Note : this page mostly discussed of filament 3D printers but the general philosophy could be applied to other printer type.
Please note that since the creation of this page, I created on the RepRap wiki a few pages about 3D printer safety, which are far more detailed and may be a bit redundant with below text:
Handling high temperature and significant quantity of hydrocarbon components (plastic), a 3D printer present a lot of risks, which are not well taken into account by users and manufacturers. This page aims to describe what could make a safe design, advice to users will defined in another page and health and safety is already covered in the REPRAP wiki
Disclaimer: While I have some experience in handling safety in industrial equipment, this page is unpaid hobby work and cannot replace professional advice. Even if it is not legally compulsory, 3D printer manufacturers are firmly invited to hire safety consultants to help them carry the needed/required(CE) safety analysis.
Apart health and safety, the main risk of a 3D printer is fire. The power used of around 40W for the hotend and 100~500W for a heated bed is largely sufficient to heat a lot of printer component up to their ignition point in case of failure.
Their was one report of a house burned down by a printer, but it is probable that other accidents already occured without public disclosure.
A 3D printer is not an ordinary domestic appliance for many reasons:
- It is complex object with multiple fire sources.
- It runs for much longer time than most appliance, which drive user to let it unattended.
- Its life use is comparable to industrial equipment, but the quality of its components is far from industrial and equipment tend to age quickly.
- As a domestic appliance, it is a recent development without established safety rules.
- A lot of printers are sold as kits or modified by their users, which set them in a legal ‘grey area’
- A lot of development is done as hobby work, either hardware or software
- It uses components which were not designed for this particular use (power supplies)
- There is a lot of flamable parts in a printer, including the material
- There is a price competition and manufacturer do shortcuts
- Safety shall be handled by the machine itself, on hardware and software
- Safety could also be handled externally with detection (smoke detection) and counter-action (automatic fire extinguisher) or enclosure in a fire-proof box.
Doing a safety analysis is compulsory for CE certified machine, but for areas where this is not compulsory, it is the basic process which shall be done for EVERY printer (that includes self-built printer).
What could occur ?
- Hotend cooling fan failure - most frequent problem
- Thermal runaway in case of component failure, driving to very high local temperature
- Hot parts separating from their support and entering in contact with flamable parts or the reverse
- Electrical arcing
- Electronic or wiring component burn (cables, electronic board or power supplies)
Basically, the mechanical safety shall be handled by avoiding any contact between flamable areas and hot parts, even in case of incidents and mechanical failures. You may also try to minimize the use of flamable materials.
Wood vs plastic. While it does exist low flamable panels, ordinary wood is flamable. However wood does have the advantage over plastic to burn more slowly, which may help intervention.
Auto-Ignition temperature of miscellaneous materials:
All these temperature could be reached in an hotend runaway, which is capable to melt the aluminium heater block.
- First, there shall be fuses, at least on power parts (bed and heater)
- Power supplies fails and burn and it is quite difficult to protect a printer against such failure. They may be enclosed in non-flamable boxes.
- Relay upstream power supply. A printer may be capable to shutdown the whole power.
ATX power supplies do have the possibilities to be shut but other power supplies, which are originally used for LED, does not have any relay and an external relay may be installed, which is not yet done on most printers.
- A printer may be capable to shutdown the heater and movement power wile maintaining control power, in order to help the user to know what is the fault.
The key point are the heaters design. On most boards, the heaters are always under tension and the heater outlet is grounded by a FET transistor to power the heater. This means that heaters are always under tension and that in case of FET failure open there will be full power on the heater. This is a quite unsafe design but is used on nearly all available boards
If there is a chamber, it could be interesting to install a safety thermistor near recirculationg/extracting fan, at cthe contact of active carbon filter if there is one.
From the forums (see list/credits in last paragraph) some rules for heaters:
- With the board running firmware and no temp sensors attached- are there any temp sensor failure related warnings to the user (can be a beep warning, message, LED or other function)?
- Can the heaters be turned on with a temp sensor in a failed or invalid state (validate the MOSFET turning on)?
- What happens when a thermistor is unplugged/ open circuit when a heater was on and heating? (should be the instant warning beep, message, heater lockout until power reset, and stop any print).
- With a heater in the on state (visible by an FET LED status indicator) hitting an E-stop or simply hardware reset does the heater MOSFET turn off? (Must have an emergency stop input button dedicated input)
- With a heater open circuit, will the firmware timeout trying to heat up if it fails to see a rising temp? (AKA decoupled heater or thermistor timeout. Specifically looking for temp rise of X degrees in X time period to ensure both the heater and temp sensor are working)
A note about safety shutdown.
It is important that the user identify the cause of a shutdown, so if the safety loop shut all the power including control, there shall be a report prior to the shutdown, which means the machine shall be connected.
That means a movement and power shutdown shall be preferred to a general shutdown.
Unfortunately, on existing boards which are supplying power to the control system, there is no connexion available to do this power shutdown.
For a machine without local panel, a low cost beeper can give minimal information about the kind of failure, with different types of beeps (short-long, long-short, 2 longs, 2 shorts, 3 shorts, etc.)
In below logic ‘Stop’ imply also ‘cannot start’
- Detect thermistor detached from hot block →user warning, stop heating, stop printing (‘air print’ ok)
- Detect thermistor wiring disconnected →user warning, stop heating, stop printing
- Detect thermistor wiring shorted →user warning, stop heating, stop printing
- Disable heaters after inactivity timeout
- On preheat, check for “normal” rate of temp rise → user warning, stop heating
- Impose reasonable limits for temp too high or too low → user warning, stop heating
- On firmware freeze or crash, reliably de-power heaters (eg via watchdog reset)→ could also de-power everything if remote report
- Detect heaters & sensors crossed, eg if you accidentally switch thermistor inputs for HBP and extruder→ user warning
- Prevent input noise from causing PID derivative spikes
- Shut down when using unstable PID tuning
- Detect temp rising with heater off → emergency shutdown
- Bootloader asserts heaters off before the firmware even starts
A physical emergency shutdown shall stop all movements and heating. On/off button is a poor solution and could only be acceptable if there is an independantly supplied remote report (e.g. web server) to know what occurred.
Next may be optional but highly desirable especially if heaters are using SOFT PWM instead of dedicated processor PWM hardware.
- Is there a watchdog timer and can it properly detect a hang and reset the system? If so, during the entire process, is the system in an unsafe state (like a heater stuck on)?
Independant safety process unit
In domestic printers, there is only one processor unit handling control and safety. In industry, this is considered as a violation of basic safety rules, as for dangerous equipment, machine control and machine safety shall be handled by different units.
As there are often multiple processor units running in a printer (main board, display board and often a separated computer to supply data the the printer), the possibility of external safety control could be handled with reasonnable hardware extra-cost.
In Google Deltabot forum, a user mentioned that he was handling safety separately from main board in the Raspberry Pi used for controlling the machine. Unfortunately, he didn’t share the used code.
A watchdog is an hardware device which check that a software process is still running, and shutdown or seset equipment if it is not. Physically, it is often an output which is driven high and low at regular intervals while the software process is running. if the output stay for some time, watchdog is triggered. If this does work well for single thread process, this is more complex to handle with multi-thread process as existing on 3D printer. See this page and this one
Safety in equipment controlled by software is often handled by doubling the control equipment. Aside the extra-cost, it implies that you have more equipment and so, more risk of failures. This is a basic rule that increasing safety decrease availability.
This is unavoidable and in industry when high availability is required, control sensors are tripled or quadrupled, allowing to discard failing equipment while continue running. This solution seems unreasonnable for a 3D printer.
A note about the regulation.
Regulation varies depending countries, but one of the most known and precise regulation is the CE certification.
CE certification is for most equipment, a self-carried certification and its responsibility relies entirely in manufacturer hands. ALL assembled equipment sold within EEC shall be CE certified, which means that it shall comply with ALL CE directives applicable. In term of safety, CE certification oblige the manufacturer to do a safety analysis according a standardized method. The analysis including design information is not public and may only came under light in case of trial.
One of the big holes in this certification is that for user assembled equipment (kits), manufacturers feels they do not need to certify their equipment. I have not found any reference that this assumption was legally challenged, but I think it could be.
While they could refer to standards, regulations are not codes nor standards, so depending subjects, the law often try to not impose technological solutions, but design and analysis methods. As expert opinions often varies, manufacturer responsibilities will be mostly researched on the fact they have properly carried (or not) the required safety analysis than on technical details.
One of the rule is that if a component of an ensemble is not CE certified, it is to the assembler to make certification of this component, which may be challenging as the assembler generally did not have design specifications for said component, being it hardware or software. So in industry, most available sub-components are CE certified to simplify the assembler certification process.
Unfortunately, apart some specific equipment, EEC decided to not control the validity of CE certification. Without any survey, the CE stamp is way too often a joke, not only for asia sourced equipment.
Compliance starts with the basic, if your 3D printer does not have an on/off switch or any fuse, you could be assured that the manufacturer haven’t carried any safety analysis. The need of an emergency shutdown button for a 3D printer could be challenged, but the need of an accessible On/Off switch cannot.
EC machinery directive, Miscellaneous EMC directives
Resources and credits
A thread about heater safety by JetGuy