--- title: "How to map Annex III EHSRs under the EU Machinery Regulation" canonical_url: "https://www.sorena.io/artifacts/eu/machinery-regulation/faq/annex-iii-ehsr" source_url: "https://www.sorena.io/artifacts/eu/machinery-regulation/faq/annex-iii-ehsr" author: "Sorena AI" description: "FAQ on mapping Annex III essential health and safety requirements to hazards, risk reduction, software controls, technical documentation, and Annex I classification under Regulation (EU) 2023/1230." published_at: "2026-05-09" updated_at: "2026-05-09" keywords: - "EU Machinery Regulation" - "Regulation (EU) 2023/1230" - "Annex III EHSR" - "essential health and safety requirements" - "machinery risk assessment" - "machinery technical documentation" - "Annex III EHSRs" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # How to map Annex III EHSRs under the EU Machinery Regulation FAQ on mapping Annex III essential health and safety requirements to hazards, risk reduction, software controls, technical documentation, and Annex I classification under Regulation (EU) 2023/1230. *FAQ* *EU* ## Annex III EHSR mapping Machinery Regulation FAQ Annex III of Regulation (EU) 2023/1230 contains the essential health and safety requirements that must be matched to the hazards of the machinery, related product, or partly completed machinery. Use this FAQ to separate Annex III requirement mapping from Annex I high-risk classification, and to connect each hazard decision to technical-file evidence. Annex III EHSR mapping is the exercise of taking the product risk assessment, identifying which essential health and safety requirements apply, and documenting the design, protective measures, residual risks, instructions, standards, tests, and software evidence used to meet them. It is not the same as Annex I classification: Annex I lists machinery or related product categories that trigger specified conformity-assessment procedures. ## What are Annex III EHSRs? EHSRs are the essential health and safety requirements in Annex III of Regulation (EU) 2023/1230. The general principles require the manufacturer to carry out a risk assessment, determine which Annex III requirements apply, and then design and construct the machinery or related product to eliminate hazards or minimise the relevant risks. The mapping should start with the intended use, reasonably foreseeable misuse, product limits, hazardous situations, severity, probability, and required risk reduction. Annex III says the first chapter is general and applies to all machinery or related products, while the other chapters apply where the risk assessment shows more specific hazards such as mobility, lifting, underground work, lifting persons, or certain product categories. - List each hazard and hazardous situation from the risk assessment. - Mark the Annex III section that corresponds to that hazard, including the general chapter and any specific chapter triggered by the product design or use. - Record the protective measure used for each applicable EHSR and identify any residual risk that must be handled through instructions, warnings, maintenance, or other controls. - For partly completed machinery, map only the Annex III requirements that are relevant to the partly completed machinery and its intended incorporation. Sources for this answer: - [Regulation (EU) 2023/1230 on machinery](https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX%3A02023R1230-20230629&ref=sorena.io) - Annex III sets the EHSR mapping method: risk assessment determines applicable requirements, hazards are eliminated or reduced, and the whole Annex must be checked for relevant chapters. - [ISO 12100:2010 safety of machinery](https://www.iso.org/obp/ui/en/?ref=sorena.io#!iso:std:51528:en) - ISO grounding identifies ISO 12100 as the machinery-safety standard for design, risk assessment, and risk reduction terminology. ## How does risk assessment drive the EHSR map? The Annex III general principles describe an iterative process: determine product limits, identify hazards and hazardous situations, estimate severity and probability, evaluate whether risk reduction is required, then eliminate hazards or reduce risks using protective measures in the required priority order. That means the EHSR map should be hazard-led. A mechanical movement hazard might point to guards or protective devices; a control-system hazard might point to safety and reliability of control systems; a software or data-integrity hazard might point to protection against corruption; and a mobility hazard might require the mobility chapter in addition to the general chapter. - Use the risk assessment to justify why each Annex III section is applicable, not applicable, or covered by a more specific chapter. - Tie each risk-reduction measure to design evidence, test evidence, inspection evidence, or instruction text. - Show where harmonised standards, common specifications, or other technical specifications were applied, including any partial application. - Keep residual-risk language consistent between the EHSR map, instructions for use, labels or markings, and declaration evidence. Sources for this answer: - [Regulation (EU) 2023/1230 on machinery](https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX%3A02023R1230-20230629&ref=sorena.io) - Annex III general principles define the iterative risk-assessment and risk-reduction sequence used to select applicable EHSRs. - [European Commission harmonised standards for machinery](https://single-market-economy.ec.europa.eu/single-market/goods/european-standards/harmonised-standards/machinery-md_en?ref=sorena.io) - Commission grounding supports use of harmonised machinery standards as a standards reference point, while the EHSR map still needs requirement-by-requirement evidence. ## Where do software and cybersecurity fit? Software belongs in the Annex III map when it affects safety. The Regulation covers safety components as physical or digital components, including software, and Annex III includes specific requirements for protection against accidental or intentional corruption of hardware, software, and data that are critical to compliance with EHSRs. For control systems, Annex III requires design and construction that prevent hazardous situations, including attention to faults in hardware or logic, errors in control-system logic, reasonably foreseeable malicious attempts where relevant, and limits of safety functions established through the manufacturer's risk assessment. Where safety-related software versions or interventions are relevant, the Regulation also grounds tracing-log and source-code or programming-logic evidence in defined circumstances. - Identify software and data that are critical to EHSR compliance and record how they are protected against accidental or intentional corruption. - Record the installed software needed for safe operation and how the machinery can provide that information in an accessible form. - For safety-related software, keep version, intervention, validation, and tracing evidence aligned with the technical documentation. - For sensor-fed, remotely driven, autonomous, or self-evolving safety functions, document system capabilities, limitations, data, development, testing, and validation where relevant. Sources for this answer: - [Regulation (EU) 2023/1230 on machinery](https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX%3A02023R1230-20230629&ref=sorena.io) - Annex III sections 1.1.9 and 1.2.1 ground protection against corruption, control-system safety, software identification, tracing logs, and autonomous or self-evolving safety-function evidence. - [ISO/TR 22100-4:2018 IT-security aspects for machinery safety](https://www.iso.org/standard/73335.html?ref=sorena.io) - ISO grounding identifies ISO/TR 22100-4 as guidance for machinery manufacturers considering related IT-security and cybersecurity aspects in relation to ISO 12100. ## What technical-file evidence should support the EHSR map? Annex IV requires technical documentation to specify the means used to ensure conformity with applicable Annex III EHSRs. For machinery and related products, that documentation includes a complete product description, risk-assessment documentation, the list of applicable EHSRs, protective measures, residual risks, drawings and schemes, standards or common specifications applied, tests and calculations, instructions for use, declarations, production controls, and selected software or sensor-system evidence where relevant. A useful EHSR map therefore has one row per applicable requirement or hazard cluster, with cross-references to the risk assessment, design evidence, verification evidence, instruction text, standards basis, residual-risk treatment, and declaration support. If a harmonised standard or common specification is only partly applied, the file should say which parts were applied and what other technical specifications close the remaining EHSR gap. - Risk assessment: product limits, hazards, hazardous situations, applicable EHSRs, protective measures, and residual risks. - Design evidence: drawings, circuit schemes, control architecture, software logic descriptions, component data, and manufacturing controls. - Verification evidence: design calculations, tests, inspections, examinations, and research on components or fittings. - User-facing evidence: instructions for use, residual-risk information, warnings, maintenance criteria, and any declarations or assembly instructions that must travel with the product. Sources for this answer: - [Regulation (EU) 2023/1230 on machinery](https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX%3A02023R1230-20230629&ref=sorena.io) - Annex IV lists the technical documentation elements that must demonstrate conformity with applicable Annex III EHSRs. - [ISO 12100:2010 safety of machinery](https://www.iso.org/obp/ui/en/?ref=sorena.io#!iso:std:51528:en) - ISO grounding supports risk-assessment and risk-reduction terminology used when structuring hazard-to-EHSR evidence. ## How is Annex III different from Annex I? Annex III answers the question: which essential safety requirements apply to this product and how were the risks eliminated or reduced? Annex I answers a different question: is the product in a category that must follow one of the specified conformity-assessment procedures