IEC 63044-4:2021

IEC 63044-4
Edition 1.0 2021-06
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
Home and building electronic systems (HBES) and building automation and
control systems (BACS) –
Part 4: General functional safety requirements for products intended to be
integrated in HBES and BACS
Systèmes électroniques pour les foyers domestiques et les bâtiments (HBES) et
systèmes de gestion technique du bâtiment (SGTB) –
Partie 4: Exigences générales de sécurité fonctionnelle pour les produits
destinés à être intégrés dans les HBES et SGTB
IEC 63044-4:2021-06(en-fr)
---------------------- Page: 1 ----------------------
THIS PUBLICATION IS COPYRIGHT PROTECTED
Copyright © 2021 IEC, Geneva, Switzerland

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form

or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from

either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC

copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or

Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite

ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie

et les microfilms, sans l'accord écrit de l'IEC ou du Comité national de l'IEC du pays du demandeur. Si vous avez des

questions sur le copyright de l'IEC ou si vous désirez obtenir des droits supplémentaires sur cette publication, utilisez

les coordonnées ci-après ou contactez le Comité national de l'IEC de votre pays de résidence.

The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes

The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the

IEC publications search - webstore.iec.ch/advsearchform IEC online collection - oc.iec.ch

The advanced search enables to find IEC publications by a Discover our powerful search engine and read freely all the

variety of criteria (reference number, text, technical publications previews. With a subscription you will always

committee, …). It also gives information on projects, replaced have access to up to date content tailored to your needs.

La Commission Electrotechnique Internationale (IEC) est la première organisation mondiale qui élabore et publie des

Normes internationales pour tout ce qui a trait à l'électricité, à l'électronique et aux technologies apparentées.

Le contenu technique des publications IEC est constamment revu. Veuillez vous assurer que vous possédez l’édition la

webstore.iec.ch/advsearchform Découvrez notre puissant moteur de recherche et consultez

La recherche avancée permet de trouver des publications IEC gratuitement tous les aperçus des publications. Avec un

en utilisant différents critères (numéro de référence, texte, abonnement, vous aurez toujours accès à un contenu à jour

Warning! Make sure that you obtained this publication from an authorized distributor.

Attention! Veuillez vous assurer que vous avez obtenu cette publication via un distributeur agréé.

FOREWORD ........................................................................................................................... 3

INTRODUCTION ..................................................................................................................... 5

1 Scope .............................................................................................................................. 6

2 Normative references ...................................................................................................... 6

3 Terms and definitions ...................................................................................................... 6

4 General requirements .................................................................................................... 10

4.1 General ................................................................................................................. 10

4.2 Method of establishment of the requirements ........................................................ 10

4.2.1 General ......................................................................................................... 10

4.2.2 HBES/BACS application environment ............................................................ 11

4.2.3 Sources of hazards ........................................................................................ 11

4.2.4 Hazardous events .......................................................................................... 11

4.2.5 Derivation of requirements ............................................................................. 11

5 Requirements for functional safety ................................................................................. 12

5.1 General ................................................................................................................. 12

5.2 Power feeding ....................................................................................................... 12

5.3 Life time ................................................................................................................ 13

5.4 Reasonably foreseeable misuse ............................................................................ 13

5.5 Software and communication ................................................................................ 13

5.6 Remote operations ................................................................................................ 15

5.6.1 General recommendations ............................................................................. 15

5.6.2 Within a single building or in its immediate vicinity ......................................... 15

5.6.3 From outside the building .............................................................................. 15

5.6.4 Management .................................................................................................. 16

Annex A (informative) Example of a method for the determination of safety integrity

levels .................................................................................................................................... 17

A.1 General ................................................................................................................. 17

A.2 As low as reasonably practicable (ALARP) and tolerable risk concepts ................. 17

requirements ......................................................................................................................... 19

Annex C (informative) Some examples of non-safety-related HBES/BACS applications ....... 27

C.1 General ................................................................................................................. 27

C.2 Examples of non-safety-related HBES/BACS applications ..................................... 27

C.2.1 Example 1: Oven ........................................................................................... 27

C.2.2 Example 2: Devices presenting a high potential risk of hazard ....................... 27

C.2.3 Example 3: Mains plugs, socket outlets and circuits ....................................... 28

C.2.4 Example 4: Water temperature adjustment .................................................... 28

Bibliography .......................................................................................................................... 29

Figure A.1 – Risk reduction – General concept ..................................................................... 17

achieve them ........................................................................................................................ 16

Table A.1 – Example of risk classification of accidents.......................................................... 18

Table A.2 – Interpretation of risk classes .............................................................................. 18

Table B.1 – Requirements and/or risk reduction measures .................................................... 19

1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising

all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international

co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and

in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports,

Publicly Available Specifications (PAS) and Guides (hereafter referred to as "IEC Publication(s)"). Their

preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with

may participate in this preparatory work. International, governmental and non-governmental organizations liaising

with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for

Standardization (ISO) in accordance with conditions determined by agreement between the two organizations.

