Industrial facilities operating in hazardous locations and offshore environments are subject to some of the most demanding regulatory oversight in the engineering world. In the United States alone, multiple federal agencies, including OSHA, BSEE, and the US Coast Guard, set mandatory requirements for the design, installation, and maintenance of control systems. These obligations sit alongside internationally recognized standards such as IEC 60079 for explosive-atmosphere equipment and IEC 61511 for functional safety, many of which are directly incorporated into US federal regulations by reference, giving them the force of law. When compliance readiness is not in place, it does not result in a warning letter. It results in shutdown orders, enforcement action, and, in the most serious cases, loss of life.
This article addresses how control systems must evolve to meet regulatory standards (hazardous-area design, offshore environments, dual-fuel systems, etc.). It describes the engineering of control hardware, software, and architecture that satisfy safety, environmental, and regulatory mandates. Understanding which standards apply and how they translate into concrete engineering decisions is the first step toward compliance readiness.
The US Regulatory Framework
Control systems in US hazardous and offshore environments must satisfy overlapping obligations drawn from several federal bodies. Also, each of these bodies has a distinct jurisdictional scope.
a) Onshore Operations
OSHA 29 CFR Part 1910.307 governs electrical equipment and wiring in hazardous classified locations onshore. It requires that equipment be approved for the specific class, division, group, and temperature range of the area in which it is installed. OSHA mandates that area classification and equipment selection be performed under the supervision of a qualified registered professional engineer. This regulation operates in parallel with NFPA 70 (National Electrical Code), which in Articles 500 through 506, establishes the complete classification framework for hazardous locations.
b) Offshore Operations
For offshore oil and gas operations on the Outer Continental Shelf, the Bureau of Safety and Environmental Enforcement (BSEE) enforces 30 CFR Part 250 Subpart H. It requires operators to design, install, use, maintain, and test all production safety systems to protect human health and the marine and coastal environments. Critically, operators may not commence production on a new facility until BSEE approves their production safety system application and conducts a pre-production inspection.
Hazardous Area Design: Classification and Hardware Selection to Ensure Compliance Readiness
Area Classification Systems
The US operates two parallel classification systems that engineers must navigate simultaneously. The NEC Class and Division system categorises locations by:
- Material type: Class I for flammable gases and vapours, Class II for combustible dusts, Class III for ignitable fibres
- Condition of exposure: Division 1 for locations where the hazard is present under normal conditions. While Division 2 is for locations where it exists only under abnormal conditions
The Zone system, introduced in NEC Articles 505 and 506 and aligned with IEC 60079, provides an alternative classification that is common in offshore and international projects:
- Zone 0: explosive atmosphere present continuously or for long periods
- Zone 1: explosive atmosphere likely during normal operation
- Zone 2: explosive atmosphere, infrequent and of short duration
Where projects must satisfy both US and international requirements, engineers must reconcile NEC Class and Division designations with IEC Zone equivalents. This is to ensure that equipment certified under one framework meets the requirements of the other.
Control Hardware Protection Techniques that Deliver Compliance Readiness
Once an area is classified, every piece of control hardware must be matched to an appropriate protection technique. Common methods recognised under both NEC and IEC 60079-14:2024 include:
- Explosion-proof or flameproof enclosures “d”: The enclosure contains an internal ignition without propagating it to the surrounding atmosphere.
- Intrinsic safety “ia” and “ib”: Electrical energy in the circuit is limited below the ignition threshold of the surrounding gas mixture.
- Pressurised enclosures “p”: Internal positive pressure of clean gas prevents ingress of explosive atmosphere.
- Increased safety “e”: Construction measures reduce the probability of sparks or excessive surface temperatures under normal operation.
On offshore and internationally specified projects, selected hardware must also carry the appropriate certification marking. ATEX certification is mandatory for equipment placed on the EU market. IECEx is recognised in more than 35 countries and is widely specified for cross-jurisdictional offshore projects. Both schemes are built on the same IEC 60079 technical standards, meaning manufacturers can typically pursue both simultaneously. On US projects, ATEX- or IECEx-certified equipment must still be verified against the equivalent NEC Class, Division, and Group requirements before installation.
