IEC TS 60079-42:2019

IEC TS 60079-42 ®
Edition 1.0 2019-04
TECHNICAL
SPECIFICATION
SPECIFICATION
TECHNIQUE
colour
inside
Explosive atmospheres
Part 42: Electrical Safety Devices for the control of potential ignition sources
from Ex-Equipment
Atmospheres explosive
Partie 42: Dispositifs électriques de sécurité pour la commande des sources
potentielles d’inflammation des appareils Ex

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.

Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite
ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie
et les microfilms, sans l'accord écrit de l'IEC ou du Comité national de l'IEC du pays du demandeur. Si vous avez des
questions sur le copyright de l'IEC ou si vous désirez obtenir des droits supplémentaires sur cette publication, utilisez
les coordonnées ci-après ou contactez le Comité national de l'IEC de votre pays de résidence.

IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigendum or an amendment might have been published.

IEC publications search - webstore.iec.ch/advsearchform Electropedia - www.electropedia.org
The advanced search enables to find IEC publications by a The world's leading online dictionary on electrotechnology,
variety of criteria (reference number, text, technical containing more than 22 000 terminological entries in English
committee,…). It also gives information on projects, replaced and French, with equivalent terms in 16 additional languages.
and withdrawn publications. Also known as the International Electrotechnical Vocabulary

(IEV) online.
IEC Just Published - webstore.iec.ch/justpublished
Stay up to date on all new IEC publications. Just Published IEC Glossary - std.iec.ch/glossary
details all new publications released. Available online and 67 000 electrotechnical terminology entries in English and
once a month by email. French extracted from the Terms and Definitions clause of
IEC publications issued since 2002. Some entries have been
IEC Customer Service Centre - webstore.iec.ch/csc collected from earlier publications of IEC TC 37, 77, 86 and
If you wish to give us your feedback on this publication or CISPR.

need further assistance, please contact the Customer Service

Centre: sales@iec.ch.
A propos de l'IEC
La Commission Electrotechnique Internationale (IEC) est la première organisation mondiale qui élabore et publie des
Normes internationales pour tout ce qui a trait à l'électricité, à l'électronique et aux technologies apparentées.

A propos des publications IEC
Le contenu technique des publications IEC est constamment revu. Veuillez vous assurer que vous possédez l’édition la
plus récente, un corrigendum ou amendement peut avoir été publié.

Recherche de publications IEC - Electropedia - www.electropedia.org
webstore.iec.ch/advsearchform Le premier dictionnaire d'électrotechnologie en ligne au
La recherche avancée permet de trouver des publications IEC monde, avec plus de 22 000 articles terminologiques en
en utilisant différents critères (numéro de référence, texte, anglais et en français, ainsi que les termes équivalents dans
comité d’études,…). Elle donne aussi des informations sur les 16 langues additionnelles. Egalement appelé Vocabulaire
projets et les publications remplacées ou retirées. Electrotechnique International (IEV) en ligne.

IEC Just Published - webstore.iec.ch/justpublished Glossaire IEC - std.iec.ch/glossary
Restez informé sur les nouvelles publications IEC. Just 67 000 entrées terminologiques électrotechniques, en anglais
Published détaille les nouvelles publications parues. et en français, extraites des articles Termes et Définitions des
Disponible en ligne et une fois par mois par email. publications IEC parues depuis 2002. Plus certaines entrées
antérieures extraites des publications des CE 37, 77, 86 et
Service Clients - webstore.iec.ch/csc CISPR de l'IEC.

