Infineon / Mitsubishi / Fuji / Semikron / Eupec / IXYS

How is functional safety defined & implemented for batteries in EVs and BESS?

How is functional safety defined & implemented for batteries in EVs and BESS?

Posted Date: 2023-07-28

Li-ion batteries can retailer giant quantities of power, they usually can help excessive charges of energy supply. They're the popular power storage know-how for EVs and enormous battery power storage techniques (BESS). But when not correctly managed, they'll additionally current security hazards. That makes purposeful security a vital consideration when designing giant Li-ion batteries like these present in EVs and BESS.

This FAQ critiques the significance of sustaining operation within the protected working space (SOA) of lithium batteries together with the features of the battery administration system (BMS), then briefly presents some fundamental ideas of purposeful security outlined in IEC 61508, ISO 26262, and UL 1973, appears to be like at definitions for hazards versus dangers and examples of purposeful security assessments, and it considers challenges associated to using combo packing containers, multi-core processors and redundant system architectures for BMS.

The principle components that influence Li-ion security embody voltage, present, temperature, and mechanical harm. Mechanical harm is mostly associated to accidents or misuse of the cells. SOA is primarily a perform of V, I, and T with the precise values various primarily based on the Li-ion chemistry getting used (Determine 1). If a Li-ion cell is operated outdoors the SOA, secondary reactions can begin resulting in cell degradation and presumably harmful situations. At a fundamental stage, a Li-ion battery pack consists of sensors for V, I, and T that the BMS makes use of to maintain working throughout the SOA. Some packs additionally embody gasoline detection and different sensors to offer an early warning of harmful situations arising from mechanical harm or operation outdoors the SOA.

How is functional safety defined & implemented for batteries in EVs and BESS?

Determine 1. Understanding the SOA of a particular Li-ion chemistry is vital to assembly purposeful security necessities (Picture: Lithium Steadiness A/S).

Whereas the main points differ relying on the cell chemistry, the present is the most important contributor to warmth era in Li-ion cells. Excessive currents may trigger accelerated cell growing older. Extreme voltage and overcharging are additionally security issues and may end up in cell harm. If a cell is overcharged, aspect reactions can happen that generate gases and warmth that may trigger cell venting and in excessive instances, begin a hearth.

A well-designed BMS and an influence monitoring and disconnection unit (PMDU) are central to the protected operation and lengthy lives of Li-ion cells. Massive battery packs like these in EVs and BESS are comprised of quite a few modules. Each cell in every module have to be monitored for cell balancing along with issues with V, I, and T. On account of variations within the manufacturing course of, the battery cells within the modules should not completely matched, and the BMS is required to help cell balancing. Imbalances between cells trigger them to cost at totally different charges and may end up in unsafe situations within the module. The BMS screens the charging of particular person cells and compensates for imbalances.

Along with a collection of sensors, the BMS consists of a number of parameter estimation algorithms. Protected and dependable battery pack operation relies on the state of cost (SoC) to find out the remaining capability within the battery, the state of well being (SoH) that estimates the capability fade skilled by the pack because it’s charged and discharged quite a few instances, and the state of energy (SoP) that indicated the facility supply functionality of the battery.

Being protected
Safety is a main BMS perform. The BMS protects the battery from abusive charging or discharging, extreme temperatures, and different undesirable working situations, and it protects individuals from hazards like burning or exploding batteries. There are totally different security requirements for various functions. IEC 61508 applies throughout most functions together with BESS and defines Security Integrity Ranges (SILs). ISO 26262 is restricted to the automotive business and defines Automotive Security Integrity Ranges (ASILs). UL 1973 is a combined bag and applies to battery packs utilized in mild electrical rail and stationary functions.

The protection targets outlined within the numerous requirements present an anticipated efficiency stage of the BMS and general battery system. They're derived utilizing a security evaluation primarily based on two components:

  • Hazard Identification: A hazard is something that will trigger hurt together with bodily harm or harm to well being.
  • Threat Evaluation and analysis: A danger evaluation quantifies the prospect that an individual will be harmed by a hazard together with an analysis of how severe the hurt could possibly be.

Practical security will be designed right into a battery pack, and its efficacy is confirmed utilizing quite a lot of administration approaches. For instance, product improvement groups ought to embody a particular concentrate on security administration and implementation of security specs; high quality assurance groups can carry out security assessments together with affirmation critiques and course of audits, and a devoted purposeful security competence heart will be applied to help technical critiques and assessments of the method and its outcomes (Determine 2).

How is functional safety defined & implemented for batteries in EVs and BESS?

