See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/328987800

Risk Assessment for Human-Robot Collaboration in an automated

warehouse scenario

Conference Paper · September 2018

DOI: 10.1109/ETFA.2018.8502466

CITATION
READS
1
510

7 authors, including:

Rafia Inam
Klaus Raizer
Ericsson
Ericsson
45 PUBLICATIONS 177
CITATIONS 25 PUBLICATIONS 69 CITATIONS

Ricardo Souza
University of Campinas
19 PUBLICATIONS 76 CITATIONS

Some of the authors of this publication are also working on these related projects:

PPMSched View project

TROCA - Control of a Transportation Robot using the MECA Cognitive Architecture View project

All content following this page was uploaded by Klaus Raizer on 17 June 2019.
The user has requested enhancement of the downloaded file.
 PREPRINT
Risk Assessment for Human-Robot Collaboration
in an automated warehouse scenario
Rafia Inam∗, Klaus Raizer∗, Alberto Hata∗, Ricardo Souza∗, Elena Fersman∗,
Enyu Cao∗‡, Shaolei Wang∗‡
∗Ericsson Research, {firstname.lastname}@ericsson.com
‡ Royal Institute of Technology (KTH), {caoe, shaolei}@kth.se
Abstract—Collaborative robotics is recently taking an ever-
increasing role in modern industrial environments like man-
ufacturing, warehouses, mining, agriculture and others. This
trend introduces a number of advantages, such as increased
productivity and efficiency, but also new issues, such as new
risks and hazards due to the elimination of barriers between
humans and robots. In this paper we present risk assessment for
an automated warehouse use case in which mobile robots and
humans collaborate in a shared workspace to deliver products
from the shelves to the conveyor belts. We provide definitions of
specific human roles and perform risk assessment of human-
robot collaboration in these scenarios and identify a list of
hazards using Hazard Operability (HAZOP). Further, we present
safety recommendations that will be used in risk reduction
phase. We develop a simulated warehouse environment using V-
REP simulator. The robots use cameras for perception and
dynamically generate scene graphs for semantic representations
of their surroundings. We present our initial results on the
generated scene graphs. This representation will be employed
in the risk assessment process to enable the use of contextual
information of the robot’s perceived environment, which will be
further used during risk evaluation and mitigation phases and
then on robots’ actuation when needed.
Keywords-Collaborative robotics, safe human-robot collabora-
tion, warehouse, safety, risk assessment, safety standards,
ISO/TS 15066, hazard identification, HAZOP.
I. I NTRODUCTION
Robots are playing a viable role in manufacturing, ware-
houses and industries by performing operations in a shorter
time and in a more precise way as compared to humans.
However, there are some tasks where humans can’t be
replaced due to their complexity. Collaborative robotics, in
which robots and humans work together to accomplish
common tasks, demands additional safety requirements as
compared to traditional safeguarding measures [1]. The
autonomous operations of mobile robots in human-shared
environments introduce new advantages in terms of
productivity and effi- ciency, as the abilities of human and
machine complement one another, but it is subject to hard
safety constraints. It also introduces new risks and hazards,
like increased possibility of collision with workers. Due to
the elimination of barriers around the robot in this new
collaborative situation, a robot should interact with other
robots and workers at different levels. It is crucial to ensure
the correct and safe operation of the robot, so that it cannot
cause injuries or damages to the
workers, other objects or to itself [2]. This issue is aggravated
in an automated warehouse scenario, where mobile robots can
navigate autonomously together with human workers and
other moving robots.
Safety requirements for robots interaction were introduced
in the international standard ISO 10218 [3], [4] and for
human-robot collaboration (HRC) operations in a relatively
recent technical specification ISO/TS 15066:2016 [1]. Cur-
rently, the expected requirements of safety and unhindered
human-robot collaboration are under development. The scope
of the standard is not limited to the development of new
sensors, robots or intelligent control systems, but includes risk
analysis techniques, which is a fundamental requirement for
collaborative robot applications.
ISO standards alone are not enough for collaborative sys-
tems to ensure safety. A dedicated risk management approach
(including risk assessment and risk reduction) is vital, even for
those robots that are specifically designed for human-robot
col- laboration (HRC) [5], [6]. An experiment was performed
in [7] to check the safe collaborative operations by applying
“power and force limitation” specified in ISO/TS 15066
standard for pick-and-place task while taking the maximum
permissible values for pressure and force from the standard.
The results indicate that the current specification is not
sufficient, even though ISO/TS15066 was applied reasonably,
and there is a vital need for risk assessment. As a result of this,
additional actions to reduce risk must be taken for
collaborative scenarios in a safe manner.
In this paper we present a systematic description of collab-
orative scenarios for our use case, in the safety perspective
by first identifying different human roles, their collaborative
interactions, and unsafe scenarios along with safety issues.
Secondly, we perform a risk assessment for HRC that in-
cludes hazards identification by using Hazard Operability
(HAZOP) technique coupled with Unified Modeling Language
(UML) [8] and risk estimation. Lastly, we present our simu-
lation setup along with scene graph representation that will
be used to evaluate the proposed risk assessment, and initial
results of the dynamically generated scene graph for each
robot in our scenario1. Through the scene graph, the robot
perception
1
Code available in https://github.com/EricssonResearch/scott-eu/tree/
simulation-ros/simulation-ros
is converted into a semantic representation that contributes to
add relevant environment information for the risk assessment.
Paper Outline: Section II presents related works in risk
assessment for HRC. Section III describes an automated ware-
house use case using collaborative robots and the HRC scenar-
ios along with safety issues that could arise. It further presents
hazards and risk assessment for the use case. Implementation
set up along with semantic representation of the environment
and its initial results is presented in Section IV. Section V
presents discussion and finally, Section VI concludes the
paper with a description of ongoing and future works.
II. RELATED W ORK
Traditionally, when robots and humans share the same
working space, they are separated by barriers to avoid direct
contact with each other and consequently, prevent possible
injuries, such as seen in Kiva project [9]. There are some
initiatives to enable the interaction between humans and
robots to increase efficiency in the production. Despite
requiring risk assessment, some works do not follow any
safety standard. For instance, in the work of [10] the authors
employ robot equipped with cameras and sensors to detect
objects and people. In this case, the robot simply modifies its
path or velocity to prevent collisions, but does not perform
any risk assessment.
Regulations that incorporate robot related risks for human
workers include the international standard ISO 10218 [3],
[4] and ISO 13849-1 [11]. Based on these standards, several
works were done on industrial robotics to maximize the
productivity while sharing the same space. In [12], the authors
present a kinematic control strategy to enforce safety for such
robot through an optimization-based real-time path planning
algorithm. During planning, a tractable set of constraints on
the robot’s velocity is used to keep the minimum separation
distance to the human. As compared to our work, [12] does
not contemplate on risk assessment to ensure safety. The
work of [13] performs hazard analysis and risk assessment in
cable harness assembly and evaluates the safety design before
and after the implementation that resulted in the reduction of
the potential collaboration risks. However, different from our
proposed solution, the previous two works only consider fixed
robot manipulators and not mobile robots. In [14] the
operators use safety vests (ANSI/ISEA 107-2004 standard) to
facilitate their detection by the robot’s cameras. Moreover, the
robot complies with the EN 1525 standard which enables the
contact with humans by limiting the force and power [15].
Despite all these works following some safety standard, they
are not in the accordance with the most recent technical
specification ISO/TS 15066:2016, since they were in fact done
before the technical specification definition.
The ISO/TS 15066:2016 [1] standard introduces collabora-
tive robotics concepts and four collaborative operating modes
in details and thus, supplements the requirements of ISO
10218 in order to develop safe collaborative robot
applications. It enforces power, speed and movement
limitation on robots, according to the level of the risk that
they bring to humans.
Further, ISO 13849-1 [11] and IEC 62061 [16] provide guide-
lines to determine the safety level based on the severity, the
frequency of exposure and the possibility to manage the
hazard to an acceptable level by reducing risk.
Robotic companies such as ABB [6] and SICK [5] are
devel- oping robots and sensors that follow these standards to
be used in industrial automation. They present safety
requirements and emphasize the need of risk assessment and
risk reduction approach for collaborative robots using these
standards. Sim- ilar need of applying standards of risk
assessment and risk reduction, specially focused on
collaborative robots, have also been observed in research
institutes [17]. Recent works done from 2016 made
improvements in the HRC risk assessments and reductions by
identifying the operation modes accord- ing to the standard,
presenting collaborative scenarios, and identifying different
human body areas that could potentially get injured. The work
of [6] presents structured description of HRC scenarios and
performs risk assessment and hazards analysis using Failure
Modes and Effects Analysis (FMEA) method [18] for
industrial robots used in manufacturing. This work is quite
similar to ours in its approach, but different in terms of the
use case, robot mobility and the operations performed by the
robots. We also define different human roles in our use cases
and our HRC scenarios. Further, we present the details of
implementation and how risk assessment will be evaluated
which is completely missing in [6].
Askarpour et al. [19] presents a methodology to perform
semi-automated safety analysis of HRC applications. The
methodology aims at applying formal verification methods
in HRC tasks to identify possible hazardous situations and
mitigate them. The proposal performs offline verification of
such tasks and assumes a ’human-in-the-loop’ for providing
the mitigation strategies for unsafe situations. In [20], the
authors further extend the work by adding a model for the
operators behaviour as an attempt to deal with unpredictable
human behavior. The authors employs a cognitive model of
the operator, capturing erroneous human behavior driven from
the operator’s perception of the environment and mental
decisions. Although the approach of having the operator’s
cognitive model is extremely interesting, we argue that the
complexity of modeling human behaviour and more
specifically possible erroneous behaviors is almost an
insurmountable task to be performed.
We use HAZard OPerability (HAZOP) [21] in this work,
which is a guideword-based technique to identify hazards/risks
in risk identification phase. The technique mainly focuses on
operational hazards. It is relatively new as compared to other
techniques like FMEA, Preliminary Hazard Analysis (PHA),
with the advantages of controlling the model complexity and
delivers a safety document for certification. Further, HAZOP-
UML analysis can identify all hazards that PHA covered, and
additional hazards [21]. The work of [22] tested this technique
with two systems: a robotic mobile manipulator and a robot
that assists disabled people. A HAZOP-UML tool is
developed and used for a walking assistance robot [21]. The
tool was also used for an airport light measurement robot [23].

