1.1.3 Defining operating scenarios

1.1.3 Practical guidance - manufacturing

Authors: Giuseppe Fogliazza, Luigi Calegari, Adriano Scibilia, Nicola Pedrocchi (RECOLL demonstrator project)


Robot safety technologies have grown remarkably in recent years (e.g. robots able to provide force limitation for stopping in case of accidental contacts) providing the building blocks of technical protection measures at product level (e.g. ISO 10218, ISO/TS15066 standards for robot safety) [1-4]. The procedures for analysing and validating such protection measures are, however, a manual (e.g. documental), time-intensive activity dedicated to a single application. All variants in “use limits” need to be thoroughly assessed.

The discussion in [5] identifies the following potential sources of scenarios:

  • expert knowledge ISO/TC 299 Robotics
  • pre-existing scenario repositories (both from R&D projects and from industry)
  • data recorded from sensor-equipped RAS that allows for a proper risk evaluation, following dynamic approaches

Approach adopted on RECOLL project

The approach followed in RECOLL has been led by the ISO1028/TS15066, and it has been focused on the identification of all the sets of sensors and robot-rules that can ensure the safety in both intended and unintended use [6].

The analysis of the operating scenarios has led to an investigation of alternative parameters for “risk assessment friendly” definitions [5]:

  • the frequency of requested access by humans
  • the kinetic energy of robot systems

Frequency is a quantifiable access rate required within a shared space for performing tasks in automatic mode when both humans and robots are operational (e.g. on the move). Most of the related work implicitly recognised the frequency factor underlying the "degree of interaction" or "involvement" or "sharing of tasks" as one of the criteria for identifying truly collaborative systems.

Kinetic energy is the generic factor that considers the required application performances (e.g. productivity, process specifications, etc.), which are actually approximated through speed. Speed itself, in turn, is related to almost all the criteria applied for estimating the severity of physical interactions (e.g. impacts): moment, power, kinetic energy, energy flow, and so on. Finally, speed is the adjustable parameter of a sub-activity / activity / application which is practically known at the design phase (e.g. by cycle time).

In this way, all applications can be labelled in terms of frequency-energy pairs. For instance, a machine tending application could be defined as a “low-frequency, low/mid-energy” (i.e. velocity) type. Depending on its risk assessment, that application can use either conventional or collaborative safety features. Hybrid human-robot assembly, instead, would likely be classified as “high-frequency, mid/high-energy” type and belongs to collaborative operations.

The combination of two quantitative factors used in risk estimation has a strong correlation with the design of protective measures. In fact, if an application is too hazardous (i.e. risks are non-negligible after reduction or hazard cannot be eliminated in collaborative modes), then a conventional perimeter safeguarding is the only solution. In this case, safeguards including guards and sensitive protective equipment (SPE) are regularly used for securing personnel out of the workspace (safeguarded space).

The use of a frequency-energy map also highlights two situations that are often arguable in safety design [5]:

  • potential “inefficiency” appears when a low-frequency necessity of access is implemented with collaborative features (e.g. using the Power-Force-Limitation method). This results in a power limitation in exchange of limited benefits due to the occasional nature of the interaction. Many of such implementations would rather benefit from a conventional safe-guarding perimeter, adding for instance interlocked access once the robot system comes to a temporary halt, or by combining sensors for triggering the collaborative option upon effective presence/access.
  • “possible misuses” area represents situations that, unlike typical situations using conventional safeguarded solutions, would naturally and practically require frequent access to the workspace. They would perfectly fit collaborative features, and circumvention or deception of safeguards is then “not discouraged” by necessity. Possible misuses are then to be expected, with the consequence of a general degradation of the overall safety of the application.

Figure 1 Speed-frequency representation of operations, with energy increasing along both sides of y-axis (null speed, stopping/holding condition) [1].

Once the operating scenario was defined, the RECOLL project focused on how to check that all the assumptions can be considered realistic in the particular case, noting that the human and the robot collaboration is over a wide spectrum of applications. RECOLL’s demonstrator focused on the class of unstructured operating scenarios. The working environment is open, easy to be accessed by the operators, and there are many different operating modalities.

To overcome the limited information on the operating field, the methodology followed consisted of the definition of the application layout considering multiple possible working areas, each of which has an assigned identification. This makes it possible to classify the risk level for all the foreseeable human-robot interaction modalities.

The demonstrator experiments displayed that it is worth highlighting that the assumptions on the operating environment only partially maintain their own validity. A monitoring system should lead to modification of assumptions on the operating environment as needed, to reduce the residual risks during operation.

Summary of approach

  1. Define scope of operation (ODD), that is, to classify what should be done by the human, what should be done by the robot, and the scheduling of the actions
  2. Define operating scenarios to give coverage of the ODD and the risk assessment using the consolidated industrial practice
  3. Validate defined operating scenarios (core of RECOLL project)


  • [1] ISO/TC 299 Robotics, ISO/TS 15066, Robots and robotic devices – Collaborative robots, (2016).
  • [2] ISO/TC 299 Robotics, ISO 10218-1:2011 Robots and robotic devices — Safety requirements for industrial robots — Part 1: Robots, 2011, Geneva, International Organization for Standardization
  • [3] ISO/TC 299 Robotics, ISO 10218-2:2011 Robots and robotic devices — Safety requirements for industrial robots — Part 2: Robot systems and integration, 2011, Geneva, International Organization for Standardization
  • [4] ISO 8373, Robots and robotic devices–Vocabulary, 2012, Geneva, International Organization for Standardization
  • [5] Federico Vicentini, Terminology in safety of collaborative robotics, Robotics and Computer-Integrated Manufacturing, Volume 63, 2020, 101921, ISSN 0736-5845,.
  • [6] Matthias, Bjoern, ISO/TS 15066 - Collaborative Robots - Present Status, 2015, technical report, march, ABB Research Group

Contact us

Centre for Assuring Autonomy

+44 (0)1904 325345
Institute for Safe Autonomy, University of York, Deramore Lane, York YO10 5GH

Related links

Download this guidance as PDF:

Contact us

Centre for Assuring Autonomy

+44 (0)1904 325345
Institute for Safe Autonomy, University of York, Deramore Lane, York YO10 5GH

Related links

Download this guidance as PDF: