16. Potential ignition sources such as sparks, flames, electric arcs, high surface temperatures, acoustic energy, optical radiation, electromagnetic waves and other ignition sources shall not occur.
17. Electrostatic charges capable of resulting in dangerous discharges shall be prevented by means of appropriate measures.
18. Stray electric and leakage currents in conductive equipment parts which could result in, for example, the occurrence of dangerous corrosion, overheating of surfaces or sparks capable of provoking an ignition shall be prevented.
19. Overheating caused by friction or impacts occurring, for example, between materials and parts in contact with each other while rotating or through the intrusion of foreign bodies shall, as far as possible, be prevented at the design stage.
20. Equipment and protective systems shall be so designed or fitted with integrated measuring, control and regulation devices that pressure compensations arising from them do not generate shock waves or compressions which may cause ignition.
21.—(1) Equipment and protective systems shall be so designed and constructed as to be capable of performing their intended function in full safety, even in changing environmental conditions and in the presence of extraneous voltages, humidity, vibrations, contamination and other external effects, taking into account the limits of the operating conditions established by the manufacturer.
(2) Equipment parts used shall be appropriate to the intended mechanical and thermal stresses and capable of withstanding attack by existing or foreseeable aggressive substances.
22.—(1) Safety devices shall function independently of any measurement or control devices, or both measurement and control devices required for operation.
(2) As far as possible, failure of a safety device shall be detected sufficiently rapidly by appropriate technical means to prevent dangerous situations from occurring.
(3) The fail-safe principle is to be applied in general.
(4) Safety-related switching shall in general directly actuate the relevant control devices without intermediate software command.
(5) In the event of a safety device failure, equipment or protective systems or both shall wherever possible, be secured.
(6) Emergency stop controls of safety devices shall, as far as possible, be fitted with restart lockouts. A new start command may take effect on normal operation only after the restart lockouts have been intentionally reset.
23. Where control and display units are used, they shall be designed in accordance with ergonomic principles in order to achieve the highest possible level of operating safety with regard to the risk of explosion.
24.—(1) In so far as they relate to equipment used in explosive atmospheres, devices with a measuring function shall be designed and constructed so that they can cope with foreseeable operating requirements and special conditions of use.
(2) Where necessary, it shall be possible to check the reading accuracy and serviceability of devices with a measuring function.
(3) The design of devices with a measuring function shall incorporate a safety factor which ensures that the alarm threshold lies far enough outside the explosion or ignition limits of the atmospheres to be registered, or both the explosion and ignition limits, taking into account, in particular, the operating conditions of the installation and possible aberrations in the measuring system.
25. In the design of software-controlled equipment, protective systems and safety devices, special account shall be taken of the risks arising from faults in the programme.
26.—(1) Manual override shall be possible in order to shut down the equipment and protective systems incorporated within automatic processes which deviate from the intended operating conditions, provided that this does not compromise safety.
(2) When the emergency shutdown system is actuated, accumulated energy shall be dispersed as quickly and as safely as possible or isolated so that it no longer constitutes a hazard.
(3) Sub-paragraph (2) does not apply to electrochemically-stored energy.
27. Where equipment and protective systems can give rise to a spread of additional risks in the event of a power failure, it shall be possible to maintain them in a safe state of operation independently of the rest of the installation.
28.—(1) Equipment and protective systems shall be fitted with suitable cable and conduit entries.
(2) When equipment and protective systems are intended for use in combination with other equipment and protective systems, the interface shall be safe.
29. Where equipment or protective systems are fitted with detection or alarm devices for monitoring the occurrence of explosive atmospheres, the necessary instructions shall be provided to enable them to be provided at the appropriate places.