Module 1.7 - Protection Circuits
Ensuring the design survives ESD, surges, and fault conditions without damage
Ensuring the design survives ESD, surges, and fault conditions without damage
Electrostatic Discharge (ESD) protection devices must be placed on every signal and power line that connects to an external port accessible by humans or external cables. This includes USB, HDMI, Ethernet, audio jacks, buttons, LEDs, antenna ports, SD card slots, and debug headers. ESD events generate voltage transients of 2-15kV in nanoseconds that will destroy unprotected semiconductor junctions.
Protection devices (TVS diodes, ESD suppression arrays) clamp these transients to safe levels before they reach IC pins.
IEC 61000-4-2 compliance requires products to survive +/-8kV contact discharge and +/-15kV air discharge on all user-accessible ports. Without external ESD protection, a single touch by a charged human destroys the IC connected to that port. Products fail regulatory testing, cannot be sold in most markets, and suffer high field failure rates. Each field failure costs $100-$1000+ in warranty service. ESD protection ICs cost $0.10-$0.50 each.
USB Type-C port ESD protection:
Connector: USB Type-C (16 signal pins accessible) ESD Protection: TPD4S012 (TI) - 4-channel ESD for USB 2.0 D+/D-/ID/VBUS Working voltage: 5.5V (covers USB 5V signals) Clamping voltage: 9V at 8kV contact discharge Capacitance: 0.5pF per line (suitable for USB 2.0 HS at 480 Mbps) IEC 61000-4-2: +/-15kV air, +/-8kV contact Additional: USBLC6-2SC6 on CC1/CC2 lines Working voltage: 5V Clamping: 8.5V @ 8kV Placement: ESD devices immediately adjacent to connector (< 5mm trace length from connector pin to ESD pad to minimize loop inductance).
USB port without ESD: USB 2.0 Type-A connector connected directly to STM32 USB PHY pins with no ESD protection. Engineer relies on "STM32's internal ESD protection" (rated only 2kV HBM - a component-level spec, NOT system-level). User touches connector pin with 6kV static charge. Internal ESD clamp overwhelmed, gate oxide ruptures on USB_DP pin. Damage is latent - USB works intermittently for 3 weeks then fails completely. Entire MCU must be replaced.
KiCad: Place ESD protection ICs near each connector on the schematic. Group them visually with the connector. Use "Protection" sub-section in schematic hierarchy.
Altium: Create ESD protection template circuits for each connector type. Use snippets/design reuse for consistent protection across projects.
OrCAD: Create library ESD protection blocks for each connector type. Instantiate as hierarchical blocks near each connector in the schematic.
TVS (Transient Voltage Suppressor) diode selection requires choosing the correct breakdown voltage, clamping voltage, peak power rating, and capacitance for each application. The TVS must turn on (conduct) above normal signal voltage but clamp below the protected IC's damage threshold. This creates a narrow "protection window" that the TVS voltage parameters must fit within.
Key parameters: V_RWM (standoff voltage - must exceed normal operation), V_BR (breakdown), V_C (clamping voltage at peak current).
A TVS with incorrect parameters can either provide no protection (clamping voltage above IC damage threshold) or interfere with normal operation (standoff voltage below signal level, causing the TVS to conduct during normal signals). The selection must navigate between these extremes. An undersized TVS (insufficient peak power) will itself be destroyed by a surge, leaving the circuit unprotected for subsequent events. TVS selection is one of the most commonly miscalculated design parameters.
TVS selection for 3.3V GPIO at external connector:
Protected line: 3.3V CMOS GPIO (absolute maximum: 4.0V per STM32 datasheet) Normal maximum voltage: 3.3V + 10% = 3.63V TVS selected: PESD3V3S1UB (Nexperia) V_RWM (standoff): 3.3V (does not conduct below 3.3V - safe for normal 0-3.3V signals) V_BR (breakdown): 4.0V min (starts conducting above 4.0V) V_C (clamping): 9.8V at 5A (IEC 61000-4-2 level) Wait - V_C = 9.8V but IC abs max = 4.0V! PROBLEM! Need different approach: use PESD3V3L1BA (lower clamping) V_C: 7.5V at 1A... still too high for direct IC protection. CORRECT approach: series resistor (100R) + TVS + IC internal clamp With 100R: at 8kV, I_peak limited to ~30A. TVS clamps to 10V. After 100R resistor: IC sees V_C - (I * R_series) reduced current into IC internal clamp. IC internal clamp handles remaining energy safely.
