Definition

Safety constraints are hard or soft limits on a robot's behavior designed to prevent injury to humans, damage to the environment, and destruction of the robot itself. They define the envelope within which the robot is permitted to operate, regardless of what its controller or learned policy commands. In practice, safety constraints are the non-negotiable rules that take precedence over all task objectives — if a motion would violate a safety constraint, it must be blocked or modified, even if that means failing the task.

As robots move from caged industrial cells into shared human environments — collaborative manufacturing, healthcare, home assistance — safety constraints become the critical bridge between capability and deployability. A robot that can fold laundry but occasionally exceeds safe contact forces will never be deployed in a home. Safety is not a feature; it is a prerequisite.

Types of Safety Constraints

  • Joint position limits — Hard mechanical bounds on each joint. Violating them risks gear damage, cable breakage, or structural failure. Enforced at the lowest control level (motor driver firmware).
  • Joint velocity limits — Maximum angular speeds per joint (typically 50-200 deg/s for collaborative arms). Exceeding them generates excessive kinetic energy that cannot be safely dissipated on contact.
  • Cartesian velocity limits — Maximum end-effector speed (typically 250 mm/s for collaborative operation under ISO/TS 15066). This is the most directly safety-relevant limit: kinetic energy at the point of contact scales with velocity squared.
  • Force and torque limits — Maximum contact forces between the robot and its environment. ISO/TS 15066 specifies body-region-specific limits: 150N for the hand, 110N for the chest, 65N for the head and neck. Force/torque sensors or motor current monitoring detect threshold violations.
  • Workspace boundaries (virtual walls) — Spatial regions the robot is forbidden from entering. Defined as 3D geometric volumes (boxes, cylinders, planes). Used to keep the robot away from humans, equipment, or dangerous areas.
  • Collision constraints — Self-collision avoidance (robot links must not collide with each other) and environmental collision avoidance (robot must not collide with known obstacles). Computed using the robot's geometric model and the point cloud or mesh representation of the environment.
  • Emergency stop (e-stop) — Immediate motor power cutoff triggered by a physical button, software condition, or external safety controller. The most fundamental safety mechanism, required by all industrial robot safety standards.

Implementation Approaches

Control Barrier Functions (CBFs): A mathematical framework that modifies the robot's control input to guarantee that the system state remains within a defined safe set. A CBF defines a function h(x) where h(x) ≥ 0 corresponds to safe states. The controller is constrained to ensure h remains non-negative (or increases when near the boundary). CBFs can be applied as a lightweight filter on top of any controller, including neural network policies, making them particularly attractive for learned manipulation systems.

Model Predictive Control (MPC) with constraints: MPC optimizes a trajectory over a finite time horizon while explicitly incorporating safety constraints (velocity limits, workspace boundaries, obstacle avoidance) into the optimization problem. Constraints are enforced at each predicted timestep, providing look-ahead safety that reactive methods lack. The tradeoff is computational cost: real-time MPC at 100+ Hz requires efficient solvers and sometimes simplified dynamics models.

Safety layers: A neural network safety layer takes the raw action from a learned policy and projects it onto the nearest safe action. The safety layer is trained separately (or derived analytically) to satisfy known constraints. This "filter" approach lets the policy train without safety awareness while guaranteeing safe execution.

Hardware safety systems: Dual-channel safety controllers (e.g., SICK, Pilz) independently monitor joint positions, velocities, and forces, triggering protective stops if limits are exceeded. These operate independently of the robot's main controller, providing a second layer of protection even if software fails.

ISO Standards

ISO 10218-1/2 (Industrial robots): The primary safety standard for industrial robot systems. Defines requirements for robot design (Part 1) and robot system integration (Part 2). Specifies safety-rated monitored stop, hand guiding, speed and separation monitoring, and power and force limiting as the four collaborative operation modes.

ISO/TS 15066 (Collaborative robots): Technical specification providing detailed guidance for collaborative robot operation. Critically, it defines biomechanical load limits — the maximum forces and pressures that different human body parts can tolerate during transient and quasi-static contact. These limits are the foundation for configuring force thresholds on collaborative robots like Universal Robots, Franka, and KUKA iiwa.

ISO 13849 / IEC 62443: Functional safety and cybersecurity standards that apply to the safety control system itself. Safety-rated hardware and software must meet defined Performance Levels (PL) or Safety Integrity Levels (SIL).

