April 2023. The European Parliament approves the New Machinery Regulation. The existing Machinery Directive 2006/42/EC is due to be repealed 42 months after the new regulation comes into force. Here’s how to prepare for the changes to the rules.
The approved version of the New Machinery Regulation
The new version of the European Machinery Compliance Regulation focuses particular attention on the factory of the future, the dangers posed by digital technologies, and the potential impact these can have on people’s safety.
But that’s not all. The New Machinery Regulation refers to environmental protection for the first time, and introduces better ways to describe partly completed or substantially altered machinery.
Indeed, while its scope of application remains unchanged with respect to the provisions of Directive 2006/42/EC, the New Regulation also extends the concept of machinery to cover a product that is not yet equipped with software. This means that:
- the software must be provided by the manufacturer and subjected to the conformity assessment procedure. If nothing is specified by the manufacturer regarding the software programming logic and settings, then this is a matter of partly completed machinery
- if the software has a safety function and is made separately, it may be declared separately as a safety component
With just a slight modification to its definition, the meaning of the concept of partly completed machinery is substantially changed. Compliance with the Essential Safety Requirements (ESRs) is also necessary for partly completed machinery, and the principles of integrating safety into the design are also applicable, together with all that this entails, including the drafting of a technical file. Here is the definition of partly completed machinery in the New Regulation:
Attention to safety components.
Under the definition provided by the New Machinery Regulation, a safety component can be either physical or digital, including (as previously mentioned) the software.
In particular, safety components that rely on artificial intelligence, whether incorporated into the machinery or not, are classified as a “potentially high-risk machinery product“. A Notified Body should therefore carry out an assessment of their conformity.
The concept of Substantial Change
Compared to Directive 2006/42/EC, the definition of “substantial modification” in the New Regulation leaves no room for different interpretations.
Indeed, the Regulation is now also applicable to products that have undergone changes:
- carried out by physical or digital means after the product has been placed on the market or put into service
- that are not foreseen or planned by the manufacturer
- that affect safety by creating a new hazard or increasing an existing risk so as to require the use of additional guards or protective devices, whose control modifies the existing safety-related control system, or the use of additional protective measures to ensure stability or mechanical strength
It is the duty of the person responsible to specify any physical or digital modifications to machinery (such as changes of software) which might affect the original safety requirements.
There is then a need to carry out a conformity assessment to check whether the modification amounts to a substantial change, and should this be the case, it will only be necessary to “rectify” the particular component in the machinery affected by this change.
The persons responsible for compliance
As we mentioned in a previous article, the New Machinery Regulation refers to the figures of the importer and the distributor for the first time, and they are assigned specific obligations.
- Importer. He must ensure that the manufacturer has completed the relevant conformity assessment procedures. He should indicate his name, postal address and email address on the product. He is personally responsible for the compliance of the product.
- Distributor. He should check that the product is properly labelled, and that the relevant documentation is present, and take care to transport and store the product in a way that will not compromise its compliance.
But let’s look at the more substantial new content.
Cyber Security ESRs in the New Machinery Regulation
The European Parliament has given full approval for essential safety requirements that create a close link between the safety and cybersecurity of equipment. We are talking about requirements 1.1.9 and 1.2.1, which stipulate the following.
1.1.9 Protection against corruption
The machinery or related product shall be designed and constructed so that the connection to it of another device, via any feature of the connected device itself or via any remote device that communicates with the machinery or related product does not lead to a hazardous situation.
A hardware component transmitting signals or data, relevant for connection or access to software that is critical for the compliance of the machinery or related product with the relevant essential health and safety requirements shall be designed so that it is adequately protected against accidental or intentional corruption.
The machinery or related product shall collect evidence of a legitimate or illegitimate intervention in that hardware component, when relevant for connection or access to software that is critical for the compliance of the machinery or related product.
Software and data that are critical for the compliance of the machinery or related product with the relevant essential health and safety requirements shall be identified as such and shall be adequately protected against accidental or intentional corruption.
