A Machinery Regulation risk assessment should connect the machine limits, hazards, foreseeable use and misuse, EHSRs, risk-reduction measures, residual risks, instructions, software, cybersecurity, and technical documentation.
Use this page to turn ISO 12100-style analysis into evidence that supports Annex III conformity, design reviews, change control, and authority requests.
Structured answer sets in this page tree.
Cited legal and guidance references.
Under Regulation (EU) 2023/1230, the manufacturer must carry out a risk assessment to determine the applicable essential health and safety requirements and then design and construct the machinery or related product to eliminate hazards or minimise risks. ISO 12100 gives the practical method: identify hazards through the machine life cycle, estimate and evaluate risk, reduce risk, and document the result.
Define the exact product model, intended use, foreseeable misuse, operating modes, users, environment, interfaces, tooling, energy sources, maintenance activities, and life-cycle phases. The point is to make the assessment traceable to the machine that will be placed on the market or put into service, not to a product family label.
For assemblies and integrated systems, include interactions between machines and partly completed machinery. For autonomous or self-evolving behaviour, include hazards foreseeable at placement on the market or putting into service, including intended evolution of the behaviour or logic.
Build the hazard log before choosing controls. For each life-cycle phase, list mechanical, electrical, thermal, noise, vibration, ergonomic, control-system, maintenance, access, installation, lifting, mobility, digital, and environment-specific hazards that are relevant to the machine.
Then map each hazard to the applicable Annex III essential health and safety requirements. Annex III is not a generic checklist: the Regulation says obligations apply when the corresponding hazard exists, while safety integration, marking, and instructions apply in all cases.
For each hazardous situation, estimate severity and probability using a consistent scale that engineering, safety, quality, and regulatory reviewers understand. Evaluation should decide whether the current design is acceptable, needs further risk reduction, or requires escalation before release.
Risk reduction should follow the Machinery Regulation's safety-integration logic: design out the hazard where possible, use protective measures for risks that cannot be eliminated, and use information for use for residual risks that remain after design and protective measures.
Residual risk is not an afterthought. If a risk remains after design and protective measures, the record should explain why it remains, how it is communicated, and which instructions, markings, maintenance checks, PPE references, training information, or replacement criteria are needed.
Instructions for use must correspond to the product model and cover intended use, foreseeable misuse, safe installation, operation, adjustment, maintenance, and other safety information required by Annex III. Digital instructions can be used under the Regulation's conditions, but the risk assessment should still prove that the user receives the safety information needed for the machine.
Software belongs in the machinery risk assessment when it affects safety functions, control logic, autonomy, data dependency, connectivity, updates, or user interaction. The Regulation recognises digital safety components, machinery missing only the upload of application-specific software, and technical-file access to source code or programming logic when needed by authorities to check EHSR compliance.
Cybersecurity is relevant where IT-security threats can influence machinery safety. Use ISO/TR 22100-4 as a prompt to identify security threats that could corrupt or bypass safety-related functions, change parameters, interrupt safety monitoring, or create hazardous behaviour.
After placement on the market or putting into service, physical or digital modifications can become substantial if they are not foreseen by the manufacturer, affect safety by creating a new hazard or increasing an existing risk, and require new significant protective measures. That trigger belongs in change control for retrofits, firmware changes, AI/model updates, safety-function updates, integration changes, and connected-machine deployments.
The risk assessment should be written so it can be lifted into the technical documentation. Annex IV requires risk assessment documentation showing the procedure carried out, including the EHSRs that apply, protective measures implemented, residual risks, standards or other specifications used, and reports or results of calculations, tests, inspections, and examinations.
Keep the evidence model version-controlled. A reviewer should be able to trace one hazard from the machine limit, through EHSR mapping and risk estimation, to the selected risk-reduction measure, verification result, residual-risk statement, instruction text, declaration, and release approval.
Use the method above to connect hazards, Annex III EHSRs, design controls, verification results, residual risks, instructions, software changes, and technical-file evidence before release.
A weak machinery risk assessment usually fails because it cannot be traced. The file may contain a certificate, a standard list, or generic risk matrix, but not the reasoning that connects a specific hazard to a specific EHSR, reduction measure, verification result, and residual-risk communication.
"mandatory essential health and safety requirements and voluntary harmonised standards"
"during relevant phases of the machine life cycle"
"IT-security threats which can influence safety"
"creating a new hazard, or by increasing an existing risk"