FAQEU

Machinery Regulation FAQ Software Updates

Software can be part of machinery compliance when it performs or supports a safety function, changes operating limits, updates a safety-control system, or affects the instructions and evidence used to show conformity.

Use this FAQ to screen machinery software releases for substantial modification, corruption-protection, risk-assessment, instruction, and technical-documentation impacts before rollout.

Back to main artifactReview sources
Author
Sorena AI
Published
May 9, 2026
Updated
May 26, 2026
Questions
4

Structured answer sets in this page tree.

Primary sources
3

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 9, 2026
Updated May 26, 2026
Overview

A machinery software update can affect EU Machinery Regulation compliance when it changes a safety function, the logic or configuration of a safety-related control system, the safe operating envelope, corruption protection, user instructions, or the evidence used for CE conformity. Treat the release as a compliance review, not only an engineering change, when it creates a new hazard, increases an existing risk, or changes the assumptions in the risk assessment or technical documentation.

Search this module

Find a question or answer quickly

4 of 4 questions
Question 1

When a software update needs Machinery Regulation review

Review a software update before deployment when it touches software or data that is critical to meeting essential health and safety requirements. Regulation (EU) 2023/1230 expressly treats safety components as physical or digital components, including software, and recognises machinery that is missing only the upload of application-specific software.

Escalate the release if it changes a safety function, safety-related control-system logic, operating parameters, limits generated during a learning phase, remote connectivity, configuration rules, safety logs, or the instructions users rely on to keep the machinery safe throughout its lifetime.

  • Classify the release by product model, installed software version, configuration, affected safety function, and intended use.
  • Map the change to the relevant essential health and safety requirements, especially Annex III points 1.1.9 on corruption protection and 1.2.1 on safety and reliability of control systems.
  • Hold deployment when the update could create a new hazard, increase an existing risk, weaken a protective measure, or make existing instructions inaccurate.
Citations
Regulation (EU) 2023/1230 on machinery

Grounds the treatment of software in machinery, safety components, substantial modification, technical documentation, instructions, and Annex III protection against corruption.

Question 2

Safety software, corruption protection, and logs

Annex III requires software and data critical for conformity with essential health and safety requirements to be identified and protected against accidental or intentional corruption. It also requires machinery to identify the software needed for safe operation and provide that information in an easily accessible form.

A release process should therefore preserve more than release notes. It should show which safety software changed, who authorised it, how corruption protection was tested, and whether the machinery collects evidence of legitimate or illegitimate intervention in relevant hardware, software, or configuration.

  • Record installed safety-software versions and configuration after each safety-related upload.
  • Verify that intervention evidence, modification evidence, and version tracing still work after the update.
  • For safety-related control systems, check that faults, logic errors, malicious third-party attempts, and unintended external influences do not lead to hazardous situations where relevant to the risk assessment.
  • For self-evolving or machine-learning safety functions, confirm that the update does not expand task or movement space beyond the defined limits and that safety decision data needed for conformity remains available.
Citations
Regulation (EU) 2023/1230 on machinery

Grounds the treatment of software in machinery, safety components, substantial modification, technical documentation, instructions, and Annex III protection against corruption.

Question 3

Substantial modification and risk-assessment update

The Regulation defines substantial modification as a post-market or post-service modification by physical or digital means that was not foreseen or planned by the manufacturer, affects safety by creating a new hazard or increasing an existing risk, and requires specified protective changes. Software updates should be screened against that definition before release to customers or fielded equipment.

Even when the update does not meet the substantial-modification threshold, the manufacturer still needs procedures so series production remains in conformity and must account for changes in design, characteristics, harmonised standards, technical specifications, or common specifications used to declare conformity.

  • Reopen the risk assessment when the update changes hazards, severity, probability, exposure, protective measures, residual risks, or foreseeable misuse warnings.
  • Check whether added guards, protective devices, safety-control-system changes, or added protective measures for stability or mechanical strength are now required.
  • Document the yes/no substantial-modification decision with the exact software version, affected product models, safety rationale, tests, and approver.
  • If the conformity basis changes, update the technical documentation, standards mapping, declaration workflow, and market-release gate before deployment.
Citations
Regulation (EU) 2023/1230 on machinery

Grounds the treatment of software in machinery, safety components, substantial modification, technical documentation, instructions, and Annex III protection against corruption.

Question 4

Instructions, user notice, and CE file maintenance

Software updates can make existing instructions wrong. Article 10 and Annex III require instructions to describe the corresponding product model, intended use, precautions, safe installation and use, residual risks, protective measures, maintenance, breakdown response, and other safety information. Digital instructions are allowed, but access, download, print, lifetime availability, and paper-on-request requirements still matter.

Keep the CE file aligned with the release. Technical documentation should make conformity assessable and include an adequate risk analysis and assessment; manufacturers must keep technical documentation and the EU declaration of conformity available to market surveillance authorities for at least 10 years after placing on the market or putting into service. Where relevant and necessary for checking Annex III compliance, source code or programming logic included in technical documentation must be made available to competent national authorities on reasoned request.

