Hello,  I see in this application example:

https://support.industry.siemens.com/cs/ww/en/view/21064024

that the feedback from contactors go to normal digital input, and even with this is it achieved PL e.

is that true? what do you think? or it must go to safe digital input?

Thanks in advance.

May I push you for some deeper analysis of the feedback mechanism?

Let's start at the contactor - we are assuming here that the auxiliary contact is mechanically coupled in the right way according to the standards.  Then we need to get this signal back to the FDBACK block reliably.

So if we design the electrical system right, we can trust that the signal going into the 'normal' digital input is sound.

I am also assuming that we use the %IX.X value directly at the FDBACK block.  Then we are looking at possible faults that would make the contactor look like it is switching properly when it has actually failed.  So, there is a fault between the physical terminal on the 'normal' DI module and the FDBACK block, and this fault is such that it 'follows' the state of the F-DQ output to mask the failure of the contactor.  Of course, this is extremely unlikely.  There seems to be an assumption here though that the feedback mechanism cannot fail in such a way that it becomes coupled to the contactor switching, and that our design needs to ensure this.

Assuming our design does ensure this, is the reliability then just a matter of the test interval (number of 'tests' of the feedback mechanism in between demand of safety function)? 

Let's say our feedback isn't a wire, but instead morse code, postal letter or carrier pigeon (which somehow always operates within 0.5sec ).   Does the reliability of the feedback channel actually matter as long as the test demand is sufficient for the safety demand, and there is no plausible 'masking' of failure due to coupling between the F-DQ and the feedback mechanism?