March 17

Fuel Cell Functional Safety

Functional safety and fuel cells may seem to have little cross-over on first glance. However,  stationary fuel cell safety standard IEC 62282-3-100 requires a written hazard and risk assessment, and fuel cell functional safety design principles.

Such assessments may not seem challenging at first, but certain early decisions are critical to success. How do you approach functional safety and fuel cells?

Hydrogen for future energy needs

The world is looking increasingly toward hydrogen as an abundant but largely untapped clean energy source. Fuel cell power systems are our future hydrogen engines for transportation, material handling and backup power generation.

A fuel cell is an electrochemical power generator that combines hydrogen and oxygen to generate electricity. The only by-products are water and heat, so fuel cells are inherently clean and not harmful to the environment.

Stationary fuel cells are just one application of the future energy technology. The goal of a stationary fuel cell system is to replace fossil fuel-powered diesel generators using a combination of banks of fuel cells. The environmental advantages are very clear. No dirty emissions.

In safety terms, although hydrogen as a fuel is flammable and potentially explosive, it represents a similar hazard to natural gas and gasoline. There are physical property differences, but the challenges for controlling risk are familiar to process industry end users.

Functional safety and fuel cells

Functional safety life-cycle principles are relatively well known to oil, gas and chemicals companies that look to design multiple layers of protection and employ high integrity design principles from the outset. However, the functional safety topic is perhaps less familiar to fuel cell companies.

For example, the stationary fuel cell safety standard IEC 62282-3-100 requires a written hazard and risk assessment. Such an assessment may not seem challenging, but certain early decisions are critical.

One critical decision relates to the multiple cross-referenced risk assessment and functional safety standards. Does a stationary fuel cell system get classed as a “machine” or a “process” before risk assessment starts? It may sound insignificant, but there are major differences in machinery and process hazard and risk assessment approaches.

Table 1 outlines the differences between machinery and process safety domains.

Machinery safety

process safety

Typical Operational Hazards

Hazards from moving mechanical parts, noise, vibration, contact with electrical components by operators

Loss of containment of hazardous materials that are flammable, explosive or toxic

Main risk assessment standard

ISO 12100

IEC 61511

Functional safety design standards

ISO 13849-1

IEC 62061

IEC 61508

 IEC 61511


During normal operation after installation, it is questionable whether machinery risk assessment principles are applicable to a stationary fuel cell system. Stationary fuel cell systems have no moving parts that threaten people, and they pose a low threat of the noise or vibration associated with a machine.

Human contact with electical parts and hazards from stored energy are potential hazards at installation and during maintenance. Otherwise, process safety assessment principles are far more applicable to stationary fuel cell power systems, as is the delivery of hydrogen from storage. IEC 62282-3-100 should be updated to focus attention on specific cross-reference standards that include process risk assessment techniques.

About the author

Jon Keswick, CFSE

Jon Keswick is a Certified Functional Safety Expert (CFSE) and founder of eFunctionalSafety. Feel free to make contact via Linked-In or comment on any of the eFunctionalSafety blog pages.

Related posts

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}
Success message!
Warning message!
Error message!