@Zot "Or it proves the safety measures are faulty, and it was a false alarm!"
The challenges and difficulties in designing and implementing such systems are a perennial problem. Such development processes (since one wishes to err on the side of caution) are always bedevilled by false alarms and are eliminated (we hope) by a "trial and error" process where the "error" is that an operation may be unnecessarily suspended. However, that is the whole point, it is a deliberate choice to go the route of getting "false alarms" from time to time rather than catastrophic failure. Which would you rather have, hmm?