An interlock in a control system is a logic-based safeguard that prevents a system from entering a dangerous or conflicting state. It works by blocking an action unless specific conditions are met, or by forcing a shutdown when those conditions are violated. Interlocks are found everywhere from simple light switches to complex chemical processing plants, and they can be mechanical, electrical, or programmed in software.
How Interlocks Work
At their core, interlocks use simple conditional logic: if a certain condition is true (or false), then allow (or block) an action. A light switch paired with a lighting circuit is a basic interlock. The switch position is the condition, and the circuit response is the action.
Interlocks can evaluate one condition or combine two conditions using AND or OR logic. In an AND interlock, both conditions must be true before the system acts. In an OR interlock, either condition being true is enough to trigger the action. These building blocks scale up to handle extraordinarily complex industrial processes, but the underlying principle never changes: check conditions first, then act.
Interlocks vs. Permissives
Two related terms often come up together and are worth distinguishing. A permissive is a condition that must be satisfied before a system is allowed to start. Think of it as a checklist: the system needs “permission” from each input before it will activate. An interlock, by contrast, prevents two incompatible actions from happening at the same time, such as powering a motor forward and backward simultaneously. In practice, many control systems use both: permissives to gate startup and interlocks to prevent dangerous conflicts during operation.
Electrical Interlocks
Electrical interlocks use the wiring of contactors and relays to physically prevent conflicting operations. The most common example is a forward/reverse motor starter. A motor that can spin in two directions needs two contactors, one for each direction. If both contactors energize at the same time, the result is a short circuit with potentially hazardous consequences.
To prevent this, each contactor includes a normally closed auxiliary contact wired in series with the opposite contactor’s coil. When the forward coil energizes, its normally closed contact in the reverse circuit opens, cutting off power to the reverse coil. Even if someone presses the reverse button while the motor is running forward, current cannot reach the reverse coil. Nothing happens until the forward coil is de-energized first.
Some designs add pushbutton interlocking on top of this. In that arrangement, pressing one direction’s button simultaneously disengages the opposite coil and starts the new one, so the operator doesn’t have to hit “stop” before reversing. The electrical interlock still guarantees that both coils can never be active at the same instant.
Mechanical Interlocks
Mechanical interlocks use physical barriers, locks, and keys to enforce safe sequences. The most widely used version is trapped-key interlocking (also called key-transfer interlocking), a system of mechanical locks installed on guards, valves, switches, and gates.
The basic principle: a master key sits in a control device, such as a power disconnect switch. Turning the switch off traps the key in a position where it can be removed. That key then opens the lock on a machine guard, giving the worker access to the danger zone. Critically, the key stays trapped in the guard lock until the guard is closed and locked again. Only then can the worker return the key to the control device and restore power. The machine physically cannot run while the guard is open, because the key needed to restore power is locked inside the guard.
For complex setups with multiple access points, key exchange devices manage the sequence. Inserting one key releases a different key, ensuring that operations happen in the correct order. These mechanical devices are robust enough to work in dirty, dusty, and wet industrial environments, which makes them a popular choice for heavy machinery and switchgear.
Software and Logic Interlocks
In modern plants, most interlocks are implemented in programmable logic controllers using ladder logic or similar programming languages. A software interlock applies the same concept as an electrical interlock, but without physical hardwiring. Instead, the logic is written in code.
A typical example: two pumps that should never run simultaneously. The program uses each pump’s status as a condition in the other pump’s control rung. If pump one is running, the logic opens a virtual contact that blocks pump two’s coil from energizing, and vice versa. The result is identical to a hardwired electrical interlock, but it’s faster to modify, easier to troubleshoot, and can handle far more complex condition sets. Software interlocks are the most frequently used type in industrial automation today.
Fail-Safe Design
A well-designed interlock defaults to the safest possible state when something goes wrong. If power is lost, a signal drops out, or a component fails, the system should not land in a dangerous configuration. In practice, this means selecting components that fail in a safe direction. Valves in a chemical process, for example, are typically chosen to fail closed on loss of electrical power or control signal. That way, a power outage doesn’t leave hazardous material flowing uncontrolled.
This principle extends to every part of the interlock chain. Sensors, wiring, relays, and software logic are all designed so that a single failure moves the system toward shutdown rather than toward continued operation. The goal is simple: no single point of failure should be able to defeat the interlock.
Safety Integrity Levels
Not all interlocks carry the same level of risk, so international standards assign them graded safety requirements. The IEC 61508 standard defines four Safety Integrity Levels (SIL 1 through SIL 4), each representing a different degree of risk reduction. SIL 1 provides a risk reduction factor between 10 and 100. SIL 2 provides 100 to 1,000. SIL 3 covers 1,000 to 10,000, and SIL 4, the highest level, offers 10,000 to 100,000.
The level assigned to a particular interlock depends on the consequences of failure. A guard interlock on a small machine might require SIL 1 or SIL 2. An emergency shutdown system in a refinery could demand SIL 3. The standard is used globally by safety regulators as the accepted benchmark for what constitutes good practice in interlock design.
Common Industrial Applications
Interlocks appear across virtually every industry that uses automated equipment:
- Motor reversing circuits: Prevent forward and reverse contactors from engaging simultaneously, avoiding short circuits.
- Transfer switches: Ensure a facility’s main power supply and backup generator supply cannot feed the system at the same time. Only one contactor can be operational at any given moment.
- Valve sequencing: In chemical and pharmaceutical plants, interlocks enforce the correct order of valve operations so that incompatible materials never mix in a vessel.
- Machine guarding: Trapped-key and sensor-based interlocks shut down hazardous motion when a safety guard is opened.
- Building automation: HVAC systems use interlocks to coordinate fans, dampers, and heating or cooling stages so they operate in the correct sequence.
Cybersecurity Considerations
As interlocks move from hardwired relays to networked software, they become part of a facility’s operational technology (OT) infrastructure. The convergence of OT with information technology (IT) expands the attack surface for cyber threats. A compromised software interlock could, in theory, be overridden remotely.
This risk is driving significant investment. According to Rockwell Automation, 61% of cybersecurity and IT professionals in manufacturing plan to adopt AI and machine learning for security within the next 12 months, outpacing general manufacturing adoption by 12 percentage points. Nearly half of cybersecurity professionals identified securing converging IT/OT architecture as a key priority over the next five years. For facilities that rely on software interlocks for safety-critical functions, hardwired backup interlocks remain a common safeguard against both cyber threats and software faults.