Fig. 1: Illustration of human-robots interactions in the ware-
house. The small boxes in red, green and yellow are products
on the shelves and on the conveyor belts, white squares on the
floor (next to the conveyor belts and to the shelves) are way-
points and blue cylinders are the robots’ recharging stations.
III. D ESCRIPTION OF USE CASE AND H UMAN -R OBOT
C OLLABORATION
The first part of this section presents details of an auto-
mated warehouse use case and describes collaborative and
non-collaborative scenarios to be performed safely inside the
warehouse. The later parts of this section identify different
human workers that interacts with the robots and describes
the hazard exposure, their skill level, their frequency of
collaboration, and unsafe scenarios that could arise, along
with safety recommendations. Unsafe scenarios lead to
hazards identification, and safety recommendations that will
later be used in risk mitigation step.
We consider a use case of an automated warehouse where
autonomous mobile robots and humans share a common place
and work together to move products to the delivery truck.
Multiple mobile robots perform pick-and-place operations by
picking up products from the shelves and delivering them to
conveyor belts, that in turn take the products to the trucks.
Each robot is equipped with a robotic arm for pick-and-place
operation. Human workers interact with shelves by placing or
moving products on them. In special, placing the products is
a complex task that involves choosing the ordered products,
therefore it is performed by the human workers.
Figure 1 shows the simulated warehouse with the collabo-
rative robots and a human worker.
A. Human-robot collaboration scenarios and their safety re-
quirements
Human worker and robot can come into close interaction
with each other around the shelf when the former is placing
the product and latter is picking it up, thus leading to severe
safety risks. Other situations can include human intervention
when a product is dropped by the robot and a worker comes
to remove it, or when a worker enters in the warehouse for
the maintenance of a broken robot while other robots are
moving, or when a visitor (e.g. external worker) enters in
the warehouse. Thus, most of the collaborations will happen
around the shelves and on the warehouse floor. Proper safety
measures are needed to be adopted and safety must be ensured
during all these scenarios.
We have provided an overall architecture containing major
components of an automated warehouse including a
warehouse controller, planning service, and a two-layered
safety strategy in [24]. The presented safety strategy consists
of an offline safety analysis (performed before sending the
tasks to the robot) and an online safety analysis (performed at
runtime and inside the robot’s control loop). Warehouse
controller is a digital actor in the system that receives high-
level goals from the warehouse manager through a graphic
user interface (GUI), uses the planning service to generate a
high-level plan for the warehouse to accomplish the goal, and
checks the generated plan for safety constraints using the
offline safety analysis before sending it to the robots. For
instance, the plan ensures that two or more robots will not be
at the same position at a particular time. If the plan is correct
then the controller assigns resources (e.g. number of robots
and number of conveyor-belts) to be used to fulfill the current
plan and then finally sends the verified plan (tasks) to the
robots. The task assignment to the robots is shown in Figure 2.
The warehouse controller, planning and offline safety analysis
are briefly presented here only to provide an overview of the
complete system and are not focus of this paper.
As mentioned before, each robot receives a high-level plan
(task) that was already been checked in the warehouse con-
troller (offline) for safety constraints. However, still different
situations can arise when the products are placed closely
and there is a chance of collision with nearby robots. Close
encounters can also happen during navigation from shelves
to conveyor belts and when the robots are coming back
towards the shelves after delivering the products. Online
safety analysis is performed at runtime for this purpose using
risk management process and is the main focus of this
paper.
Robot
UC01
Collaborative Operation UC06
Monitoring
UC02
<<uses>>
Placing/ replacing products on shelf
<<uses>>
Manager
Collaborative
WorkerRisk Management
UC03<<uses>>
Cleaning
<<uses>>
Assigning
UC04
replacing <<uses>>
tasks
Co-existing
Worker
Warehouse
UC05 Controller
Updating software, Monitoring behavior of robot
UC07
Visiting the area
External System
Worker/ Visitor Engineer
Fig. 2: Use cases for collaborative scenarios in automated
warehouse.
 We consider the following robot states in our use case:
• Manipulation: Robot arm picks up or places a product.
• Navigation: The robot’s platform is moving towards to a
waypoint (i.e. shelf or conveyor belt). For safety reasons and to
reduce hazards complexity, we assume that the robot platform
stands still during manipulation, and vice versa.
• Idling: Robot is standing still because it is either waiting for the
next task or had some technical problem (e.g. battery out of
charge).
• Charging: Robot recharges itself at the charging station.
Before quantifying risks associated with our collaborative
robots, we present a systematic description of collaborative
scenarios from the safety perspective. We first identify differ-
ent roles and their collaborative interactions, and then explore
unsafe scenarios and safety issues.
1) Description of the roles in our collaborative scenario:
In order to find hazards that could arise, we first need to
identify all humans who might be exposed to a hazard, their
skill levels and the frequency of exposures. For our use case,
we describe different human roles in Table I with the
respective explanations about their skill levels and frequency
of exposure in each column. In the table, by “skilled” person
we mean that the necessary safety certification courses have
been un- dertaken, and by “trained” we mean that a training to
work collaboratively with robots have been attained. These
include instructions of coming close-by the robot,
understanding robot behavior (e.g. robot gradual speed
reduction when the human gets closer) or even making
physical interactions with it.
2) Description of use cases and unsafe scenarios: After
describing different roles, and their exposure levels, we
present their interactions with the robots in Figure 2. We
briefly describe the use cases in Table II. The table further
explains unsafe interaction scenarios, safety issues in the use
cases, and presents safety requirements and recommendations
that will be used in risk reduction phase.
B. Risk Assessment
This section presents the concept of risk management pro-
cess that has capability of managing (identifying, assessing
and mitigating/reducing) safety risks for our collaborative
scenar- ios. Four main phases of a classical Risk Management
Process are 1) Hazard and Risk Identification; 2) Risk
Analysis; 3) Risk Evaluation; and 4) Risk Mitigation (also
called Risk Reduction or Treatment) [25] as shown in the red
boxes of Figure 3. The main focus of this paper is on risk
assessment, which is an overall process of hazard
identification and risk analysis (i.e. first two phases of risk
management). Risk assessment enhances understanding of
risks, their causes, frequencies, consequences, and probability.
The first phase of the risk assessment is the hazard and risk
identification. We conduct it manually by identifying and then
describing all possible existing threats in our HRC scenario.
Additionally, the possible consequences and damages to the
human and to other objects are also catalogued. There are
several methods to perform this phase such as, Preliminary
Robot Node
Scene Graph
Sensors Object Detection
Camera Image
Object Classification
Warehouse Scene Graph
Static Objects
Graph
Scene Graph Construction
Shelves Risk Analysis
Conveyor Belts Object Positions
Dynamic Objects
Risk Evaluation
Humans
Risk Magnitude Hazard Identification
Other Robots Risk Reduction (AI Based Alg.)
Safety Zones
Navigation/ Actuation
Fig. 3: Risk management process, its components and in-
puts/outputs. The ROS nodes that are executed in robot are
depicted in Robot Node. The scene graph produces a semantic
information of the environment which is used in risk analysis.
Hazard Analysis (PHA), HAZard OPerability analysis (HA-
ZOP), Fault Tree Analysis (FTA), and Failure Modes and Ef-
fects Analysis (FMEA). PHA is a simple but inductive method
in which hazards for a specific scenario are identified from
hazard checklists of a standard (e.g. ISO12100 [26] Annex
B: Examples of hazards, hazardous situations and hazardous
events). However, robotic standards [3], [4], [1] do not include
hazards for HRC scenario. We apply HAZOP method, which
is a structured and systematic examination approach to
identify hazards, and is suitable for our HRC use case.
HAZOP first models the scenarios by use case diagrams,
sequence diagrams and state-machine diagrams. Then,
attributes and guidewords are used to generate deviations. The
hazards list can be obtained after merging redundant
deviations and removing meaningless deviations. A detailed
list of hazards for our HRC use case along with the
identification of its type, consequences and effected human
body area is presented in Table III.
The last three phases of risk management process are
performed inside the robot’s control loop as shown in Fig-
ure 3. Risk analysis phase comprehends the nature of risks,
determines the level of risk, including risk estimation [26]. In
this phase we identify key entities, attributes of the entities,
and the relationships among the attributes and then perform
risk estimation. The key entities in our case are the shared
workspace which consists of some static objects (e.g. shelves,
products, conveyor belts and dock stations) and some dynamic
objects (other robots and human workers) (see Figure 3).
We use scene graph in this phase to identify the entities and
their attributes based on the identified hazards. This consists
of gathering sensor data from the warehouse and then
processing the camera image through the scene graph module
(details in Section IV-B) which outputs the corresponding
scene graph. To formalize this problem, initially the obstacles
are classified as static objects, mobile objects, humans and the
special objects: dock station. The first three objects require
increased
 TABLE I: Description of different roles in our use case and their collaboration with robot
Role Expertise Description Degree of collabo- Frequency of col-
ration with robot laboration
Collaborative Skilled, trained Has close collaboration with the robots. Has proper Close collaboration Regular, daily work
Worker and experienced training on working collaboratively with the robots
and understanding robot behavior.
System Skilled, trained Has technical knowledge on how the robot works Close collaboration Occasional, only
Engineer and experienced and performs, understands behavior, and responsi- for updates or
ble for development/maintenance of the robots when some error
occurs
Manager Non-skilled, He is responsible for administrative operations and No interaction No collaboration
untrained management of the warehouse and the assets. He
has low knowledge of the robot behavior. He
rarely interacts physically with the robots
Co-existing Skilled, trained Shares the same place as the robots but has occa- Close collaboration Occasional
Worker sional interaction with them. Has proper training
and a shallow understanding of the robot behavior
External Untrained Workers that do not pertain to the warehouse but No close collabora- Very rare
Worker / Visitor has access to this place tion

