PROFIsafe
PROFIsafe is an industrial safety protocol for functional safety within Industrial Automation and Process Automation. The protocol is used to enable safe communication between a Safety PLC, safe field devices, drives, remote I/O and other safety-related components across standard industrial networks such as ProfiNET and Profibus.
PROFIsafe is designed to meet the requirements of IEC 61508, IEC 61511 and ISO 13849. The protocol supports applications up to SIL3 and PL e, depending on the implementation. Unlike classic hard-wired safety solutions, PROFIsafe uses the same physical network connection for both standard process data and safety data, while functional separation is enforced logically.
In modern IT OT Convergence environments, PROFIsafe plays an important role as safety systems become more tightly integrated with digital OT networks, SCADA, DCS, HMI systems and central engineering platforms.
🛡️ What is PROFIsafe
PROFIsafe is an application protocol that runs on top of ProfiNET or Profibus. The protocol adds extra safety mechanisms on top of standard industrial communication to detect transmission errors, manipulation and unexpected communication problems.
The protocol was developed by PROFIBUS & PROFINET International (PI) as an extension for safe industrial communication without separate safety wiring.
Key characteristics:
- Safety communication over standard Ethernet infrastructure
- Support for fail-safe automation
- Suitable for SIL3 and PL e
- No separate safety bus needed
- Integration with standard PROFINET traffic
- High diagnostic coverage
- Deterministic communication
PROFIsafe is widely used in:
- Machine safety
- Robotics
- Production lines
- Process installations
- Power plants
- Water treatment plants
- Transport and logistics systems
⚙️ PROFIsafe architecture
PROFIsafe operates on a black-channel principle. The underlying communication network is considered potentially unsafe. The safety protocol itself therefore implements all required error detection.
The architecture typically consists of:
| Component | Function |
|---|---|
| Safety PLC | Central safety logic |
| Fail-safe I/O | Safe reading and writing of signals |
| PROFIsafe device | Safety-compatible end device |
| Industrial Switch | Ethernet switching |
| ProfiNET network | Transport layer |
| Engineering Station | Configuration and validation |
Safety data is packaged in PROFIsafe telegrams that run on top of standard PROFINET Real-Time communication.
Typical communication:
Safety PLC ↓PROFINET RT ↓PROFIsafe telegram ↓Fail-safe I/O / safe drive
The underlying network layer itself does not need to be safety-certified as long as PROFIsafe can guarantee integrity.
🔐 Safety mechanisms
PROFIsafe uses several mechanisms to detect faults.
CRC validation
Each safety message contains a CRC checksum for error detection.
Detected errors:
- Bit errors
- Telegram corruption
- Incorrect sequence
- Incomplete packets
Consecutive numbering
Messages are given incrementing sequence numbers.
PROFIsafe uses this to detect:
- Duplicates
- Lost telegrams
- Replay issues
- Wrong sequence
This also provides partial protection against Replay Attack scenarios.
Watchdog monitoring
Communication is monitored using time limits.
If exceeded:
- The device goes fail-safe
- Outputs are de-energised
- The process is shut down safely
This timing control is critical in real-time OT networks with low Latency and limited Jitter.
Unique connection IDs
Each PROFIsafe connection uses unique identifiers between controller and device.
This prevents:
- Cross-communication
- Wrong device pairings
- Telegram swapping
🏭 PROFIsafe in industrial environments
PROFIsafe is used in a wide range of OT environments.
Manufacturing industry
Examples:
- Emergency stop circuits
- Safety doors
- Light curtains
- Safety relays
- Robot safety
For example:
A robot cell contains:
- Safety laser
- Light Curtain
- Safety doors
- Servo drives with STO
All safety signals communicate via PROFIsafe to a central Safety PLC.
Process industry
In continuous processes, PROFIsafe is used for:
- Fire and gas detection
- Safe valve shutdown
- Burner management
- SIS integration
In combination with SIS architectures, PROFIsafe can be part of safety-critical shutdown systems.
Energy infrastructure
Applications:
- Turbine protection
- High-voltage interlocks
- Emergency stop logic
- Safe switching
Here, high availability plays a major role in combination with Redundancy and High Availability.
🔄 PROFIsafe over PROFINET
The most common implementation is PROFIsafe over ProfiNET.
Safety telegrams are integrated into standard Ethernet traffic.
Communication modes:
| Mode | Property |
|---|---|
| RT | Real-Time communication |
| IRT | Isochronous Real-Time |
| TSN integration | Next-generation convergence |
IRT is often used for motion control and very short cycle times.
Applications:
- Synchronisation of servo drives
- Safety functions within motion control
- Robot synchronisation
- Safe positioning
In modern architectures, PROFIsafe is combined with:
⏱️ Real-time behaviour
Safety communication requires predictable timing.
