Blog 11 min read

New EU Machinery Regulation Faces Implications of Emerging Technologies and Digital Transformation

Jun 13, 2023 New EU Machinery Regulation Faces Implications of Emerging Technologies and Digital Transformation

On 22 May, after a legislative process started back in 2021, the EU Council finally approved the new Regulation on Machinery, which is going to replace the Machinery Directive 2006/42/EC.

The Regulation now needs to be signed by the President of the European Parliament and the President of the Council and will then be published in the Official Journal of the European Union. Once published, Member States and economic operators will have around three and a half years (not earlier than late 2026) to prepare before the Regulation has direct effects.

The decision to adopt a Regulation, instead of a Directive, has been dictated by the need for standardized rules among Member States to apply uniformly throughout Europe. One of the main objectives of the new Regulation is in fact to streamline and modernize the existing legal framework and align with EU harmonized legislation on product health and safety. 

The reason for a complete revision mainly relies on the new challenges emerged by digital technologies, and safety implications arising from them, given that the Directive has long shown its inability to keep up pace with technical progress and digital transformation.

When setting out the essential health and safety requirements, the new Regulation takes into account the increased adoption of new technologies, like artificial intelligence, the internet of things and robotics, including the risks arising from connected products.

More details on these aspects are outlined below.

Protection Against Corruption

Section 1.1.9 of Annex III

Among the essential health and safety requirements set out in Annex III, a specific section is dedicated to the protection against corruption.

Safety of connected machinery must be ensured in the design and construction stages in a way that “the connection to it of another device, via any feature of the connected device itself or via any remote device that communicates with the machinery or related product does not lead to a hazardous situation.”

Furthermore, adequate protection must be ensured against accidental or intentional corruption by identifying the software and data that are critical for the compliance of the machinery with the relevant health and safety requirements.

Control Systems

Section 1.2.1 of Annex III

Specific cybersecurity-related requirements are established for control systems which must be designed and constructed in such a way as to prevent malicious attacks from third parties. Also, reliability of control systems entails the prevention of hazardous situations in circumstances where there is a fault in the hardware or the logic of the system or an error in the control system logic. 

Additional requirements are set out for control systems with fully or partially self-evolving behavior or logic which are designed to operate with varying levels of autonomy.

It is important to note that Article 20 establishes a presumption of conformity with the above requirements on protection against corruption and safety and reliability of control systems. 

Accordingly, machinery and related products that have been certified or for which a statement of conformity has been issued under a cybersecurity certification scheme adopted in accordance with Regulation (EU) 2019/881 the references of which have been published in the Official Journal of the European Union shall be presumed to be in conformity.

Software

The new Regulation also considers the risks associated with modification of connected products after being placed on the market, thus filling a regulatory gap, in light of the common practice of constantly updating the software or implementing additional functions at a later stage.

The risk assessment carried out by the manufacturer should address future updates or developments of software which are foreseen when the machinery or related product is placed on the market or put into service.

Additionally, the risks identified during the risk assessment should include those risks that might arise during the product’s lifecycle due to an intended evolution of its behavior to operate with varying levels of autonomy.

Software and data that are critical for compliance with the relevant essential health and safety requirements shall be identified as such and shall be adequately protected against accidental or intentional corruption. 

The software installed that is necessary for the machinery to operate safely shall be identified, and shall be able to provide that information at all times in an easily accessible form. The machinery shall collect evidence of a legitimate or illegitimate intervention in the software or a modification of the software installed on the machinery or related product or its configuration.

For control systems, it is also required that the tracing log of the data generated in relation to an intervention and of the versions of safety software uploaded after the machinery has been placed on the market or put into service is enabled for five years after such upload, exclusively to demonstrate the conformity of the machinery further to a reasoned request from a competent national authority.

Conformity Assessment

The new Regulation, in its Annex I, differentiates between two categories of machinery subject to one of the conformity assessment procedures referred to in Article 25(2) and (3), where Part A of Annex I lists the products that would present a higher risk factor and would therefore require a stricter conformity assessment as per Article 25(2), which must be carried out by a third party.

In light of new technologies, the list of products in Part A has been updated to include the following products:

  • Safety components ensuring safety functions with fully or partially self-evolving behavior using machine learning approaches ensuring safety functions, which include artificial intelligence systems;
  • Machinery embedding machine-learning systems ensuring safety functions.

Digitalization

As a final note, it is worth mentioning that the Regulation allows for the provision of required documentation in a digital format.

Instructions and other relevant documentation may be provided in a digital printable format. However, the manufacturer should provide at the request of the user at the time of the purchase, the instructions for use in a paper format free of charge within one month.

When instructions for use are provided in digital format, the manufacturer shall:

  • Mark on the machinery, or, where that is not possible, on its packaging or in an accompanying document, how to access the digital instructions; 
  • Present them in a format that makes it possible for the user to print and download the instructions for use and save them on an electronic device so that he or she can access them at all times, in particular during a breakdown of the product; this requirement also applies where the instructions for use are embedded in the software of the machinery;
  • Make them accessible online during the expected lifetime of the machinery or related product and for at least 10 years after the placing on the market.

Author

Emilia Assenza, Senior Regulatory Compliance Specialist, Compliance & Risks

Emilia Assenza is a Senior Compliance Specialist with over 5 years experience in the legal compliance sector.

She keeps clients up to date on global regulatory developments, with a particular focus on consumer protection.

She graduated cum laude with a Master’s Degree in Law at University of Catania, Italy and holds a Postgraduate Diploma in Legal Professions.

Market Insights straight to your inbox

Join 40,000+ product compliance & market access experts around the world