Si vous désirez nous donner des commentaires sur cette
publication ou si vous avez des questions contactez-nous:
sales@iec.ch.
IEC TS 60079-42 ®
Edition 1.0 2019-04
TECHNICAL
SPECIFICATION
SPECIFICATION
TECHNIQUE
colour
inside
Explosive atmospheres
Part 42: Electrical Safety Devices for the control of potential ignition sources

from Ex-Equipment
Atmospheres explosive
Partie 42: Dispositifs électriques de sécurité pour la commande des sources

potentielles d’inflammation des appareils Ex

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 29.260.20 ISBN 978-2-8322-6807-0

– 2 – IEC TS 60079-42:2019 © IEC 2019
CONTENTS
FOREWORD . 4
INTRODUCTION . 6
1 Scope . 7
2 Normative references . 8
3 Terms and definitions . 8
4 Basic requirements . 8
5 Ignition prevention by safety devices . 9
5.1 General concept of ignition risk reduction . 9
5.2 Safety characteristics of a safety device . 9
5.3 Associated safety device . 10
6 Functional requirements for a safety device . 10
6.1 General requirements . 10
6.2 Specification of the safety function . 10
6.3 Requirements for achieving the safety integrity . 10
6.3.1 Simple safety devices . 10
6.3.2 Complex safety device . 11
7 Testing and Verification . 11
7.1 Type tests . 11
7.2 Proof tests . 11
8 Marking . 11
9 Instructions . 11
Annex A (informative) Guidance for assessment of a simple safety device . 13
Annex B (informative) Examples for the application of safety devices . 14
B.1 General . 14
B.2 Ex Equipment with a temperature controlled surface . 14
B.2.1 Problem: . 14
B.2.2 Consequence: . 14
B.2.3 Solution: . 14
B.3 Current-dependent safety device for thermal protection of motors with type
of protection Ex eb . 15
B.3.1 Problem: . 15
B.3.2 Consequence: . 15
B.3.3 Solution: . 15
B.4 Risk reduction by ignition control and mitigation, bucket elevator example . 16
B.4.1 Problem . 16
B.4.2 Ignition Hazard Assessment . 17
B.4.3 Safety controls to prevent ignition . 17
B.4.4 Safety Controls with explosion mitigation . 18
B.5 Control of high temperatures . 19
B.5.1 Problem . 19
B.5.2 Ignition hazard assessment . 19
B.5.3 Safety controls. 20
Annex C (informative) Use of the Safe Motor Temperature (SMT) sub-function with
converter-fed motors . 21
C.1 General . 21
C.2 Reliability of the safety motor temperature control function. . 22

C.3 Control without temperature sensors . 22
C.4 Control with temperature sensors . 22
Bibliography . 24

Figure B.1 –Safety Device to limit the temperature rise . 15
Figure B.2 – Overload protection device to limit the temperature rise of a motor under
stall and overload conditions . 16
Figure B.3 – Bucket elevator principle . 17
Figure B.4 – Bucket elevator sensors for ignition hazard detection. 18
Figure B.5 – Controls with explosion mitigation . 19
Figure C.1 – Overview . 21
Figure C.2 – Control without temperature sensors . 22
Figure C.3 – Control with temperature sensors . 23

Table 1 – Minimum RRF for a safety device for ignition risk reduction . 9
Table A.1 – Relationship between λ and RRF . 13
d
Table C 1– SMT safety sub function Risk Reduction Factors (RRF) . 22

– 4 – IEC TS 60079-42:2019 © IEC 2019
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
EXPLOSIVE ATMOSPHERES
Part 42: Electrical Safety Devices for the control of potential ignition
sources from Ex-Equipment
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Technical Specification IEC 60079-42 has been prepared by IEC technical
committee 31: Equipment for explosive atmospheres.
The text of this Technical Specification is based on the following documents:
FDIS Report on voting
31/1418/DTS 31/1441/RVDTS
Full information on the voting for the approval of this Technical Specification can be found in
the report on voting indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.

