Report No.

: SHES190802022921 Page 1 of 10

Test Report
EN ISO 13849-1:2015
BS EN 62061:2015
Responsibility
Tested by
(printed name and signature) ..........: Charles Li .....................................................
Approved by
(printed name and signature) ..........: Jerry Zheng .....................................................
Date of issue ....................................: 2019-12-06

Testing Laboratory Name .............: SGS-CSTC Standards Technical Services (Shanghai) Co., Ltd.

Address ...........................................: No. 588 West Jindu Road, Songjiang District, Shanghai, China

Applicant's Name ...........................: PortaPower (China) Limited

Flat 1003, 10/F, Hopeful Factory, Centre 10-16 Wo Shing Street,
Address ...........................................:
Fotan, N.T., Hong Kong
Manufacturer’s Name ....................: Same as applicant.

Address ...........................................: Same as applicant.

Test specification
Standard ...........................................: EN ISO 13849-1:2015 & BS EN 62061: 2015
Test procedure ................................: SGS-CSTC
Non-standard test method ...............: N/A
Test Report Form No. BMS HFT=0_A
TRF originator...................................: SGS-CSTC
Master TRF ......................................: Dated
Products may only be provided with an approval mark if the relevant conditions have been fulfilled.
© Publication in total or in part and/or reproduction in whatever way of the contents of this report is not
allowed unless permission has been explicitly given either in this report or by previous letter.
Test Item Description ....................: BMS for EPAC battery package
Trademark .......................................: N/A
Model and/or type reference ............: Refer to page 4
HW Version ......................................: KL96UF04A
Rating(s) ...........................................:

TRF No. BMS HFT=0_A Rev.1.1

 Report No.: SHES190802022921 Page 2 of 10

Over Charge Protection ...................: 4.30±0.025V

2nd-level over Charge Protection ....: 4.45±0.025V
Under Discharge Protection .............: 2.50±0.025V
Over-current Protection ....................: 40A±5A
Short-circuit Protection .....................: OUT+/OUT- Short Current
Over-Temp Protection for Charge ....: >70°C: Can not Charge & Discharge
<0°C or >50℃: Can not Charge
Test Case Verdicts
Test case does not check to the test object .......................: N/C
Test case does not apply to the test object .......................: N/A
Test item does meet the requirement ................................: P(ass)
Test item does not meet the requirement ..........................: F(ail)
Testing
Date of receipt of test item .................................................: 2019-11-09
Date(s) of performance of test ...........................................: 2019-11-09 to 2019-11-12
General Remarks
This report shall not be reproduced except in full without the written approval of the testing laboratory.
The test results presented in this report relate only to the item(s) tested.
” (see remark #)" refers to a remark appended to the report.
"(see Annex #)" refers to an annex appended to the report.
Throughout this report a comma is used as the decimal separator.
References
No. Document Description
[1] KL96UF04A _PCB Layout_v1.0
[2] KL96UF04A_FMEDA_BMS_v1.0
[3] KL96UF04A_Structure Block_v1.0

Revision Logs
Version Changes Description
v1.0 Initial Version

TRF No. BMS HFT=0_A Rev.1.1

 Report No.: SHES190802022921 Page 3 of 10

Nameplates and Photos

Summary of Assessment:
The safety protection functions of the KL96UF04A BMS meet the requirement of PL c / SIL 1 with HFT=0
architecture. The detail information please refer to the following report.

TRF No. BMS HFT=0_A Rev.1.1

 Report No.: SHES190802022921 Page 4 of 10

Models of battery pack listed below are evaluated with BMS board version KL96UF04A.

Name rule of battery packs specified by manufacture as below:

A1 A2 A3 A4 A5 A6 . A7 A8
A1: Type of battery pack A7: Lithium battery cells type and manufactures, it may be as
below
Code Description
Cell Code Model Manufactory
KL E-bike battery pack
082 UR18650AA Panasonic
A2: Special function/design to this E-bike battery pack, it may be
as below 902 NCR18650ZM Panasonic
Code Description 089/809 NCR18650PF Panasonic
C Customized the case design 804 NCR18650B Panasonic
U USB 909 NCR18650BD Panasonic
D Handle Bar 906 NCR18650GA Panasonic

