofupthe
the limits to 6Cartesian
configurable spheres.
monitoring These spheres
spaces.
The sphere radius must not fall below the predefined minimum value. This ra-
dius is dependent on the global maximum Cartesian velocity.
(>>> "Minimum sphere radius" Page 72)
The safe tools are activated using safe inputs. Only one safe tool may be ac-
tive at any time.
If interface X13 is used, tool 1 is always active. The tool cannot be ac-
tivated via a safe input. An automated, safely monitored tool change
is thus not possible.
The safe TCP for the velocity monitoring can be freely configured in
the safety configuration. It is independent of the current TCP that is
set in the KUKA System Software with the variable $TOOL.

Example The diagram shows an example of a safe tool. 2 spheres and a safe TCP are
defined on the safe tool of the robot by means of the FLANGE coordinate sys-
tem.

Fig. 2-13: Safe tool
2 .4 Velocity monitoring functions
Axis-specific and Cartesian velocities can be monitored.

Axis velocity The velocity of every axis is monitored against a limit value:
 Limit value for reduced axis velocity (optional)
 Limit value for maximum axis velocity for T1 mode
Monitoring of the maximum axis velocity in T1 mode is part of the
standard safety configuration and always active.
 Limit value for maximum axis velocity (valid globally for every axis)
Cartesian velocity The Cartesian velocity at the safe TCP of the active safe tool is monitored. The
velocity monitoring is always relative to $WORLD:
 Limit value for the reduced velocity at the safe TCP (optional)
 Limit value for the reduced velocity at the safe TCP for T1 mode
 Limit value for the global maximum velocity at the safe TCP and at the
sphere center points of the safe tool (not space-dependent)
 Space-specific velocity
(>>> 2.2.7 "Space-specific velocity" Page 25)

Stop reactions
Stopreaction Description Example
Safety stop 0 The stop is triggered if a monitoring In automatic operation, the robot
function is already activated and the exceeds the activated limit value for
robot then exceeds the monitoring reduced axis velocity.
limit.
Safety stop 1 The stop is triggered if a monitoring The safe reduced velocity, for which
function is just being activated and the limit value has already been
the robot has already exceeded the exceeded by the robot, is activated
monitoring limit. by a safety mat.

2.5 Safe operational stop for axis groups
Description The global safe operational stop is one of the standard safety functions. If it is
activated via the safety interface, the standstill of all axes of the kinematic sys-
tem is monitored. The axes may still move within the configured axis angle or
distance tolerances. These can be configured individually for each axis.
With SafeOperation, the safe operational stop can additionally be configured
for up to 6 axis groups. An axis group comprises the axes that are to be mon-
itored when the safe operational stop is activated for this axis group. Before
monitoring is activated, the corresponding axes must be stopped under pro-
gram control.

ter/slave axes, a maximum of 8 drives can be configured for each axis
group.
If the safe operational stop is activated for an axis group, the standstill of the
axes for which it has been configured is monitored using failsafe technology.
The axes may still move within the configured axis angle or distance toleranc-
es.
If the safe operational stop is violated, i.e. if the position tolerance for an axis
is exceeded or the velocity of an axis exceeds the maximum permitted level,
a safety stop 0 is triggered in response. The safety stop 0 affects all axes, not
just those for which the operational stop is configured. This means that an un-
intended motion of an axis relevant for the safe operational stop causes the
machine to stop.
2 .6 Reference switch module
Description A reference switch module consists of the following components:

 Inductive reference switch XS Ref
 Straight or angled actuating plate
 Reference cable X42 - XS Ref
 Reference connector X42
Fig. 2-14: Reference group hardware components
1 Inductive reference switch 2 Straight actuating plate

In combination with a straight or angled actuating plate, reference switch mod-
ules are available with different cable lengths.

Length Actuatingplate
7m Straightorangled
15 m
25 m
40 m
2 .7 Connecting c ables
Overview The diagram shows an example of the connecting cables of the industrial robot
with connected reference switch. The reference switch is connected via the
reference cable to the robot controller. The maximum hose length is 40 m.
In the case of a KR C4, only 1 reference switch can be connected di-
rectly to the robot controller. If multiple reference groups are required,
the reference switches can be connected to the safety PLC and acti-
vated via PROFIsafe or CIP Safety. The safety PLC must evaluate the refer-
ence switches and set the input Mastering test accordingly.
A KR C4 compact is not equipped with a connection allowing a refer-

ence switch to be connected to the robot controller. Reference switch-
es must be connected to the safety PLC and activated via PROFIsafe
or CIP Safety. The safety PLC must evaluate the reference switches and set
the input Mastering test accordingly.
Fig. 2-15: Overview of connecting cables
Pos. Description
1 Robot controller
2 Robot
3 Reference switch XS Ref
4 Reference cable X42 - XS Ref (maximum cable length 40 m)
5 Data cable X21

Cables must not be connected and disconnected during

operation. Only the reference cable X42 - XS Ref sup-
plied by KUKA Roboter GmbH may be used. Reference cable X42 - XS Ref
is suitable for use in a cable carrier. The minimum bending radii must be ob-
served when routing cables.
Typeofrouting Bendingradius
Fixedinstallation Min.5xØofcable
Installation in cable carrier Min. 10xØ of cable

3 Technical data
3
T
Technical data
3 .1 S e r v ic e lif e
t
The maximum permissible service life of safety-relevant hardware compo-
nents is 20 years. Once this time has been reached, the safety-relevant hard-
ware components must be exchanged.
3 .2 Reference switch
Basic data
Designation Values
Ambient temperature -25 °C to +70 °C
Switchingfunction Breakcontact
DC operating voltage or HIGH level in the case 24 V
of pulsed operating voltage of the reference
switch
Permissible range for the DC operating voltage 20 … 33 V
or HIGH level U B(HIGH) for pulsed voltage
LOW level UB(LOW) for pulsed voltage 0…5V
Required pulse duty factor T(HIGH):T(LOW) for Min. 4:1
pulsed voltage
Supported pulse duration T(LOW) for pulsed 0.1 … 20 ms
voltage
Protectionrating IP67
Operating current (power consumption) without 5 mA
load
Permissibleloadcurrent max.250mA
Permissible switching frequency max. 500 Hz
Permissible switching distance at the proximity 0 … 4 mm
switch surfaces
Short circuit and overload protection, pulsed Yes
Outputs  PNP
 LOW-active
 Dual-channel
LEDfunctionindicator Yes
Hysteresiswheninstalled 0.2…1mm
EMCconformity IEC60947-5-2
Pulse duty factor
Fig. 3-1: Pulse duty factor for pulsed voltage

Hole pattern
Fig. 3-2: Hole pattern for reference switch
1 2 holes for fastening elements, Ø 6.6 mm

2 2 holes for roll pins, Ø 4 mm
3.3 Connector pin assignment of reference cable X42-XS Ref
Fig. 3-3: Connector pin allocation for reference cable X42 - XS Ref
Fig. 3-4: Wiring diagram for reference cable X42 - XS Ref

3 Technical data
3 .4 Circuit d igram o f reference switch XS Ref
Fig. 3-5: Circuit diagram of reference switch XS Ref
1 Switching element, channel A 2 Switching element, channel B
3 .5 Hole p attern for actuating plate
Fig. 3-6: Hole pattern for actuating plate
1 2 M6 threaded holes for fastening elements

2 2 holes for fastening elements, Ø 9 mm


4 Safety
4 Safety
f
4 .1 General
4.1.1 Liability
The device described in this document is either an industrial robot or a com-

ponent thereof.
Components of the industrial robot:
 Manipulator
 Robot controller
 Teach pendant
 Connecting cables
 External axes (optional)
e.g. linear unit, turn-tilt table, positioner
 Software
 Options, accessories
The industrial robot is built using state-of-the-art technology and in accor-
dance with the recognized safety rules. Nevertheless, misuse of the industrial
robot may constitute a risk to life and limb or cause damage to the industrial
robot and to other material property.
The industrial robot may only be used in perfect technical condition in accor-
dance with its designated use and only by safety-conscious persons who are
fully aware of the risks involved in its operation. Use of the industrial robot is
subject to compliance with this document and with the declaration of incorpo-
ration supplied together with the industrial robot. Any functional disorders af-
fecting safety must be rectified immediately.
Safety infor- Safety information cannot be held against KUKA Roboter GmbH. Even if all
mation safety instructions are followed, this is not a guarantee that the industrial robot
will not cause personal injuries or material damage.
No modifications may be carried out to the industrial robot without the autho-
rization of KUKA Roboter GmbH. Additional components (tools, software,
etc.), not supplied by KUKA Roboter GmbH, may be integrated into the indus-
trial robot. The user is liable for any damage these components may cause to
the industrial robot or to other material property.
In addition to the Safety chapter, this document contains further safety instruc-
tions. These must also be observed.
4.1.2 Intended use of the industrial robot
The industrial robot is intended exclusively for the use designated in the “Pur-
pose” chapter of the operating instructions or assembly instructions.
Any use or application deviating from the intended use is deemed to be misuse
and is not allowed. The manufacturer is not liable for any damage resulting
from such misuse. The risk lies entirely with the user.
Operation of the industrial robot in accordance with its intended use also re-
quires compliance with the operating and assembly instructions for the individ-
ual components, with particular reference to the maintenance specifications.
Misuse Any use or application deviating from the intended use is deemed to be misuse
and is not allowed. This includes e.g.:

 Transportation of persons and animals

 Use as a climbing aid
 Operation outside the specified operating parameters
 Use in potentially explosive environments
 Operation without additional safeguards
 Outdoor operation
 Underground operation
4.1.3 EC declaration of conformity and declaration of incorporation
The industrial robot

EC Machinery constitutes
Directive. partly completed
The industrial robot maymachinery
only be putasinto
defined by theif
operation
the following preconditions are met:
 The industrial robot is integrated into a complete system.
or: The industrial robot, together with other machinery, constitutes a com-
plete system.
or: All safety functions and safeguards required for operation in the com-
plete machine as defined by the EC Machinery Directive have been added
to the industrial robot.
 The complete system complies with the EC Machinery Directive. This has
been confirmed by means of an assessment of conformity.
Declaration of The system integrator must issue a declaration of conformity for the complete
conformity system in accordance with the Machinery Directive. The declaration of confor-
mity forms the basis for the CE mark for the system. The industrial robot must
always be operated in accordance with the applicable national laws, regula-
tions and standards.
The robot controller is CE certified under the EMC Directive and the Low Volt-
age Directive.
Declaration of The partly completed machinery is supplied with a declaration of incorporation
incorporation in accordance with Annex II B of the EC Machinery Directive 2006/42/EC. The
assembly instructions and a list of essential requirements complied with in ac-
cordance with Annex I are integral parts of this declaration of incorporation.
The declaration of incorporation declares that the start-up of the partly com-
pleted machinery is not allowed until the partly completed machinery has been
incorporated into machinery, or has been assembled with other parts to form
machinery, and this machinery complies with the terms of the EC Machinery
Directive, and the EC declaration of conformity is present in accordance with
Annex II A.
4.1.4 Terms used
STOP 0, STOP 1 and STOP 2 are the stop definitions according to EN 60204-
1:2006.
Term Description
Axis range Range of each axis, in degrees or millimeters, within which it may move.
The axis range must be defined for each axis.
Stopping distance Stopping distance = reaction distance + braking distance
The stopping distance is part of the danger zone.
Workspace Area within which the robot may move. The workspace is derived from
the individual axis ranges.

4 Safety
Term Description
User The user of the industrial robot can be the management, employer or
delegated person responsible for use of the industrial robot.
Danger zone The danger zone consists of the workspace and the stopping distances
of the manipulator and external axes (optional).
Service life The service life of a safety-relevant component begins at the time of
delivery of the component to the customer.
The service life is not affected by whether the component is used or not,
as safety-relevant components are also subject to aging during storage.
KUKA smartPAD see “smartPAD”
Manipulator The robot arm and the associated electrical installations
Safety zone The safety zone is situated outside the danger zone.
Safe operational stop The safe operational stop is a standstill monitoring function. It does not
stop the robot motion, but monitors whether the robot axes are station-
ary. If these are moved during the safe operational stop, a safety stop
STOP 0 is triggered.
The safe operational stop can also be triggered externally.
When a safe operational stop is triggered, the robot controller sets an
output to the field bus. The output is set even if not all the axes were sta-
tionary at the time of triggering, thereby causing a safety stop STOP 0 to
be triggered.
Safety STOP 0 A stop that is triggered and executed by the safety controller. The safety
controller immediately switches off the drives and the power supply to
the brakes.
Note: This stop is called safety STOP 0 in this document.
Safety STOP 1 A stop that is triggered and monitored by the safety controller. The brak-
ing operation is carried out by the non-safety-oriented section of the
robot controller and monitored by the safety controller. As soon as the
manipulator is has stopped, the safety controller deactivates the drives
and the power supply of the brakes.
When a safety STOP 1 is triggered, the robot controller sets an output to
the field bus.
The safety STOP 1 can also be triggered externally.
Safety STOP 2 A stop that is triggered and monitored by the safety controller. The brak-
ing operation is carried out by the non-safety-oriented section of the
robot controller and monitored by the safety controller. The drives
remain activated and the brakes released. As soon as the manipulator is
at a standstill, a safe operational stop is triggered.
When a safety STOP 2 is triggered, the robot controller sets an output to
the field bus.
The safety STOP 2 can also be triggered externally.
Safety options Generic term for options which make it possible to configure additional
safe monitoring functions in addition to the standard safety functions.
Example: SafeOperation
smartPAD Programming device for the robot controller
The smartPAD has all the operator control and display functions
required for operating and programming the industrial robot.

Term Description
Stop category 0 The drives are deactivated immediately and the brakes are applied. The
manipulator and any external axes (optional) perform path-oriented
braking.
Note: This stop category is called STOP 0 in this document.
Stop category 1 The manipulator and any external axes (optional) perform path-main-
taining braking.
 Operating mode T1: The drives are deactivated as soon as the robot
has stopped, but no later than after 680 ms.
 Operating mode T2, AUT (not available for VKR C4), AUT EXT: The
drives are switched off after 1.5 s.
Stop category 2 The drives are not deactivated and the brakes are not applied. The
manipulator and any external axes (optional) are braked with a path-
maintaining braking ramp.
System integrator The system integrator is responsible for safely integrating the industrial
(plant integrator) robot into a complete system and commissioning it.
T1 Test mode, Manual Reduced Velocity (<= 250 mm/s)
T2 Test mode, Manual High Velocity (> 250 mm/s permissible)
External axis Motion axis which is not part of the manipulator but which is controlled
using the robot controller, e.g. KUKA linear unit, turn-tilt table, Posiflex.
4 .2 P er so n n el
The following persons or groups of persons are defined for the industrial robot:
 User
 Personnel
All persons working with the industrial robot must have read and un-
derstood the industrial robot documentation, including the safety
chapter.
User The user must observe the labor laws and regulations. This includes e.g.:
 The user must comply with his monitoring obligations.
 The user must carry out briefing at defined intervals.
Personnel Personnel must be instructed, before any work is commenced, in the type of
work involved and what exactly it entails as well as any hazards which may ex-
ist. Instruction must be carried out regularly. Instruction is also required after
particular incidents or technical modifications.
Personnel includes:
 System integrator
 Operators, subdivided into:
 Start-up, maintenance and service personnel
 Operating personnel
 Cleaning personnel
Installation, exchange, adjustment, operation, maintenance and re-
pair must be performed only as specified in the operating or assembly
instructions for the relevant component of the industrial robot and only
by personnel specially trained for this purpose.

4 Safety
System integrator The industrial robot is safely integrated into a complete system by the system
integrator.
The system integrator is responsible for the following tasks:
 Installing the industrial robot
 Connecting the industrial robot
 Performing risk assessment
 Implementing the required safety functions and safeguards
 Issuing the declaration of conformity
 Attaching the CE mark
 Creating the operating instructions for the complete system
Operator The operator must meet the following preconditions:
 The operator must be trained for the work to be carried out.
 Work on the industrial robot must only be carried out by qualified person-
nel. These are people who, due to their specialist training, knowledge and
experience, and their familiarization with the relevant standards, are able
to assess the work to be carried out and detect any potential hazards.
Work on the electrical and mechanical equipment of the industrial ro-
bot may only be carried out by specially trained personnel.
4 .3 Workspace, safety zone and danger zone
Workspaces are to be restricted to the necessary minimum size. A workspace

must be safeguarded using appropriate safeguards.
The safeguards (e.g. safety gate) must be situated inside the safety zone. In
the case of a stop, the manipulator and external axes (optional) are braked
and come to a stop within the danger zone.
The danger zone consists of the workspace and the stopping distances of the
manipulator and external axes (optional). It must be safeguarded by means of
physical safeguards to prevent danger to persons or the risk of material dam-
age.
4.3.1 Determining st opping di stances
The system integrator’s risk assessment may indicate that the stopping dis-
tances must be determined for an application. In order to determine the stop-
ping distances, the system integrator must identify the safety-relevant points
on the programmed path.
When determining the stopping distances, the robot must be moved with the
tool andtemperature.
erating loads which are
Thisalso used
is the in the
case afterapplication.
approx. 1 hThe robot must
in normal be at op-
operation.
During execution of the application, the robot must be stopped at the point
from which the stopping distance is to be calculated. This process must be re-
peated several times with a safety stop 0 and a safety stop 1. The least favor-
able stopping distance is decisive.
A safety stop 0 can be triggered by a safe operational stop via the safety inter-
face, for example. If a safety option is installed, it can be triggered, for in-
stance, by a space violation (e.g. the robot exceeds the limit of an activated
workspace in Automatic mode).
A safety stop 1 can be triggered by pressing the EMERGENCY STOP device
on the smartPAD, for example.

4 .4 Triggers for stop reactions
Stop reactions of the industrial robot are triggered in response to operator ac-
tions or as a reaction to monitoring functions and error messages. The follow-
ing table shows the different stop reactions according to the operating mode
that has been set.
Trigger T1T,2 AUTA, UT
EXT
Startkeyreleased STOP2 -
STOPkeypressed STOP2
DrivesOFF STOP
1
“Motion
drops outenable” input STOP 2
Power switched off via STOP 0
main switch or power fail-
ure
Internal error in non- STOP 0 or STOP 1
safety-oriented part of the
(dependent on the cause of the error)
robot controller
Operating mode changed Safety stop 2
during operation
Safety gate opened (oper- - Safetystop1
ator safety)
Enablingswitchreleased Safetystop2 -
Enabling switch pressed Safetystop1 -
fully down or error
E-STOPpressed Safetystop1
Error in safety controller Safety stop 0
or periphery of the safety
controller
4 .5 S a f e t y f u n c t io n s
4.5.1 Overview of the safety functions
The following safety functions are present in the industrial robot:

 Selecting the operating mode
 Operator safety (= connection for the monitoring of physical safeguards)
 EMERGENCY STOP device
 Enabling device
 External safe operational stop
 External safety stop 1
 External safety stop 2
 Velocity monitoring in T1
The safety functions of the industrial robot meet the following requirements:
 Category 3 and Performance Level d in accordance with EN ISO 13849-
1
The requirements are only met on the following condition, however:
 The EMERGENCY STOP device is pressed at least once every 12
months.
The following components are involved in the safety functions:

4 Safety
 Safety controller in the control PC

 KUKA smartPAD
 Cabinet Control Unit (CCU)
 Resolver Digital Converter (RDC)
 KUKA Power Pack (KPP)
 KUKA Servo Pack (KSP)
 Safety Interface Board (SIB) (if used)
There are also interfaces to components outside the industrial robot and to
other robot controllers.
In the absence
guards, of operational
the industrial robot cansafety
causefunctions
personaland safe-
injury or
material damage. If safety functions or safeguards are dismantled or deacti-
vated, the industrial robot may not be operated.
During system planning, the safety functions of the overall system

must also be planned and designed. The industrial robot must be in-
tegrated into this safety system of the overall system.
4.5.2 Safety c ontroller
The safety controller is a unit inside the control PC. It links safety-relevant sig-
nals and safety-relevant monitoring functions.
Safety controller tasks:
 Switching off the drives; applying the brakes

Monitoring the braking ramp
 Standstill monitoring (after the stop)
 Evaluation of safety-relevant signals
 Setting of safety-oriented outputs
4.5.3 Selecting the operating mode
Operating modes The industrial robot can be operated in the following modes:
 Manual Reduced Velocity (T1)
 Manual High Velocity (T2)
 Automatic (AUT)
 Automatic External (AUT EXT)
Do not change
operating modethe operatingduring
is changed mode program
while a program is running.
execution, If the
the industrial
robot is stopped with a safety stop 2.

Operat-
Use Velocities
ing mode
 Program verification:
Programmed velocity, maxi-
For test operation, pro- mum 250 mm/s
T1 gramming and teach-
ing  Jog mode:
Jog velocity, maximum
250 mm/s
 Program verification:
T2 For test operation Programmed velocity

Jog mode: Not possible
For industrial robots  Program mode:
AUT without higher-level Programmed velocity
controllers  Jog mode: Not possible
For industrial robots  Program mode:
AUT EXT with higher-level con- Programmed velocity
trollers, e.g. PLC  Jog mode: Not possible
Mode selector The user can change the operating mode via the connection manager. The
switch connection manager is a view that is called by means of the mode selector
switch on the smartPAD.
The mode selector switch may be one of the following variants:
 With key
It is only possible to change operating mode if the key is inserted.

Without key
If the smartPAD is fitted with a switch without a key:
An additional device must be present to ensure that the
relevant functions cannot be executed by all users, but only by a restricted
group of people.
The device itself must not trigger motions of the industrial robot or other haz-
ards. If this device is missing, death or severe injuries may result.
The system integrator is responsible for ensuring that such a device is imple-
mented.
4.5.4 “Operator safety” signal
The “operator safety” signal is used for monitoring physical safeguards, e.g.
safety gates. Automatic operation is not possible without this signal. In the
event of a loss of signal during automatic operation (e.g. safety gate is
opened), the manipulator stops with a safety stop 1.
Operator safety is not active in modes T1 (Manual Reduced Velocity) and T2
(Manual High Velocity).

4 Safety
Following a loss of signal, automatic operation may only

be resumed when the safeguard has been closed and
when the closing has been acknowledged. This acknowledgement is to pre-
vent automatic operation from being resumed inadvertently while there are
still persons in the danger zone, e.g. due to the safety gate closing acciden-
tally.
The acknowledgement must be designed in such a way that an actual check
of the danger zone can be carried out first. Other acknowledgement functions
(e.g. an acknowlegement which is automatically triggered by closure of the
safeguard) are not permitted.
The system integrator is responsible for ensuring that these criteria are met.
Failure to met them may result in death, severe injuries or considerable dam-
age to property.
4.5.5 EMERGENCY S TOP d evice
The EMERGENCY STOP device for the industrial robot is the EMERGENCY
STOP device on the smartPAD. The device must be pressed in the event of a
hazardous situation or emergency.
Reactions of the industrial robot if the EMERGENCY STOP device is pressed:
 The manipulator and any external axes (optional) are stopped with a safe-
ty stop 1.
Before operation can be resumed, the EMERGENCY STOP device must be
turned to release it.
Tools and other equipment connected to the manipulator
on the system side ifmust

theybe integrated
could intoathe
constitute EMERGENCY
potential hazard. STOP circuit
Failure to observe this precaution may result in death, severe injuries or con-
siderable damage to property.
There must always be at least one external EMERGENCY STOP device in-
stalled. This ensures that an EMERGENCY STOP device is available even
when the smartPAD is disconnected.
(>>> 4.5.7 "External EMERGENCY STOP device" Page 44)
4.5.6 Logging off from the higher-level safety controller
If the robot controller is connected to a higher-level safety controller, this con-

nection will inevitably be terminated in the following cases:
 Switching off the voltage via the main switch of the robot
Or power failure

Shutdown of the robot controller via the smartHMI
 Activation of a WorkVisual project in WorkVisual or directly on the robot
controller
 Changes to Start-up > Network configuration
 Changes to Configuration > Safety configuration
 I/O drivers > Reconfigure
 Restoration of an archive
Effect of the interruption:
 If a discrete safety interface is used, this triggers an EMERGENCY STOP
for the overall system.

 If the Ethernet interface is used, the KUKA safety controller generates a

signal that prevents the higher-level controller from triggering an EMER-
GENCY STOP for the overall system.
If the Ethernet safety interface is used: In his risk assessment, the
system integrator must take into consideration whether the fact that
switching off the robot controller does not trigger an EMERGENCY
STOP of the overall system could constitute a hazard and, if so, how this haz-
ard can be countered.
Failure to take this into consideration may result in death, injuries or damage
to property.
If a robot
the controller
smartPAD is noislonger
switched off, the E-STOP
functional. The userdevice
is re- on
sponsible for ensuring that the smartPAD is either covered or removed from
the system. This serves to prevent operational and non-operational EMER-
GENCY STOP devices from becoming interchanged.
Failure to observe this precaution may result in death, injuries or damage to
property.
4.5.7 External EMERGENCY STOP device
Every operator station that can initiate a robot motion or other potentially haz-
ardous situation must be equipped with an EMERGENCY STOP device. The
system integrator is responsible for ensuring this.
There must always be at least one external EMERGENCY STOP device in-
stalled. This ensures that an EMERGENCY STOP device is available even
when the smartPAD is disconnected.
External EMERGENCY STOP devices are connected via the customer inter-
face. External EMERGENCY STOP devices are not included in the scope of
supply of the industrial robot.
4.5.8 Enabling device
The enabling devices of the industrial robot are the enabling switches on the
smartPAD.
There are 3 enabling switches installed on the smartPAD. The enabling
switches have 3 positions:
 Not pressed
 Center position
 Panic position
In the test modes, the manipulator can only be moved if one of the enabling
switches is held in the central position.
 Releasing the enabling switch triggers a safety stop 2.
 Pressing the enabling switch down fully (panic position) triggers a safety
stop 1.
 It is possible to hold 2 enabling switches in the center position simultane-
ously for up to 15 seconds. This makes it possible to adjust grip from one
enabling switch to another one. If 2 enabling switches are held simultane-
ously in the center position for longer than 15 seconds, this triggers a safe-
ty stop 1.
If an enabling switch malfunctions (e.g. jams in the central position), the indus-
trial robot can be stopped using the following methods:
 Press the enabling switch down fully.

4 Safety
 Actuate the EMERGENCY STOP device.

 Release the Start key.
The enabling switches must not be held down by adhe-
sive tape or other means or tampered with in any other
way.
Death, injuries or damage to property may result.
4.5.9 External e nabling d evice
External enabling devices are required if it is necessary for more than one per-
son to be in the danger zone of the industrial robot.
External enabling devices are not included in the scope of supply of the indus-
trial robot.
Which interface can be used for connecting external enabling devices

is described in the “Planning” chapter of the robot controller operating
instructions and assembly instructions.
4.5.10 External safe operational stop
The safe operational stop can be triggered via an input on the customer inter-
face. The state is maintained as long as the external signal is FALSE. If the
external signal is TRUE, the manipulator can be moved again. No acknowl-
edgement is required.
4.5.11 External safety stop 1 and external safety stop 2

Safety stop 1 and safety stop 2 can be triggered via an input on the customer
interface. The state is maintained as long as the external signal is FALSE. If
the external signal is TRUE, the manipulator can be moved again. No ac-
knowledgement is required.
If interface X11 is selected as the customer interface, only the signal Safety
stop 2 is available.
4.5.12 Velocity monitoring in T1
The velocity at the mounting flange is monitored in T1 mode. If the velocity ex-
ceeds 250 mm/s, a safety stop 0 is triggered.
4 .6 Additional p rotective e quipment
4.6.1 Jog mode
In the operating modes T1 (Manual Reduced Velocity) and T2 (Manual High

Velocity), the robot controller can only execute programs in jog mode. This
means that it is necessary to hold down an enabling switch and the Start key
in order to execute a program.
 Releasing the enabling switch triggers a safety stop 2.
 Pressing the enabling switch down fully (panic position) triggers a safety
stop 1.
 Releasing the Start key triggers a STOP 2.

