Traditional industrial robots operate inside cages for a reason. A six-axis arm swinging a welding torch at full speed carries enough kinetic energy to cause serious injury, and the physical barrier ensures that humans and machines never share the same space at the same time.

Collaborative robots, or cobots, throw out this assumption. They share workspace with human operators, often within arm's reach, and they do it without fences. This is only possible because of a layered system of safety functions, certified sensors, and control architectures that monitor the robot's behaviour continuously.

Understanding how cobots achieve this requires looking at three intertwined elements: the safety functions defined in modern robotics standards, the sensor technologies that feed those functions with real-time data, and the regulatory framework that ensures these systems behave predictably when something goes wrong.

Collaborative operation is not a single mode but a collection of safety functions, each addressing a different risk scenario. The four primary functions defined in ISO 10218 and TS 15066 are safety-rated monitored stop (SMS), hand guiding, speed and separation monitoring (SSM), and power and force limiting (PFL). Each function uses different inputs and produces different protective behaviours.

Safety-rated monitored stop holds the robot stationary while a human is in the workspace, but unlike a traditional emergency stop, the drives remain energised. The robot can resume motion automatically once the operator leaves the monitored zone, eliminating the need for manual reset and dramatically improving cycle time in shared workflows.

Speed and separation monitoring continuously calculates the distance between the robot and the nearest human, then modulates robot velocity to maintain a protective separation distance. As a person approaches, the robot slows. If separation drops below a threshold, the robot executes a category 2 stop. The math behind this involves stopping distance, sensor latency, and human approach speed, typically assumed at 1.6 m/s for walking.

Power and force limiting takes a fundamentally different approach. Rather than avoiding contact, the robot is designed so that any contact remains below biomechanical injury thresholds. This requires joint torque sensing, low-inertia mechanical design, and rounded surfaces. The robot can touch a human, it just cannot hurt them.

Takeaway

Safety in collaborative robotics is not about preventing all contact, but about engineering the system so that whatever happens, the outcome stays within acceptable physical limits.

Safety functions are only as reliable as the sensors feeding them. Safety-rated laser area scanners are the workhorses of speed and separation monitoring. Devices like the SICK microScan3 or Keyence SZ-V project a horizontal plane of light, detect intrusions within configurable zones, and communicate zone status to the robot controller over safety fieldbuses such as PROFIsafe or CIP Safety.

Light curtains create vertical planes of protection, typically at the boundary of a work cell or around a hazardous fixture. They offer faster response than scanners and finer resolution, often down to 14 mm to detect finger intrusion. Safety mats, while older technology, still serve well for floor-level presence detection where laser scanners might be obstructed by pallets or fixtures.

For power and force limiting, the sensing happens inside the robot itself. Joint torque sensors, often based on strain gauges or capacitive measurement, detect external forces by comparing expected torque from the dynamic model with actual measured torque. A deviation indicates contact. Universal Robots and Franka Emika both rely heavily on this approach.

The critical engineering principle is that every safety sensor must be dual-channel and self-diagnostic, achieving at least PLd or SIL 2 per ISO 13849 or IEC 62061. A single sensor failure cannot result in loss of the safety function. This redundancy is what separates a safety device from a process sensor.

Takeaway

A sensor is not a safety sensor unless it can detect its own failure. Diagnostic coverage, not just detection capability, is what defines safety-rated hardware.

ISO 10218 parts 1 and 2 define the safety requirements for industrial robots and robot systems, covering everything from electrical design to integration. Part 1 addresses the robot itself, while Part 2 covers the integrated system including peripherals, end effectors, and workspace layout. Both parts apply to all industrial robots, collaborative or not.

ISO/TS 15066 is the specification that fills in the gap for collaborative operation specifically. It provides the biomechanical data, contact pressure thresholds, and methodology for validating power and force limited applications. The document includes a body-region map specifying maximum allowable pressure and force for transient and quasi-static contact on different anatomical zones.

Compliance is demonstrated through a formal risk assessment, typically following ISO 12100. The integrator identifies hazards, estimates risk, and selects safety measures from the available functions. The chosen measures must reduce residual risk to acceptable levels, and the validation process must be documented and repeatable.

Crucially, the cobot itself is not inherently safe. The application is what gets certified, not the robot. A cobot fitted with a sharp deburring tool moving at high speed in an unguarded cell is no longer a collaborative application. Standards compliance is a property of the integrated system, including end effector, workpiece, and task.

Takeaway

Safety certification follows the application, not the hardware. The same robot can be safe in one cell and dangerous in another depending on what it holds and what it does.

Collaborative robotics works because of a deliberate layering of mechanical design, sensing, control logic, and standards compliance. Remove any one layer and the system stops being safe.

For engineers designing cobot applications, the lesson is to think systemically. The robot specification is a starting point, but the real safety work happens in selecting appropriate functions, integrating certified sensors, and documenting the risk assessment.

The cage came down not because robots became gentler, but because we learned to monitor them precisely. Safety is now a function of information, not isolation.