REGULATION · EU MACHINERY REGULATION 2023/1230 · DEADLINE 20/01/2027

EU Machinery Regulation 2023/1230. Deadline: 20 January 2027.

Replaces the Machinery Directive 2006/42/EC and is directly applicable in all Member States without national transposition. New requirements on AI, cybersecurity and remote software updates. IgeraIndustria helps you answer which ones apply to each of your machine families.

Full regulation indexed Analysis by machine family Harmonised standard alerts

18 months to adapt your technical file

Regulation (EU) 2023/1230 requires no national transposition: from 20 January 2027 any new machine placed on the market must comply with it in full. Manufacturers with dozens of product families must act now.

20 Jan 2027

application deadline — 18 months to adapt from today

Mandatory cybersecurity

for machines with remotely updatable software (new Art. 10 and Section 1.1.9)

AI in machinery

requires additional risk assessment if the machine uses AI or machine learning (Annex I, 1.1.10)

Technical file

must now include cybersecurity risk analysis and software lifecycle documentation

Unlike a directive, Regulation 2023/1230 is binding in its entirety and directly applicable in all Member States from the day of its entry into application. There is no scope for partial national transpositions or country-differentiated timelines. All manufacturers placing machines on the European market share the same date: 20 January 2027.

What is new compared to Directive 2006/42/EC

Regulation 2023/1230 is not a minor revision: it introduces fundamentally new requirements for 21st-century connected, automated and intelligent machinery.

Direct regulation — no national transposition

Unlike Directive 2006/42/EC, the Regulation is directly applicable in all EU Member States from 20 January 2027 without the need for national transposition laws. Full legal uniformity across the entire Union.

AI and machine learning in machinery

New Annex I, Section 1.1.10. Machines incorporating AI systems that influence safety must include a specific risk assessment for the adaptive behaviours of the system throughout the lifecycle.

Cybersecurity and protection against tampering

New Art. 1.1.9. All machines with connectivity or remote access must protect their control systems against unauthorised access, ensure software integrity through digital signatures, and document all communication vectors.

Remotely updatable software

Machines whose software can be modified after being placed on the market must include in the technical file the secure update procedure, the version log, and the impact analysis of updates on safety.

Hazardous substances in machinery (new Annex I.1.7)

Reinforced requirements for machines that contain, process or emit hazardous substances. The manufacturer must assess potential exposure throughout the complete lifecycle (installation, maintenance, decommissioning).

Expanded technical documentation

The technical file must now include: cybersecurity risk analysis, software lifecycle documentation, AI risk assessment (where applicable), and instruction manual in digital format (Art. 10).

Manufacturer obligations under Regulation 2023/1230

Regulation 2023/1230 expands manufacturer obligations across six critical areas compared to the former Directive. IgeraIndustria answers what applies to each machine family.

Updated risk assessment including cybersecurity

The Annex I risk analysis must now incorporate a specific cybersecurity risk section, independent of the functional safety analysis. It must identify attack vectors, exposure surfaces and implemented countermeasures.

Renewed EU Declaration of Conformity

The Declaration of Conformity must reference Regulation (EU) 2023/1230 (not Directive 2006/42/EC). It must include the notified bodies involved in the assessment and the harmonised standards applied, updated to the new framework.

Mandatory digital instruction manual (Art. 10)

The Regulation makes the digital format of the instruction manual mandatory. The manufacturer may choose to supply it solely in digital format, but must make it available in paper form if the customer expressly requests it. A permanent access URL is required.

Software lifecycle analysis

For machines with embedded software, the technical file must document: software versions, update procedure, impact of updates on safety, and software support and end-of-life policy.

Post-market software modification log

Any software update after market placement must be recorded, assessed for its safety impact, and, if substantial, may require a new conformity assessment. The manufacturer must keep the log up to date.

Review of existing technical file

Manufacturers with machines already on the market under Directive 2006/42/EC that continue producing them after January 2027 must completely update the technical file for each model, incorporating all new Regulation requirements.