4.6.2 Software limit switches
The axis ranges of all manipulator and positioner axes are limited by means of
adjustable software limit switches. These software limit switches only serve as
machine protection and must be adjusted in such a way that the manipula-
tor/positioner cannot hit the mechanical end stops.
The software limit switches are set during commissioning of an industrial ro-
bot.
Further information is contained in the operating and programming in-

structions.
4.6.3 Mechanical end stops
Depending on the robot variant, the axis ranges of the main and wrist axes of
the manipulator are partially limited by mechanical end stops.
Additional mechanical end stops can be installed on the external axes.
If the manipulator or an external axis hits an obstruction

or a mechanical end stop or axis range limitation, the ma-
nipulator can no longer be operated safely. The manipulator must be taken
out of operation and KUKA Roboter GmbH must be consulted before it is put
back into operation .
4.6.4 Mechanical axis range limitation (optional)
Some manipulators can be fitted with mechanical axis range limitation in axes
A1 to A3. The adjustable axis range limitation systems restrict the working
range to the required minimum. This increases personal safety and protection
of the system.
In the case of manipulators that are not designed to be fitted with mechanical
axis range limitation, the workspace must be laid out in such a way that there
is no danger to persons or material property, even in the absence of mechan-
ical axis range limitation.
If this is not possible, the workspace must be limited by means of photoelectric
barriers, photoelectric curtains or obstacles on the system side. There must be
no shearing or crushing hazards at the loading and transfer areas.
This option is not available for all robot models. Information on spe-
cific robot models can be obtained from KUKA Roboter GmbH.
4.6.5 Axis range monitoring (optional)
Some manipulators can be fitted with dual-channel axis range monitoring sys-
tems in main axes A1 to A3. The positioner axes may be fitted with additional
axis range monitoring systems. The safety zone for an axis can be adjusted
and monitored using an axis range monitoring system. This increases person-
al safety and protection of the system.
This option is not available for all robot models. Information on spe-
cific robot models can be obtained from KUKA Roboter GmbH.

4 Safety
4.6.6 Options fo r moving the m anipulator wi thout dr ive en ergy
The system user is responsible for ensuring that the training of per-
sonnel with regard to the response to emergencies or exceptional sit-
uations also includes how the manipulator can be moved without
drive energy.
Description The following options are available for moving the manipulator without drive
energy after an accident or malfunction:
 Release device (optional)
The release device can be used for the main axis drive motors and, de-
pending on the robot variant, also for the wrist axis drive motors.
 Brake release device (option)
The brake release device is designed for robot variants whose motors are
not freely accessible.
 Moving the wrist axes directly by hand
There is no release device available for the wrist axes of variants in the low
payload category. This is not necessary because the wrist axes can be
moved directly by hand.
Information about the options available for the various robot models
and about how to use them can be found in the assembly and oper-
ating instructions for the robot or requested from KUKA Roboter
GmbH.
Moving the manipulator without drive energy can dam-

age the motor brakes of the axes concerned. The motor
must be replaced if the brake has been damaged. The manipulator may
therefore be moved without drive energy only in emergencies, e.g. for rescu-
ing persons.
4.6.7 Labeling o n t he industrial r obot
All plates, labels, symbols and marks constitute safety-relevant parts of the in-
dustrial robot. They must not be modified or removed.
Labeling on the industrial robot consists of:
 Identification plates
 Warning signs
 Safety symbols
 Designation labels
 Cable markings
 Rating plates
Further information is contained in the technical data of the operating
instructions or assembly instructions of the components of the indus-
trial robot.
4.6.8 External s afeguards
The access of persons to the danger zone of the industrial robot must be pre-
vented by means of safeguards. It is the responsibility of the system integrator
to ensure this.

Physical safeguards must meet the following requirements:

 They meet the requirements of EN 953.
 They prevent access of persons to the danger zone and cannot be easily
circumvented.
 They are sufficiently fastened and can withstand all forces that are likely
to occur in the course of operation, whether from inside or outside the en-
closure.
 They do not, themselves, represent a hazard or potential hazard.
 The prescribed minimum clearance from the danger zone is maintained.
Safety gates (maintenance gates) must meet the following requirements:

They are reduced to an absolute minimum.
 The interlocks (e.g. safety gate switches) are linked to the operator safety
input of the robot controller via safety gate switching devices or safety
PLC.
 Switching devices, switches and the type of switching conform to the re-
quirements of Performance Level d and category 3 according to EN ISO
13849-1.
 Depending on the risk situation: the safety gate is additionally safeguarded
by means of a locking mechanism that only allows the gate to be opened
if the manipulator is safely at a standstill.
 The button for acknowledging the safety gate is located outside the space
limited by the safeguards.
Further information is contained in the corresponding standards and
regulations. These also include EN 953.
Other safety Other safety equipment must be integrated into the system in accordance with
equipment the corresponding standards and regulations.
4.7 Overview of operating m odes and safety f unctions
The following table indicates the operating modes in which the safety functions
are active.
Safetyfunctions T1 T2 AUT AUTEXT

Operatorsafety - - Active Active
EMERGENCY STOP device Active Active Active Active
Enablingdevice Active Active - -
Reduced velocity during pro-
Active - - -
gram verification
Jog
mode Active Active - -
Softwarelimit switches Active Active Active Active
4 .8 S af et y m e asu r es
4.8.1 General safety measures
The industrial robot may only be used in perfect technical condition in accor-
dance with its intended use and only by safety-conscious persons. Operator
errors can result in personal injury and damage to property.
It is important to be prepared for possible movements of the industrial robot
even after the robot controller has been switched off and locked out. Incorrect

4 Safety
installation (e.g. overload) or mechanical defects (e.g. brake defect) can cause
the manipulator or external axes to sag. If work is to be carried out on a
switched-off industrial robot, the manipulator and external axes must first be
moved into a position in which they are unable to move on their own, whether
the payload is mounted or not. If this is not possible, the manipulator and ex-
ternal axes must be secured by appropriate means.
In the absence of operational safety functions and safe-

guards, the industrial robot can cause personal injury or
material damage. If safety functions or safeguards are dismantled or deacti-
vated, the industrial robot may not be operated.
Standing underneath the robot arm can cause death or

injuries. For this reason, standing underneath the robot
arm is prohibited!
The motors reach temperatures during operation which

can cause burns to the skin. Contact must be avoided.
Appropriate safety precautions must be taken, e.g. protective gloves must be
worn.
smartPAD The user must ensure that the industrial robot is only operated with the smart-
PAD by authorized persons.
If more than one smartPAD is used in the overall system, it must be ensured
that each smartPAD is unambiguously assigned to the corresponding indus-
trial robot. They must not be interchanged.
The operator must ensure that decoupled smartPADs
of sight and reach ofare immediately

personnel removed
working on thefrom the system
industrial robot.and stored
This out
serves
to prevent operational and non-operational EMERGENCY STOP devices
from becoming interchanged.
Failure to observe this precaution may result in death, severe injuries or con-
siderable damage to property.
Modifications After modifications to the industrial robot, checks must be carried out to ensure
the required safety level. The valid national or regional work safety regulations
must be observed for this check. The correct functioning of all safety functions
must also be tested.
New or modified programs must always be tested first in Manual Reduced Ve-
locity mode (T1).
After modifications to the industrial robot, existing programs must always be
tested first in Manual Reduced Velocity mode (T1). This applies to all compo-
nents of the industrial robot and includes modifications to the software and
configuration settings.
Faults The following tasks must be carried out in the case of faults in the industrial
robot:
 Switch off the robot controller and secure it (e.g. with a padlock) to prevent
unauthorized persons from switching it on again.
 Indicate the fault by means of a label with a corresponding warning (tag-
out).
 Keep a record of the faults.
 Eliminate the fault and carry out a function test.

4.8.2 Transportation
Manipulator The prescribed transport position of the manipulator must be observed. Trans-
portation must be carried out in accordance with the operating instructions or
assembly instructions of the robot.
Avoid vibrations and impacts during transportation in order to prevent damage
to the manipulator.
Robot controller The prescribed transport position of the robot controller must be observed.
Transportation must be carried out in accordance with the operating instruc-
tions or assembly instructions of the robot controller.
Avoid
to the vibrations and impacts during transportation in order to prevent damage
robot controller.
External axis The prescribed transport position of the external axis (e.g. KUKA linear unit,
(optional) turn-tilt table, positioner) must be observed. Transportation must be carried
out in accordance with the operating instructions or assembly instructions of
the external axis.
4.8.3 Start-up and recommissioning
Before starting up systems and devices for the first time, a check must be car-
ried out to ensure that the systems and devices are complete and operational,
that they can be operated safely and that any damage is detected.
The valid national or regional work safety regulations must be observed for this
check. The correct functioning of all safety functions must also be tested.
The passwords for the user groups must be changed in the KUKA
System Software before start-up. The passwords must only be com-
municated to authorized personnel.
The robot controller is preconfigured for the specific in-

dustrial robot. If cables are interchanged, the manipula-
tor and the external axes (optional) may receive incorrect data and can thus
cause personal injury or material damage. If a system consists of more than
one manipulator, always connect the connecting cables to the manipulators
and their corresponding robot controllers.
If additional components (e.g. cables), which are not part of the scope
of supply of KUKA Roboter GmbH, are integrated into the industrial
robot, the user is responsible for ensuring that these components do
not adversely affect or disable safety functions.
If the internal cabinet temperature of the robot controller

differs greatly from the ambient temperature, condensa-
tion can form, which may cause damage to the electrical components. Do not
put the robot controller into operation until the internal temperature of the
cabinet has adjusted to the ambient temperature.
Function test The following tests must be carried out before start-up and recommissioning:
General test:
It must be ensured that:
 The industrial robot is correctly installed and fastened in accordance with
the specifications in the documentation.

4 Safety
 There is no damage to the robot that could be attributed to external forces.

Examples: Dents or abrasion that could be caused by an impact or colli-
sion.
In the case of such damage, the affected components
must be exchanged. In particular, the motor and counter-
balancing system must be checked carefully.
External forces can cause non-visible damage. For example, it can lead to
a gradual loss of drive power from the motor, resulting in unintended move-
ments of the manipulator. Death, injuries or considerable damage to property
may otherwise result.
 There are no foreign bodies or loose parts on the industrial robot.
 All required safety equipment is correctly installed and operational.
 The power supply ratings of the industrial robot correspond to the local
supply voltage and mains type.
 The ground conductor and the equipotential bonding cable are sufficiently
rated and correctly connected.
 The connecting cables are correctly connected and the connectors are
locked.
Test of the safety functions:
A function test must be carried out for the following safety functions to ensure
that they are functioning correctly:
 Local EMERGENCY STOP device
 External EMERGENCY STOP device (input and output)
 Enabling device (in the test modes)
 Operator safety
 All other safety-relevant inputs and outputs used
 Other external safety functions
4.8.3.1 Checking machine data an d safety configuration
The industrial robot must not be moved if incorrect ma-

chine data or an incorrect controller configuration are
loaded. Death, severe injuries or considerable damage to property may oth-
erwise result. The correct data must be loaded.
 It must be ensured that the rating plate on the robot controller has the
same machine data as those entered in the declaration of incorporation.
The machine data on the rating plate of the manipulator and the external
axes (optional) must be entered during start-up.
 The practical tests for the machine data must be carried out within the
scope of the start-up procedure.
 Following modifications to the machine data, the safety configuration must
be checked.
 After activation of a WorkVisual project on the robot controller, the safety
configuration must be checked!
 If machine data are adopted when checking the safety configuration (re-
gardless of the reason for the safety configuration check), the practical
tests for the machine data must be carried out.
 System Software 8.3 or higher: If the checksum of the safety configuration
has changed, the safe axis monitoring functions must be checked.

Information about checking the safety configuration and the safe axis
monitoring functions is contained in the Operating and Programming
Instructions for System Integrators.
If the practical tests are not successfully completed in the initial start-up, KUKA
Roboter GmbH must be contacted.
If the practical tests are not successfully completed during a different proce-
dure, the machine data and the safety-relevant controller configuration must
be checked and corrected.
General practical test:
If practical tests are required for the machine data, this test must always be
carried out.
The following methods are available for performing the practical test:
 TCP calibration with the XYZ 4-point method
The practical test is passed if the TCP has been successfully calibrated.
or:
1. Align the TCP with a freely selected point.
The point serves as a reference point. It must be located so that reorien-
tation is possible.
2. Move the TCP manually at least 45° once in each of the A, B and C direc-
tions.
The movements do not have to be accumulative, i.e. after motion in one
direction it is possible to return to the srcinal position before moving in the
next direction.
The practical test is passed if the TCP does not deviate from the reference
point by more than 2 cm in total.
Practical test for axes that are not mathematically coupled:
If practical tests are required for the machine data, this test must be carried out
when axes are present that are not mathematically coupled.
1. Mark the starting position of the axis that is not mathematically coupled.
2. Move the axis manually by a freely selected path length. Determine the
path length from the display Actual position on the smartHMI.
 Move linear axes a specific distance.
 Move rotational axes through a specific angle.
3. Measure the length of the path covered and compare it with the value dis-
played on the smartHMI.
The practical test is passed if the values differ by no more than 10%.
4. Repeat the test for each axis that is not mathematically coupled.
Practical test for couplable axes:

If practical tests are required for the machine data, this test must be carried out
when axes are present that can be physically coupled and uncoupled, e.g. a
servo gun.
1. Physically uncouple the couplable axis.
2. Move all the remaining axes individually.
The practical test is passed if it has been possible to move all the remain-
ing axes.

4 Safety
4.8.3.2 Start-up mode
Description The industrial robot can be set to Start-up mode via the smartHMI user inter-
face. In this mode, the manipulator can be moved in T1 without the external
safeguards being put into operation.
When Start-up mode is possible depends on the safety interface that is used.
Discrete safety interface
 System Software 8.2 or earlier:
Start-up mode is always possible if all input signals at the discrete safety
interface have the state “logic zero”. If this is not the case, the robot con-
troller prevents or terminates Start-up mode.
If an additional discrete safety interface for safety options is used, the in-
puts there must also have the state “logic zero”.
 System Software 8.3 or higher:
Start-up mode is always possible. This also means that it is independent
of the state of the inputs at the discrete safety interface.
If an additional discrete safety interface is used for safety options: The
states of these inputs are also irrelevant.
Ethernet safety interface
The robot controller prevents or terminates Start-up mode if a connection to a
higher-level safety system exists or is established.
Effect When the Start-up mode is activated, all outputs are automatically set to the
state “logic zero”.
If the robot controller has a peripheral contactor (US2), and if the safety con-
figuration specifies for this to switch in accordance with the motion enable,
then the same also applies in Start-up mode. This means that if motion enable
is present, the US2 voltage is switched on – even in Start-up mode.
Hazards Possible hazards and risks involved in using Start-up mode:

 A person walks into the manipulator’s danger zone.
 In a hazardous situation, a disabled external EMERGENCY STOP device
is actuated and the manipulator is not shut down.
Additional measures for avoiding risks in Start-up mode:
 Cover disabled EMERGENCY STOP devices or attach a warning sign in-
dicating that the EMERGENCY STOP device is out of operation.
 If there is no safety fence, other measures must be taken to prevent per-
sons from entering the manipulator’s danger zone, e.g. use of warning
tape.
Use Intended use of Start-up mode:
 Start-up in T1 mode when the external safeguards have not yet been in-
stalled or put into operation. The danger zone must be delimited at least
by means of warning tape.
 Fault localization (periphery fault).
 Use of Start-up mode must be minimized as much as possible.
Use of Start-up mode disables all external safeguards.
The service personnel are responsible for ensuring that
there is no-one in or near the danger zone of the manipulator as long as the
safeguards are disabled.
Failure to observe this precaution may result in death, injuries or damage to
property.

Misuse Any use or application deviating from the intended use is deemed to be misuse
and is not allowed. KUKA Roboter GmbH is not liable for any damage resulting
from such misuse. The risk lies entirely with the user.
4.8.4 Manual mode
Manual mode is the mode for setup work. Setup work is all the tasks that have
to be carried out on the industrial robot to enable automatic operation. Setup
work includes:
 Jog mode
 Teaching
 Programming
 Program verification
The following must be taken into consideration in manual mode:
 New or modified programs must always be tested first in Manual Reduced
Velocity mode (T1).
 The manipulator, tooling or external axes (optional) must never touch or
project beyond the safety fence.
 Workpieces, tooling and other objects must not become jammed as a re-
sult of the industrial robot motion, nor must they lead to short-circuits or be
liable to fall off.
 All setup work must be carried out, where possible, from outside the safe-
guarded area.
If the setup work has to be carried out inside the safeguarded area, the follow-
ing must be taken into consideration:
In Manual Reduced Velocity mode (T1):

 If it can be avoided, there must be no other persons inside the safeguard-
ed area.
If it is necessary for there to be several persons inside the safeguarded ar-
ea, the following must be observed:
 Each person must have an enabling device.
 All persons must have an unimpeded view of the industrial robot.
 Eye-contact between all persons must be possible at all times.
 The operator must be so positioned that he can see into the danger area
and get out of harm’s way.
In Manual High Velocity mode (T2):
 This mode may only be used if the application requires a test at a velocity
higher than that possible in T1 mode.
 Teaching and programming are not permissible in this operating mode.

Before commencing the test, the operator must ensure that the enabling
devices are operational.
 The operator must be positioned outside the danger zone.
 There must be no other persons inside the safeguarded area. It is the re-
sponsibility of the operator to ensure this.
4.8.5 Simulation
Simulation programs do not correspond exactly to reality. Robot programs cre-

ated in simulation programs must be tested in the system in Manual Reduced
Velocity mode (T1). It may be necessary to modify the program.

4 Safety
4.8.6 Automatic mode
Automatic mode is only permissible in compliance with the following safety

measures:
 All safety equipment and safeguards are present and operational.
 There are no persons in the system.
 The defined working procedures are adhered to.
If the manipulator or an external axis (optional) comes to a standstill for no ap-
parent reason, the danger zone must not be entered until an EMERGENCY
STOP has been triggered.
4.8.7 Maintenance and repair
After maintenance and repair work, checks must be carried out to ensure the
required safety level. The valid national or regional work safety regulations
must be observed for this check. The correct functioning of all safety functions
must also be tested.
The purpose of maintenance and repair work is to ensure that the system is
kept operational or, in the event of a fault, to return the system to an operation-
al state. Repair work includes troubleshooting in addition to the actual repair
itself.
The following safety measures must be carried out when working on the indus-
trial robot:
 Carry out work outside the danger zone. If work inside the danger zone is
necessary, the user must define additional safety measures to ensure the
safe protection of personnel.
 Switch off the industrial robot and secure it (e.g. with a padlock) to prevent
it from being switched on again. If it is necessary to carry out work with the
robot controller switched on, the user must define additional safety mea-
sures to ensure the safe protection of personnel.
 If it is necessary to carry out work with the robot controller switched on, this
may only be done in operating mode T1.
 Label the system with a sign indicating that work is in progress. This sign
must remain in place, even during temporary interruptions to the work.
 The EMERGENCY STOP devices must remain active. If safety functions
or safeguards are deactivated during maintenance or repair work, they
must be reactivated immediately after the work is completed.
Before work is commenced on live parts of the robot sys-
tem, the main switch must be turned off and secured
against being switched on again. The system must then be checked to en-
sure that it is deenergized.
ItEMERGENCY
is not sufficient,
STOPbefore
or acommencing work
safety stop, or on liveoffparts,
to switch to execute
the drives, andoes
as this
not disconnect the robot system from the mains power supply. Parts remain
energized. Death or severe injuries may result.
Faulty components must be replaced using new components with the same
article numbers or equivalent components approved by KUKA Roboter GmbH
for this purpose.
Cleaning and preventive maintenance work is to be carried out in accordance
with the operating instructions.
Robot controller Even when the robot controller is switched off, parts connected to peripheral
devices may still carry voltage. The external power sources must therefore be
switched off if work is to be carried out on the robot controller.

The ESD regulations must be adhered to when working on components in the

robot controller.
Voltages in excess of 50 V (up to 780 V) can be present in various components
for several minutes after the robot controller has been switched off! To prevent
life-threatening injuries, no work may be carried out on the industrial robot in
this time.
Water and dust must be prevented from entering the robot controller.
Counterbal- Some robot variants are equipped with a hydropneumatic, spring or gas cylin-
ancing system der counterbalancing system.
The hydropneumatic and gas cylinder counterbalancing systems are pressure
equipment and, as such, are subject to obligatory equipment monitoring and
the provisions of the Pressure Equipment Directive.
The user must comply with the applicable national laws, regulations and stan-
dards pertaining to pressure equipment.
Inspection intervals in Germany in accordance with Industrial Safety Order,
Sections 14 and 15. Inspection by the user before commissioning at the instal-
lation site.
The following safety measures must be carried out when working on the coun-
terbalancing system:
 The manipulator assemblies supported by the counterbalancing systems
must be secured.
 Work on the counterbalancing systems must only be carried out by quali-
fied personnel.
Hazardous The following safety measures must be carried out when handling hazardous
substances substances:
 Avoid prolonged and repeated intensive contact with the skin.
 Avoid breathing in oil spray or vapors.
 Clean skin and apply skin cream.
To ensure safe use of our products, we recommend regularly re-
questing up-to-date safety data sheets for hazardous substances.
4.8.8 Decommissioning, storage and disposal
The industrial robot must be decommissioned, stored and disposed of in ac-

cordance with the applicable national laws, regulations and standards.
4.8.9 Safety measures for “single point of control”
Overview If certain components in the industrial robot are operated, safety measures
must be taken to ensure complete implementation of the principle of “single
point of control” (SPOC).
The relevant components are:
 Submit interpreter
 PLC
 OPC server
 Remote control tools
 Tools for configuration of bus systems with online functionality
 KUKA.RobotSensorInterface

4 Safety
The implementation of additional safety measures may be required.

This must be clarified for each specific application; this is the respon-
sibility of the system integrator, programmer or user of the system.
Since only the system integrator knows the safe states of actuators in the pe-
riphery of the robot controller, it is his task to set these actuators to a safe
state, e.g. in the event of an EMERGENCY STOP.
T1, T2 In modes T1 and T2, the components referred to above may only access the
industrial robot if the following signals have the following states:
Signal StaterequiredforSPOC
$USER_SAF TRUE
$SPOC_MOTION_ENABLE TRUE
Submit inter- If motions, (e.g. drives or grippers) are controlled with the submit interpreter or
preter, PLC the PLC via the I/O system, and if they are not safeguarded by other means,
then this control will take effect even in T1 and T2 modes or while an EMER-
GENCY STOP is active.
If variables that affect the robot motion (e.g. override) are modified with the
submit interpreter or the PLC, this takes effect even in T1 and T2 modes or
while an EMERGENCY STOP is active.
Safety measures:
 In T1 and T2, the system variable $OV_PRO must not be written to by the
submit interpreter or the PLC.
 Do not modify safety-relevant signals and variables (e.g. operating mode,
EMERGENCY STOP, safety gate contact) via the submit interpreter or
PLC.
If modifications are nonetheless required, all safety-relevant signals and
variables must be linked in such a way that they cannot be set to a dan-
gerous state by the submit interpreter or PLC. This is the responsibility of
the system integrator.
OPC server, These components can be used with write access to modify programs, outputs
remote control or other parameters of the robot controller, without this being noticed by any
tools persons located inside the system.
Safety measure:
If these components are used, outputs that could cause a hazard must be de-
termined in a risk assessment. These outputs must be designed in such a way
that they cannot be set without being enabled. This can be done using an ex-
ternal enabling device, for example.
Tools for configu- If these components have an online functionality, they can be used with write
ration of bus access to modify
ler, without programs,
this being noticedoutputs
by anyorpersons
other parameters of the
located inside therobot control-
system.
systems
 WorkVisual from KUKA
 Tools from other manufacturers
Safety measure:
In the test modes, programs, outputs or other parameters of the robot control-
ler must not be modified using these components.
4 .9 Applied norms and regulations
Name Definition Edition

2006/42/EC MachineryD irective: 2006

Directive 2006/42/EC of the European Parliament and of the
Council of 17 May 2006 on machinery, and amending Direc-
tive 95/16/EC (recast)
2014/30/EU EMC Directive: 2014

Council of 26 February 2014 on the approximation of the laws
of the Member States concerning electromagnetic compatibil-
ity
2014/68/EC Pressure Equipment Directive : 2014

Council of 15 May 2014 on the approximation of the laws of
the Member States concerning pressure equipment
(Only applicable for robots with hydropneumatic counterbal-
ancing system.)
This directive is valid from the 19/07/2016 on.
97/23/EC Pressure Equipment Directive : 1997

Council of 29 May 1997 on the approximation of the laws of
the Member States concerning pressure equipment
(Only applicable for robots with hydropneumatic counterbal-
ancing system.)
This directive is valid until 18/07/2016.
EN ISO 13850 Safety of machinery: 2008

Emergency stop - Principles for design
EN ISO 13849-1 Safety of machinery: 2008

Safety-related parts of control systems - Part 1: General prin-
ciples of design
EN ISO 13849-2 Safety of machinery: 2012

Safety-related parts of control systems - Part 2: Validation
EN ISO 12100 Safety of machinery: 2010

General principles of design, risk assessment and risk reduc-
tion
EN I SO 10218-1 Industrial robots – S afety r equirements 2011

Part 1: Robot
Note: Content equivalent to ANSI/RIA R.15.06-2012, Part 1
EN 614-1 + A1 Safety of machinery: 2009

Ergonomic design principles - Part 1: Terms and general prin-
ciples

4 Safety
EN 61000-6-2 Electromagnetic compatibility (EMC): 2005

Part 6-2: Generic standards; Immunity for industrial environ-
ments
EN 61 000-6-4 + A1 Electromagnetic co mpatibility (EM C): 2011

Part 6-4: Generic standards; Emission standard for industrial
environments
EN 60204-1 + A1 Safety of m achinery: 2009

Electrical equipment of machines - Part 1: General require-
ments


5 Installation
5 Installation
t
5 .1 System requirements
t
Hardware  KR C4 or KR C4 compact
 Reference switch module
Software  KUKA System Software 8.3
With a KR C4 compact, PROFIsafe or CIP Safety is always required for the
purpose of connecting a reference switch.

KR C4 PROFINET 3.0 for connection via PROFIsafe
 KR C4 EtherNet/IP 2.0 for connection via CIP Safety
Compatibility  KUKA.SafeOperation must not be installed on a robot controller together
with other safety options:
 KUKA.SafeRangeMonitoring
 KUKA.SafeSingleBrake
5 .2 Installing or u pdating SafeOperation
It is advisable to archive all relevant data before updating a software

package.
Precondition  “Expert” user group

 T1 or T2 mode
 No program is selected.
 USB stick with the software to be installed
 ZIP files must be unzipped.
 There must be no other files in the directory in which the individual files
are located.
We recommend using a KUKA USB stick. Data may be
lost if a stick from a different manufacturer is used.
Procedure 1. Connect the USB stick to the robot controller or smartPAD.

2. In the main menu, select Start-up > Additional software.
3. Press New software: The entry SafeOperation must be displayed in the
Name column and drive E:\ or K:\ in the Path column.
If not, press Refresh.
4. If the specified entries are now displayed, continue with step 5.
Otherwise, the path from which the software is to be installed must be con-
figured first:
a. Press the Configure button.
b. Select a line in the Installation paths for options area.
Note: If the line already contains a path, this path will be overwritten.
c. Press Path selection. The available drives are displayed.
d. If the stick is connected to the robot controller: On E:\, select the direc-
tory in which the software is located.
If the stick is connected to the smartPAD: K:\ instead of E:\
e. Press Save. The Installation paths for options area is displayed
again. It now contains the new path.

f. Mark the line with the new path and press Save again.
5. Mark the entry SafeOperation and click on Install. Answer the request for
confirmation with Yes.
6. Confirm the reboot prompt with OK.
7. Remove the stick.
8. Reboot the r obot controller.
LOG file A LOG file is created under C:\KRC\ROBOTER\LOG.
5 .3 Uninstalling S afeOperation
It is advisable to archive all relevant data before uninstalling a soft-

ware package.

 T1 or T2 mode
 Safe monitoring has been deactivated.
If the safe monitoring is not deactivated before uninstallation, the
safety configuration remains active after the software has been unin-
stalled.
(>>> 7.12 "Deactivating safe monitoring" Page 123)
Procedure 1. In the main menu, select Start-up > Additional software.

