Just some thoughts, by no means comprehensive...
Hydraulic presses have a safety culture all to their own.
"This guidance explains the agreed EU position on the conditions necessary for using two-hand controls as the sole device for safeguarding against mechanical hazards in the tools area of hydraulic presses in production mode."
In safety terms Hydraulic presses must be as close to deterministically safe (fail safe) as can be achieved, not just probabilistically safe to some defined performance level. Concentrating on probabilistic safety calculations independent of the up to date health and safety literature pertaining specifically to the safe use of hydraulic presses seems inadvisable to me.
For a company risk assessment every possible failure mode must be thought through in a full systems level HAZOP asessment, that includes working practices involving production managers etc, just as much as you the machine designer. I don't think this can be done without reference to the specialist safety literature on Hydraulic Presses, including what is on the HSE website. As a machine designer I would think about ways that can be used to detect individual failure modes before they can in combination lead to an accident.
The reliability of the two-buttons press system used to operate the press has to be considered in detail, independently from other secondary protections like light curtains or mechanical guards.
For the two button hydraulic press, if one of the buttons has failed ON before the start of the operation, then the press should trip with a fault code that puts a requirement on the engineering staff to service the machine before it can be reset and reused.
Next there is the possibility that one of the buttons starts to stick and fails ON for just long enough that it allows the hand previously pressing it to move into the operational press area, without the press itself having been tripped (assuming no guard in place). If you can find statistics on button sticking and the length of time they might stick I would be very suprised. In fact if you do find any as a function of button lifetime and how clean the working environment is etc, please let me know.
A button sticking test could be used to trap this failure mode. This is where the operator presses the buttons, takes their hands off, and then represses both of them, when a lamp signals them to do this more or less straight away. If the button sticking test fails (either one of the buttons released too slowly) then the press should trip with a fault code that puts a requirement on the engineering staff to service the machine before it can be reset and reused. A button sticking test could be carried out one or more times a day. I suppose it could even be done before every pressing in the extreme, but that might cause repetitive strain injury though and reduce the button lifetime unnecessarily.
Then move on to the more complex safety systems. The light curtain might fail in a host of different ways, intermittent or continuous. It might fail ON or OFF or not operate quickly enough because it was incorrectly specified or configured, or replaced with the wrong type when last serviced. If the light curtain trips the machine this might end up being a rare enough to be recordable as a near miss, with a management/engineering investigation to find out what happened, and what can be done to avoid it in future.
Then there are failures or eventualities involving more that one person in the operating area - this must be fully considered by you even though it is not part of the control system as such. e.g. What is the proceedure when training new people to use the machine?
What is the function of the emergency stop? If it controls more than the press, how wide an area surrounding the machine does it cover? Who is allowed to reset it?
What is the place of staff training and management?
e.g. Any piece work payment systems in place should not penalise staff for machine downtime due to a safety system tripping the machine. Their defeat should be detectable and with sophisicated defeat not acting to incentive to increase their piece work rates.
What is the place of preventative maintenance regimes?
There is always the danger in making calculations too quickly, it can lead to disengagement from the problem at hand, an overly mechanistic mindset; with people concentrating on the things that are easy to calculate, rather than more critical issues which are hard to calculate and are best thought about qualitatively, at least at the beginning of the analysis process.