Wrong TVS standoff voltage: 5V USB VBUS line protected with SMBJ5.0A TVS. V_RWM = 5.0V (exactly at operating voltage). During normal USB operation, voltage occasionally reaches 5.25V (USB spec maximum). TVS enters breakdown region, drawing current from VBUS, heating up, and causing voltage regulation issues on the USB host. Eventually TVS fails short-circuit, permanently shorting VBUS to ground. USB host port damaged.
KiCad: Specify TVS by part number in schematic (not just "TVS"). Include V_RWM and V_C in component value field for review visibility. Place near connector.
Altium: Use simulation to verify clamping levels with IEC 61000-4-2 waveform generator model. Verify signal integrity impact of TVS capacitance.
OrCAD/PSpice: Import TVS SPICE model. Simulate with ESD generator (150pF / 330 ohms). Verify clamping voltage at IC input stays below abs max. Check power dissipation in TVS.
Clamping voltage verification confirms that the actual voltage seen at the protected IC's pin during a surge event stays below its absolute maximum rating. This requires accounting for: TVS clamping voltage (V_C at peak current), voltage drop across series resistance, inductance of PCB traces (V = L * di/dt), and any additional voltage from the TVS response time delay. The entire protection network must be analyzed as a system, not just individual component ratings.
The residual voltage at the IC pin after all protection stages is what determines survival, not just the TVS rating alone.
A TVS diode rated at "5V" might actually clamp to 9.2V at peak pulse current (specified in the datasheet but often overlooked). If the protected IC has an absolute maximum of 7V, the TVS alone provides INSUFFICIENT protection despite being "rated for 5V." Engineers must verify the actual clamping voltage at the expected surge current level, not just the nominal TVS voltage rating. This is the most commonly missed step in protection circuit design.
Multi-stage protection analysis for 3.3V I/O:
Protected IC: STM32F407 GPIO pin (Abs max: 4.0V, or VDD+0.3V with internal clamp) Surge: IEC 61000-4-2, 8kV contact discharge (30A peak, 1ns rise) Protection circuit (in signal path order): Connector -> [R_series 100R] -> [TVS: PESD5V0S1BB] -> IC pin TVS clamping: V_C = 11V at 5A (from datasheet) After 100R series: I_to_TVS = 8000V / (330 + 100) = 18.6A actual peak (ESD source: 150pF charged to 8kV through 330 ohm) TVS V_C at 18.6A: approximately 15V (extrapolated from V-I curve) Voltage at IC pin (after series resistor): IC pin current = (15V - 3.3V) / (IC internal clamp resistance ~25 ohms) = ~0.5A This activates IC internal ESD clamp (rated for short pulse) IC pin voltage = VDD + 0.7V = 4.0V (internal diode clamp to VDD rail) Duration: < 100ns (well within IC internal ESD pulse tolerance) PASS: IC survives with coordinated multi-stage protection.
TVS alone exceeds IC limit: SMAJ5.0A TVS selected for "5V protection" on a 3.3V rail feeding an IC with abs max = 3.9V (VDD + 0.3V). At 8kV ESD (estimated 15A through TVS): V_C = 9.2V per datasheet. IC pin sees 9.2V directly. Abs max is 3.9V. IC destruction occurs during EVERY ESD event. The TVS successfully limits the voltage to 9.2V (protecting against 8kV) but this is still 2.4x the IC's maximum rating. TVS does its job, IC dies anyway.
KiCad: Document the complete clamping voltage calculation as a text note on the schematic near the protection circuit. Reference TVS datasheet figure/table number.
Altium: Simulate with ESD pulse source and actual TVS SPICE model. Probe voltage at IC pin to verify clamping level. Time-domain simulation shows actual waveform.
OrCAD/PSpice: Create ESD generator (150pF + 330 ohms + voltage source) in PSpice. Connect through protection circuit to IC model. Measure peak voltage at IC input.
