Standards & Safety 2 min read

EU Machinery Regulation 2023/1230: Key Changes for MRO in Ukrainian Industrial Production from 2027

Technical analysis: EU Machinery Regulation 2023/1230: what changes for MRO in 2027

Introduction

The European Machinery Regulation 2023/1230, which will come into full force on January 20, 2027, will replace the current Directive 2006/42/EC. This transition is not a formality, but reflects a fundamental change in approaches to machine safety in the digital age. It sets new standards that will have a significant impact on manufacturers, importers, distributors, and maintenance, repair and overhaul (MRO) operations in the industry. For Ukrainian industrial enterprises integrating into the European market or using equipment imported from the EU, understanding and complying with these regulations is critical to ensure smooth operation, staff safety and avoid legal risks.

Scope and Applicability

Regulation 2023/1230 applies to a wide range of products: from traditional machines and related products to partially completed machines. Importantly, it also covers security components, including software. This means that any element that performs a security function is subject to regulation, whether it is a physical device or code.

For whom it is important:

  • Machine manufacturers: Must meet new design and manufacturing requirements.
  • Importers and distributors: Are responsible for ensuring that the machines they place on the EU market comply with the Regulation.
  • MRO operators and end users: Of particular importance is the definition of a "substantial modification" that can transform an MRO operator into a "manufacturer" with all the associated responsibilities.

The regulation applies to all industries where machines are used: metallurgy, chemical industry, food industry, energy, engineering and other production sectors that strive to meet international safety standards. Ukrainian enterprises exporting products to the EU or integrated into supply chains must adapt their procedures and equipment to these requirements.

Key Requirements

The new Regulation introduces several significant changes that reflect technological advances and the growing risks in automated and digital systems. The main requirements and their values are given in the table:

Requirement Description Validity period
Cyber Security Machines must be designed to protect against harmful external influences that could compromise their safety functions. Security monitoring software is critical. From January 20, 2027
Digital Documentation It is allowed to provide instructions and technical documentation in digital format (eg via QR codes). A paper version is mandatory at the buyer's request. From January 20, 2027
Artificial Intelligence (AI) Machines using AI systems must function within defined safety parameters without making decisions that go beyond their intended purpose and could create risks. From January 20, 2027
Major Modification A clear definition of what constitutes a "substantial modification" of a machine. If it changes function or creates new risks, the party that made the modification becomes the “manufacturer” with full legal obligations. From January 20, 2027
Third Party Certification For certain categories of high-risk machinery (listed in Annex I, Part A), self-certification to harmonized standards may not be sufficient. The involvement of a notified body will be required. From January 20, 2027

Impact on MRO Operations

For maintenance, repair and overhaul (MRO) professionals, Regulation 2023/1230 represents a paradigm shift. The main impact will be felt in the following aspects:

Maintenance Planning: Cybersecurity vulnerabilities and software update requirements must be considered. Regular checks for compliance with cyber security standards will become part of the planned work.

Purchasing Spare Parts: The selection of spare parts should be based not only on mechanical compatibility, but also on their compliance with safety standards, in particular with regard to software and electronic components. Suppliers must provide relevant certificates (CE as well as UkrSEPRO for the Ukrainian market) confirming compliance with standards such as EN ISO 13849 (safety of machinery, safety-related parts of control systems) or IEC 61508 (functional safety of electrical/electronic/programmable electronic systems related to safety).

Documentation: The transition to digital instructions will require MRO departments to adapt their document management systems. Access to technical information via QR codes on equipment or centralized digital repositories will become the norm. A complete archive of machine changes and repairs, including software updates, will be critical to demonstrating compliance.

Personnel Training: MRO technicians will need additional training in cybersecurity, software management, and understanding the implications of a “significant modification”.

Risk Assessment: Any intervention on a machine, especially an upgrade or overhaul, requires a thorough risk assessment to determine if it is a “substantial modification”. If so, it is necessary to perform a full cycle of certification, as for new equipment.

