What Is Fail-Safe Valve?

Quick Answer

A fail-safe valve automatically moves to a predetermined safe position when the actuating energy (air, electricity, or hydraulic pressure) is lost. Fail-close (FC) valves close on energy loss; the standard for hydrocarbon isolation and ESD applications. Fail-open (FO) valves open on energy loss; used for cooling water, pressure relief bypass, and fire water. Fail-in-place (FIP or FL) valves lock in their last position. The fail-safe action is achieved through a spring return actuator.

Fail-Safe Configurations

Configuration	Abbreviation	Action on Energy Loss	Typical Application
Fail-Close	FC (FTC)	Valve closes	Fuel gas shut-off, ESD isolation, hydrocarbon block valves
Fail-Open	FO (FTO)	Valve opens	Cooling water supply, fire water, pressure relief bypass
Fail-In-Place	FIP (FL)	Valve stays at last position	Non-critical control valves, throttling applications

How Fail-Safe Works

Pneumatic Spring Return

The most common fail-safe mechanism. A pneumatic actuator has a compressed spring that opposes the air pressure. During normal operation, air pressure holds the valve in the operating position (e.g., open for an FC valve). On air loss, the spring energy drives the valve to the safe position.

Fail-Close (Air-to-Open)	Fail-Open (Air-to-Close)
Air pressure opens valve	Air pressure closes valve
Spring force closes valve	Spring force opens valve
Safe position = closed	Safe position = open
Standard for isolation	Standard for cooling/safety supply

Electric Actuator Fail-Safe

Electric actuators do not inherently fail to a safe position; the motor simply stops. Fail-safe requires an additional mechanism:

Method	Response Time	Cost	Reliability
Battery pack	15-60 seconds	Moderate	Subject to battery aging
Supercapacitor	5-30 seconds	Moderate-high	Better longevity than battery
Spring module	3-15 seconds	High	Mechanical, very reliable
Hydraulic accumulator	1-5 seconds	High	reliable, fast

ESD Valve Requirements

Emergency shutdown (ESD) valves are the most critical fail-safe valves. They must:

Requirement	Specification
Fail-safe action	FC (close on signal or energy loss)
Response time	2-10 seconds (full stroke), per safety study
SIL rating	SIL 2 or SIL 3 per IEC 61511 / IEC 61508
Proof test	Partial stroke test per IEC 61491
Valve type	Trunnion ball valve (pipeline), gate valve (process)
Actuator	Spring-return pneumatic (scotch-yoke or piston)
Fire-safe	API 607 certified
Solenoid	3-way NC solenoid (de-energize to trip)

SIL Rating Overview

Safety Integrity Level (SIL) defines the required reliability of the safety function:

SIL Level	PFDavg (Probability of Failure on Demand)	Risk Reduction Factor
SIL 1	0.1 to 0.01	10 to 100
SIL 2	0.01 to 0.001	100 to 1,000
SIL 3	0.001 to 0.0001	1,000 to 10,000
SIL 4	0.0001 to 0.00001	10,000 to 100,000

Most ESD valves in oil and gas are SIL 2 or SIL 3. Achieving the required SIL involves selecting certified components (valve, actuator, solenoid, limit switch) and implementing proof testing at defined intervals.

Fail-Safe Selection Guide

Service	Fail-Safe Action	Reason
Hydrocarbon isolation	FC	Prevent uncontrolled release
Fuel gas to burner	FC	Prevent uncontrolled fire
Cooling water to exchanger	FO	Prevent overheating and thermal runaway
Fire water deluge	FO	Ensure fire suppression activates
Temperature control valve	FO or FC	Depends on process hazard analysis
Non-critical level control	FIP	Minimize process upset

Common Mistake

Assuming all ESD valves should fail-close. Some safety functions require fail-open action. Always base the fail-safe direction on the HAZOP/SIL study results, not on a default assumption. A fail-close valve on a cooling water line could cause an exothermic reactor to overheat; a more dangerous condition than the initiating event.

Read the full guide to valve types