Demonstrating Functional Safety Integrity in AGV Applications

Tags:

Automated Warehouse with Robots Transporting Boxes

17 Jun 2026

A Robust Safety Case Depends on Correctly Aligning ISO 3691-4, ISO 12100, and ISO 13849-1

With the global automated guided vehicle (AGV) market projected to grow steadily through the next decade, regulatory scrutiny around functional safety is increasing in parallel. AGVs are becoming increasingly prevalent in modern automated manufacturing environments. As deployment scales, so too do the regulatory expectations – particularly around how manufacturers demonstrate that hazards and associated risks have been sufficiently identified and mitigated.

Standards such as ISO 3691-4 (driverless industrial trucks and their systems) introduce explicit requirements for safety functions that must achieve compliance with ISO 13849-1:2023.

In many projects, however, the introduction of functional safety can create confusion and uncertainty due to a perceived lack of structured alignment between the applicable standards.

For industrial AGVs, a defensible safety case typically depends on three complementary pillars:

ISO 3691-4 – Type-C standard specific to driverless industrial trucks and their systems
ISO 12100 – Machinery safety risk assessment methodology
ISO 13849-1 – Functional safety requirements for the safety-related parts of control systems

Understanding how these standards fit together is essential for demonstrating robust functional safety integrity and effective risk reduction.

The Starting Point – ISO 3691-4

As the type-C machinery standard for driverless industrial trucks, ISO 3691-4 establishes the specific safety expectations for AGVs.

The standard defines requirements covering areas such as:

Protective field monitoring
Speed and motion control
Braking performance
Stability and load handling
Operating modes
Personnel detection measures

Critically, Table 3 of ISO 3691-4 goes much deeper. It explicitly identifies a number of typical safety-related functions, associated risks, and minimum required Performance Levels (PL) according to ISO 13849-1. This provides manufacturers with a valuable baseline of safety functions that should be considered. Critically, Table 3 should not be treated as a substitute for application-specific risk assessments.

The Critical Clause Many Teams Overlook

Within clause 4, the standard states that the truck shall be designed according to the principles of ISO 12100 for relevant hazards not dealt with by the document. This is a deliberate signal – ISO 3691-4 recognises that it is not exhaustive, it defines the application baseline – but it does not remove the obligation to perform a full risk assessment.

Why ISO 12100 Remains Essential

As required by ISO 3691-4, clause 4, a structured ISO 12100 assessment is still expected, this is to ensure that all reasonably foreseeable hazards are identified and addressed. This is particularly important for AGVs because risk is highly application dependent.

In practice, additional hazards often arise from:

Site congestion and traffic density
Variable floor conditions and gradients
Complex load geometries
Multi-vehicle fleet interactions
Integration into wider automated systems
Foreseeable misuse scenarios

These factors can influence both:

the requirement for additional safety functions, and
an increase in the required Performance Level (PLr).

For example, increased floor gradients or low-friction surfaces may extend stopping distance, potentially driving a higher PLr for safe speed monitoring or braking functions. In many assessments, gaps in AGV safety cases can be traced back to an over-reliance on ISO 3691-4 without sufficient application of ISO 12100.

Demonstrating Functional Safety Integrity

Once safety functions and PLr values have been established, ISO 13849-1 is typically used to demonstrate that the safety-related parts of the control system (SRP/CS) achieve the required integrity. This stage moves the safety case from functional intent to demonstrable reliability and fault tolerance.

In practice, this involves confirming that the control architecture, component reliability, and diagnostic capability collectively support the target Performance Level. Activities typically include:

Selecting the appropriate architecture category
Calculating MTTFd
Evaluating diagnostic coverage (DCavg)
Assessing common cause failure (CCF)
Performing validation testing

For AGVs, these requirements most often apply to the core motion-related safety functions, including safety laser scanner channels, safe speed monitoring, braking control, emergency stop circuits, safety PLC logic, and drive-integrated safety functions.

The critical point is that achieving PL is not a component exercise – it is a system demonstration supported by analysis, architecture, and validation evidence.

Where AGV Safety Cases Commonly Fall Short

Across AGV programmes, a number of recurring weaknesses continue to appear during detailed assessments. In practice, most issues do not stem from deficiencies in the standards themselves, but from incomplete or inconsistent application of the safety framework.

Common pitfalls include:

Treating ISO 3691-4 as a complete solution
Over-reliance on certified subsystems
Superficial application of ISO 12100
Incorrect PLr allocation for key safety functions
Missing degraded or fault-mode behaviour
Insufficient system-level validation evidence

One of the most significant risks is the confusion between component certification and system compliance. Even where subsystems carry strong SIL or PL claims, machinery compliance ultimately depends on the verified performance of the integrated AGV within its real operating environment.

Final Thoughts

As AGVs become more autonomous and more widely deployed, demonstrating functional safety integrity requires more than selecting certified components or following a single standard. ISO 3691-4 provides the essential application backbone for AGV safety – including a valuable baseline of expected safety functions and minimum Performance Levels.

However, the standard itself makes clear that:

ISO 12100 is required to address hazards beyond its scope, and
ISO 13849-1 is needed to demonstrate the integrity of the implemented safety functions.

Manufacturers that align these three elements early in the design lifecycle are far better positioned to achieve a safety case that is technically robust, assessment-ready, and commercially defensible.

How Intertek Assurance Can Help

Demonstrating functional safety integrity for AGVs requires more than applying a single standard in isolation. A robust safety case depends on correctly aligning ISO 3691-4, ISO 12100, and ISO 13849-1, and validating performance in the real operating environment.

Intertek Assurance supports manufacturers and integrators through:

Gap assessments against ISO 3691-4
ISO 12100 risk assessments and PLr determination
ISO 13849 design reviews and validation support
Independent technical assurance and technical file support

Early engagement helps reduce redesign risk, avoid late-stage compliance surprises, and build a safety case that is technically robust and audit-ready.

James Lynskey

Senior Consultant, Functional Safety

James (Jay) has more than 15 years of expertise in functional safety within the Testing, Inspection and Certification (TIC) industry. He has led and delivered more than 350 global projects, providing strategic and technical solutions across industrial systems, machinery, automotive, energy storage, and battery management systems. His focus is providing guidance to customers in the areas of safety, compliance, quality assurance, functional safety management, and product lifecycle implementation. His diverse background includes supporting customers with the realization of safety related applications across a number of industries, applying international standards such as IEC 61508, IEC 61511, IEC 62061, ISO 13849, ISO 26262, and more.