The committee has decided that the contents of this publication will remain unchanged until
the stability date indicated on the IEC web site under "http://webstore.iec.ch" in the data
related to the specific publication. At this date, the publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
This International Technical Specification is to be read in conjunction with the International
Standards for the specific types of protection listed in the ISO 80079-37 and the IEC 60079
series.
IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.
– 6 – IEC TS 60079-42:2019 © IEC 2019
INTRODUCTION
Generally, the probability of potential ignition sources becoming effective is mitigated by
applying the protection measures according to the IEC 60079 and the ISO 80079 series. If the
probability of an ignition source becoming effective cannot be mitigated by these measures, it
could be controlled by using a suitable safety device. The combination of the safety device
and the Ex Equipment may then comply with the relevant standards of the IEC 60079 series
and the ISO 80079 series with respect to the Equipment Protection Level.
Safety devices, which are used as part of the protection of equipment for explosive
atmospheres for control of potential ignition sources, should consider reliability for the
intended purpose to recognise the principles for the classification of hazardous areas and
explosion protection techniques. This document provides guidance for the application of
safety functions to provide a reduction of ignition risk for equipment as part of the IEC 60079
series and ISO 80079 series. It relies on relevant IEC and ISO standards for safety related
control systems.
EXPLOSIVE ATMOSPHERES
Part 42: Electrical Safety Devices for the control of potential ignition
sources from Ex-Equipment
1 Scope
This part of IEC 60079, which is a Technical Specification, provides guidance for equipment
manufacturers where electrical safety devices are used to reduce the likelihood of potential
ignition sources becoming effective in Ex Equipment located in Explosive Atmospheres.
Electrical safety devices perform a safety function to control potential ignition sources from
both, electrical or non-electrical Ex Equipment in explosive atmospheres.
This document may also be applied to a combination of elements performing a safety function.
For example:
• Sensor
• Logic system
• Final element
This Technical Specification can also be used for assessing the safety device independently,
without being designed for a specific Ex Equipment.
A safety device can be a measure to achieve a required EPL of the Ex Equipment with
respect to a potential ignition source. The combination of the safety device and the Ex
Equipment could then comply with the relevant standards of the IEC 60079 series and the
ISO 80079 series with respect to the Equipment Protection Level. However, increasing the
EPL of Ex Equipment by the simple addition of a safety device is not within the scope of this
document.
This document does not apply to:
• mechanical control equipment such as pressure relief valves, mechanical governors and
other mechanical safety devices
• the use of gas detection
• control equipment to prevent the occurrence of explosive atmospheres, e.g. inerting
systems and ventilation systems
• mitigation of an explosion
NOTE Some potential ignition sources might not be practicably controlled by safety devices.
Electrical safety devices, where the level of safety integrity is identified under other parts of
the IEC 60079 series, this document can be used as a reference for the realization of the
level of safety integrity.
Electrical safety devices may be installed either as part of or separate to the Ex Equipment
under control (EEUC) and may be located inside or outside the hazardous area.

– 8 – IEC TS 60079-42:2019 © IEC 2019
2 Normative references
The following documents are referred to in the text in such a way that some or all of their
content constitutes requirements of this document. For dated references, only the edition
cited applies. For undated references, the latest edition of the referenced document (including
any amendments) applies.
IEC 60079-0, Explosive atmospheres - Part 0: Equipment - General requirements
IEC 61508 (all parts), Functional safety of electrical/electronic/programmable electronic
safety-related systems
IEC 61508-4, Functional safety of electrical/electronic/programmable electronic safety-related
systems – Part 4: Definitions and abbreviations (see http://www.iec.ch/functionalsafety)
IEC 61511-1, Functional safety - Safety instrumented systems for the process industry sector
- Part 1: Framework, definitions, system, hardware and application programming requirements
ISO 80079-37, Non Electrical Equipment for Explosive Atmospheres – Non electrical Type of
Protection constructional safety ‘c’, control of ignition Source ‘b’, liquid immersion ‘k’
3 Terms and definitions
For the purposes of this document, the terms and definitions given in IEC 60079-0,
IEC 61508-4, IEC 61511-1, ISO 80079-37 and the following apply.
ISO and IEC maintain terminological databases for use in standardization at the following
addresses:
• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp
3.1
safety device
device intended for use inside or outside explosive atmospheres but required for or
contributing to the safe functioning of Ex Equipment and protective systems with respect to
the risks of explosion
Note 1 to entry: Safety devices differ from the term devices used in the IEC 61508 and IEC 61511 series. Safety
devices can be compared to the terms like “safety-related system (IEC 61508)” or “safety instrumented system
(IEC 61511)”.
3.2
Ex Equipment under control
EEUC
Ex Equipment which contains a potential ignition source which is controlled by a safety device
3.3
risk reduction factor
RRF
factor by which the probability of the occurrence of an ignition source in the EEUC is reduced
by the safety device
4 Basic requirements
Safety functions shall respond before a potential ignition source of the EEUC becomes
effective. Safety functions shall therefore be considered as operating in low demand mode.