Surge rating defines how much energy a protection device can absorb without being destroyed. Different surge standards (ESD: nanoseconds, lightning-induced: microseconds, AC mains fault: milliseconds) have vastly different energy content. The protection device must be rated for the worst-case surge energy expected in its installation environment. Surge rating is specified as peak power (Watts) for a given pulse duration (8/20us for lightning, 10/1000us for telecom).
If the surge exceeds the protection device rating, the protection device fails first - then the circuit is unprotected for subsequent events.
A TVS rated for 600W (typical SMD) can handle ESD events (nanosecond duration, millijoules of energy) but will be destroyed by a lightning-induced surge on an outdoor cable (8/20us pulse containing joules of energy). Once the TVS fails (typically short-circuit or open-circuit), all subsequent surges pass directly to the protected IC. For outdoor or industrial equipment, undersized protection devices fail in the field within months, creating unreliable products that require frequent replacement.
Outdoor Ethernet port surge protection:
Environment: Outdoor PoE camera, cable run up to 100m
Standard: IEC 61000-4-5, Level 3 (2kV line-to-line, 4kV line-to-ground)
Pulse shape: 1.2/50us voltage, 8/20us current
Protection design (multi-stage):
Stage 1: Gas Discharge Tube (GDT) 2038-09-SM (90V DC spark, 20kA surge rating)
Handles bulk energy (primary protection for lightning-induced surges)
Energy: 0.5 * 90V * 5000A * 20us = 4.5 Joules per pulse (within 20kA rating)
Stage 2: Decoupling inductor (10uH) between stages
Provides time delay for GDT to fire before TVS is stressed
Stage 3: TVS array SPHV040-4 (40V clamping, 600W per line)
Fine-clamps residual surge after GDT fires
Energy reaching TVS: < 100mJ (well within 600W * 20us = 12mJ single-pulse)
Result: Survives 10x consecutive 4kV surges at 1-minute intervals. Passes IEC 61000-4-5.
Undersized protection on outdoor sensor: RS-485 sensor with 50m cable run in industrial environment. Protection: single SMBJ24CA TVS (600W, 8/20us). IEC 61000-4-5 Level 3 requires surviving 2kV/8/20us surge. Calculated surge current: 2000V / 50ohm = 40A. TVS power: 42V * 40A = 1680W. TVS rating: 600W. TVS absorbs 2.8x its rating, fails short-circuit on first lightning event. RS-485 transceiver on subsequent event is destroyed. Customer reports "random sensor failures during thunderstorms."
KiCad: Document surge requirements on schematic near protection circuits. Include standard reference (IEC 61000-4-5 Level X) and calculated energy.
Altium: Simulate surge pulse with protection circuit. Time-domain analysis shows energy dissipated in each protection stage. Verify against component ratings.
OrCAD/PSpice: Create surge generator (1.2/50us for IEC 61000-4-5). Simulate multi-stage protection. Monitor energy dissipated with .MEAS integration statements.
Thermal shutdown provisions ensure that power components (regulators, power switches, motor drivers, high-power ICs) safely reduce or cease operation when junction temperature exceeds safe limits. This includes built-in thermal shutdown (TSD) in regulator ICs, external temperature monitoring with enable control, thermal fuses, and proper thermal relief design. The thermal protection must prevent permanent damage while allowing recovery when the overtemperature condition is resolved.
Thermal shutdown is the last line of defense against thermal runaway that could cause fire or permanent component damage.
Without thermal shutdown, an overloaded regulator heats until silicon damage occurs at ~175C junction temperature. The failed regulator may fail short-circuit (passing unregulated input directly to output, destroying downstream ICs) or fail open (sudden power loss causing data corruption). In enclosed products, thermal runaway can ignite nearby components, plastics, and batteries. Thermal shutdown prevents catastrophic failure by gracefully reducing power or shutting down before damage temperatures are reached.
