This paper presents the architecture of a fail-safe control for robotic surgery that uses two independent processing units to calculate the position values and compares the results before passing them to the drives. The presented system also includes several other safety functions like a redundant measuring system realized as a tripod within the hexapod kinematics, monitoring functions or watchdogs. The safety requirements for the system are derived from the regulations of the medical device directive (MDD) and from a risk analysis of the control system.