A cobot risk assessment identifies every hazard in a collaborative robot application, evaluates the severity and probability of harm, and determines which safety measures are needed to reduce risk to acceptable levels. It follows ISO 12100 methodology and is required by ISO 10218-2 before any cobot can operate in a shared workspace.
The risk assessment drives everything downstream: which collaborative mode to use, which body regions to test, what force limits apply. Skip it or do it poorly, and the entire compliance chain breaks. That’s not an exaggeration. Force and pressure testing without a prior risk assessment is measuring the wrong things at the wrong places. You end up with compliance documentation that covers contact scenarios that don’t matter while missing the ones that do.
Why the Risk Assessment Comes First
ISO 10218-2 is explicit: the risk assessment must be completed before the cobot installation is commissioned. This isn’t procedural formality. Without it, there’s no basis for any downstream safety decision.
The risk assessment is what tells you:
- Which body regions are realistically exposed to contact, based on where operators actually stand, reach, and work
- Whether contact at each point is transient (operator can recoil) or quasi-static (operator gets trapped)
- Which of the four collaborative operation modes applies: safety-rated monitored stop, hand guiding, speed and separation monitoring, or power and force limiting
- Which ISO/TS 15066 force and pressure limits govern each identified contact scenario
- Where to position measurement equipment during compliance testing
The scope of all downstream safety work comes from the risk assessment. For the standards framework that defines what each of those requirements means, see Collaborative Robot Safety Standards: ISO 10218 and ISO/TS 15066 Explained.
The ISO 12100 Process
ISO 12100 defines a five-step iterative process. The output of each step feeds into the next, and the process repeats until all residual risks meet tolerability criteria.
- Step 1Define Machine Limits Document intended use, spatial limits (reach envelope, adjacent work areas), time limits (design life, maintenance intervals), and operator roles. Be specific: 'pick-and-place aluminum housings, max 2 kg, operator standing 400mm from robot base' is useful. 'Cobot cell' is not.
- Step 2Identify Hazards Systematically catalog every hazard for every operating mode: normal production, teaching/programming, maintenance, cleaning, fault recovery. Use the standard hazard categories: mechanical, electrical, thermal, radiation, ergonomic. Missing an operating mode here means it doesn't get assessed.
- Step 3Estimate Risk For each hazard: severity of harm (S), probability of occurrence (P), frequency and duration of exposure (F), and possibility of avoiding or limiting harm (A). ISO 12100 doesn't prescribe a scoring method, but your facility's method must be documented and consistently applied.
- Step 4Evaluate Risk Compare each estimated risk against your tolerability criteria. Is the risk acceptable as-is? If not, it moves to step 5. Document the outcome either way. Risks accepted without reduction still need sign-off.
- Step 5Reduce Risk Apply the three-step hierarchy in order: inherent safe design first, then safeguarding measures, then information and training. Document which measures address which hazards. This traceability is what auditors check.
The three-step risk reduction hierarchy matters because the order is not optional. You cannot skip to a warning label if a design change would eliminate the hazard. ISO 12100 requires working through the hierarchy in sequence:
- Inherent safe design: Change the robot path to eliminate the contact scenario. Reduce speed at the relevant point in the program. Modify tool geometry to remove sharp edges or protrusions. Change workspace layout to increase clearance from fixed surfaces.
- Safeguarding: Apply power and force limiting (PFL) mode with validated speed and force settings. Add safety-rated sensors. Install physical barriers for contact points that can’t be addressed by design.
- Information and training: Document residual risks, train operators, post warnings. This step only addresses what couldn’t be designed or safeguarded out. It’s not a shortcut.
Hazard Identification for Cobot Cells
Hazard identification is where most risk assessments go wrong. The common failure is doing it from a desk, looking at a CAD drawing or watching a video of the robot cycle. That approach misses what operators actually experience.
Walk through the cell physically. Stand where the operator stands. Reach where they reach. Watch the robot cycle at full speed from the operator’s position. The hazards that matter are the ones visible from that vantage point, not the theoretical ones derived from a process flow chart.
The main hazard categories for cobot applications:
Teal = Non-negotiable
For each identified hazard, record: what the hazard is, which operating mode it occurs in, which body region is realistically exposed, and what the realistic worst-case outcome is. Vague hazard descriptions produce vague risk estimates. “Robot hits operator” is not a hazard entry. “CRX-10iA arm segment 3 strikes operator’s forearm during return stroke at 250mm/s, quasi-static against conveyor rail at 600mm height” is a hazard entry.
Body Region Mapping
Every identified contact hazard gets mapped to one or more body regions from ISO/TS 15066 Table A.2. This mapping determines which force and pressure limits apply during compliance testing.
The mapping process follows the operator’s actual position and motion during the task:
- For each identified contact point, determine which body part is realistically exposed given normal operator posture
- Account for operator variability: seated versus standing, left-handed versus right-handed, operators at the 5th versus 95th height percentile
- Consider the full range of motion the operator performs during the task, not just the nominal position
- Map to the specific body region from ISO/TS 15066 Table A.2, not a generic category
A few mappings that are frequently wrong in practice: shoulder-height horizontal robot paths often expose the face and neck of shorter operators, not just the shoulder. Assembly tasks that require leaning in expose the torso to clamping against the robot base or tooling fixture. Foot exposure is common but often omitted entirely.
