Search every question across sub-FAQs

Use an EU Declaration of Conformity for machinery or a related product when the manufacturer has drawn up the Annex IV Part A technical documentation, completed the relevant conformity assessment procedure, and demonstrated conformity with the applicable essential health and safety requirements in Annex III.

The DoC is the manufacturer's formal responsibility statement for that machinery or related product. It must follow the Annex V Part A model structure, identify the product, list the Union harmonisation legislation and standards or technical specifications relied on, and be kept with the technical documentation for market surveillance.

Use an EU Declaration of Incorporation for partly completed machinery. Regulation (EU) 2023/1230 defines partly completed machinery as an assembly that is not yet machinery because it cannot by itself perform a specific application and is only intended to be incorporated into or assembled with machinery, other partly completed machinery, or equipment.

The DoI does not say that a final machine is complete or ready for CE marking. It states that the relevant essential health and safety requirements for the partly completed machinery have been demonstrated, and it must follow the Annex V Part B model structure.

Both declarations depend on technical documentation, but they point to different annexes and different product states. Machinery and related products use Annex IV Part A; partly completed machinery uses Annex IV Part B.

For complete machinery, the technical documentation must show how conformity with the applicable essential health and safety requirements is achieved. For partly completed machinery, the technical documentation must show conformity with the relevant essential health and safety requirements and include evidence that the partly completed machinery can be assembled and incorporated safely.

The practical boundary is whether the item is already machinery or a related product, or whether it is only partly completed machinery intended for incorporation. If the item can perform the intended application as machinery and the manufacturer places it on the market or puts it into service, the DoC and CE marking path applies.

If the item cannot perform a specific application by itself and needs incorporation into final machinery or equipment, the DoI and assembly-instructions path applies. The final machinery manufacturer then needs to assess the assembled machine, close any remaining essential health and safety requirements, prepare the final technical documentation, issue the final DoC where applicable, and affix CE marking to the final machinery.

EHSRs are the essential health and safety requirements in Annex III of Regulation (EU) 2023/1230. The general principles require the manufacturer to carry out a risk assessment, determine which Annex III requirements apply, and then design and construct the machinery or related product to eliminate hazards or minimise the relevant risks.

The mapping should start with the intended use, reasonably foreseeable misuse, product limits, hazardous situations, severity, probability, and required risk reduction. Annex III says the first chapter is general and applies to all machinery or related products, while the other chapters apply where the risk assessment shows more specific hazards such as mobility, lifting, underground work, lifting persons, or certain product categories.

The Annex III general principles describe an iterative process: determine product limits, identify hazards and hazardous situations, estimate severity and probability, evaluate whether risk reduction is required, then eliminate hazards or reduce risks using protective measures in the required priority order.

That means the EHSR map should be hazard-led. A mechanical movement hazard might point to guards or protective devices; a control-system hazard might point to safety and reliability of control systems; a software or data-integrity hazard might point to protection against corruption; and a mobility hazard might require the mobility chapter in addition to the general chapter.

Software belongs in the Annex III map when it affects safety. The Regulation covers safety components as physical or digital components, including software, and Annex III includes specific requirements for protection against accidental or intentional corruption of hardware, software, and data that are critical to compliance with EHSRs.

For control systems, Annex III requires design and construction that prevent hazardous situations, including attention to faults in hardware or logic, errors in control-system logic, reasonably foreseeable malicious attempts where relevant, and limits of safety functions established through the manufacturer's risk assessment. Where safety-related software versions or interventions are relevant, the Regulation also grounds tracing-log and source-code or programming-logic evidence in defined circumstances.

Annex IV requires technical documentation to specify the means used to ensure conformity with applicable Annex III EHSRs. For machinery and related products, that documentation includes a complete product description, risk-assessment documentation, the list of applicable EHSRs, protective measures, residual risks, drawings and schemes, standards or common specifications applied, tests and calculations, instructions for use, declarations, production controls, and selected software or sensor-system evidence where relevant.

A useful EHSR map therefore has one row per applicable requirement or hazard cluster, with cross-references to the risk assessment, design evidence, verification evidence, instruction text, standards basis, residual-risk treatment, and declaration support. If a harmonised standard or common specification is only partly applied, the file should say which parts were applied and what other technical specifications close the remaining EHSR gap.

Annex III answers the question: which essential safety requirements apply to this product and how were the risks eliminated or reduced? Annex I answers a different question: is the product in a category that must follow one of the specified conformity-assessment procedures under Article 25?

Keep both analyses in the same compliance pack, but do not merge them. Annex I classification may affect whether a notified body route is needed, while Annex III mapping remains the substantive evidence that the applicable health and safety requirements have been addressed.

Overlap matters most when a safety function depends on software, sensor data, machine learning, autonomous operation, or fully or partially self-evolving behaviour. The Machinery Regulation does not turn every AI feature into a machinery-specific AI issue; the machinery question is whether the system affects an essential health and safety requirement or the conformity assessment route.

