Mobile Robot Safety Standards: Understanding ISO 3691-4 (Driverless Industrial Trucks) and ANSI/RIA R15.08 (Industrial Mobile Robots) Implementation

Feb 25, 2025

Mobile robots are transforming manufacturing and logistics, but their growing presence alongside human workers creates real safety challenges. The old approach of simply separating humans and machines with fences doesn't work when AGVs need to navigate dynamic workspaces. Two standards address this head-on: ISO 3691-4 and ANSI/RIA R15.08. They each provide a technical framework for safe human-robot interaction in modern facilities.  3691-4 is particularly important today because the very recently published ISO 10218 2025 series explicitly defers to it for all mobility characteristics of mobile manipulators in the industrial setting, even where it applies to the actual manipulation behaviors.

A SHIFTING LANDSCAPE IN SAFETY STANDARDS

Traditionally, CE marking in European markets has been anchored by a range of ISO, IEC, and EN standards, while ANSI/RIA standards have guided North American implementations. However, the mobile robotics industry is witnessing a shift: many American buyers are now requiring compliance with stricter safety protocols, which, in the case of IMRs, may reference ISO 3691-4 vs. ANSI/RIA R15.08. This trend underscores a broader push toward higher safety benchmarks worldwide, driven by the more stringent elements found in these combined standards frameworks. Furthermore, an increasing number of “gray area” Type C IMRs, such as autonomous forklifts, are governed by ISO 3691-4 vs. ANSI/ITSDF B56.5:2024 (Guided Industrial Vehicles = AGVs), as discussed in these Robot Safety FAQs from A3.

EVOLUTION OF SAFETY STANDARDS: FROM EN 1525 TO ISO 3691-4

From TÜV Rheinland whitepaper on ISO 3691-4

The path to ISO 3691-4 marks more than just a new standard - it represents a fundamental shift in how we think about automation safety. Where its predecessor, EN 1525, provided basic guidelines, ISO 3691-4 builds a complete safety architecture that addresses the complexities of modern industrial environments.

PRIMARY SAFETY CONTROL (PLd)

Some safety-critical functions outlined in ISO 3691-4 (see Table 3 in ISO 3691-4) may require Performance Level d (PLd per ISO 13849)—akin to a safety net made of steel cables. When a function does require PLd, it typically involves:

  • Dedicated safety controllers with redundant processing

  • Response times specifications for critical functions

  • Independent monitoring systems

  • Comprehensive fault detection

  • Generally, sufficiently high MTTFd (Mean Time to Dangerous Failure)/low PFH (Probability of Failures per Hour) to preclude many potential off-the-shelf virtual guarding solutions, requiring greater redundancy and reliance on higher performance and reliability sensors and processors.

ZONE MANAGEMENT: A NEW GEOGRAPHY OF SAFETY

The standard divides operational spaces into three distinct zones, each with specific requirements:

Operating Zone

  • Active personnel detection with PLd protection

  • Specific clearance requirements from Table A.1

  • Full sensor coverage

  • Defined automatic restart protocols

Restricted Zone

  • Speed-limited operation during muted detection

  • Enhanced protective field requirements

  • Mandatory warning systems

  • Specific movement protocols

Confined Zone

  • Physical barrier requirements

  • Interlocked access systems

  • Risk-based speed controls

  • Barrier integrity specifications

Dynamically defining your zones based on mathematical interpretation of hazards is an emerging, highly effective methodology that modern vendors like 3Laws Robotics support well!

ANSI/RIA R15.08: SETTING THE STANDARD FOR MOBILE ROBOT SAFETY

While ISO 3691-4 provides global requirements for driverless industrial trucks, R15.08 specifically addresses industrial mobile robots and their unique safety considerations. More specifically, R15.08-1 provides broader interpretative flexibility and accommodates unique safety considerations, recognizing that a robot may serve more functions than just traditional material handling or transport.  The standard consists of three complementary parts:

R15.08-1: BASE ROBOT SAFETY REQUIREMENTS (Robot Manufacturer Requirements)

This foundational part focuses on the robot itself:

  • Core safety requirements for the mobile robot platform

  • Systematically identify hazards, estimate associated risks, and incorporate risk reduction measures into the design: this part is so important that we’ve written a section specifically on this topic below!

