Control Valve Fail-Safe Modes Explained

In industries like chemicals, oil refining, petrochemicals, pharma and power generation, losing utilities like electrical power or instrument compressed air can be catastrophic and create a safety hazard. If an industrial control system loses power, valves must automatically revert to a safe position to prevent explosions, over-pressurisation, or hazardous spills. This baseline safety mechanism is known as the valve’s fail-safe mode.

What is a Fail-Safe Mode?

A fail-safe mode is an engineered design feature that dictates the physical position a control valve will automatically return to if it loses its power source such as compressed air, hydraulic fluid, or electrical power.

Fail-safe positions are fundamentally dictated by safety first, and process continuity second. They rely on physical energy stored in heavy internal mechanical springs to move the valve stem without needing external utilities.

The Three Primary Fail-Safe Orientations

  • Fail-Closed (FC) / Air-to-Open (ATO)

A Fail-Closed (FC) valve uses an internal spring to force the valve fully shut the moment control power is lost. To open this valve under normal operations, compressed air pressure must overcome the spring force, hence it is also called Air-to-Open (ATO).

  • Primary Purpose: Isolates systems to stop the flow of materials.
  • Common Applications: Fuel lines feeding a boiler or furnace (shutting off the fuel prevents explosions).
  • Chemical feed lines introducing hazardous reactants into a vessel.
  • Bottom drain valves on pressurised process tanks.

  • Fail-Open (FO) / Air-to-Close (ATC)

A Fail-Open (FO) valve uses its internal spring to force the valve fully wide open when power drops out. During normal operations, compressed air is continuously applied to keep the valve choked or closed, the mode is also referred to as Air-to-Close (ATC).

  • Primary Purpose: Allows critical cooling or pressure relief paths to stay completely unobstructed.
  • Common Applications: Cooling water lines running to a chemical reactor jacket (preventing a thermal runaway reaction). Pressure vent or flare line valves (ensuring the system can safely vent pressure to avoid bursting).

  • Fail-Last / Fail-Locked (FL)

A Fail-Last (FL) or Fail-in-Place valve does not use a dominant internal spring. Instead, it utilises specialised pneumatic lock-up valves or digital positioners that trap the remaining air inside the actuator cylinder.

  • Primary Purpose: Maintains the status quo of the system until technicians can manually intervene.
  • Common Applications: Continuous steady-state operations where a sudden change in either direction would destabilise the plant, such as distillation column feed systems.

How to Determine the Correct Fail Mode

To choose the correct fail mode during plant design, hazard operations (HAZOP) teams ask one basic question: If this utility fails, which valve position poses the least immediate threat to human life and equipment?

If a line carries cooling water to an exothermic process, it must be Fail-Open.

If a line carries volatile hydrocarbons to a burner, it must be Fail-Closed.

Frequently Asked Questions about Fail-Safe Modes

  • What happens if an electric actuator loses power?

Unlike pneumatic actuators that natively use mechanical springs to reset, standard electric actuators stay in their last operated position when power fails. To make an electric actuator fail-safe, engineers must specify models equipped with either an internal battery backup system or an internal mechanical spring-return mechanism.

  • Can a valve’s fail action be changed in the field?

Yes, depending on the valve design, the fail action can be changed. For many pneumatic diaphragm valves, the fail action can be inverted in the field by physically flipping the actuator casing upside down, swapping the spring location from above the diaphragm to below it, and rerouting the compressed air supply lines.