O Special charging Port 70G NCR2170G Panasonic

A3: rate voltage, it may be as below 803 ICR18650-22P Samsung

Code Description 806 ICR18650-26J Samsung

21/22/23/24/25 24V 30Q INR18650-30Q Samsung

34/35/36/37/38/39 36V 819 INR18650-29E Samsung

42 42V 916 INR18650-35E Samsung

47/48/49 48V 50E INR21700-50E Samsung

other 2 digital number Customer code like 99/96/77 M26 INR18650M26 LG

A4: BMS function, it may be as below M29 INR18650M29 LG

908 INR18650MH1 LG
Code Description
907 INR18650MJ1 LG
P/PS/PH/PV with sleep mode function
M50 INR21700M50 LG
TP/TPH/TPV with sleep mode function
080 INR18650D205 YikLik/YLE
H/HS/S without sleep mode function
083 INR18650A220 YikLik/YLE
HU/HL/UL/UF/UY UART communication protocol
82V INR18650D220 YikLik/YLE
CF/CB CANBus communication protocol
826 INR18650D260 YikLik/YLE
A5. Serial No., it may be 00-99 or 001-999
89D INR18650D290 YikLik/YLE
Code Description
300 INR18650A300 YikLik/YLE
xx 2 digital number
340 INR18650A340 YikLik/YLE
xxx 3 digital number
A8: BMS Version, it may be as below
A6: Colour for battery cases, it may be as below
Code Description
Code Description
E version KL96UF04A
B Black
S Sliver
Y Yellow
A White
U Blue
BW Bright white
Example: KLC96UF04B.809E
KL: E-bike battery pack
C: Customized
96: Customer code & Rated voltage 36.0V
UF: UART communication protocol
04: serial number
B: Black case
809: Cell type NCR18650PF, manufactory: Panasonic
E: BMS of E version

TRF No. BMS HFT=0_A Rev.1.1

 Report No.: SHES190802022921 Page 5 of 10

1. Safety Function
Prevention of risk of fire in case of management system failure for batteries, following protection circuits have been defined as safety related function in BMS
Part:
- Over/under voltage protection
- Over current (short) protection
- Over/under temperature protection
The behaviors of the safety function under fault condition were defined as switching off charging or discharging MOSFET within the specified response time.
Note:
The protection function of the BMS circuit included primary protection circuit, without secondary protection circuit, so the architecture of protection function could
be considered as HFT =0 per BS EN 62061:2015.
Information on the recommended application of IEC 62061 and this part of ISO 13849
IEC 62061 and this part of ISO 13849 specify requirements for the design and implementation of safety-related control systems of machinery. The use of either
of these International Standards, in accordance with their scopes, can be presumed to fulfil the relevant essential safety requirements. ISO/TR 23849 gives
guidance on the application of this part of ISO 13849 and IEC 62061 in the design of safety-related control systems for machinery.
BS EN 62061 was referred to executed performance level assessment in this report.

2. Risk Assessment
Per the Figure A.1 of ISO 13849-1:2015

Figure 1 Risk Assessment

The required performance level as the following table.

Parameter Result Rationale Required PLr

S Severity of injury S1 Only slight injuries C

TRF No. BMS HFT=0_A Rev.1.1

 Report No.: SHES190802022921 Page 6 of 10

F Frequency of exposure F2 Frequently or continuously exposed to the hazard

P Probability of avoidance P2 Scarcely possible to avoid a hazard
Note: According to EN 15194:2017 Clause 4.3.22 (a type C standard), the Performance Level of Prevention of risk of fire in case of management
system failure for batteries with capacity above 100Wh shall be PLr c.

3. Safety Block Diagram

Figure 2 Safety Structure for BMS

Note:
Cells voltage acquisition module, Current acquisition module, temperature acquisition module, Protect IC, charging and discharging MOS circuit composed of
safety related circuit in this BMS project.
Structure Analysis:
Category and circuit modules description as below table:
Category Modules Circuit modules description
Input Cells voltage acquisition module, Current acquisition module, temperature acquisition module
Logic Protect IC
Output charging and discharging MOS
Result:
According to above analysis and safety structure diagram, the protection function of the BMS circuit included primary protection circuit, without secondary
protection circuit, so the architecture of protection function could be considered as HFT =0 per BS EN 62061:2015.