TPS62130 thermal protection:
Built-in thermal shutdown: activates at 160C junction temperature. Behavior: Output turns off when TJ > 160C. Auto-restart when TJ < 140C. Hysteresis: 20C prevents thermal oscillation. Design verification: Maximum ambient: 85C (industrial spec) Thermal resistance (junction to ambient): 40 C/W (QFN-16 with thermal pad) Maximum power dissipation at 85C: (160C - 85C) / 40 = 1.875W Actual power at maximum load: (Vin-Vout)*Iout*[1-eff]/eff = 0.8W Thermal margin: 1.875W - 0.8W = 1.075W margin. Will NOT reach TSD under normal operation. Additional: External temperature sensor (TMP116) monitors board temperature. MCU reduces system clock (and power) if board temperature exceeds 80C. Provides graceful degradation BEFORE regulator hits thermal shutdown.
No thermal awareness: LM7805 linear regulator (TO-220) stepping 12V to 5V at 800mA. Power dissipation: (12-5)*0.8 = 5.6W. No heatsink. TO-220 theta_JA: 60C/W. Junction temperature: 25C + (5.6W * 60C/W) = 361C. Far exceeds the 150C TSD threshold. Regulator enters thermal shutdown within 2 seconds of power-on, recovers, re-enters shutdown - continuous cycling. Output oscillates between 5V and 0V at ~1Hz. All downstream circuits malfunction. Package eventually cracks from thermal cycling fatigue.
KiCad: Document thermal calculations in schematic notes near regulators. Include theta_JA and maximum power dissipation. Flag regulators operating above 70% of thermal limit.
Altium: Use thermal simulation tools (if available) or document calculations. Create design rules for maximum power density. Note thermal pad requirements.
OrCAD: Annotate power dissipation on each regulator symbol. Cross-reference with package thermal resistance. Flag components needing heatsinks or thermal relief.
Fault current path analysis identifies where current flows during abnormal conditions (short circuits, component failures, protection device activation). Every protection device (TVS, fuse, crowbar) must have a defined, low-impedance path for fault current to flow without causing secondary damage. This includes ensuring traces and components in the fault path can handle the fault current magnitude and duration until protection devices interrupt the fault.
If the fault current path includes inadequate traces or unexpected components, the "protection" creates new failure modes.
A TVS diode clamping a surge conducts peak current (up to 30A for ESD, up to 100A for power surges) to ground. If the ground trace from the TVS to the ground plane is a thin 6-mil trace, it cannot carry 30A even for microseconds - it vaporizes, creating an open circuit that removes the protection entirely. Worse, the arcing from a vaporized trace can ignite adjacent components. Fault current paths must be deliberately designed with adequate current capacity.
TVS fault current path design:
USB VBUS protection: TVS (SMBJ6.5CA) across VBUS-to-GND at connector Fault current path (during 8kV ESD on VBUS pin): Connector VBUS pin -> 50mil wide trace (2mm length) -> TVS anode TVS cathode -> 50mil wide trace (3mm length) -> connector GND shell Connector GND shell -> chassis ground Key design choices: - 50mil traces can handle 30A for 100ns (far exceeds ESD pulse duration) - TVS ground connects to CONNECTOR GROUND (shell), not signal ground - Surge current never enters the internal signal ground plane - Loop area minimized (TVS placed within 5mm of connector) - No vias in fault path (vias limit current to ~3A continuous) - Separate ground pour around connector for surge current return
Undefined fault path: TVS protection on Ethernet port. TVS cathode connects to internal signal ground through a single 0.3mm via, then travels 40mm across a thin (6mil) trace to reach the ground plane connection. During a lightning surge (100A peak, 8/20us pulse): the via fuses at 3A continuous equivalent, the 6mil trace melts at 20A. TVS successfully clamps for 1 microsecond before its ground path vaporizes. Remaining surge energy passes directly through to the Ethernet PHY. Board catches fire at the melted trace location.
KiCad: In schematic, clearly draw the ground return path for each protection device. In PCB, use wide traces and multiple vias for protection device ground. Note layout constraints on schematic.
Altium: Use Net Classes for protection ground paths with wider minimum trace width rules. Define separate ground regions for surge current. Use polygon pours for low-impedance paths.
OrCAD: Document fault current magnitude on schematic for each protection path. Specify minimum trace width requirements as PCB layout constraints. Cross-reference with IPC-2221 current capacity tables.