In contrast to the current Machinery Directive, the Machinery Regulation (EU) 2023/1230 (MDR) is not only classified differently in the hierarchy of European harmonization legislation; its content has also been expanded and specified. For the first time, the regulation includes the topic of digitalization with its particular risks and takes into account developments in artificial intelligence and cybersecurity. For example, when artificial intelligence is used in safety functions, when machines work almost autonomously and robots collaborate closely with humans, scenarios arise that must be recorded and evaluated as part of the safety design. Based on this, appropriate risk-minimizing measures must be designed, established and implemented by the manufacturer of the machine. Machines and data that may be exposed to unauthorized access require appropriate security mechanisms. Documenting the configuration of these programs is part of the machine operator's documentation obligations.

Risk assessments and significant changes

If a machine is "substantially modified", a new conformity assessment is required.

© TÜV South

The risk assessment of increasingly intelligent machinery is one of the key changes brought about by the Machinery Ordinance compared to the Machinery Directive. According to the Machinery Directive, machinery not only includes the hardware, but now also clearly includes the (safety-relevant) software. Manufacturers and operators must plan for protection against unauthorized access right from the design stage. Wherever security-relevant data is sent, it must be protected against corruption. The use of artificial intelligence in security functions or in machines gives rise to risk scenarios that are now being addressed for the first time in the GDPR. The EU is creating clarity here and thus legal certainty for all economic players involved.

Machinery associated with increased risks is described in detail in Annex I, Parts A and B of the MDR. This includes physical as well as digital (software) safety components, but also lifting platforms, for example. This list is not exhaustive. It can - and should - be regularly adapted to new technical developments.

The more risks are identified during the operation of a machine, the more effort is required for the conformity assessment. Various modules are available to manufacturers for this purpose. If the machinery is listed in Annex I, Part A, manufacturers must always consult a notified body for the conformity assessment. Uncertainties in this regard can arise in companies that do not employ their own machinery safety experts. A significant change to the machine makes a new conformity assessment and declaration necessary, as a "new machine" is created. Although this is not new, the term "substantial modification" has previously been interpreted differently from country to country. The MVO now clearly defines what is meant by this: a significant change creates new risks or increases existing risks, for example through changes to the control system or safety-relevant software. The appropriate protective measures must be taken and documented for such changes. The modified machine may only be put back into operation after a successful conformity assessment.

IT and OT with the same security standards

In particular, stakeholders who were not affected by the Machinery Directive should carefully familiarize themselves with the Machinery Ordinance during the transition period.

© TÜV South

The basic idea behind every safety concept, including the MVO, is to protect people, machines and the environment from harm. This also means that it must be possible to intervene in all autonomous functions at any time if necessary. The more autonomous functions a control system has, the higher the requirements for safety and health protection in human-machine interactions. There are various standards that regulate cybersecurity for control systems (IEC TR 63074:2019 "Machine safety - Aspects of cybersecurity related to the functional safety of safety-related control systems" or IEC 62443 "Industrial communication networks - IT security for networks and systems"). AI functions that influence functional safety are the subject of the currently emerging technical report ISO/IEC DTR 5469 "Artificial intelligence - Functional safety and AI systems.

Digitization also includes the provision of documents, which is now also permitted online under the MVO. Operating instructions and declarations of conformity may be stored digitally if the information is accessible via a link or QR code on the product itself. At the same time, the manufacturer must ensure that access is available for at least ten years or for the expected service life of the machine.

Economic operators with clear obligations

The term "economic operators" originates from the New Legislative Framework, which has provided the conceptual framework for the standardization of harmonization legislation in the EU since 2010. It contains rules for conformity assessment as well as specifications for testing organizations. With the MVO, the topic of machinery safety has now also been transferred to this format, which is intended to simplify monitoring of the market.

The change from directive to regulation initially requires some action. In order to adapt harmonized norms, standards and rules to the new regulations, a transition period of 42 months applies. It is not yet possible to estimate whether this period will be sufficient: In any case, those affected are well advised to use this time to familiarize themselves with the new requirements. This applies in particular to those affected by the MDR for the first time; however, companies that have previously applied the MRL should also familiarize themselves with the details of the regulation, which contains new terms and a modified structure.

Dealers are new players, as the scope of application of the Machinery Directive includes all those who sell, place on the market or operate machinery within the EU (as dealers, importers and authorized representatives). This means that the seller of used machinery is also a dealer within the meaning of the Block Exemption Regulation. The MDR therefore covers the entire supply chain. The digitalization of product documentation and the declaration of conformity is intended to reduce effort and costs for manufacturers. For individual products, a module for individual testing is planned, which can also be used for the trade in used machinery.

Use the transition period

The new EU Machinery Regulation updates the rules on machinery safety. The scope and stakeholders are clearly defined and the requirements are specified. Since its publication in June 2023, there has been a transitional period that all stakeholders should use to familiarize themselves with the requirements. It will apply exclusively from January 20, 2027.