4. Calculate the MTTFd / PFH

Analysis:

TRF No. BMS HFT=0_A Rev.1.1

 Report No.: SHES190802022921 Page 7 of 10

The system MTTFd / PFH has been calculated based on schematic and BoM, the calculation report has been checked and confirmed, the total system MTTFd
is 298.4 years, PFH is 3.83 * 10-7.
Table 3 of BS EN 62061:2015 is used as the guideline to estimate the target failure values of the system, which in fact is noted as PFHD.
Safety integrity Probability of a dangerous Failure per Hour (PFHD)
level
3 >= 10–8 to < 10–7
2 >= 10–7 to < 10–6
1 >= 10–6 to < 10–5
Result:
Per table 3 of BS EN 62061:2015., the calculated value for the system PFHD = 3.83 * 10-7 results in a SIL 2 level of target failure values.
5. Calculate the Safe Failure Fraction (SFF)
According to “KL96UF04A_FMEDA_BMS_v1.0”, SFF for this system is 67.42% (>= 60%).

6. Quantify SIL/PL Based On Input Parameters

The BMS protection circuit has been designed with the architecture of HFT = 0, SFF = 67.42% was evaluated. According to table 5 – architectural constraints
on subsystems: maximum SIL that can be claimed for a SRCF using this subsystem, SIL1 could be claimed for this BMS protection circuit.
Safe Failure Hardware Fault Tolerance
Fraction 0 1 2
60% - < 90% SIL1 SIL2 SIL3
90% - < 99% SIL2 SIL3 SIL3
≥ 99% SIL3 SIL3 SIL3
Result:
Above table is used to determine the SIL of the system, the system design (SFF and HFT) results in SIL 1.
7. Conclusions and Recommendations
The safety functions of the KL96UF04A BMS has been assessed to achieve SIL1 with HFT=0, according to the table 3 of EN ISO 13849-1:2015, it could be
used in PL c application.

TRF No. BMS HFT=0_A Rev.1.1

 Report No.: SHES190802022921 Page 8 of 10

8. Systematic Failure
8.1 Introduction
When electrical systems are used in conjunction with other technologies, then relevant tables for basic safety and
well–tried safety principles should also be taken into account.
8.2 List of basic safety principles
Table D.1 — Basic safety principles
Clause Requirement + Test Result - Remark Verdict
Use of suitable materials and adequate manufacturing Refer to the BMS P
Selection of material, manufacturing methods and treatment in BOM.
relation to e. g. stress, durability, elasticity, friction, wear,
corrosion, temperature, conductivity, dielectric rigidity.
Correct dimensioning and shaping Not assessed in N/C
Consider e. g. stress, strain, fatigue, surface roughness, project
tolerances, manufacturing.
Proper selection, combination, arrangements, assembly and Work products in P
installation of components/system main phase are
Apply manufacturer's application notes, e. g. catalogue sheets, available.
installation instructions, specifications, and use of good The battery user
engineering practice. manual is available.
Correct protective bonding No such case N/A
One side of the control circuit, one terminal of the operating coil
of each electromagnetic operated device or one terminal of
other electrical device is connected to the protective bonding
circuit [for full text see EN 60204-1:1997 (IEC 60204-1:1997),
9.1.4].
Insulation monitoring No such case N/A
Use of isolation monitoring device which either indicates an
earth fault or interrupts the circuit automatically after an earth
fault [see EN 60204- 1:1997 (IEC 60204-1:1997), 9.4.3.1].
Use of de–energisation principle Not this situation N/A
A safe state is obtained by de–energising all relevant devices,
e. g. by using of normally closed (NC) contact for inputs (push–
buttons and position switches) and normally open (NO) contact
for relays [see also EN 292–2:1991 (ISO/TR 12100-2:1992),
3.7.1].
Exceptions may exist in some applications, e. g. where the loss
of the electrical supply will create an additional hazard. Time
delay functions may be necessary to achieve a system safe
state [see EN 60204–1:1997 (IEC 60204-1:1997), 9.2.2].
Transient suppression The general transient P
Use of a suppression device (RC, diode, varistor) parallel to the suppression was
load, but not parallel to the contacts. designed in BMS
board according to
the schematic.
Reduction of response time Manufacture has P
Minimise delay in de–energising of switching components. taken measures to
minimise response
time
Compatibility All components meet P
Use components compatible with the voltages and currents the requirements of
used. volt and current rated
value.