2. Mark the entry SafeOperation and click on Uninstall. Reply to the request
for confirmation with Yes. Uninstallation is prepared.
3. Reboot the robot controller. Uninstallation is resumed and completed.
LOG file A LOG file is created under C:\KRC\ROBOTER\LOG.

6 Operation
6 Operation
6 .1 User groups
t
Different functions are available in the KSS, depending on the user group. The
following user groups are relevant for the safety configuration of the robot:
 Safety recovery
This user can activate an existing safety configuration of the robot using
an activation code. If no safety option is installed, the safety recovery per-
sonnel have more extensive rights. In this case he is authorized, for exam-
ple, touser
This configure
group istheprotected
standardbysafety
meansfunctions.
of a password.
 Safety maintenance
User group for the start-up technician. This user can edit the safety config-
uration and make safety-relevant changes.
This user group is protected by means of a password.
The safety maintenance technician must be specially trained in the configura-
tion of safety functions. For this, we recommend training courses at KUKA Col-
lege. Information about the training program can be found at www.kuka.com
or can be obtained directly from our subsidiaries.
The password for the “Safety Maintenance” and “Safety Recovery”

user groups must be changed before start-up and must only be com-
municated to authorized personnel.
6 .2 Opening t he s afety c onfiguration

Procedure 1. Select Configuration > Safety configuration in the main menu.
2. The safety configuration checks whether there are any relevant deviations
between the data in the robot controller and those in the safety controller.
 If there are no deviations, the Safety configuration window is
opened.
 If there are deviations, the Troubleshooting wizard window is
opened. A description of the problem and a list of possible causes is
displayed. The user can select the applicable cause. The wizard then
suggests a solution.
Further information about checking the safety configuration is con-
tained in the Operating and Programming Instructions for System In-
tegrators.
6 .3 Overview of buttons
The following buttons are available:
Button Description
Reset all to defaults Resets all parameters of the safety configuration to the default
values.
Revert changes Resets all changes since the last time the configuration was
saved.
Change log The log of changes to the safety configuration is displayed.
View The safety-relevant machine data are displayed.

Button Description
Properties The properties of a monitoring space or safe tool can be
defined.
Export Parts of the safety configuration can be exported into an XML
file (XML export).
Import Parts of the safety configuration can be imported as an XML file
(XML export).
Communication parameters The safety ID of the PROFINET device can be changed.
Note: Further information is contained in the Operating and
Programming Instructions for System Integrators.
Global parameters The global parameters of the safety configuration can be
defined.
Hardware options The hardware settings can be defined.
Note: Further information is contained in the Operating and
Programming Instructions for System Integrators.
Check machine data It is possible to check whether the machine data of the safety
configuration are up to date.
Safe operational stop The safe operational stop can be defined.
Save Saves and activates the safety configuration for the robot.
Touch-up Saves the current robot position as a corner of a cell area.
OR
Saves the current axis angle as the lower limit or upper limit of
the axis-specific monitoring space.
Touch-up reference position Saves the current robot flange position or the position of the
for group axes of a reference group as a reference position.
Cell configuration The cell area can be defined.
Back Back to the tab
6 .4 Display f unctions
6.4.1 Displaying in formation about t he safety c onfiguration
Procedure  In the main menu, select Configuration > Safety configuration.

The safety configuration opens with the General tab.
Description The General tab contains the following information:
Parameter Description
Robot Serial number of the robot
Safety controller 
Installed safety option version
 Safety controller version (internal)
Parameter data set  Checksum of the safety configuration
 Time stamp of the safety configuration (date and time last
saved)
 Safety configuration version
 Activation code of the safety configuration
Machine data Time stamp of the safety-relevant machine data (date and time
last saved)

6 Operation
Brake test  State of brake test (activated, deactivated or forced)
 Checksum of the brake test configuration
Current configuration  Name of the safety interface
 State of Cartesian monitoring (= velocity monitoring in T1)
(activated or deactivated)
 State of safe monitoring (activated or deactivated)
 Number of velocity-monitored axes
 Number of monitoring spaces
 Number of protected spaces
 Number of safe tools
6.4.2 Displaying the c hange log
Every modification to the safety configuration and every saving operation is

automatically logged. The log can be displayed.
Procedure  In the main menu, select Configuration > Safety configuration.
The Safety configuration window opens.
 Press Change log.
6.4.3 Displaying machine data
The safety-relevant machine data can be displayed.
Procedure 1. In the main menu, select Configuration > Safety configuration.

2. Press View.
6.5 Importing the s afety c onfiguration ( XML i mport)
Description Parts of the safety configuration can be imported as an XML file. The import-
able parameters depend on the installed safety option:
SafeOperation SafeRangeMonitoring SafeSingleBrake

Cell configuration
Cartesian monitoring
spaces
Axis-specific monitor-
ing spaces
Tools
Global parameters
In order to generate an XML file for importing, the user has the following op-
tions:
 Export the current safety configuration of the robot controller to an XML file
and edit it. In this way it is possible to ensure that the format of the XML
file is correct for a subsequent import.
(>>> 6.6 "Exporting the safety configuration (XML export)" Page 67)

 Generate the XML file on the basis of the XML schema C:\KRC\SmartH-
MI\Schemes\SafetyConfigImport.xsd, e.g. using a script programmed by
the user.
The following points must be observed when editing the XML files:
 The XML schema defines the structure of the XML file for the import. For
individual parameters, the XML schema allows higher values than the in-
stalled version of the safety option.
 The XML file to be imported should only contain parameters and values
which are supported by the current safety option. If this is not the case, it
can prevent the XML import from occurring.
It is alsoabout
mation possible
this to
canimport safety
be found in configurations
the WorkVisualindocumentation.
WorkVisual. Infor-
Precondition  Safety option is installed.

 User group “Safety maintenance”
 T1 or T2 mode
 No program is selected.

2. Press Import. The available drives are displayed.
3. Navigate to the directory where the XML file to be imported is located.
4. Select the XML file and press Next.
The parameters configured in the XML file are compared with the current
parameters of the safety configuration.
5. If notification, warning or error messages occur, these are displayed in the
Safety configuration window.
To continue with the XML import, press Next.
The Next button is deactivated in the event of error messages. Analyze er-
rors and cancel the XML import.
 Rectify the error in the XML file and repeat the XML import.
 OR: Select the correct XML file and repeat the XML import.
6. A tree view provides an overview of the parameters to be imported.
By default, only those nodes which contain changes to the current safety
configuration are expanded in the tree view. The parameters which are
changed by the XML import are displayed in blue text.
7. Check the parameters.
If not all of the required safety functions are configured correctly, or if the
wrong XML file was selected, cancel the XML import.
 Rectify the error in the XML file and repeat the XML import.
 OR: Select the correct XML file and repeat the XML import.
8. Press Import. The safety configuration is imported.
9. Save the safety configuration.
(>>> 7.5.10 "Saving the safety configuration" Page 97)
10. If plausibility errors are detected while saving, the user is informed of this
by a dialog. Close the dialog with OK.
11. Rectify errors directly in the safety configuration and save the safety con-
figuration.
OR
Rectify the error in the XML file, repeat the XML import and save the safety
configuration.

6 Operation
Following a change to the safety configuration, safety acceptance

must be carried out. (>>> 7.9 "Safety acceptance overview"
Page 117)
Overview The display with the overview of the parameters to be imported has the follow-
ing columns:
Column Description
Parameter name Name of the parameter in the Safety configura-
tion window
Result Value of the parameter following import of the
safety configuration
Current Value of the parameter in the current safety con-
figuration
Imported Value of the parameter in the XML file to be
imported
The column is hidden when the display opens.
The following buttons are available for changing the display:
Button Description
Display import col- Displays or hides the Imported column.
umn
Check box active: Column is displayed.
Check box not active: Column is hidden.
Collapse all All nodes in the tree view are collapsed.
Expand all All nodes in the tree view are expanded.
Expand changes Only those nodes which contain changes to the
current safety configuration are expanded in the
tree view.
6.6 Exporting t he safety configuration ( XML e xport)
Description Parts of the safety configuration can be exported into an XML file:
 Cell configuration
 Monitoring spaces
 Tools
 Global parameters
The XML file always contains all the parameters which are contained in the ex-
ported parts of the safety configuration.
Exporting is always possible, irrespective of whether a safety option is in-
stalled or not. However, an export only makes sense if a safety option is in-
stalled.
The current safety configuration of the robot controller is exported. If the safety
configuration contains unsaved changes, these are also exported.
If invalid values are entered in the safety configuration, the export is aborted
with an error message (plausibility error).
It is also possible to export safety configurations in WorkVisual. Infor-

mation about this can be found in the WorkVisual documentation.


2. Press Export. The available drives are displayed.
3. Select the desired file path and press Export.
The safety configuration is saved in an XML file. The file name is generat-
ed automatically.
6.7 Safe robot retraction in case of space violation
Description If the robot has violated a monitoring space, it is stopped by the safety control-
ler (precondition: function Stop at boundaries is active). The robot must be
moved out of the violated space in T1 mode.
After a “Stop at boundaries”, the robot can only be moved in T1 mode.

No other operating mode can be set until the robot has left the violat-
ed space.
If the space is violated in T2 or Automatic mode, only a status message is dis-
played. The status message indicates which space has been violated.
If the space is violated in T1 mode, the acknowledgement message Ackn.:
Stop because workspace exceeded is additionally displayed.
Precondition  Operating mode T1

Procedure 1. When the acknowledgement message is displayed, confirm it with OK.
2. Press and hold down the enabling switch.
3. Move the robot out of the violated space:
 Using the jog keys (manual mode)

Using the Start and Start backwards keys (program mode)
The status message is cleared when the robot has left the violated space.

7 Start-up and configuration

t
7 .1 System safety instructions
During system planning, the safety functions must be planned. Re-

quired safety functions that are not implemented with the SafeOper-
ation safety option must be implemented using different safety
measures.
The stopping distance when a monitoring function is triggered varies

according
account bytothe
thesystem
specific robot type.
integrator Thisparameterization
during aspect must be of
taken into
the mon-
itoring functions as part of the safety assessment.
Further information about the stopping distances and stopping times

can be found in the assembly or operating instructions of the relevant
robot.
Serious system errors, severe damage to the robot and

injury or death can result from not carrying out the risk
analysis. Risk analysis must be carried out before start-up and after any safe-
ty-relevant modification.
 Define axes that must be tested in the brake test.
 Determine brake test cycle time.
 Determine axis-specific and Cartesian limit values for the reduced veloc-
ity.

Define axis-specific and Cartesian monitoring spaces.
 Define axes that must be configured for a safe operational stop.
Incorrect configuration of the safe monitoring functions

may result in death or severe injuries and major damage
to property. Consequently, safety options may not be operated until after
safety acceptance has been carried out in accordance with the checklists.
The checklists must be completed fully and confirmed in writing.
(>>> 11.1 "Checklists" Page 171)
If safe monitoring is deactivated, the configured safety

monitoring functions are inactive.
Serious injury and severe damage to the robot can be

caused by changing the machine data. Modifying the
machine data may deactivate monitoring functions. Machine data may only
be modified by authorized personnel.
7.2 Jogging the robot without a higher-level safety controller
Description To jog the robot without a higher-level safety controller, Start-up mode must
first be activated. The robot can then be jogged in T1 mode.
Tool 1 is always active in Start-up mode. In Start-up mode, all monitoring func-
tions of the safety configuration that can be activated via safe inputs are deac-
tivated.
(>>> 8.1.1 "SafeOperation via Ethernet safety interface (optional)" Page 129)
(>>> 8.2 "SafeOperation via interface X13" Page 136)

The following monitoring functions remain active:

 Monitoring of the cell area
 Monitoring of global maximum Cartesian velocity
 Monitoring of global maximum axis velocity
 Workspace monitoring functions that are configured as always active
 Monitoring of the workspace-specific velocity in workspaces that are con-
figured as always active
External safeguards are disabled in Start-up mode. Ob-
serve the safety instructions relating to Start-up mode.
(>>> 4.8.3.2 "Start-up mode" Page 53)

 If the Ethernet safety interface is used: No connection to a higher-level
safety controller
Procedure  In the main menu, select Start-up > Service > Start-up mode.
Menu Description
Start-up mode is active. Touching
the menu item deactivates the
mode.
Start-up mode is not active. Touch-
ing the menu item activates the
mode.
7.3 Start-up and configuration – overview
Step Description
1 Set up brake test.
(>>> 7.7 "Brake test" Page 106)
2 Install reference switch and actuating plate.
(>>> 7.6.4.1 "Installing the reference switch and actuating
plate" Page 101)
3 Connect the reference switch.
(>>> 7.6.4.2 "Connecting a reference switch" Page 102)
4 Only if a safety PLC is being used: Configure the communica-
tion via the interface.
(>>> 8 "Interfaces to the higher-level controller" Page 125)
5 Master the robot.

Note: Further information on mastering is contained in the oper-
ating and programming instructions for the System Software.
6 Activate safe monitoring.
(>>> 7.5.1 "Activating safe monitoring" Page 75)
7 Define global parameters.
 Mastering test input
 Cartesian velocity monitoring functions
(>>> 7.5.2 "Defining global parameters" Page 75)

Step Description
8 Define monitoring spaces.
(>>> 7.5.3 "Defining a cell area" Page 77)
(>>> 7.5.4 "Defining Cartesian monitoring spaces" Page 79)
(>>> 7.5.5 "Defining axis-specific monitoring spaces" Page 84)
9 Define axis-specific velocity monitoring.
(>>> 7.5.6 "Defining axis-specific velocity monitoring"
Page 87)
(>>> 7.5.7 "Defining the safe operational stop for axis groups"
Page 91)
10 Define safe tools.
(>>> 7.5.8 "Defining safe tools" Page 93)
11 Program mastering test.
(>>> 7.6.5 "Teaching positions for the mastering test"
Page 103)
12 Define reference position.
(>>> 7.5.9 "Defining the reference position" Page 95)
13 Only if the reference switch is actuated by a ferromagnetic part
of the tool or following a tool change: Check the accuracy of the
reference position.
(>>> 7.6.6 "Checking the reference position (actuation with
tool)" Page 105)
14 Save safety configuration.
(>>> 7.5.10 "Saving the safety configuration" Page 97)
15 Perform mastering test.
(>>> 7.6.7 "Performing a mastering test manually" Page 105)
16 Carry out safety acceptance.
(>>> 7.9 "Safety acceptance overview" Page 117)
(>>> 7.10 "Checking that the safety functions are functioning
correctly" Page 118)
17 Archive safety configuration.
Note: Further information on archiving is contained in the oper-
ating and programming instructions for the System Software.
18 Only if a new safety configuration is activated: Compare the
checksum displayed when the safety configuration is archived
with the checksum documented in the checklist for safety func-
tions.
(>>> 7.11 "Activating a new safety configuration" Page 122)
7.4 Information about the safety configuration


Minimum sphere The sphere radius must not fall below the predefined minimum value. This ra-
radius dius is dependent on the global maximum Cartesian velocity.
The minimum sphere radius is calculated as follows:
 rmin [mm] >= 0.5 * (maximum Cartesian velocity [mm/s] * 0.012 s)
The smallest possible radius is 10 mm. A radius smaller than 10 mm cannot
be configured, even if the calculation gives a smaller value.
If values that are too small are configured, a message is displayed when sav-
ing and the configuration is prevented from being saved.
Minimum The length, width and height of a protected space must not fall below the pre-
protected space defined minimum
velocity value.ofThis
and the radius thevalue depends
smallest onofthe
sphere global
the safe maximum
tool. Cartesian
dimensions
The minimum space dimensions (= minimum length, width and height) are cal-
culated as follows:
 amin [mm] ≥ 0.018 s * maximum Cartesian velocity [mm/s] − 2 * rsphere
[mm]
A precondition for a correct result is that the sphere radius has been config-
ured correctly. (>>> "Minimum sphere radius" Page 72)
The smallest permissible length, width and height is 10 mm. Values smaller
than 10 mm cannot be configured, even if the calculation gives a smaller val-
ue.
If values that are too small are configured, a message is displayed when sav-
ing and the configuration is prevented from being saved.
7.4.1 Safe definition of Cartesian protected spaces

Here, different constellations are covered which can cause a protected space
violation to not be detected:
 Narrow protected spaces
 Motion across corners
Narrow protected With narrow protected spaces, there is a risk that the robot may be able to
spaces move through the protected space without the space violation being detected.
The risk is partially reduced by the specified minimum value for the sphere ra-
dius and space dimensions.
To further reduce the risk, the following rules must be observed in the config-
uration of protected spaces:
 An area to be protected must always lie completely within a protected
space, i.e. be enclosed by the protected space.
 Shielding an area to be protected using a narrow protected space (e.g. by
replicating a light curtain) is not permitted.
 The stopping distances of the robot must also be taken into account when
defining a protected space. The protected space must overlap with the
area to be protected on all sides so that the robot can under no circum-
stances enter the area to be protected.

Fig. 7-1: Definition of protected space
1 Area to be protected
2 Protected space shields the area to be protected (not allowed)
3 Protected space encloses the entire area to be protected
Motion across If a sphere is moved across the corner of a protected space at a high velocity,
corners there is a risk of the space violation not being detected.
To ensure that a signal is always reliably triggered on violation of an alarm
space, this space must be made large enough to ensure that its full width,
length or height is passed through.
Fig. 7-2: Protected space as an alarm space
1 Target area
2 Sphere moves across corner of protected space (signal not triggered)
3 Protected space is passed through completely (signal reliably trig-
gered)

7.4.2 Unexpected protected space violation at space corners
At the corners of a Cartesian protected space, unexpected space violations

can occur even though the tool sphere is clearly outside the space boundary.
The following figure depicts the closest path along which a tool sphere can the-
oretically move about a Cartesian protected space. It can be moved along this
closest path and reoriented without violating the protected space.
Fig. 7-3: Path of a tool sphere along the space surface
1 Protectedspace 3 Toolspheresreoriented
2 Tool spheres
The monitoring responds earlier than expected at the corners because of the
virtually expanded space boundaries. Depending on the radius of the tool
sphere, the protected space is expanded virtually on all sides (X, Y, Z) by pre-
cisely this radius.
As long as the tool sphere infringes the expanded space boundaries in only
one direction, the protected space is not violated. If, however, the expanded
protected space is infringed in 2 planes simultaneously, this is evaluated as a
space violation.

Fig. 7-4: Protected space violation at space corners
1 Protected space
2 Protected space expanded by the radius of the tool sphere
3 Space violation in the X direction
4 Space violation in the Y direction
In the figure, a simplified depiction is used. Only the space expansion in the
directions X and Y is shown.
7.5 Configuring safety monitoring functions
7.5.1 Activating safe monitoring
Configuration of the safety monitoring functions is only possible if safe

monitoring has been activated.
Precondition  User group “Safety maintenance”

 Operating mode T1 or T2
Procedure 1. Open the safety configuration.
2. Press Global parameters.
3. Set the check mark at Safe monitoring.

4. Save the safety configuration or continue configuration.
7.5.2 Defining global parameters

 A safety configuration is open.
 Safe monitoring is active.
Procedure  Press Global parameters and set parameters.

Description
Fig. 7-5: Defining global parameters
Defining global parameters:
Safe monitoring Activation of safe monitoring
Check box active: Safe monitoring is activated.
Check box not active: Safe monitoring is not activated.
Default: Safe monitoring not activated.
Mastering test input at cabinet = reference switch is connected to the robot control-
ler.
via bus interface = reference switch is connected via Ethernet
interface.
Default: to control cabinet
Maximum Cartesian velocity Limit value for global maximum Cartesian velocity (not space-
dependent)
 0.5 … 30,000 mm/s
Default: 10,000 mm/s

Reduced Cartesian velocity Limit value for safely reduced Cartesian velocity
 0.5 … 30,000 mm/s
Reduced Cartesian velocity Limit value for safely reduced Cartesian velocity in T1 mode
T1
 0.5 … 250 mm/s
Default: 250 mm/s
7.5.3 Defining a cell area

Procedure 1. Select the Monitoring spaces tab and press Cell configuration.
The Cell configuration window opens.
2. Enter the upper and lower bounds of the cell area.
3. Select a corner from the list.
The parameters of the corner are displayed.
4. Activate the corner of the cell area if necessary. Set the check mark for the
corner to do so.
Corners 1 to 4 are activated by default.
5. Move the robot to one corner of the cell area.

6. Press Touch-up. The X and Y coordinates of the corner are saved.
The taught point refers to $WORLD and the tool $TOOL that is being
used.
7. Repeat steps 3 to 6 to define further corners.

There must be at least 3 corners activated.

Description
Fig. 7-6: Defining a cell area
Defining a cell area:
Reference system Reference coordinate system

$WORLD
Zmin Lowerlimitofthecellarea
 -100,000 mm … +100,000 mm
Default: -30,000 mm
Zmax Upperlimitofthecellarea
 -100,000 mm … +100,000 mm
Default: 30,000 mm

Activated Check box active: Corner of cell area is acti-
vated.
(corner)
Check box not active: Corner of cell area is not
activated.
Default corner 1 to 4: Activated
Default corner 5 to 10: Not activated
X, Y X, Y coordinate of corner 1 to 10 relative to the
WORLD coordinate system
(corner)

-100,000 mm … +100,000 mm
Default corner 1 or 4: +100,000 mm
Default corner 2 or 3: -100,000 mm
Default corner 5 to 10: 0 mm
7.5.4 Defining Cartesian monitoring spaces

Procedure 1. Select the Monitoring spaces tab and select the monitoring space from
the list.
The parameters of the monitoring space are displayed.

2. Enter the name of the monitoring space (max. 24 characters).
3. Select the space type Cartesian space and set the parameters of the
monitoring space.
4. Press Properties.
The Cartesian properties of {0} window is opened.
5. Select the reference coordinate system and enter Cartesian positions.
Monitoring space
Fig. 7-7: Defining a Cartesian monitoring space
Defining a Cartesian monitoring space:

Type Typeofmonitoringspace
working space = The safe tool must move
within the configured limits of the monitoring
space. (Space violation if the safe tool leaves the
monitoring space.)
protected space = The safe tool must move
outside the configured limits of the monitoring
space. (Space violation if the safe tool enters the
monitoring space.)
Default: working space

Activation Activation of monitoring space
always off = monitoring space is not active.
always active = monitoring space is always
active.
by input = monitoring space is activated by a
safe input.
If interface X13 is used, safe inputs are only
available for monitoring spaces 12 … 16.
(>>> 8.2 "SafeOperation via interface X13"
Page 136)
Default: always off
Space type Type of monitoring space
Cartesian space = Cartesian monitoring space

Axis space = axis-specific monitoring space
Default: Cartesian space
Stop at boundaries A stop is triggered if the space is violated.
Check box active: Robot stops if the monitoring
space limits are exceeded.
Check box not active: Robot does not stop if the
monitoring space limits are exceeded.
Default: Robot stops at boundaries.
V max Limit value of the space-specific velocity
 0.5 … 30,000 mm/s

Vmax valid if Validity of the space-specific velocity
not used = space-specific velocity is not moni-
tored.
Space not violated = space-specific velocity is
monitored if the monitoring space is not violated.
Space violated = space-specific velocity is mon-
itored if the monitoring space is violated.
Default: Deactivated
Stopyet
not if mastering
done test Activation of reference stop
Check box active: Reference stop is activated for
the monitoring space.
Check box not active: Reference stop is not acti-
vated for the monitoring space.
Default: Reference stop activated.

Properties
Fig. 7-8: Defining Cartesian properties
Defining properties:
Reference system Reference coordinate system
 $WORLD
 $ROBROOT
Default: $WORLD
Space dimensions Length, width and height of the monitoring space (display only)
The length, width and height of a protected space must not fall
below the predefined minimum value. This value depends on
the global maximum Cartesian velocity and the radius of the
smallest sphere of the safe tool.
(>>> "Minimum protected space dimensions" Page 72)

Origin X, Y, Z Offset of the origin of the Cartesian monitoring space in X, Y
and Z relative to the selected reference coordinate system.
 -100,000 mm … +100,000 mm
Default: 0 mm
Origin A, B, C Orientation in A, B and C at the origin of the Cartesian monitor-
ing space relative to the selected reference coordinate system.
Origin A, C:
 -180° … +180°
Origin B:
 -90° … +90°
Default: 0°
Distance to srcin Minimum X, Y and Z coordinates of the Cartesian monitoring
space relative to the srcin
XMin, YMin, ZMin
 -100,000 mm … +100,000 mm
Default: 0 mm
Distance to srcin Maximum X, Y and Z coordinates of the Cartesian monitoring
space relative to the srcin
XMax, YMax, ZMax
 -100,000 mm … +100,000 mm
Default: 0 mm
Example The example shows a Cartesian monitoring space whose srcin is offset in the
X, Y and Z A,
orientation directions (yellow
B, C at the srcinarrow)
of therelative to the
Cartesian $ROBROOT
monitoring spacesystem. The
is identical
to the orientation at the srcin of $ROBROOT.
Fig. 7-9: Example of a Cartesian monitoring space

7.5.5 Defining a xis-specific m onitoring sp aces

Procedure 1. Select the Monitoring spaces tab and select the monitoring space from
the list.
The parameters of the monitoring space are displayed.
2. Enter the name of the monitoring space (max. 24 characters).
3. Select the space type Axis space and set the parameters of the monitor-
ing space.
The Axis-specific properties of {0} window opens.
5. Select axis from the list.
The axis-specific properties are displayed.
6. Activate the monitoring of axis limits by setting the check mark at Monitor-
ing.
7. Move the axis to the upper axis limit in axis-specific mode.
8. Press Touch-up to save the current axis position.
9. Move the axis to the lower axis limit in axis-specific mode.
10. Press Touch-up to save the current axis position.
11. Repeat steps 5 to 10 to define the axis limits for additional axis ranges.
monitoring space.
Monitoring space
Fig. 7-10: Defining an axis-specific monitoring space
Defining an axis-specific monitoring space:

Type Typeofmonitoringspace
working space = The axes must move within
the configured limits of the monitoring space.
(Space violation if the axes leave the monitoring
space.)
protected space = The axes must move outside
the configured limits of the monitoring space.
(Space violation if the axes enter the monitoring
space.)
Default: working space

Activation Activation of monitoring space
always off = monitoring space is not active.
always active = monitoring space is always
active.
by input = monitoring space is activated by a
safe input.
If interface X13 is used, safe inputs are only
available for monitoring spaces 12 … 16.
(>>> 8.2 "SafeOperation via interface X13"
Page 136)
Default: always off
Space type Type of monitoring space
Cartesian space = Cartesian monitoring space

Axis space = axis-specific monitoring space
Default: Cartesian space
Stop at boundaries A stop is triggered if the space is violated.
Check box active: Robot stops if the monitoring
space limits are exceeded.
Check box not active: Robot does not stop if the
monitoring space limits are exceeded.
Default: Robot stops at boundaries.
V max Limit value of the space-specific velocity
 0.5 … 30,000 mm/s

Vmax valid if Validity of the space-specific velocity
not used = space-specific velocity is not moni-
tored.
Space not violated = space-specific velocity is
monitored if the monitoring space is not violated.
Space violated = space-specific velocity is mon-
itored if the monitoring space is violated.
Default: not used
Stopyet
not if mastering
done test Activation of reference stop
Check box active: Reference stop is activated for
the monitoring space.
Check box not active: Reference stop is not acti-
vated for the monitoring space.
Default: Reference stop activated.
Properties
Fig. 7-11: Defining axis-specific properties

Icon Description
Icon for rotational and infinitely rotating axes
Icon for linear axes
Monitoring Activationofmonitoring
Check box active: Monitoring is activated.
Check box not active: Monitoring is not activated.

