Real-Time Risk Assessment: Safety Engineers Break Down a Robotic Cell Failure

Editor’s Note: This article takes an honest, conversational, podcast-style approach between a TUV-certified safety engineer and an EHS specialist. 

It’s a normal day on the shop floor.

A routine jam in a robotic cell, a worker steps in to fix it, and the light curtain trips as expected. Everything seems safe. But in a matter of seconds, the entire safety system quietly fails.

The machine is reset from the outside while the worker is still inside.

There’s no exclusive control, no visibility, and no second chances. The result? A preventable incident that leaves a worker seriously injured (or worse), the cell unsafe, and production halted with unplanned downtime.

This situation plays out more often than you might think. In today’s manufacturing environments, robotic cells are everywhere, but many systems have hidden flaws that don’t show up until it’s too late.

This article walks you through a real-life scenario where a robotic cell setup looked compliant but revealed serious gaps during everyday operation.

Through the lens of two experienced safety professionals, a certified TUV safety engineer and an EHS specialist, we’ll explore what went wrong, why it happened, and how to fix it.

Jump to a Section 

Meet the Experts | It Looked Safe | Scenario | What Went Wrong? | Better Design | Build With Risk in Mind | Lessons Learned | Next Steps for EHS Managers & Engineers | Additional Resources

Watch the Scenario in Action:

MPSA’s Ryan and Dave walk through a real-world example of a robotic cell that looked compliant on the surface, but fell short where it mattered most: protecting people. 

Video not loading? Watch on YouTube.

Meet the Experts

It Looked Safe, But Was It Really?

Ryan: “On paper, this robotic cell seemed safe. You had fixed perimeter guarding, properly mounted. The light curtains were installed where you'd expect. But when we walked through an everyday scenario, routine troubleshooting, gaps in the safety design became immediately apparent.”

Dave: “We see this more than you’d think. A setup passes initial inspection but falls short in real-life use. That’s where risk assessments and validation earn their keep.”

Scenario: A Routine Intervention Goes Wrong

Here’s what happened in this cell:

• A machine operator stands at the control panel.
  
  
• A line attendant enters the cell to adjust a box.
  
  
• An observer stands nearby, acting as the “lookout.”

Let’s pause there.

Dave: “This wasn’t a service or maintenance task. This was a normal part of daily operations.”

So, OSHA’s Lockout/Tagout (29 CFR 1910.147) requirements didn’t strictly apply here, but that doesn’t mean the situation was risk-free.

Ryan: “The light curtain tripped correctly when the attendant entered. That part worked. But the machine operator, relying on the observer, reset the machine without having a direct line of sight into the cell.

Dave: “And the observer? Distracted by their phone. It only took a few seconds for the entire safety system to fail.”

What Went Wrong?

Here’s a breakdown of the core issues:

 Light curtains worked, but weren’t enough

  The operator couldn’t see inside the cell when resetting

  The observer acted as a human safeguard (a risky workaround)

 No exclusive control for the person inside the cell

Ryan: “A worker should never have to rely on someone else to stay safe inside a robotic cell.”

Better Design = Better Control

This failure wasn’t about the quality of the components. It was about their application.

Here are practical, proven solutions that would’ve prevented the failure:

Trap Key Systems

• The person entering the cell takes a key with them.
  
  
• No one else can reset the machine until the key is returned.
  

Double Reset System

• Requires one reset inside the cell, and another outside.
  
  
• Prevents unintended restarts while someone’s still inside.
  
  

Explore Double Rest Systems

Presence Detection

• Safety mats or scanners detect anyone in the cell.
  
  
• The reset function is disabled until the area is clear.

Explore Presence Detection Components

Better Yet: Build With Risk in Mind

Dave: “All this reinforces why a validated risk assessment should drive safety design, not be an afterthought.” 

A good risk assessment would have flagged:

• The need for visual contact during reset
  
  
• The risk of relying on another person to confirm safety
  
  
• The use of light curtains without redundant safety layers
  
  

Ryan: “Standards like ANSI B11.0 and ISO 12100 actually spell this out. Visibility during reset is not just a best practice, it’s part of compliance.”

Lessons Learned (the Hard Way)

Even certified components can become weak links when they’re not thoughtfully applied. Here’s what you can take away:

 Never assume light curtains are a one-stop solution
  Give the person inside the cell exclusive control
  Design with human behavior (and error) in mind
  Validate your setup against real-life usage, not just standards

Next Steps for EHS Managers and Engineers

• Do you rely on an observer system?
  
  
• Are resets possible without full visibility?
  
  
• Does your team perform routine interventions outside of LOTO?
  
  

If you answered “yes” to any of these, it’s time to revisit your risk assessment. That’s where we come in. 

At MPSA, we understand that effective safety design starts with identifying and addressing real-world hazards, not just checking boxes. That’s why we offer three flexible hazard assessment options, designed to meet you where you are. 

So whether you’re rethinking your safety protocols after a close call or proactively working to prevent one, our team is here to help. Visit the MPSA website to learn more or reach out to Ryan or Dave with your questions. No pressure, just a conversation. 

Have a safe day. 

Additional Resources: 

More Machine Safety Articles

Meet The Rest Of The Team 

MPSA Offers Three Hazard Assessment Options to Meet You Where You Are