SMW Limited received a £120,000 fine in May 2026 after a worker at a biomass facility sustained partial severance of three fingers when his hand entered a rotating machinery hazard zone, with no guard or interlock preventing access during operation [S4].
This incident — resulting in permanent disability and no return to work — illustrates the gap between documented machine guarding failures and the systematic risk reduction methodology codified in EN ISO 12100:2010 and its companion control-system architecture standard, ISO 13849-1:2015, which together define how safety-related parts of machine control systems must achieve validated performance levels before commissioning.
Scope and Hierarchy: Physical Guarding vs. Control-System Architecture
Machine guarding for moving machinery encompasses two distinct engineering domains: physical barriers (fixed guards, interlocked guards, adjustable guards) governed by EN ISO 12100 clause 6.3, and the safety-related parts of control systems (SRP/CS) governed by ISO 13849-1, which defines how interlocking logic, sensors, and controllers must perform to reduce identified risks to an acceptable residual level. [S1]
These two domains interact — an interlocked guard with a Category 3 structure per ISO 13849-1 Table 4 requires both a physical barrier and a dual-channel control architecture with fault detection — but they are certified and validated separately. The SGS verification awarded to Dobot's CR 30H Series in May 2026 against ISO 10218-1:2025 cybersecurity requirements [S1] demonstrates how standards bodies segment machine safety verification into distinct certification tracks, even when hazards coexist on a single machine.
Performance Level Required (PLr) Determination
ISO 13849-1 mandates that designers determine the Performance Level required (PLr) for each safety function by plotting the consequence of hazard realization (C1 = reversible injury, C2 = irreversible injury or death), frequency and duration of exposure (F1 = seldom to often, F2 = frequent to continuous), and possibility of avoiding the hazard (P1 = possible, P2 = hardly possible) on the PLr selection matrix in ISO 13849-1 Table 3. [S2]
Road milling machines, where a worker sustained a leg amputation after his foot was drawn into a rotating drum at a Wade Road site in February 2024 [S5], represent a C2 / F2 / P2 hazard scenario — the highest severity class — which maps directly to PLr = e (the maximum performance level, corresponding to PFHd ≤ 1 × 10⁻⁸ failures per hour per ISO 13849-1 clause 4.5). Any interlock, emergency stop, or guard monitoring circuit on such equipment must demonstrably achieve PLr = e through architectural measures defined in ISO 13849-1 clause 4.2.
Architectural Categories and Diagnostic Coverage
ISO 13849-1 defines five architectural categories (B, 1, 2, 3, 4) with escalating fault-tolerance requirements. Category 3 — required to achieve PLc through PLe — mandates dual-channel architecture where a single component failure does not result in loss of the safety function, combined with periodic proof-test interval (PTI) validation and diagnostic coverage (DC) of at least 60% for PLd or 90% for PLe per ISO 13849-1 Table 5. [S3]
For plc based safety systems, this means redundant safety inputs (e.g., two independent position sensors on a guard door), dual-channel output modules driving safety contactors, and channel-verification logic in the safety program. A standard process plc running a single-ended safety input does not satisfy Category 3 requirements regardless of fault-detection logic in the program — the hardware architecture itself must provide fault tolerance per ISO 13849-1 clause 6.2.
Failure Modes and Validation: The SISTEMA Tool
ISO 13849-2 governs validation requirements, mandating that the achieved performance level (PL) of each safety function be confirmed through calculation of probability of dangerous hardware failure per hour (PFHd) using the architecture-based formulas in ISO 13849-1 Annex B. The German BGIA institute's SISTEMA software implements these formulas and is the de facto industry tool for PL verification documentation. [S4]
Common validation failures include: assigning unrealistic MTTFd values to components without manufacturer data, neglecting common cause failure (CCF) contributions which require a minimum score of 65% per ISO 13849-1 Annex F to achieve Category 3 or 4 credit, and omitting proof-test interval constraints that affect the PL achievable under field maintenance conditions. Neither [S4] nor [S5] indicate whether SRP/CS validation was performed prior to the incidents, but the nature of the failures — contact with rotating elements through apparently inadequate guarding — is consistent with missing or inadequate interlocking architecture.
Real Incidents and Enforcement Pattern
The May 2026 Forestry Journal report on SMW Limited [S4] and the May 2026 Construction News report on Power Plane [S5] represent two enforcement actions published within three weeks of each other, both involving entanglement in rotating machinery where physical guard integrity or interlock function was found inadequate by HSE investigation. Both cases resulted in life-altering injuries and fines exceeding £90,000.
HSE enforcement data consistently shows that inadequate guard design or missing interlock validation appears in the majority of entanglement-related prosecutions under the Provision and Use of Work Equipment Regulations 1998 (PUWER), which mandate that dangerous parts of machinery be guarded to prevent contact (PUWER Regulation 11). ISO 13849-1 provides the technical methodology to demonstrate that SRP/CS achieve the risk reduction assumed in guard design — without that documentation, dutyholders cannot demonstrate PLr achievement even if physical guards are present.
Sourcing and Standards Integration
ISO 13849-1:2015 and ISO 13849-2:2012 are available through national standards bodies (BSI, DIN, ANSI) and form the normative reference for PUWER compliance documentation in the UK. The standard operates in conjunction with EN ISO 12100:2010 (risk assessment and risk reduction principles) and IEC 62061 (functional safety for machinery, which addresses the same domain using confidence of safety integrity levels rather than performance levels). [S5]
For collaborative robotics applications like the Dobot CR 30H Series evaluated by SGS [S1], ISO 10218-1:2025 and ISO/TS 15066 specify speed and separation monitoring functions that integrate with the SRP/CS architecture defined by ISO 13849-1 — a robot safety function achieving PLd must use Category 3 architecture regardless of whether the safety function is implemented in a safety plc, a robot controller safety bus, or a dedicated safety relay. The servo motor drives in such systems must also incorporate safety-rated feedback via a pressure sensor to verify safe operating conditions before motion is permitted.
A UK biomass contractor's June 2026 sentencing and a road-planing contractor's May 2026 sentencing both resulted from inadequate physical guarding that HSE investigation linked to absent or insufficient SRP/CS validation — the exact failure mode that ISO 13849-1's PLr matrix and Category structure are designed to eliminate when applied at the design stage.