Important parameters:
| Parameter | Typical value |
|---|---|
| Cycle time | 1-10 ms |
| Watchdog | 10-100 ms |
| Jitter | Very low |
| Availability | >99.99% |
Issues that may affect safety:
- Network Congestion
- Broadcast storms
- Incorrect QoS
- Faulty switches
- Duplex mismatches
- Overloaded PLCs
PROFIsafe networks are therefore often segregated into dedicated VLANs or segmented OT Network architectures.
🧠 Relationship to functional safety
PROFIsafe supports functional safety but does not replace safety analysis.
Safety engineering still requires:
- Risk Assessment
- HAZOP
- LOPA
- SIL determination
- Validation
- FAT/SAT testing
Important standards:
| Standard | Function |
|---|---|
| IEC 61508 | Functional safety |
| IEC 61511 | Process safety |
| ISO 13849 | Machine safety |
| IEC 62061 | Safety machine control |
| Machinery Directive | European machine safety |
🔍 PROFIsafe versus hardwired safety
| Property | Hardwired | PROFIsafe |
|---|---|---|
| Cabling | Extensive | Less |
| Flexibility | Low | High |
| Diagnostics | Limited | Extensive |
| Scalability | Difficult | Good |
| Changes | Labour-intensive | Software-based |
| Engineering | Complex | Centralised |
| Maintenance | Awkward | More efficient |
PROFIsafe significantly reduces the amount of safety wiring in large installations.
⚠️ Cybersecurity considerations
Although PROFIsafe protects against transmission errors, it is not a full cybersecurity protocol.
The protocol does not by itself protect against:
- Spoofing
- Man-In-The-Middle
- Malware
- Unauthorised engineering
- Malicious configuration changes
Additional measures are therefore needed:
| Security measure | Purpose |
|---|---|
| Network Segmentation | Limit lateral movement |
| Industrial Firewall | Traffic filtering |
| NAC | Device control |
| 802.1X | Network authentication |
| IDS | Anomaly detection |
| Logging | Auditing |
| Patch Management | Vulnerability reduction |
In modern OT security models, PROFIsafe is embedded within a Defense in Depth strategy aligned with IEC 62443.
🧱 PROFIsafe and IEC 62443
Under IEC 62443, PROFIsafe falls under industrial communication between safety-related assets.
Key points of attention:
- Segmentation of safety zones
- Separation between safety and enterprise IT
- Hardened engineering stations
- Authentication of engineers
- Secure remote access
- Change management
Many organisations place safety systems in separate Zones within a Zones and Conduits Model.
🔌 Integration with drives and motion control
Modern variable frequency drives and servo drives support integrated safety functions via PROFIsafe.
Examples:
| Function | Description |
|---|---|
| STO | Safe Torque Off |
| SS1 | Safe Stop 1 |
| SLS | Safely Limited Speed |
| SDI | Safe Direction |
| SOS | Safe Operating Stop |
These functions are used in:
- Packaging lines
- CNC machines
- AGV systems
- Robotics
- Conveyor installations
By implementing safety over network communication, complex motion systems can be managed more easily.
🧪 Diagnostics and troubleshooting
Common PROFIsafe problems:
| Problem | Possible cause |
|---|---|
| Watchdog timeout | Network delay |
| CRC errors | EMC interference |
| Device mismatch | Wrong configuration |
| Safety fault | Parameter deviation |
| Connection loss | Switch problem |
| Intermittent faults | Bad wiring |
Diagnostics is often done via:
- PLC diagnostics
- Wireshark
- PROFINET analysers
- SCADA alarms
- Historian logging
Network stability is crucial for reliable safety communication.
📈 Benefits of PROFIsafe
Key benefits:
- Less cabling
- Better diagnostics
- Flexible architectures
- Integration with standard Ethernet
- Support for complex safety functions
- Scalability
- Lower maintenance costs
For large industrial installations, this delivers significant engineering and lifecycle benefits.
⚡ Limitations and considerations
Despite its benefits, PROFIsafe has limitations.
Complexity
Safety networks require specialist knowledge of:
- Functional safety
- Network architecture
- Deterministic Ethernet networks
- Certification
Network dependency
A network problem can disrupt safety functions.
Important measures:
- Redundancy
- Segregated backbone networks
- High availability
- Correct switch configurations
Vendor lock-in
Although PROFIsafe is standardised, compatibility differences exist between suppliers.
For example:
- Siemens
- Phoenix Contact
- Beckhoff
- Pilz
- ABB
Integration tests remain necessary.
🏗️ PROFIsafe in Industry 4.0
In Industry 4.0, the role of integrated Safety and communication systems is growing.
New developments:
- Safety over TSN
- Virtual safety controllers
- Integration with Industrial AI
- Condition-based Safety
- Edge-based safety analysis
This shifts Safety from purely hardware-based to software-defined architectures.