TABLE II: Description of use cases, unsafe scenarios and safety recommendations
Use Case Use cases and its unsafe scenarios
UC01 The worker interacts with the robots in a collaborative way (working
very closely to robot) while placing products on the shelf.
UC02 The worker takes different products from the storage and places them
on the shelf, from where the robot will pick up the products and
delivers them to the conveyor belt. The products should be carefully
positioned so that the robot can easily pick it up. If it is placed at
an unusual position or shifted, then the robot may have difficulties or
may be unable to pick it up.
UC03 A worker needs to remove items on the floor/to that the robot has
dropped. When it happens, the worker enters the collaborative area
and goes towards the dropped item. He/she is comfortable to come
close to the robots in a safe way to perform its task, without
interfering the robot’s activities.
UC04 If a robot breaks down during its operation or a deadlock occurs in
the system, then the manager sends a technician. The worker enters in
the collaborative area to replace or move out the robot in the presence
of other working robots.
UC05 Collaborative worker informs the engineer about the problem in the
robot’s normal behavior. Sometimes the robot initiates actions which
were not anticipated by the worker. It could be a problem due to an
error in the algorithm or due to incorrect parameters of the algorithms.
UC06 The manager’s interaction with the robots happens mostly through the
warehouse management interface. The manager verifies, and approves
high-level plans being sent to the robots and expects them to be
accomplished in safely and timely manner.
UC07 A visitor gets inside the warehouse and moving in the warehouse along
with other mobile robots. He/she also observes the pick up operation
around the shelf and may like to place the products for the robot or
wishes to touch or come close to the robot.
Safety Requirements/Recommendations
The robot must adjust its behavior and always keep necessary safety
distance from the worker according to the standards. Some of the
adjustments can include robot speed reduction and stop the robot if
the worker is in a safe range.
The worker must be trained and has knowledge about the robot’s
behaviour such as how much distance to be kept from the robot while
working safely and efficiently.
Feedback (visual and/or auditory) must be provided to inform the
current robot behaviour to the worker that can help to anticipate the
robot’s movement. E.g. the robot’s stopped position can be presented
as a red light at top of the robot and its slow movement can be
presented as yellow light.
All recommendations from UC01.
Products to be placed at specific positions.
The worker is trained to identify the reason why robot is not able to
pick up the product.
A continuous information about robot functionality is provided that
could help to identify the reason.
All recommendations from UC01.
All recommendations from UC01.
Identifies the problem (e.g. drained-out battery) and logs it.
All recommendations from UC01 for collaborative worker
The engineer must perform systematic tests of the algorithms before
deploying in the robots.
The engineer can work together with the worker in order to be
informed about the most common problems that the worker notices
while working with robots. This helps to adjust the robot’s software
and helps identifying the need of additional training to the workers.
Continuous information about the robot’s functionality must be dis-
played through some user interface.
All recommendations from UC01.
The visitor should be provided with some basic information or
training about the collaborative robots, so that he/she could anticipate
about robot’s behaviour (e.g. distances at which the robot will slow
down or stops completely to keep him/her safe).

