The EMS Core is the only layer with command authority over equipment. Its behavior is fully specified, configuration-controlled, and validated through FAT/SAT. No AI component participates in any function on this page.
| Function | Behavior |
|---|---|
| Operating modes | Defined mode set (e.g., standby, peak shave, demand limit, scheduled dispatch, manual, maintenance) with explicit, logged transitions. |
| PCS dispatch | Deterministic active/reactive power commands within validated limits; single command path from EMS to PCS. |
| BMS status monitoring | Continuous supervision of SOC, temperatures, voltages, contactor states, and BMS permissives. |
| Meter data | Revenue-grade meter integration (SEL-735-class) at the point of common coupling; basis for export-limit enforcement. |
| Relay status | Protection relay (SEL-700G-class) status, trip, and permissive signals integrated as read-and-respect inputs. |
| Breaker status | 52a/52b position feedback supervised; position mismatch raises alarms and blocks dependent actions. |
| Permissives & interlocks | A hardwired-plus-logic permissive chain (relay healthy, BMS ready, sync conditions, breaker states, authorization) — all conditions must be true before close or dispatch. |
| SOC limits | Configurable min/max SOC envelopes with hysteresis; enforced ahead of any plan. |
| Power limits | Site, PCS, and interconnection power limits enforced deterministically, including export limits from meter feedback. |
| Charge/discharge limits | Rate limits derived from BMS capability and engineering configuration; never relaxed by software at runtime. |
| Fault handling | On trip: EMS enters trip lockout. Recovery of all permissives does not auto-close; an authorized user must clear lockout, after which the full permissive chain is re-evaluated. |
| Manual override | Authorized manual control with the same limit and interlock enforcement; all actions logged with user identity. |
| Fallback mode | On loss of optimization/AI services, EMS continues on a safe baseline schedule or standby — intelligence loss never degrades safety. |
| Communication loss | Watchdog-supervised links; defined comm-loss behavior per device (hold-safe, ramp-down, or standby) with alarming. |