under Article 25? Keep both analyses in the same compliance pack, but do not merge them. Annex I classification may affect whether a notified body route is needed, while Annex III mapping remains the substantive evidence that the applicable health and safety requirements have been addressed. - Use Annex I to classify listed machinery or related product categories such as certain saws, presses, lifts, protective devices, logic units, or self-evolving safety-function systems. - Use Annex III to map hazards to requirements and evidence for every in-scope machinery or related product. - Where Annex I triggers a third-party route, the notified-body file still needs the Annex III EHSR map, risk assessment, standards basis, tests, and technical documentation. - Do not treat absence from Annex I as proof that the product has no Annex III obligations. Sources for this answer: - [Regulation (EU) 2023/1230 on machinery](https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX%3A02023R1230-20230629&ref=sorena.io) - Annex I lists categories tied to Article 25 conformity-assessment procedures, while Annex III contains the EHSRs used to assess product safety. ## Primary sources - [Regulation (EU) 2023/1230 on machinery](https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX%3A02023R1230-20230629&ref=sorena.io) - Primary legal source for Annex III EHSRs, risk assessment, Annex I categories, software/control-system requirements, and Annex IV technical documentation. - Quote: "essential health and safety requirements" - [ISO 12100:2010 safety of machinery](https://www.iso.org/obp/ui/en/?ref=sorena.io#!iso:std:51528:en) - Grounding source for machinery risk-assessment and risk-reduction terminology used to structure the EHSR mapping workflow. - Quote: "risk assessment, and risk reduction" - [ISO/TR 22100-4:2018 IT-security aspects for machinery safety](https://www.iso.org/standard/73335.html?ref=sorena.io) - Grounding source for machinery manufacturers considering IT-security and cybersecurity aspects related to ISO 12100. - Quote: "IT-security (cyber security) aspects" - [European Commission harmonised standards for machinery](https://single-market-economy.ec.europa.eu/single-market/goods/european-standards/harmonised-standards/machinery-md_en?ref=sorena.io) - Commission grounding source for machinery harmonised-standards context used when documenting standards applied against Annex III EHSRs. - Quote: "harmonised standards for machinery" ## Topic Guides - [Declaration of Conformity vs Declaration of Incorporation | Machinery Regulation FAQ](/artifacts/eu/machinery-regulation/faq/doc-and-doi.md): FAQ on when machinery needs an EU Declaration of Conformity and when partly completed machinery needs an EU Declaration of Incorporation under Regulation (EU) 2023/1230. - [Directive 2006/42/EC to Machinery Regulation transition](/artifacts/eu/machinery-regulation/transition-from-directive-2006-42-ec.md): Transition guide for moving EU machinery files from Directive 2006/42/EC to Regulation (EU) 2023/1230, focused on the 20 January 2027 changeover, pipeline products, declarations, standards, technical documentation, software, cybersecurity, and digital instructions. - [EU Machinery Regulation Applicability Test](/artifacts/eu/machinery-regulation/applicability-test.md): Test whether a product is machinery, a related product, partly completed machinery, a safety component, substantially modified, excluded, or covered by overlapping EU product laws. - [EU Machinery Regulation compliance](/artifacts/eu/machinery-regulation/compliance.md): Machinery Regulation compliance checklist covering scope, EHSR risk assessment, technical documentation, instructions, conformity assessment, EU declarations, CE marking, software, transition, and market surveillance. - [EU Machinery Regulation compliance checklist](/artifacts/eu/machinery-regulation/checklist.md): Checklist for Regulation (EU) 2023/1230 covering scope, EHSR risk assessment, technical documentation, instructions, conformity assessment, EU declarations, CE marking, digital duties, transition, and market surveillance. - [EU Machinery Regulation deadlines and compliance calendar](/artifacts/eu/machinery-regulation/deadlines-and-compliance-calendar.md): Calendar for Regulation (EU) 2023/1230 dates, Directive 2006/42/EC transition, release documentation gates, standards monitoring, and substantial-modification reviews. - [EU Machinery Regulation FAQ](/artifacts/eu/machinery-regulation/faq.md): Answers to Machinery Regulation questions on scope, partly completed machinery, Annex I categories, Article 25 conformity assessment, digital instructions, software, cybersecurity, transition, CE files, and overlap with other EU product laws. - [EU Machinery Regulation Partly Completed Machinery](/artifacts/eu/machinery-regulation/partly-completed-machinery.md): What counts as partly completed machinery under Regulation (EU) 2023/1230, what documents travel with it, and where the final assembler takes over. - [EU Machinery Regulation requirements](/artifacts/eu/machinery-regulation/requirements.md): Requirements under Regulation (EU) 2023/1230: machinery