EDENA-RS 1.0 — governing AI that moves through the world

Scope & purpose

This standard applies to any AI-enabled system that perceives and acts in physical space: clinical and service robots, surgical-assist and intervention systems, autonomous mobile robots (AMRs), delivery and logistics platforms, and rehabilitation or assistive devices — whether labeled "robot," "device," "platform," or "cobot."

The purpose of EDENA-RS is to ensure that, before a robot moves or exerts force, that action is classified by physical risk, bounded in space and energy, authorized at the correct human level, recoverable by a reachable stop, and recorded. Where EDENA-AS governs the transition from output to action, EDENA-RS governs the transition from action to motion — the point at which a wrong decision can injure a person.

Terms & normative language

The key words MUST, MUST NOT, SHOULD, and MAY are to be interpreted as requirement levels, consistent with EDENA-AS: MUST denotes an absolute requirement for conformance; SHOULD denotes a recommended practice that requires documented justification to omit; MAY denotes an optional practice.

• Kinetic action — any motion or exertion of force a robot can perform that changes the physical world: movement, manipulation, grasping, cutting, lifting, or applied pressure.
• Physical blast radius — the people, objects, and environment a kinetic action can affect if it is wrong, including bystanders within reach of motion.
• Safe zone — a bounded region, speed, and force envelope within which the robot is authorized to operate; crossing the boundary is a governance event.
• Autonomy level — the degree of independent control exercised, on a declared scale: teleoperated (a human drives every motion) → supervised (human approves or monitors actions) → conditional (autonomous within defined conditions, human on standby) → high autonomy (sustained independent operation).
• Emergency stop — a physically reachable control that halts motion and removes hazardous energy without requiring the robot's cooperation.
• Steward — the on-site human (in clinical settings, typically a nurse) responsible for the whole-person, systems-aware environment in which the robot operates.

Physical-action tiering

Every kinetic action MUST be classified into an action-risk tier using, at minimum, three physical signals: kinetic energy or applied force, proximity to people, and irreversibility of physical harm. Where signals disagree, the system MUST select the higher tier (ambiguity escalates upward).

• Any action that can injure a person MUST start at Red and be approval-gated or blocked; it MUST NOT default to autonomous execution.
• Force or speed sufficient to cause harm on contact MUST raise the tier even where contact is not intended.
• Surgical, interventional, and high-force manipulation MUST be treated as Red-tier kinetic action and gated to a named, role-appropriate human.

Human authority & the emergency stop

Every robot within EDENA-RS scope MUST provide a physically reachable emergency stop that halts motion and removes hazardous energy without requiring the robot's cooperation — independent of the agentic software, the network, and the robot's own reasoning.

• Stop authority MUST belong to the on-site steward and MUST NOT be overridable by the system, by a remote operator, or by an autonomous planner.
• The emergency stop MUST remain functional when sensing, planning, or connectivity has failed, and MUST bring the robot to a defined safe state rather than continuing its last commanded action.
• A tier MUST NOT authorize its own kinetic action. Every Red-tier motion MUST resolve to a specific, role-appropriate named human who can understand, challenge, override, and stop it, and who owns it once authorized.

Spatial constraints & safe zones

A robot's authorized operating envelope MUST be declared and enforced through spatial and physical limits — not assumed from the robot's good behavior.

• Operating areas MUST be geofenced, and force and speed MUST be limited to the declared safe zone; leaving the zone MUST trigger containment under §8.
• Separation monitoring MUST detect people and obstacles entering the robot's path, and the robot MUST slow or stop as separation decreases.
• Entering a human's personal space MUST raise the action tier (externality and proximity raise the floor); intimate-proximity tasks MUST carry the safeguards required for the resulting tier.

Autonomy levels & teleoperation

The autonomy level MUST be declared and bounded for every deployment, from teleoperated through high autonomy. Operating above the declared level MUST be treated as exceeding authorized scope.

• Escalating autonomy — granting the robot more independent control, longer-horizon plans, or coordination with other robots — MUST be re-tiered to at least Orange and MUST carry added safeguards.
• Teleoperation MUST preserve the steward's stop authority locally; loss of the control link MUST drive a safe-state fallback under §7, never continued motion.
• Hand-offs between autonomous and human control MUST be explicit, acknowledged, and recorded, so that authority for any motion is never ambiguous.

Sensor integrity & environmental awareness

A robot's safety depends on its perception of the world. Degraded, occluded, conflicting, or failed sensing MUST trigger a safe-state fallback — stop and hold — rather than proceeding on a default or last-known action.

• The robot MUST detect loss of confidence in its perception of people, obstacles, and its own position, and MUST degrade to a safe state when confidence falls below the declared threshold.
• Fallback behavior MUST be predetermined and conservative, echoing the EU AI Act Article 15 expectation that high-risk systems behave robustly and fail safely.
• Sensor faults, fallbacks, and recoveries MUST be recorded under §9.

Containment

Containment MUST be built before scale, not after harm. Physical containment MUST combine independent mechanisms so that no single failure removes the ability to stop a robot.

• Robots MUST implement dead-man controls, force limiting, geofencing, and watchdog timers that halt motion if control or supervision is lost.
• Exceeding authorized scope, tier, safe zone, speed, or force MUST trigger automatic containment and escalation to the on-site steward and the named human.
• Stop-the-line authority (see the AI Incident & Stop-the-Line Standard) MUST be available to the steward at all times and MUST NOT be overridable by the robot or its planner.

Evidence & black-box recorder

Every governed event MUST be captured by a tamper-evident black-box recorder in a form that supports real-time monitoring and after-the-fact investigation, and MUST conform to the Evidence Bundle Standard.

• The recorder MUST log motion and force commands, perception state and confidence, autonomy-level changes, control hand-offs, classification outcomes (ALLOW / REQUIRE_HUMAN / CONSTRAIN / THROTTLE / DENY), human overrides, and every stop event.
• Records MUST be time-synchronized and sufficient to reconstruct the sequence of events leading to any incident, near-miss, or stop.
• Where a robot processes protected health information, that data MUST be governed as a boundary event under EDENA-AS rather than logged in the clear.

Mapping & inheritance

EDENA-RS does not replace established robot-safety engineering; it governs the AI layer above it and ties it to a named human and a stewarded environment. Conformant deployments MUST remain consistent with applicable robot-safety standard families and MUST inherit EDENA-AS for the agentic software controlling the robot.

References to ISO and medical-electrical-safety families indicate the categories of established robot-safety engineering with which EDENA-RS is designed to remain consistent; they do not assert certification by, or endorsement from, those bodies. EDENA-RS is the nurse-led governance layer above that engineering, not a substitute for it.