Rockwell Automation recognizes the European Union's efforts to improve the cyber resilience and safety within the Union through
- the Cyber Resilience Act (EU)2024/2847, enhancing the cybersecurity of digital hardware and software products;
- the Machinery Regulation (EU)2023/1230, improving the safety of machinery, including its resilience against cyber threats.
We have long offered cybersecurity in our products. As examples of our commitment to security we:
- delivered the world's first IEC/ISA 62443-4-2 SL1-certified programmable logic controller;
- implemented Ethernet/IP, a leading secure industrial protocol;
- operate an IEC/ISA 62443-4-1 ML4-certified product development lifecycle;
- ISO 27001 and SOC2 Type II certifications in our cloud environments.
We are actively taking steps to comply with these new regulations to support our European customers.
Cyber Resilience Act
The Cyber Resilience Act (CRA) aims to enhance the cybersecurity of digital hardware and software products. Key parts of the CRA include product lifecycle cybersecurity accountability, vulnerability reporting, marking of digital products, risk and conformity assessments,
Key CRA Objectives
- Improved Cybersecurity – Improve cyber resilience by requiring manufacturers to prioritize cybersecurity throughout the design, development, production, maintenance, and product support stages.
- Enhanced Transparency – Provide users with clear and accessible product information about secure operation, vulnerability management, and vulnerability disclosure.
Effective Date
The EU CRA entered into force on December 10, 2024, with a 36-month transition period. The main obligations will be in full effect beginning December 11, 2027, with exploited vulnerability and incident reporting starting on September 11, 2026.
Machinery Regulation
The Machinery Regulation (MR) aims to harmonize essential health and safety requirements for machinery. Key parts of the MR include updated safety requirements, integration of cyber security and new technologies, modernized conformity assessment, stricter market surveillance, and digital documentation.
Key MR Objectives
- Enhanced Safety – Improve health and safety protection for interaction between humans and machines.
- Cybersecurity – Protect machinery against potential cyberattack that could compromise safety and operational integrity.
- Technological Adaptation –Align with new technologies, including artificial intelligence and connected machinery.
- Support Digitalization – Clarify the use of digital documentation and instructions.
Effective Date
The EU MR will be in effect from January 20, 2027.
Our Actions
As the regulations continue to evolve, we are monitoring possible revisions to the regulations and guidance from the EU Commission. We are also engaging with European industry associations, European standards organizations, and CENELEC TC44X/WG1 and JTC13/WG9 working groups, among others, that help define regulatory security standards.
The regulations may require us to make changes to our offerings. We will continue to provide a comprehensive range of compliant products and services to solve customer applications across the machine, hybrid, and process space. Our security capabilities, including the industry-leading secure communications technology, Ethernet/IP, will be uniquely positioned to ensure that applicable requirements are met. As always, we will partner with our customers to ensure a smooth transition.
Please reach out to your account team or distributor to understand how we can partner with you.