Machine safety in Australia. AS 4024 and ISO 13849, in plain English.

What AS 4024 actually covers.

When was the last time anyone in the plant could name the Performance Level required for the access door on the main wrapper line?

AS 4024 is the Australian and New Zealand standards series for the safety of machinery. It is not one standard. It is a family of parts, each addressing a different aspect of the machine-safety question: general principles, risk assessment, design of safety control systems, design of guards, ergonomics, fixed and movable guards, emergency stops, two-hand controls, and others.

The series exists because machine safety is too broad for one document. A machine designer needs general principles. A plant manager needs guidance on guarding. A controls engineer needs the design rules for safety-related parts of the control system. AS 4024 partitions those audiences across the parts so each user picks up only what they need.

The international adoption story.

The Australian standards body, Standards Australia (with Standards New Zealand for the joint AS/NZS versions), has progressively aligned AS 4024 with international machine-safety standards over the last fifteen years. The 2014 revision wave was the key move: nineteen parts were restructured as direct text adoptions of the corresponding ISO and EN standards, two new parts were added, and four parts were superseded and withdrawn.

The practical consequence is that the AS 4024 parts now generally reference international standard numbers throughout. Two of the most-referenced parts:

• AS/NZS 4024.1201:2014 adopts ISO 12100:2010 (Safety of machinery — General principles for design — Risk assessment and risk reduction). This is the foundational document that any machine-safety conversation starts from.
• AS 4024.1501:2006 adopts ISO 13849-1 (Safety of machinery — Safety-related parts of control systems). The ISO 13849 series is the controls-engineering anchor for machine safety.

A plant engineer reading a current AS 4024 document is, in most cases, reading the corresponding ISO document with an AS/NZS cover page. That is deliberate. Australian manufacturers buy machinery from a global supply chain, and aligning the AS standards with the source standards reduces the cost of compliance for everyone involved.

Performance Levels and Categories.

ISO 13849-1 defines two parallel concepts that often get conflated. Both apply to safety-related parts of a machine control system. They mean different things.

Performance Level (PL).

A measure of how much risk reduction a safety function delivers. Five levels: PLa (lowest), PLb, PLc, PLd, PLe (highest). The levels are defined in terms of average probability of dangerous failure per hour (PFHd): PLa corresponds to a PFHd of less than 1 × 10⁻⁴, PLe to ≥1 × 10⁻⁸. Each safety function identified in the machine's risk assessment is assigned a required Performance Level (PLr) based on the risk it has to reduce. The achieved PL of the implemented safety function has to meet or exceed PLr for the machine to be compliant.

Category.

The architectural arrangement of the safety function. Five categories: B (basic), 1, 2, 3, 4 (highest). Categories describe how the safety function is structured: single-channel or dual-channel, with or without diagnostics, with or without fault-tolerance. Category 1 achieves higher reliability than Category B through the use of "well-tried" components (listed in ISO 13849-2 annexes) but remains single-channel. Category 4 is dual-channel with continuous monitoring such that a single fault never causes loss of the safety function.

The relationship.

The achieved PL is a function of the Category (architecture), the MTTFD (mean time to dangerous failure of the components), and the Diagnostic Coverage (DC). A PLd safety function can be implemented as Category 2 with high MTTFD and high DC, or as Category 3 with medium MTTFD and medium DC. The same Performance Level, different architectures, different reliability budgets, different costs.

The decision rule for the plant: pick the Category that supports the required PL with the components actually available in the panel and the field. A panel with no diagnostic coverage on the safety contactors cannot achieve PLd no matter how the PLC code is structured.

What triggers a machine-safety re-assessment.

An installed machine is compliant against the standard that was current when it was assessed. Standards move. Machines move. Re-assessment is required when something material changes.

