When it comes to robot safety and the standardization of industrial automation, Roberta Nelson Shea is one of the best-known people in the space.
She has served on numerous standards boards and committees for the Robotics Industries Association (now the Association for Advancing Automation or A3), the American National Standards Institute (ANSI), and the International Organization for Standardization (ISO).
Nelson Shea currently serves as the global technical compliance officer at Universal Robots.
Last week, she received an Engelberger Award at this year's Automate Show in Detroit. The award is named after Joseph F. Engelberger, who is considered “the founding force behind industrial robotics,” according to A3. The award is among the highest that one can receive in robotics. A3 said it recognized Nelson Shea the honor for her work in advancing robot safety.
Robotics 24/7 spoke with Nelson Shea about the latest developments in robotic safety and where she sees the industry heading. This interview has been edited for clarity and brevity.
What advancements have you seen in robot safety since you helped introduce ISO/TS 15066, the first safety document defining human-robot collaboration?
Nelson Shea: There was a preceding document ISO 10218 Part 1 and Part 2, which talked about features in order to get a collaborative application, but they needed 15066. So, we started off with something very vague and came out with 15066, which helped but didn't answer all the questions.
With the topic of collaborative, we stepped out on a limb as it relates to safety standards. Safety standards are really meant to talk about what exists because you know what's out there. You know what the problems are within robot standardization world, and I was the convenor chair of that group before 15066.
But with that activity, we said, “Why do you have to have guards and protective devices if the robot application won't hurt you?” That's where we came from, but nobody was using anything that way. It didn't exist, so we came up with a concept and this was really not typical.
It was a good thing because minds suddenly exploded and said, “This is really cool; what can be developed around it?” and that actually was the starting point for Universal Robots. Their first robots came out before the 2011 publication of the last 10218. UR was involved in the standards development where we talked about it, and it was talked about in the 2006 document.
It was almost like spreading seed on the dirt. Things cropped up, and then we said, “We don't have a lawn mower.” We came out with 15066 to give some more information, and we still have more to do about it. But I will say in putting forth the concept and trying to frame safety around it, all of a sudden, a lot of development work by robotics manufacturers and integrators occurred.
The reality is, to build safety into any given sort of machine, it costs money. If a robot manufacturer has a notion that there is no market for it, why spend money on development? Let's be realistic. We don't have nuclear-powered appliances. There isn't a market for it.
In this case, we almost created a market before we had products for it. A lot of stuff has happened, and the robot safety standards are being updated right now. They have been submitted to the ISO to go to final balloting. Within that, there is a lot greater clarity about what do you have to do in the robot so that it has features that can be used, and what is absolutely required of building a collaborative application.
I think in 2023 and 2024 we will come out with good updated standards to talk about the “collaborative” subject we brought up in 2005. However, I'm not aware of any incidents with collaborative applications using robots.
For all of the horse escaping the barn [with ISO 10218:2011 and 15066], I think this has been a good thing because it has fueled all sorts of applications without putting people in danger. We have learned tremendously because we only learn what to standardize when people are using something.
So if we don't get people using it, how do we learn what we need to standardize? It ended up working out very well. But I will tell you, it's counter to what we are supposed to do in safety standards.
You mentioned that a new ISO 10218 iteration is moving through the ISO process. How much of that was you filling in the gaps and explaining things more clearly, and how much of it is the technology catching up to the vision of eight years ago?
Nelson Shea: It's a combination of both. … There's a concept called functional safety, whch means that you will have a safety function that is identified, has a specific purpose, and if it fails, there's an increased risk to a person.
A good example of that is that you can have speed limiting as a safety function. You [can] say, “This machine, in this situation, must go no faster than x speed.” … You have sensors that monitor that safety. And if you are approaching that speed, you either lower it, or you cause it to shut down immediately.
And that safety function has to meet particular safety standards, which incorporate monitoring, being able to signal the intended reaction—stop— in a variety of different ways or signal the output, and reliability. It's a three-legged stool of reliability, the architecture of the circuitry, and the diagnostic coverage of things not working as they should.
