Cybersecurity

How the EU Machinery Directive will change regulation

The EU Machinery Directive machinery covers not only physical components as well as digital components and software.

By H-ON Consulting September 3, 2021
Image courtesy: Brett Sayles

The Machinery Directive 2006/42 /EC had not been revised for 15 years, and clearly needed updating. And so, a written proposal for the new machinery regulation was issued on April 21, 2021. However, since we do not yet have any definite timescale for its implementation, we must assume this will not occur until 2023. Let us examine the main changes the new machinery regulation plans to introduce.

The proposed new machinery regulation: a focus on technology

It appears the new regulation will center on technological developments in machinery and the risks associated with IoT, AI, the exchange of data between IT and OT systems and exposure to cyberattacks​, which can compromise the proper functioning of systems and so threaten the safety of people.

The main changes refer to the many aspects of ​technological innovation.

Indeed, the new machinery regulation will cover not only physical components, but also digital components, or software:​ the type that carries out safety functions will also need to be CE marked if it is put on the European market.

In addition, software is added to the high-risk products listed in Annex I of the new regulation, formerly Annex IV of the Machinery Directive 2006/42/EC.

The machinery regulation may also be applied to:

  • Systems that use artificial intelligence and machine learning technologies
  • Driverless vehicles, i.e. automated guided vehicles (AGVs), which are now replacing forms of manual handling.

Another change would be the proposed inclusion of a chapter outlining the basic safety requirements for robots​ and ​connected technology​​ (Chapter 7).

Some mandatory requirements for OT cybersecurity?

The new focus on technology is therefore very important to help prevent any possible effects this could have on product safety. But that’s not all.

OT cybersecurity assumes considerable importance in the new machinery regulation, and it is possible industrial cybersecurity will become a mandatory requirement.

It may therefore soon become obligatory for companies to carry out ​risk assessments in relation to cyberattacks​, in order to ensure the safety of end users of equipment, and to avoid​ the most common problems associated with business continuity, reputational damage and/or health and safety concerns ​resulting from these deliberately malicious acts​​. Indeed, such actions are increasingly putting many industrial sectors to the test, so it is particularly urgent to focus proper attention on managing these issues.

Green light for the use of digital media

The new machinery regulation also discourages the use of documents in paper form in favor of digital media, in order to ​reduce environmental impact​ and also cut the costs of producing paper on behalf of the manufacturer.

Other differences from Machinery Directive 2006/42/EC

The directive is turning into a regulation. The Machinery Directive is, therefore, becoming a statutory provision, directly applicable to each member state of the European Union (assuming the new regulation is consistent with the other relevant directives, such as PED, ATEX, EMC, LVD, etc.), and the EC Declaration of Conformity is changing into an EU Declaration of Conformity​.

In addition, unlike the Machinery Directive 2006/42/EC, the new regulation will also apply to machinery that has undergone substantial modifications​​, i.e. changes that might compromise its original conformity. ​Software updates​​ are also included in the definition of substantial modifications, under the terms of the new regulation.

Other changes could relate to the classification of partly completed machinery​, for which the manufacturer could be required to provide the final user with a summary of the Essential Safety Requirements (ERS) and a risk assessment report.

Finally, the new machinery regulation refers to certain new roles​:

  • ​Importer​ – When a machine is put on the EU market, the company is responsible for the conformity of the machine and has to make sure the manufacturer has checked it for conformity
  • ​​Distributor​ – The distributor has to ensure the machine is properly labelled and accompanied by all the necessary technical documents.

Ultimate objectives of the new machinery regulation

The objectives of the new machinery regulation can be summed up as follows:

  • To cover the new risks linked to new technologies
  • With this in view, to continue to ensure people’s safety
  • Ensure the free movement of products, including digital products.

There are two possible ways the new regulation might be implemented:

  • The E.R.S. of the current Machinery Directive 2006/42/EC could be adapted to contain it
  • It could be introduced as a form of self-regulation for operators.

Much of this is speculation since the new rules are still in the process of development.

This originally appeared on H-On Consulting’s website. H-On Consulting is a CFE Media content partner.


H-ON Consulting