Ce document n'est actuellement disponible qu'en anglais.
- What does the term or abbreviation "STO" mean in practice?
- What exactly is STO on motor controllers?
What exactly happens on the controller when STO (Safe Torque Off) is initialized?
Is the power stage powered off?
STO means "Safe Torque Off"
"STO" resp. "Safe Torque Off" means that there is no field-generating (= torque generating) current applied to the motor windings by the motor controller. STO state is active if there is not the required (specified) logic supply voltage level present at STO input signal lines.
Safety aspects and certification?
Although STO is often assumed to be certified safety feature, such a certificate is not mandatory to use the term "STO - Safe torque off".
A STO functionality without certification may be sufficient if there is no potential risk to injure users by mechanics' motion linked to a motor. Nevertheless, for machines where a certain (higher) safety level (e.g. SIL?) is necessary, a motor controller with certified STO functionality is sometimes required.
If a certified STO is a mandatory demand but not present, an alternative and well-known solution since years is to cut the supply voltage of the power output stage via a safety contactor in the event of an emergency or hazard system state.
- The STO is typically based on two (differential) digital inputs which are independent of each other and react directly on power stage's hardware level (without the need of motor controller software). The control of the power stage's MOSFETs is blocked as long as there is not a sufficient (specified) logic voltage level on both(!) STO inputs present.
- When STO is active, the MOSFETs cannot be switching and no rotating field can be generated, i.e. the motor windings cannot generate torque (=> Torque Off).
- The control of the power output stage is immediately blocked as soon as one or both STO input signals are interrupted during operation.
- Only if both STO inputs have the minimum specified logic voltage level (typ. 5V or 24V), the power stage can be "enabled".
- As part of the STO functionality, an STO output is often available to check the STO state (directly on hardware level without software influence).
- Most motor controllers (as well as the EPOS4) report an STO fault condition ...
- ... if an attempt is made to "enable" (= activate) the power output stage although there is no sufficient logic voltage level applied to the two STO signal inputs.
- ... if one or both of the STO input signals is interrupted during operation.
- In STO state, the power output stage cannot be "enabled" or is "disabled" if the state occurs when the motor is already running.
- The reporting of an error condition and "disabling" of the power output stage is carried out via motor controller's software (so-called firmware) as part of the general error handling as a follow-up action to the hardware blocking of the MOSFETs in the absence of an STO signal.
EPOS4 and STO?
EPOS4 offers a "STO - Safe torque off" feature but it is not(!) certified.
Please find this information also by the Hardware Reference of each EPOS4 product type:
Please find EPOS4's STO I/O specification and a more detailed description of EPOS4's STO functionality here:
- Chapter "3 Setup -> Connections -> STO (X9)
of the "Hardware Reference" of the concrete EPOS4 product type in use.
- Chapter "9 Safe Torque Off (STO)"
of the "EPOS4 Application Notes Collection.pdf".
In the appendix you will also find this chapter as an excerpt.
Additional important notes:
STO is not(!) synonymous with switching off the motor voltage.
STO just states that the generation of the necessary electrical rotating field for the rotor movement and torque generation (of an EC motor) is blocked.
If the MOSFETs of the power stage are damaged and short-circuited, a voltage can still be present at the output of the power stage and at the motor terminals in the worst case even if STO is active and an EC motor no longer rotates.
A DC motor can continue to rotate and produce torque when a constant "faulty" voltage is present due to the power stage defects.
Touching the motor terminals of 230V/380V servo motors or AC motors can be life-threatening even when STO is active in the event of hardware defects due to the risk of electric shock, as long as the supply voltage is not switched off. In case of service, please be sure to observe the disconnection of the supply voltage as well as all other safety instructions mentioned by the manual of the motor controller.
maxon motors and controllers are typically operated with a supply voltage of 48V or lower. Such a voltage level is not rated as safety-critical from the electrical point of view (-> risk of electric shock) for most devices and standards.
STO does not(!) result in a defined deceleration and STOP behavior.
In the case of STO, the motor can continue to move due to an external force or lack of friction and not come to a stop at all or only after a very long delay.
The braking and stopping behavior of the STO during an active motion depends on the mechanics and their friction as well as the energy of the currently moving mass. The following applications are particularly critical in this respect:
Vertical applications, such as cranes or lifts.
Applications with high moments of inertia and / or high speeds such as centrifuges.
Mechanics with only very low friction and self-holding moments.
- Depending on the application, the use of a mechanical or electromechanical brake may be necessary to bring the drive to a quick and stable stop.
Add-on Support Center documents:
- EPOS4, STO, ISO 13849: Certification de sécurité des systèmes ?
- EPOS4 : Causes de "STO error" (0x8A88)