function complexity and performance. The last one, the dock a proper direction.
station, breaks the common object strategy because it is used For risk evaluation and risk mitigation phases, online safety
to charge the robot where the robot must park closely and in analysis is to be followed and implemented. We propose
dynamically changing three-layered safety fields/zones around
 TABLE III: Description of Hazards for collaborative operations
Description Hazard Type Consequence
Task Problem Body area
Pickup operation Product is not properly HN1: Robot cannot pick up the product Temporal Time loss None
placed and robot fails because either the product is not present on
the shelf or is not placed at a proper place
Pickup operation Human is very close to the HN2: Physical human injury as transient Mechanical Human Back of
and the worker is robot. contact between gripper and hand. Followed injury: workers
placing/replacing the by clamping and dragging along the hand Gripping hand
products while continuing the planned pick-and-
place task
The robot navigates its Human is very close to the HN3: Physical human injury. The robot’s Mechanical Human the upper
arm to pickup a product robot. moving arm can hit the worker’s body injury: impact part of
the body
Manipulator drops the Product is not held prop- HN4: Physical human injury on worker’s Mechanical Human Foot / leg
product and a worker is erly and the robot drops foot or leg due to the fallen product injury:
nearby the product close to the crushing
human who can get hurt
Robot navigation and a Human is very close to the HN5: Physical human injury on worker’s Mechanical Human the lower
worker/visitor is moving moving robot. body due to the moving robot injury: impact part of
close by the body
Robot navigates and a Human is very close to the HN6: Physical human injury on worker’s Mechanical Human the lower
worker is cleaning the moving robot. body due to the moving robot injury: impact and/or
floor close by or come to upper
replace the robot parts of
the body
Place operation Product cannot be placed HN7: No place for the product because Temporal Time loss None
properly conveyor belt is not moving
Place operation Product cannot be placed HN8: Robot is not able to place the grip Mechanical Financial loss None
properly from product properly
Change in the Robot’s be- Robot does not behave as HN9: Physical injury, stress to collaborative Communi- Human Any
havior due to new/updated anticipated by worker worker with unexpected behavior cation physical/ body
software mental injury area
Multiple robots are mov- Proximity sensor failed or HN10: Damage due to robots collision Mechanical Financial loss None
ing close to each other software error
Pickup and/or place oper- Improper force limitation HN11: Property damage on fragile products Mechanical Financial loss None
ations or force control failure due to robot
The robot is performing a Software error HN12:Failure to switch modes when a re- Software Financial loss None
task action is needed.
The robot is performing a Software or hardware er- HN13False emergency stop Software/ Financial loss None
task ror hardware
The robot is performing a Software or hardware er- HN14Robot shutdown during a task Software/ Time loss None
task ror hardware
The robot is performing a Software error HN15 False alarm or indicator light Software Time loss. Any
task Physical/ body
mental injury area