Default: Monitoring is not activated.
Lower limit Lower limit of the axis-specific monitoring space
(lower axis limit)  Rotational axes: -360° … +360°
Default: -360°
 Linear axes: -30,000 mm … +30,000 mm
Default: -30,000 mm
The lower limit of an axis-specific workspace must be at least
0.5° or 1.5 mm less than the upper limit.
The axis-specific protected space is dependent on the maxi-
mum axis velocity. The minimum size for the axis-specific pro-
tected space is equal to the distance that the relevant axis can
travel at maximum axis velocity in an interval of 18 ms. If this
minimum value is violated, a message is displayed.
Current position Axis-specific actual position (display only)

 Red: axis position not allowed, as monitoring space is violat-
ed
 Green: axis position allowed
Upper limit Upper limit of the axis-specific monitoring space
(upper axis limit)  Rotational axes: -360° … +360°
Default: 360°
 Linear axes: -30,000 mm … +30,000 mm
Default: 30,000 mm
The upper limit of an axis-specific workspace must be at least
0.5° or 1.5 mm greater than the lower limit.
The axis-specific protected space is dependent on the maxi-
mum axis velocity. The minimum size for the axis-specific pro-
tected space is equal to the distance that the relevant axis can
travel at maximum
minimum axis velocity
value is violated, in an interval
a message of 18 ms. If this
is displayed.
7.5.6 Defining a xis-specific ve locity m onitoring

 T1 or T2 mode
 To modify option-specific monitoring functions: Safe monitoring is active.

Monitoring of the braking time and the maximum axis velocity in T1 is

part of the standard safety configuration and always active. The cor-
responding parameters can also be modified if safe monitoring is de-
activated.
Procedure 1. Select the Axis monitoring tab.

2. Edit the parameters of the standard safety configuration as required.
3. If necessary, activate monitoring of the safely reduced axis velocity for one
axis. To do so, select the desired axis and set the check mark at Monitor-
ing.
4. Change the limit value for the safely reduced axis velocity if necessary.
5. Modify the maximum velocity for rotational axes and linear axes (valid
globally for every axis).
Description
Fig. 7-12: Defining axis velocities

Icon Description
Defining axis velocities:
Monitoring Activationofmonitoring
Check box active: Axis is monitored.
Check box not active: Axis is not monitored.

Default: Axis is not monitored.
Braking time Duration of the monitored axis-specific braking ramp for safety
stop 1 and safety stop 2
 500 … 15,000 ms
Default: 1,500 ms
(>>> 7.5.6.1 "Parameter Braking time" Page 90)
Maximum velocity T1 Maximum axis velocity in T1
 Rotational axes: 1.0 … 100.00 °/s
Default: 30 °/s
 Linear axes: 1.0 … 1,500 mm/s
Default: 250 mm/s
This parameter enables a servo gun, for example, to be cali-
brated in T1 with a higher velocity than 250 mm/s.
Note: The Cartesian velocities at the flange and at the TCP are
monitored independently of this parameter and cannot exceed
250 mm/s.
Reduced velocity Limit value for safely reduced axis velocity
 Rotational axes: 0.5 … 5,000 °/s
Default: 5,000°/s
 Linear axes: 1.5 … 10,000 mm/s
Maximum velocity rotational Limit value for global maximum velocity for rotational axes
axis
 0.5 … 5,000 °/s
Default: 1,000°/s
The axis-specific protected space is dependent on the global
maximum axis velocity. A defined minimum size for the axis-
specific protected space is derived from the global maximum
axis velocity; the size must not fall below this value. If this mini-
mum value is violated, a message is displayed.
Maximum velocity transla- Limit value for global maximum velocity for translational axes
tional axis
 0.5 … 30,000 mm/s
Default: 5,000 mm/s
The axis-specific protected space is dependent on the global
maximum axis velocity. A defined minimum size for the axis-
specific protected space is derived from the global maximum
axis velocity; the size must not fall below this value. If this mini-
mum value is violated, a message is displayed.

7.5.6.1 Parameter Braking time
Description If a safety stop 1 or 2 occurs, the safety controller monitors the braking pro-
cess. Among other things, it monitors whether the axis-specific velocity re-
mains below its monitoring ramp. If the velocity is too high, i.e. if the ramp is
violated, then the safety controller triggers a safety stop 0.
The monitoring ramp can be specified using the parameter Braking time.
The parameter Braking time modifies the monitoring ramp. It does

not modify the actual time required by the kinematic system for brak-
ing.
Only alter the default time if it is necessary to do so. This

might be required, for example, in the case of very heavy
machines and/or very heavy loads as these cannot stop within the default
time.
The safety recovery technician must check whether and to what extent the
Braking time value needs to be modified in each specific application. He
must also check whether the modification makes additional safety measures
necessary, e.g. installation of a gate lock.
The monitoring ramp is determined as follows:
 The robot controller subtracts 200 ms from the value of the parameter
Braking time (taking into account the brake closing time). Th e result is the
monitoring time. For example, the default value of 1 500 ms results in a
monitoring time of 1 300 ms.
When this time has elapsed, another monitoring function begins:
 The ramp has plateaus of 300 ms at the start and end.
The plateau at the start is always 106% of the rated speed of the axis. The
plateau at the end is always 10.6 %.
Fig. 7-13: Monitoring ramp

1 Velocity profile during braking (example)
2 Monitoring ramp (default value Braking time 1 500 ms)
3 From this moment on, standstill monitoring begins.
vrs Rated speed of the axis (rs = "rated speed")
t Time
The value “0” on the time axis is the moment at which the safety
stop 1 or 2 begins.

Limitations  Braking time can be configured separately for each axis; at the moment
of braking, however, the value used for all axes is always the highest value
entered.
Recommendation: for greater transparency, enter the same value for all
axes.
 The parameter Braking time usually has no effect in T1, since it refers to
the axis-specific monitoring. In T1, however, there is another (non-config-
urable) monitoring function for the Cartesian velocity on the flange. This is
usually stricter.
Value increased If the value Braking time is increased, this has the following effect:
The monitoring
strict. rampa becomes
There is now longer and
lower probability that flatter,
a brakingi.e. process
monitoring
willisviolate
now less
the
ramp.
Fig. 7-14: Example: value is increased
1 Velocity profile during braking (example)

2 Monitoring (lower Braking time value)
3 Monitoring (higher Braking time value)
Value reduced If the value “Braking time” is reduced, this has the following effect:
The monitoring ramp becomes shorter and steeper, i.e. monitoring is now
stricter. There is now a higher probability that a braking process will violate the
ramp.
7.5.7 Defining the safe operational stop for axis groups

Procedure 1. Select the Axis monitoring tab and press Safe operational stop.
The Safe operational stop window opens.
2. Select axis from the list.
3. Enter the position tolerance for this axis.
The position tolerance configured here also applies to the global safe
operational stop, with which all axes are monitored.

The global safe operational stop is one of the standard safety func-
tions. The position tolerances can also be modified if safe monitoring
is deactivated.
4. Activate one or more axis groups in which the axis is to be monitored by
activating the corresponding check box (set the check mark).
5. Repeat steps 2 to 4 to define further monitoring functions.
ter/slave axes, a maximum of 8 drives can be configured for each axis
group.
Description
Fig. 7-15: Defining a safe operational stop
Icon Description
Defining the safe operational stop:

Monitoring in axis groups 1-6 Safe operational stop for axis group 1 … 6
Check box active: Axis is monitored in axis group.
Check box not active: Axis is not monitored in axis group.
Default: No monitoring
Position tolerance Tolerance for standstill monitoring in the case of safe opera-
tional stop. The axis may still move within this tolerance when a
safe operational stop is active.
 Rotational axes: 0.001° … 1°
Default: 0.01°
 Linear axes: 0.003 … 3 mm
Default: 0.1 mm
7.5.8 Defining safe tools

Procedure 1. Select the Tools tab and select a tool from the list.
The parameters of the safe tool are displayed.
2. Activate safe tool. To do so, set the check mark at Activation.
3. Enter a name for the tool (max. 24 characters).
4. Define the safe TCP of the tool.
The Properties of {0} window opens.
6. Select a sphere from the list and activate monitoring of the sphere. To do
so, set the check mark at Monitoring.
7. Enter the coordinates of the center of the sphere and the radius of the
sphere.
8. Repeat steps 6 to 7 to define additional spheres for the safe tool.
Tool
Fig. 7-16: Defining a safe tool
Defining a safe tool:

Activation Activation of the safe tool
Check box active: Safe tool is activated.
Check box not active: Safe tool is not activated.
Default tool 1: Activated
Default tool 2 … 16: Not activated
Note: If interface X13 is used, tool 1 is always
active. The tool cannot be activated via a safe
input. An automated, safely monitored tool
change is thus not possible.
TCP X, Y, Z X, Y and Z coordinates of the safe TCP for
velocity monitoring
 -10,000 mm … +10,000 mm
Default: 0 mm
Properties
Fig. 7-17: Defining the properties of the safe tool

Monitoring Activation of monitoring of the sphere
Check box active: Sphere is monitored.
Check box not active: Sphere is not monitored.
Default sphere 1: Monitoring active
Default spheres 2 to 6: Monitoring deactivated
X, Y, Z X, Y and Z coordinates of the sphere center
point relative to the FLANGE coordinate system
 -10,000 mm … +10,000 mm
Default: 0 mm
Radius Radius of the sphere at the safe tool
 10 … 10,000 mm
Default: 250 mm
The sphere radius must not fall below the pre-
defined minimum value. This radius is depen-
dent on the global maximum Cartesian velocity.
(>>> "Minimum sphere radius" Page 72)
7.5.9 Defining t he r eference position

Procedure 1. Select the tool and base for Cartesian jogging.
2. Select the Reference position tab.
3. Move robot to the reference position.
4. Select one of the robot axes.
5. Press Touch-up reference position
for group to accept the current flange position of the robot as the refer-
ence position for the axes in reference group 1.
The coordinates of the Cartesian reference position are displayed in the
configuration window.
6. If external axes are configured, enter the number of the corresponding ref-
erence group for each external axis.
7. If present, move external axes in reference group 2 to the reference posi-
tion and save with Touch-up reference position
for group.
8. If present, move external axes in reference group 3 to the reference posi-
tion and save with Touch-up reference position
for group.

Description
Fig. 7-18: Defining the reference position
Icon Description
Defining the reference position:

Reference group Each axis that is to be subjected to safe monitoring must be
assigned to a reference group. Robot axes are always assigned
to reference group 1. External axes can be assigned to other
reference groups, but also to reference group 1, e.g. in the case
of a KL.
 1: Robot axes
 1 … 3: External axes
Default: 1
Reference position Axis-specific coordinates of the reference position
To monitor the mastering, the axis angles of the robot axes are
defined for a specific Cartesian reference position. During the
mastering test, the robot moves to the Cartesian reference posi-
tion and the actual position of the axes is compared with the
command position.
 Rotational axes: -360° … +360°
Default: 45°
 Linear axes: -30,000 mm … +30,000 mm
Default: 1,000 mm
Current position Axis-specific actual position (display only)
 Red: reference position not allowed, as too near mastering
position
 Green: reference position allowed
Mastering position The axis angles at the mastering position are defined in the
machine data. (display only)
Cartesian reference position X, Y and Z coordinates of the Cartesian reference position rela-
X, Y, Z tive to the WORLD coordinate system (display for reference
group 1)
The coordinates of the Cartesian reference position refer to the
center point of the mounting flange.
 -30,000 mm … +30,000 mm
Default: 0 mm
7.5.10 Saving the safety configuration
Serious injury and severe damage to the robot can be

caused by an error during saving or a failed reinitializa-
tion. If an error message is displayed after saving, the safety configuration
must be checked and saved again.
 Safety configuration is completed.
Procedure 1. Press Save and answer the request for confirmation with Yes.
The safety configuration is saved on the hard drive and the checksum of
the safety configuration is saved to the RDC.
The robot controller is automatically reinitialized.
2. The checksum and activation code of the safety configuration are dis-
played on the General tab.

Note the checksum and activation code in the checklist for safety func-
tions.
(>>> 11.1.3 "Checklist for safety functions" Page 172)
7 .6 M a s t e r in g t e s t
7.6.1 Overview, m astering test
Description The mastering test is used to check whether the current position of the robot
and the external axes corresponds to a reference position.
Infinitely rotating axes are taken into consideration in the mastering

test with modulo 360°, i.e. the reference position is always relative to
the circle.
If the deviation between the current position and the reference position is too
great, the mastering test has failed. The robot stops with a safety stop 1 and
can only be moved in T1 mode. If the mastering test run was successful, the
robot can be safely monitored using the safety controller.
The position to be monitored is not verified until a mastering test has been car-
ried out. It is advisable to perform the mastering test as quickly as possible.
The safety maintenance personnel must determine, by means of a

risk assessment, whether additional system-specific safety measures
are required, e.g. reference stop if the mastering test has not been
carried out.
Reference group Each axis

erence that Robot
group. is to beaxes
subjected to safe
are always monitoring
assigned must be group
to reference assigned to a ref-
1. External
axes can be assigned to other reference groups, but also to reference group
1, e.g. in the case of a KL.
 1: Robot axes
 1 … 3: External axes
All axes of a reference group are mastered together.
During the mastering test, all axes of a reference group must be in the
reference position in order to actuate the reference switch. If not all
the axes of a reference group are involved in actuating the reference
switch, the position of the axes cannot be checked.
Requirement The following events cause a mastering test to be requested:

 Robot controller is rebooted (internal request)


Robot is remastered
I/O driver (internal
is reconfigured request)
(internal request)
 Input $MASTERINGTEST_REQ_EXT is set externally, e.g. by a safety
PLC (external request)
Monitoring time Once the robot controller has booted, the robot can be moved for 2 hours with-
out a mastering test. Once the monitoring time has elapsed, the robot stops
with a safety stop 1 and the safety controller generates the following message:
Ackn.: Mastering test time interval expired .
Execution The mastering test is carried out using the program MasRef_Main.SRC. It can
be started in the following ways:

 Automatic
Integrate MasRef_Main.SRC into the application program in such a way
that it is cyclically called as a subprogram. If a mastering test is requested,
the robot detects this and starts the mastering test.
 Manual
For this, start the program MasRef_Main.SRC manually.
If the reference switch is activated via PROFIsafe or
CIP Safety, the PLC input Mastering test must only be
reset if the reference switch is actuated on both channels. This prevents a
single-channel mastering test.
Overview Step Description

1 Select reference position.
(>>> 7.6.4 "Selecting a reference position" Page 101)
2 Install reference switch and actuating plate.
(>>> 7.6.4.1 "Installing the reference switch and actuating
plate" Page 101)
3 Connect the reference switch.
(>>> 7.6.4.2 "Connecting a reference switch" Page 102)
4 Configure the input signal $MASTERINGTEST_REQ_EXT
for the external mastering test request.
This signal is declared in the file $machine.dat in the direc-
tory KRC:\ROBOTER\KRC\STEU\MADA and must be
assigned to a suitable input. By default, the signal is routed
to $IN[1026].
5 Teach positions for the mastering test in the program
MasRef_USER.SRC.
The reference position must be taught in the program
MasRef_USER.SRC and in the safety configuration.
(>>> 7.6.5 "Teaching positions for the mastering test"
Page 103)
6 Only if the reference switch is actuated by a ferromagnetic
part of the tool or following a tool change:
 Check the accuracy of the reference position.
(>>> 7.6.6 "Checking the reference position (actuation
with tool)" Page 105)
7 If the mastering test is to be executed automatically:
Integrate
in such a MasRef_Main.SRC intocalled
way that it is cyclically the application program
as a subprogram.
8 If the mastering test is to be executed manually:
Start the program MasRef_Main.SRC manually.
(>>> 7.6.7 "Performing a mastering test manually"
Page 105)
7.6.2 Programs for the mastering test
The following programs are used for the mastering test:

Program Directory Description

MasRef_Main.SRC R1\System The program checks whether a mastering test is
required and must be executed as soon as possi-
ble after an internal request. If the program is not
executed within 2 hours, the robot stops and the
robot controller generates a message.
If a mastering test is required, the robot performs it
immediately.
The program calls the program
MasRef_USER.SRC that is used to address the
reference position.
MasRef_USER.SRC R1\Program The program contains 3 subprograms for moving to
reference positions 1 to 3 and 3 subprograms for
the motion away from reference positions 1 to 3
after the mastering test has been performed.
If the motion away from the reference position is
not taught, the robot and external axes remain sta-
tionary after the mastering test. The robot controller
generates an error message.
7.6.3 Variables f or t he m astering t est
Variable Description
$MASTERINGTEST_ACTIVE State of the mastering test
TRUE = mastering test is active.
FALSE = no mastering test is active.
$MASTERINGTEST_GROUP Number of the reference group that is currently in the refer-
ence position
 0: No reference group in reference position
 1 … 3: Reference group with this number in reference
position
$MASTERINGTEST_REQ_INT Internal mastering test request from the safety controller
TRUE = mastering test is requested.
FALSE = mastering test is not requested.
$MASTERINGTEST_REQ_EXT Input for the external request for mastering test, e.g. from
the safety PLC
TRUE = mastering test is requested.
FALSE = mastering test is not requested.
Note: This signal is declared in the file $machine.dat in the
directory KRC:\ROBOTER\KRC\STEU\MADA and must be
assigned to a suitable input. By default, the signal is routed
to $IN[1026].
$MASTERINGTEST_SWITCH_ Check of the function of the reference switch
OK
TRUE = reference switch is OK.
FALSE = reference switch is defective.

7.6.4 Selecting a reference position
Description The reference position can be approached with the actuating plate or with a
ferromagnetic part of the tool as follows:
Fig. 7-19: Example: position of the actuating plate on the reference

switch
1 Tool
2 Actuating plate
3 Reference switch
4 Mechanical mounting fixture for the reference switch
5 Actuated reference switch
Selection criteria The reference run must be selected in accordance with the following criteria:
 The position of the reference switch and actuating plate does not interfere
with the work sequence of the robot.
 The reference position is not a position in which the axes are in a singular-
ity.
 In the reference position, both proximity switch surfaces of the reference
switch are actuated by the switching surface (actuating plate or tool).
 All axes of a reference group are in the reference position in order to actu-
ate the reference switch.
 In the reference position, the robot axes are at least ±5° (rotational axes)
or ±15 mm (linear axes) away from the mastering position.
 The position of the reference switch is within the motion range of the robot.
7.6.4.1 Installing the re ference swit ch an d actu ating plate
Precondition  The robot controller is switched off and secured to prevent unauthorized
persons from switching it on again.
 The reference run has been selected in accordance with the required cri-
teria.
(>>> "Selection criteria" Page 101)

Procedure 1. Prepare a mechanical mounting fixture for mounting the reference switch.
2. Attach the re ference switch to the moun ting fixture.
3. If the actuating plate is being used, fasten the actuating plate to the robot
flange or tool.
Example
Fig. 7-20: Example of an actuating plate on the tool

1 Robot
2 Actuating plate on tool
3 Tool
4 Reference switch on mounting fixture
7.6.4.2 Connecting a r eference s witch
The robot controller is preconfigured for the specific in-

dustrial robot. If cables are interchanged, the manipula-
tor and the external axes (optional) may receive incorrect data and can thus
cause personal injury or material damage. If a system consists of more than
one manipulator, always connect the connecting cables to the manipulators
and their corresponding robot controllers.
In the case of a KR C4, only 1 reference switch can be connected di-

rectly to the robot controller. If multiple reference groups are required,
the reference switches can be connected to the safety PLC and acti-
vated via PROFIsafe or CIP Safety. The safety PLC must evaluate the refer-
ence switches and set the input Mastering test accordingly.
A KR C4 compact is not equipped with a connection allowing a refer-

ence switch to be connected to the robot controller. Reference switch-
es must be connected to the safety PLC and activated via PROFIsafe
or CIP Safety. The safety PLC must evaluate the reference switches and set
the input Mastering test accordingly.

 Reference switch is installed.
 Reference cable X42 - XS Ref (maximum cable length 40 m)
The following procedure applies only to connection of the reference
switch to a KR C4.
Procedure 1. Route the reference cable X42 - XS Ref correctly (in a fixed installation or
cable carrier).
When routing
observe the cable,
the minimum avoid mechanical
bending radii. damage and
The following bending radii serve as guide values:

2. Connect the reference cable: Connect X42 to the robot controller and XS
Ref to the reference switch.
7.6.5 Teaching positions fo r th e ma stering test
Description The following points must be taught for each reference group:
 Motion to the reference switch
 Reference position
The reference position must additionally be taught in the safety con-
figuration.
 Motion away from the reference switch

Precondition  Reference switch is installed and connected.
 T1 or T2 operating mode
Procedure 1. Open the program MasRef_USER.SRC.
2. Insert a HALT statement in the subprograms MASREFSTARTG X() and
MASREFBACKGX().
3. Close the program MasRef_USER.SRC.
4. Select the program MasRef_Main.SRC.
5. Perform block selection to the subprogram RunTest_Group( X).
6. Press the Start key. The subprogram MASREFSTARTG X() of the program
MasRef_USER.SRC is called.
7. In the subprogram MASREFSTARTG X(), program a motion to a point ap-
prox. 10 cm before the reference switch and teach the required points.
8. Program a LIN motion to the reference switch so that it is actuated. This
position is the reference position.
The distance from the reference switch must not exceed 2 mm in the
reference position. If the distance is greater, the reference switch will
not be actuated.
9. Teach the reference position.
10. Do not move the robot.

11. Teach the referenc e position in the safety configur ation.

12. Return to the subprog ram MASREFSTARTG X() and perform a block se-
lection to the END line.
13. Press the Start key. The subprog ram MASREFBACKG X() of the program
MasRef_USER.SRC is called.
14. In the subprogram MASREFBACKGX(), program the motion away from
the reference position and teach the required points.
15. Deselect the program and save the changes.
16. For automatic operation, delete all HALT statements from the program
MasRef_USER.SRC once again.
17. Cyclically call the program MasRef_Main.SRC at a suitable point and en-
able execution of the mastering test after an internal request.
Program 1 DEF M asRef_USER()
2 END
3
4 GLOBAL DEF MASREFSTARTG1()
5 Teach path and reference position for group 1
6
7 END
8
9 GLOBAL DEF MASREFSTARTG2()
11
12 END
13
14 GLOBAL DEF M ASREFSTARTG3()
16
17 END
18
19 GLOBAL DEF MASREFBACKG1()
20 Teach path back for group 1
21
22 END
23
26
27 END
28
31
32 END
Line Description
5 Program the motion to the reference position of reference
group 1 and teach the reference position.
20 Teach the motion away from the reference position of refer-
ence group 1.

Line Description
ence group 2.
ence group 3.
7.6.6 Checking the reference position (actuation with tool)
The robot can move beyond the configured limits if the

reference switch is actuated by a ferromagnetic part of
the tool and the accuracy at the reference position is exceeded. Severe phys-
ical injuries or damage to property may result. The accuracy of the reference
position must be checked.
If the tool is exchanged, the reference position and the

accuracy of the reference position must be checked. If
required, the reference position must be adapted to the new tool. Failure to
observe this precaution may result in severe physical injuries or considerable
damage to property.

 The reference position has been taught in the program
Procedure 1. Open the program MasRef_USER.SRC.

2. In the subprogram MASREFSTARTG X(), insert a HALT statement imme-
diately before the END line.
3. Close the program MasRef_USER.SRC.
4. Select the program MasRef_Main.SRC.
5. Perform block selection to the subprogram RunTest_Group( X).
6. Press the Start key. The subprogram MASREFSTARTG X() of the program
MasRef_USER.SRC is called and the robot moves to the reference posi-
tion.
7. Jog each axis individually in the positive and negative directions using the
jog keys and observe when the reference switch is no longer actuated.
8. Analyze the axis-specific tolerances determined in this way for the master-
ing test relative to the application and select a different reference position
if necessary.
9. For automatic operation, delete all HALT statements from the program
MasRef_USER.SRC once again.

7.6.7 Performing a mastering test manually

If the reference switch is connected to the robot controller via inter-
face X42, the mastering test can be executed in Start-up mode.
 The reference position has been taught in the program

 T1 or T2 mode

The robot moves in T2 mode at the programmed velocity

and can cause personal injury or material damage. Make
sure that the robot cannot collide and that no persons are in the motion range
of the robot.
Procedure  Select and execute the program MasRef_Main.SRC to the end of the pro-
gram.
7 .7 B r ake t est
7.7.1 Overview of the brake test

Description Each robot axis has a holding brake integrated into the motor. The brake test
checks every axis at low speed and at the current temperature to see if the
braking torque is sufficiently high, i.e. whether it exceeds a certain minimum
value. The minimum value for the individual axes is stored in the machine da-
ta. (The brake test does not calculate the absolute value of the braking torque.)
Request If the brake test is active, the following events cause a brake test to be request-
ed:
 Input $BRAKETEST_REQ_EX is set externally, e.g. by a PLC (external
request)
 Robot controller boots with a cold start (internal request)
 Function test of the brake test (internal request)
 Brake test cycle time has elapsed (internal request)
Cycle time The cycle time is 46 h. It is deemed to have elapsed when the drives have
been under servo-control for a total of 46 h. The robot controller then requests
a brake test and generates the following message: Brake test required. The
robot can be moved for another 2 hours. It then stops and the robot controller
generates the following acknowledgement message: Cyclical check for brake
test request not made. Once the message has been acknowledged, the robot
can be moved for another 2 hours.
Execution A precondition for the brake test is that the robot is at operating temperature.
This is the case after approx. 1 h in normal operation.
The brake test is carried out using the program BrakeTestReq.SRC. It can be
started in the following ways:
 Automatically
Integrate BrakeTestReq.SRC into the application program in such a way
that it is cyclically called as a subprogram. If a brake test is requested, the
robot detects this and starts the brake test.

Manually
Start the program BrakeTestReq.SRC manually.
Sequence The brake test checks all brakes one after the other.
1. The robot accelerates to a defined velocity. (The velocity cannot be influ-
enced by the user.)
2. Once the robot has reached the velocity, the brake is applied and the re-
sult for this braking operation is displayed in the message window.
3. If a brake has been identified as being defective, the brake test can be re-
peated for confirmation or the robot can be moved to the parking position.
If a brake has reached the wear limit, the robot controller indicates this by
means of a message. A worn brake will soon be identified as defective.
Until then, the robot can be moved without restrictions.

If a brake has been identified as being defective, the drives remain

under servo-control for 2 hours following the start of the brake test (=
monitoring time). The robot controller then switches the drives off.
Overview Step Description

In WorkVisual:
1 If required: Activate the brake test in WorkVisual.
(>>> 7.7.2 "Activating the brake test" Page 107)
On the robot controller:
2 Configure input and output signals for the brake test.
(>>> 7.7.4 "Configuring input and output signals for the
brake test" Page 108)
3 Teach positions for the brake test.
The parking position must be taught. The start position and
end position can be taught.
(>>> 7.7.5 "Teaching positions for the brake test"
Page 111)
4 If the brake test is to be carried out automatically:
Integrate BrakeTestReq.SRC into the application program
in such a way that it is cyclically called as a subprogram.
5 If the brake test is to be carried out manually:
Start the program BrakeTestReq.SRC manually.
(>>> 7.7.6 "Performing a manual brake test" Page 112)
6 If required: Test the function of the brake test.
(>>> 7.7.7 "Checking that the brake test is functioning cor-
rectly" Page 113)
7.7.2 Activating the brake test
 If a safety option is installed and the safe monitoring is active, the brake
test is automatically active.
 If the brake test is not automatically active, the user has the option of man-
ually activating it. This must be carried out in WorkVisual.
If the brake test is not automatically active, the user must carry out a
risk assessment to determine whether it is necessary to activate the
brake test for the specific application.
Further information
WorkVisual about activating the brake test is contained in the
documentation.
7.7.3 Programs f or t he b rake test
The programs are located in the directory C:\KRC\ROBOT-

ER\KRC\R1\TP\BrakeTest.