scope, EHSR risk assessment, technical documentation, instructions, conformity assessment, EU declaration, CE marking, software evidence, transition, and surveillance. - [EU Machinery Regulation Safety Components](/artifacts/eu/machinery-regulation/safety-components.md): Definition, scope, conformity assessment, technical documentation, declaration, CE marking, and grounded examples for safety components under Regulation (EU) 2023/1230. - [EU Machinery Regulation scope and machine categories](/artifacts/eu/machinery-regulation/scope-and-machine-categories.md): Scope guide for Regulation (EU) 2023/1230 covering machinery, related products, partly completed machinery, Annex I categories, exclusions, substantial modification, and category evidence. - [EU Machinery Regulation substantial modification decision workflow](/artifacts/eu/machinery-regulation/substantial-modification-workflow.md): Workflow for assessing substantial modification under Regulation (EU) 2023/1230: change facts, hazard and risk impact, manufacturer obligations, conformity assessment, CE marking, and evidence. - [EU Machinery Regulation vs LVD](/artifacts/eu/machinery-regulation/machinery-vs-lvd.md): Compare the EU Machinery Regulation and Low Voltage Directive boundary for machinery EHSRs, electrical risks, excluded electrical products, CE documentation, and evidence reuse. - [EU Machinery Regulation vs Market Surveillance Regulation: compliance comparison](/artifacts/eu/machinery-regulation/machinery-vs-msr.md): Compare Machinery Regulation product compliance duties with EU MSR market surveillance duties, authority requests, online sales, corrective action and evidence records. - [EU Machinery Regulation: autonomous mobile and collaborative machinery](/artifacts/eu/machinery-regulation/autonomous-mobile-and-collaborative-machinery.md): Grounded guide to Regulation (EU) 2023/1230 requirements for autonomous mobile machinery, human-machine interaction, controls, software, cybersecurity, risk assessment, technical documentation, and conformity routes. - [EU Machinery Regulation: when does a modification constitute substantial modification?](/artifacts/eu/machinery-regulation/substantial-modification.md): Guide to substantial modification under Regulation (EU) 2023/1230: change triggers, risk assessment, EHSRs, technical documentation, conformity assessment, CE marking, and records. - [EU Machinery Risk Assessment Method](/artifacts/eu/machinery-regulation/risk-assessment-method.md): How to document an EU Machinery Regulation risk assessment: ISO 12100 hazard identification, EHSR mapping, risk reduction, residual risk, software, cybersecurity, and technical-file evidence. - [Machinery CE documentation template for Regulation (EU) 2023/1230](/artifacts/eu/machinery-regulation/machinery-ce-documentation-template.md): Template fields for Machinery Regulation CE documentation: product identity, scope, EHSR risk assessment, standards, tests, instructions, EU declaration, CE marking, notified body route, software, cyber, and substantial modification checks. - [Machinery Regulation and EU AI Act overlap for AI-enabled safety functions](/artifacts/eu/machinery-regulation/faq/ai-act-overlap.md): FAQ on Machinery Regulation overlap with the EU AI Act for self-evolving or machine-learning safety functions, Annex I categories, standards work, and technical documentation boundaries. - [Machinery Regulation Annex I conformity route workflow](/artifacts/eu/machinery-regulation/annex-i-route-workflow.md): Classify machinery against Annex I Part A and Part B, choose the Article 25 conformity assessment route, and assemble the technical evidence file. - [Machinery Regulation Annex I high-risk categories](/artifacts/eu/machinery-regulation/annex-i-and-high-risk-machinery.md): Explain what Annex I does under Regulation (EU) 2023/1230, which listed machinery categories trigger special conformity routes, and what evidence to keep. - [Machinery Regulation category and scope checks](/artifacts/eu/machinery-regulation/category-and-scope-workflow.md): Check whether a product is machinery, a related product, partly completed machinery, a safety component, excluded from scope, or listed in Annex I under Regulation (EU) 2023/1230. - [Machinery Regulation conformity assessment and CE marking](/artifacts/eu/machinery-regulation/conformity-assessment-and-ce.md): EU Machinery Regulation guide to Article 25 conformity assessment routes, Annex I machinery categories, technical documentation, EU declarations, CE marking, and instructions. - [Machinery Regulation cybersecurity evidence FAQ](/artifacts/eu/machinery-regulation/faq/cybersecurity.md): What cybersecurity evidence connected or software-enabled machinery should keep for protection against corruption, safety-related control systems, and machinery risk assessment. - [Machinery Regulation digital instructions](/artifacts/eu/machinery-regulation/digital-instructions.md): EU Machinery Regulation guide to digital instructions for use: access marking, print and download access, paper copies, non-professional safety information, languages, and records. - [Machinery Regulation penalties and