  • Update instructions when the release changes installation, connection, commissioning, safe use, maintenance, residual risks, spare parts, breakdown recovery, or user protective measures.
  • Tell users what changed when continued safe operation depends on installing the update, applying a configuration, avoiding an old mode, or following revised precautions.
  • Keep release notes, risk-assessment updates, test evidence, cybersecurity/corruption checks, software identifiers, intervention logs, instructions versions, declaration impacts, and approval records together in the technical file.
  • For partly completed machinery, align assembly instructions and the EU declaration of incorporation access point when the update changes incorporation, maintenance, repair, connection, or safe-use assumptions.
Citations
Regulation (EU) 2023/1230 on machinery

Grounds the treatment of software in machinery, safety components, substantial modification, technical documentation, instructions, and Annex III protection against corruption.

Recommended next step

Review machinery software releases before rollout

Use the release screen to connect safety functions, substantial-modification criteria, corruption protection, instructions, and technical-file updates before software reaches machinery in the field.

Research workflow
Open Research Copilot

Check Machinery Regulation software-update questions against cited source material.

Explore next step
Talk to Sorena
Talk through implementation

Review a machinery software release process, evidence model, and escalation triggers.

Explore next step
Primary sources

References and citations

Regulation (EU) 2023/1230 on machinery
eur-lex.europa.eu
Referenced sections
  • Grounds the treatment of software in machinery, safety components, substantial modification, technical documentation, instructions, and Annex III protection against corruption.
"by physical or digital means"
Related guides