The Commission standardisation request describes the machinery-AI intersection as machinery products with systems ensuring safety functions, with fully or partially self-evolving behaviour using machine learning approaches. CEN-CENELEC Q&A material also frames the issue around predictability: for Machinery Regulation purposes, the concern is relevant when unpredictable or self-evolving behaviour concerns a safety function.

AI-enabled safety functions can affect the conformity route when the machinery or related product falls within Annex I. Products in Annex I Part A are subject to the specific conformity assessment procedures in Article 25(2). Products in Part B use the Article 25(3) route, and self-assessment is possible only where the product is designed and constructed in accordance with relevant harmonised standards or common specifications that are specific to the category and cover all relevant essential requirements.

Article 6 also lets the Commission amend Annex I in light of technical progress, advances in knowledge, or new scientific evidence. One listed criterion for Part A inclusion is uncertainty in existing risk-assessment methods for new machinery categories or technologies, which is the relevant machinery-grounded boundary for novel AI-enabled safety functions.

The Machinery Regulation technical documentation must show how the manufacturer ensures conformity with applicable essential health and safety requirements. For AI-enabled safety functions, the machinery file should be concrete enough to connect the hazard, the protective measure, the safety-related software or data input, and the verification evidence.

Annex IV requires risk-assessment documentation, applied harmonised standards or common specifications, design calculations, test and inspection results, and, where relevant, source code or programming logic of safety-related software after a reasoned authority request. It also calls out sensor-fed, remotely driven, or autonomous machinery where safety-related operations are controlled by sensor data: the file should describe the system's general characteristics, capabilities, limitations, data, development, testing, and validation processes.

The standards context is still a machinery context. The 2025 machinery standardisation request asks CEN and CENELEC to draft or revise standards for machinery products with fully or partially self-evolving behaviour or logic, safety functions governed by such systems using machine learning approaches, and safety functions based on external connections, software, or data that must be protected against corruption.

The request also says standards developed under the machinery mandate should take into account work under the AI Act and Cyber Resilience Act and be prepared as machinery-specific standards. That is useful context for standards monitoring, but it is not a shortcut for claiming compliance with the AI Act.

The evidence should start with the Machinery Regulation safety question: could a connected device, remote communication path, software change, data change, or control-system logic failure create a hazardous situation? If yes, the cybersecurity record belongs inside the machinery risk assessment and technical documentation, not only in a separate IT security file.

Annex III section 1.1.9 requires protection against corruption for safety-critical signal or data hardware, software, and data. It also requires the machinery or related product to identify software necessary for safe operation and to collect evidence of legitimate or illegitimate interventions in relevant hardware, software, installed software, or configuration.

Annex III section 1.2.1 requires control systems to be designed and constructed so hazardous situations do not arise. For cybersecurity, the key evidence is not a generic penetration-test label; it is the link between foreseeable interference and the safety function that could fail.

The record should cover hardware faults, logic errors, human error, external influences, and reasonably foreseeable malicious attempts from third parties where those attempts could lead to a hazardous situation. For uploaded safety software, the Regulation also calls for a tracing log of intervention data and safety-software versions after placing on the market or putting into service.

Use standards evidence carefully. A harmonised standard can support presumption of conformity only for the essential requirements it covers, and the Machinery Regulation also allows cybersecurity certificates or statements under an EU cybersecurity certification scheme to support Annex III sections 1.1.9 and 1.2.1 only to the extent their covered requirements match those sections.

ISO/TR 22100-4 is useful context because it is machinery-specific guidance for considering IT-security threats that can influence machinery safety. It should not be presented as a complete legal answer by itself; the evidence file still needs the product-specific Annex III mapping, risk assessment, test results, software identification, intervention logs, and standards coverage analysis.

Avoid evidence that cannot be traced to a safety function or Annex III requirement. General IT policy, cloud security documentation, supplier marketing material, or a product-wide cybersecurity badge is weak if it does not show how corruption, software changes, data changes, or malicious attempts were assessed for the specific machinery configuration.

The core Article 3 definition is functional rather than label-based. Machinery is an assembly joined for a specific application, made of linked parts or components, with at least one moving part, and fitted with or intended to be fitted with a drive system other than directly applied human or animal effort.

Do not stop the analysis because the drive, connection kit, installation base, or application software is missing. Article 3 still covers assemblies missing only components needed to connect them on site or to sources of energy and motion, assemblies ready to function only after mounting on a means of transport, building, or structure, and assemblies missing only the software upload intended for the manufacturer's specific application.

Article 2 applies the Regulation to machinery and five related-product categories: interchangeable equipment, safety components, lifting accessories, chains, ropes and webbing, and removable mechanical transmission devices. It also applies to partly completed machinery.

Partly completed machinery is not yet machinery because it cannot itself perform a specific application. Its intended role is incorporation into, or assembly with, machinery, other partly completed machinery, or equipment so that machinery is formed.

A safety component can be physical or digital, including software. Article 3 requires four elements: it is a component of a product within scope, it is designed or intended to fulfil a safety function, it is independently placed on the market, and its failure or malfunction endangers the safety of persons.

The same definition excludes components that are necessary for the product to function, or where normal components may be substituted for the product to function. That boundary is why a safety-component decision should state both the safety function and whether the component is independently marketed for that function.