Five triggers consistently appear in Australian machine-safety practice:

• Significant modification. A change to the machine's design or operation that alters the hazard profile. Adding a new tool, a new feed mechanism, a new energy source. Changing the production speed range. Replacing a major sub-system.
• Change in hazard class. A new product line that introduces a new hazard (a new chemical, a new temperature range, a new pinch point). The risk assessment that produced the original PLr no longer reflects the machine's actual use.
• Incident or near-miss. An event that suggests an existing safeguard is insufficient. The investigation typically triggers re-assessment of the affected safety functions and often of adjacent ones.
• Regulatory inspection. A WHS inspector or insurer who flags the machine for review. The trigger is external, the work is the same.
• Controls upgrade touching safety functions. A brownfield PLC migration, a new SCADA, a refresh of safety relays or contactors. Any change to the safety-related parts of the control system reopens the compliance question, whether the upgrade scope was framed that way or not.

The last point is the one plants regularly miss. A migration from S7-300 to S7-1500 (the subject of a separate spoke) almost always lands on safety logic somewhere in the controller. If the new architecture inherits the old safety design without re-assessment, the plant is operating to an unstated assumption that the original assessment still applies. Sometimes it does. Sometimes it does not. The way to know is to look.

The WHS Act relationship.

Australian state and territory Work Health and Safety legislation is the legal framework that gives AS 4024 its teeth. The WHS Act and Regulations require persons conducting a business or undertaking (PCBUs) to manage risks to health and safety so far as is reasonably practicable. The legislation does not require compliance with AS 4024 specifically. It does require demonstrating that the PCBU has done what is reasonably practicable to manage the risk.

In practice, compliance with the relevant Australian Standard is the most defensible way to demonstrate that the PCBU has met its duty. A WHS inspector arriving at the plant after an incident will ask which risk-management approach the plant followed for the safety control system. "We followed AS/NZS 4024" is a defensible answer. "We assessed each hazard and decided on appropriate controls" is also a defensible answer, but it requires the plant to produce the assessment that supports it. Standards compliance is the well-trodden path.

The same logic applies to insurers and corporate parents. Insurers price on risk; risk is lower where standards compliance is demonstrable. Corporate parents who own multiple sites under different state WHS regimes tend to standardise on the toughest common denominator, which usually means AS/NZS 4024 with international standards as the underlying reference.

What an engineering-grade assessment delivers.

The output of a competent machine-safety assessment is concrete enough to act on. Loose deliverables read well and prevent nothing.

What a useful assessment includes:

• A list of identified hazards with their location, the persons exposed, the trigger conditions, and the consequence severity.
• A risk assessment per hazard using a published methodology (ISO 12100 is the default) that produces a defensible PLr for each safety function.
• A description of each safety function end to end: the sensor or input device, the logic solver, the final element or output device, the operating mode the function applies in.
• An architecture decision per function showing the Category, expected MTTFD, expected DC, and the achieved PL with the calculation.
• A maintenance and test plan. Safety functions degrade. The PL holds only as long as the components remain inside their specified failure rates. Proof-test intervals and replacement schedules belong in the assessment, not in a separate document nobody opens.
• A residual-risk statement. The risks the safety controls do not remove, and the procedural or training controls that address them.

Pac Technologies' consultancy practice handles AS 4024 / ISO 13849 assessments as part of project FEED work and brownfield re-assessment. The work tends to land at the controls-engineering boundary that machine-safety consultants often hand off to the controls integrator and that the controls integrator often hands back. We treat the boundary as part of the engagement and we hand over a working design, not a list of findings.

Common questions.

Sources and further reading.

Standards body and industry references for the AS 4024 / ISO 13849 claims above. Retrieved 18 May 2026.

• Standards Australia. AS/NZS 4024:2019 series — Safety of machinery. store.standards.org.au
• Process & Control Engineering. Standards Australia revises AS 4024.1 and adopts international machinery safety standards. processonline.com.au
• ISO. ISO 13849-1:2023 Safety of machinery — Safety-related parts of control systems — Part 1: General principles for design. iso.org
• Pilz. EN ISO 13849-1 — Basis for Performance Level. pilz.com
• Safe Work Australia. Model WHS Regulations. safeworkaustralia.gov.au

This article sits under Pac Technologies' consultancy service. For the process-safety side (SIL, IEC 61511), see the SIL determination article. For the brownfield context that triggers most re-assessments, see the Brownfield upgrade guide.