Joint industry call on cybersecurity and Machinery Regulation

Industry stakeholders call on the European Commission to postpone the application of cybersecurity provisions in the Machinery Regulation (EU) 2023/1230 and align them with the Cyber Resilience Act (CRA).

Why this matters:

• Key cybersecurity requirements (EHSR 1.1.9 and 1.2.1(f)) lack clarity and harmonised standards
• Relevant standards are not expected until late 2026, leaving insufficient time for implementation
• Misalignment with the CRA risks double compliance cycles, major cost increases and market distortion
• Manufacturers – especially SMEs – face disproportionate operational and financial burdens

We ask to align the application of these cybersecurity requirements with the CRA timeline (11 December 2027) to ensure legal certainty, avoid duplication and enable effective, harmonised implementation across the EU. This request for alignment is fully in line with the Commission’s broader agenda to simplify EU rules, avoid overlapping obligations and ensure coherent implementation for businesses.

A coordinated approach will strengthen cybersecurity without compromising innovation, competitiveness or safety.

++ READ THE FULL JOINT STATEMENT HERE ++