For example, upgrading the control system of an old manually operated line to an automated one with the integration of safety sensors and AI to optimize the process may be considered a significant modification requiring a new declaration of conformity.

Requirements for Components

According to Regulation 2023/1230, special attention is paid to safety components. These are not only traditional mechanical protective devices, but also complex electronic systems and software. Components that are directly related to the safety of the machine must bear the appropriate CE marking and be accompanied by a declaration of conformity confirming compliance with the applicable harmonized standards.

Examples of components requiring certification:

  • Safety sensors: Photoelectric barriers, light curtains, safety relays, emergency buttons (compliance with EN ISO 13850, EN 60947-5-1).
  • Control systems: Programmable logic controllers (PLCs) with safety functions (Safety PLC) corresponding to Safety Integrity Levels (SIL) according to IEC 61508/IEC 62061 or Performance Levels (PL) according to EN ISO 13849.
  • Pneumatic and hydraulic valves: Valves with a safety function (e.g. to shut off pressure in an emergency) must comply with EN ISO 4413 (hydraulics) and EN ISO 4414 (pneumatics).
  • Frequency converters and electric motors: In integrated safety systems, especially where they are responsible for safe braking or positioning, they must have the appropriate certificates.
  • Software: Software responsible for security functions is now officially a security component and is subject to extensive testing and certification. Its development and updates must meet functional security standards.

When purchasing any spare parts for safety-related systems, full technical documentation and certificates must be requested from the supplier. Low-quality or non-certified components can not only compromise the safety of the machine, but also lead to legal consequences for the enterprise.

Practical Checklist for Maintenance Managers

To ensure compliance with Regulation 2023/1230, MRO managers should initiate a comprehensive review of existing practices. Below is a practical 18-point checklist:

  1. Conduct an inventory of all equipment for compliance with Regulation 2023/1230 and identification of potential "significant modifications".
  2. Develop an internal procedure to distinguish between "routine repair" and "substantial modification" of a machine.
  3. Update risk assessment matrices for all machines, taking into account cybersecurity requirements and AI risks.
  4. Review contracts with suppliers of spare parts, requiring relevant certificates (CE, UkrSEPRO) and declarations of conformity for safety components.
  5. Ensure that all software that affects machine security is licensed and regularly updated.
  6. Implement a digital documentation management system for machines and their components.
  7. Make operation and maintenance manuals available in digital format for technical personnel (e.g. via tablets or QR codes).
  8. Organize training for MRO technicians on machine cyber security.
  9. Conduct trainings on understanding the new requirements of Regulation 2023/1230 for engineers and managers.
  10. Develop test protocols after any interventions in machine safety systems.
  11. Check the availability and relevance of CE certificates for all equipment purchased after January 20, 2027.
  12. Implement an internal audit of compliance with the Regulation on a regular basis.
  13. Provide physical and logical protection of control systems against unauthorized access.
  14. Identify responsible persons for machine cyber security and functional security.
  15. Create a database of all "security components" at the enterprise with their certificates and service life.
  16. Check that machines with integrated AI work within the limits defined by the manufacturer and do not make unexpected decisions.
  17. Ensure copies of paper manuals are available for machines for which this was requested at the time of purchase.
  18. Establish procedures for interaction with notified bodies in the event that a "substantial modification" requires re-certification.

