Essential Safety Requirements: What You Need to Know About the New EU Machinery Regulation

03 Jul 2025
Bringing Safety into the Digital Age
If you're building, modifying, or selling machinery in the EU, there’s one regulation you do need to know about: the new Machinery Regulation (EU) 2023/1230.
The new Machinery Regulation (EU) 2023/1230 replaces the old directive 2006/42/EC; and has been a work in progress for a number of years; starting January 2027 it is the law. And this one is different – it’s not just about ticking boxes. It’s about making sure machines are safer, smarter, faster, and more connected for the real world of today.
Instead of quoting legal text, I’m going to explain what’s really changing, why it matters, and what you should do next.
Why This Is a Big Deal
The old Machinery Directive (2006/42/EC) came from a time when most machines had gears, motors, and maybe a PLC. Now? Machines learn; they connect to the cloud; they update themselves over Wi-Fi. It was only a matter of time before the rules had to catch up.
The new regulation brings safety into the digital age – tackling AI, cybersecurity, digital documentation, and lifecycle risks head-on.
The best part (depending how ready you are)? It’s a regulation, not a directive. That means no more national versions. The same rules apply in every EU country, automatically.
What Are These “Essential Safety Requirements” All About?
At the heart of this regulation are the Essential Health and Safety Requirements (EHSRs). If you want to put machinery on the EU market, your product needs to meet these.
The idea is simple: machines should be safe from the moment they're designed to the moment they're scrapped.
But the regulation now goes way beyond traditional safety risks. Here's what’s new, and what you really need to pay attention to.
1. AI in Machinery = High-Risk
If your machine has AI or machine learning, especially for anything safety-related, it’s now considered high-risk.
That means:
- No more self-declaring CE compliance
- You must involve a third-party Notified Body
- Your risk assessment must account for things like “evolving logic” and “unpredictable behaviour”
If your machine can learn or adjust itself over time, congratulations, you're in the future. But now you also have extra responsibilities.
2. Cybersecurity Is No Longer Optional
In the past, cyber threats were “IT’s problem.” Not anymore.
The new regulation says that if someone can hack your system and mess with safety functions, that’s a direct safety risk.
So now you need to:
- Protect software and control systems from tampering
- Include cybersecurity in your risk analysis and technical file
- Show that your machine’s safety can’t be compromised through a USB stick, Wi-Fi, or rogue firmware update
3. Digital Documentation Is In
Paper manuals are still allowed, but only if the customer asks for them. Otherwise, you can now provide everything digitally:
- Operating instructions
- Declaration of Conformity
- Technical documentation
Just make sure it’s secure, accessible, and complete.
4. Modified a Machine? You're Now the “Manufacturer”
If you make a substantial modification to a machine – like swapping out the control system, adding new automation, or upgrading safety functions – you take on the role of the manufacturer.
That means:
- You’re responsible for compliance
- You need to update the CE marking
- You must provide updated documentation and a new risk assessment
So before you “just add a new sensor,” ask yourself: is this a tweak or a transformation?
5. Risk = The Whole Lifecycle
This isn’t just about safety during operation. You need to think about:
- Installation
- Maintenance
- Decommissioning
- Even foreseeable misuse
If someone uses your machine in an unpredictable way, and it causes harm, that’s on you, as the manufacturer – unless you planned for it and built in safeguards.
6. What You Should Be Doing Now
January 2027 might seem far off, but the transition period is already counting down. If you wait until 2026 to start looking at this, you’re going to have problems. Here’s what I recommend:
- Audit your machines: Do you use AI? Connect to the internet? Modify older machines?
- Update your risk assessments: Make sure they include cybersecurity, AI behaviour, and lifecycle use.
- Get a Notified Body involved early: High-risk machinery? Don’t wait until everyone’s rushing to book.
- Move to digital documentation: Build secure, easy-to-use systems now. You'll thank yourself later.
- Train your team: Engineering, compliance, service – everyone needs to know what’s changing.
- Talk to your partners: Distributors, importers, integrators all have new legal responsibilities too.
7. Timeline Cheat Sheet
- Published: June 2023
- In force: July 2023
- Mandatory: January 20, 2027
- Transition period: 42 months (we're already halfway through!)
Final Thoughts: Don't Wait to React – Lead the Change
I’ve seen this industry evolve fast — and this regulation is the EU’s way of saying: “Let’s make sure we keep people safe while we build the future.”
If you're a forward-thinking manufacturer, this is your chance to lead, not scramble.
And if you're unsure where to start, that’s where we come in. Whether it’s reviewing your current machines, helping with risk assessments, or getting you ready for third-party assessments — Intertek can help.