  • Specifications for safety-critical systems including:

    •   Emergency stop functions

    •   Personnel detection capabilities

    •   Safety-rated monitored stops

  • Requirements for stability monitoring and control

  • Safety circuit architecture specifications

R15.08-2: INTEGRATION AND SYSTEM REQUIREMENTS (For System Integrators and End-users)

Moving beyond the robot to the complete system:

  • Integration guidelines for facility deployment

  • Specifications for:

    • Work cell design

    • Traffic management

    • Multi-robot coordination

  • Risk assessment methodologies considering the specific deployment environment

  • Integration with facility safety systems

  • Requirements for safety-rated control systems

R15.08-3: APPLICATION-SPECIFIC REQUIREMENTS 

Addressing real-world deployment scenarios:

  • Task-specific safety considerations

  • Environmental factors and their impact on safety

  • Requirements for special applications

  • Supplementary safeguarding measures

Risk Assessment Process in R15.08-1

The ANSI/RIA R15.08-1 standard emphasizes a structured approach to hazard identification and risk assessment tailored to industrial mobile robots (IMRs). Since IMRs operate in dynamic environments with human interaction, the risk assessment process must account for both intentional and unintentional interactions.

Key Considerations in Risk Assessment

A thorough risk assessment for IMRs should consider the following elements​:

  1. Intentional Operator-Machine Interaction

    • Space mapping and localization strategies

    • Teaching and collaborative operation requirements

    • Loading, unloading, and tool-changing processes

    • Routine maintenance, troubleshooting, and cleaning

  2. Unintentional Personnel-Machine Interaction

    • Potential for collisions in shared workspaces

    • Human visibility concerns when IMRs are in motion

    • The impact of pedestrian movement on robot path planning

  3. Interfaces and Interactions with Other Equipment

    • Docking, manipulation, and load transfer protocols

    • Ensuring compatibility with facility safety mechanisms

  4. Failure Modes and Unexpected Events

    • Unexpected start-up scenarios

    • Loss of power, loss of localization, or sensor malfunctions

    • Failures in onboard control systems

    • The impact of fleet management software failures

  5. Environmental Hazards

    • Obstacles such as overhanging objects, narrow columns, or floor grates

    • Confined and restricted zones with specific clearance requirements

    • Interactions with other autonomous or human-driven vehicles

  6. Foreseeable Misuse

    • Potential for improper operation by personnel

    • Risks arising from software modifications or unauthorized changes

Struggling to identify a comprehensive list of hazards that apply to your machine and environment?  Saphira AI can help suggest these based on industry best practices and your available design and validation information!

Risk Reduction Process

Once hazards have been identified, risk reduction follows an iterative approach, as outlined in Figure 4.1 of R15.08-1​:

  1. Elimination by Design

    • Prioritizing inherent safety through mechanical design improvements

    • Removing hazardous features where possible

  2. Substitution and Engineering Controls

    • Using redundant safety sensors for collision avoidance

    • Implementing speed limitation and path monitoring

    • Requiring safety-rated emergency stops and protective zones

  3. Protective Devices and Safeguards

    • Installing barriers, laser scanners, and light curtains in high-risk areas

    • Defining safe zones and restricted areas through geofencing

  4. Training and Administrative Controls

    • Establishing operator training programs for safe IMR interaction

    • Deploying clear signage and warning systems in shared workspaces

  5. Validation and Continuous Improvement

    • Conducting periodic hazard reviews based on real-world operational data

    • Implementing fleet-wide safety updates to address emerging risks

Saphira AI can also recommend the best risk reduction approaches based on our comprehensive database!

