Fail-safe or de-energize-to-trip is preferred for the design of an EBV. In general, design the EBV system so that loss of motive air or electrical power produces a safe response from the EBV.
Production (onshore and offshore), the chemical facilities, pipeline, and Warren Petroleum all follow this design.
The advantage of fail-safe design is that it initiates without a control system or operator action. The disadvantage is that, unless backup power and pneumatic systems are incorporated in the design, it may go into the failed position if the system is accidentally de-energized.
There are two fail-safe actuators: spring-return-piston and diaphragm actuators. When the control signal to the actuator fails, the springs close or open the valve. The control signal can, however, fail if there is an electrical or pneumatic power loss or if the control system itself fails.
The spring-return actuator in a de-energize-to-trip service can be supplied with reserve tank to eliminate spurious tripping caused by the loss of pneumatic supply pressure.
When the installation of the EBV is designed to be fail-safe, the engineer must consider all the equipment affected by the opening or closing of this valve. For example, if the actuator and valve are on the suction of a pump, the pump must be designed to shut down when the EBV closes.
Figure 1300-14 shows the Typical Chopper Valve Arrangement for High Reliability, De-Energize-To-Trip (Fail-Safe) System for a process furnace using a triple modular redundant logic system.