Stay safe and get compliant

CYBER ATTACKS are a real threat in manufacturing, where they can disrupt production, damage machinery, and, ultimately, endanger businesses.
The European Union’s (EU) new Machinery Regulation (2023/1230/EU), which will replace the 2006/42/EC Machinery Directive in January 2027, aims to help protect machinery against these risks. And, across the EU, compliance is non-negotiable.

For machine builders, it means designing with protection baked in. For end users, it means operating and maintaining equipment with high levels of vigilance. 
Here, we share five top tips that both sides can use to meet the upcoming requirements  and stay ahead of threats.

1. Understand the regulations

Machine builders and end users alike need to understand the new rules before they can comply with them.

The overarching goal of the new regulation remains the same as its predecessor: ensuring the safe design, build, and use of machinery. Yet it also seeks to address gaps in the original directive, particularly in light of advancements in digital technologies and the complexities in modern manufacturing.

As well as a more structured approach to conformity assessments, the regulation includes explicit provisions for digitalisation and cybersecurity. Understanding these is imperative.

2. Adopt new standards early

There is no transition period between the two pieces of legislation – companies need to achieve full compliance by 20 January 2027.

On that date, all machines on the EU market must be designed to withstand unauthorised access or tampering that could compromise safety-critical functions. This includes protections against malicious interference via physical connections, such as USB ports, and digital channels, such as networked systems. 

The regulation also explicitly requires that safety-critical artificial intelligence (AI) systems undergo stringent risk assessments and, in many cases, third-party conformity evaluations to verify compliance.

Setting up and testing processes and protocols to ensure compliance can take time. The earlier businesses start to adopt the required new standards, the easier the transition will be.

3. Review existing machines and systems

The next step is to review all existing machines and systems against the new standards. This will involve a comprehensive audit to identify which machines are connected, which incorporate AI or adaptive systems, and which safety-critical components could be vulnerable to cyberattacks.

For machine builders, it may mean evaluating design blueprints, software architecture, and network integration points. For end users, it involves checking how machinery is actually operated on the shop floor, including any ad-hoc modifications or legacy connections. The goal is to spot gaps, prioritise high-risk systems, and plan upgrades or additional safeguards well ahead of the January 2027 deadline.

4. Develop and deploy training

Even the most secure machines will only be as safe as the people who are operating them. Machine builders should provide clear guidance and documentation on cybersecurity measures, while end users must ensure operators, maintenance staff, and supervisors are fully trained in safe use, secure operation, and incident response.

It is worth noting that the new regulation allows for manufacturers to provide online user manuals, which can reduce environmental impact and operational costs. To remain compliant, digital resources must remain accessible for at least ten years after a product’s market entry.

5. Work with trusted partners

Navigating the cybersecurity requirements of the new Machinery Regulation can be complex. But partnering with experienced suppliers and integrators can ease the transition.

Organisations with a proven track record in secure design, automation, and compliance can provide comprehensive industrial automation solutions that integrate cybersecurity best practices from the ground up.

Working with trusted partners, such as OMRON, helps ensure machines are safe, compliant, and resilient against evolving cyber threats.

Stuart Coulton is UK and Ireland marketing manager at OMRON

omron.co.uk