EU Machinery Regulation 2023/1230: Essential Checklist

The EU Machinery Regulation 2023/1230 is the new EU-wide product safety law for machinery, including industrial and humanoid robots. It applies from 20 January 2027 and repeals and replaces the Machinery Directive 2006/42/EC, the framework that has governed CE marking of machinery since the 2000s (EUR-Lex).

That date matters because there is no grace period for new placements. A robot cell placed on the EU market on 19 January 2027 can still conform to the Directive. The same cell placed on the market one day later must reference the Regulation. I wrote this checklist for manufacturers, importers and operators who want to use 2026 to prepare rather than scramble. It is spoke five of my robot safety documentation guide, which covers the full documentation stack this Regulation sits on top of.

What is the EU Machinery Regulation 2023/1230?

Regulation (EU) 2023/1230 on machinery, usually shortened to the Machinery Regulation or MR, sets the essential health and safety requirements that machinery must meet before it can carry a CE mark and circulate in the EU single market (EUR-Lex). It covers the same broad product scope as the Directive it replaces: machinery, related products and partly completed machinery. Industrial robots, robot cells and humanoid robots all fall inside that scope.

The legal form is the first practical change. A directive needs transposition into 27 national laws, which historically created small differences between member states. A regulation applies directly and identically across the EU. From 20 January 2027 every manufacturer, importer and distributor works from one text.

The Regulation was published in 2023 and most of it sits dormant until 2027. A small set of articles applied early, from 20 July 2024: Article 6(2) to (6), (8) and (11), Article 47 and Article 53(3) (EUR-Lex summary). These cover Commission empowerments for delegated acts amending the Annex I high-risk list (Article 6), exercise-of-delegation rules (Article 47) and an evaluation reporting duty (Article 53(3)), so the obligations that hit day-to-day compliance work all land on the 2027 date.

What changes on 20 January 2027?

On 20 January 2027 the Machinery Directive 2006/42/EC is repealed and EU Machinery Regulation 2023/1230 becomes the only valid basis for placing machinery on the EU market (EUR-Lex). Your EU declaration of conformity, technical file and CE marking documentation for any machine placed on the market from that date must reference the Regulation, not the Directive.

Three points trip people up, and I see them confused in vendor conversations regularly.

First, the trigger is placement on the market, not manufacture. A machine built in 2026 but first made available in the EU in February 2027 falls under the Regulation.

Second, there is no sell-through transition for new placements. The Regulation does not allow you to keep issuing Directive-based declarations after the deadline.

Third, machinery already legally placed on the market and in service before the deadline does not need retroactive recertification. But the moment you substantially modify it, you may restart the clock under the new rules. More on that trap below.

How does the Regulation differ from the Machinery Directive?

The essential health and safety logic carries over, so a machine that genuinely conforms to the Directive today is most of the way there. The differences cluster around digital risks and digital paperwork. Here is the comparison I use when briefing operations teams.

Area	Directive 2006/42/EC	Regulation 2023/1230
Legal form	Directive, transposed into 27 national laws	Regulation, applies directly and identically EU-wide
Cybersecurity	Not addressed	Safety functions must be protected against corruption (Annex III, section 1.1.9)
AI and self-evolving behaviour	Not covered	Safety review required for self-evolving behaviour affecting safety (Annex III, Part B and Annex I, Part A)
Documentation format	Paper instructions expected	Digital documentation format explicitly allowed (Article 10(7))
Document retention	Technical file kept available for authorities	Explicit 10-year document retention duty (Article 10(3))
Modified machinery	Handled through national guidance	Substantial modification makes the modifier the manufacturer (Article 3(16) and Article 18)

None of these rows lowers an existing requirement. The Regulation extends the Directive’s hazard model into software, connectivity and machine learning, which is exactly where modern robots live.

What are the new cybersecurity and AI duties?

Two new duty areas deserve their own section because they did not exist under the Directive at all.