The detection of a dangerous failure in a safety device (by diagnostic tests, proof tests or by
any other means) shall result in a specified action to achieve or maintain a safe state of
the EEUC.
The safety device and the Ex Equipment shall be assessed for use as a combination
according to the relevant standards of the IEC 60079 series and the ISO 80079 series and
shall be marked accordingly.
NOTE If safety devices are located in a hazardous area, they are selected and installed in accordance with
IEC 60079-14.
5 Ignition prevention by safety devices
5.1 General concept of ignition risk reduction
To comply with a defined EPL, Ex Equipment shall first be protected against potential ignition
sources by applying the measures according to the IEC 60079 and the ISO 80079 series. If an
ignition source cannot be prevented by these measures, it may be controlled by using a
suitable safety device.
The ignition hazard assessment of Ex Equipment starts with the evaluation of potential
ignition sources including the assessment of malfunctions related to the Ex Equipment. The
Ex Equipment to be controlled and the safety devices shall first be assessed as a combination
relevant to the EPL. The minimum risk reduction factor of the safety devices shall meet the
requirements of 5.2.
NOTE Equipment may have also been assessed without the control of a safety device, but with a lower EPL rating.
If Ex Equipment contains several potential ignition sources, for each ignition source the same
procedure shall be performed and the ignition risk mitigated by appropriate measures.
5.2 Safety characteristics of a safety device
A safety device shall provide a safety integrity suitable for the required ignition risk reduction
for the Ex Equipment. Safety devices shall provide a minimum risk reduction factor for the Ex
Equipment according to Table 1.
Table 1 – Minimum RRF for a safety device for ignition risk reduction
Target EEUC Safety device
Ex Equipment with a residual ignition source
EPL RRF
Gc, Dc ≥10
which is not a source of ignition in normal
operation and could become active as an ignition
Gb, Db ≥100
source in the case of regular expected
occurrences
Ga, Da Not permitted
Gc, Dc Not required
which could become a source of ignition only
Gb, Db ≥10
during expected malfunctions
Ga, Da ≥100
Gc, Dc Not required
which could become a source of ignition only
Gb, Db Not required
during rare malfunctions
Ga, Da ≥10
NOTE 1 Regular expected occurrences include anticipated conditions such as high temperatures on a brake,
failure of a lamp or opening of a fuse. Such devices cannot be controlled by a safety device to achieve EPL
Ga or Da.
– 10 – IEC TS 60079-42:2019 © IEC 2019
NOTE 2 For EPL Gc/Dc the risk reduction factor provides for additional protection to ensure an ignition source
remains inactive in the case of regular expected occurrences. For EPL Gb/Db the definition from IEC 60079-0 does
not identify the case of regular expected occurrences but these still have to be considered. Thus the higher RRF
provides additional integrity for control of such ignition sources.
NOTE 3 Regular expected occurrences do not include ignition sources during normal operation. Additional
measures are provided to avoid that those regular expected occurrences would become effective ignition sources
(see IEC 60079-0, definition EPL Gc).
Ignition sources during normal operation (e.g. sparking contacts or sparking relays) shall not
be controlled by safety devices as they are considered as unacceptable risk. Such ignition
sources cannot be controlled by safety devices.
Where an additional risk reduction measure is applied in the event of an ignition e.g. a dust
explosion suppression system, the RRF shown in Table 1 may be reduced. In this case the
additional RRF has to be verified.
Examples of the use of Table 1 are provided in Annex B and C.
5.3 Associated safety device
A safety device not designed for specific equipment to be controlled may be assessed
independently. The safety integrity and other technical parameters of this associated safety
device as well as the interface to the Ex Equipment shall be specified in the instructions of the
Ex Equipment.
The combination of the equipment to be controlled and the associated safety device is to be
considered as Ex Equipment (EEUC) and shall be assessed according to Table 1.
See example in B.2.
6 Functional requirements for a safety device
6.1 General requirements
A safety device shall be specified taking into account the potential ignition source to be
controlled. The safety function for the safety device shall be determined.
The safety device shall be designed to provide the safety function reliably under the specified
range of operating conditions. For example, during commissioning, the number of accessible
parameters shall be minimized and locked after parameterisation, e.g. by password, jumper,
or switch. Cyber security risks and protection against external interference e.g. EMC, shall be
considered.
6.2 Specification of the safety function
On demand the safety function shall bring the EEUC into a safe state. The activation
threshold (maximum or minimum) of the parameters to be controlled to prevent ignition shall
be specified for the ignition hazard (e.g. temperature) in the instructions. All aspects of the
relevant safety parameters (e.g. measuring range, accuracy and the response time) shall be
taken into account. If a safety factor is required by the relevant standard from the IEC 60079
series or the ISO 80079 series, this shall additionally be taken into account.
6.3 Requirements for achieving the safety integrity
6.3.1 Simple safety devices
A safety device can be regarded as a simple safety device if the components required to
achieve the safety function meet the following requirements:
a) the failure modes of all constituent components are well defined; and

