Machinery Regulation (EU) 2023/1230 & Cyber Resilience Act (CRA)

Machinery Regulation (EU) 2023/1230 & Cyber Resilience Act (CRA)

The Machinery Regulation (EU) 2023/1230 and the Cyber Resilience Act (CRA) mark a key step forward in the evolution of the concept of machine safety.

For over a year, AUTEC has been closely following these topics, supporting the interpretative evolution of both the Machinery Regulation and the CRA, deepening its knowledge and contributing to the development of technical standards, and progressively integrating protection measures into its products in line with the evolving regulatory framework.

Cybersecurity is now fully part of product compliance: it is no longer just an ‘IT’ issue but has become an integrated element within machine control systems.

In recent years, real-world cases have shown how cyberattacks can impact operational continuity, causing production downtime and significant economic consequences across different industrial sectors.

At the same time, the increasing convergence between IT and OT, together with the growing use of software functionalities, is making the boundary between operational availability, cybersecurity, and functional safety increasingly blurred. In this context, the CIA triad — Confidentiality, Integrity, Availability — provides an effective framework to understand how protecting digital systems also contributes to ensuring operational reliability and machine safety.

These regulatory developments point in a clear direction: designing systems capable of maintaining safe operating conditions in complex digital scenarios, through an integrated and “secure-by-design” approach.

This journey reinforces a fundamental awareness: the response is not purely technological, but requires a balance between people, processes, and tools in order to be ready for 2027 in a structured and informed way, and to face upcoming challenges effectively.