Written by
Elisabet Martí
Chief Commercial Officer
Details
Elisabet Martí

The industrial machinery manufacturing sector is entering a new era of regulatory change. The well-known Directive 2006/42/EC, which has been the key legal framework for machinery safety in the European Union, will soon be repealed and replaced by the new Regulation (EU) 2023/1230, coming into force in January 2027.

Comparison Between Directive 2006/42/EC and the New Regulation 2023/1230

Scope of the Regulation

  • 2006/42/EC: Focused exclusively on mechanical, electrical, and electronic safety aspects of machinery.
  • 2023/1230: Maintains these requirements but explicitly adds the need to address cybersecurity threats, such as unauthorized remote access, data manipulation, and software vulnerabilities that could impact machine safety.

Risk Analysis Approach

  • 2006/42/EC: Risk analysis was limited to physical hazards, including moving parts, electrical risks, and ergonomic issues.
  • 2023/1230: Requires a comprehensive risk assessment, covering both physical risks and cyber risks that may compromise the functional safety of the machine or endanger operators.

Type of Legal Instrument

  • 2006/42/EC: Was a Directive, requiring transposition into national legislation by each EU member state.
  • 2023/1230: Is a European Regulation, directly applicable and enforceable in all EU member states without national transposition.

Technical Measures for Protection Against Cyberattacks

To comply with the new regulation, manufacturers must implement specific technical measures to protect machines against potential cyberattacks. Key actions include:

  • Network Segmentation: Physically or logically separating industrial network segments to restrict unauthorized access to critical components.
  • Securing Communication Ports: Integrating secure access control mechanisms on connection ports, with protective configurations to prevent external manipulation.
  • Data Encryption and Communication Control: Applying secure communication protocols and encryption techniques to safeguard the integrity and confidentiality of machine data.
  • User Authentication and Access Control: Implementing user identification systems with role-based access permissions.
  • Monitoring and Event Logging: Deploying intrusion detection systems and event logging tools to track and analyze any unauthorized access attempts.

POSIMAT: Always Aligned with the Latest Regulations

At POSIMAT, we are fully committed to the safety of our machines and to compliance with the latest European safety regulations. We have already started working closely with technical advisors to ensure that our engineering processes and technical documentation fully adapt to the new requirements of Regulation (EU) 2023/1230, with a particular focus on cyber risk management in all our bottle unscramblers, conveyors, despalletizers, and other empty container handling equipment.

Our customers can rest assured that, as always, POSIMAT will be ready to provide the technical and documentation support needed to comply with the new regulation, ensuring the safety, reliability, and operational efficiency of their production lines.