Skip to main content
Skip table of contents

EUT05 - Advanced product safety & security

Product compliance

SOTO is fully compliant with the European Machinery Directive and is delivered with a CE marking from Magazino.

image-20240607-104634.png

Amongst all other relevant standards, SOTO fulfills all applicable requirements of:

DIN EN ISO 3691-4:2020-11

ISO 3691-4, "Industrial trucks - Safety requirements and verification - Part 4: Automated guided vehicles and their systems" is the most important international standard for automated guided vehicles (AGVs) and automated guided systems (AGS). It applies to manufacturers and operators.

Among other things, it defines the performance level requirements for the safety functions of AGVs and AMRs, including equipment for person detection, operating modes, and the braking system. It also describes the procedures for risk minimization and validation of automated functions to ensure the trouble-free and safe operation of AGVs and AMRs in their final installation environment.

Residual risks

Residual risks are risks posed by the robot that cannot be completely mitigated even by safe design, technical safeguards and organizational safety measures. Depending on their impact and risk of occurence, these risks have to be accepted.

From the risk analysis of SOTO there are 5 main residual risks that need to taken into consideration:

Muting of light curtains

Muting of the light curtain is necessary because the gripper needs to reach through the curtain at handover stations. The primary hazard is the upward and downward movement of the vertical axis, which creates a potential crushing risk.

To minimize these risks, SOTO mutes the respective light curtain only after the robot is successfully docked with the shelf and a safe sensor check against the reflective tape on the shelf docking compartment confirms that SOTO is in immediate proximity to the shelf. Additionally, the gripper is restricted to a limited range of movement once it extends out of the robot to further reduce risk.

Warning signs on all four sides of the robot indicate the hazard zone.

Areas with handover stations have to be marked as hazard zones, and personnel working in close proximity to the robot must be instructed not to reach into the area between the robot and the shelf during load handling.

Residual risk: Ignoring hazard area markers and instructions; inserting hands or limbs through the handover shelf or the light curtain while it is muted; coming into direct contact with the gripper or within 10cm of it, where harm can be caused by the vertical axis.

Vertically moving gripper

For performance reasons, the vertical axis that moves the gripper up and down needs to reach high speeds. The hazard area is easily accessible from all sides of the robot, which is why all openings are protected by light curtains.

If a light curtain is breached, the linear axis will perform an emergency stop. During upward movement, the linear axis will come to a complete standstill before a fast-moving object can reach the hazard zone. However, during downward movement, a fast-moving object can potentially reach the hazard zone before the linear axis stops completely. To reduce the risk of crushing between the gripper and the drive base of the robot, the maximum speed of the linear axis is reduced in the lower segment.

Personnel working in close proximity to the robot must be instructed not to reach into the robot during load handling, especially not at high speed.

Residual risk: Ignoring the hazard area markers and instructions; reaching into the robot at high speed during load handling.

Box in load carrier press falling down

When a load carrier is clamped inside the load carrier press and the conveyor gripper is moving downwards, the box could fall or tip over, causing its contents to spill. Additionally, the load carrier needs to be removed by hand from the press if an error occurs. The content, contamination, integrity, and weight distribution of the load carrier are unknown, creating a low residual risk.

To reduce this risk, the gripper always lowers to a maximum potential falling depth of 20 cm. This distance is ensured by a light curtain that measures the top of the load carrier.

Personnel working in close proximity to the robot must be instructed to pay special attention while a load carrier is being clamped, especially if they are attempting to recover the robot from an error by removing the load carrier from the press.

Residual risk: The load carrier might slip out of the press at any time, also during the rotation of the gripper, which might cause the box to tip over or fall out of the robot spilling its content. A person would need to ignore the instructions and a load carrier or its contents could fall towards them.

Fast driving robot

The robot can cross the travel paths of employees while driving in the working area. The maximum speed of the robot is 1.5 m/s.

