*4.5. Fail-Safe Functionalities*

Fault-tolerant or fail-safe requirements relate to the correct functioning of the electrical system, after the occurrence of faults. When one MLC fails, it is important that this converter gets isolated from the system such that the BIPV feeder can remain operational with the remaining converters. This aids in achieving the availability target and is beneficial for the Return On Investment (ROI) of the installation [44]. Failures of PV arrays, their origin, consequences, and mitigation techniques are provided in Reference [109], but the failure of a single PV module connected via a power optimizer to an LVDC grid has not been covered. As the fault and leakage currents are much lower when the fault occurs on the PV side, this situation is different from a failure in a PV array. Novel fault detection methods as proposed in Reference [110] are recommended here.

In general, two types of faults can be distinguished: earth faults and short-circuit faults. This is shown in Figure 5. The influence on the availability of the system will be discussed for the case of earth faults, as they are related to the LVDC grid configuration and the presence of a high frequency transformer.

**Figure 5.** An overview of the possible faults in a fault tree structure. A distinction is made between short-circuit and earth faults and the input (PV) versus the output (DC grid) side of the converter.