Program Description
BrakeTestReq.SRC This program performs the brake test.
It can be performed in the following ways:
 Integrate the program into the application program in such a way that
it is cyclically called as a subprogram. If a brake test is requested, the
robot detects this and performs the brake test immediately.
 Execute the program manually.
 Test the function of the brake test. The robot controller executes Bra-
keTestReq.SRC with special parameterization.
BrakeTestPark.SRC The parking position of the robot must be taught in this program.
The robot can be moved to the parking position if a brake has been
identified as being defective. Alternatively, the brake test can be
repeated for confirmation.
BrakeTestStart.SRC The start position of the brake test can be taught in this program. The
robot starts the brake test from this position.
If the start position is not taught, the robot performs the brake test at the
actual position.
BrakeTestBack.SRC The end position of the brake test can be taught in this program. The
robot moves to this position after the brake test.
If the end position is not taught, the robot remains at the actual position
after the brake test.
BrakeTestSelfT- The program checks whether the brake test has correctly detected a
est.SRC defective brake. For this purpose, the robot controller executes BrakeT-
estReq.SRC with special parameterization.
7.7.4 Configuring input an d output signals for the brake t est
Description All signals for the brake test are declared in the file $machine.dat in the direc-
tory KRC:\STEU\MADA.
These signals are not redundant in design and can sup-

ply incorrect information. Do not use these signals for
safety-relevant applications.

Procedure 1. Open the file $machine.dat in the directory KRC:\STEU\MADA in the Nav-
igator.
2. Assign inputs and outputs.
3. Save and close the file.
$machine.dat Extract from the file $machine.dat (with default settings, without comments):
...
SIGNAL $BRAKETEST_REQ_EX $IN[1026]
SIGNAL $BRAKETEST_MONTIME FALSE
...
SIGNAL $BRAKETEST_REQ_INT FALSE
SIGNAL $BRAKETEST_WORK FALSE
SIGNAL $BRAKES_OK FALSE
SIGNAL $BRAKETEST_WARN FALSE
...
Signals There is 1 input signal. By default, it is routed to $IN[1026].

The output signals are preset to FALSE. There is no compelling need to assign
output numbers to them. It is only necessary to assign numbers if there is a
need to be able to read the signals (e.g. via the variable correction function or
program execution.)
Signal Description
$BRAKETEST_REQ_EX Input
 TRUE = brake test is being requested externally (e.g. by PLC).
The robot controller confirms the signal with
$BRAKETEST_REQ_INT = TRUE and generates message
27004.

FALSE = brake test is not being requested externally.
$BRAKETEST_MONTIME Output
 TRUE = robot was stopped due to elapsed monitoring time.
Acknowledgement message 27002 is generated.
 FALSE = acknowledgement message 27002 is not active. (Not
generated, or has been acknowledged.)
$BRAKETEST_REQ_INT Output
 TRUE = message 27004 is active.
The signal is not set to FALSE again until a brake test is carried
out with a positive result, i.e. with message 27012.
 FALSE = brake test is not requested (either internally or exter-
nally).
$BRAKETEST_WORK Output
 TRUE = brake test is currently being performed.

FALSE = brake test is not being performed.
If no defective brakes have been detected, message 27012 is
generated.
Edge TRUE → FALSE:
 Test was successfully completed. No brake is defective. Mes-
sage 27012 is generated.
 Or at least 1 defective brake was detected and the robot has
moved to the parking position.
 Or the program was canceled during execution of the brake
test.
$BRAKES_OK Output
 Edge FALSE → TRUE: Output was set to FALSE by the pre-
vious brake test. The brake test was carried out again and no
defective brake was detected.
 Edge TRUE → FALSE: A brake has just been detected as de-
fective. Message 27007 is generated.
$BRAKETEST_WARN Output
 Edge FALSE → TRUE: At least 1 brake has been detected as
having reached the wear limit. Message 27001 is generated at
the same time.
 Edge TRUE → FALSE: Output was set to TRUE by the previ-
ous brake test. The brake test was carried out again and no
worn brake was detected.

Messages
No. Message
27001 Brake {Brake no.}{Axis no.} has reached the wear limit
27002 Cyclical check for brake test request not made
27004 Brake test required
27007 Insufficient holding torque of brake {Brake no.}{Axis no.}
27012 Brake test successful
7.7.4.1 Signal diagram of the brake test – examples
Example 1 The signal diagram for the brake test applies in the following case:
 No brake has reached the wear limit.
 No brake is defective.
Fig. 7-21: Signal diagram: brakes OK

Item Description
1 The brake test is requested.
2 Automatic call of the program BrakeTestReq.SRC
Start of the brake test
3 The brake test is completed.
Example 2 The signal diagram for the brake test applies in the following case:
 Brake A2 is worn.
 Brake A4 is defective.
Fig. 7-22: Signal diagram: brakes not OK

Item Description
1 The brake test is requested.
$BRAKETEST_REQ_INT is not set to FALSE again until a brake
test is carried out with a positive result.
2 Automatic call of the program BrakeTestReq.SRC
Start of the brake test
3 Brake A2 is tested: brake is worn.
4 Brake A4 is tested: brake is defective.
5 The robot has been moved to the parking position or the program
has been canceled.
7.7.5 Teaching positions for the brake test
Description The parking position must be taught.

The start position and end position can be taught.
 If the start position is not taught, the robot performs the brake test at the
actual position.
 If the end position is not taught, the robot remains at the actual position af-
ter the brake test.
Parking position If a brake is identified as being defective, the robot can be moved to the park-
ing position. Alternatively, the brake test can be repeated for confirmation.
The parking position must be selected in a position

where no persons are endangered if the robot sags be-
cause of the defective brake. The transport position, for example, can be se-
lected as the parking position.
Further information about the transport position is contained in the robot op-
erating or assembly instructions.
Precondition  All output signals are assigned to outputs.

 “Expert” user group
 Operating mode T1
Procedure 1. Open the program BrakeTestStart.SRC in the directory R1\TP\BrakeTest.
2. Teach the motions to the start position of the brake test.
 The motions must be taught in such a way that the robot cannot cause
a collision on the way to the start position.
 In the start position, every robot axis must have an available motion
range of ±10°.
3. Save and close the program.
4. Open the program BrakeTestBack.SRC in the directory R1\TP\BrakeTest.
5. Teach the motions from the start position to the end position of the brake
test.
The start and end position may be identical.
7. Open the program BrakeTestPark.SRC in the directory R1\TP\BrakeTest.
8. Program the motions from the end position to the parking position of the
robot.

7.7.6 Performing a manual brake test
If a brake is identified as being defective and the drives

are deactivated, the robot may sag. For this reason, no
stop may be triggered during the motion to the parking position. The monitor-
ing functions that can trigger a stop in this range (e.g. monitoring spaces)
must be deactivated beforehand. No safety functions may be executed that
would trigger a stop (e.g. E-STOP, opening the safety gate, change of oper-
ating mode, etc.).
If a brake has been identified as being defective, the parking position must
be approached no faster than at 10% of maximum velocity.
Program override for the test is automatically set to

100%. The robot moves at high velocity. Make sure that
the robot cannot collide and that no persons are in the motion range of the
robot.
Precondition  No persons or objects are present within the motion range of the robot.
 In the start position, every robot axis has an available motion range of
±10°. (Or, if no start position has been taught, in the actual position.)
 The parking position has been taught in the program BrakeTestPark.SRC.
 Program run mode GO
 AUT mode
 The robot is at operating temperature (= after approx. 1 h in normal oper-
ation).
Procedure 1. Select the program BrakeTestReq.SRC in the directory R1\TP\BrakeTest

and press the Start key.
2. The following message is displayed: Performing manual brake test -
please acknowledge. Acknowledge the message.
3. Press the Start key. The message Programmed path reached (BCO) is
displayed.
4. Press the Start key. The brakes are tested, starting with A1.
5. Possible results:
 If a brake is OK, this is indicated by the following message: Brake
{Brake no.}{Axis no.} OK.
If all brakes are OK, this is indicated after the brake test by the follow-
ing message: Brake test successful. (It is possible that one or more
brakes may have reached the wear limit. This is also indicated by a
message.)
Deselect the program BrakeTestReq.SRC.

If a brake holding
is defective, this In-
sufficient torque of is indicated
brake byno.}{Axis
{Brake the following
no.} . message:
Once all brakes have been tested, either press Repeat to repeat the
brake test for checking purposes
or press Park pos. to move the robot to the parking position.
If a brake has been identified as being defective, the drives remain
under servo-control for 2 hours following the start of the brake test (=
monitoring time). The robot controller then switches the drives off.

7.7.7 Checking that the brake test is functioning correctly
Description It is possible to check whether the brake test has correctly detected a defective
brake: the program BrakeTestSelfTest.SRC simulates a fault in the brakes
and triggers a brake test. If the brake test detects the simulated fault, it is func-
tioning correctly.
Program override for the test is automatically set to

100%. The robot moves at high velocity. Make sure that
the robot cannot collide and that no persons are in the motion range of the
robot.
Precondition 
No persons or objects are present within the motion range of the robot.
 In the start position, every robot axis has an available motion range of
±10°. (Or, if no start position has been taught, in the actual position.)
 The parking position has been taught in the program BrakeTestPark.SRC.
 Program run mode GO
 AUT mode
 The robot is at operating temperature (= after approx. 1 h in normal oper-
ation).
Procedure 1. Select the program BrakeTestSelfTest.SRC in the directory R1\TP\Bra-
keTest and press the Start key.
2. The following message is displayed: Performing self-test for brake test - please
acknowledge. Confirm the message by pressing Ackn..
3. Press the Start key.
4. Result of the function test:
 Message Insufficient holding torque of brake 3: The brake test has correct-
ly detected the simulated fault. The brake test is functioning correctly.
Deselect the program BrakeTestSelfTest.SRC.
Perform a manual brake test. This ensures that the simulated fault
does not remain active.
 Any other message, or no message, means: The brake test has not
detected the simulated fault. The brake test is not functioning correctly.
If the function test establishes that the brake test is not
functioning correctly:
 The robot must no longer be moved.
 KUKA Roboter GmbH must be contacted.
7.8 Override reduction for velocity and workspace limits
Override reduction for velocity and workspace limits is not a safety

function.
Description Override reduction can be activated for the velocities and workspaces moni-
tored by the safety controller:

 Override reduction for the velocity ($SR_VEL_RED = TRUE)

If override reduction is active, the velocity is automatically reduced so that
the lowest currently monitored velocity limit is not exceeded.
The variable $SR_OV_RED specifies the reduction factor for the override
reduction as a percentage. The velocity is reduced to the following value:
lowest velocity limit * reduction factor
(>>> "Example" Page 114)
 Override reduction for monitoring spaces ($SR_WORKSPACE_RED =
TRUE)
Override reduction is only relevant for monitoring spaces for which the
function Stop at boundaries is active, and the robot is stopped with a
safety stop if it violates the space limit.
The override reduction for monitoring spaces is only effective in modes T2,
AUT and AUT EXT. In T1 mode, the override reduction for monitoring
spaces is generally deactivated, i.e. it is also deactivated if
$SR_WORKSPACE_RED = TRUE.
If override reduction is active and the robot approaches the workspace lim-
it, the velocity is continuously reduced. When the robot moves over the
workspace limit and is stopped, the velocity has already been greatly re-
duced. The stopping distance is short and the robot quickly comes to a
standstill.
If override reduction is not active and the robot approaches the workspace
limit, the velocity is not reduced. The robot is still moving at full velocity
when it is stopped at the workspace limit. The robot does not come to a
standstill as quickly as with override reduction active, as the stopping dis-
tance is greater due to the higher velocity.
The variables for override reduction can be modified in the $CUSTOM.DAT
file, in a KRL program or via the variable correction function. If a variable is
modified, an advance run stop is triggered.
(>>> 7.8.3 "Variables for override reduction in $CUSTOM.DAT" Page 117)
Example Override reduction for the velocity:
 $SR_VEL_RED = TRUE
 $SR_OV_RED = 95
The lowest Cartesian velocity limit active on the safety controller is a space-
specific velocity of 1,000 mm/s. The override reduction function reduces the
Cartesian velocity at the safe TCP of the active tool to 950 mm/s. The override
reduction function is only triggered if it is foreseeable that the limit of 950 mm/s
would be exceeded without velocity reduction.
Fig. 7-23: Example: Override reduction with $SR_VEL_RED
v3 Maximum Cartesian velocity; v3 = 1,200 mm/s

v2 Space-specific velocity; v2 = 1, 000 mm/s
v1 Velocity v2 * reduction factor; v1 = 1,000 mm/s * 95% = 950 mm/s

t1 Override reduction is triggered: without velocity reduction, the limit v1

would be exceeded.
t2 Override reduction is no longer triggered.
7.8.1 Override r eduction with spline
Overview If motion is carried out without spline, override reduction takes effect before
workspace limits and at Cartesian velocity limits. If motion is carried out with
spline, override reduction also affects axis-specific velocity limits.
Overridereductionhasaneffect… Without With spline

spline
before workspace Cartesian
limits
Axis-specific
(in T2, AUT and
AUT EXT modes)
on space-specific Cartesian space
velocity
Axis-specific space
on velocity limits Cartesian velocity
 Maximum velocity (not space-depen-
dent)
 Reduced velocity
 Reduced velocity for T1
Axis velocity

Maximum velocity (valid globally for ev-
ery axis)
 Reduced velocity
 Maximum velocity for T1
Spline is a motion type that is suitable for particularly complex, curved paths.
Such paths can also be generated using approximated LIN and CIRC motions,
but splines have advantages, however.
The advantages of spline include:
 The path always remains the same, irrespective of the override setting, ve-
locity or acceleration.
 Circles and tight radii are executed with great precision.
It is advisable to use spline for optimal override reduction, e.g. in the case of
frequent motion along the workspace limits.
Information about
“Operating and motion programming
Programming withforspline
Instructions Systemis contained in the
Integrators”.
7.8.2 Examples o f ov erride r eduction w ith sp line
Changing A change of workspace is carried out from one Cartesian workspace to anoth-
workspace er Cartesian workspace with a lower space-specific velocity vmax.
The following preconditions are met:
System variables:
 $SR_VEL_RED = TRUE

 $SR_OV_RED = 80
Safety configuration:
 At least one tool sphere on the active tool is monitored.
 The workspace with the lower space-specific velocity vmax is switched to
active (permanently for preference).
 The space-specific velocity vmax is valid if the workspace is not violated.
With spline (red line), override reduction reduces the Cartesian velocity at the
safe TCP of the active tool in good time in the old workspace and moves into
the new workspace with the lower space-specific velocity.
Without spline (blue line), the Cartesian velocity is reduced in the old work-
space, but the override reduction function is not usually triggered early
enough. The lower space-specific velocity of the new workspace has not yet
been reached at the workspace limit and the robot stops with a safety stop 0.
Fig. 7-24: Changing to a workspace with a lower v max
1 Cartesian workspace with v max = 1,000 mm/s,

reduced to 800 mm/s
2 Cartesian workspace with v max = 500 mm/s,
reduced to 400 mm/s
Due to override reduction with $SR_OV_RED = 80, a maximum of 80

percent of the configured space-specific velocity vmax is reached in
the workspaces.
Moving into a A Cartesian protected space is configured into which the robot may not move.
protected space If the robot approaches the protected space, override reduction is triggered
and reduces the velocity. If the robot wishes to enter the protected space, a
safety stop 0 is triggered at the workspace limit.
The following preconditions are met:
System variables:
 $SR_WORKSPACE_RED = TRUE
Safety configuration:
 The function Stop at boundaries is active.
 At least one tool sphere on the active tool is monitored.
 The protected space is switched to active.
With spline (red line), override reduction reduces the Cartesian velocity at the
safe TCP of the active tool to a value that roughly corresponds to a program

override of 1% while it is still in the permissible range. The robot enters the
Cartesian protected space with this velocity and is stopped with a safety
stop 0.
Without spline (blue line), the Cartesian velocity is reduced while in the per-
missible range, but the override reduction function is not usually triggered ear-
ly enough. The robot enters the Cartesian protected space at a higher velocity
than with spline. Here, once again, the robot stops with a safety stop 0, but the
braking reaction is more abrupt and the stopping distance greater.
Fig. 7-25: Moving into a protected space
1 Permissible range 2 Cartesian protected space
7.8.3 Variables for override reduction in $CUSTOM.DAT
The variables
file, in for override
a KRL program reduction
or via can be
the variable modifiedfunction.
correction in the $CUSTOM.DAT
If a variable is
modified, an advance run stop is triggered.
$SR_VEL_RED Override reduction for the velocity
TRUE = override reduction is activated.
FALSE = override reduction is not activated.
Default: TRUE
$SR_OV_RED Reduction factor for override reduction as a percentage
The currently monitored velocity limit is reduced to this per-
centage value.
 10 … 95 %
Default: 75 %
$SR_WORKSPACE_RED Override reduction for monitoring spaces
TRUE = override reduction is activated.
FALSE = override reduction is not activated.
Default: TRUE
7 .9 Safety acceptance overview
SafeOperation must not be put into operation until the safety acceptance pro-
cedure has been completed successfully. For successful safety acceptance,
the points in the checklists must be completed fully and confirmed in writing.

The completed checklists, confirmed in writing, must be kept as doc-

umentary evidence.
Safety acceptance must be carried out in the following cases:

 Following initial start-up or recommissioning of the industrial robot
 After a change to the industrial robot
 After a change to the safety configuration
 After a software update, e.g. of the system software
Safety acceptance after a software update is only necessary if the check-
sum of the safety configuration changes as a result of the update.
The safety configuration must be archived and the change log
checked after every modification. It is also advisable to print out the
data set containing the safety parameters using WorkVisual.
The following checklists can be found in the Appendix:
 Checklist for robot and system
(>>> 11.1.2 "Checklist for robot and system" Page 171)
 Checklist for safety functions
 Checklist for Cartesian velocity monitoring functions
(>>> 11.1.4 "Checklist for Cartesian velocity monitoring functions"
Page 175)
 Checklist for axis-specific velocity monitoring functions
(>>> 11.1.5 "Checklist for axis-specific velocity monitoring functions"

Page 176)for safe operational stop for axis groups
Checklist
(>>> 11.1.6 "Checklist for safe operational stop for axis groups"
Page 180)
 Checklist for cell area
(>>> 11.1.7 "Checklist for cell area" Page 182)
 Checklist for Cartesian monitoring spaces
(>>> 11.1.8 "Checklist for Cartesian monitoring spaces" Page 183)
 Checklist for axis-specific monitoring spaces
(>>> 11.1.9 "Checklist for axis-specific monitoring spaces" Page 185)
 Checklist for safe tools
(>>> 11.1.10 "Checklist for safe tools" Page 190)
7.10 Checking that the safety functions are functioning correctly
The configured velocity limits, the limits of the monitoring spaces and the
space-specific velocities must be checked with override reduction deactivated.
For this, the following variables must be set to FALSE in $CUSTOM.DAT:
 $SR_VEL_RED
 $SR_WORKSPACE_RED
To check the configured limits, the space and velocity limits are deliberately
exceeded by means of test programs. If the safety configuration stops the ro-
bot, the limits are correctly configured.
If the robot is stopped by the safety controller, a message with message num-
ber 15xxx is displayed. If no message is displayed, or if a message from a dif-
ferent number range is displayed, the safety controller must be checked.

7.10.1 Testing Cartesian velocity limits
(>>> 11.1.4 "Checklist for Cartesian velocity monitoring functions" Page 175)
Description The following Cartesian velocities must be tested:

 Reduced Cartesian velocity for T1
 Reduced Cartesian velocity
 Global maximum Cartesian velocity
Precondition  Override reduction is deactivated.
The following procedure must be followed exactly!
Procedure 1. Create a test program in which the Cartesian velocity is to be exceeded

deliberately, e.g. configured with 1000 mm/s, moved at 1100 mm/s.
When testing the Cartesian velocity on a KL, the linear unit must also
be moved.
2. To test the reduced Cartesian velocity for T1, execute the test program in
operating mode T1.
3. To test the reduced Cartesian velocity and the maximum Cartesian veloc-
ity, execute the test program in operating mode T2.
Death, serious injuries or major damage to property may
occur. If a program is executed in test mode T2, the op-
erator must be in a position outside the danger zone.
7.10.2 Testing axis-specific v elocity limits
(>>> 11.1.5 "Checklist for axis-specific velocity monitoring functions"

Page 176)
Description The following axis-specific velocity limits must be tested:
 Maximum axis velocity for T1
 Reduced axis velocity
 Maximum axis velocity (valid globally for every axis)
It is only necessary to test the global maximum axis velocity if an axis
must not exceed a defined velocity. If the global maximum axis veloc-
ity is only to limit the minimum axis-specific protected space, no test
is required.

Precondition Override reduction is deactivated.
Procedure Testing linear axes:
1. Create a test program in which the axis velocity is exceeded deliberately,

e.g. KL configured with 1000 mm/s, moved at 1100 mm/s.
2. To test the maximum axis velocity for T1, execute the test program in op-
erating mode T1.
3. To test the reduced axis velocity and the global maximum axis velocity, ex-
ecute the test program in operating mode T2.


Testing rotational axes:
1. Look up the maximum axis velocity V max in the data sheet of the robot
used.
2. Create a test program in which the axis velocity is to be exceeded deliber-
ately, e.g. axis A1 configured with 190°/s, moved at 200°/s.
3. Calculate axis velocity $VEL_AXIS[x].
(>>> "Calculation of $VEL_AXIS" Page 120)
4. Enter the axis velocity $VEL_AXIS[x] in the test program.
5. To test the maximum axis velocity for T1, execute the test program in op-
erating mode T1.
6. To test the reduced axis velocity and the maximum axis velocity, execute
the test program in operating mode T2.
Calculation of The axis velocity $VEL_AXIS[x] is calculated using the following formula:
$VEL_AXIS $VEL_AXIS[x] = (VTest / Vmax) * 100 = (200 °/s / 360 °/s) * 100 = 56
Element Description
x Numberoftheaxis
Vtest Test velocity
Unit: °/s
Vmax Maximum axis velocity
Unit: °/s
The calculated axis velocity $VEL_AXIS[x] is entered in the test program:
...
PTP {A1 -30}
HALT
$VEL_AXIS[1] = 56
PTP {A1 30}
...
7.10.3 Testing Cartesian monitoring spaces
(>>> 11.1.8 "Checklist for Cartesian monitoring spaces" Page 183)

Description The configuration of the boundaries and the space-specific velocity must be
checked. If “Stop at boundaries” is not configured, an alarm space is used for
this.
The space surfaces can have any orientation. The robot must be moved to
each of the 6 space surfaces of a Cartesian monitoring space at 3 different
points to check whether the limits have been programmed correctly. An excep-

tion is made here for space surfaces that cannot be addressed due to circum-
stances in the system.
The cell area is a Cartesian monitoring space and is tested in the same way.
Depending on the configuration, the cell area consists of 5, 6 or more space
surfaces. Each addressable space surface must be addressed at 2 different
points to check whether the limits have been programmed correctly.
Fig. 7-26: Moving to space surfaces

Procedure Testing space limits:
1. Create a test program in which all positions addressed for checking the
space surfaces are taught.
2. Execute test program in T1 mode.
When testing a Cartesian monitoring space on a KL, the linear unit
must
movesalso
withbethe
moved.
linear Itunit
mustandbecomes
ensured
to athat the monitoring space
standstill.
Testing the space-specific velocity:
1. Create a test program in which the space-specific velocity is deliberately

exceeded, either inside or outside the monitoring space, e.g. 180 mm/s
configured, moved at 200 mm/s.
7.10.4 Testing axi s-specific mo nitoring sp aces

(>>> 11.1.9 "Checklist for axis-specific monitoring spaces" Page 185)
Description The configuration of the boundaries and the space-specific velocity must be
checked. If “Stop at boundaries” is not configured, an alarm space is used for
this.
Procedure Testing space limits:

 Jog each axis (that is to be monitored) once to the upper and lower bound-
aries of the monitoring space in T1 mode using the jog keys or Space
Mouse.
Testing the space-specific velocity:
1. Create a test program in which the space-specific velocity is deliberately

exceeded, either inside or outside the monitoring space, e.g. 180 mm/s
configured, moved at 200 mm/s.
7.10.5 Testing the safe operational stop for an axis group
(>>> 11.1.6 "Checklist for safe operational stop for axis groups" Page 180)
Forces acting on the robot in the production process may result in a

violation of the safe operational stop, e.g. when loading a workpiece
into a gripper. To remedy this, the position tolerance for the affected
axis must be increased.
Procedure 1. Activate safe operational stop for the axis group.

2. Jog the first axis in the axis group in the positive or negative direction using
the jog keys and with a jog override of 1%.
A robot stop must be triggered (safety stop 0).
3. Deactivate safe operational stop for the axis group and reactivate it.
4. Repeat steps 2 to 3 to test additional axes of the axis group.
7.11 Activating a n ew s afety co nfiguration
Description If the safety configuration is updated by transferring a project from WorkVisual

to the robot controller or by restoring an archive, the safety controller signals
that the checksum of the safety configuration is incorrect.
The safety maintenance technician must check the new safety configuration
on the robot controller and is responsible for ensuring that the correct safety
configuration is activated. The displayed checksum must match the expected
checksum from the checklist for safety functions.
A new safety configuration can also be activated by the safety recovery tech-
nician. The safety recovery technician requires the 8-digit activation code of
the safety configuration for this. The correct activation code must be commu-
nicated by the safety maintenance technician.
Precondition  User group “Safety recovery” or “Safety maintenance”
Procedure 1. Select Configuration > Safety configuration in the main menu.

The safety configuration checks whether there are any relevant deviations
between the robot controller and the safety controller. The Troubleshoot-
ing wizard window is opened.
2. A description of the problem and a list of possible causes is displayed. Se-
lect the cause from the list, e.g. restoration of an archive.
3. Press Activate to activate the updated safety configuration on the robot
controller.
4. Only in the user group “Safety Recovery”: enter the activation code and
press Activate again.
7 .1 2 Deactivating s afe m onitoring
If safe monitoring is deactivated, the configured safety

monitoring functions are inactive.
Description The following monitoring functions are part of the standard safety configura-
tion and always active. This means that these monitoring functions remain ac-
tive when safe monitoring is deactivated:
 Monitoring of the braking time
 Monitoring of the maximum axis velocity in T1
 Monitoring of the axis positions during a global safe operational stop (all
axes)
Procedure 1.
2. Open
Press the safety
Global configuration.
parameters .
3. Remove the check mark from Safe monitoring.
4. Click on Save and answer the request for confirmation with Yes.
The robot controller is automatically reinitialized.


