Safety and Reliability in Battery Management Systems: Do We Have It Covered?

This article is published by EEPower as part of an exclusive digital content partnership with Bodo’s Power Systems.

The industry has come a long way since the early days of Li-Ion adoption and proliferation across a broad range of end equipment. The BMS board shown below is representative of countless early units that relied on minimal functionality and limited safety features. Boards like this typically offered only basic protection—guarding against cell overvoltage and overcurrent—with no redundancy, no self-checks, and no meaningful fault detection.

Figure 1. A familiar Legacy discrete BMS board with only basic overvoltage and overcurrent protection. Hopefully, no units are still being shipped with this level of limited safety. Image used courtesy of Bodo’s Power Systems [PDF]

Unfortunately, many scooters and e-bikes shipped to the U.S. and abroad used BMS solutions with such limited protection. The consequences were often catastrophic. In 2022 alone, New York City recorded 216 such fires, resulting in 147 injuries and six tragic fatalities. These incidents pushed public awareness and safety-related legislation into sharper focus. In most metropolitan areas today, regulators now require real and reliable protection to safeguard users and infrastructure.

So, How Is Safety Actually Achieved?

It really boils down to two key questions:

1. What aspects of a battery pack need to be monitored, and how do they impact overall safety?
2. How can we ensure that the ‘checker’—the monitoring system itself—is also being checked and can be trusted to perform reliably?

What Are Considered Safe Limits for a Li-ion Cell?

While these limits can vary depending on the specific chemistry, most lithium-based cells are highly sensitive to excessive heat, mechanical stress or pressure, and puncture. These failure modes are tied closely to the mechanical design and manufacturing quality of the cell and pack. The BMS cannot prevent such physical damage outright, but it plays a critical role in detecting the effects. Abnormal voltage behavior, elevated self-heating, or increased impedance can be early signs of internal damage, well before catastrophic failure.

The parameters that a BMS directly monitors and controls include minimum and maximum cell voltages, average and peak currents, temperature, and impedance variations across cells. Each of these contributes significantly to both short-term safety and long-term reliability.

Overvoltage is perhaps the most dangerous fault mode. Exceeding a cell’s upper voltage limit - typically specified tightly by the cell manufacturer - can lead to fire or explosion. Accurate voltage measurement is key: systems with poor measurement precision must compensate by applying a safety margin (guard band), which reduces usable capacity.

Undervoltage, while less dramatic, can result in internal damage that compromises cell integrity and may lead to thermal runaway later. A damaged cell may not fail immediately, but it’s a ticking time bomb in a tightly packed system.

Average and peak current control is also vital. Excessive current generates Joule heat (I²R), accelerating degradation of the electrolyte, increasing internal resistance, and risking thermal runaway. Rapid, accurate current sensing is essential for safely managing high loads and fast charging.

Temperature sensing, particularly with enough spatial coverage across the pack, is indispensable. Hotspots can indicate internal shorts or degradation. While cell-level temperature sensing may seem like an ideal solution, it becomes impractical in systems with dozens or hundreds of cells. The added sensors and wiring increase cost and dramatically reduce system-level reliability.

Impedance: A Powerful Diagnostic Tool

Arguably, the most significant diagnostic features of a high-performance BMS IC is the ability to accurately measure the impedance of each cell. Impedance tells a story that voltage and temperature alone cannot: it reveals aging, damage, imbalance, and health trends long before more obvious symptoms appear.

Nova’s BMS solutions, featuring a dedicated ADC per cell, provide industry-leading impedance accuracy. With a unique digitally assisted analog engine, which enables dedicated ADC/Cell, our architecture delivers reliable and repeatable 1mΩ-level measurements. Each cell is sampled simultaneously at the same current magnitude, eliminating the need for complex math or excessive filtering, which can introduce measurable inaccuracies.

This capability allows the system to proactively detect and isolate problems early, before performance degrades or safety is compromised. Impedance measurement is, in many ways, the ultimate BMS diagnostic feature.

Reliability vs. Complexity: A Cautionary Trade-Off

Adding more sensors or features doesn’t always translate to better safety. While cell-level temperature sensing might seem like a reasonable alternative to impedance measurement, in practice, it is not. In fact, increasing the number of components, especially in parallel, such as a temperature sensor per cell, can reduce overall system reliability. As shown in the graph below, normalized reliability decreases rapidly as more components are added. Imagine scaling this to hundreds of temperature sensors and connections.

Figure 2. NB1600 internal block diagram, showing dedicated ADC/Cell, Separate Whole-pack ADC, and independent short-circuit detection and protection. Image used courtesy of Bodo’s Power Systems [PDF]

Figure 3. This graph shows normalized reliability versus number of components, highlighting how system reliability degrades as complexity increases, even with relatively small increases in component count. Image used courtesy of Bodo’s Power Systems [PDF]

That’s why the most effective BMS designs balance comprehensive monitoring with thoughtful system architecture. High accuracy, low component count, and smart partitioning are key to long-term reliability.

But Who Watches the Watcher?

So far, we’ve focused on how the BMS monitors the battery pack. But how do we know the BMS itself is functioning correctly? What happens if the BMS malfunctions or becomes compromised?

This is a broad topic, often the subject of debate. The level of required safety depends on the application: the needs of a small Bluetooth speaker are not the same as those of an electric vehicle, or more critically, a battery-powered aircraft.

Despite this diversity, one principle is universal: redundancy. No IC, no matter how robustly designed, is 100% immune to failure. Infant mortality, as well as radiation events (e.g., high-energy particles from space), which can flip logic bits or damage internal structures, are not preventable. Even a perfectly manufactured chip can fail.

This is why a second set of eyes—a secondary monitoring system—is essential. Whether it’s a simple supervisor IC or a more advanced co-processor, external redundancy provides a much higher level of fault isolation and an additional safety layer. It also ensures that the primary checker is being checked.

Internal Redundancy Still Matters

While external redundancy is indispensable, internal fault detection, as in ASIL (Automotive Safety Integrity Level) specification, remains vital. For example, Nova’s NB1600, which adheres to Level D, includes:

• A dedicated ADC and reference per cell
• Pack-level voltage measurement to cross-verify the sum of cell voltages
• Independent watchdog timers for the MCU and communication interfaces
• CRC protection for all memory blocks and I2C communication
• Separate protections for average current vs. short-circuit current
• Always-on monitoring of vital signs, while maintaining ultra-low supply current in the microamp (μA) range
• Self-check on Powerup

Figure 4. NB1600 samples and the Evaluation board are available now. Contact NOVA if interested. Image used courtesy of Bodo’s Power Systems [PDF]

These features enable NB1600 to act as a fully independent, feature-rich BMS solution, capable of high accuracy and reliability. Still, we strongly recommend pairing it with a system-level supervisor, as most of our customers already do.

Conclusion

Battery management is no longer a niche concern. As Li-ion batteries power more devices—from scooters to smartphones to electric vehicles—the importance of safety and reliability cannot be overstated.

Achieving safety isn’t just about meeting spec sheets; it’s about anticipating failure, catching faults early, and building in the checks and balances that let your system sleep with one eye open. With accurate measurements, smart diagnostics, and thoughtful redundancy, we can build battery systems that are not just functional but safe, robust, and trusted for the future.

At Nova Semiconductor, we believe that no trade-off should exist between accuracy and cost, or between performance and safety. Our solutions are designed with this vision in mind, so you can build with confidence.

This article originally appeared in Bodo’s Power Systems [PDF] magazine.