In the 2011 document, we gave a little detail about it. The 2011 document only has an absolute requirement for two safety functions. As the writers, we thought that we were requiring more, but we didn’t make explicit statements. Go forward a few years, and we all looked at each other and said, “Crapola, look at all we didn't include.”
It's a combination of all us learning more about functional safety. At the time we started this, functional safety as a topic globally was really quite new, but not as new in Europe. The classic thing is that everybody's comfortable in what they know and not as comfortable in what they don't, so the transition was tough.
Over the past 10 years, we've made a enormous transition from a very simplistic way of “How do you have safety circuity?” to “How do you have potentially very complex safety functions that have a very high degree of safety reliability?” and implementing them.
Robot manufacturers have become much more sophisticated. You have more coders working on developing safety software, with electronics and all sorts of other things. … So the new standard, we are going from having two required safety functions to there being almost on the order of 25, and maybe another 15-plus that are optional.
When we speak about robotic safety standards, we seem to focus on industrial automation. Now that robots are entering into different industries such as fast food and delivery services, how are those spaces taken into account when you write these safety documents?
Nelson Shea: It's really, really super tough. If you are talking about it being in a workplace, if you think industrial, think workplace, the industrial safety standards can still apply.
The big thing about the workplace is that the people that are going to be near robots are considered working age, meaning they are given training. They're given safety operating procedures, even someone working the fryolator. You have instructions. You have particular clothing you have to wear, and they are at least working age, although that age could be 16.
All of our global standards give a lot of data about anthropometrics for a variety of different ages, but in particular in the workplace, it's considered 14 years and older. We understand what the likely hand sizes would be, finger sizes, leg lengths, feet, and so forth.
Where we get into problems is the open public. There is a safety standard that already exists. It's an international standard. It's ISO 13482, and that's for service robots. I will tell you there's very few real applications because as soon as you get into that sector, you have to really define exactly the application and the robot is absolutely designed for that.
It's not like in the industrial area where you've got a manipulator then you figure out how you want to use it. This is “I'm going to use it as a pill delivery cart in a hospital” and get it designed for that purpose and intended use. And then it [the pill delivery cart] gets designed for the fact that you can have wheelchairs [in the same space]. It gets designed for the fact that you could have people with walkers. It's designed for the fact that you have children.
And that's the reality in a public setting. You have all sorts of people that have no training, no knowledge, they expect it all to work, and they won't get hurt. So, it's a really complex topic. And there's a lot more safety standardization effort going into it.
So, in the ISO revision of the service robot standard, they jettisoned one topic that was in the existing edition. They're trying to write an updated standard for a couple of specific uses and stated requirements.
These standards are voluntary. Why?
Nelson Shea: In order to have any change to OSHA [the Occupational Safety and Health Administration], you need an act of Congress, and look at how well it works right now. So that's one answer.
The other one is that OSHA operates from the vantage point of market demand. Many years ago, Jeff Fryman, who used to be the standards director at what was RIA, now A3, and I went to OSHA requesting they adopt R15.06. This was the 1999 edition, before we went to ISO.
OSHA said, “Robots are not our problem. We have so many bigger fish to fry. Here's our top 10. Here's the list that we work off of, and the numbers of people killed and maimed. Robots are not our problem.”
They said to Jeff and me, “Your industry is doing what it should be doing. It should be writing standards and pushing out what's needed. You've been doing it. Keep doing it.”
In Europe, they have the machinery directive, and that's turning into a regulation. It's law—there's no way about it in Europe in the next couple of years. … In Europe, they have required a review by their own experts as to whether the standard does comply with the machinery directive.
That doesn't exist elsewhere in the world, to be very truthful. The closest is the province of Ontario in Canada, and other provinces are getting more strict. Ontario requires that machinery has to be reviewed by a professional engineer, and the engineer has to evaluate a machine or a large automation cell to all the applicable standards.
In Canada, the standard is whatever is the state of the art at the moment. It could be Canadian. It could be international. It could be European.
The engineer reviews code, circuitry, and complete layout designs. When the engineer signs off, they sign off on personal liability. That's even more stringent than the machinery directive because in Ontario, they do a review of the design, give changes, and provisionally approve. Then they are required to go in and review as installed - before final approval of the machinery. They don't do that in Europe.