the robot for its safe navigation and manipulation. The
fields/zones are categorized as red, yellow and green. The
sizes of the zones will be taken from the standards [1]. If an
object (obstacle) is identified far from the robot (in green
zone) then we evaluate it as safe and there is no risk; if the
object is identified a bit closer (in yellow zone) then there is a
moderate level of risk and the robot may need to reduce its
speed depending on the object type and its distance; and when
the object is identified very close (in red zone) then the risk is
high and the robot must stop immediately. This information
will be used in risk evaluation phase to calculate the
magnitude of the risk (i.e. no risk, low, moderate, high, very
high). And based on this risk magnitude, the safety rules will
be generated and will be used in the next risk mitigation
phase. To implement online safety analysis, we intend to use
an Artificial Intelligence (AI) based algorithm (e.g. fuzzy
logic, neuro-fuzzy algorithm) in future.
IV. IMPLEMENTATION SETUP
This section presents our implementation setup along with
semantic description of the environment in the form of scene
graph. The scene graph is used to represent the knowledge
of the robot’s visual perception and to enable environment
analysis at a semantic level2 (Figure 3).
A. Simulated Warehouse
For simulation purposes, we use a Virtual Robot
Experimen- tation Platform (V-REP) [27] to model all the
above mentioned collaborative scenarios of our use case. The
simulator comes with an integrated development environment
in which the physical models can be created and controlled.
Figure 1 depicts the simulated warehouse that was modeled
with all its physical components, i.e. shelves, products,
conveyor belts, robots, charging stations, and the human
workers. The simulated robot
2
The simulated warehouse prototype and the codes are available
in this link: https://github.com/EricssonResearch/scott-eu/tree/simulation-ros/
simulation-ros/
 robot navigation by
3
Turtlebot2i robot specifications: http://www.trossenrobotics.com/ interbotix-
turtlebot-2i-mobile-ros-platform.aspx

Scene Graph
Module

Risk Reduction

Mapping/
Localization ROS MASTER

Path Planning
ROS ROS ROS
Messages Messages Messages
ROS Controller
ROS Nodes - Robot1
V-REP ROS Nodes - Robot2..N

