Failsafe measures can range from the simple to the complex. From automobile safety glass (it's not intended to shatter at all, but when it does, it shatters into relatively harmless little crumbs instead of huge deadly shards with edges like scalpel blades) to the safety key on a treadmill or personal watercraft (it's tied to the operator by a lanyard, so that should they fall off, it will pull out the key and stop the craft instead of leaving it driverless) to the modern air brake system on a train (air pressure is used to keep the brakes ''off'', so that a loss of pressure causes the brakes to come ''on'' and the "dead man's handle" in the locomotive will automatically apply the brakes if the engineer is somehow incapacitated).

[[GoingCritical Modern nuclear reactors]] are possibly the most thorough example of the 'fail safe' principle available. In current designs, excess heat will ''interrupt'' the fission reaction and shut down the reactor simply by heat expansion of some key components; the core is designed so that a sufficient degree of heat expansion results in the fuel elements being too widely separated to sustain a reaction, so that the reactor cools down instead of overheating until the core melts. If that's not enough, the SCRAM (emergency shutdown) system is usually implemented as a separate set of control rods, dedicated to emergency-shutdown use and suspended above the reactor by electromagnets, or by mechanical clamps sprung to pop open when electrical power is removed; that way, even a complete power failure will still release the rods to drop into the core and starve out the reaction (some designs even include a spring-loaded backup for ''that'' system, just in case ''gravity'' stops working). Strongly safety-oriented designs, such as the Canadian CANDU, also include the ability to inject a neutron-absorbing liquid into the core, so that even if the SCRAM rods become completely inoperable — say, if there's a fire within the containment building that warps the rods or their channels so that they get stuck instead of dropping into the core -- there's still a way to bring a runaway reaction under control before it turns into a catastrophe. (This is very likely to completely wreck the reactor core, of course -- but, most often, by the time things are bad enough that "fail safe" comes into play, whatever device is failing is already a lost cause, and the idea is to limit the extent of the damage as much as possible.)

All of this is ignored in fiction-land, where the hero will have to go into that burning building or board that RunawayTrain and manually stop the catastrophe themselves, since the folks at MissionControl have already tried to stop it but every emergency system failed to respond. Of course, all of this is based on a completely ass-backwards understanding of the concept, but what else can you expect from Hollywood?

It's worth noting that while a triggered failsafe is generally designed to be safe for ''people'', it can be amazingly disruptive and destructive to the ''equipment'' in question. Tripped breakers have to be reset, safety locks have to be un-locked and readied again, paperwork has to be filled out, and so on. The mere act of pulling the emergency brake when someone wanders onto the tracks will stop a train, but it will also likely put a lot of wear on the brakes, damage the cargo, and make the train and every other one on the same track fall behind schedule. When the prevention of a minor accident can entail such major costs and hassle, [[https://en.wikipedia.org/wiki/Perverse_incentive this provides incentives for the designers and/or operators to try and bypass the failsafe]], with predictable results. In fact, this desire to not lose a multi-million-dollar installation over a minor slip-up leading to a total lack of safety features is probably a realistic way to HandWave this trope into existence, yet few instances ever seem to go this route.

In RealLife, most disasters are caused by [[DisasterDominoes a combination of different failures]], or more commonly different ''errors'', which when combined manage to defeat normal safety measures. This is where 'fail safe' can really shine; a truly fail-safe design takes human factors into account, which is a nicer way of saying that sometimes people royally screw up and it's necessary to engineer for that kind of failure too. Remember, plane and train crashes tend to make the news because they ''don't'' happen every day.

The "human-proof" failsafe design is getting more and more prominent nowadays exactly because the biggest techno-catastrophes in history had operating errors on a TooDumbToLive level as key precursors. Things hardly "just blow up". The infamous Chernobyl disaster was only made possible by operators intentionally disengaging all of the reactor's safety features to conduct an ill-advised experiment. Later investigation concluded that just a fraction of those systems left online would have likely prevented the catastrophe — as they were designed to. The only slightly less famous Three Mile Island disaster had a faulty critical component that was discovered in time but neither replaced nor properly bypassed. The Bhopal toxic spill happened after literally years of negligence by the operators of both the physical condition of the equipment and established safety protocols when handling poisonous materials, basically operating unsafely and [[WhatCouldPossiblyGoWrong relying on luck until it ran out]]. [[GoingCritical Fukushima Daiichi]] was being operated well past when safer reactor designs had been invented, was built with fewer precautions for both earthquakes and tsunamis than it should have been, and had several parts (that would be broken in the earthquake) in disrepair or lacking inspection.

And so on...

Of interest, albeit rarely-used in fiction, is the opposing concept of [[https://en.wikipedia.org/wiki/Fail-deadly Fail-Deadly]], which is mostly used in a military strategic context; if you are preparing to launch weapons against an enemy, and all communication is suddenly cut off with your command authority, a Fail-Deadly system might, for instance, tell you to assume that your command authority has been destroyed by the enemy and that you should therefore proceed with the launch. This has been used for drama in, for instance, ''Film/WarGames'' and ''Film/CrimsonTide'', or for black comedy in ''Film/DoctorStrangelove''. That said, the idea of building ''civilian equipment'' with this design philosophy is frankly baffling, so in a well-written work it should only occur for a very well-defined reason.

Worth noting, if/when we ever develop practical {{Antimatter}} storage, it will necessarily be fail-deadly, as antimatter annihilates any normal matter it touches, which would include the container. It would need to be contained by magnetic fields, which must never fail. No pressure.
----