b) the behaviour of the element under fault conditions can be completely determined; and
c) there is sufficient dependable failure data to show that the claimed rates of failure for
detected and undetected dangerous failures are met.
NOTE 1 Examples of simple safety devices are; a basic switch with discrete contacts, such as a mechanically
operated level switch (Float); proximity sensor; PT100 or bi-metal thermal probe.
NOTE 2 A device with software or microprocessor control would not be considered to be a simple safety device.
A simple safety device may not require a complete assessment according to 6.3.2. It can be
assessed according to its dangerous hardware failure rate in an FMEA (see Annex A).
In addition, a systematic capability assessment should be provided. However, if the
systematic capability was not assessed a justification shall be documented.
6.3.2 Complex safety device
Safety devices not covered under 6.3.1 shall be considered as complex safety devices.
The safety device shall be designed to comply with an applicable functional safety standard.
7 Testing and verification
7.1 Type tests
Appropriate functional tests shall be performed to ensure that the safety function will operate
correctly across the specified range of operational conditions and considering the range of
manufacturing tolerances or other factors that may affect the performance of the safety
system.
7.2 Proof tests
The manufacturer shall specify in the instructions all necessary information to enable the user
to perform functional proof tests. See Clause 9.
NOTE A proof-test interval of at least 12 months is common practice for many applications.
8 Marking
Specific marking is not required by this document for safety devices.
NOTE 1 Specific marking for safety devices might be required by other standards including IEC 60079-0.
NOTE 2 The EEUC is marked according to IEC 60079-0.
9 Instructions
The instructions shall be prepared as a safety manual which shall contain information
according to the applicable parts of the IEC 60079 series and ISO 80079 series and other
necessary information for the use of the safety-related system. For example:
– description of the safety device and its safety function(s);
– relevant safety parameters including RRF and/or safety integrity (e.g. SIL) and failure
rates;
– safety relevant instructions for installation, calibration, putting into service and use;
– nominal values including tolerances for the electrical interfaces (voltage, current,
power, etc.);
– 12 – IEC TS 60079-42:2019 © IEC 2019
– the associated Type of Protection, if relevant;
– safe state and power off condition;
– interface for the safety device;
– ambient and operational conditions;
– activation threshold (e.g. electrical thresholds, temperatures);
– response time of the safety function;
– proof test interval with detailed description of the test procedure, or useful lifetime for
simple safety devices as applicable.

