search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
WAREHOUSING/FACTORIES


W


ith full implementation of the regulation due to become enforceable from 11 December 2027, meeting the requirements of the CRA is


vital for machine builders.


WHY MACHINE BUILDERS CAN’T AFFORD TO IGNORE THE CRA There’s a clear case for why machine builders should be paying very close attention to the CRA’s implementation deadline in their calendars, put simply, they will no longer be able to sell their products in European Union (EU) markets if they don’t meet the key requirements. Those who have been selling throughout


Europe for many years will be familiar with the concept of achieving CE markings for their products in order to do so. Historically speaking, the requirements for receiving CE markings have focused on guaranteeing the safety of both end users and the environment, as set out by the Machinery Directive (2006/42/EC). From late 2027 though, machine builders


will also need to ensure that their products are protected from the ever-growing threat of cyberattacks in accordance with both the Machinery Regulation (2023/1230). Besides market exclusion, penalties for non- compliance can reach up to €15 million, or 2.5 per cent of a firm’s global turnover, whichever is higher. As machine builders will, of course, want


to avoid falling foul of the Act, they must now make a concerted effort to ensure that their products are designed, developed


WHAT MACHINE BUILDERS MUST DO AHEAD OF THE CRA’S FULL IMPLEMENTATION DEADLINE IN 2027


By Frederik Kok, Senior Cyber Security Expert, Mitsubishi Electric Europe B.V.


The introduction of the Cyber Resilience Act (CRA) in December 2024 marked one of the most significant shifts in design approaches that the machine building industry has ever seen


and produced in line with the essential cybersecurity requirements specified in Annex I. In addition to this, they must conduct a cybersecurity risk assessment to identify potential risks and suggest potential actions for reducing them, as well as conducting a conformity assessment procedure to demonstrate how they are complying with the requirements.


MAKING MACHINES ‘SECURE BY DESIGN AND BY DEFAULT’ The cause behind the CRA is undeniably a good one, after all, the level of threat activity


22 MAY 2026 | FACTORY&HANDLINGSOLUTIONS


in the EU during 2024 remained very high, increasing by 16 per cent on the previous year. As such, machine builders have an important role to play in minimising attack vectors through more stringent focus on the cybersecurity properties of their products. For many, this could see a fundamental shift


in their manufacturing processes, moving from a mentality whereby cybersecurity is regarded as a mere add-on, to a ‘secure by design’ model in which it forms an intrinsic part of machine design. More specifically, this would require an assessment of potential threats to a machine and the adoption of


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46