Cybersecurity: safety functions must resist corruption

The Regulation requires that machinery be designed so its safety functions are protected against corruption, whether accidental or malicious (Annex III, section 1.1.9). In robot terms: if a network intrusion, a bad firmware update or a manipulated configuration file can disable a speed limit or a protective stop, that is now a conformity gap, not just an IT problem. Your technical file needs to show how safety-related control paths are protected. This aligns with ISO 10218-1:2025 and 10218-2:2025, which added cybersecurity requirements as they apply to robot safety in the February 2025 revision (Robotics Tomorrow).

AI and self-evolving behaviour

The Regulation also addresses machinery with self-evolving behaviour. If a robot’s behaviour can change after deployment, through learned models or updated policies, the safety assessment must cover that evolution, not just the state at delivery (Annex III, Part B and Annex I, Part A). For AI-driven humanoid robots this is the single most consequential change. The risk assessment method itself stays anchored in ISO 12100, and I walk through how to structure it in my ISO 12100 risk assessment template for robots.

A practical bonus sits alongside these duties: the Regulation explicitly permits digital documentation formats (Article 10(7)), and it requires documents to be retained for 10 years (Article 10(3)). Set up your document control accordingly.

When does a modification make you the manufacturer?

This is the trap I warn every robot operator about. Under the Regulation, a person who substantially modifies machinery, physically or digitally, in a way that introduces a new hazard or increases an existing risk can become the manufacturer of the modified machine (Article 3(16) and Article 18). That means the full package lands on you: conformity assessment, technical file, EU declaration of conformity, CE marking and product liability, though non-professional users modifying machinery for their own use are exempt (Article 18).

Note the word digitally. Swapping an end effector for a heavier payload is the obvious physical case. But loading third-party software that changes motion behaviour, raising configured speed limits or retraining a control model can qualify just as well. The Directive era treated software changes as a gray zone handled through national guidance. The Regulation pulls them into the definition.

My decision aid, the same one in the toolkit tracker, asks three questions:

1. Did the change introduce a hazard that the original risk assessment did not cover?
2. Did it increase an existing risk beyond what the original protective measures handle?
3. Can the existing safeguards still control the resulting risk without new measures?

If the answers point to a new or increased risk that existing safeguards do not cover, treat yourself as the manufacturer of the modified machine and plan a conformity assessment. If the change stays inside the original risk assessment envelope, document that conclusion and keep it in the file for 10 years. Either way, write the analysis down. An undocumented “we decided it was fine” is worthless during a market surveillance inquiry or after an incident.

Which transition actions should you complete in 2026?

The transition tracker I built for the safety documentation pillar groups 26 actions into seven categories. Here is how I would walk them in 2026, in order.

1. Documentation

Inventory every machine you place on the market or operate. Map each to its current declaration of conformity and decide which will be placed on the market after 20 January 2027. Those need MR-based paperwork.

2. Technical file

Audit your technical files against the Regulation’s annexes. Update references from Directive 2006/42/EC to Regulation 2023/1230 in templates now, so nothing ships with a repealed legal basis in 2027.

3. Cybersecurity

Document how safety functions are protected against corruption: access control to safety parameters, signed firmware, network segmentation of safety controllers. Capture the evidence in the technical file.

4. AI and autonomy

Identify machinery with self-evolving behaviour. Define how behaviour changes are reviewed for safety impact before deployment, and how that review is recorded.

5. Substantial modification

Apply the three-question decision aid above to every planned retrofit, software update or payload change. Build the check into your management of change process.

6. Conformity assessment

Confirm which conformity route applies to each machine, including whether any fall into categories requiring a notified body. Book notified body capacity early. Everyone else will want the same slots in late 2026.

7. Economic operator duties

Clarify roles in your supply chain. Importers and distributors carry explicit duties under the Regulation, and an operator who imports a robot directly from a non-EU manufacturer wears the importer hat, with verification and documentation duties attached.