For the complete spring constant and force limit table per body region, see ISO/TS 15066 Body Region Force and Pressure Limits. That table is what connects your hazard map to the specific measurement setup for compliance testing.
Documenting the Risk Assessment
Documentation is where many technically sound risk assessments fail an audit. The analysis may be correct, but if it’s not documented in a form that demonstrates compliance with ISO 10218-2, it doesn’t satisfy the requirement.
| Required Element | What Auditors Check | Common Gap |
|---|---|---|
| Machine description and intended use | Specific: robot model, end-effector, payload, workpiece, operator role, production rate | Generic entries like 'cobot cell' or 'collaborative assembly task' with no specifics |
| Hazard list with operating modes | All operating modes covered: normal, teaching, maintenance, cleaning, fault recovery | Teaching mode hazards missing entirely (most common single gap) |
| Risk estimation per hazard | Severity, probability, exposure frequency, and avoidability documented for each hazard | Estimates present but undocumented basis: 'low probability' with no supporting reasoning |
| Risk reduction measures | Each measure traced back to the specific hazard it addresses | List of safety features with no linkage to the hazard list |
| Residual risk acceptance | Signed off by a responsible person with date and title | No signature, no date, or sign-off by someone without authority |
| Re-assessment triggers | Documented criteria specifying what changes require a new risk assessment | Missing entirely from most first-generation risk assessments |
The re-assessment trigger documentation is the element most consistently missing from risk assessments that were otherwise thorough. ISO 10218-2 requires it. In practice, it’s a short list: new end-effector, modified robot program, different workpiece type, changed cell layout, new or modified operator tasks, and any near-miss or incident. Write it into the document. It becomes the basis for your change management procedure.
One more documentation discipline: record the robot program version tested. When the program changes, the risk assessment must be updated and compliance testing repeated. Without the version reference, you can’t demonstrate that your assessment reflects the current installation.
Common Mistakes
The same errors appear repeatedly across cobot risk assessments, regardless of facility or industry.
Using a generic template without customization. Templates are a starting point. A risk assessment that reads identically for a FANUC CRX-10iA picking 2 kg aluminum housings and a Universal Robots UR10e performing circuit board assembly is wrong for both of them. The hazard identification must reflect the actual application.
Assessing only normal operation. Teaching mode is where most actual incidents occur. The robot is under reduced speed control, but the operator is inside the workspace and potentially in postures they wouldn’t use during production. Maintenance and cleaning modes have their own hazard profiles. Every mode needs its own section.
Assuming the cobot is inherently safe. Collaborative robot designs have built-in force and speed limiting. That doesn’t make the application safe. The application includes the tooling, the workpieces, the fixtures, the workspace layout, and the specific interaction tasks. All of those introduce hazards the robot’s internal safety system doesn’t address. The manufacturer’s risk assessment for the robot itself does not cover the application.
Excluding operators from the hazard identification. Safety engineers and manufacturing engineers often identify the mechanical hazards. Operators identify the behavioral ones: the awkward reach they make twice a shift to clear a jam, the place where they rest their hand while waiting, the shortcut they take when production is behind. Walk the cell with the people who run it.
Treating it as a one-time document. A risk assessment describes the installation as it exists at a specific point in time. When anything changes, the assessment may no longer be accurate. Define update triggers in the document and enforce them through change management.
Frequently Asked Questions
Frequently Asked Questions
Who is responsible for the cobot risk assessment?
The system integrator is responsible under ISO 10218-2. For in-house installations, that's typically the manufacturing engineering or safety team. The robot manufacturer provides safety data for the robot itself, but the integrator must assess the complete application including tooling, workpieces, and the workspace layout.
How long does a cobot risk assessment take?
A thorough risk assessment for a single cobot cell typically takes 1-3 days depending on application complexity. Simple pick-and-place with one operator interaction point is faster. Multi-step assembly with variable operator positions takes longer. The documentation often takes as long as the analysis itself.
Can I use the robot manufacturer's risk assessment?
No. The manufacturer's risk assessment covers the robot as a product (ISO 10218-1). The integrator must perform a separate assessment for the complete application: robot plus tooling, workpieces, fixtures, and the human interaction scenarios specific to that installation (ISO 10218-2).
What triggers a risk assessment update?
Any change that affects the safety analysis: new end-effector, modified robot program, different workpiece, changed cell layout, new operator tasks, or a near-miss incident. ISO 10218-2 requires documentation of what triggers re-assessment in your facility.
Is a risk assessment legally required?
In the EU, yes. The Machinery Directive (now Machinery Regulation 2023/1230) requires risk assessment for all machinery including robot systems. In the US, OSHA references ANSI/RIA R15.06 which requires risk assessment per ISO 12100. Practically, no insurer will cover a cobot installation without one.
The risk assessment identifies what needs testing. The next step is performing those tests: measuring the actual forces and pressures at each identified contact point and comparing them against the ISO/TS 15066 limits for the relevant body regions. See the Cobot Safety Testing Guide for the measurement process, equipment selection, and documentation requirements.
Ready to validate your risk assessment with force and pressure measurement?
Explore CoboSafe →