Determine 2. Designing purposeful security in a battery pack requires the coordination of a number of disciplines (Picture: Renesas).

Combo field challenges
So-called combo packing containers can current extra purposeful security challenges. A combo field consists of two associated however separate subsystems like an onboard charger (OBC) paired with a DC/DC converter. The subsystems are mixed to share assets, enhance reliability since there are fewer parts, and scale back upkeep and price. For instance, the cooling system will be shared by an OBC and DC/DC. That may additionally enhance energy/system density and scale back system weight.

The efficiency and price advantages are actually enticing, but it surely’s not fairly that straightforward. Built-in techniques can current challenges associated to manufacturability, noise ranges, thermal administration, and security. If a number of of the built-in techniques are security vital just like the BMS or the drivetrain inverter, all the combo field will be topic to troublesome ASIL calls for. Examples of safety-critical techniques embody sure dc/dc converters, the drivetrain inverter and motor, the battery cost controller, OBC, and BMS (Determine 3).

How is functional safety defined & implemented for batteries in EVs and BESS?

Determine 3. The usage of combo packing containers is rising in EV powertrain techniques and rising the challenges associated to assembly ASIL necessities (Picture: Siemens).

The required ASIL qualification applies to the software program operating the system in addition to the {hardware}. To attain ASIL purposeful security, an MCU and an AUTOSAR (AUTomotive Open System ARchitecture) software program stack with multi-core help and AUTOSAR fundamental software program (BSW) are wanted. AUTOSAR is the worldwide customary for software program enabling open E/E system architectures for clever mobility platforms like EVs needing excessive ranges of dependability, significantly security, and safety.

Multi-cores for ASIL compliance
The usage of multi-core MCUs will be an essential side of assembly ASIL necessities in combo packing containers. AUTOSAR improvement environments can be found that help the mixing, testing, and evaluation wanted for ASIL compliance in multi-core environments. In a combo-box, numerous features will be distributed throughout totally different cores. In a DC/DC plus OBC combo field, core 0 can be utilized for DC/DC features, and core 1 will be devoted to the OBC. That method can simplify ASIL compliance with the general system.

Multi-core implementations can contribute to efficiency enchancment by lowering the load on particular person CPUs and consolidating auxiliary features like communications on a devoted core. As well as, totally different subsystems might have totally different approaches to ASIL compliance that may be extra successfully addressed utilizing devoted cores.

Being redundant
Sensors for cell voltage and temperature are positioned all through an EV battery pack and are key parts utilized by the BMS for monitoring battery well being and making certain protected operation. Fixed connectivity is required between the BMS and the sensors because the voltage and temperature info is learn on a frequent foundation and utilized by the management processor to make sure that the battery stays within the SOA. Within the case of high-voltage battery packs like these present in EVs and BESS, a number of monitoring ICs are organized in a stacked structure with every IC monitoring a gaggle of battery cells.

Issues can happen if connectivity between the battery cells and the IC is misplaced on account of an open or brief circuit. If that occurs, a hazardous occasion could develop. One answer is using bidirectional ring communication and a redundant path for battery voltage measurement that gives fault tolerance and will increase pack security by making certain steady monitoring. If an open or brief fault happens in one of many redundant ring communication paths, the MCU can proceed speaking with the battery monitoring ICs by switching the route of the communication to the redundant path that's persevering with to function usually with no lack of temperature or voltage info making certain uninterrupted security (Determine 4).

How is functional safety defined & implemented for batteries in EVs and BESS?

Determine 4. The usage of redundant communications in a BMS can enhance security efficiency (Picture: Texas Devices).

Practical security is a typical problem confronted by designers of EV batteries and BESS installations. Understanding the SOA of particular Li-ion batteries is foundational to reaching protected techniques. There are totally different security requirements for EV batteries and BESS, however the common ideas of hazard identification and danger evaluation apply in each instances. Designers can make use of quite a lot of software program and {hardware} approaches to effectively and cost-effectively meet purposeful security necessities.

Crucial evaluate and purposeful security of a battery administration system for giant‑scale lithium‑ion battery pack applied sciences, Springer
Guaranteeing purposeful security in combo-box structure, Siemens
Practical Security BMS Design Methodology for Automotive Lithium-Primarily based Batteries, MDPI energies
Practical Security Issues in Battery Administration for Car Electrification, Texas Devices
Practical Security Necessities for Battery Administration Methods in Electrical automobiles, Lithium Steadiness A/S
ISO 26262 Practical Security for Automotive, Renesas
Overcome the challenges of electrical automobile embedded software program improvement, Siemens