Scene
ROSGraph
INTERFACE
Module

Risk Reduction
Simulated Scenario
Mapping/
Localization
Simulated Robot 1...N
Path Planning

Simulated
ROS Arm 1...N
Controller

V-REP Remote API

Fig. 4: ROS architecture employed to simulate the warehouse

and the robots. The main components of the architecture are
the V-REP simulator (red box) and the ROS nodes (gray box).

is a Turtlebot2i3 which is equipped with a robotic arm and two

3D cameras.
We use Robot Operating System (ROS) which is a flexible
and widely used framework for developing robot software.
The main advantages of ROS are the code reusability, the
abstraction of the low level codes and support for several
robot models. The data generated by V-REP is converted to
ROS messages using the ROS interface.
In the simulation environment, we use a single ROS master
that centralizes the communication between the simulated
robots and the V-REP. The V-REP remote API is specifi-
cally used to control the robotic arms through socket com-
munication. Main components of the warehouse simulation
architecture are V-REP, Robot ROS nodes and ROS master.
Figure 4 presents an overview of the architecture with its
components and the communication between them. Details of
these components and description of their functionalities are
as follows:
V-REP: models all the physical components of the ware-
house. It also simulates the behavior of the warehouse and
pro- duces visualization through its GUI interface. It is
important to highlight that the robots control logic is
implemented using ROS and therefore is not coupled to V-
REP, it only controls the behaviors of conveyor belts, shelves,
trucks, and workers. The main motivation of keeping the robot
code separately in ROS nodes is to increase code reusability
between simlation and real world scenario.
Robot ROS Nodes: contain all the algorithms responsible
for processing the data coming from sensors in the robot’s
control loop. All methods were modeled using ROS libraries
and all data is formatted in ROS message structure. Some
of ROS nodes are: scene graph module, risk reduction or
mitigation algorithm, mapping/localization, obstacle
detection, and path planning. Path planning, based on
Navigation Func- tion 1 (NF1) algorithm [28], performs the
combining localization, mapping and obstacle detection
nodes. During the navigation, obstacles’ boundaries are
inflated pro- portionally to the robot size for a safer robot
movement. Navigation module also relies on local path
planner to deal with dynamic obstacles. Thus, the robot
can make local changes without modifying the global
path.
ROS Master: centralizes the communication between
the components of the architecture and is responsible for
estab- lishing the communication between node pairs.
B. Semantic Representation of the Environment and
Initial Results
In this work, instead of analyzing the object detection
output, we include a contextual information within the
de- tected objects in order to get a richer representation of
the environment. We use scene graph [29] for this
purpose, which incorporates the semantic relationship
between the objects. Additionally, scene graphs include
positional information of the object which further
enhances the contextual information. We use scene graph
for two main purposes: first, for environ- ment perception
(as mentioned before) and second, for risk mitigation
instead of using raw sensor data.
The scene graph is represented as a direct graph where
nodes denote objects (e.g. conveyor belt, shelf and
robot) or human workers, and the edges denote the
spatial (e.g. on, below, beside) or other semantic
relationships between two nodes. The nodes are obtained
after performing object detection and classification from
the robot’s camera images. These nodes store static (e.g.
shape and size) or dynamic (e.g. pose, velocity and
acceleration) properties of the objects. The root node is
associated to a location (e.g. office, floor, factory) and
subsequent child nodes represent the objects present in
this location. To construct the graph from the robot’s list
of detected objects, the objects that are in contact with the
leaf nodes are added as child nodes and the process is
repeated until all elements in the list are analyzed. Using
this method, a separate scene graph is generated for each
robot and the graph is dynamically updated whenever any
change is observed in robot’s detection.
Figure 5 presents dynamically generated scene graphs
at two different times (t0 and t1) by two robots
navigating in the simulated warehouse. The root node is
always the
“warehouse” and has a child node “floor”, which is the
element that connects all the objects in the scene. The
objects detected by the robot is added below the “floor”
node and the edge is labeled with “on”, which
represents the placement of the object. With this
representation the robot can have a special attention when
the “worker” node is added and the risk assessment can
use the contextual information provided by this graph to
generate safe behavior.
In the presented graphs, each child node has a distance
attribute, which corresponds to distance of the object to
the corresponding robot. The robots used monocular RGB
camera
velocities
Con- for are 0.00)
object and the At
detection. worker
timeis tpassing in frontare
, the robots of
stopped (their veyorBelt#1 (Figure 5a).0 In this setting,
Robot#0 detects the
 Robot#0 Robot#1
camera_rgb warehous camera_rgb warehous
velocity=0.00 e velocity=0.00 e

floor floor
size: 25*25 size: 25*25

on on
on on on
Worker ConveyorBel#1 Shelf#0 Shelf#1 DockStation#1
distance: 0.82 distance: 2.13 distance: 2.33 distance: 1.45 distance: 3.21

(a) Scenario at time t0. (b) Scene graph from Robot#0 at time t0. (c) Scene graph from Robot#1 at time t0.

Robot#0 Robot#1
camera_rgb warehous camera_rgb warehous
velocity=0.10 e velocity=0.15 e

floor
floor
size: 25*25
size: 25*25
on
on on
ConveyorBel#1
Shelf#0 Shelf#1
distance: 0.12
distance: 1.12 distance: 0.21
(d) Scenario at time t1 (e) Scene graph from Robot#0 at time t1.
(f) Scene graph from Robot#1 at time t1.
Fig. 5: Dynamically generated scene graphs by two robots, labeled as Robot#0 and Robot#1, based on the objects detected at
two different time stamps (t0 and t1) during the simulation. Distance, size and velocity units are in m, m2 and m/s, respectively.

