News

May 04, 2023

Contactors & Safety

The concept of domestic smart load management will become standard practice. Why

The concept of domestic smart load management will become standard practice. Why ? – simply because we do not have the storage capacity / flexibility to manage peak demand in the electrical national grid, in the same way that we currently have with mains gas and oil based fuels, even allowing for local generation, prosumers etc. This implies a cost model that reflects when you use / take your electricity, requiring a higher degree of management and control over existing power demand for each consumer.

The concept of decentralised control using smart appliances with a master controller is simple to implement in new builds. Existing installations and appliances could utilise a centralised control panel for selecting circuits, based on the availability / cost of supply at the time of use.

The net result, increased use of contactors (power relays) to provide discrete switching functions for specific appliances and or circuits. e.g. similar to today's dynamic load management in EV chargers which rely on a contactor for basic functionality.

Best practice circuit designs utilizing contactors to provide safety functions, take into account the recognised failure modes of a contactor and the associated control circuit. Existing standards cover this - examples given below:

BSEN 61508 (Functional Safety) standard for application standards such as BSEN 62061-1 (Functional Safety of Machines) and BSEN IEC 61851-1 (EV charging systems) where specific elements of the electrical control system provide a safety function. For example in an EV charger, checking the presences of the PE conductor before starting the charging cycle. The design risk assessment determines the performance design of the control system and products used to stop or remove the hazard.

Emergency Stop: Removing or stopping a non-electrical hazard specifically related to moving parts of a machine; crushing, shearing, entangling, trapping etc. The electrical supply must not be removed, if it creates additional hazards e.g. removing electrical braking on high inertia loads.

In fig 1: A single fault with the equipment could result in the loss of the safety function e.g. contactor contacts remain closed when you operate the E/stop i.e. the hardware fault tolerance (HFT) = 0. This level of performance may be adequate for minor reversable injuries such as bruising but not for irreversible injuries.

To meet the safety objectives of the relevant Directives / Regulations, the designer would have to consider additional measures e.g. fault monitoring, fault reaction, hardware redundancy based on the risk / hazard.

Emergency Switching Off:* Removing an electrical hazard related to the supply voltage

BS EN 60204-1 (Safety of Machines): Specifies the use of appropriate equipment, which latches OFF when operated, including an authorised action following checks, before re-connection of the supply.

* Electricity at Work Regs 1989 Guidance Note (2) 35: 230v AC is classified as "Fatally Dangerous"

BS7671 537.3.3 (Disconnecting the supply to all or part of an installation): Devices for emergency switchingoff must be readily accessible in a location close to the danger - see 537.3.3.6 and be capable of latching in the Off Position, if the means of switching off and on again are not within the control of the same person – see 537.3.3.7

Example. The controls for this domestic heat pump are located inside the property and not within the reach of someone working on the equipment outside. An on-load switch capable of breaking the stalled motor current must be located near the equipment for the purposes of safe isolation.

The Electrical Equipment (Safety) Regulations 2016 detail specific safety objectives. To meet these objectives manufacturers normally design equipment on the bases of designated standards or use existing reference standards (best practice) for non-standardised equipment. Existing standards and best practice can be applied to support the Designer's basic safety case for the product risk assessment and equipment design - reference Schedule 2 (2. d).

Electrical Equipment not covered by a specific design standard must still comply with the Electrical Equipment Safety Regulations: Application example Single phase PME supply for EV charging (BS 7671 722.411.4.1) - i.e. electrical disconnection in the event of an open-circuit neutral fault. Refer to Note 5 of the above clause, which goes on to state ;

"..it is the responsibility of the electrical installation designer or other person responsible for specifying the installation to establish that the manufacturer of the equipment has ensured that the equipment satisfies the safety objectives of the relevant Directive(s).."

The equipment described in 722.411.4.1 (iii), (iv), (v) does not have a specific product design standard. However, existing safety standards cover design principles for safety related functionality using contactors.

BSEN 60947-4 (Electro-mechanical contactors) Annex K; provides Information on common failure modes and failure ratios, for use in the design of equipment utilizing contactors in functional safety applications e.g. switching the live, neutral and earth conductor to remove an electrical hazard in case of an open-circuit neutral fault. Designs that rely solely on a contactor armature opening and disconnecting a circuit after energization for weeks, months or even years have a high probability of failure to open - see details below.

Safe equipment design for domestic applications takes into account that the person responsible for the day-to-day safe operation of the equipment is an "Ordinary Person."