2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international

consensus of opinion on the relevant subjects since each technical committee has representation from all

3) IEC Publications have the form of recommendations for international use and are accepted by IEC National

Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC

Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any

4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications

transparently to the maximum extent possible in their national and regional publications. Any divergence between

any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter.

5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity

assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any

6) All users should ensure that they have the latest edition of this publication.

7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and

members of its technical committees and IEC National Committees for any personal injury, property damage or

other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and

expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC

8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is

9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of patent

rights. IEC shall not be held responsible for identifying any or all such patent rights.

IEC 63044-4 has been prepared by IEC technical committee 23: Electrical accessories. It is an

Full information on the voting for its approval can be found in the report on voting indicated in

This document was drafted in accordance with ISO/IEC Directives, Part 2, and developed in

accordance with ISO/IEC Directives, Part 1 and ISO/IEC Directives, IEC Supplement, available

at www.iec.ch/members_experts/refdocs. The main document types developed by IEC are

A list of all parts in the IEC 63044 series, published under the general title Home and Building

Electronic Systems (HBES) and Building Automation and Control Systems (BACS), can be

The committee has decided that the contents of this document will remain unchanged until the

stability date indicated on the IEC website under "http://webstore.iec.ch" in the data related to

Functional safety includes the safe operation of devices and appliances ("products") when

installed into and operating on a communications network in a home or building ("premises").

This document specifies installation, control, operating, and failure mode procedures to

enhance the functional safety of devices installed in homes and buildings. A device functions

safely if it causes no harm while operating and performing an intended task. Such devices might

The growing use of home and building networks to interconnect devices introduces additional

challenges to maintaining functional safety because of possible device interactions. Therefore,

this document addresses the risks of connecting devices to a home or building network, which

Furthermore, if the home or building network is connected to a public network, control from

remote locations may be possible. Such control messages might originate from a smart phone

app, be sent through a mobile telephone network, routed to a building gateway, and sent via a

home or building network to a device communications interface. Thus, there are many

opportunities for such messages to be compromised. Remote access poses additional threats

This document is part of IEC 63044 series and applies to home and building electronic systems

This document applies to home and building electronic systems (HBES) in general and

specifically to systems conforming to the home electronic system (HES) family of ISO/IEC

The intention of this document is to specify, as far as possible, all safety requirements for

This document specifies the general functional safety requirements for devices connected to a

home or building network following the principles of the basic standard for functional safety,

IEC 61508 (all parts). It covers functional safety issues related to device and device

installations. The requirements are based on a risk analysis in accordance with IEC 61508.

This part of IEC 63044 provides the functional safety requirements for HBES/BACS.

In addition, it defines functional safety requirements for the interface of equipment intended to

be connected to an HBES/BACS network. It does not apply to interfaces to other networks.

NOTE 1 An example of another network is a dedicated ICT network covered by IEC 62949.

This document does not provide functional safety requirements for safety-related systems.

NOTE 2 Examples of non-safety-related HBES/BACS applications are given in Annex C.

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies.

For undated references, the latest edition of the referenced document (including any

IEC 63044-3:2017, Home and Building Electronic Systems (HBES) and Building Automation

IEC 63044-5 (all parts), Home and Building Electronic Systems (HBES) and Building

IEC 61508 (all parts), Functional safety of electrical/electronic/programmable electronic safety-

IEC 61709:2017, Electric components – Reliability – Reference conditions for failure rates and

ISO and IEC maintain terminological databases for use in standardization at the following

means for certifying that the entity sending a message is what or who it purports to be and

mechanism to ensure that the entity or person accessing information, functions or services has

communication in which for any reason a message being communicated is incomplete,

truncated, contains errors or has the correct format but delivers information which is outside

freedom from unacceptable risk of harm due to the operation of an HBES/BACS, including that

and forming part of the overall safety relating to the EUC (equipment under control, see 3.17)

(electrical/electronic/programmable electronic) safety-related systems and other risk reduction

Note 1 to entry: The definitions of "functional safety" given in IEC/TR 61000-2-1 and IEC 61000-1-2 are taken into