Common Non-compliance Issues

Audits and inspections often reveal typical deficiencies that may lead to non-compliance with the Regulation:

  • Outdated Risk Assessment: Lack of up-to-date risk assessments that take into account new cybersecurity and AI requirements.
  • Use of Non-Certified Spare Parts: The use of components, especially in safety systems, that do not have the appropriate certification or documentation confirming their compliance with standards (for example, DSTU EN 60204-1 for electrical equipment of machines).
  • Inadequate Documentation of Modifications: Lack of a complete record of all machine modifications, including software changes, making it impossible to trace responsibility and compliance.
  • Lack of Cyber ​​Security Protocols: Inadequate protection of control systems from external cyber attacks or internal intrusions that could lead to the failure of security functions.
  • Insufficient Training of Personnel: Lack of knowledge among technical personnel regarding the new requirements of the Regulation, which leads to unintentional violations during the performance of MRO works.
  • Misinterpretation of “Substantial Modification”: Misunderstanding or ignoring the concept of “substantial modification”, which leads to the fact that the company becomes a “manufacturer” without realizing it and without fulfilling all legal obligations.

Penalties and Liability

Failure to comply with EU Regulation 2023/1230 can have serious consequences that go beyond simple financial responsibility:

  • Administrative Penalties: The national legislation of the EU member states, as well as the relevant Ukrainian regulations, will provide for significant fines for violations of the Regulation. For example, in some EU countries, fines can reach up to 4% of the company's annual turnover or fixed amounts up to several million euros, depending on the severity of the violation.
  • Legal Responsibility: In the event of an accident caused by non-compliance of the machine with the Regulation, legal responsibility may be assigned to the company or the responsible persons. This may include criminal liability for injury to health or death.
  • Civil Liability: The company may be required to pay compensation to injured persons or for property damage that significantly exceeds the fines. Insurance companies may refuse to cover losses if non-compliance with safety regulations is proven.
  • Product Recall and Market Ban: Uncertified or non-compliant equipment may be recalled from the market, and its further use or placement on the EU market is prohibited. This will lead to significant economic losses and reputational damage.
  • Loss of Reputation: Security incidents negatively affect the trust of customers, partners and regulators, which can have long-term business consequences.

The question of responsibility is especially acute in the case of "substantial modification". If the MRO operator or end user performs such a modification without following the new manufacturer's certification procedures, he assumes full responsibility for the safety of the machine. This means the need to carry out your own conformity assessment, create technical documentation, issue a new EU Declaration of Conformity and affix the CE marking as required for a new machine.

Conclusion

EU Machinery Regulation 2023/1230 is an important step towards improving the safety of industrial equipment in the face of technological change. Its implementation requires careful preparation and adaptation from Ukrainian industrial enterprises. Compliance with these new standards is not just a legal requirement, but an investment in production safety, efficiency and long-term competitiveness.

UNITEC-D GmbH, as a supplier of industrial components with more than 20 years of experience, offers a wide range of certified spare parts that meet the strictest European and Ukrainian standards (CE, UkrSEPRO, EN, ISO, DSTU). Our range includes sensors, actuators, control elements and other critical components that ensure reliable and safe operation of your equipment.

See the complete range of certified MRO and retrofit components on the UNITEC-D E-Catalog.

Link

  • Regulation (EU) 2023/1230 of the European Parliament and of the Council of 14 June 2023 on machinery and repealing Directive 2006/42/EC and Council Directive 73/361/EEC.
  • EN ISO 12100:2010 Safety of machinery – General principles for design – Risk assessment and risk reduction.
  • EN ISO 13849 (all parts) Safety of machinery – Safety-related parts of control systems.
  • IEC 61508 (all parts) Functional safety of electrical/electronic/programmable electronic safety-related systems.
  • EN ISO 13850:2015 Safety of machinery – Emergency stop function – Principles for design.
  • EN 60947-5-1:2017 Low-voltage switchgear and controlgear – Part 5-1: Control circuit devices and switching elements – Electromechanical control circuit devices.
  • EN ISO 4413:2011 Hydraulic fluid power – General rules and safety requirements for systems and their components.
  • EN ISO 4414:2010 Pneumatic fluid power – General rules and safety requirements for systems and their components.
  • DSTU EN 60204-1:2018 (EN 60204-1:2018, IDT) Machine safety. Electrical equipment of machines. Part 1. General requirements.

Related Articles