Annex A
(informative)
Guidance for assessment of a simple safety device
1) The safety device is verified according to the definition of a ‘simple safety device’ (see
6.3.1).
2) The dangerous failure rate λ for the loss of the safety function is determined. If not
d
specified by the supplier of the safety device one of the following methods may be used to
determine the dangerous failure rate λ in the following order of preference:
d
a) an FMEA of the safety device using generic failure rates of its components from
recognised industrial databases.
b) an estimation from the MTBF value of the device, leading to a conservative value of
λ ≤1/MTBF.
d
c) a documented failure statistics from field feedback data experience of the supplier or
user.
If required, the determined failure rate is adjusted for deviating operation and
environmental conditions (e.g. according to IEC 61709).
3) The RRF can be determined from λ with a proof test interval of less than two years
d
according to Table A.1.
Table A.1 – Relationship between λ and RRF
d
Dangerous failures per hour Minimum Risk Reduction
Factor
λ [1/h]
d
RRF
-6 -5
10 …. 10
-7 -6
10 …. 10
-8 -7
10 …. 10
-9 -8
10 …. 10
NOTE results from the comparison of Tables 4 and 5 of IEC 61511-1:2016.

– 14 – IEC TS 60079-42:2019 © IEC 2019
Annex B
(informative)
Examples for the application of safety devices
B.1 General
These examples illustrate the principles of risk reduction for Ex Equipment according to Table
1.
The examples are not intended to represent actual details that should be applied and are only
illustrations of the principles for the application of this document.
B.2 Ex Equipment with a temperature controlled surface
B.2.1 Problem:
The Ex Equipment with a specified temperature class is certified as EPL Gb or Db for the
given EEUC supply voltage with a tolerance of +/- 10 %. However, during a regular expected
occurrence the supply voltage may have a tolerance up to 20 %. The safety assessment
results in a possible ignition source caused by a higher surface temperature than specified.
B.2.2 Consequence:
The Ex Equipment is not permitted to be used in this application according to IEC 60079-14.
At voltages above the certified tolerance the surface temperature will increase and might
become an ignition source.
B.2.3 Solution:
The safety device (consisting of a temperature sensor on the surface of the Ex Equipment, the
logic part and the actuator) will disconnect the power supply before the specified allowable
temperature of the surface is exceeded.
The safety device shall have a minimum RRF=100 according to Table 1. The complete unit,
as it is given in Figure B.1, can then be assessed as meeting the requirements for Gb or Db
equipment.
-2
If a RRF=100 is required, according to IEC 61508 a PFD of at most 10 would be sufficient,
avg
which corresponds to SIL 2.
Figure B.1 –Safety device to limit the temperature rise
The interconnections between sensor and the control unit and between EEUC and actuator
shall also meet the relevant explosion protection requirements of the IEC 60079 series and
the ISO 80079 series. The control unit and the actuator shall not be required to meet the
relevant explosion protection requirements of the IEC 60079 series and the ISO 80079 series.
B.3 Current-dependent safety device for thermal protection of motors with
type of protection Ex eb
B.3.1 Problem:
The load of a mechanical device driven by an electric motor may change which may increase
the power the motor draws from the electricity supply and in severe cases the motor may stall.
This is not a fault of the motor and is an expected occurrence in motor applications.
For Ex eb motors according to IEC 60079-7 the temperature rise for internal parts of a motor
shall be limited according to a defined value which is set by the tE time for any given motor so
the t parameter cannot be exceeded in case of a stalled condition. The t parameter also
E E
establishes the required limits for other overload conditions.
B.3.2 Consequence:
During overload and stalled conditions the increased current in the motor will cause a
temperature rise above the normal allowable temperature of the motor for the temperature
class.
B.3.3 Solution:
This may be controlled by using a current-dependent overload protection device, which is
located outside the hazardous area (see Figure B.2).
The safety function is to monitor the motor current and to disconnect the motor using an
overload protection device that is able to operate within the time t under stall conditions and
E
meets the required response for other overload conditions. The motor as the Ex Equipment
has one residual ignition source only during an expected malfunction and for the application in
a location requiring EPL Gb a RRF=10 is given in Table 1.

– 16 – IEC TS 60079-42:2019 © IEC 2019

Figure B.2 – Overload protection device to limit the temperature rise of a motor under
stall and overload conditions
B.4 Risk reduction by ignition control and mitigation, bucket elevator example
B.4.1 Problem
Bucket elevators are known as items that can explode due to dusts inside the equipment and
the presence of numerous potential ignition sources. The equipment to be controlled is a
bucket elevator used to handle a material that can form a combustible dust. Material is
introduced into the bottom of the elevator where it is caught or scooped into buckets. The
buckets are connected to a chain or belt which lifts each bucket and discharges the buckets
into an outlet chute as the buckets are rotated over the top roller.
Spillage, grinding and falling material inside the bucket elevator can mean that inside the
elevator housing there is always combustible dust in the air within the elevator housing when
the elevator is in use. The interior may be classified as Zone 20 (EPL Da).
The principle of operation is illustrated in Figure B.3.

