Safety related application

I have been asked to validate for European CE marking requirements, a system using
XBee®/XBee-PRO® ZB SMT RF Modules
Models: XBEE S2C, PRO S2C
Hardware: S2C
Firmware: 401x
to communicate stop/start, synchronisation and Emergency stop information between elements of an industrial lifting machine.
The European standard for the machine requires the wireless communication to have a reliability of EN13849 PLd or IEC 61508 SIL2.
Can these modules achieve this level of communication reliability and are they suitable for use in safety related applications?

The application is analogous to a wireless crane control pendant, but in this case there are four separate stations being controlled in synchronisation.

The obvious first answer is that no, Digi hasn’t (and won’t) get any form of SIL certifications. That is a very niche market and SIL certs are expensive.

However, safety certs support wireless and bus-protocols if the system functions in a suppression-of-shutdown mode (probably the wrong term). So for example, you’d need your wireless nodes to rapidly send signals with suitable high-quality checksum which prevent shutdown & allow operation. This way if ANY wireless signal is lost, the shutdown occurs.

So for example, if the user of 1 station pressed the START button, all 4 stations would then need to start or be sending their ‘we agree running is okay’ signals. If any of the 4 stations says stop - or fails to send a ‘running okay’ signal, than the crane stops.

This also means if one of the four stations is faulty, the crane should not move without some formal form of manual lock-out.

ZigBee probably isn’t suitable since you will have up to 5 seconds of ‘dead time’ without meaningful data messages during any route-maintenance. I would think someone pressing the stop button and the crane keeps running 5 seconds would be upset.

DigiMesh might be better, but I think one of the raw point-multi-point would be best (like the 802.15.4 or 868DP). These support broadcast and will have message jitter down closer to 50msec, not 5,000 msec.