8 Interfaces to the higher-level contr...
8 Interfaces to the higher-level controller

t
f The robot controller can communicate with the higher-level controller, e.g. a
PLC, via the Ethernet safety interface (PROFIsafe or CIP Safety) or via the
discrete safety interface for safety options (X13 via Extended SIB).
t
The safe I/Os of the Ethernet safety interface are permanently assigned to the
safety monitoring functions of SafeOperation: input and output bytes 2 to 7.
(Input and output bytes 0 to 1 are assigned to the standard safety functions.)
The safe I/Os of the discrete safety interface only offer a reduced range of sig-
nals.
If the interface
Standard X13Extended
SIB and (ExtendedSIB
SIB) is used,
must the relay
be checked outputs The
cyclically. of the
checking instructions are contained in the robot controller operating
instructions.
Further information about Extended SIB and interface X13 can be

found in the operating or assembly instructions for the robot controller
and in the Optional Interfaces assembly and operating instructions
for the robot controller.
8.1 Safety functions via Ethernet safety interface
Description The exchange of safety-relevant signals between the controller and the sys-
tem is carried out via the Ethernet safety interface (e.g. PROFIsafe or CIP
Safety). The assignment of the input and output states within the Ethernet
safety interface protocol are listed below. In addition, non-safety-oriented in-
formation
er-level from thefor
controller safety controllerofisdiagnosis
the purpose sent to the non-safe
and control.section of the high-
Reserved bits Reserved safe inputs can be pre-assigned by a PLC with the values 0 or 1. In
both cases, the manipulator will move. If a safety function is assigned to a re-
served input (e.g. in the case of a software update) and if this input is preset
with the value 0, then the manipulator either does not move or comes unex-
pectedly to a standstill.
KUKA recommends pre-assignment of the reserved inputs with 1. If

a reserved input has a new safety function assigned to it, and the in-
put is not used by the customer’s PLC, the safety function is not acti-
vated. This prevents the safety controller from unexpectedly stopping the
manipulator.
Input byte 0
Bit Signal Description
0 RES Reserved1
The value 1 must be assigned to the input.
1 NHE Input for external Emergency Stop
0 = external E-STOP is active
1 = external E-STOP is not active
2 BS Operatorsafety
0 = operator safety is not active, e.g. safety gate open
1 = operator safety is active


3 QBS Acknowledgement of operator safety
Precondition for acknowledgment of operator safety
is the signal "Operator safety active" set in the BS bit.
Note: If the “BS” signal is acknowledged by the sys-
tem, this must be specified under Hardware options
in the safety configuration. Information is contained in
the Operating and Programming Instructions for Sys-
tem Integrators.
0 = operator safety has not been acknowledged
Edge 0 ->1 = operator safety has been acknowledged
4 SHS1 Safety STOP 1 (all axes)
 FF (motion enable) is set to 0.
 Voltage US2 is switched off.
 AF (drives enable) is set to 0 after 1.5 s.
Cancelation of this function does not require acknowl-
edgement.
This function is not permissible for the EMERGENCY
STOP function.
0 = safety stop is active
1 = safety stop is not active
5 SHS2 Safety STOP 2 (all axes)
 FF (motion enable) is set to 0.
 Voltage US2 is switched off.
edgement.
STOP function.
0 = safety stop is active
1 = safety stop is not active
6 RES -
7 RES -

Input byte 1
0 US2 Supply voltage US2 (signal for switching the second
supply voltage, US2, without battery backup)
If this output is not used, it should be set to 0.
0 = switch off US2
1 = Switch on US2
Note: Whether and how input US2 is used must be
specified under Hardware options in the safety con-
figuration. Information is contained in the Operating
and Programming Instructions for System Integra-

tors.
1 SBH Safe operational stop (all axes)
Prerequisite: All axes are stationary
edgement.
STOP function.
0 = safe operational stop is active.
1 = safe operational stop is not active.
2 RES Reserved11
3 RES Reserved12
4 RES Reserved13
5 RES Reserved14
6 RES Reserved15
7 SPA System Powerdown Acknowledge
The system confirms that it has received the power-
down signal. A second after the “SP” (System Power-
down) signal has been set by the controller, the
requested action is executed, without the need for
confirmation from the PLC, and the controller shuts
down.
0 = confirmation is not active

1 = confirmation is active

Output byte 0
0 NHL Local E-STOP (local E-STOP triggered)
0 = local E-STOP is active
1 = local E-STOP is not active
1 AF Drives enable (the internal safety controller in the
KRC has enabled the drives so that they can be
switched on)
0 = drives enable is not active (the robot controller
must switch the drives off)
1 = drives enable is active (the robot controller must

switch the drives to servo-control)
2 FF Motion enable (the internal safety controller in the
KRC has enabled robot motions)
0 = motion enable is not active (the robot controller
must stop the current motion)
1 = motion enable is active (the robot controller may
trigger a motion)
3 ZS One of the enabling switches is in the center position
(enabling in test mode)
0 = enabling is not active
1 = enabling is active
4 PE The signal “Peri enabled” is set to 1 (active) if the fol-
lowing conditions are met:

Drives are switched on.
 Safety controller motion enable signal present.
 The message “Operator safety open” must not be
active.
5 AUT The manipulator is in AUT or AUT EXT mode.

0 = AUT or AUT EXT mode is not active
1 = AUT or AUT EXT mode is active
6 T1 The manipulator is in Manual Reduced Velocity
mode.
0 = T1 mode is not active
1 = T1 mode is active
7 T2 The manipulator is in Manual High Velocity mode.
0 = T2 mode is not active

1 = T2 mode is active

Output byte 1
0 NHE External E-STOP has been triggered.
0 = external E-STOP is active
1 = external E-STOP is not active
1 BSQ Operator safety acknowledged
0 = operator safety is not assured
1 = operator safety is assured (input BS = 1 and, if
configured, input QBS acknowledged)
2 SHS1 Safety stop 1 (all axes)
0 = Safety stop 1 is not active
1 = Safety stop 1 is active (safe state reached)
3 SHS2 Safety stop 2 (all axes)
0 = Safety stop 2 is not active
1 = Safety stop 2 is active (safe state reached)
4 RES Reserved13
5 RES Reserved14
6 PSA Safety interface active
Precondition: An Ethernet interface must be installed
on the controller, e.g. PROFINET or Ethernet/IP
0 = safety interface is not active
1 = safety interface is active
7 SP System Powerdown (controller will be shut down)
One second after the SP signal has been set, the
PSA output is reset by the robot controller, without
confirmation from the PLC, and the controller is shut
down.
0 = controller on safety interface is active.
1 = controller will be shut down
8.1.1 SafeOperation via Ethernet safety in terface ( optional)
Description The components of the industrial robot move within the limits that have been
configured and activated. The actual positions are continuously calculated and
monitored against the safety parameters that have been set. The safety con-
troller monitors the industrial robot by means of the safety parameters that
have been set. If a component of the industrial robot violates a monitoring limit
or a safetyThe
stopped. parameter,
Ethernet the manipulator
safety interface and external
can be used, axes (optional)toare
for example, signal a
violation of safety monitoring functions.
In the case of the KR C4 compact robot controller, safety options such as Sa-
feOperation are only available via the Ethernet safety interface from
KSS/VSS 8.3 onwards.
Reserved bits Reserved safe inputs can be pre-assigned by a PLC with the values 0 or 1. In
both cases, the manipulator will move. If a safety function is assigned to a re-
served input (e.g. in the case of a software update) and if this input is preset
with the value 0, then the manipulator either does not move or comes unex-
pectedly to a standstill.

KUKA recommends pre-assignment of the reserved inputs with 1. If

a reserved input has a new safety function assigned to it, and the in-
put is not used by the customer’s PLC, the safety function is not acti-
vated. This prevents the safety controller from unexpectedly stopping the
manipulator.
Input byte 2
0 JR Mastering test (input for the reference switch of
the mastering test)
0 = reference switch is active (actuated).
1 = reference switch is not active (not actu-
ated).
1 VRED Reduced axis-specific and Cartesian velocity
(activation of reduced velocity monitoring)
0 = reduced velocity monitoring is active.
1 = reduced velocity monitoring is not active.
2…7 SBH1 … 6 Safe operational stop for axis group 1 ... 6
Assignment: Bit 2 = axis group 1 … bit 7 = axis
group 6
Signal for safe operational stop. The function
does not trigger a stop, it only activates the safe
standstill monitoring. Cancelation of this func-
tion does not require acknowledgement.
Input byte 3
0…7 RES Reserved25...32
The value 1 must be assigned to the inputs.
Input byte 4
0…7 UER1 … 8 Monitoring spaces 1 … 8
Assignment: Bit 0 = monitoring space 1 … bit 7
= monitoring space 8
0 = monitoring space is active.
1 = monitoring space is not active.
Input byte 5 Bit Signal Description

0…7 UER9 … 16 Monitoring spaces 9 … 16

Input byte 6
0… 7 WZ1 … 8 Tool selection 1 … 8
Assignment: Bit 0 = tool 1 … bit 7 = tool 8
0 = tool is not active.
1 = tool is active.
Exactly one tool must be selected at all times.
Input byte 7
0…7 WZ9 … 16 Tool selection 9 … 16

Assignment: Bit 0 = tool 9 … bit 7 = tool 16
0 = tool is not active.
1 = tool is active.
Exactly one tool must be selected at all times.
Output byte 2
0 SO Safetyoptionactive
Activation status of the safety option
0 = safety option is not active
1 = safety option is active
1 RR Manipulatorreferenced
Mastering test display
0 = mastering test required.
1 = mastering test performed successfully.
2 JF Masteringerror
Space monitoring is deactivated because at
least one axis is not mastered.
0 = mastering error. Space monitoring has been
deactivated.
1 = no error.
3 VRED Reduced axis-specific and Cartesian velocity
(activation status of reduced velocity monitor-
ing)
4…7 SBH1 … 4 Activation status of safe operational stop for
axis group 1 ... 4
group 4

Output byte 3
0…1 SBH5 … 6 Activation status of safe operational stop for
axis group 5 ... 6
group 6
2 SOS SafeOperationStop
0 = a safety function has triggered a stop. The
output
200 ms.remains in the “0” state for at least
1 = none of the safety functions has triggered a
stop.
Note: The output SOS is available in System
Software 8.3 or higher. In System Software 8.2
or lower, bit 2 is a spare bit.
Output byte 4
0…7 MR1… 8 Alarmspace1 …8
Assignment: Bit 0 = alarm space 1 (associated
monitoring space 1) … bit 7 = alarm space 8
(associated monitoring space 8)
0 = monitoring space is violated.

1 = monitoring space is not violated.
Note: An inactive monitoring space is consid-
ered to be violated by default, i.e. in this case
the associated safe output MR x has the state
“0”.
Output byte 5 Bit Signal Description

0…7 MR9 … 16 Alarm space 9 … 16
Assignment: Bit 0 = alarm space 9 (associated
monitoring space 9) … bit 7 = alarm space 16
(associated monitoring space 16)
0 = monitoring space is violated.
1 = monitoring space is not violated.
Note: An inactive monitoring space is consid-
ered to be violated by default, i.e. in this case
the associated safe output MR x has the state
“0”.
Output byte 6
Output byte 7

8.1.2 Diagnostic s ignals v ia E thernet in terface
Description Some signal states are extended to ensure that they can be detected reliably.
In the case of extended signal states, the minimum duration of the extension
is specified in square brackets. Values are specified in milliseconds, e.g. [200].
The diagnostic signals available via the Ethernet interface are not
safe signals and may only be used for diagnostic purposes.
Output byte 0
0 DG Validity
on this for non-safety-orientedsignalsanddata
interface
0 = data are not valid
1 = data are valid
1 IFS Internalerrorinsafetycontroller
0 = no error
1 = error [200]
2 FF Motionenable
0 = motion enable not active [200]
1 = motion enable active
3 AF Drivesenable
0 = drives enable not active [200]
1 = drives enable active
4 IBN Start-upmode
Start-up mode enables jogging of the manipula-
tor without a higher-level controller.
0 = Start-up mode is not active.
1 = Start-up mode is active.
5 US2 Peripheralvoltage
0 = US2 switched off
1 = US2 switched on
6…7 RES Reserved
Output byte 1
0 SO Activationstatusofthesafetyoption
0 = safety option is not active
1 JF Masteringerror(optional)
0 = no error
1 = mastering error, space monitoring deacti-
vated.
2 VRED Reducedvelocity(optional)


3 VKUE At least one Cartesian velocity limit exceeded
(optional)
0 = no error
1 = velocity exceeded [200]
4 VAUE At least one axis velocity limit exceeded
(optional)
0 = no error
1 = velocity exceeded [200]
5 ZBUE Cellareaexceeded(optional)
0 = no error
1 = cell area exceeded [200]
6…7 RES Reserved
Output byte 2
0 SHS1 Safety stop(allaxes)STOP0 or STOP 1
0 = safety stop is not active.
1 = safety stop is active.
1 ESV Externalstoprequestviolated
Safe operational stop SBH1, SBH2 or safety
stop SHS1, SHS2 violated
Braking ramp was not maintained or a moni-
tored axis has moved.
0 = no error
1 = violated
2 SHS2 Safetystop2
0 = safety stop is not active.
1 = safety stop is active.
3 SBH1 Safe operational stop (axis group 1) (optional)
4 SBH2 Safe operational stop (axis group 2) (optional)
5 WFK Toolerror(notool)(optional)
0 = no error
1 = no tool selected.
6 WFME Tool error (more than one tool) (optional)
0 = no error
1 = more than one tool selected.
7 RES Reserved

Output byte 3
0 JR Masteringtest(optional)
0 = mastering test is not active.
1 = mastering test is active.
1 RSF Referenceswitcherror(optional)
0 = reference switch OK
1 = reference switch defective [200]
2 JRA Masteringtestrequest(optional)
0 = mastering test not requested.

1 = mastering test requested.
3 JRF Masteringtestfailed(optional)
0 = mastering test OK.
1 = mastering test failed.
4 RS Referencestop(optional)
Reference run is only possible in T1 mode.
0 = no error
1 = reference stop due to impermissible operat-
ing mode
5 RIA Referencinginterval(optional)
0 = no reminder
1 = reminder interval expired [200]
6…7 RES Reserved
Output byte 4
0…7 WZNR Tool number (8-bit word) (optional)
0 = error (see WFK and WFME)
1 = tool 1
2 = tool 2, etc.

0…7 UER1 … 8 Monitoring spaces 1 … 8 (optional)

0…7 UER9 … 16 Monitoring spaces 9 … 16 (optional)

Output byte 7
0…7 UERV1 … 8 Stop in the event of a violation of monitoring
spaces 1 … 8 (optional)
0 = monitoring space is not violated, or monitor-
ing space is violated but “Stop at boundaries”
has not been configured.
1 = monitoring space is violated and robot stops
with a safety stop [200]. Precondition: “Stop at
boundaries” has been configured.
0…7 UERV9 … 16 Stop in the event of a violation of monitoring
spaces 9 … 16 (optional)
0 = monitoring space is not violated, or monitor-
ing space is violated but “Stop at boundaries”
has not been configured.
1 = monitoring space is violated and robot stops
with a safety stop [200]. Precondition: “Stop at
boundaries” has been configured.
8 .2 SafeOperation via interface X13
If interface X13 is used, tool 1 is always active. The tool cannot be ac-
tivated via a safe input. An automated, safely monitored tool change
is thus not possible.
Further information about connection to interface X13 and the re-

quired safety measures can be found in the Optional Interfaces as-
sembly and operating instructions for the robot controller.
Inputs Some of the inputs can be configured in WorkVisual. By default, the configu-
rable inputs are used to activate the monitoring space UER13 … UER16. Al-
ternatively, these inputs can be configured to activate the safe operational stop
SBH3 … SBH6.
It is not permissible to assign an input twice, i.e. to use it simultane-

ously for activating a monitoring space and a safe operational stop.

X13Pin Signal Description

1, 2 (A) VRED Reduced axis-specific and Cartesian veloc-
ity (activation of reduced velocity monitor-
19, 20 (B)
ing)
1 = reduced velocity monitoring is not
active.
3, 4 (A) UER12 Monitoring space 12
21, 22 (B) 0 = monitoring space is active.

5, 6 (A) UER13 Monitoring space 13 (default)
SBH3 Safe operational stop (axis group 3)
13, 14 (A) SBH1 Safe operational stop (axis group 1)
31, 32 (B) 0 = safe operational stop is active.
15, 16 (A) SBH2 Safe operational stop (axis group 2)
33, 34 (B) 0 = safe operational stop is active.
The signal for the safe operational stop does not trigger a stop, it only
activates the safe standstill monitoring. Cancelation of this function
does not require acknowledgement.

Outputs
An inactive monitoring space is considered to be violated by default,
i.e. in this case the associated safe output MRx has the state “0”.
X13Pin Signal Description

37, 38 (A) MR1 Alarm space 1 (associated monitoring
space 1)
55, 56 (B)
0 = space is violated.
1 = space is not violated.
57, 58 (B) space 2)
space 3)
59, 60 (B)
space 4)
61, 62 (B)
space 5)
63, 64 (B)
space 6)
65, 66 (B)
49, 50 (A) SO Activation status of the safety option
67, 68 (B) 0 = safety option is not active
51, 52 (A) RR Manipulatorreferenced
69, 70 (B) Mastering test display
0 = mastering test required.
1 = mastering test performed successfully.

9 Diagnosis
9 Diagnosis
9 .1 Displaying safe I /Os
Procedure 1. Select Diagnosis > Diagnostic monitor in the main menu.

2. Select the Bus process data image [Name of bus/interface] module in the
Module box.
9 .2 Variables for diagnosis
$SR_ACTIVETOOL Number of the active safe tool
 0: no safe tool or multiple safe tools are selected.
 1 … 16: Safe tool 1 … 16 is active.
$SR_AXISSPEED_OK Reduced axis acceleration exceeded
TRUE = axis velocity has not been exceeded.
FALSE = axis velocity has been exceeded.
The variable is set to FALSE when the excessive value is
detected and then set immediately back to TRUE.
$SR_CARTSPEED_OK Cartesianvelocityexceeded
TRUE = Cartesian velocity has not been exceeded.
FALSE = Cartesian velocity has been exceeded.
The variable
detected andisthen
set set
to FALSE when back
immediately the excessive
to TRUE.value is
$SR_DRIVES_ENABLE Enabling of the drives by the safety controller
TRUE = drives are enabled.
FALSE = drives are not enabled.
$SR_MOVE_ENABLE Enabling by the safety controller
TRUE = motion enable
FALSE = no motion enable
$SR_RANGE_ACTIVE[1] Activation status of monitoring spaces 1...16
… TRUE = monitoring space is active.
$SR_RANGE_ACTIVE[16] FALSE = monitoring space is not active.
$SR_RANGE_OK[1] Violation of monitoring spaces 1...16
… TRUE = monitoring space is not violated.
$SR_RANGE_OK[16] FALSE = monitoring space has been violated and the robot
has been stopped.
Note: The variable depends on whether a stop has been
configured for the monitoring space in the event of a viola-
tion. If no stop is configured, the variable is always TRUE.
$SR_SAFEMON_ACTIVE State of safe monitoring
TRUE = monitoring is activated.
FALSE = monitoring is not activated.

$SR_SAFEOPSTOP_ACTIVE[Ind State of the safe operational stop
ex]
TRUE = safe operational stop is activated.
FALSE = safe operational stop is not activated.
Index:
 1: state of the global safe operational stop (all axes)
The global operational stop is a standard safety function
of the Ethernet safety interface. (Input byte 1, bit 1, safe
operational stop)

2 … 7: state of the safe operational stop in relation to axis
group 1 … 6 (safe operational stop 1 …safe operational
stop 6)
$SR_SAFEOPSTOP_OK Violation of an externally activated operational stop
TRUE = no violation
FALSE = safe operational stop has been violated.
$SR_SAFEREDSPEED_ACTIVE State of the mon itoring of the red uced velocity
TRUE = monitoring is activated.
FALSE = monitoring is not activated.
9 .3 Outputs f or s pace m onitoring
In the following error situations, outputs that signal a space violation likewise
switch to the “violated” state (precondition: monitoring space is active.):
 In the case of a Cartesian monitoring space, the Cartesian position is in-
valid. The Cartesian position is invalid if one of the robot axes has an in-
valid position. This applies in the following cases:
 An axis is unmastered.
 An encoder error has occurred.
 A communication error has occurred.
 In the case of an axis-specific monitoring space, the position of one of the
monitored axes is invalid. This applies in the following cases:
 An axis is unmastered.
 An encoder error has occurred.
 A communication error has occurred.
 In the case of a Cartesian monitoring space, no tool is selected or several
tools are selected simultaneously.
Signal states in error situations:
Output/variable Logicstate
MRx( safeoutputs) 0
UERVx 1
$SR_RANGE_OK[x] (FALSE)
0

10 Messages
10 Messages
10.1 Information about the messages
The “Messages” chapter contains selected messages. It does not cover all the
messages displayed in the message window.
10.2 System messages from module: CrossMeld (KSS)
10.2.1 KSS15016
Message code  KSS15016

Message text  Ackn.: Stop due to standstill monitoring violation
Message type  Acknowledgement message
Effect  Ramp stop

 Input of active commands (robot motions, program start) is blocked.
Possible cause(s)  Cause: Safe operational stop violated (>>> Page 141)
Solution: Acknowledge message (>>> Page 141)
Cause: Safe operational stop violated
Description At least one of the axes monitored for standstill has moved outside the config-
ured position tolerance.
Solution: Acknowledge message
Description The program can be resumed once the message has been acknowledged.
Procedure  An acknowledgeable message can be acknowledged with OK.
 All acknowledgeable messages can be acknowledged at once with All
OK.
10.2.2 KSS15017

Message text  Ackn.: The braking ramp of the robot has been violated.
Effect  Short-circuit braking

Possible cause(s)  Cause: Braking ramp for STOP 1 or safe operational stop not main-
tained (>>> Page 142)

Cause: Braking ramp for STOP 1 or safe operational stop not maintained
Description The robot controller has not triggered strong enough braking in the case of a
STOP 1 or a safe operational stop.
OK.
10.2.3 KSS15018

Message text  Ackn.: Maximum Cartesian velocity in T1 mode exceeded

Possible cause(s)  Cause: $SR_VEL_RED is FALSE (>>> Page 142)

Solution: Change value of the variable (>>> Page 142)

Cause: $SR_OV_RED set too high (>>> Page 143)
Solution: Change value of the variable (>>> Page 143)
Cause: $SR_VEL_RED is FALSE
Description The variable $SR_VEL_RED is used to activate the override reduction for
monitored velocities. If override reduction is active, the velocity is automatical-
ly reduced so that the lowest currently monitored velocity limit is not exceeded.
This override reduction is deactivated if the variable is FALSE.
Further information on override reduction is contained in the assem-

bly and operating instructions of the safety option.
The procedure for checking the current value of the variable is as fol-
lows:
Checking instruc- 1. In the main menu, select Display > Variable > Single.
tions The Variable display – Single window opens.
2. Enter the variable name in the Name box and confirm with the Enter key.
The current value of the variable is displayed.
Solution: Change value of the variable

Procedure 1. In the main menu, select Display > Variable > Single.
The Variable display – Single window opens.

10 Messages
3. Enter the new value in the New value box.
4. Press the Set value button. The new value is displayed in the Current val-
ue box.
Cause: $SR_OV_RED set too high
Description The override reduction for monitored velocities is activated ($SR_VEL_RED =

TRUE), but the value of the variable $SR_OV_RED is set too high. The lower
the value of $SR_OV_RED, the more a monitored velocity limit is reduced by
the override reduction.
Further information on override reduction is contained in the assem-

The procedure for checking the value of the variable is as follows:
Checking instruc- 1. In the main menu, select Display > Variable > Single.
tions The Variable display – Single window opens.
Solution: Change value of the variable
Procedure 1. In the main menu, select Display > Variable > Single.
The Variable display – Single window opens.
3. Enter the new value in the New value box.
4. Press the Set value button. The new value is displayed in the Current val-
ue box.
10.2.4 KSS15019

Message text  Ackn.: Maximum axis-specific velocity in T1 mode exceeded

Possible cause(s)  Cause: Override for T1 too high (>>> Page 143)
Solution: Reduce jog or program override. (>>> Page 144)
Cause: Override for T1 too high
Description The jog override (HOV) was too high for jogging or the program override
(POV) was too high for program motion in T1 mode.

Solution: Reduce jog or program override.
Procedure  Reduce the jog override or the program override for jogging in T1.
10.2.5 KSS15033

Message text  More then one tool activated in the safety controller
Message type  Status message

Follow-up message  KSS15034 (>>> Page 144)
Possible cause(s)  Cause: More then one tool activated in the safety controller
(>>> Page 144)
Solution: Deactivate invalid tools (>>> Page 144)
Cause: More then one tool activated in the safety controller
Description There is more than one tool activated in the safety controller. Only one safe
tool may be active.
Solution: Deactivate invalid tools
Procedure  Deactivate invalid tools and activate only the safe tool that is currently be-
ing used.
10.2.6 KSS15034

Message text  Ackn.: More than one tool activated in the safety controller

Original message  KSS15033 (>>> Page 144)
Possible cause(s)  Cause: Error cause of the srcinal message has been eliminated.
(>>> Page 144)
Cause: Error cause of the srcinal message has been eliminated.
Description This follow-up message is displayed if the error cause of the srcinal message
has been eliminated.

10 Messages
OK.
10.2.7 KSS15035

Message text  No tool activated in safety controller

Possible cause(s)  Cause: No tool activated in safety controller (>>> Page 145)
Solution: Activate safe tool (>>> Page 145)
Cause: No tool activated in safety controller
Description There is no tool activated in the safety controller.
Solution: Activate safe tool
Procedure  Activate the safe tool that is currently being used.

If KUKA.SafeRangeMonitoring is used, tool 1 must always be activat-
ed.
10.2.8 KSS15036

Message text  Ackn.: No tool activated in safety controller

(>>> Page 146)

OK.
10.2.9 KSS15037

Message text  Cell area exceeded
Effect  No braking reaction

 No interlock of motions or commands
Possible cause(s)  Cause: Cell area exceeded (>>> Page 146)

Solution: Move the robot out of the violated space: (>>> Page 146)
Cause: Cell area exceeded
Description The active safe tool has left the cell area. There is a space violation.
Solution: Move the robot out of the violated space:
Description The robot must be moved out of the violated space in T1 mode. No other op-
erating mode can be set until the robot has left the violated space.

 Using the Start and Start backwards keys (program mode)
10.2.10 KSS15039

Message text  Ackn.: Maximum global Cartesian velocity exceeded

10 Messages

Possible cause(s)  Cause: Limit value for global maximum Cartesian velocity exceeded
(>>> Page 147)
Solution: Change the safety configuration (>>> Page 147)
 Cause: Limit value for global maximum Cartesian velocity exceeded

(>>> Page 147)
Solution: Adapt the program in such a way that limit value is not
reached (>>> Page 148)
Cause: Limit value for global maximum Cartesian velocity exceeded
Description The limit value defined in the safety configuration for the global maximum Car-
tesian velocity was exceeded.
Possible reasons:
 An incorrect limit value is entered in the safety configuration, e.g. a value
other than that specified by the system integrator.
 The programmed path or programming method causes the limit value to
be exceeded.
The procedure for checking which value is configured for the parameter Car-
tesian maximum velocity is as follows:
Checking instruc- 1. In the main menu, select Configuration > Safety configuration.
tions The safety configuration opens with the General tab.
2. Press Global parameters. The global parameters are displayed.
3. Search for the parameter and check the value.
Solution: Change the safety configuration

2. Select the corresponding tab and modify the configuration as required.
3. Save safety configuration.
must be carried out and documented by means of checklists.
Further information on safety acceptance is contained in the assem-

Cause: Limit value for global maximum Cartesian velocity exceeded
Description The limit value defined in the safety configuration for the global maximum Car-
tesian velocity was exceeded.
Possible reasons:


be exceeded.
The procedure for checking which value is configured for the parameter Car-
tesian maximum velocity is as follows:
Solution: Adapt the program in such a way that limit value is not reached
10.2.11 KSS15040

Message text  Ackn.: Maximum global axis velocity exceeded

Possible cause(s)  Cause: Limit value for maximum global axis velocity exceeded
(>>> PageChange
Solution: 148) the safety configuration (>>> Page 149)
 Cause: Limit value for maximum global axis velocity exceeded

(>>> Page 149)
Cause: Limit value for maximum global axis velocity exceeded
Description The limit value for the maximum global velocity for rotational axes or the limit
value for the maximum global velocity for linear axes defined in the safety con-
figuration was exceeded.
Possible reasons:

An incorrect limit value is entered in the safety configuration, e.g. a value
be exceeded.
The procedure for checking which values are configured for the maximum
global axis velocities is as follows:
2. Select the Axis monitoring tab.
3. Check the values of the following parameters:
 Maximum velocity rotational axis

10 Messages
 Maximum velocity translational axis


Cause: Limit value for maximum global axis velocity exceeded
Description The limit value for the maximum global velocity for rotational axes or the limit
value for the maximum global velocity for linear axes defined in the safety con-
figuration was exceeded.
Possible reasons:
be exceeded.
The procedure for checking which values are configured for the maximum
global axis velocities is as follows:
3. Check the values of the fo llowing parameters:
 Maximum velocity rotational axis
 Maximum velocity translational axis
10.2.12 KSS15041

Message text  Ackn.: Maximum safe reduced Cartesian velocity exceeded


Possible cause(s)  Cause: Limit value for safe reduced Cartesian velocity exceeded
(>>> Page 150)
 Cause: Limit value for safe reduced Cartesian velocity exceeded

(>>> Page 150)
Cause: Limit value for safe reduced Cartesian velocity exceeded

Description The limit value defined in the global parameters of the safety configuration for
the safe reduced Cartesian velocity was exceeded.
Possible reasons:
be exceeded.
The procedure for checking which value is configured for the parameter Re-
duced Cartesian velocity is as follows:



Cause: Limit value for safe reduced Cartesian velocity exceeded
Description The limit value defined in the global parameters of the safety configuration for
the safe reduced Cartesian velocity was exceeded.
Possible reasons:

10 Messages

be exceeded.
The procedure for checking which value is configured for the parameter Re-
duced Cartesian velocity is as follows:
10.2.13 KSS15042

Message text  Ackn.: Safe reduced axis velocity exceeded

Possible cause(s)  Cause: Limit value for safe reduced axis velocity incorrectly configured
(>>> Page 151)
 Cause: Limit value for safe reduced axis velocity exceeded by pro-
gramming (>>> Page 152)
Solution: Correcting the programming in the SRC file (>>> Page 152)
Cause: Limit value for safe reduced axis velocity incorrectly configured
Description The limit value defined in the safety configuration for the safe reduced Carte-
sian velocity was exceeded.
An incorrect limit value is entered in the safety configuration, e.g. a value other
than that specified by the system integrator.
The procedure for checking which value is configured for the safe reduced ve-
locity is as follows:
Checking instruc-
tions 1. In
Thethesafety
main configuration
menu, select opens
Configuration > Safety configuration.
with the General tab.
3. Check the value entered for the parameter Reduced velocity.