Figure B.3 – Bucket elevator principle
B.4.2 Ignition Hazard Assessment
The ignition hazard assessment may identify several possible sources of ignition inside the
bucket elevator assembly. These may include:
• Drifting of the belt on either the top or bottom rollers. This could cause the belt or buckets
to rub on the side of the housing causing either sparks or hot surfaces.
• Dislodgement of a bucket from the belt or chain leading to buckets rubbing on the housing
causing either sparks or hot surfaces.
• Blockages in the bottom loading area leading to belts slipping on the rollers or grinding of
the material causing hot surfaces.
• Other mechanical failures that could lead to either sparks or hot surfaces.
B.4.3 Safety controls to prevent ignition
Analysis may suggest that most potential ignition sources can be prevented by detecting
mechanical failures. Such detectors may include belt or bucket speed sensors as well as
bucket alignment sensors at the top and bottom of the assembly. These functions could be
managed by common sensors connected to a suitable control system.
Detection of any fault is arranged to stop the bucket elevator thus preventing the potential
ignition source from becoming active.
The addition of controls to prevent ignition are illustrated in Figure B.4.

– 18 – IEC TS 60079-42:2019 © IEC 2019

Figure B.4 – Bucket elevator sensors for ignition hazard detection
Table 1 would suggest a minimum risk reduction factor of greater than 100 should be applied
for the controls. Further analysis may even suggest a much higher level of reliability may be
needed. However, this may not be practically feasible and there may be other ignition risks
that cannot be controlled by the sensors.
B.4.4 Safety Controls with explosion mitigation
By adding measures to mitigate an explosion the risk reduction factor can be modified. In this
example explosion suppression equipment could be added to suppress an explosion even
after ignition. The suppression could reduce the maximum explosion pressure to within the
pressure withstand ability of the bucket elevator housing and other devices could be used to
prevent the explosion from propagating to other sections of the plant.
The combination of controls including explosion mitigation is illustrated in Figure B.5.

Figure B.5 – Controls with explosion mitigation
With explosion mitigation the required risk reduction factor of the ignition prevention control
system could be reduced and the system would still be in compliance with Table 1. Thus the
ignition control system may be simplified or use components that are not assessed for a
high RRF.
B.5 Control of high temperatures
B.5.1 Problem
The equipment to be used in a hazardous area may have temperatures that could exceed the
ignition temperature of the gas in normal operation and could become active as an ignition
source in the case of regular expected occurrences. In this case supplemental airflow is
provided for additional cooling.
B.5.2 Ignition hazard assessment
The ignition hazard assessment may identify a number of conditions that could be a concern
for the application and thus a number of controls may be required. In this regard a number of
principles from IEC 60079-13 could be referenced as guidance.
Factors relevant to the ignition hazards may include:
• Reliability of ventilation system while the equipment is in operation.
• Failure of the ventilating system to automatically stop operation of the machine
• Possible need to maintain a cold temperature of the air supplied for cooling.
• Possible need to pre-ventilate for a definite time or number of air changes before power is
provided to the machine.
– 20 – IEC TS 60079-42:2019 © IEC 2019
• Possible need for protection of hot particles escaping to the hazardous area e.g. to a
Zone 1 location.
• Source of fresh air outside of the hazardous area and integrity of associated ducts. E.g. by
design and maintaining a positive pressure in the supply air ducts.
B.5.3 Safety controls
Based on the various conditions that could lead to high temperatures a number of safety
functions and safety devices may be necessary. Assuming the location requires EPL Gb
according to Table 1 a RRF=100 is required. These controls could include:
• Air-flow and pressure sensing devices.
• Temperature sensing
...