Worker and ConveyorBelt#1, while Robot#1 detects Shelf#0,
Shelf#1 and DockStation#1. These detections are reflected in
the generated scene graphs presented in Figure 5b – 5c re-
spectively. At t1, Robot#0 is moving towards ConveyorBelt#1
and Robot#1 towards Shelf#1 (Figure 5d). At this moment,
Robot#0 can’t observe the Worker anymore and Robot#1
stops detecting the DockStation#1, thus these nodes are
removed from the graphs, Figure 5e – 5f.
graph construction
Currently, the Regards totakes 150 ms.a
approximatelyperformance,
the computational
single scene risk reduction is based on the robot direction and
velocity
adjustment by taking into account its distances to the per-
ceived objects. Robots’ distances to objects and velocities are
illustrated in Figure 5.
V. D ISCUSSION
Conducting risk related testing experiments directly in real
environments can be dangerous, spend lot of time and re-
sources. The simulated warehouse setup will make it possible
to conduct these experiments in a safe and efficient manner
before deploying the algorithms in real robots.
The presented setup enables risk management process for
safe HRC. Currently, we are using the scene graph, which
provides a contextual and semantic based representation of
the environment. It still requires some investigation on how to
add safety and risk related information in this representation
to leverage the risk analysis. After implementing an AI-
based algorithm, we intend to use this setup to evaluate our
safety approach. In this way, the proposed safety aspects will
be checked by verifying the robot behavior in presence of
humans; both in simulated and real world scenarios.
We have identified limitation to obtain the complete list
of hazards. HAZOP method is employed as it can identify
more hazards than other methods, such as Preliminary Hazard
Analysis [21], but can not identify all possible hazards.
Our goal is to evaluate the robot system using a set of Key
Performance Indicators (KPIs) based on safety requirements
and the overall performance of the warehouse (e.g. the number
of delivered products). An interesting topic is to study the
trade-off for the questions like: What is the effect on the
robot’s performance when using the safety analysis
approach?; How much safety of the system is improved by
using the safety analysis approach?; Has the number of
possible colli- sions/risky situations been reduced?
Studying human trust on machines is also an important
aspect. Human trust on the automated system should not be
blind. Excessive trust could be as harmful (or even more)
as a lack of it. Therefore, the concept of calibrated trust
[30] should be explored and how this calibrated-trust can be
developed and achieved.
VI. C ONCLUSIONS AND FUTURE WORK
Human-robot collaboration (HRC) is expected to increase
both productivity and performance. However, this causes new
hazardous situations that must be avoided through proper
risk assessment and risk reduction, without compromising
human or robot productivity. In this perspective, we have
presented a systematic risk assessment approach applied to an
automated warehouse use case. We have identified different
humans working at different interaction levels with robots
and we have presented their respective safety requirements.
We identified a list of hazards for possible HRC scenarios
using HAZOP method and presented risk analysis based on
the hazards. Additionally, we presented our simulation setup
based on V-REP along with the proposed ROS architecture
and described the usage and advantage of scene graph for the
risk management process.
Although this work focuses on an automated warehouse
sce- nario, most of the techniques and algorithms can be
applied to different contexts. The overall safety solution
coupled with the scene graph generation could be used in any
scenario where humans and robots need to coexist (i.e. office
environment or health care etc.). Furthermore, all basic
navigation, planning and obstacle avoidance strategies are
agnostic to the context and could be used generally.
Currently, we are looking into a suitable AI based algorithm
for the risk reduction phase. This will be implemented as a
ROS node and the output of this algorithm will be the basis to
implement and evaluate the three-layered zone safety strategy.
We also intend to set up the real robots and test our risk
management in the real environment. Another future direction
could be to work on trust aspects to bring the safety evaluation
closer to the real world.
ACKNOWLEDGEMENT
SCOTT (www.scott-project.eu) has received funding from the
Electronic Component Systems for European Leadership Joint Un-
dertaking under grant agreement No 737422. This Joint Undertaking
receives support from the European Unions Horizon 2020 research
and innovation programme and Austria, Spain, Finland, Ireland,
Sweden, Germany, Poland, Portugal, Netherlands, Belgium, Norway.
REFERENCES
[1]ISO. ISO/TS 15066:2016 Robots and robotic devices – Collaborative
robots. International Organization for Standardization, Geneva, Switzer-
land, February 2016.
[2]S. Robla-G o´mez, V. M. Becerra, J. R. LLata, E. Gonzlez-
Sarabia,
C. Torre-Ferrero, and J. Pe´rez-Oria. Working together: A review
on safe human-robot collaboration in industrial environments. IEEE
Access, PP(99):1–1, 2017.
[3]ISO. ISO 10218-1 (2011): Robots and robotic devices - Safety require-
ments for industrial robots - Part 1: Robots. International Organization
for Standardization, Switzerland, July 2011.
[4]ISO. ISO 10218-2 (2011): Robots and robotic devices - Safety require-
ments for industrial robots - Part 2: Robot systems and integration.