[SOURCE: IEC 61508-4:2010, 3.1.12, modified – Addition of introduction and items 1 to 4 of

physical injury or damage to the health of people either directly or indirectly as a result of

[SOURCE: IEC 61508-4:2010, 3.1.1, modified – Addition of "either directly or indirectly as a

Note 1 to entry: The term includes danger to persons arising within a short time scale (for example, fire and

explosion) and also those that have a long-term effect on a person's health (for example, release of a toxic

Note 1 to entry: Whether or not a hazardous event results in harm depends on whether people, property or the

environment are exposed to the consequence of the hazardous event and, in the case of harm to people, whether

any such exposed people can escape the consequences of the event after it has occurred.

device in the form of hardware or firmware, and its associated software and configuration tools

manufacturer's installation and operations literature, such as manufacturer's catalogue, leaflet

– implements the required safety functions necessary to achieve or maintain a safe state for

– is intended to achieve, on its own or with other E/E/PE safety-related systems and other

technology risk reduction measures, the necessary safety integrity for the required safety

Note 1 to entry: The term refers to those systems, designated as safety-related systems, that are intended to

achieve, together with the other risk reduction measures, the necessary risk reduction in order to meet the required

Note 2 to entry: Safety-related systems are designed to prevent the EUC from going into a dangerous state by

taking appropriate action on detection of a condition which may lead to a hazardous event. The failure of a safety-

related system would be included in the events leading to the determined hazard or hazards. Although there may be

other systems having safety functions, it is the safety-related systems that have been designated to achieve, in their

own right, the required tolerable risk. Safety-related systems can broadly be divided into safety-related control

Note 3 to entry: Safety-related systems may be an integral part of the EUC control system or may interface with the

EUC by sensors and/or actuators. That is, the required safety integrity level may be achieved by implementing the

safety functions in the EUC control system (and possibly by additional separate and independent systems as well)

or the safety functions may be implemented by separate and independent systems dedicated to safety.

a) be designed to prevent the hazardous event (i.e. if the safety-related systems perform their safety functions then

b) be designed to mitigate the effects of the harmful event, thereby reducing the risk by reducing the consequences;

Note 5 to entry: A person can be part of a safety-related system. For example, a person could receive information

from a programmable electronic device and perform a safety action based on this information, or perform a safety

Note 6 to entry: A safety-related system includes all the hardware, software and supporting services (for example,

power supplies) necessary to carry out the specified safety function (sensors, other input devices, final elements

(actuators) and other output devices are therefore included in the safety-related system).

Note 7 to entry: A safety-related system may be based on a wide range of technologies including electrical,

[SOURCE: IEC 61508-4:2010, 3.4.1, modified – The word "technology" has been added to the

probability of a safety-related system satisfactorily maintaining the required safety functions

Note 1 to entry: The higher the level of safety integrity, the lower the probability that the safety-related system will

fail to carry out the specified safety functions or will fail to adopt a specified state when required.

Note 2 to entry: There are four levels of safety integrity (see 3.5.8 of IEC 61508-4:2010).

Note 3 to entry: In determining safety integrity, all causes of failures (both random hardware failures and systematic

failures) that lead to an unsafe state should be included, for example hardware failures, software induced failures

and failures due to electrical interference. Some of these types of failure, in particular random hardware failures,

may be quantified using such measures as the average frequency of failure in the dangerous mode of failure or the

probability of a safety-related protection system failing to operate on demand. However, safety integrity also depends

on many factors that cannot be accurately quantified but can only be considered qualitatively.

Note 4 to entry: Safety integrity comprises hardware safety integrity and systematic safety integrity.

Note 5 to entry: This definition focuses on the reliability of the safety-related systems to perform the safety functions

[SOURCE: IEC 61508-4:2010, 3.5.4, modified – Deletion of "E/E/PE" from the definition, the

word "performing" has been replaced with "maintaining", "specified" has been replaced with

discrete level (one out of a possible four), corresponding to a range of safety integrity values,

where safety integrity level 4 has the highest level of safety integrity and safety integrity level 1

Note 1 to entry: The target failure measures (see 3.5.17) for the four safety integrity levels are specified in Tables 2

Note 2 to entry: Safety integrity levels are used for specifying the safety integrity requirements of the safety

Note 3 to entry: A safety integrity level (SIL) is not a property of a system, subsystem, element or component. The

correct interpretation of the phrase "SIL n safety-related system" (where n is 1, 2, 3 or 4) is that the system is

potentially capable of supporting safety functions with a safety integrity level up to n.