enforcement](/artifacts/eu/machinery-regulation/penalties-and-fines.md): EU Machinery Regulation enforcement guide covering Member State penalty rules, corrective action, market surveillance powers, and cross-border authority cooperation. - [Machinery Regulation related products scope guide](/artifacts/eu/machinery-regulation/related-products.md): Classify EU Machinery Regulation related products, including interchangeable equipment, safety components, lifting accessories, lifting chains, ropes, webbing, and removable transmission devices. - [Machinery Regulation software and cybersecurity considerations](/artifacts/eu/machinery-regulation/software-and-cybersecurity-considerations.md): How Regulation (EU) 2023/1230 treats safety-related software, control systems, corruption protection, technical documentation, and cyber-safety risk evidence. - [Machinery Regulation Technical Documentation and Technical File](/artifacts/eu/machinery-regulation/technical-documentation-and-technical-file.md): What to keep in the EU Machinery Regulation technical file: product identification, risk assessment, EHSR mapping, standards, tests, instructions, declarations, software evidence, retention, and notified-body records. - [Machinery Regulation technical file acceptance workflow](/artifacts/eu/machinery-regulation/technical-file-acceptance-workflow.md): Release-gate workflow for accepting an EU Machinery Regulation technical file: scope, EHSR risk evidence, standards, tests, declarations, notified-body records, software, cyber, and signoff. - [Machinery Regulation Timeline and Transition: practical guide](/artifacts/eu/machinery-regulation/timeline-and-transition.md): EU Machinery Regulation guide to Timeline and Transition with scope decisions, owner actions, evidence records, source-linked citations, and practical next steps. - [Machinery Regulation vs EMC Directive](/artifacts/eu/machinery-regulation/machinery-vs-emc.md): Compare EU machinery safety duties with EMC duties for equipment, CE documentation, harmonised standards, declarations, and combined technical files. - [Machinery Regulation vs EU AI Act: machinery safety overlap](/artifacts/eu/machinery-regulation/machinery-regulation-vs-eu-ai-act.md): A grounded comparison of the EU Machinery Regulation and EU AI Act for machinery with AI-enabled safety functions, software, cyber-safety and technical documentation overlap. - [Machinery Regulation vs Machinery Directive](/artifacts/eu/machinery-regulation/machinery-regulation-vs-machinery-directive.md): Grounded comparison of Regulation (EU) 2023/1230 and Directive 2006/42/EC across legal form, timing, scope, digital instructions, cybersecurity, conformity assessment, documentation, and CE marking. - [Machinery vs RED comparison](/artifacts/eu/machinery-regulation/machinery-vs-red.md): Compare EU Machinery Regulation and Radio Equipment Directive boundaries for machinery safety, radio equipment scope, CE documentation, and shared evidence. - [What counts as machinery under Regulation (EU) 2023/1230?](/artifacts/eu/machinery-regulation/faq/machinery-definition.md): FAQ on the Machinery Regulation definition of machinery, including assemblies, drive systems, missing components, software, related products, partly completed machinery, safety components, and exclusions. - [When can a software update affect Machinery Regulation compliance?](/artifacts/eu/machinery-regulation/faq/software-updates.md): FAQ on when machinery software updates can trigger Machinery Regulation review, including safety functions, substantial modification, corruption protection, instructions, and CE technical-file evidence. - [When does used or modified machinery need a new conformity assessment? | Machinery Regulation FAQ](/artifacts/eu/machinery-regulation/faq/used-and-modified-machinery.md): FAQ on used and modified machinery under Regulation (EU) 2023/1230, including substantial modification, first EU use, technical documentation, and market surveillance evidence. - [When is a notified body needed under the EU Machinery Regulation?](/artifacts/eu/machinery-regulation/faq/notified-bodies.md): FAQ on when Machinery Regulation Annex I products need a notified body, how to find designated bodies, and what manufacturers still own. - [Which Article 25 conformity assessment module applies? | EU Machinery Regulation FAQ](/artifacts/eu/machinery-regulation/faq/article-25-modules.md): FAQ on Article 25 of Regulation (EU) 2023/1230: Module A, Module B plus C, Module H, Module G, Annex I triggers, notified body involvement, and technical file evidence. *Recommended next step* *Placement: after technical-file evidence section* ## Build a traceable Annex III EHSR map Turn hazards, EHSRs, standards, tests, software evidence, residual risks, and declarations into one reviewable machinery technical-file map. - [Open Research Copilot](/solutions/research-copilot.md): Ask machinery-safety questions with cited source output. - [Talk through implementation](/contact.md): Review your Annex III map, software evidence, standards basis, and technical-file gaps. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/eu/machinery-regulation/faq/annex-iii-ehsr