An important innovation concerns the responsibility for implementing the Machinery Ordinance: The addressees in the regulation are manufacturers, dealers, importers and authorized representatives of the machinery. If operators make “substantial modifications” to the machinery, they are also legally regarded as manufacturers. A “substantial modification” can even be a change to the software. Anyone who makes changes to a purchased machine at the factory must therefore comply with the MVO.
Platform for external attacks is growing
The new Machinery Ordinance (MVO), which came into force in July 2023 and replaces the former Machinery Directive 2006/42/EC, will only be fully effective after a transitional period of 42 months, i.e. from January 20, 2027. TÜV SÜD nevertheless advises preparing for the upcoming changes now in order to prevent safety and liability risks in the event of damage.
With the advent of digitalization, the new MVO considers machines together with their sensors and associated software as a single unit. In recent years, many plants, especially in the chemical and process industries and in mechanical engineering, have been equipped with networked sensors and additional software, which increases the attack surface for cyber attacks. The MVO now takes these technological developments into account at a regulatory level.
The requirements for cyber security, including control systems and the artificial intelligence used, are increasing. The focus is also on autonomous machines, remote-controlled devices and collaborative robots, known as cobots. According to the MVO, all machines must be designed to prevent both intentional and unintentional manipulation, including that which could be carried out via remote access. These specific requirements are set out in Annex III Part B of the Machinery Ordinance, among others.