New proposal for Machinery Directive including cybersecurity requirements.

Blog

15
- June
2021
Posted by: José Ruiz
[Cybersecurity research]
New proposal for Machinery Directive including cybersecurity requirements.

Machinery Directive, definition and sectors involved

The Machinery Directive is the core European legislation regulating products of the mechanical engineering industries, which function is to establish a regulatory framework for placing the machinery on the Single Market. The Machinery Directive only applies to products that are to be placed on the EU market for the first time.

The main goals for this directive are:

  • Ensure free movement of machinery within the internal market

  • Ensure a high level of protection for EU workers and citizens.

    The Machinery Directive 2006/42/EC was published on 9 June 2006 and became applicable on 29 December 2009 and it last edition was endorsed by the Machinery Committee and issued in October 2019.

    On April 2021, the European Commission took the decision to revise this directive in order to convert it into a Regulation enhancing harmonization for the near future.

    Main reasons to develop a new Regulation

    The Commission considers that this former directive is not appropriate to the risks related to new technologies, including software upgrades and autonomous machines, areas that have experienced major developments in recent years. Not only physical components are critical for security. With this new approach, only products that comply with the new regulation will have a place in the European market.

    There are several objectives for this new Regulation:

  • Address the risks stemming from emerging technologies while allowing for technical progress.

  • Improve the legal clarity of some major concepts and definitions in the current text of the Machinery Directive.

  • Ensure coherence with other directives and regulations for products and improve.

  • Enforcement of the legislation through the alignment to the new legislative framework.

    There will be severe economic penalties to those providers and companies that do not comply with the new Regulation, depending on the gravity of the non-compliance, they can reach up to 30.000.000€ or 6% of the total worldwide turnover of the firm.

    Which products are mandatory to be evaluated?

    There is a list of high-risk products which must be certified by a third party, otherwise, the certification will not be accepted, even when manufacturers apply the relevant harmonized standards. You can find the entire list of high-risk machinery products resumed in two main areas:

  • Software ensuring security functions, including AI systems.

  • Machinery embedding AI systems ensuring safety functions.

    The machines not included above can follow the internal check procedures.

    Cybersecurity Requirements

    This new version of the Directive, takes into account cybersecurity as one of the main parts of it, what makes us especially pleased, as a cybersecurity experts. This new text regards that a hardware component for connection that is critical for the safety compliance of the machine shall be designed so that it is adequately protected against accidental or intentional corruption. Likewise, critical software and data shall be adequately protected.

    Compliance with cybersecurity requirements can be demonstrated via a European cybersecurity certification certificate or conformity statement pursuant to the Cybersecurity Act so far as those requirements are covered by the certificate or statement.

    How can we help you evaluating your products according to the Machinery Directive?

    At jtsec we are experts in cybersecurity certifications and actively members in the development of the ECCF (European Cybersecurity Certification Framework). If you have any question, we will be more than happy to help you.

    • tags
    José Ruiz/CTO

    Jose is an expert consultant on the Common Criteria standard with more than 10 years of experience. Jose has a wide background in other security assurance standards in the field of the information technology as Common Criteria, FIPS 140-2, FIPS 140-3, GP TEE, PCI-PTS, LINCE. Jose has served as an evaluator, Technical Leader and CC Consultant for Epoche&Espri and as CC lab manager and Cyber Security Service Manager for Applus+. His experience has led him to participate as a speaker in various editions of the ICCC (International Common Criteria Conference) and ICMC (International Cryptographic Module Conference). He has been the “Chairman” of a subgroup within the ISCI WG1 Eurosmart Initiative to develop the CC Methodology. He is also member of different working groups as ISO SC27 or Global Platform TEE and an active member of the group ERNCIP “IACS Cybersecurity certification“.

    In 2017 he founded with Javier what is now known as jtsec. He is currently in charge of promoting the commercial expansion of the company from its headquarters in Madrid as CTO. In addition, he represents jtsec in various national and international forums and is responsible for quality.


    Contact

    Send us your questions or suggestions!

    By sending your data you allow us to use it to resolve your doubts by sending you commercial information of interest. We will delete it when they are no longer necessary for this matter. Know your rights in our Privacy Policy.
    RECENT POSTS
    jtsec achieves pioneering accreditation for MEMeC cryptologic evaluation
    Jan 17, 2025
    jtsec achieves pioneering accreditation for MEMeC cryptologic evaluation
    jtsec & Applus+ Laboratories at ICCC24
    Nov 14, 2024
    jtsec & Applus+ Laboratories at ICCC24
    How to use the CCN product catalog to improve your company's security
    Oct 14, 2024
    How to use the CCN product catalog to improve your company's security
    Common Criteria Statistics 2023
    June 17, 2024
    Common Criteria Statistics 2023
    How to enter ENS category high, stay in the catalog and add new versions of my product
    April 23, 2024
    How to enter ENS category high, stay in the catalog and add new versions of my product
    jtsec - Our LINCE 2023
    Febr 6, 2024
    jtsec - Our LINCE 2023
    We wish you a happy and cybersecure 2024
    Dec 19, 2023
    We wish you a happy and cybersecure 2024
    How to Prepare Your Products and Services for the Quantum Era and Ensure Their Certification?
    Dec 14, 2023
    How to Prepare Your Products and Services for the Quantum Era and Ensure Their Certification?
    How to include your product or service in ENS ALTA.
    Oct 31, 2023
    How to include your product or service in ENS ALTA.
    Certifications and cybersecurity methodologies are generating interest among companies and organizations at both the national and international levels.
    Sept 19, 2023
    Certifications and cybersecurity methodologies are generating interest among companies and organizations at both the national and international levels.
    CATEGORIES