Cause: Limit value for safe reduced axis velocity exce eded by programming
Description The programmed path or programming method causes the limit value defined
in the safety configuration for the safe reduced axis velocity to be exceeded.
If an override reduction is activated by $SR_VEL_RED=TRUE, but the robot
moves without spline, the axis velocities are not reduced. The override reduc-
tion then only has an effect on axis velocities if spline motions are pro-
grammed.
Example Axis 5 is moved into a singularity position. Axes 4 and 6 are therefore consid-
erably accelerated and the safe reduced axis velocity is exceeded.
Fig. 10-1: Wrist axis singularity ( α5 position)
Solution: Correcting the programming in the SRC file
Procedure  Correct the programming in the SRC file

Further information is contained in the documentation for the relevant
software.
10.2.14 KSS15043

Message text  External safe operational stop violated (axis group {Number of axis
group})

10 Messages

Possible cause(s)  Cause: Value configured for position tolerance too low (>>> Page 153)
 Cause: Axis group incorrectly configured (>>> Page 153)

Cause: Value configured for position tolerance too low
Description The value configured in the safety configuration for the position tolerance of at
least one axis in the axis group is too low. The values specified by the system
builder must be configured.
The procedure for checking what values are configured is as follows:
2. Select the Axis monitoring tab and press Safe operational stop.
3. For each axis in the axis group, check whether the value entered for Po-
sition tolerance matches the specified value.


Cause: Axis group incorrectly configured
Description The axis group is incorrectly configured in the safety configuration, i.e. the
group contains axes which are not to be monitored here. The axes specified
by the system builder must be monitored.
The procedure for checking whether an axis is monitored in the correct
axis group is as follows:

2. Select the Axis monitoring tab and press Safe operational stop.
3. Select the axis that is to be checked from the list.
The check mark must be activated in the check box with the number of the
axis group in which the axis is to be monitored.



10.2.15 KSS15044


Message text Ackn.:

axis External safe operational stop violated (axis group {Number of
group})

(>>> Page 154)

OK.

10 Messages
10.2.16 KSS15045

Message text  Error at mastering reference switch

Possible cause(s)  Cause: Reference cable X42 - XS Ref not correctly connected
(>>> Page 155)
Solution: Connect cable correctly (>>> Page 155)
 Cause: Reference position taught incorrectly (>>> Page 156)

Solution: Reteach reference position and check accuracy
(>>> Page 156)
 Cause: Reference switch installed incorrectly or moved

(>>> Page 156)
Solution: Reinstall or realign reference switch (>>> Page 156)
 Cause: Reference cable X42 - XS Ref defective (>>> Page 157)

Solution: Exchange reference cable X42 - XS Ref (>>> Page 158)
Cause: Reference cable X42 - XS Ref not correctly connected
Description The reference switch is connected to interface X42 on the robot controller via
the reference cable.
The procedure for checking whether the reference cable is correctly con-
nected is as follows:
 The power cable is de-energized.
 Observe the ESD guidelines.
Checking instruc- 1. Check whether the connectors of the cable are connected firmly enough.
tions 2. Check whether pins are bent when connected.
Solution: Connect cable correctly
Procedure  Connect cable correctly.

Cause: Reference position taught incorrectly
Description The reference position to which the robot moves in the mastering test has
been taught incorrectly. This results in single-channel referencing.
Checking instruc- 1. Move to reference position.
tions 2. Check whether both proximity switch surfaces of the reference switch are
actuated by the switching surface (actuating plate or tool).
Solution: Reteach reference position and check accuracy
Description The reference position must be taught in the subprogram that is executed dur-
ing the mastering test and in the safety configuration.
If the reference switch is actuated by the ferromagnetic part of a tool, the ac-
curacy of the newly taught reference position must be checked.
The reference position must be taught and checked in accordance

with the procedure described in the operating and assembly instruc-
tions.
Cause: Reference switch installed incorrectly or moved
Description The taught reference position has been addressed correctly. Single-channel
mastering occurs because the reference switch has been installed in an incor-
rect position or has been moved.
Solution: Reinstall or realign reference switch
Description The reference switch must installed or aligned in such a way that both proxim-
ity switch surfaces of the reference switch are actuated simultaneously when
the robot is in the reference position.

10 Messages
Fig. 10-2: Installation position of reference switch on external axis
Cause: Reference cable X42 - XS Ref defectiv e
Description The reference switch is connected to interface X42 on the robot controller via
the reference cable.
The procedure for checking whether the reference cable is defective is
as follows:
Inspection 1. Check whether the connectors are correctly connected. Particular atten-
instructions tion must be paid to:
 Pins pushed in
 Corrosion
 Scorched contacts
 Connector insert pushed back
 Connector on correct slot
2. Check whether the cable is mechanically damaged. Causes of squashed
cables or wires can include the following:
 Cable straps too tight
 Clips too tight
 Trapped when closing a cover
 Bend radius too tight
3. Check whether the cable still conducts electricity. Particular attention must
be paid to:
 Cross-connection of individual wires
 Short-circuit of individual wires with the ground conductor
 Correct wiring in accordance with circuit diagram

Solution: Exchange reference cable X42 - XS Ref
Description The reference cable must be exchanged.
When routing the cable, avoid mechanical damage and

observe the minimum bending radii.
The following bending radii serve as guide values:
Procedure 1. Disconnect and remove the defective reference cable.

2. Route the new reference cable correctly (in a fixed installation or cable car-
rier).
3. Connect the reference cable. Connect connector X42 to interface X42 on
the robot controller and connector XS Ref to the reference switch.
10.2.17 KSS15046

Message text  Ackn.: Error at mastering reference switch
Message type 
Acknowledgement message

(>>> Page 158)
Description This follow-up

has been message is displayed if the error cause of the srcinal message
eliminated.
OK.

10 Messages
10.2.18 KSS15047

Message text  Mastering test required (internal)

10.2.19 KSS15048
Message text  Ackn.: Mastering test time interval expired

Possible cause(s)  Cause: Monitoring time elapsed (>>> Page 159)

Solution: Perform mastering test and acknowledge message
(>>> Page 159)
Cause: Monitoring time elapsed
Description Following an internal mastering test request, the robot can be moved for an-
other 2 hours. This time has elapsed.
It is possible to acknowledge the message without performing a mastering test
beforehand. The robot can then be moved for another 2 hours without refer-
enced axes (not recommended).
The safety integrity of the safety functions based upon safe axis po-
sitions is limited until the mastering test has been performed and con-
firmed. The safety functions may behave differently from how they
were configured, creating additional hazards in the system.
Solution: Perform mastering test and acknowledge message
Description Following a successful mastering test, the message can be acknowledged.
Procedure 1. Perform mastering test.

2. Acknowledge the message with OK.
10.2.20 KSS15049

Message text  Mastering test failed


Possible cause(s)  Cause: Mastering test failed (>>> Page 160)

Solution: Eliminate cause of error and carry out mastering test
(>>> Page 160)
Cause: Mastering test failed
Description The mastering

tional message.test has failed. The cause of the error is indicated in an addi-
Solution: Eliminate cause of error and carry out mastering test
Description The error cause specified in the additional message must be eliminated and
the mastering test must then be performed again.
10.2.21 KSS15050

Message text  Reference stop

Possible cause(s)  Cause: Mastering test not yet performed successfully (>>> Page 160)
Solution: Perform mastering test in T1 mode (>>> Page 160)
Cause: Mastering test not yet performed successfully
Description The mastering test has not yet been performed successfully. The reference
stop is triggered by an activated monitoring space for which the option Stop if
mastering test not yet done is configured.
Solution: Perform mastering test in T1 mode
Description The mastering test must be performed in T1 mode.
10.2.22 KSS15051

Message text  Ackn.: Mastering test position not reached


10 Messages
Possible cause(s)  Cause: Mastering test interrupted (>>> Page 161)

Solution: Acknowledge message and resume program
(>>> Page 161)
Cause: Mastering test interrupted
Description The mastering test was interrupted before the reference position was reached:
 Operating mode T1 or T2: The operator released the Start key.

AUT EXT mode: The Start signal from the higher-level controller was can-
celled.
Solution: Acknowledge message and resume program
Procedure 1. Acknowledge the message with OK.
2. Operating mode T1 or T2: Press and hold down the Start key to resume
the program.
AUT EXT mode: Send the Start signal from the higher-level controller to
resume the program.
10.2.23 KSS15052

Message text 
Ackn.: Mastering reference switch not actuated

Possible cause(s)  Cause: Reference switch fouled (>>> Page 162)

Solution: Clean the reference switch (>>> Page 162)
 Cause: Reference switch moved (>>> Page 162)

Solution: Realign the reference switch (>>> Page 162)
 Cause: Actuating plate bent (>>> Page 162)

Solution: Realign the actuating plate (>>> Page 162)
 Cause: Referencing with incorrectly mastered robot (>>> Page 162)

Solution: Restore the mastering or remaster (>>> Page 162)
 Cause: Reference switch defective (>>> Page 163)

Solution: Exchange the reference switch (>>> Page 163)

Cause: Reference switch fouled
Description The reference switch was not actuated at the reference position because the
proximity switch surfaces of the reference switch are fouled.
Solution: Clean the reference switch
Procedure  Clean the proximity switch surfaces of the reference switch.

Do not use aggressive cleaning agents.
Cause: Reference switch moved
Description The taught reference position has been addressed correctly, but the reference
switch not actuated. The reference switch or the device on which the reference
switch is installed has been moved.
Solution: Realign the reference switch
Description The reference switch must aligned in such a way that both proximity switch
surfaces of the reference switch are actuated simultaneously when the robot
is in the reference position.
Cause: Actuating plate bent
switch not actuated. The actuating plate fastened to the robot flange or robot
tool was bent.
actuated by the actuating plate.
Solution: Realign the actuating plate
Description The actuating plate must be aligned so that both proximity switch surfaces of
the reference switch are actuated simultaneously when the robot is in the ref-
erence position.
Cause: Referencing with incorrectly mastered robot
Description The reference switch was not actuated in the reference position. The refer-
ence position was not reached because the current mastering deviates from
the one used to teach the reference run.
Solution: Restore the mastering or remaster
Description Restore the mastering with which the reference run was taught or remaster the
robot.

10 Messages
Cause: Reference switch defective
switch is defective.
Solution: Exchange the reference switch
Description The reference switch must be exchanged.

Procedure 1. Unplug the reference cable.
2. Unscrew the reference switch.
3. Screw on the new reference switch.
4. Plug the reference cable into the new reference switch.
5. Perform a mastering test in order to check whether all reference groups
are referenced by the new switch.
10.2.24 KSS15053

Message text  Ackn.: Not all mastering reference groups referenced

Possible cause(s)  Cause: Reference group not taught (>>> Page 163)
Solution: Teach reference group (>>> Page 164)
Cause: Reference group not taught
Description One of the configured reference groups has not been taught.
The following points must be taught for each reference group:
 Motion to the reference switch
 Reference position
The reference position must additionally be taught in the safety con-
figuration.
 Motion away from the reference switch

With KSS, the points are taught in the following file:
File Directory C:\KRC\Roboter\KRC\R1\Program

File MasRef_USER.src
The file contains 2 subprograms each for reference
groups 1 … 3.
MASREFSTARTG1() … MASREFSTARTG3()
The motion to the reference switch and the reference
position are taught here.
MASREFBACKG1() … MASREFBACKG3()
The motion away from the reference switch is taught
here.
With VSS, the points are taught in the following file:

File Directory C:\KRC\Roboter\KRC\R1\UPs
File User-specificsubprogram
The procedure for checking which reference groups are configured is as
follows:
Checking instruc- 1. Open the safety configuration: For this, select Configuration > Safety
tions configuration in the main menu.
2. Select the Reference position tab.
For each axis, the reference group to which it is assigned is indicated in
the Reference group column.
It is then possible to check whether the configured reference groups
have been taught:
Checking instruc- 1. Select the file in the Navigator and press Open. The file is displayed in the
tions editor.
2. Check whether the points required for addressing a reference group have
been taught.
Solution: Teach reference group
Description The points required for addressing the reference group must be taught.
This activity must be carried out in accordance with the procedure de-
scribed in the assembly and operating instructions.
10.2.25 KSS15054

Message text  Workspace monitoring functions deactivated (mastering error)

Possible cause(s)  Cause: Axes unmastered (>>> Page 165)

Solution: Master unmastered axes (>>> Page 165)

10 Messages
Cause: Axes unmastered
Description At least one axis is unmastered.
Solution: Master unmastered axes
Procedure  Remaster all unmastered axes.
10.2.26 KSS15065


Message text Ackn.: Level at mastering reference switch is unexpectedly "low"

(>>> Page 165)
OK.
10.2.27 KSS15066

Message text  Level at mastering reference switch is unexpectedly "low"

Possible cause(s)  Cause: Reference switch fouled (>>> Page 166)

Solution: Clean the reference switch (>>> Page 166)

 Cause: Mastering test input incorrectly configured (>>> Page 166)

 Cause: Reference switch installed incorrectly or moved

(>>> Page 167)
Solution: Reinstall or realign reference switch (>>> Page 167)
 Cause: Reference switch defective (>>> Page 167)

Solution: Exchange the reference switch (>>> Page 167)
Cause: Reference switch fouled
Description The reference switch was actuated for at least 5 minutes outside the mastering
test because the proximity switch surfaces of the reference switch are fouled,
e.g. with metal dust or weld spatter.
Solution: Clean the reference switch
Procedure  Clean the proximity switch surfaces of the reference switch.

Do not use aggressive cleaning agents.
Cause: Mastering test input incorrectly configured
Description The reference switch for the mastering test can be connected either to the ro-
bot controller via interface X42, or to a higher level safety PLC that is linked to
the robot controller using an Ethernet safety interface.
The mastering test input must be configured accordingly in the safety config-
uration.
The procedure for checking how the mastering test input is configured
is as follows:
Checking instruc- 1. Open the safety configuration: For this, select Configuration > Safety
tions configuration in the main menu.
2. On the General tab, press Global parameters.
3. Check the parameter Mastering test input:
 at cabinet = reference switch is connected to the robot controller.
 via bus interface = reference switch is connected via Ethernet inter-
face.


10 Messages


Cause: Reference switch installed incorrectly or moved
Description The reference switch was actuated outside of the mastering test for at least
5 minutes. The reference switch is installed in the wrong position or has been
moved.
Solution: Reinstall or realign reference switch
Description The reference switch must installed or aligned in such a way that both proxim-
ity switch surfaces of the reference switch are actuated simultaneously when
the robot is in the reference position.
Fig. 10-3: Installation position of reference switch on external axis
Cause: Reference switch defective
Description The reference switch was actuated outside of the mastering test for at least
5 minutes. The reference switch is defective.
Solution: Exchange the reference switch
Description The reference switch must be exchanged.

Procedure 1. Unplug the reference cable.
2. Unscrew the reference switch.
3. Screw on the new reference switch.
4. Plug the reference cable into the new reference switch.
5. Perform a mastering test in order to check whether all reference groups
are referenced by the new switch.
10.2.28 KSS15079

Message text  Monitoring space no. {Number of monitoring space} violated

Possible cause(s)  Cause: Monitoring space violated in T1 or T2 (>>> Page 168)

Cause: Monitoring space violated in T1 or T2
Description The monitoring space has been violated in T1 or T2 mode. The active safe
tool, or at least one of the robot axes, is no longer situated in the permissible
range of the monitoring space.
The monitoring space is considered to have been violated if the monitoring
was only activated after the robot had moved over the space limit.
The permissible range depends on the type of monitoring space:
Spacetype Workspace Protectedspace

Cartesian space The active safe tool must move The active safe tool must move out-
within the limits of the monitoring side the limits of the monitoring
space. space.
The space is violated if the safe tool The space is violated if the safe tool
leaves the monitoring space. enters the monitoring space.
Axis space The axes must move within the limits The axes must move outside the lim-
of the monitoring space. its of the monitoring space.
The space is violated if the axes The space is violated if the axes
leave the monitoring space. enter the monitoring space.

10 Messages

10.2.29 KSS15081

Message text 
Monitoring space no. {Number of monitoring space} exceeded

Possible cause(s)  Cause: Monitoring space exceeded in T1 or T2 (>>> Page 169)

Cause: Monitoring space exceeded in T1 or T2
Description The monitoring space has been exceeded in T1 or T2 mode. The active safe
tool, orofatthe
range least one of the
monitoring robot axes, is no longer situated in the permissible
space.
The monitoring space is considered to have been exceeded if the monitoring
was already activated when the robot moved over the space limit.
The permissible range depends on the type of monitoring space:
Spacetype Workspace Protectedspace

Cartesian space The active safe tool must move The active safe tool must move out-
within the limits of the monitoring side the limits of the monitoring
space. space.
The space is exceeded if the safe The space is exceeded if the safe
tool leaves the monitoring space. tool enters the monitoring space.
Axis space The axes must move within the limits The axes must move outside the lim-
of the monitoring space. its of the monitoring space.
The space is exceeded if the axes The space is exceeded if the axes
leave the monitoring space. enter the monitoring space.



10.2.30 KSS15083

Message text  Ackn.: Cartesian velocity in monitoring space no. {Number of monitor-
ing space} exceeded

10.2.31 KSS15127

Message text  Ackn.: Stop because workspace exceeded

Possible cause(s) 
Cause: Monitoring space violated or exceeded in T1 (>>> Page 170)
Solution: Acknowledge the message and move the robot out of the vi-
olated space (>>> Page 170)
Cause: Monitoring space violated or exceeded in T1
Description The robot has violated or exceeded a monitoring space in T1 mode. A status
message additionally indicates the affected space.
Solution: Acknowledge the message and move the robot out of the violated space
Description The robot must be moved out of the violated space in T1 mode. This is only
possible once the message has been acknowledged.
Procedure 1. Acknowledge the message with OK.

11 Appendix
11 Appendix
1 1 .1 Checklists
The checklists here serve merely as examples of checklists for safety

acceptance. It is permissible to carry out and document safety accep-
tance using user-specific checklists.
11.1.1 Precondition for safety acceptance based on the checklists
 Mechanical and electrical installation of the industrial robot have been

completed.
 Safety configuration is completed.
 Safety maintenance technician is trained (training at KUKA Roboter
GmbH)
The system integrator is responsible for the design of the cell.
The safety maintenance technician uses the values and configura-
tions supplied by the system integrator to configure the robot and
tests whether the safety functions work as specified. The safety maintenance
technician does not perform a safety assessment of the system.
11.1.2 Checklist for robot and system
The inspection points of this checklist must be completed and con-

firmed in writing by the system builder.
Checklist  Serial number of the robot: ____________________

 Serial number of the robot controller: ____________________
 Name of system builder: ____________________
No. Inspectip
oonint OK
1 The industrial robot is in flawless mechanical condition and correctly installed
and fastened in accordance with the assembly or operating instructions of the
robot.
2 The permissible rated payload of the robot has not been exceeded.
3 There are no foreign bodies or loose parts on the industrial robot.
4 All safety equipment required for the system and robot is correctly installed
and operational.
5 The power supply ratings of the industrial robot correspond to the local sup-
ply voltage and mains type, and the machine data correspond to these.
6 The connecting cables are correctly connected and the connectors are
locked.
7 The ground conductor and the equipotential bonding cable are sufficiently
rated and correctly connected.
8 The system meets all the relevant laws, regulations and norms valid for the
installation site.

Remarks / deviations
Place, date
Signature
By signing, the signatory confirms the correct and complete performance of
the safety acceptance test.
11.1.3 Checklist for safety functions
The inspection items of this checklist must be completed and con-

firmed in writing by the safety maintenance technician.

 Time stamp of the safety configuration: ____________________
 Checksum of the safety configuration: ____________________

Activation code of the safety configuration: ____________________
 Name of safety maintenance technician: ____________________
No. Inspection
item OK Nortelevant
1 Safe monitoring is activated.
2 Robot is mastered.
3 The machine data have been checked and are appropriate for
the robot used.
(>>> 4.8.3.1 "Checking machine data and safety configura-
tion" Page 51)
The machine data loaded must match the machine data on the
identification plate of the robot.
4 The machine data of the external axes have been correctly
entered and checked.
Checking instructions:
 Move each external axis a defined distance by means of a
PTP_REL motion, e.g. 90°. Carry out a visual inspection
and check whether this distance is covered.
 In the case of a KL, move the external axis a defined dis-
tance by means of a PTP_REL motion, e.g. 500 mm. Carry
out a visual inspection and additionally monitor the display
of the Cartesian actual position to check whether this dis-
tance is covered.
5 The local and external safety functions have been checked
and are functioning correctly.
(>>> 4.8.3 "Start-up and recommissioning" Page 50)

11 Appendix
No. Inspection
item OK Nortelevant
6 The reference position has been taught in the mastering test
program and in the safety configuration.
7 Was the mastering test successful?
8 Was the brake test successful?
Axis A1
Axis A2
Axis A3
Axis A4
Axis A5
Axis A6
External axes
9 Operator safety acknowledgement has been checked and is
functioning correctly.
(>>> 4.5.4 "“Operator safety” signal" Page 42)
10 Peripheral contactor (US2) has been checked and switches at
the right time.
Note: Further information about checking the peripheral con-
tactor is contained in the “Operating and Programming Instruc-
tions for System Integrators”.
11 Have the Cartesian and axis-specific velocities been config-
ured correctly and checked?
The corresponding checklists must be completed and con-
firmed in writing for the Cartesian and axis-specific velocity
monitoring functions.
(>>> 11.1.4 "Checklist for Cartesian velocity monitoring func-
tions" Page 175)
(>>> 11.1.5 "Checklist for axis-specific velocity monitoring
functions" Page 176)
12 Has the correct configuration of the safe operational stop been
checked by moving all axes?
Each axis in an axis group must be tested individually.
The corresponding checklist must be completed and con-
firmed in writing for every axis group.
(>>> 11.1.6 "Checklist for safe operational stop for axis
groups" Page 180)
13 Has the correct configuration of the cell area been checked by
moving to all reachable limits?
The corresponding
firmed in writing for checklist must be completed and con-
the cell area.

No. Inspection
item OK Nortelevant
14 Has the correct configuration of the monitoring spaces used
been checked by moving to all reachable limits?
Each space surface of a Cartesian monitoring space must be
addressed at 3 different points.
The axis of an axis-specific monitoring space must be moved
to the upper and lower limits of the space.
firmed in writing for each monitoring space used.
(>>> 11.1.8 "Checklist for Cartesian monitoring spaces"
Page 183)
(>>> 11.1.9 "Checklist for axis-specific monitoring spaces"
Page 185)
Monitoring space 1
Monitoring space 2
Monitoring space 3
Monitoring space 4
Monitoring space 5
Monitoring space 6
Monitoring space 7
Monitoring space 8
Monitoring space 9
Monitoring space 10
Monitoring space 11
Monitoring space 12
Monitoring space 13
Monitoring space 14
Monitoring space 15
Monitoring space 16

11 Appendix
No. Inspection
item OK Nortelevant
15 Have the safe tools used been configured correctly and
checked?
At least one monitoring space and one velocity must be
checked with each safe tool.
firmed in writing for each safe tool used.
(>>> 11.1.10 "Checklist for safe tools" Page 190)
Tool 1
Tool 2
Tool 3
Tool 4
Tool 5
Tool 6
Tool 7
Tool 8
Tool 9
Tool 10
Tool 11
Tool 12
Tool 13
Tool 14
Tool 15
Tool 16
16 The safety configuration has been archived.
17 If an existing safety configuration has been changed:
A change log has been created and checked.
: Must be checked by system integrator
Place, date
Signature
11.1.4 Checklist for Cartesian velocity m onitoring functions


The Cartesian velocity monitoring functions cannot be tested against a dis-

crete value. It is possible to carry out a test using an exaggerated value in or-
der to check whether velocity monitoring is triggered.
Precondition  Override reduction for the velocity is deactivated: $SR_VEL_RED =
FALSE
 Safe tool used in test: ____________________
Specified value:
 Value specified by cell planner, design engineer
Configured value:
 Value entered in the safety configuration
No. Inspection
item OK Nortelevant
1 The global maximum Cartesian velocity has been correctly
configured and checked.
Specified value: __________ mm/s
Configured value: __________ mm/s
2 The safe reduced Cartesian velocity has been correctly con-
figured and checked.

3 The safe reduced Cartesian velocity for T1 has been cor-
rectly configured and checked.
Place, date
Signature
11.1.5 Checklist for axis-specific velo city monitoring functions


11 Appendix
The trace function (oscilloscope) can be used to determine the axis

velocities.
Precondition  Override reduction for the velocity is deactivated: $SR_VEL_RED =

FALSE

Specified value:
Configured value:
Test value:
 Value with which the test was carried out
1. Checking the global maximum axis velocity
It is only necessary to test the global maximum axis velocity if an axis

must not exceed a defined velocity. If the global maximum axis veloc-
ity is only to limit the minimum axis-specific protected space, no test
is required.
No. Axisname Inspectionitem OK Notrelevant

The global maximum axis velocity has been correctly entered and
checked using at least one axis.
1 Specifiedvalue:________°/sormm/s
Configured value: ________ °/s or mm/s
Test value: __________ °/s or mm/s
2. Checking the reduced axis velocity

The reduced axis velocity has been correctly configured and checked
for each axis.
2.1 Specifiedvalue:________°/sormm/s


Test value: _________ °/s or mm/s

Test value: ________ °/s or mm/s
3. Checking the maximum axis velocity for T1

11 Appendix

The maximum axis velocity for T1 has been correctly configured and
checked for each axis.
Test value: _________ °/s or mm/s



Place, date
Signature
11.1.6 Checklist for safe operational stop for axis groups

A separate checklist must be completed for each axis group.


Serial number of the robot controller: ____________________
 Axis group number: ____________________
Specified value:
Configured value:

11 Appendix

1 1staxisoftheaxisgrouphasbeencorrectly
Position tolerance (specified value):
__________ ° or mm
Position tolerance (configured value):
__________ ° or mm
2 2ndaxisoftheaxisgrouphasbeencorrectly
__________ ° or mm
__________ ° or mm
3 3rdaxisoftheaxisgrouphasbeencorrectly
__________ ° or mm
__________ ° or mm
4 4thaxisoftheaxisgrouphasbeencorrectly
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm

Place, date
Signature
11.1.7 Checklist for cell area

The accessible surfaces resulting from the configuration must be violated one
after the other, each at 2 different points, to demonstrate the correct configu-
ration of the cell area.
Precondition  The monitoring spaces that can be activated by means of safe inputs have
been deactivated.
 Override reduction for monitoring spaces is deactivated:
$SR_WORKSPACE_RED = FALSE
Checklist  Serial number of the robot: ________________
 Time stamp of the safety configuration: ________________
 Safe tool used in test: ________________
No. Inspection
item OK Nortelevant
1 The limit in the Z direction has been configured correctly and
checked.
Z min: ____________mm
Z max: ____________mm
2 Corner 1 has been correctly configured and checked.
X coordinate: __________ mm
Y coordinate: __________ mm

11 Appendix
No. Inspection
item OK Nortelevant
6 Corner 5 has been correctly configured.
Place, date
Signature
11.1.8 Checklist fo r Car tesian mo nitoring sp aces

A separate checklist must be completed for each monitoring space.