Explore more topics

Declaration of Conformity vs Declaration of Incorporation | Machinery Regulation FAQ
FAQ on when machinery needs an EU Declaration of Conformity and when partly completed machinery needs an EU Declaration of Incorporation under Regulation (EU) 2023/1230.
Directive 2006/42/EC to Machinery Regulation transition
Transition guide for moving EU machinery files from Directive 2006/42/EC to Regulation (EU) 2023/1230, focused on the 20 January 2027 changeover, pipeline products, declarations, standards, technical documentation, software, cybersecurity, and digital instructions.
EU Machinery Regulation Applicability Test
Test whether a product is machinery, a related product, partly completed machinery, a safety component, substantially modified, excluded, or covered by overlapping EU product laws.
EU Machinery Regulation compliance
Machinery Regulation compliance checklist covering scope, EHSR risk assessment, technical documentation, instructions, conformity assessment, EU declarations, CE marking, software, transition, and market surveillance.
EU Machinery Regulation compliance checklist
Checklist for Regulation (EU) 2023/1230 covering scope, EHSR risk assessment, technical documentation, instructions, conformity assessment, EU declarations, CE marking, digital duties, transition, and market surveillance.
EU Machinery Regulation deadlines and compliance calendar
Calendar for Regulation (EU) 2023/1230 dates, Directive 2006/42/EC transition, release documentation gates, standards monitoring, and substantial-modification reviews.
EU Machinery Regulation FAQ
Answers to Machinery Regulation questions on scope, partly completed machinery, Annex I categories, Article 25 conformity assessment, digital instructions, software, cybersecurity, transition, CE files, and overlap with other EU product laws.
EU Machinery Regulation Partly Completed Machinery
What counts as partly completed machinery under Regulation (EU) 2023/1230, what documents travel with it, and where the final assembler takes over.
EU Machinery Regulation requirements
Requirements under Regulation (EU) 2023/1230: machinery scope, EHSR risk assessment, technical documentation, instructions, conformity assessment, EU declaration, CE marking, software evidence, transition, and surveillance.
EU Machinery Regulation Safety Components
Definition, scope, conformity assessment, technical documentation, declaration, CE marking, and grounded examples for safety components under Regulation (EU) 2023/1230.
EU Machinery Regulation scope and machine categories
Scope guide for Regulation (EU) 2023/1230 covering machinery, related products, partly completed machinery, Annex I categories, exclusions, substantial modification, and category evidence.
EU Machinery Regulation substantial modification decision workflow
Workflow for assessing substantial modification under Regulation (EU) 2023/1230: change facts, hazard and risk impact, manufacturer obligations, conformity assessment, CE marking, and evidence.
EU Machinery Regulation vs LVD
Compare the EU Machinery Regulation and Low Voltage Directive boundary for machinery EHSRs, electrical risks, excluded electrical products, CE documentation, and evidence reuse.
EU Machinery Regulation vs Market Surveillance Regulation: compliance comparison
Compare Machinery Regulation product compliance duties with EU MSR market surveillance duties, authority requests, online sales, corrective action and evidence records.
EU Machinery Regulation: autonomous mobile and collaborative machinery
Grounded guide to Regulation (EU) 2023/1230 requirements for autonomous mobile machinery, human-machine interaction, controls, software, cybersecurity, risk assessment, technical documentation, and conformity routes.
EU Machinery Regulation: when does a modification constitute substantial modification?
Guide to substantial modification under Regulation (EU) 2023/1230: change triggers, risk assessment, EHSRs, technical documentation, conformity assessment, CE marking, and records.
EU Machinery Risk Assessment Method
How to document an EU Machinery Regulation risk assessment: ISO 12100 hazard identification, EHSR mapping, risk reduction, residual risk, software, cybersecurity, and technical-file evidence.
How to map Annex III EHSRs under the EU Machinery Regulation | Machinery Regulation FAQ
FAQ on mapping Annex III essential health and safety requirements to hazards, risk reduction, software controls, technical documentation, and Annex I classification under Regulation (EU) 2023/1230.
Machinery CE documentation template for Regulation (EU) 2023/1230
Template fields for Machinery Regulation CE documentation: product identity, scope, EHSR risk assessment, standards, tests, instructions, EU declaration, CE marking, notified body route, software, cyber, and substantial modification checks.
Machinery Regulation and EU AI Act overlap for AI-enabled safety functions
FAQ on Machinery Regulation overlap with the EU AI Act for self-evolving or machine-learning safety functions, Annex I categories, standards work, and technical documentation boundaries.
Machinery Regulation Annex I conformity route workflow
Classify machinery against Annex I Part A and Part B, choose the Article 25 conformity assessment route, and assemble the technical evidence file.
Machinery Regulation Annex I high-risk categories
Explain what Annex I does under Regulation (EU) 2023/1230, which listed machinery categories trigger special conformity routes, and what evidence to keep.
Machinery Regulation category and scope checks
Check whether a product is machinery, a related product, partly completed machinery, a safety component, excluded from scope, or listed in Annex I under Regulation (EU) 2023/1230.
Machinery Regulation conformity assessment and CE marking
EU Machinery Regulation guide to Article 25 conformity assessment routes, Annex I machinery categories, technical documentation, EU declarations, CE marking, and instructions.
Machinery Regulation cybersecurity evidence FAQ
What cybersecurity evidence connected or software-enabled machinery should keep for protection against corruption, safety-related control systems, and machinery risk assessment.
Machinery Regulation digital instructions
EU Machinery Regulation guide to digital instructions for use: access marking, print and download access, paper copies, non-professional safety information, languages, and records.
Machinery Regulation penalties and enforcement
EU Machinery Regulation enforcement guide covering Member State penalty rules, corrective action, market surveillance powers, and cross-border authority cooperation.
Machinery Regulation related products scope guide
Classify EU Machinery Regulation related products, including interchangeable equipment, safety components, lifting accessories, lifting chains, ropes, webbing, and removable transmission devices.
Machinery Regulation software and cybersecurity considerations
How Regulation (EU) 2023/1230 treats safety-related software, control systems, corruption protection, technical documentation, and cyber-safety risk evidence.
Machinery Regulation Technical Documentation and Technical File
What to keep in the EU Machinery Regulation technical file: product identification, risk assessment, EHSR mapping, standards, tests, instructions, declarations, software evidence, retention, and notified-body records.
Machinery Regulation technical file acceptance workflow
Release-gate workflow for accepting an EU Machinery Regulation technical file: scope, EHSR risk evidence, standards, tests, declarations, notified-body records, software, cyber, and signoff.
Machinery Regulation Timeline and Transition: practical guide
EU Machinery Regulation guide to Timeline and Transition with scope decisions, owner actions, evidence records, source-linked citations, and practical next steps.
Machinery Regulation vs EMC Directive
Compare EU machinery safety duties with EMC duties for equipment, CE documentation, harmonised standards, declarations, and combined technical files.
Machinery Regulation vs EU AI Act: machinery safety overlap
A grounded comparison of the EU Machinery Regulation and EU AI Act for machinery with AI-enabled safety functions, software, cyber-safety and technical documentation overlap.
Machinery Regulation vs Machinery Directive
Grounded comparison of Regulation (EU) 2023/1230 and Directive 2006/42/EC across legal form, timing, scope, digital instructions, cybersecurity, conformity assessment, documentation, and CE marking.
Machinery vs RED comparison
Compare EU Machinery Regulation and Radio Equipment Directive boundaries for machinery safety, radio equipment scope, CE documentation, and shared evidence.
What counts as machinery under Regulation (EU) 2023/1230?
FAQ on the Machinery Regulation definition of machinery, including assemblies, drive systems, missing components, software, related products, partly completed machinery, safety components, and exclusions.
When does used or modified machinery need a new conformity assessment? | Machinery Regulation FAQ
FAQ on used and modified machinery under Regulation (EU) 2023/1230, including substantial modification, first EU use, technical documentation, and market surveillance evidence.
When is a notified body needed under the EU Machinery Regulation?
FAQ on when Machinery Regulation Annex I products need a notified body, how to find designated bodies, and what manufacturers still own.
Which Article 25 conformity assessment module applies? | EU Machinery Regulation FAQ
FAQ on Article 25 of Regulation (EU) 2023/1230: Module A, Module B plus C, Module H, Module G, Annex I triggers, notified body involvement, and technical file evidence.