BS7671 Table 537.4 makes refence to BSEN 60947-4; contactors suitable for mounting in a fully enclosed item of equipment or enclosure and BSEN 61095; contactors restricted to < 63A and Iq* < 6kA suitable for mounting in a modular enclosure. A contactor can be tested to meet both standards - refer to the manufacturer's technical data.

*Iq = rated conditional short circuit current of the contactor + SCPD

BSEN 60947-4 Annex K: Contactors for use in safety related applications (BSEN 61095 is not applicable) e.g. BSEN IEC 61851-1 requires that contactors meet 60947-4.

Annex K clause K.3 covers characterization of a failure mode and table K.1 gives the typical failure modes of normally open contactors. Clause K.4 covers the typical failure ratios (table K.2) and states "the hardware fault tolerance (HFT) for one contactor is generally zero." For design purposes, levels of HFT are defined in BSEN 61508 e.g. equipment with an HFT = 0 cannot tolerate a single dangerous failure – see first example table K.1 below

Typical failure ratios (F) given in Table K.2 relate to a specific utilization category, however it is important to note that the "failure to open" ratio is 73%* for on load operation and 50%* for mechanical operation (off load.)

* Typical values based on a range of electro-mechanical contactor

If the contactor failure mode could result in a hazardous situation and the failure ratio > 40% as in the case above, 60947-4 refers to the use of a diagnostic function with an appropriate fault reaction function – example: BSEN IEC 61851-1 (EV supply equipment) 6.3.1.1 requires mandatory control pilot functions, including energization and de-energization of the power supply to the EV i.e. monitoring the opening and closing of the contactor for each charging cycle. This increases the probability of identifying a fault before the equipment is called on to provide an additional safety function, for example if the equipment includes open-circuit neutral fault monitoring.

The use of mirror* auxiliary contacts to provide diagnostic feedback via the electrical control system, gives a recognised (standardised) method of detecting that a contactor has failed to open at the end of the completed cycle.

* Mirror contact: Auxiliary contact mechanically linked with a power contact to reliably replicate the status of the power contacts – 60947-4 Annex F

In practice there are a number of reasons why a contactor could fail to open, two examples see below:

61095 specifies that in the event of a fault, co-ordination with the protection device should produce no dangerous effects during fault clearance. The risk of welded contacts is accepted, and the contactor may not be suitable for further use i.e. replace the contactor before returning the equipment to service.

60947-4 specifies two levels (Types) of co-ordination. In the event of a fault, both types of co-ordination accept the risk of welding of the main contacts: Type 1 co-ordination; similar to 61095, replace the contactor before returning the equipment to service. Type 2 co-ordination; the contactor should be suitable for further use, refer to the manufacturer's instructions for advice on how to check this, before returning it to service.

Resetting an MCB or replacing a fuse before checking the contactor for welded contacts , could result in a live circuit downstream of the contactor with the coil supply disconnected.

Both standards refer to continues duty (contactor energised), as being the time taken while carrying a steady current long enough for the contactor contacts and the magnetic circuit, when energised at its nominal (100%) control supply voltage, to reach thermal equilibrium, but not for more than 8 hours without deenergising the contactor. Contactor magnetic circuits energised for extended periods, may be subject to sustained low levels of overvoltage. Overheating in the magnet system can result in the armature remaining closed on removal of the coil supply.

See BS 7671 Table 537.4: Main contacts suitable for isolation - see 537.2.4, 537.3.3.6 and 537.3.7:

The wording of Regulations encompasses innovative technology and maintain safe standards of design. In situations where there is no existing equipment standard, generic safety standards give advice on how to develop and design safe equipment when applying existing products.

Making a technical decision about any product requires an understanding of the risks associated with that particular solution. We should be clear on the justification for that solution. Existing safety standards give recommendations on how to apply contactors in functional safety applications. Regular operation of the equipment (opening and closing of the contactor) combined with a diagnostic control system (using the contactor's mirror contacts) and a fault reaction function (system lock out, alarm, maintenance etc) enable the early identification of dangerous faults, increasing the safety reliability of the equipment. EV charger design standards already consider functional safety requirements in the basic design and consequently the design feature - electrical disconnection in the event of an open-circuit neutral fault built into the EV chargepoint, can be verified by reference to the existing standard 61851-1.

Contactors are designed to operate regularly (open & close) providing a simple and reliable method of remotely switching electrical loads on a regular basis. When using them in safety related applications, we should take note of the advice given in the contactor product standard 60947-4 and existing safety standards.

Chaz Andrews – Technical Manager, Doepke UK Ltd

[email protected] or www.doepke.co.uk