Comparison of Legal Requirements: The Machinery Directive vs. the Machinery Regulation
1.1.9. Protection against corruption
Changes
New legal requirement (no equivalent in the Machinery Directive)
- New requirement: "The machine or related product shall be designed and constructed so that connection to it by another device, via any function of the connected device or via a remote device that communicates with the machine or related product, does not lead to hazardous situations."
- New requirement: "A hardware component that transmits a signal or transfers data relevant to connection to, or access to, software that is critical to the machine’s or related product’s compliance with the relevant essential health and safety requirements shall be designed so that it is adequately protected against accidental or intentional corruption."
- New requirement: "The machine or related product shall collect evidence of legitimate and illegitimate interference with this hardware component, where relevant to connection to, or access to, software that is critical to ensuring that the machine or related product meets the conditions."
- New requirement: "Software and data that are critical to the machine’s or related product’s compliance with the relevant essential health and safety requirements shall be identified as such and shall be adequately protected against accidental or intentional corruption."
- New requirement: "The machine or related product shall identify the software installed on it and necessary for safe operation, and shall at all times be able to provide this information in an easily accessible form."
- New requirement: "The machine or related product shall collect evidence of legitimate and illegitimate interference with the software or changes to the software installed on the machine or related product or to its configuration."
Proposed measures
- Ensure that all external connections (physical and wireless) are analyzed and that they cannot lead to hazardous situations
- Verify that interfaces (e.g. API, I/O, network, remote access) are secured against inadvertent or deliberate manipulation
- Identify all hardware components that transmit safety-relevant data or signals
- Ensure that these components are protected against tampering (e.g. through a physical protection level, authentication, signal validation)
- Check that the system can record and store events related to tampering (legitimate and illegitimate interventions)
- Identify all software and data that are critical for compliance with health and safety requirements
- Ensure that these are protected against modification (e.g. access control, version management, integrity checks)
- Verify that mechanisms exist to detect changes or tampering of software and data
- Ensure that the machine can identify installed software that is necessary for safe operation
- Check that this information can be provided in an easily accessible form (e.g. via HMI, service tools or documentation)
- Verify that the system logs changes to software and configuration
- Ensure that logs contain traceable information on legitimate and illegitimate interventions
- Check that logs are protected against manipulation and can be used as evidence when required
Machinery Directive statutory text
1.1.9. Protection against corruption
This is new and is not included in the Machinery Directive.
Read more
Machinery Regulation legal text
1.1.9. Protection against corruption
The machinery or related product shall be designed and constructed so that the connection to it of another device, via any feature of the connected device itself or via any remote device that communicates with the machinery or related product does not lead to a hazardous situation.
A hardware component transmitting signal or data, relevant for connection or access to software that is critical for the compliance of the machinery or related product with the relevant essential health and safety requirements shall be designed so that it is adequately protected against accidental or intentional corruption. The machinery or related product shall collect evidence of a legitimate or illegitimate intervention in that hardware component, when relevant for connection or access to software that is critical for the compliance of the machinery or related product.
Software and data that are critical for the compliance of the machinery or related product with the relevant essential health and safety requirements shall be identified as such and shall be adequately protected against accidental or intentional corruption.
The machinery or related product shall identify the software installed on it that is necessary for it to operate safely, and shall be able to provide that information at all times in an easily accessible form.
The machinery or related product shall collect evidence of a legitimate or illegitimate intervention in the software or a modification of the software installed on the machinery or related product or its configuration.
Read more
Har du några frågor? Kontakta oss