Timelines and transitional regime

The Regulation establishes a coexistence period with Directive 2006/42/EC and a transitional regime for already-certified machines. It is essential to know exactly what applies at each point in time.

Entry into force: 19 July 2023

Regulation (EU) 2023/1230 was published in the Official Journal of the EU (OJEU L 165/2023) and entered into force 20 days after publication. From that date manufacturers may voluntarily choose to certify under the new Regulation.

Mandatory application: 20 January 2027

From 20 January 2027, every new machine placed on the EU market must comply with Regulation 2023/1230 in full. Directive 2006/42/EC ceases to be valid for new machines from that date.

Directive 2006/42/EC valid until 19 January 2027

During the transition period (July 2023 — January 2027) both frameworks coexist. Manufacturers can certify under the existing Directive or get ahead and certify under the new Regulation. Both CE markings are valid during this period.

Machines certified before 2027: 2-year grace period

Machines that already hold CE marking under Directive 2006/42/EC before 20 January 2027 may continue to be placed on the market until 20 January 2029 without recertification, provided they have not undergone substantial modifications.

Recommendation: Manufacturers with multiple machine families should start now by inventorying affected models, identifying which incorporate connectivity, updatable software or AI functions, and prioritising the technical file update for the most complex machines. IgeraIndustria lets you run this analysis directly from existing technical documentation.

How IgeraIndustria accelerates your adaptation to Regulation 2023/1230

From the inventory of affected machines to the answer on which specific requirement applies to each model: all in seconds.

01

Index your existing technical files

Upload your current technical files (under Directive 2006/42/EC), instruction manuals and current declarations of conformity. IgeraIndustria processes them and creates a structured knowledge base by machine family.

02

Natural-language queries on the Regulation

“Does my CNC milling machine with remote access need a cybersecurity analysis?”, “What changes in the technical file of my hydraulic press?”. IgeraIndustria answers by citing the exact article of the Regulation.

03

Gap analysis by machine family

For each model or machine family, IgeraIndustria identifies which requirements of Regulation 2023/1230 are not covered by the existing technical file: cybersecurity section, AI documentation, software lifecycle.

04

Answers with exact article citation

Each answer references the article or section of Annex I of Regulation 2023/1230 where the requirement is established. Full traceability for the engineering team and the notified body.

05

Harmonised standard alerts

When CEN/CENELEC publishes new harmonised standards under Regulation 2023/1230, or the European Commission issues decisions on existing standards, IgeraIndustria alerts you and updates the knowledge base automatically.

IgeraIndustria in action — cybersecurity query Reg. 2023/1230

Query on cybersecurity requirements for a CNC milling machine with remote access, answered with an exact reference to the Regulation article.

IgeraIndustria — Machinery Regulation Widget

Product Engineer

What cybersecurity requirements does the EU Machinery Regulation 2023/1230 impose on a CNC milling machine with remote access?

IgeraIndustria

Reg. (EU) 2023/1230 — Annex I, Section 1.1.9 — Cybersecurity

APPLICABLE REQUIREMENTS (machine with remote access):

  1. Protection against unauthorised access to control functions (Art. 1.1.9.a)
  2. Software integrity: digital signature of updates (Art. 1.1.9.b)
  3. Document all communication ports and protocols in the technical file
  4. Cybersecurity risk analysis separate from functional safety analysis
  5. Manual must include: secure update instructions + vulnerability contact

⚠ If the CNC uses AI for cutting optimisation: also apply Section 1.1.10 (AI)

✓ Reg. (EU) 2023/1230 · Published OJEU L 165/2023 · Applicable 20/01/2027

45

employees in manufacturing

28

machine families to adapt

6 months

to complete the adaptation

We had 28 machine families certified under Directive 2006/42/EC, some with remote connectivity and others with adaptive control functions. When Regulation 2023/1230 was published we needed to know exactly what changed for each model. IgeraIndustria let us query the Regulation directly against our technical documentation. We completed the technical file adaptation for all 28 families in 6 months, with the certainty that every new requirement was covered and documented.