The 2024 revision of IEC 60079-14 mandates that the selected protection technique be preserved through installation, not just at the point of equipment manufacture. Incorrect cable entries, inadequate earthing, or non-compliant conduit sealing can invalidate a certified device at the installation stage. This creates regulatory exposure regardless of the equipment’s certification marking.
Functional Safety and SIS Architecture
Safety Integrity Levels
Functional safety for process and offshore safety systems is governed by IEC 61511, which OSHA has formally endorsed as a recognised and generally accepted good engineering practice under its Process Safety Management standard 29 CFR 1910.119. IEC 61511 requires that Safety Instrumented Systems (SIS) achieve a quantified Safety Integrity Level (SIL) for each safety function. SIL is a numerical target that defines how reliably the function must perform when called upon.
SIL is expressed using the Probability of Failure on Demand:
![\[ PFD=\frac{1}{RRF} \]](https://petrotechinc.com/wp-content/ql-cache/quicklatex.com-6b1de5109f9000a762d8e38c58a96ed6_l3.png "Rendered by QuickLaTeX.com")
In plain terms, RRF is the Risk Reduction Factor, and PFD is the likelihood that the safety system fails to act when it needs to. A SIL 2 function must fail no more than once in every 100 demands. A SIL 3 function must fail no more than once in every 1,000. The higher the SIL, the more reliable the system must be, and the more rigorous the engineering required to demonstrate that reliability.
Achieving the required SIL across the full safety loop demands that sensors, logic solvers, and final elements all contribute to the aggregate reliability target.
l The SIS lifecycle follows a defined sequence:
- Step 1: Conduct a hazard and risk assessment to identify all required safety instrumented functions and their individual SIL targets.
- Step 2: Design and engineer the SIS to meet each SIL target, with independent verification at each design phase.
- Step 3: Commission, validate, and proof test the installed system before introducing process hazards.
- Step 4: Operate and maintain the system throughout its service life, with formal management of change applied to any modification.
SIS and BPCS Independence
IEC 61511 requires that the SIS remain physically and functionally independent from the Basic Process Control System (BPCS), which handles normal process operations. The SIS must be capable of performing its safety functions regardless of the state of the BPCS. The most frequently identified sources of non-compliance in offshore audits are:
- Shared network infrastructure between the SIS and BPCS
- Common cause failures across redundant safety channels
- Uncontrolled software modifications that inhibit safety logic without formal change authorisation
Dual Fuel Systems: Evolving Obligations for Compliance Readiness
The shift to LNG and dual-fuel propulsion aboard offshore supply vessels, floating production, storage, and offloading units (FPSOs), and drilling units introduces explosive-atmosphere risks. This triggers a chain of compliance obligations. Zone classification studies must be extended to cover newly affected fuel handling spaces, feeding directly into the revised control system architecture. Safety instrumented functions requiring SIL determination under IEC 61511 for dual fuel applications include:
- Gas detection and continuous atmospheric monitoring across newly classified spaces
- Fuel changeover interlocks during transitions between diesel and gas modes
- Emergency shutdown of fuel supply under fault or exceedance conditions
Control engineers working on dual-fuel conversions must simultaneously satisfy IEC 60079 explosion-protection requirements and IEC 61511 functional-safety obligations across fuel types.
Executing Your Compliance Readiness Program with Petrotech
Meeting evolving control system regulations requires tailored engineering. This is particularly true in hazardous and offshore environments where off-the-shelf solutions cannot address the full scope of classification, functional safety, and architecture obligations. Petrotech specialises in end-to-end compliance engineering for control systems operating under OSHA, BSEE, NEC, IEC 60079, and IEC 61511 mandates.
Core services include the following:
- Hazardous area classification and hardware selection: Zone studies, equipment matching, and ATEX and IECEx documentation aligned to NEC and IEC frameworks
- Functional safety lifecycle management: HAZOP, LOPA, SIL determination, SIS design, and full validation to IEC 61511
- Control system architecture engineering: Independent SIS and BPCS design with audit-ready documentation and change management processes
- Dual fuel and alternative propulsion integration: Safety engineering for LNG and emerging fuel control systems in newly classified spaces
- Compliance gap assessments and inspection readiness: Structured reviews against current NEC, IEC 60079-14:2024, IEC 61511, and 30 CFR Part 250 requirements
Reach out today to build a compliance program that keeps your control systems safe, certifiable, and ready for regulatory scrutiny at every stage of their lifecycle.