Skip to main content

EU Machinery Regulation (Regulation (EU) 2023/1230)

The EU Machinery Regulation (2023/1230) modernizes machinery safety rules to cover connectivity, software updates, and AI, treating cybersecurity as a safety requirement. It mandates conformity assessment and CE marking and applies from January 2027.

Jurisdiction
European Union

What the EU Machinery Regulation Is

Regulation (EU) 2023/1230, the Machinery Regulation, modernizes EU rules for placing machinery and related products on the market. It replaces the older Machinery Directive and updates safety requirements to address digitalization, connectivity, software updates, autonomous behavior, and artificial intelligence in machinery. It exists to keep workers and users safe as machinery becomes increasingly software-driven and connected, while supporting innovation and the single market.

A key change is the explicit treatment of cybersecurity as a safety issue: a machine whose protective functions can be compromised by an attacker is not safe. The regulation also addresses software and AI components that influence safety functions.

Who It Applies To

The regulation applies to manufacturers, importers, distributors, and authorized representatives placing machinery, related products, and safety components on the EU market, regardless of origin. It covers industrial machinery, robotics, and partly completed machinery, and it affects developers of software and AI that perform or affect safety functions in such products.

Key Requirements

  • Essential health and safety requirements — Design and build machinery to meet defined safety requirements throughout its lifecycle.
  • Cybersecurity — Protect safety-relevant control systems from corruption and ensure connected machinery cannot be made unsafe by attackers.
  • Software and AI — Address risks from software updates and AI systems that influence safety behavior, including evolving behavior.
  • Conformity assessment — Apply appropriate conformity assessment procedures, with stricter routes for higher-risk machinery.
  • CE marking and documentation — Affix CE marking and maintain technical documentation and instructions.
  • Traceability — Identify products and economic operators to support market surveillance.

Penalties for Non-Compliance

Member states set penalties, which can include fines, withdrawal or recall of non-compliant products, and prohibition from the market. Placing unsafe machinery on the market exposes manufacturers to enforcement by market surveillance authorities and to liability for harm, alongside significant commercial consequences from lost market access.

How to Comply

Manufacturers should integrate safety and cybersecurity into the design lifecycle, treating compromise of safety functions as a safety failure. Assess risks from connectivity, software updates, and AI behavior, and apply the correct conformity assessment route based on risk. Maintain technical documentation, affix CE marking, and ensure traceability. Because the regulation applies from January 2027, plan transitions early, especially for products combining machinery safety with AI and cybersecurity obligations.