The machinery or related product shall identify the software installed on it that is necessary for it to operate safely, and shall be able to provide that information at all times in an easily accessible form.
The machinery or related product shall collect evidence of a legitimate or illegitimate intervention in the software or a modification of the software installed on the machinery or related product or its configuration.
Requirement 1.2.1 Safety and reliability of control systems. This section specifies that control systems shall be designed and constructed in such a way as to prevent hazardous situations from arising.
The Regulation makes it clear that control systems should be able to withstand (where appropriate to the circumstances and the risks) the intended operating stresses and intended and unintended external influences, including reasonably foreseeable malicious attempts from third parties leading to a hazardous situation.
It is never too early to start looking into this, and the Machinery Regulation is now a certainty. Learn more about how to prepare for new ESRs.
Do you want to help our page grow? Follow us on Linkedin
Other new additions in the light of technological advances
The Machinery Regulation recommends adapting the human-machine interface of the product, together with its safety systems and emergency stop systems, to the foreseeable characteristics of the operators “including with respect to machinery or a related product with intended fully or partially self-evolving behavior or logic that is designed to operate with varying levels of autonomy“.
Traditional methods of protecting people by segregating hazardous areas are not suitable when people and machines need to share a common workspace, as is the case with collaborative robot applications.
The essential requirement of health and safety protection in relation to risks linked to movable elements has therefore been modified to take account of the new solutions that need to be adopted, in order to ensure the safety of people working with collaborative robot applications, as well as the psychological stress that these work situations can cause.
However, although Artificial Intelligence and its relationship with machine safety is the subject of the New Regulation, there are no specific requirements in this regard, apart from the fact that the risk assessment examines the behavior of machines that can operate using AI-based technologies, or security systems that are based on it.
A final new aspect relates to documentation for the customer, and in particular user manuals, which can be supplied in digital format, including through access to a website.
In this case, the manufacturer must:
- indicate clearly on the machine, on its packaging, or in an accompanying document, how to access the digital instructions
- present the instructions in a format that makes it possible for the user to print or save them, so as to make them accessible at any time
- ensure that they remain available online for the entire useful life of the machine, and anyway for at least 10 years after it was last placed on the market
- in any event, supply a copy of the instructions in paper form if requested (free of charge and within one month of purchase)
Relationship with horizontal legislation
The vertical legislation outlined in the Machinery Regulation is intended to be integrated with the horizontal legislation on cybersecurity, mainly covered by:
- Directive NIS 2 (2555/2022) which aims to ensure high levels of cybersecurity in services provided by important and essential bodies
- Cybersecurity Act Reg. (EU) 881/2019 concerning cyber security for information and communication technologies certification, which repeals regulation (EU) no. 526/2013
- The Cyber Resilience Act 2022/0272 (COD), the European Commission proposal for a Regulation “on horizontal cybersecurity requirements for products with digital elements, and amending Regulation (EU) 2019/1020“. In this case, the presumption of conformity will also be valid for the purposes of the essential safety requirements contained in the Machinery Regulation
Learn more about the Cyber Resilience Act:
What to do to prepare for the New Machinery Regulation
The New Machinery Regulation is expected to be actively applied in 2027, i.e. at the end of the 42-month transition period and after the repeal of Directive 2006/42/EC.
Meanwhile, the new digital scenario is already happening, and it is vital for the manufacturer to demonstrate in a proactive way that he is meeting the safety and protection needs of users. So how can you adapt?
- It is important to update your risk assessment, in order to pinpoint any new cyber hazards
- Begin to look at the software, and implement the new requirements before they become mandatory
- Choose suitable products, paying close attention to the Cyber Security Resilience Act that will dictate a particular choice of components.
However, we are still waiting for fully harmonized standards, which are totally lacking at the moment.
Any questions or comments?
Do you want to help our page grow? Follow us on Linkedin
Go back to the blog