New Machinery Regulation 2023/1230: 3 Changes You Need to Anticipate

The clock is ticking for machinery manufacturers, importers, and operators across the European Union. With the new Regulation (EU) 2023/1230 set to replace the long-standing Machinery Directive 2006/42/EC, the deadline for compliance on January 20, 2027, is approaching faster than you think.

This isn't just a minor update; it's a fundamental shift designed to address the challenges of new technologies and enhance safety in an increasingly digital world.

To ensure a smooth transition, it's crucial to understand the key changes. Here are three of the most significant evolutions in the new regulation that you need to start preparing for now.

Change #1: Cybersecurity is No Longer Optional

For decades, machinery safety focused almost exclusively on physical risks - guards, emergency stops, and mechanical integrity. The new regulation formally acknowledges that in our connected world, digital threats are safety threats. The text explicitly addresses the need to cover safety risks stemming from new digital technologies.

The regulation now includes essential health and safety requirements aimed at countering risks from malicious third-party actions that could impact a machine's safety. Manufacturers are now obligated to design and construct machinery so that its connection to another device, whether physically or remotely, does not lead to a hazardous situation.

Key requirements include:

• Protection Against Corruption: Control systems must be designed to withstand "reasonably foreseeable malicious attempts from third parties leading to a hazardous situation".

  
  

• Software and Data Integrity: Software and data that are critical for the machine's compliance must be identified and "adequately protected against accidental or intentional corruption".

  
  

The Takeaway: Cybersecurity must be a core component of your risk assessment and design process. It’s no longer just an IT issue; it’s a fundamental principle of machine safety.

Change #2: The Impact of Artificial Intelligence (AI)

The rise of AI and machine learning has introduced machinery that can learn and adapt its behavior. While this brings incredible efficiency, it also creates new, complex safety challenges. The new regulation directly addresses this by placing the most critical AI-driven systems into the high-risk category.

Under the new rules, certain products are now listed in Annex I, Part A, meaning they are subject to a stricter conformity assessment procedure that requires the involvement of a Notified Body. This list now includes:

• Safety components with fully or partially self-evolving behaviour using machine learning approaches ensuring safety functions.

  
  

• Machinery that has embedded systems with these same self-evolving characteristics.

  
  

This is a direct response to the unique risks posed by systems with "data dependency, opacity, autonomy and connectivity". The conformity assessment for a safety component or system with self-evolving behaviour must now be carried out by a third party.

The Takeaway: If you manufacture or integrate AI and machine learning systems that perform safety functions, you must now plan for mandatory third-party certification.

Change #3: The Clarified Notion of "Substantial Modification"

What happens when you modify a machine that's already in service? The new regulation provides a clear and legally binding answer with the concept of "substantial modification."

A substantial modification is defined as a change to a machine, by physical or digital means, that was not foreseen by the original manufacturer and affects its safety by creating a new hazard or increasing an existing risk.

The consequence of this is profound: any person who carries out a substantial modification is considered a manufacturer. This means they assume all the legal obligations of the original manufacturer, including:

• Performing a completely new conformity assessment on the modified machine.

• Drawing up the full technical documentation.

• Issuing a new EU declaration of conformity and affixing a new CE marking.

  
  

This applies whether you are an integrator, a maintenance company, or an end-user heavily modifying your own equipment.

The Takeaway: The line between "user" and "manufacturer" is now much sharper. Any significant alteration to a machine's safety system or function resets the compliance clock, placing full responsibility on the entity making the change.

Conclusion: Anticipation is Key

The transition from the Machinery Directive 2006/42/EC to Regulation (EU) 2023/1230 is one of the most significant regulatory shifts the industry has seen in years. The changes regarding cybersecurity, AI, and substantial modifications require a proactive approach. The January 20, 2027, deadline leaves no room for procrastination. By reviewing your design processes, risk assessments, and modification procedures now, you can ensure your products remain compliant and safe in this new technological era.