How do humanoid robots fit under the Regulation?

Humanoid robots are machinery, so the Regulation applies to them like any robot cell, and its AI and cybersecurity duties were practically written for them. ISO 10218-1:2025 and ISO 10218-2:2025, published in February 2025 as the first major revision since 2011, are the recognised standard set for demonstrating machinery-regulation conformity for robots; check the Official Journal for their current harmonisation citation status. The revision incorporated most requirements of ISO/TS 15066:2016 on collaborative applications into ISO 10218-2:2025 and added new robot classifications with corresponding functional safety requirements (Robotics Tomorrow). I break the revision down clause by clause in my ISO 10218:2025 explainer.

The timing question is not hypothetical for EU plants. BMW Group announced in February 2026 that its Leipzig plant will host the first deployment of humanoid robots in BMW production in Germany: Hexagon Robotics’ AEON robot completed an initial test deployment in December 2025, with a further test from April 2026 and the pilot phase starting summer 2026 on high-voltage battery assembly and component manufacturing (BMW Group). That pilot runs straight into the EU Machinery Regulation 2023/1230 transition window. Any humanoid placed on the EU market from 20 January 2027 needs MR-based conformity from day one.

For operators planning a deployment, the compliance workstream belongs in the project plan from the start, not after vendor selection. My humanoid robot factory implementation guide shows where the conformity and documentation milestones sit in a realistic rollout schedule.

Frequently Asked Questions

When does the EU Machinery Regulation 2023/1230 apply?

The Regulation applies from 20 January 2027, when it repeals and replaces the Machinery Directive 2006/42/EC (EUR-Lex). A small set of articles, Article 6(2) to (6), (8) and (11), Article 47 and Article 53(3), applied earlier, from 20 July 2024.

Is there a grace period after 20 January 2027?

No. Machinery placed on the EU market from 20 January 2027 must conform to EU Machinery Regulation 2023/1230 and reference it in the declaration of conformity. There is no transition period for new placements, so paperwork issued under the repealed Directive is not a valid basis from that date onward.

Does the Regulation apply to robots already installed in my factory?

Machinery legally placed on the market and put into service before 20 January 2027 does not need retroactive recertification. The risk sits in modifications: substantially modifying an installed robot, physically or digitally, in a way that creates a new hazard can make you the manufacturer under the Regulation.

What counts as a substantial modification?

A substantial modification is a physical or digital change that introduces a new hazard or increases an existing risk beyond what the original protective measures control. Heavier payloads, raised speed limits and behaviour-changing software updates are typical candidates. The modifier then carries full manufacturer duties for the modified machine.

Which standards should robot manufacturers use under the Regulation?

For industrial robots and robot applications, ISO 10218-1:2025 and ISO 10218-2:2025 are the core safety standards, published in February 2025 as the first major revision since 2011 (ISO). ISO 10218-2:2025 incorporates most of ISO/TS 15066:2016 on collaborative applications, and the revision adds cybersecurity requirements relevant to robot safety.

This article is for informational purposes only and does not constitute legal advice. The Regulation’s application to your machinery depends on your specific case; consult legal counsel and a notified body where required.

Sources

• Regulation (EU) 2023/1230 on machinery, EUR-Lex
• Regulation (EU) 2023/1230, official OJ text (CELEX:32023R1230)
• Machinery safety requirements, official EUR-Lex summary
• ISO 10218-1:2025, Robotics, Safety requirements, Part 1: Industrial robots
• ISO 10218-2:2025, Robotics, Safety requirements, Part 2: Industrial robot applications and robot cells
• ISO 12100:2010, Safety of machinery, Risk assessment and risk reduction
• Updated ISO 10218: Major Advancements in Industrial Robot Safety Standards, A3 via Robotics Tomorrow, February 17, 2025
• BMW Group to deploy humanoid robots in production in Germany for the first time, BMW Group press release, February 27, 2026