TwinSAFE Safety Configuration Guide
Version: APR-2026.01 | TwinCAT: 3.1 Build 4024.65
Safety architecture for APR dual-axis linear motor system.
Overview
This skill covers the TwinSAFE safety system configuration for the APR system, including safety hardware selection, STO (Safe Torque Off) implementation, and safety PLC programming.
Safety Hardware
| Terminal | Function | Description |
|---|---|---|
| EL6900 | TwinSAFE Logic | Safety PLC, executes safety program |
| EL1904 | Safety Digital Input | 4-channel, dual-channel evaluation |
| EL2904 | Safety Digital Output | 4-channel, SIL3/PLe capable |
Safety Architecture
code
┌─────────────────────────────────────────────────────────────────┐ │ TwinSAFE Safety Loop │ ├─────────────────────────────────────────────────────────────────┤ │ │ │ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌─────────┐ │ │ │ E-STOP │────►│ EL1904 │────►│ EL6900 │────►│ EL2904 │ │ │ │ (Ch1+Ch2)│────►│ DI 1+2 │ │ Safety │ │ DO 1-4 │ │ │ └──────────┘ └──────────┘ │ Logic │ └────┬────┘ │ │ │ │ │ │ │ ┌──────────┐ ┌──────────┐ │ │ │ │ │ │ Light │────►│ EL1904 │────►│ │ ▼ │ │ │ Curtain │────►│ DI 3+4 │ │ │ ┌─────────┐ │ │ │ (OSSD) │ └──────────┘ └──────────┘ │ E1 STO │ │ │ └──────────┘ │ STO1/2 │ │ │ └─────────┘ │ └─────────────────────────────────────────────────────────────────┘
EL1904 Input Configuration
Channel Assignment
| Channel | Signal | Type | Description |
|---|---|---|---|
| DI 1 | E-STOP Ch1 | NC Contact | Emergency stop channel 1 |
| DI 2 | E-STOP Ch2 | NC Contact | Emergency stop channel 2 |
| DI 3 | Light Curtain OSSD1 | PNP 24V | Safety output 1 |
| DI 4 | Light Curtain OSSD2 | PNP 24V | Safety output 2 |
Wiring Requirements
- •Dual-channel wiring for E-STOP (redundancy)
- •Light curtain OSSD: PNP, 24VDC
- •Cable shield grounded at one end
- •Max cable length: 100m
EL2904 Output Configuration
Channel Assignment
| Channel | Signal | Load | Description |
|---|---|---|---|
| DO 1 | STO1 Axis A | E1 Drive | Safe Torque Off Ch1 |
| DO 2 | STO2 Axis A | E1 Drive | Safe Torque Off Ch2 |
| DO 3 | STO1 Axis B | E1 Drive | Safe Torque Off Ch1 |
| DO 4 | STO2 Axis B | E1 Drive | Safe Torque Off Ch2 |
Wiring to E1 Drive
code
EL2904 DO1 ────────────► E1 Drive Axis A STO1 EL2904 DO2 ────────────► E1 Drive Axis A STO2 EL2904 DO3 ────────────► E1 Drive Axis B STO1 EL2904 DO4 ────────────► E1 Drive Axis B STO2
EL6900 Safety Program
Function Blocks
| FB | Purpose |
|---|---|
| SF_EmergencyStop | E-STOP dual-channel evaluation |
| SF_ESPE | Light curtain (ESPE) evaluation |
| SF_SafeStop1 | SS1: controlled stop then STO |
| SF_EDM | External Device Monitoring |
Safety Logic Example
iecst
PROGRAM SafetyPLC
VAR
// Inputs from EL1904
bEStop_Ch1 : BOOL;
bEStop_Ch2 : BOOL;
bLightCurtain1 : BOOL;
bLightCurtain2 : BOOL;
bResetButton : BOOL;
// Outputs to EL2904
bSTO1_AxisA : BOOL;
bSTO2_AxisA : BOOL;
bSTO1_AxisB : BOOL;
bSTO2_AxisB : BOOL;
// Function Blocks
fbEStop : SF_EmergencyStop;
fbLightCurtain : SF_ESPE;
END_VAR
// E-STOP evaluation
fbEStop(
Activate := TRUE,
S_EStopIn := bEStop_Ch1 AND bEStop_Ch2,
S_StartReset := bResetButton,
S_AutoReset := FALSE,
Reset := bResetButton
);
// Light curtain evaluation
fbLightCurtain(
Activate := TRUE,
S_OSSD1 := bLightCurtain1,
S_OSSD2 := bLightCurtain2,
S_StartReset := bResetButton,
Reset := bResetButton
);
// Combined safety output
bSTO1_AxisA := fbEStop.S_EStopOut AND fbLightCurtain.S_ESPE_Out;
bSTO2_AxisA := bSTO1_AxisA;
bSTO1_AxisB := bSTO1_AxisA;
bSTO2_AxisB := bSTO1_AxisA;
Safety Response Times
| Component | Response Time |
|---|---|
| EL1904 Input | < 4 ms |
| EL6900 Logic | < 6 ms |
| EL2904 Output | < 4 ms |
| E1 STO Response | < 10 ms |
| Total System | < 24 ms |
Safety Functions
STO (Safe Torque Off)
- •Removes torque from motor
- •Does NOT control position
- •Used for: E-STOP, light curtain intrusion
SS1 (Safe Stop 1)
- •Controlled deceleration
- •Then activates STO
- •Used for: Graceful safety stop
SBC (Safe Brake Control)
- •Controls mechanical brake
- •Activates after STO
- •Prevents gravity fall (vertical axes)
Safety Solution Architecture (4 Frameworks)
The APR safety system integrates components from multiple frameworks:
Framework Integration
- •Beckhoff TwinSAFE - Core safety PLC and I/O
- •HIWIN E1 STO - Drive-integrated safety
- •Keyence GL-V - Safety light curtain
- •ISO 13849 / IEC 62443 - Safety standards compliance
Safety Zones
code
┌─────────────────────────────────────────┐ │ Safety Zone A │ │ ┌─────────────────────────────────┐ │ │ │ Light Curtain Zone │ │ │ │ (GL-VM72HP, 1440mm height) │ │ │ └─────────────────────────────────┘ │ │ │ │ ┌─────────────────────────────────┐ │ │ │ Motion Hazard Zone │ │ │ │ (LMSA13L, 4.2m travel, 9.7m/s) │ │ │ └─────────────────────────────────┘ │ └─────────────────────────────────────────┘
Commissioning Checklist
- • Verify EL1904 input wiring (dual-channel)
- • Configure EL6900 safety program
- • Link EL2904 outputs to E1 STO inputs
- • Test E-STOP function (both channels)
- • Test light curtain response
- • Measure actual response time
- • Verify reset button function
- • Document safety validation
Safety Categories
| Safety Level | Application |
|---|---|
| SIL 2 / PLd | Standard machine safety |
| SIL 3 / PLe | High-risk applications |
TwinSAFE with EL1904/EL6900/EL2904 supports up to SIL 3 / PLe.
Available References
- •
references/framework-integration.md- ASCII blueprint integrating 4 safety frameworks - •
references/github-hosting.md- APR_HiwinLMSA_SafetyGate GitHub hosting plan