Mobile robots such as AGVs and AMRs are no longer isolated machines operating at the edge of production. They are becoming an integral part of factory workflows, interacting with people, infrastructure, and stationary automation systems.
While onboard safety concepts for mobile machines are well established, integrating these machines into factory floor safety systems introduces new challenges, especially when the only viable connection is wireless. Understanding these challenges, and how to address them, is key to scaling mobile automation in modern production environments.
To understand why integrating mobile machines into factoryfloor safety systems is challenging, it’s necessary to look at the system architecture as a whole, from the mobile device to the factory floor, and the wireless network that must connect them.
Modern AGVs and AMRs can be seen as safe islands on wheels. They typically carry their own safety sensors and safety logic, designed to protect people and equipment in the immediate vicinity of the machine. Emergency stop buttons, laser scanners, and driverelated safety functions are handled locally, allowing very fast reaction times when a hazard is detected.
This local safety setup is usually based on a homogeneous safety network inside the mobile machine. Just as importantly, this onboard safety system is owned and certified by the machine manufacturer. As a result, thirdparty access to the onboard safety network is normally not allowed. These principles are reflected in standards such as ISO 36914 and reinforced by the EU Machinery Regulation 2023/1230, both of which place increased emphasis on clearly defined safety concepts for mobile machines.
In short, the mobile machine is safe on its own - but its safety system is isolated from the factoryfloor safety infrastructure it increasingly needs to interact with.
The picture changes completely when we look beyond the mobile machine and onto the factory floor. Factoryfloor safety systems are:
Different machines, cells, and infrastructure components may use different safety protocols and automation platforms. The result is an inhomogeneous safety architecture, where safety signals need to be exchanged across machines, zones, and systems that were never designed to work together seamlessly.
The core challenge is clear: how do you attach a mobile robot fleet to safety signal processing on the factory floor?
In practice, there is only one realistic way to connect mobile machines to factoryfloor safety systems: wireless communication. Mobile machines move, and wired safety connections are simply not feasible.
However, wireless introduces a new set of problems:
Wireless infrastructure is typically designed for IT traffic, where buffering and retransmissions are acceptable. Safety communication is different. Safety signals cannot be buffered indefinitely, and repeated packet loss will cause the system to enter a safe state - often leading to unnecessary stops and reduced availability.
The solution is not to make wireless deterministic, but to treat it as a black channel. In a blackchannel approach, the underlying transport medium is assumed to be unreliable by design. Safety integrity is ensured entirely by the safety protocol, not by the network.
Standardized safety protocols such as CIP Safety and PROFIsafe are explicitly designed for this purpose. They allow safety signals to be transmitted over standard Ethernet networks, including WiFi, while maintaining safety integrity up to SIL 3 / PL e.
Even when network quality fluctuates, the safety integrity of the signal remains unaffected. What does change is availability. Network quality influences how many devices can communicate safely and how long safety timeouts must be configured, which in turn affects reaction times.
CIP Safety and PROFIsafe both follow the black channel principle, but they behave differently in wireless environments.
CIP Safety on EtherNet/IP is purely IPbased, which makes it easier to route through standard IT infrastructure and existing wireless networks. This makes it particularly suitable for mobile machines that already rely on WiFi for fleet management or diagnostics.
PROFIsafe, on the other hand, is more efficient on the communication layer but requires specific capabilities in wireless access points.
In many factories, both protocols coexist, which is why mobile machines must be prepared to support either, depending on the deployment environment.
This is exactly the gap the Anybus Safe2Link is designed to bridge.
The Safe2Link implements standardized safety protocols over existing wireless infrastructure, allowing safety signals to be exchanged between mobile machines and stationary safety systems without changing the onboard safety configuration.
Instead of programming new safety logic, the approach is to parameterize certified safety functions and reuse what is already there, both on the machine and on the factory floor.
In a typical system architecture, mobile machines already contain a vehicle controller for navigation and motion, local safety sensors and safety logic for fast reaction, and wireless connectivity to higher level systems such as fleet or warehouse management.
At the same time, the factory floor includes external emergency stop devices, safety PLCs, and other safety related infrastructure that must be able to influence the behavior of mobile machines. The challenge is to loop these external safety signals into the mobile machine without modifying the certified onboard safety network, and to do so over an unreliable wireless link.
This combined system view highlights why a dedicated, standardized mechanism is required to safely bridge mobile and stationary safety systems while preserving fast local reaction and overall system certification.
The Safe2Link is a compact, rugged remote safety I/O device designed for mobile environments. Key hardware features include:
Clear status indicators support fast troubleshooting during commissioning and operation.
On the software side, the Safe2Link focuses on interoperability and reduced recertification effort:
Instead of programming custom safety logic, Safe2Link allows safe parameter transfer at startup, configurable filtering, and sensor supervision. This significantly reduces integration risk and certification effort.
Advanced functions such as Safe Stop Category 1 (SS1t) and SafeBound™ allow fast local safe stops to be combined with slower remote safe stops, which is critical when wireless delays cannot be avoided.
The integration of a remote safe stop follows four clear steps:
This structured approach allows mobile machines to participate in factory level safety concepts while preserving the integrity of their onboard safety systems.
As mobile machines become an integral part of modern production environments, integrating them into factory floor safety systems is no longer optional. Wireless communication is unavoidable, but it does not have to compromise safety.
By combining standardized black channel safety protocols with a practical implementation like the Safe2Link, safety integration becomes predictable, certifiable, and scalable. That is how we move from safety logic to real world action.
Stefan Kraus is the Functional Safety Product Manager at HMS Networks. Stefan has over 20 years of experience in industrial communication and has specialized within functional safety since 2012.
