1. Principles

• Safety Plan: One needs to firstly define the scope of the safety analysis, technical descriptions of the system(s) to be covered, and limits of use, and limits of liability, considering all possible levels of integration, life-cycle phases, initially foreseen misuses. Such information is usually placed in a Safety Plan, as part of the Safety File for the covered system(s)/machinery.
• Risk Assessment and Hazard Analysis: Functional safety begins with identifying potential hazards associated with the operation of autonomous haulage vehicles in underground environments. For further detail about existing risk assessment and hazard analysis standards, guidelines, case studies and papers, please visit Standards and Guidelines Case Studies and Papers
• Fail-Safe Design: Systems must be designed to fail safely to an expected probability that’s aligned to the risk assessment (backed up by solid calculations and valid data references). In the event of a hardware or software failure, the vehicle must be able to stop safely without causing damage or creating unsafe conditions. For instance, emergency braking systems are a crucial part of fail-safe design in autonomous vehicles.
• Architectural Principles:
  • Redundancy: Redundancy ensures that if one component fails, another can take over to maintain safe operations. This applies to sensors, communication systems, power supplies, and control systems. Redundant systems increase the reliability of the overall safety architecture
  • Diversity: Diversity is the practice of using dissimilar methods or technologies to achieve the same safety function, so a fault that disables one approach is unlikely to compromise the others. Monitoring and Diagnostics: Continuous monitoring of sensors, communication links, and system health is crucial to detect faults early. Autonomous systems need self-diagnostic capabilities to identify and respond to issues before they become safety hazards.
• Safety Integrity Level (SIL)/Performance Levels (PL): Functional safety systems are often categorized according to their Safety Integrity Level (SIL) or Performance Levels (PL), which define the required reliability of the system. Higher SIL/PL levels indicate stricter requirements for avoiding failures and ensuring safety. Because underground autonomous haulage systems involve frequent human‑machine proximity, severe potential consequences, and minimal opportunities to evade hazards, they typically demand higher Safety Integrity Level (SIL) or Performance Level (PL) classifications.
• Safety-Critical Software Design: The software that controls autonomous haulage vehicles must be developed using rigorous safety standards, such as ISO 13849 1/2 (functional safety for machinery). Safety-critical software undergoes extensive testing to ensure it can handle faults, interruptions, and unexpected conditions without causing unsafe behavior.

<aside> 💡

For additional information and links to specific standards, guidelines, and papers about functional safety, please visit Standards and Guidelines and Case Studies and Papers

</aside>

2. Mechanisms

Hardware

• Redundant and Diverse Sensors:
  • Autonomous vehicles rely on a range of sensors (LiDAR, radar, cameras, ultrasonic sensors) to perceive the environment. For functional safety, these sensors apply the principals of diversity and redundance to ensure that a single point of failure does not lead to loss of perception. If one sensor fails, another can provide critical data. This is all dependant on the required Control-System Category as designated in ISO 13849 1/2.
• Fail-Safe Actuators:
  • Actuators control the vehicle’s braking, steering, and acceleration. In the event of a failure, fail-safe actuators are designed to default to a safe state, such as braking to a stop or reducing speed. These systems are critical in ensuring the vehicle can avoid accidents in the event of hardware or software failure.
• Emergency Braking, Engine Shut-Down, and Runaway Prevention Systems:
  • Autonomous vehicles are equipped with emergency braking systems or engine shut-down systems that can be activated by the system itself or remotely by an operator. These systems are designed to bring the vehicle to a safe stop if a critical safety issue is detected, such as a sensor malfunction or communication breakdown.
• Backup Power Supplies:
  • Redundant power supplies ensure that critical safety systems, such as braking or communication systems, continue to operate even if the main power source fails. This is particularly important in underground environments, where power outages or equipment failures can occur due to harsh conditions.
• Proximity Sensors and Safety Shields:
  • Proximity sensors help prevent collisions by detecting nearby objects, vehicles, or personnel. Safety shields or virtual geofences can be established around autonomous vehicles to automatically slow down or stop the vehicle when anything enters the danger zone.