TRF No. BMS HFT=0_A Rev.1.1

 Report No.: SHES190802022921 Page 9 of 10

Clause Requirement + Test Result - Remark Verdict

Withstanding environmental conditions The product has P
been executed EMC
Design the equipment so that it is capable of working in all testing according to
expected EN115194
environments and in any foreseeable adverse conditions, e. g. requirement, all
temperature, humidity, vibration and electromagnetic testing items
interference (EMI) passed, EMC testing
report is available.
Secure fixing of input devices No such case N/A
Secure input devices, e. g. interlocking switches, position
switches, limit switches, proximity switches, so that position,
alignment and switching tolerance is maintained under all
expected conditions, e. g. vibration, normal wear, ingress of
foreign bodies, temperature. See EN 1088:1995 (ISO
14119:1998), clause 5.
Protection against unexpected start–up No such case, this N/A
Prevent unexpected start–up, e. g. after power supply BMS always
restoration [see EN 292–2:1991 (ISO/TR 12100-2:1992), 3.7.2, monitoring battery in
EN 1037 (ISO 14118), its life cycling
EN 60204–1 (IEC 60204-1)].
Protection of the control circuit Not assessed in N/C
The control circuit should be protected in accordance with EN project
60204- 1:1997 (IEC 60204:-1:1997), 7.2 and 9.1.1.
Sequential switching for circuit of serial contacts of redundant Sequential switching P
signals to avoid the common mode failure of the welding of both for non-concurrent
contacts, the switching on and off does not happen design to avoid the
simultaneously, so that one contact always switches without common mode
current. failure.

8.3 List of well–tried safety principles

Table D.2 — Well–tried safety principles
Clause Requirement + Test Result - Remark Verdict
Positive mechanically linked contacts MOSFET used, no N/A
Use of positively mechanically linked contacts for, e. g. such case
monitoring function [see EN 292–2:1991 (ISO/TR 12100-
2:1992), 3.5].
Fault avoidance in cables PCBA board, no N/A
To avoid short circuit between two adjacent conductors: such case
 use cable with shield connected to the protective bonding
circuit on each separate conductor, or
 in flat cables, use of one earthed conductor between each
signal conductors.
Separation distance Not this situation N/A
Use of sufficient distance between position terminals,
components and wiring to avoid unintended connections.
Energy limitation No such case N/A
Use of a capacitor for supplying a finite amount of energy, e. g.
in timer application.
Limitation of electrical parameters All main components P
Limitation in voltage, current, energy or frequency resulting, e. were de-rating used.
g. in torque limitation, hold–to–run with displacement/time
limited, reduced speed, to avoid leading to an unsafe state.

TRF No. BMS HFT=0_A Rev.1.1

 Report No.: SHES190802022921 Page 10 of 10

Clause Requirement + Test Result - Remark Verdict

No undefined states All state is defined P
Avoid undefined states in the control system. Design and clearly, no undefined
construct the control system so that during normal operation states.
and all expected operating conditions its state, e. g. its output(s)
can be predicted.
Positive mode actuation No such case N/A
Direct action is transmitted by the shape (and not by the
strength) with no elastic elements, e. g. spring between actuator
and the contacts, [see EN 1088:1995 (ISO 14119:1998), 5.1].
Failure mode orientation The diagnostic P
Wherever possible, the device/circuit should fail to the safe measures are
state or condition. designed, in case of
any faults detected,
the system will go
into safe state.
Oriented failure mode No such case N/A
Oriented failure mode components or systems should be used
wherever practicable [see EN 292–2:1991 (ISO/TR 12100-
2:1992), 3.7.4].
Over–dimensioning The charging and P
De-rate components when used in safety circuits, e. g. by: discharging
MOSFETs are
Current passed through switched contacts should be less than chosen with de-rating
half their rated current, use.
The switching frequency of components should be less than
half their rated value, and
Total number of expected switching operation shall be ten times
less than the device's electrical durability.
Minimise possibility of faults Safety related circuit P
Separate safety–related functions from the other functions. and non-safety
related circuit are
separated.
Balance complexity/simplicity The balance P
Balance should be made between complexity to reach a better between complexity
control and simplify to have a better reliability. controllability and
simple reliability are
taken into
consideration during
product design and
development life
cycle.

--- END OF THE REPORT ---

TRF No. BMS HFT=0_A Rev.1.1