ISO/TR 13849-3:2026 - Markov model-based PFH calculation

ISO/TR 13849-3 is the third part of the ISO 13849 series, one of the most widely used standards for the functional safety of machinery.

It is published as a Technical Report (TR), which means it will not become a harmonized standard under the Machinery Regulation. Nevertheless, it can be used to evaluate the reliability of a safety system—more precisely, of the Safety-Related Part of a Control System (SRP/CS).

Unlike most standards, which are typically written by practitioners, this document was developed by a small group of mathematicians at IFA (Institut für Arbeitsschutz der DGUV), based in Sankt Augustin, near Cologne, Germany.

Why mathematicians? Because they are the same experts who developed the Markov models underlying ISO 13849-1, as well as the SISTEMA software.

If this background sparks your curiosity, read on to discover more.

In the late 1990s, stakeholders involved in drafting EN 954-1 recognized the need to include programmable electronics in machinery safety systems. Although electronics were already covered by EN 954-1, the standard lacked detailed requirements for software.

To address this gap, the standard needed to evolve toward a probabilistic approach, similar to that used in the IEC 61508 series. As a result, the revision leading to the second edition of ISO 13849-1 combined the deterministic approach of EN 954-1 with the probabilistic methods of IEC 61508, introducing software requirements for the first time.

For the 2006 edition of ISO 13849-1, mathematicians from IFA developed Markov models to support reliability evaluation. However, in practice, the reliability level is not calculated directly through formulas but by referring to Table K.1.

The first edition of IEC 62061 was published in 2005, with the latest edition released in 2021. It is the alternative standard used to determine the reliability level of safety-related control systems.

Derived from the IEC 61508 series, IEC 62061 follows a fully probabilistic approach and provides explicit formulas for each type of basic subsystem architecture.

Since its introduction, machinery manufacturers have often questioned the need for two separate standards addressing the same topic. This concern was strongly raised within technical committees, eventually leading to an attempt to merge ISO 13849-1 and IEC 62061 into a single standard (ISO/IEC 17305). A joint ISO/IEC working group was established for this purpose, but the project was ultimately not completed.

One of the key differences between the two standards lies in their calculation methods: ISO 13849-1 uses Table K.1 to estimate PFH values, whereas IEC 62061 relies on analytical formulas. However, Table K.1 is essentially a simplification derived from the underlying Markov models associated with the five categories defined in ISO 13849-1.

In 2017, mathematicians from IFA published an internal document demonstrating that the Markov models used in ISO 13849-1 could also be simplified into analytical formulas.

A key insight from this work was that these formulas closely resemble those used in IEC 62061.

This finding provided part of the motivation for writing our book on functional safety, which highlights how the latest editions—ISO 13849-1:2023 and IEC 62061:2021—are now largely aligned in their overall approach. While differences in terminology remain (for example, ISO uses Safety-Related Parts of Control Systems (SRP/CS), whereas IEC uses Safety-related Control Systems (SCS), both standards essentially refer to the same concept.

The internal IFA document was later further developed and entered the formal ISO standardization process. After discussions among body members and progres through the official stages of the ISO standardisation process, it was finally published in March 2026 as ISO/TR 13849-3.

ISO/TR 13849-3 can be used to calculate the PFH (Average frequency of a dangerous failure per hour) of a subsystem in a way similar to IEC 62061. It provides more precise results, compared to the simplified values given in Table K.1 of ISO 13849-1

An explanation for Category 2 (1001D) can be found in this article.