The accessible surfaces resulting from the configuration must be violated one
after the other, each at 3 different points, to demonstrate the correct configu-
ration of the monitoring space.
Precondition  The monitoring space to be checked is activated.
 The monitoring spaces that can be activated by means of safe inputs have
been deactivated.
 Override reduction is deactivated:
 $SR_WORKSPACE_RED = FALSE
 $SR_VEL_RED = FALSE
 Monitoring space checked (name, number): __________
 Type of space (protected space or workspace): ____________________
 Stop at boundaries (TRUE|FALSE): __________
 Reference stop (TRUE|FALSE): __________
 Space-specific velocity __________mm/s
 Space-specific velocity valid in: __________
 Safe tool used in test of velocity
or space limit: _________________
 Always active (TRUE|FALSE): __________
 Reference coordinate system: _____________
No. Inspection
item OK Nortelevant
1 The coordinates of the monitoring space have been correctly
Origin X: __________ mm
Origin Y: __________ mm
Origin Z: __________ mm
Origin A: __________ °
Origin B: __________ °
Origin C: __________ °
Distance to srcin XMin: __________ mm
Distance to srcin YMin: __________ mm
Distance to srcin ZMin: __________ mm
Distance to srcin XMax: __________ mm
Distance to srcin YMax: __________ mm
Distance to srcin ZMax: __________ mm
The following preconditions must be met to demonstrate the correct function-
ing of the reference stop:
 Reference stop is active.
 Mastering test is requested.
 Monitored monitoring space is activated.
No. Inspection
item OK Nortelevant
2 The correct functioning of the reference stop has been
checked.

11 Appendix

ing of the space-specific velocity:
 Space-specific velocity is active.
 The configured limit value of the space-specific velocity is less than the
limit value of the maximum Cartesian velocity.
 Checked monitoring space is activated.
 Robot exceeds the configured space-specific velocity.
 Override reduction for the velocity is deactivated: $SR_VEL_RED =
FALSE
Specified value:

Value specified by cell planner, design engineer
Configured value:
No. Inspection
item OK Nortelevant
3 The space-specific velocity has been correctly configured
and checked.
Place, date
Signature
11.1.9 Checklist for axis-specific monitoring spaces

A separate checklist must be completed for each monitoring space.
The configured limit values must successively be violated to demonstrate the

correct functioning of the monitoring space.
Precondition  The monitoring space to be checked is activated.

 The monitoring spaces that can be activated by means of safe inputs have
been deactivated.
 Override reduction is deactivated:
 $SR_WORKSPACE_RED = FALSE

 $SR_VEL_RED = FALSE
 Monitoring space checked (name, number): _________________
 Type of space (protected space or workspace): ____________________
 Stop at boundaries (TRUE|FALSE):_________________
 Reference stop (TRUE|FALSE): _________________
 Space-specific velocity _________________ mm/s


Space-specific
Safe tool used invelocity
test ofvalid in: _________________
velocity
or space limit: _________________
 Always active (TRUE|FALSE): _________________
Specified value:
Configured value:
Determined value:
 Value determined during the test
1 1staxisofthemonitoringspacehasbeen
correctly configured and checked.
Lower limit (specified value):
__________ ° or mm
Lower limit (configured value):
__________ ° or mm
Lower limit (determined value):
__________ ° or mm
Upper limit (specified value):
__________ ° or mm
Upper limit (configured value):
__________ ° or mm
Upper limit (determined value):
__________ ° or mm

11 Appendix

2 2ndaxisofthemonitoringspacehasbeen
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
3 3rdaxisofthemonitoringspacehasbeen
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
4 4thaxisofthemonitoringspacehasbeen
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm


__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm

11 Appendix

__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
__________ ° or mm
ing of the reference stop:
 Reference stop is active.
 Mastering test is requested.
 Monitored monitoring space is activated.
No. Inspection
item OK Nortelevant
9 The correct functioning of the reference stop has been
checked.

ing of the space-specific velocity:
 Space-specific velocity is active.
 The configured limit value of the space-specific velocity is less than the
limit value of the maximum Cartesian velocity.
 Checked monitoring space is activated.
 Robot exceeds the configured space-specific velocity.
 Override reduction for the velocity is deactivated: $SR_VEL_RED =
FALSE
No. Inspection
item OK Nortelevant
10 The space-specific velocity has been correctly configured
and checked.

Place, date
Signature
11.1.10 Checklist for s afe to ols

A separate checklist must be completed for each safe tool.
A monitoring space must be violated by each configured sphere to demon-

strate the correct functioning of the safe tool.
Checklist  Serial number of the robot: _________________
 Time stamp of the safety configuration: _________________
 Safe tool checked (name, number): _______________
 Monitoring space used in sphere test (name, number):
________________
Specified value:
Configured value:
No. Inspection
item OK Nortelevant
1 Safe TCP of the tool
The X, Y and Z coordinates of the safe TCP are correctly
TCP X (specified value): __________ mm
TCP X (configured value): __________ mm
TCP Y (specified value): __________ mm
TCP Y (configured value): __________ mm
TCP Z (specified value): __________ mm
TCP Z (configured value): __________ mm

11 Appendix
No. Inspection
item OK Nortelevant
2 1st sphere on tool
The X, Y and Z coordinates of the sphere center point and
the sphere radius are correctly configured and checked.
X (specified value): __________ mm
X (configured value): __________ mm
Y (specified value): __________ mm
Y (configured value): __________ mm
Z (specified value): __________ mm
Z (configured value): __________ mm

Radius (specified value): __________ mm
Radius (configured value): __________ mm
3 2nd sphere on tool
4 3rd sphere on tool
5 4th sphere on tool

No. Inspection
item OK Nortelevant

Place, date
Signature
By
the signing, the signatory
safety acceptance confirms the correct and complete performance of
test.
11.2 Applied norms and directives
The safety functions of KUKA.SafeOperation meet the requirements of Cate-

gory 3 and Performance Level d in accordance with EN ISO 13849-1:2008.

12 KUKA Service
12 KUKA Service
1 2 .1 R e q u e s t in g s u p p o r t
Introduction This documentation provides information on operation and operator control,

and provides assistance with troubleshooting. For further assistance, please
contact your local KUKA subsidiary.
Information The following information is required for processing a support request:
 Description of the problem, including information about the duration and
frequency of the fault
 As comprehensive information as possible about the hardware and soft-
ware components of the overall system
The following list gives an indication of the information which is relevant in
many cases:
 Model and serial number of the kinematic system, e.g. the manipulator
 Model and serial number of the controller
 Model and serial number of the energy supply system
 Designation and version of the system software
 Designations and versions of other software components or modifica-
tions
 Diagnostic package KRCDiag
Additionally for KUKA Sunrise: Existing projects including applications
For versions of KUKA System Software older than V8: Archive of the
software (KRCDiag is not yet available here.)


Application used
External axes used
1 2 .2 KUKA Customer Support
Availability KUKA Customer Support is available in many countries. Please do not hesi-
tate to contact us if you have any questions.
Argentina Ruben Costantini S.A. (Agency)

Luis Angel Huergo 13 20
Parque Industrial
2400 San Francisco (CBA)
Argentina
Tel. +54 3564 421033
Fax +54 3564 428877
ventas@costantini-sa.com
Australia KUKA Robotics Australia Pty Ltd

45 Fennell Street
Port Melbourne VIC 3207
Australia
Tel. +61 3 9939 9656
info@kuka-robotics.com.au
www.kuka-robotics.com.au

Belgium KUKA Automatisering + Robots N.V.

Centrum Zuid 1031
3530 Houthalen
Belgium
Tel. +32 11 516160
Fax +32 11 526794
info@kuka.be
www.kuka.be
Brazil KUKA Roboter do Brasil Ltda.
Travessa Claudio Armando,

Bloco 5 - Galpões 51/52 nº 171
Bairro Assunção
CEP 09861-7630 São Bernardo do Campo - SP
Brazil
Tel. +55 11 4942-8299
Fax +55 11 2201-7883
info@kuka-roboter.com.br
www.kuka-roboter.com.br
Chile Robotec S.A. (Agency)

Santiago de Chile
Chile
Tel. +56 2 331-5951
Fax +56 2 331-5952
robotec@robotec.cl
www.robotec.cl
China KUKA Robotics China Co., Ltd.

No. 889 Kungang Road
Xiaokunshan Town
Songjiang District
201614 Shanghai
P. R. China
Tel. +86 21 5707 2688
Fax +86 21 5707 2603
info@kuka-robotics.cn
www.kuka-robotics.com
Germany KUKA Roboter GmbH

Zugspitzstr. 140
86165 Augsburg
Germany
Tel. +49 821 797-1926
Fax +49 821 797-41 1926
Hotline.robotics.de@kuka.com
www.kuka-roboter.de

12 KUKA Service
France KUKA Automatisme + Robotique SAS

Techvallée
6, Avenue du Parc
91140 Villebon S/Yvette
France
Tel. +33 1 6931660-0
Fax +33 1 6931660-1
commercial@kuka.fr
www.kuka.fr
India KUKA Robotics India

Office Number-7, Pvt. Ltd.
German Centre,
Level 12, Building No. - 9B
DLF Cyber City Phase III
122 002 Gurgaon
Haryana
India
Tel. +91 124 4635774
Fax +91 124 4635773
info@kuka.in
www.kuka.in
Italy KUKA Roboter Italia S.p.A.

Via Pavia 9/a - int.6
10098 Rivoli (TO)
Italy
Tel. +39 011 959-5013
Fax +39 011 959-5141
kuka@kuka.it
www.kuka.it
Japan KUKA Robotics Japan K.K.

YBP Technical Center
134 Godo-cho, Hodogaya-ku
Yokohama, Kanagawa
240 0005
Japan
Tel. +81 45 744 7691
Fax +81 45 744 7696
info@kuka.co.jp
Canada KUKA Robotics Canada Ltd.

6710 Maritz Drive - Unit 4
Mississauga
L5W 0A1
Ontario
Canada
Tel. +1 905 670-8600
Fax +1 905 670-8604
info@kukarobotics.com
www.kuka-robotics.com/canada

Korea KUKA Robotics Korea Co. Ltd.

RIT Center 306, Gyeonggi Technopark
1271-11 Sa 3-dong, Sangnok-gu
Ansan City, Gyeonggi Do
426-901
Korea
Tel. +82 31 501-1451
Fax +82 31 501-1461
info@kukakorea.com
Malaysia KUKA RobotAsia

South East Automation
Regional(M) Sdn Bhd
Office
No. 7, Jalan TPP 6/6
Taman Perindustrian Puchong
47100 Puchong
Selangor
Malaysia
Tel. +60 (03) 8063-1792
Fax +60 (03) 8060-7386
info@kuka.com.my
Mexico KUKA de México S. de R.L. de C.V.

Progreso #8
Col. Centro Industrial Puente de Vigas
Tlalnepantla de Baz
54020 Estado de México
Mexico
Tel. +52 55 5203-8407
Fax +52 55 5203-8148
info@kuka.com.mx
www.kuka-robotics.com/mexico
Norway KUKA Sveiseanlegg + Roboter

Sentrumsvegen 5
2867 Hov
Norway
Tel. +47 61 18 91 30
Fax +47 61 18 62 00
info@kuka.no
Austria KUKA Roboter CEE GmbH

Gruberstraße 2-4
4020 Linz
Austria
Tel. +43 7 32 78 47 52
Fax +43 7 32 79 38 80
office@kuka-roboter.at
www.kuka.at

12 KUKA Service
Poland KUKA Roboter Austria GmbH

Spółka z ograniczoną odpowiedzialnością
Oddział w Polsce
Ul. Porcelanowa 10
40-246 Katowice
Poland
Tel. +48 327 30 32 13 or -14
Fax +48 327 30 32 26
ServicePL@kuka-roboter.de
Portugal KUKA Robots IBÉRICA, S.A.

Rua do Alto da Guerra n° 50
Armazém 04
2910 011 Setúbal
Portugal
Tel. +351 265 729 780
Fax +351 265 729 782
info.portugal@kukapt.com
www.kuka.com
Russia KUKA Robotics RUS

Werbnaja ul. 8A
107143 Moskau
Russia
Tel. +7 495 781-31-20
Fax +7 495 781-31-19
info@kuka-robotics.ru
www.kuka-robotics.ru
Sweden KUKA Svetsanläggningar + Robotar AB

A. Odhners gata 15
421 30 Västra Frölunda
Sweden
Tel. +46 31 7266-200
Fax +46 31 7266-201
info@kuka.se
Switzerland KUKA Roboter Schweiz AG

Industriestr. 9
5432 Neuenhof
Switzerland
Tel. +41 44 74490-90
Fax +41 44 74490-91
info@kuka-roboter.ch
www.kuka-roboter.ch

Spain KUKA Robots IBÉRICA, S.A.

Pol. Industrial
Torrent de la Pastera
Carrer del Bages s/n
08800 Vilanova i la Geltrú (Barcelona)
Spain
Tel. +34 93 8142-353
Fax +34 93 8142-950
comercial@kukarob.es
www.kuka.es
South Africa Jendamark Automation LTD (Agency)

76a York Road
North End
6000 Port Elizabeth
South Africa
Tel. +27 41 391 4700
Fax +27 41 373 3869
www.jendamark.co.za
Taiwan KUKA Robot Automation Taiwan Co., Ltd.

No. 249 Pujong Road
Jungli City, Taoyuan County 320
Taiwan, R. O. C.
Tel. +886 3 4331988
Fax +886 3 4331948
info@kuka.com.tw
www.kuka.com.tw
Thailand KUKA Robot Automation (M)SdnBhd

Thailand Office
c/o Maccall System Co. Ltd.
49/9-10 Soi Kingkaew 30 Kingkaew Road
Tt. Rachatheva, A. Bangpli
Samutprakarn
10540 Thailand
Tel. +66 2 7502737
Fax +66 2 6612355
atika@ji-net.com
www.kuka-roboter.de
Czech Republic KUKA Roboter Austria GmbH

Organisation Tschechien und Slowakei
Sezemická 2757/2
193 00 Praha
Horní Počernice
Czech Republic
Tel. +420 22 62 12 27 2
Fax +420 22 62 12 27 0
support@kuka.cz

12 KUKA Service
Hungary KUKA Robotics Hungaria Kft.

Fö út 140
2335 Taksony
Hungary
Tel. +36 24 501609
Fax +36 24 477031
info@kuka-robotics.hu
USA KUKA Robotics Corporation

51870 Shelby Parkway
Shelby Township
48315-1787
Michigan
USA
Tel. +1 866 873-5852
Fax +1 866 329-5852
info@kukarobotics.com
www.kukarobotics.com
UK KUKA Robotics UK Ltd

Great Western Street
Wednesbury West Midlands
WS10 7LL
UK
Tel. +44 121 505 9970
Fax +44 121 505 6589
service@kuka-robotics.co.uk
www.kuka-robotics.co.uk


Index
Index
Symbols Axis velocity, maximum in T1 27, 89, 119
$BRAKES_OK 109 Axis velocity, reduced 27, 89, 119
$BRAKETEST_MONTIME 109 Axis-specific monitoring spaces, defining 84
$BRAKETEST_REQ_EX 109 Axis-specific monitoring spaces, testing 121
$BRAKETEST_REQ_INT 109 Axis-specific protected spaces 23
$BRAKETEST_WARN 109 Axis-specific velocity limits, testing 119
$BRAKETEST_WORK 109 Axis-specific velocity monitoring, defining 87
$MASTERINGTEST_ACTIVE 100 Axis-specific workspaces 22
$MASTERINGTEST_GROUP 100
$MASTERINGTEST_REQ_EXT 100 B
$MASTERINGTEST_REQ_INT 100 BASE coordinate system 16
$MASTERINGTEST_SWITCH_OK 100 Brake defect 49
$ROBROOT, special cases 18 Brake release device 47
$SR_ACTIVETOOL 139 Brake test 14, 65, 106
$SR_AXISSPEED_OK 139 Brake test cycle time 106
$SR_CARTSPEED_OK 139 Brake test, function test 113
$SR_DRIVES_ENABLE 139 Brake test, programs 107
$SR_MOVE_ENABLE 139 Brake test, signals 108, 110
$SR_OV_RED 114, 117 Brake test, teaching positions 111
$SR_RANGE_ACTIVE 139 Brake, defective 112
$SR_RANGE_OK 139 BrakeTestBack.SRC 108, 111
$SR_SAFEMON_ACTIVE 139 BrakeTestPark.SRC 108, 111
$SR_SAFEOPSTOP_ACTIVE 140 BrakeTestReq.SRC 108, 112
$SR_SAFEOPSTOP_OK 140 BrakeTestSelfTest.SRC 108, 113
$SR_SAFEREDSPEED_ACTIVE 140 BrakeTestStart.SRC 108, 111
$SR_VEL_RED 114, 117, 118 Braking distance 10, 36
$SR_WORKSPACE_RED 114, 117, 118 Braking time 89
Numbers Buttons, overview 63

2006/42/EC 58 C
2014/30/EU 58 Cable lengths, reference switch module 28
2014/68/EC 58 Cartesian monitoring spaces, defining 79
95/16/EC 58 Cartesian monitoring spaces, testing 120
97/23/EC 58 Cartesian protected spaces 21
Cartesian velocity limits, testing 119
A Cartesian velocity, maximum 76, 119
Accessories 35 Cartesian velocity, reduced 77, 119
Activating a new safety configuration 122 Cartesian velocity, reduced for T1 77, 119
Activation code, safety configuration 64 Cartesian workspaces 20
Activation, monitoring space 80, 85 CE mark 36
Activation, reference stop 81, 86 Cell area 12, 15, 19, 20
Actuating plate, hole pattern 33 Cell area, defining 77
Actuating plate, installation 101 Change log 65
Alarm space 10 Checking the reference position 105
Ambient temperature,
ANSI/RIA R.15.06-2012reference
58 switch 31 Checklists 171
Checksum, brake test configuration 65
Appendix 171 Checksum, safety configuration 64
Applied norms and regulations 57 CIP Safety 10, 14, 61
Areas of application 13 Circuit diagram, reference switch 33
Automatic mode 55 CK 10, 13
Axis angle, lower limit 87 Cleaning work 55
Axis angle, upper limit 87 Compatibility 61
Axis limit 10, 22, 23 Components 14
Axis range 10, 22, 23, 36 Configuration 69
Axis range limitation 46 Configuration, overview 70
Axis range monitoring 46 Connecting cables 35
Axis velocity, maximum 27, 89 Connecting cables, overview 29
Axis velocity, maximum global 119 Connecting, reference switch 102

Connector pin assignment, reference cable X42- Hole pattern, actuating plate 33
XS Ref 32 Hole pattern, reference switch 32
Coordinate systems 16 Hysteresis, reference switch 31
Coordinate systems, angles 17
Coordinate systems, orientation 17 I
Counterbalancing system 56 I/Os, interface X13 136
Industrial robot 35
D Installation 61
Danger zone 10, 37 Intended use 35
Declaration of conformity 36 Interface, X13 136
Declaration of incorporation 35, 36 Interface, X13 14
Decommissioning 56 Interfaces 125
Diagnosis 139
Diagnostic monitor (menu item) 139 Introduction 9
Diagnostic signals via Ethernet interface 133 J
Directives 192 Jog mode 45, 48
Discrete safety interface, for safety options 14
Displaying machine data 65 K
Displaying, change log 65 KL 10
Disposal 56 Knowledge, required 9
Documentation, industrial robot 9 KUKA Customer Support 193
KUKA smartPAD 37
E
EC declaration of conformity 36 L
Electromagnetic compatibility (EMC) 59 Labeling 47
EMC conformity, reference switch 31 Liability 35
EMC Directive 36, 58 Linear unit 35
EMERGENCY STOP device 43, 44, 48 Low Voltage Directive 36
EMERGENCY STOP, external 44, 51
EMERGENCY STOP, local 51 M
EN 60204-1 + A1 59 Machine data 51, 64, 65
EN 61000-6-2 59 Machinery Directive 36, 58
EN 61000-6-4 + A1 59 Maintenance 55
EN 614-1 + A1 58 Manipulator 35, 37
EN ISO 10218-1 58 Manual mode 54
EN ISO 12100 58 Mastering position, reference position 97
EN ISO 13849-1 58 Mastering test 10, 98
EN ISO 13849-2 58 Mastering test input 76
EN ISO 13850 58 Mastering test, performing manually 105
Enabling device 44, 48 Mastering test, programs 99
Enabling device, external 45 Mastering test, teaching positions 103
Enabling switches 44 Mastering test, variables 100
Ethernet interface 10, 11, 133 Mechanical axis range limitation 46
EtherNet/IP 10, 14, 61 Mechanical end stops 46
Extended SIB 14 Messages 141
External axes 35, 38 Monitoring space 12
Monitoring space, axis-specific 84
F Monitoring space, Cartesian 79
Faults 49 Monitoring spaces 14
FLANGE coordinate system 17 Monitoring time 10, 98
Function test 50 Monitoring, physical safeguards 42
Functional principle 13 Monitoring, velocity 45
Functions, SafeOperation 13
N
G Norms 192
General safety measures 48
Global parameters, defining 75 O
Operating current, reference switch 31
H Operating voltage, reference switch 31
Hardware 14, 61 Operation 63
Hazardous substances 56 Operator 39

Index
Operator safety 40, 42, 48 S

Options 35 Safe I/Os, displaying 139
Outputs, reference switch 31 Safe monitoring 76
Overload 49 Safe monitoring, activating 75
Override reduction 113 Safe monitoring, deactivating 123
Override reduction, spline 115 Safe operational stop 12, 28, 37, 45
Override reduction, variables 117 Safe operational stop, axis group 1 to 6 93
Overview, buttons 63 Safe operational stop, defining 91
Overview, SafeOperation 13 Safe operational stop, testing 122
Overview, safety acceptance 117 Safe robot retraction 68
Safe TCP 26
P Safe tools 12, 26
Panic positionLevel
Performance 44 40 Safe tools, defining
Safeguards, external9347
Performing a manual brake test 112 SafeOperation via Ethernet safety interface 129
Peripheral contactor 53 SafeOperation, overview 13
Permissible load current, reference switch 31 Safety 35
Permissible switching distance, reference switch Safety acceptance, overview 117
31 Safety acceptance, precondition 171
Permissible switching frequency, reference swit- Safety configuration, displaying information 64
ch 31 Safety configuration, export 67
Personnel 38 Safety configuration, import 65
Plant integrator 38 Safety configuration, new, activating 122
Polygon, convex 10, 15, 19 Safety configuration, opening 63
Position tolerance 93 Safety configuration, saving 97
Positioner 35 Safety controller 41
Pressure Equipment Directive 56, 58 Safety functions 40, 48
Preventive maintenance work 55 Safety functions, Ethernet safety interface 125
Product description 13 Safety functions, overview 40
PROFINET 11, 14, 61 Safety functions, test 118
PROFIsafe 11, 14, 61 Safety instructions 9, 69
Protected space 11, 15, 21, 23 Safety of machinery 58, 59
Protection rating 31 Safety options 37
Protective equipment 45 Safety STOP 0 11, 37
Pulse duration, reference switch 31 Safety STOP 1 11, 37
Pulse duty factor, reference switch 31 Safety STOP 2 12, 37
Safety STOP 0 37
R Safety STOP 1 37
Radius, tool sphere 72 Safety STOP 2 37
Reaction distance 10, 36 Safety stop, external 45
Recommissioning 50 Safety zone 37, 39
Reference cable X42-XS Ref, connector pin as- Safety, general 35
signment 32 Selecting the operating mode 40, 41
Reference group 11, 97, 98 Serial number, robot 64
Reference position 11, 98 Service life 31, 37
Reference position, axis angle 97 Service, KUKA Roboter GmbH 193
Reference position, Cartesian 97 SIB 11
Reference position, defining 95 Signals, brake test 108
Reference position, selecting 101 Signals,brake test 110
Reference stop 11, 25 Simulation 54
Reference switch 11 Single point of control 56
Reference switch module 28 smartPAD 37, 49
Reference switch, connecting 102 Software 14, 35, 61
Reference switch, installation 101 Software limit switches 46, 48
Reference switch, technical data 31 Space dimensions 82
Reference system 78, 82 Space type 80, 85
Release device 47 Space-specific velocity 25, 80, 81, 85, 86
Repair 55 Special cases, $ROBROOT 18
Robot controller 35 Sphere, radius 72
ROBROOT coordinate system 16 Spline, override reduction 115
SPOC 56

Standstill monitoring 28, 93 X

Start-up 50, 69 XML export 67
Start-up mode 53, 69 XML import 65
Start-up, overview 70
STOP 0 36, 38
STOP 1 36, 38
STOP 2 36, 38
Stop at boundaries 80, 85
Stop category 0 38
Stop category 1 38
Stop category 2 38
Stop reactions 16, 27, 40
Stopping56
Storage distance 10, 15, 36, 39
Support request 193
Switching function, reference switch 31
System integrator 36, 38, 39
System requirements 61
System variables 100, 117, 139
T
T1 38
T2 38
Target group 9
Teach pendant 35
Technical data 31
Technical data, reference switch 31
Terms used 10
Terms used, safety 36
Time stamp, machine data 64
Time stamp, safety configuration 64
TOOL coordinate system 16
Tool sphere, radius 72
Training 9
Transportation 50
Turn-tilt table 35
Type of monitoring space 80, 85
U
Uninstallation, SafeOperation 62
Update, SafeOperation 61
US2 53
Use, contrary to intended use 35
Use, improper 35
User 37, 38
User groups 63
V
Velocity monitoring 45
Velocity monitoring functions 27
Velocity monitoring, axis-specific 87
Velocity, space-specific 25
Version, safety configuration 64
Version, safety option 64
W
Warnings 9
Working range limitation 46
Workspace 10, 15, 20, 22, 36, 39
WORLD coordinate system 16


KUKA - SafeOperation 3.2

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

KUKA - SafeOperation 3.2

Uploaded by

Copyright:

Available Formats

KUKA System Technology KUKA Roboter GmbH

For KUKA System Software 8.3

Version: KST SafeOperation 3.2 V7

Publication: Pub KST SafeOperation 3.2 (PDF) en

2 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7

2.2 Monitoring spaces...................................................................................................... 14

Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 3 / 205

4.5.6 Logging off from the higher-level safety controller ................................................ 43

4 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7

7.1 System safety instructions ......................................................................................... 69

Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 5 / 205

7.12 Deactivating safe monitoring..................................................................................... 123

6 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7

Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 7 / 205

8 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7

1 .2 Industrial robot documentation

The industrial robot documentation consists of the following parts:

1 .3 Representation of warnings and notes

Safety These warnings are relevant to safety and must be observed.

These warnings mean that it is certain or highly probable

These warnings mean that death or severe injuries may

These warnings mean that minor injuries may occur, if

These warnings mean that damage to property may oc-

Procedures marked with this warning must be followed

Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 9 / 205

Tip to make your work easier or reference to further information.

10 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7

Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 11 / 205

12 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7

Areas of appli-  Human-robot cooperation

Decouplable external axes are not supported by SafeOperation. In

Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 13 / 205

Fig. 2-1: Example of a cell with SafeOperation

Components These software components are included in the SafeOperation package:

A maximum of 16 monitoring spaces can be configured. A cell area must also

14 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7

(>>> 2.2.7 "Space-specific velocity" Page 25)

The cell areaactivated

Further information about the stopping distances and stopping times

Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 15 / 205

2.2.1 Coordinate systems

Fig. 2-2: Overview of coordinate systems

16 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7

Angles of rotation of the robot coordinate systems

Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 17 / 205

2.2.1.1 Special cases

Fig. 2-3: ROBROOT coordinate system Jet

Fig. 2-4: ROBROOT coordinate system KL

18 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7

2.2.2 Cell area

Cartesian monitoring spaces are only monitored against

1 Example of a convex polygon with 6 corners

Example The diagram shows an example of a configured cell area.

Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 19 / 205

Fig. 2-6: Example of a cell area

2.2.3 Cartesian wo rkspaces

Only KUKA linear units are supported as ROBROOT kinematic sys-

Example The diagram shows an example of a configured Cartesian workspace.

20 / 205 Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7

Fig. 2-7: Example of a Cartesian workspace

2.2.4 Cartesian protected spaces

Issued: 08.06.2016 Version: KST SafeOperation 3.2 V7 21 / 205

Only KUKA linear units are supported as ROBROOT kinematic sys-