Technical Director — Industrial Machinery Manufacturer

45 employees · 28 machine families · Reg. 2023/1230 adaptation completed

*Representative testimonial based on results from real clients

Frequently asked questions — EU Machinery Regulation 2023/1230

What happens to machines already certified under Directive 2006/42/EC?

Machines that obtained CE marking before 20 January 2027 under Directive 2006/42/EC may continue to be placed on the market during a transitional period of 2 years after the Regulation comes into application, i.e. until 20 January 2029. After that deadline, any new machine placed on the market must comply with Regulation (EU) 2023/1230 in full. Existing models in stock that already held CE marking pre-2027 do not require recertification provided they have not undergone substantial modifications.

When exactly do I have to apply the new regulation?

Regulation (EU) 2023/1230 entered into force on 19 July 2023 (20 days after its publication in the OJEU L 165/2023). However, its mandatory application does not begin until 20 January 2027. This means that between July 2023 and January 2027 both regulatory frameworks coexist: a manufacturer may choose to certify its machines under the new Regulation or continue using Directive 2006/42/EC. From 20 January 2027 only the Regulation is valid.

Does it apply to machines with AI even if they do not update software remotely?

Yes. Regulation 2023/1230 introduces Annex I, Section 1.1.10, specifically for machines incorporating AI or machine-learning systems, regardless of whether software is updated remotely. If the machine uses AI for safety-relevant decisions —such as automatic adjustment of process parameters, anomaly detection or adaptive control— a specific risk assessment for that AI functionality must be included, documented in the technical file.

Does the conformity assessment procedure change?

The Regulation retains conformity assessment procedures similar to the Directive but introduces important nuances. For machines with cybersecurity and AI, the notified body (NB) must specifically verify the cybersecurity risk analyses and documents on the software lifecycle. In addition, the instruction manual in digital format becomes mandatory (Art. 10), although it must also be provided in paper form on request from the customer.

Does the CE marking change under the new regulation?

The CE marking symbol itself does not change visually. What changes is the content of the EU Declaration of Conformity that accompanies it: it must reference Regulation (EU) 2023/1230 instead of Directive 2006/42/EC. The mandatory content of the technical file also changes: it must now include the cybersecurity risk analysis, software lifecycle documentation and, where applicable, the specific AI risk assessment.

Are harmonised standards already published for Reg. 2023/1230?

At the date of publication of the Regulation (July 2023), the European Commission initiated the process for standardisation bodies (CEN/CENELEC) to develop harmonised standards under the new Regulation. Existing EN standards under Directive 2006/42/EC continue to serve as useful technical references, but their presumption of conformity to Regulation 2023/1230 will depend on their update or on the publication of an explicit Commission decision in the OJEU. IgeraIndustria alerts you when new harmonised standards are published.

IgeraIndustria plans — Machinery Regulation

No lock-in. Cancel anytime.

Starter

149/month

For manufacturers with a limited range of machines and basic adaptation needs for Regulation 2023/1230.

  • Up to 10 indexed machine families
  • Regulation (EU) 2023/1230 pre-indexed
  • Directive 2006/42/EC for comparison
  • 500 queries/month
  • Basic gap analysis
  • Email support
Start Starter
MOST POPULAR

Professional

299/month

For manufacturers with multiple machine families, some with connectivity and updatable software.

  • Up to 50 machine families
  • Regulation 2023/1230 + harmonised standards
  • Cybersecurity analysis per model
  • CEN/CENELEC standard alerts
  • 3,000 queries/month
  • Priority support
Start Professional

Enterprise

599/month

For industrial groups with dozens of machine families, international presence and management of multiple notified bodies.

  • Unlimited machine families
  • Multi-plant and multi-country
  • PLM/ERP integration
  • Unlimited queries
  • SLA 99.9% uptime
  • Dedicated customer success
Contact sales

Start today preparing your technical files for 20 January 2027.

  • 14-day free trial — no credit card required
  • Regulation (EU) 2023/1230 and Directive 2006/42/EC pre-indexed from day 1
  • Upload your existing technical files for gap analysis
  • Automatic alerts when new harmonised standards are published
Start free trial