One of the most important specifications in a barrier gate procurement is also one of the least discussed in pre-purchase conversations: what does the gate do when power fails? The answer varies by manufacturer, by model within a manufacturer’s lineup, and most importantly, by what the local jurisdiction requires.
“Fail-safe” and “fail-secure” aren’t just engineering jargon. They’re terms that appear in fire codes, security requirements, and insurance policies, and they frequently pull in opposite directions. Getting the spec wrong can create a life-safety violation, a security breach, or both.
The Definitions That Actually Matter
Fail-safe: On power loss, the gate arm raises and remains up. Traffic flows freely. The gate cannot obstruct emergency vehicle access.
Fail-secure: On power loss, the gate arm lowers and remains down. Unauthorized traffic cannot pass. The facility’s perimeter remains closed.
Fail-in-place: On power loss, the gate stops in whatever position it was in. Neither fully open nor fully closed. This mode appears in some older systems and is generally disfavored for new installations because the behavior during a power failure is inconsistent.
The terminology gets confusing because “safe” and “secure” sound like they should align. They don’t. A fail-safe gate is unsafe from a security perspective. A fail-secure gate is unsafe from a fire-egress perspective. The correct choice depends on what threat the facility is primarily protecting against.
When Fail-Safe Is Required
Commercial parking facilities with fire-department access requirements. Most urban fire codes require that emergency vehicle access cannot be blocked by gate equipment during a power outage. The International Fire Code and NFPA 1 both contain language to this effect. Structured parking garages, particularly those serving residential towers or hospitals, are almost always required to operate fail-safe.
Facilities with single vehicular egress paths. If a site has only one way for vehicles to leave, that path must remain open in a power loss — occupants must be able to drive out even without utility power. This is common at rural industrial sites and some suburban office campuses.
Egress-only gates in perimeter systems. If a gate is positioned to prevent vehicles from leaving a secured area, fail-safe is typically mandatory because trapping vehicles inside during a power loss creates obvious life-safety issues.
When Fail-Secure Is Required
Customs and border facilities. Federal security requirements at international borders specify fail-secure gate behavior with redundant power to ensure the perimeter remains closed during infrastructure outages.
Cash-handling and valuables storage facilities. Armored car terminals, high-value warehousing, and some data centers specify fail-secure with on-site backup generation so the gate remains closed regardless of grid status.
Prisons and correctional facilities. Fail-secure is always mandatory; the facility exists to contain movement, not facilitate it.
The Uncomfortable Middle Ground
Most commercial parking facilities — office buildings, retail garages, university parking, hospital visitor lots — sit in an uncomfortable middle ground where neither pure fail-safe nor fail-secure obviously applies. Fire code wants fail-safe; loss-prevention wants fail-secure; insurance carriers want whatever keeps premiums low.
The common resolution is backup power. A gate specified with fail-secure logic plus a UPS or battery backup can maintain normal operation through short outages (the typical case) while still providing the failure-mode compliance needed for the rare extended outage. The UPS handles 30 minutes to 4 hours depending on sizing; after that, fail-safe behavior takes over.
This approach requires documentation that the backup power capacity matches the expected outage duration at the site. Insurance carriers increasingly want to see this documented rather than assumed.
Specification Language That Matters
Vague language like “must support fail-safe operation” gets misinterpreted routinely. Better language:
- “Gate shall default to fail-safe mode on loss of primary power.”
- “Gate shall maintain normal fail-secure operation for [X] minutes on battery backup before transitioning to fail-safe default.”
- “Battery backup capacity shall be sized to support [Y] complete open-close cycles during primary power outage.”
- “Transition from fail-secure to fail-safe mode shall be automatic and shall not require operator intervention.”
The third item catches the most common real-world mistake: installations where the battery is sized to maintain standby power for a few hours but can’t actually cycle the gate, leaving the arm in whatever position it was in when power failed.
Frequently Asked Questions
How do I know which mode my current gate uses?
Check the gate operator’s installation manual or label. UL 325 requires the failure-mode behavior to be specified in documentation. If the documentation isn’t available, a controlled power-off test during low-traffic hours will demonstrate the behavior — but coordinate with facility operations and security first.
Can a gate be reconfigured between modes?
On modern operators, usually yes — typically through a configuration dip switch or controller menu setting. Older operators may be hardwired to one mode. Reconfiguration should be documented with a change log and verified by a post-change power test.
What about solenoid-lock gates?
Solenoid-locked gate systems (common in pedestrian applications but sometimes used in vehicular) default to the solenoid’s unpowered state. Most solenoids are energized-to-lock (fail-safe), but some premium security applications use power-to-unlock (fail-secure) solenoids. This is a distinct specification from the gate operator’s mode and must be verified separately.
How long should battery backup last?
Site-dependent. Fire code typically doesn’t specify a minimum duration — only the eventual fail-safe outcome. Insurance carriers and loss-prevention policies may specify 4 hours or longer. A site with reliable utility power and predictable outage patterns may operate fine with 1-2 hours; a site in a storm-prone area or on a weak grid should target 8+ hours.
