The version of the Machinery Directive currently in force is Machinery Directive 2006/42/EC, even though it is currently being updated. In particular, the approved New Machinery Regulation is introducing several new EHSR in regard to Cyber Security.
Cyber Security EHSR in the New Machinery Regulation
The attention of the New Machinery Regulation is focused on the risks deriving from malicious actions of third parties with an impact on the safety and reliability of machines:
Cybersecurity with an impact on safety
In view of addressing, the risks stemming from malicious third-party actions and that have an impact on machinery safety the proposal adds a new EHSR 1.1.9 and clarifies EHSR 1.2.1 on the safety and reliability of control systems.
The 1.1.9 requirement (Protection against corruption) means what is highlighted below:
Requirement 1.1.9, therefore, announces that a machine connected with another device, for example, a remote device, must be manufactured in such a way that avoids a dangerous situation.
A critical hardware component must be designed to be adequately protected against accidental or intentional damage (i.e. potential cyber-attacks), in order to be in compliance with health and safety requirements.
Even the software will be subject to the health and safety requirements of the New Machinery Regulations. In addition, the legitimacy of the interventions on the configuration must also be proven for any modification or software updates.
Regarding the safety and reliability of control systems, the abstract of requirement 1.2.1 establishes that:
Control systems must be manufactured in such a way that prevents risks, which therefore also include intentional and unintentional external attacks, including malicious attempts by third parties to create a dangerous situation.
The New Machinery Regulations is now approved, and will be in force soon.
It is never too early to start looking into this, and the Machinery Regulation is now a certainty. Learn more about how to prepare for new ESRs.
Go back to the blog