International Organization for Standardization, Switzerland, July 2011.
[5]Fanny Platbrood and Otto G o¨rnemann. Safe robotics - safety in
collaborative robot systems. In SICK AG WHITE PAPER, 2017.
[6]B. Matthias, S. Kock, H. Jerregard, M. Kllman, and I. Lundberg.
Safety of collaborative industrial robots: Certification possibilities for
a collaborative assembly robot concept. In 2011 IEEE International
Symposium on Assembly and Manufacturing (ISAM), May 2011.
[7]M. J. Rosenstrauch and J. Kr u¨ger. Safe human-robot-collaboration-
introduction and experiment using ISO/TS 15066. In 2017 3rd Interna-
tional Conference on Control, Automation and Robotics (ICCAR), pages
740–744, April 2017.
[8]J e´re´mie Guiochet. Hazard analysis of human-robot interactions
with HAZOP-UML. Safety Science, 84:225 – 237, 2016.
[9]E. Guizzo. Three engineers, hundreds of robots, one warehouse. IEEE
Spectrum, 45(7):26–34, July 2008.
[10]L. Sabattini, M. Aikio, P. Beinschob, M. Boehning, E. Cardarelli,
V. Digani, A. Krengel, M. Magnani, S. Mandici, F. Oleari, C. Reinke,
D. Ronzoni, C. Stimming, R. Varga, A. Vatavu, S. Castells Lopez,
C. Fantuzzi, A. Mayra, S. Nedevschi, C. Secchi, and K. Fuerstenberg.
The pan-robots project: Advanced automated guided vehicle systems for
industrial logistics. IEEE Robotics Automation Magazine, PP(99):1–1,
2017.
[11]ISO. ISO 13849-1:2016 Safety of machinery – Safety-related pats of
control systems – Part 1: General princeples for design. International
Organization for Standardization, Geneva, Switzerland, January 2016.
[12]A. M. Zanchettin, N. M. Ceriani, P. Rocco, H. Ding, and B. Matthias.
Safety in human-robot collaborative manufacturing environments: Met-
rics and control. IEEE Transactions on Automation Science and
Engineering, 13(2):882–893, April 2016.
[13]J. T. Chuan Tan, F. Duan, Y. Zhang, R. Kato, and T. Arai. Safety design
and development of human-robot collaboration in cellular manufactur-
ing. In 2009 IEEE International Conference on Automation Science and
Engineering, pages 537–542, Aug 2009.
[14]R. Krug, T. Stoyanov, V. Tincani, H. Andreasson, R. Mosberger,
G. Fantoni, and A. J. Lilienthal. The next step in robot commissioning:
Autonomous picking and palletizing. IEEE Robotics and Automation
Letters, 1(1):546–553, Jan 2016.
[15]MTCOS. Safety of industrial trucks. driverless trucks and their systems.
technical report. Technical report, EN 1525, 1998.
[16]IEC. IEC 62061:Safety of machinery - Functional safety of safety-related
electrical, electronic and programmable electronic control systems.
International Electrotechnical Commission, Geneva, Switzerland, 2016.
[17]Safety requirements and standardisation for robots: Software
dos and donts. https://rosindustrial.squarespace.com/s/
ROS-I-Conf2016-day2-06-jacobs.pdf. Accessed: 2018-04-19.
[18]Z. De Lemos. FMEA Software Program for Managing Preventive
Maintenance of Medical Equipment. 2004.
[19]Mehrnoosh Askarpour, Dino Mandrioli, Matteo Rossi, and Federico
Vicentini. SAFER-HRC: Safety analysis through formal verification in
human-robot collaboration. In Computer Safety, Reliability, and
Security, pages 283–295, Cham, 2016. Springer International
Publishing.
[20]Mehrnoosh Askarpour, Dino Mandrioli, Matteo Rossi, and Federico
Vicentini. Modeling operator behavior in the safety analysis of collabo-
rative robotic applications. In Computer Safety, Reliability, and Security,
pages 89–104, Cham, 2017. Springer International Publishing.
[21]Jeremie Guiochet, Quynh Anh Do Hoang, Mohamed Kaaniche, and
David Powell. Model-based safety analysis of human-robot interactions:
The miras walking assistance robot. In Rehabilitation Robotics
(ICORR), 2013 IEEE International Conference on, pages 1–7. IEEE,
2013.
[22] Damien Martin-Guillerez, J e´re´mie Guiochet, David Powell,
and Christophe Zanon. A uml-based method for risk analysis of human-
robot interactions. In Proceedings of the 2nd International Workshop on
Software Engineering for Resilient Systems, pages 32–41. ACM, 2010.
[23]L. Masson, J. Guiochet, H. Waeselynck, A. Desfosses, and M. Laval.
Synthesis of safety rules for active monitoring: Application to an airport
light measurement robot. In 2017 First IEEE International Conference
on Robotic Computing (IRC), pages 263–270, April 2017.
[24]Rafia Inam, Elena Fersman, Klaus Raizer, Ricardo Souza,
Amadeu Nascimento Junior, and Alberto Hata. Safety for
Automated Warehouse exhibiting collaborative robots. In 28th
European Safety and Reliability Conference (ESREL’18), pages 2021–
2028, Trondheim, Norway, June 2018. IEEE. available at
https://www.taylorfrancis.com/books/9781351174657.
[25]ISO. ISO 13000:2018 Risk management– Guideline. International
Organization for Standardization, Geneva, Switzerland, April 2018.
[26]ISO. ISO 12100:2010 Safety of machinery – General principles for
design – Risk assessment and risk reduction. International Organization
for Standardization, Geneva, Switzerland, November 2010.
[27]E. Rohmer, S. P. N. Singh, and M. Freese. V-REP: A versatile and
scalable robot simulation framework. In 2013 IEEE/RSJ International
Conference on Intelligent Robots and Systems, Nov 2013.
[28]O. Brock and O. Khatib. High-speed navigation using the global
dynamic window approach. In Proceedings 1999 IEEE International
Conference on Robotics and Automation, volume 1, 1999.
[29]Michael Ying Yang, Wentong Liao, Hanno Ackermann, and Bodo
Rosenhahn. On support relations and semantic scene graphs. ISPRS
Journal of Photogrammetry and Remote Sensing, 131:15 – 25, 2017.
[30]John D Lee and Katrina A See. Trust in automation: Designing for
appropriate reliance. Human factors, 46(1):50–80, 2004.
View publication stats