Reading the new Machinery Regulation (EU) 2023/1230 Obligations-consciously
2023-07-13 Fits as you like: Compare the new Machinery Regulation with the old bastion and institution of «Kehrpflicht» (compulsory sweeping) in Swabia or with the saying “new brooms sweep well.” Why? For economic operators, the Regulation on Machinery and Related Products provides for old familiar obligations – but also additional ones compared to the Machinery Directive 2006/42/EC. It is therefore ideal to read the new Machinery Regulation (EU) 2023/1230 in a duty-conscious manner.
Non-soft obligations in Annex III
Basic safety and health requirements can now be found in Annex III. All obligations apply to machinery and related products and, under certain conditions, also to partly completed machinery.
Particularly eye-catching is the obligation to adequately protect hardware components that transmit signals or data relevant to the connection or access to the software from accidental or intentional corruption.
In short, you must take sufficient precautions to secure your machine against cyberattacks or artificial intelligence risks. This includes: machines must collect evidence of lawful or unlawful interference with a hardware component if it is relevant to connecting or accessing the software. Significant software and data must be named. And further: The machine must identify the installed software required for safe operation and be able to provide this information in an easily accessible form at any time – and collect evidence of any intervention in the software for this purpose. The same applies to changes and configuration of the software.
Note: ‘source code’ means the currently installed version of the software of a product within the scope of this Regulation, written in a programming language so that it is unambiguous and understandable to humans (Art. 3, No. 35).
For you as a manufacturer or importer, this is not just a side note: If necessary, you must make the source code or programming logic contained in the technical documentation available to the competent national authorities upon justified request. The authorities must be able to verify that you have complied with the essential health and safety requirements set out in Annex III. For the same reason, you must keep the technical documentation and the EU declaration of conformity of the machine for the market surveillance authorities for at least ten years.
Distributors should also take a closer look at Annex III: As long as a machine is under your responsibility, you must ensure that storage or transport does not compromise the essential health and safety requirements set out in Annex III (cf. Ch. II and Annex III).
Duty to the chain reaction
Obligations regarding the supply chain can be found by taking a closer look at the article called Identification of economic operators. Upon request, economic operators must be able to identify to the market surveillance authorities from whom they have obtained products covered by the Regulation and to whom they have supplied products. Manufacturers, authorized representatives, importers and distributors must keep the relevant information for at least ten years. So it can’t hurt to keep your supply chain well under control (cf. Art. 19).
A risk product obligation
Manufacturers, importers and distributors may only put into service or place on the market or make available on the market safe machinery as defined in the Machinery Ordinance. If there are doubts, they must take measures. The following applies to all: they must inform the market surveillance authorities if the machine poses a risk to the safety or health of persons and, if applicable, domestic animals, property or the environment. Distributors additionally inform the manufacturer or the importer. Manufacturers and importers must, if necessary, withdraw a risk product from the market or recall it (cf. Chap. II).
Obligatory opponent in national custody
If the Machinery Regulation is binding and directly applicable in all its parts in every Member State, the situation is different with regard to sanctions. Each member state itself issues regulations that are imposed in the event of violations of the regulation by economic operators. Sanctions must be effective, proportionate and dissuasive. Serious infringements may also result in criminal sanctions (cf. Art. 50).
Duty (?) to look ahead
In any case, as a concerned economic operator, you are well advised to comprehensively and proactively assess the security risks of your products – also with regard to cybersecurity and the use of artificial intelligence. Securing your business also includes: complete technical documentation. These fill several articles of Regulation (EU) 2023/1230 – and are thus also worth separate blog posts.
In loose succession, we will continue to report on the new Regulation (EU) 2023/1230 on machinery in our Blog CE Plus. Ask our CE experts if you want to clarify details about the Regulation (EU) 2023/1230 on machinery.