The robot uses its laser scanners to measure its distance to objects at a height of 12 cm above floor level. In accordance with EN 3691-4, the robot will always decelerate to a complete standstill to avoid contact with obstacles. The robot assumes all obstacles are stationary.

All floor contamination within the working area of the robot must be removed before continuing operation. Personnel working in close proximity to the robot must be instructed not to approach the robot at high speed or step into the robot's path from a shaded area (i.e., out of the robot's field of view).

Residual risk: Floor contamination with water or oil may cause the wheels to lose friction, extending the braking distance. Ignoring instructions and moving towards the robot at high speed in the case of contamination may produce a risk of collision, depending on the person's speed.

Open Backpack

The backpack is open at all times. It contains gravity conveyors with a tilting mechanism, causing load carriers to move along the gravity conveyor of each compartment. Personnel can reach moving machine parts and moving load carriers inside the backpack.

To reduce the risk of contact, the backpack is protected by a light curtain that cannot be muted. The light curtain triggers an emergency stop when breached.

Personnel working in close proximity to the robot must be instructed not to reach into the backpack during normal operation. If the backpack needs to be accessed, ensure the robot is in a mode that prevents further backpack motion and that all load carriers have come to a complete standstill.

Residual risk: The tilting mechanism of the gravity conveyors causes boxes to roll down in a controlled motion; ignoring instructions and reaching between the backpack stopper will breach the light curtain but not prevent a crushing hazard, as the boxes cannot be stopped by the conveyors.

Limitations

Limitations describe technical limitations of the system, that if not known could result in damage to the robot and its surroundings.

Floor level detection

The bottom laser scanner can detect obstacles at a height of 12 cm, while the 3D camera in the driving direction can detect obstacles at a height of 7 cm above floor level. Obstacles below or above this level cannot be detected safely. 

Typical hazards include:

  • Resting forklifts

Personnel operating manual forklifts must ensure that the forklifts are not parked within the working area of the robot. SOTO cannot detect forks on the floor and will cause a collision if the forks are within its path.

Raised level detection

At levels above the laser scanner detection plane only the 3D cameras in driving direction can detect obstacles. However, the 3D cameras can only detect obstacles of a certain size.

Typical hazards are:

  • Protruding objects above the floor (i.e., thin objects sticking out of shelves)

  • Protruding objects that could cause a collision when the robot drives sideways (i.e., objects sticking out of shelves or machines)

Personnel working in close proximity to the robot must pay attention to obstacles outside of SOTO's detection range within the working area. All obstacles that could cause a collision should be removed before resuming operation.

Forseeable misuse

SOTO shall only be operated within its specifications at all times, i.e., the intended environmental conditions, load carriers, weight limits, etc.

image-20240610-144122.png

The gamepad controller can entice staff to play with the robot. As much as we enjoy seeing our customers having fun with the robot, SOTO is not a toy. Uncareful operation of the robot in manual mode can cause damage to the robot and its surroundings.

Restrict access to the robot PIN to stop employees from moving the robot manually.

Fire protection

image-20240610-150401.png

SOTO needs to be connected to a fire alarm to ensure it does not block any escape routes in the event of a fire emergency.

The connection to the fire alarm is monitored by the system.

In the event of a fire alarm, SOTO will terminate its current transport order and move towards a defined parking position.

Data security

The robot generates data which is potentially stored and uploaded to external Magazino servers. This can also involve personal data, albeit in unlikely circumstances, i.e., employee body parts being visible in camera images used for box tracking.

Magazino is ISO27001 certified and employs a comprehensive security framework to ensure the protection and integrity of customer data. Access is restricted to a select group of Magazino employees who are trained to identify and appropriately handle personal data, ensuring it is removed as necessary.

The full list of data that is generated, stored, and processed by the system can be found in the SOTO datasheet, which outlines the rationale for data collection, storage period, and security measures employed to protect the data.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close