The new Machinery Regulation and its importance in industrial cybersecurity

On 18 April 2023, the new Machinery Regulation was approved in the European Parliament, which replaces the previous Machinery Directive 2006/42/EC. Unlike directives, the regulation is binding for all member states of the European Union. This article will provide an overview of the industrial cybersecurity requirements introduced by the new regulation.

A focus on digital security and new technologies

The Machinery Regulation demonstrates particular attention to new technologies such as artificial intelligence, the Internet of Things (IoT) and robotics. It recognizes the product safety challenges arising from these emerging technologies and highlights the importance of including digital safety in the design and manufacturing of machines.

Cybersecurity requirements in the Machinery Regulation

The regulation includes specific cybersecurity requirements in Annex III, which cover the entire life of the product, including hardware and software components. Articles 1.1.9 and 1.2.1 establish that machines must be designed to prevent dangerous situations resulting from connection with other devices or cyber attacks. Proportionate measures are required to protect product security, including protection against cyber attacks.

Prepare for the application of the Machinery Regulations

Although the effective application of the regulation is scheduled for 2027, it is important to start now to evaluate cyber risks and obtain a full understanding of the industrial ecosystem and its interconnections. Collaboration between manufacturers, users, maintainers, IT and cybersecurity experts is essential to ensure compliance with the regulation and promote efficient and safe operations in the industrial sector.