Safety for Learned Policies

Neural network policies trained via imitation learning or reinforcement learning present unique safety challenges: they are opaque, their behavior is difficult to predict outside the training distribution, and they can produce arbitrarily unsafe actions when encountering out-of-distribution inputs.

Safety wrappers: The most practical approach is to treat the learned policy as an untrusted controller and wrap it with a safety layer. The wrapper clips joint velocity commands to safe limits, checks proposed trajectories against workspace boundaries, and monitors force/torque sensors for unexpected contacts. If any constraint is violated, the wrapper overrides the policy with a safe default action (e.g., hold position, retract to home).

Constrained policy optimization: Methods like CPO (Constrained Policy Optimization) and LAMBDA incorporate safety constraints directly into the RL training objective, producing policies that are less likely to violate constraints. However, these provide statistical guarantees (constraint satisfaction in expectation) rather than hard guarantees.

Sim-to-real with conservative margins: When transferring policies from simulation, safety margins are inflated (e.g., 50% lower velocity limits than the physical maximum) to account for dynamics mismatch. As the system is validated on real hardware, margins can be gradually relaxed.

Practical Requirements

Risk assessment: Before deploying any robot system, a formal risk assessment identifies hazards, estimates severity and probability, and determines required safety measures. ISO 12100 provides the methodology. This assessment drives the choice of safety constraints and their thresholds.

Validation and testing: Safety constraints must be validated through systematic testing: worst-case collision testing with calibrated force measurement, boundary violation testing, e-stop response time measurement, and long-duration soak testing for intermittent failures.

Monitoring and logging: Production systems must continuously log safety-relevant data (forces, velocities, proximity to boundaries) for post-incident analysis and compliance auditing. Real-time dashboards alert operators to near-misses before they become incidents.

Safety at SVRC

All robot cells at SVRC's Mountain View and Allston facilities implement a layered safety architecture:

  • Physical barriers: Light curtains and safety-rated laser scanners define exclusion zones around high-speed robot cells. Collaborative robot cells use reduced-speed zones instead of hard barriers.
  • Hardware safety controllers: Dual-channel safety PLCs independently monitor joint positions, velocities, and forces. E-stop response time is tested quarterly and documented.
  • Software safety layers: All learned policies deployed on SVRC hardware pass through a safety wrapper that enforces joint limits, velocity clamping, workspace boundaries, and force limits. The wrapper operates at 1 kHz, independent of the policy's control frequency.
  • Operator training: All SVRC operators and visiting researchers complete a safety orientation covering e-stop locations, operating procedures, and emergency protocols before accessing any robot cell.

Our repair and maintenance team handles safety system inspection, testing, and documentation for all SVRC equipment and can provide safety integration consulting for your facility.

See Also

Key Papers

  • Ames, A.D. et al. (2017). "Control Barrier Function Based Quadratic Programs for Safety Critical Systems." IEEE Transactions on Automatic Control. The foundational paper on CBFs for real-time safety enforcement.
  • Achiam, J. et al. (2017). "Constrained Policy Optimization." ICML 2017. Introduces CPO for RL with safety constraints, guaranteeing near-constraint satisfaction at each policy update.
  • Haddadin, S. et al. (2017). "Robot Collisions: A Survey on Detection, Isolation, and Identification." IEEE Transactions on Robotics. Comprehensive survey on collision detection methods for safe human-robot interaction.
  • ISO/TS 15066:2016. "Robots and Robotic Devices — Collaborative Robots." The technical specification defining biomechanical limits for collaborative robot operation.

Related Terms

  • Whole-Body Control — Integrates safety constraints into the full-body optimization problem
  • Impedance Control — Compliant control that limits contact forces by regulating robot stiffness
  • Joint Space — Joint limits and velocity constraints define the feasible region of joint space
  • Workspace Analysis — Defines the spatial boundaries for safety zoning
  • Sim-to-Real Transfer — Conservative safety margins account for sim-to-real dynamics gaps

Apply This at SVRC

Silicon Valley Robotics Center builds safety into every deployment. Our robot cells feature configurable safety envelopes, real-time force monitoring, and ISO/TS 15066-compliant collaborative operation modes. For teams deploying learned policies, we provide safety wrapper libraries and systematic validation testing to ensure your neural network controllers operate within certified safety limits.

Explore Services   Contact Us