The Class 4 Power Supply Functional Safety Challenge: High Stakes at High Voltage

We have recently written several blogs exploring the overleap between functional and non-functional safety – including a closer look at IEC 60664 in “The Fountain of Knowledge”. In this blog, we shift focus to the functional safety challenges associated with Fault-Managed Power Systems (FMPS) – also referred to as Class 4 power systems in the US National Electrical Code (ANSI/NFPA 70). Rather than discussing their technical advantages, we focus here on the crucial safety task of preventing electrocution in the event of someone touching a hazardous voltage.

Delivering Power Safely: What FMPSs Bring and What They Risk

Fault-Managed Power Systems offer many advantages in delivering power over long distances, including increased efficiency and the use of smaller gauge cables. Fig. 1 illustrates a typical block diagram. Both the transmitter and receiver incorporate a mechanism that switches the power supply to a safe level within an appropriate timeframe if a leakage current is detected – for example, when someone touches a hazardous voltage.

The first challenge in achieving the safety goal of reaching a “safe level” is defining what safe actually means. This is where the consideration of ventricular fibrillation comes into play.

Managing the Risk of Ventricular Fibrillation

The primary objective of FMPSs is to avoid ventricular fibrillation (VF) – in other words, a hazardous electric shock. In addition, the energy level must not be so high that a person is unable to let go of the cable if touching a hazardous voltage.

Ventricular fibrillation (VF) introduces several important safety considerations. Typically safety standards such as IEC 60601 ensure touch or leakage currents remain below 0.5 mA in a single fault conditions (SFC) as a key goal. However, there are more factors than the current alone to consider:

Low-frequency currents passing through the heart greatly increase the risk of VF.
Medium to high frequencies lower the risk of electric shock, but thermal injuries (e.g. burns) can still occur.
The highest risk of VF occurs between 10 Hz and 200 Hz.
DC or currents at a frequency greater than 1.5kHz significantly reduce the risk of VF.

Alastair Walker, Owner & Consultant

Need support navigating functional safety challenges?

Whether you’re assessing FMPS compliance, managing hazard analysis, or looking for guidance on IEC 61508 or UL 1400-1, our consultants are here to help.
Explore our consultancy and training services or get in touch to discuss your project.

Learn more

UL 1400-1: A Guide to FMPS Functional Safety

One of the key sources of functional safety guidance for FMPSs is the UL 1400-1 standard. It references well-known FuSa standards including IEC 61508, ISO 13849, and IEC 62061 to guide the hazard analysis activities to assess the potential risks.

The UL 1400-1 fault current evaluation bases on measuring current through and voltage across a defined impedance. Two main criteria apply: the fault current limit and the let-go limits. Since the DC voltage between transmitter and receiver can reach up to 450V, Fig. 2 illustrates a typical pulsed current waveform and the limits during the fault event period (where the current must remain within the Fault Current Limit Mask) and the subsequent fault recovery period (in which the Let-Go Limit current may not exceed that limit).

Figure 2: Typical Fault Current Waveforms

Fig. 3 shows permitted current limits over time. For example:

At a 0.1 ms duration, the limit is 3,975 A (RMS or DC)

At a 5-second duration, the limit is 5 mA RMS or 30 mA DC

Figure 3: Fault Current Limits

Measurement Challenges: Accurate Fault Detection in FMPSs

To ensure the FMPS achieves the safe current limits within the desired timeframe, both line-to-ground and line-to-line monitoring are required. Fault detection is based on exceeding a defined current limit, while maintaining the strategy shown in Figure 2 and the current limits outlined in Figure 3.

This requires fast reaction times and appropriate current-limiting actions in either the transmitter or receiver. In addition, the FMPS must manage its response throughout the entire fault recovery period, ensuring no unsafe condition persists.

Functional Safety Risks in FMPS Design

As outlined in UL 1400-1, there is a number of factors to be addressed in the functional safety analysis. While not all aspects are necessarily deemed to be functional safety relevant topics in the strictest sense, the hazard analysis should cover, at minimum, the following safety-critical areas:

Unwanted auto-restart following a fault

Exceeding electric shock limits

Exceeding fault power limits

Exceeding arc energy limits

Overvoltage

Overcurrent

Summary

FMPSs brings clear technical advantages, but implementing a robust functional safety architecture is no small challenge. However, reducing risk – both at installation and during operation – can outweigh the technical obstacles. Understanding what constitutes a sufficiently low risk of ventricular fibrillation (VF) is a critical starting point in the activity.

FMPSs remain a relatively new technology, but they bring significant advantages in power distribution. The concept of actively avoiding VF through functional means, rather than relying solely on passive safety approaches, is likely to appear in many more applications as we move forward.

By Alastair Walker, Owner / Consultant