Severity Classification in R15.08

Unlike ISO 3691-4, which primarily uses a two-tier system (S1/S2) for safety-critical functions, R15.08-1 employs a four-tier severity classification​:

  • S1: Minor injuries (e.g., bruises, minor cuts)

  • S2: Reversible injuries requiring medical treatment

  • S3: Severe injuries causing permanent damage

  • S4: Fatal or life-threatening hazards

Each risk is further evaluated based on probability, exposure frequency, and avoidance feasibility, leading to a structured risk-reduction strategy.

Risk Assessment in Fleet Operations

For IMRs operating as part of a fleet, additional risk assessment considerations include​:

  • Fleet-wide safety protocols, such as emergency stop coordination

  • Automated traffic control systems to avoid IMR-to-IMR collisions

  • Compatibility validation between IMRs and fleet management software

Fleets start to look like IMR Systems, for which R15.08-2 outlines great Parameters & Thresholds for Safety Functions; please see this excellent presentation by Chris Soranno at SICK on this topic for further details.

HARMONIZATION BETWEEN STANDARDS

These standards complement each other in several key areas:

Safety Functions

  • R15.08 builds on ISO 3691-4's foundational requirements by introducing additional flexibility

  • Shared emphasis on personnel detection and speed control

  • Compatible approaches to emergency stopping


Risk Assessment

  • R15.08 employs a four-tier severity classification (from negligible to catastrophic, as discussed above) with detailed probability factors for mobile machinery, while ISO 13849-1 uses a simpler two-tier system (S1/S2) applicable to general machinery control systems.  Evolving your procedures to match these changes is a challenge that can be tackled well with automation!  Check out Saphira to learn more about this!

  • Both standards use consistent risk evaluation approaches

  • Complementary hazard identification processes

  • Aligned risk reduction strategies


System Integration

  • Both support integrated safety architectures

  • Compatible approaches to safety system validation

  • Harmonized documentation requirements

Operational Considerations

  • Consistent approach to different operating modes

  • Compatible traffic management principles

  • Aligned maintenance and inspection requirements

  • Coordinated emergency response procedures

PRACTICAL IMPLEMENTATION

In practice, these standards work together to create a comprehensive safety framework:

BASE SAFETY ARCHITECTURE

  • ISO 3691-4 establishes fundamental safety requirements

  • R15.08 adds mobile robot-specific implementations

  • Combined guidance for safety system design

  • Integrated approach to protective measures

SYSTEM-LEVEL SAFETY

  • Coordinated requirements for facility integration

  • Comprehensive risk assessment framework

  • Clear guidance for safety system validation

  • Structured approach to safety documentation

THE PATH FORWARD

These standards do more than mandate safety requirements – they enable innovation. By providing a clear framework for human-robot collaboration, they pave the way for increasingly sophisticated automation while ensuring worker safety remains paramount.

As manufacturing evolves toward more flexible and efficient operations, these standards ensure that safety and innovation advance together. The growing adoption of ISO 3691-4 in North American markets alongside R15.08 demonstrates how the industry is moving toward the highest available safety standards, regardless of geographical boundaries. This convergence creates a robust foundation for true human-robot collaboration, where safety isn't a barrier to progress but an enabler of it.

From earlier linked TÜV Rheinland whitepaper

Looking for the simplest system to coordinate your entire ISO 3691-4 or ANSI/RIA R15.08 conformity, compliance, and certification process, from performing your Hazard Analysis & Risk Assessment (HARA) to generating your Safety Requirements Specification (SRS) to producing final Compliance Cases for notified bodies like TÜV, UL, or Intertek, all with continuous feedback and automated suggestions from safe, responsible AI?  Check out Saphira, and reach out to contact@saphira.ai to get started with help directly from the founders!

Note: For specific metrics, clearances, and technical requirements, please refer to the official ISO 3691-4 and ANSI/RIA R15.08 standards documentation.

Functional Safety for Humanoid Robots ›