{"id":1322,"date":"2026-01-11T22:07:23","date_gmt":"2026-01-11T21:07:23","guid":{"rendered":"https:\/\/digitale-faszination.de\/2026\/01\/11\/draft-en-50742\/"},"modified":"2026-01-13T21:47:05","modified_gmt":"2026-01-13T20:47:05","slug":"draft-en-50742","status":"publish","type":"post","link":"https:\/\/digitale-faszination.de\/en\/2026\/01\/11\/draft-en-50742\/","title":{"rendered":"EN 50742: New draft standard for cybersecurity of machines"},"content":{"rendered":"\n

The new EU Machinery Regulation (EU) 2023\/1230<\/strong> introduces binding cybersecurity requirements for machinery<\/strong> for the first time. It applies to all machinery placed on the market from 20 January 2027 onwards<\/strong>. <\/p>\n\n

Cybersecurity thus becomes an explicit part of the regulatory framework for machine manufacturers \u2013 not as a general IT security requirement<\/strong>, but only where cyberattacks can affect the safety of machinery<\/strong>.<\/p>\n\n

To specify these new legal requirements, the harmonised standard EN 50742 \u201cProtection against corruption\u201d<\/strong> is currently under development. The draft standard is currently available only in English, for example via BSI<\/strong> and DIN Media<\/strong>. A German version is expected shortly. <\/p>\n\n

\n\n

What does the draft standard EN 50742 regulate?<\/h2>\n\n

EN 50742 defines requirements and recommendations to prevent accidental and intentional (including malicious) manipulation of machinery<\/strong> that could lead to hazardous situations.<\/p>\n\n

The scope of the standard includes hardware components, software and data<\/strong>, if they could influence the safety<\/strong> of the machine.<\/p>\n\n

EN 50742 is therefore not a general cybersecurity standard<\/strong>, but a machine-specific standard focused on safety-related parts of machinery and machinery components<\/strong>.<\/p>\n\n

\n\n

Key insight of the standard<\/h2>\n\n

One central statement of EN 50742 is:<\/p>\n\n

Vulnerabilities do not create new hazards,
but their exploitation can compromise existing protective measures.<\/strong><\/p>\n\n

For this reason, the standard consistently builds on the established safety process<\/strong> that machine manufacturers already apply today.<\/p>\n\n

\n\n

Procedure according to EN 50742<\/h2>\n\n

The standard defines a clearly structured sequence of steps:<\/p>\n\n

1. Risk assessment according to ISO 12100<\/h3>\n\n

First, a risk assessment according to ISO 12100<\/strong> must be performed.
As before, all potential hazards of the machine are identified<\/strong> and appropriate protective measures<\/strong> are defined.<\/p>\n\n

This risk assessment forms the basis<\/strong> for all subsequent steps.<\/p>\n\n

\n\n

2. Definition of the Security Context<\/h3>\n\n

The next step is to define the Security Context<\/strong> of the machine.<\/p>\n\n

The Security Context describes the conditions under which the cybersecurity of the machine is ensured<\/strong>. In cybersecurity, the Security Context corresponds to what is referred to in safety standards as the \u201cintended use\u201d. <\/p>\n\n

The Security Context must be clearly defined and documented in the operating instructions<\/strong>.<\/p>\n\n

\n\n

3. Threat assessment<\/h3>\n\n

Based on the Security Context<\/strong> as well as the identified hazards and protective measures<\/strong>, a Threat Assessment<\/strong> must then be carried out.<\/p>\n\n

\n\n

Principles for handling vulnerabilities<\/h2>\n\n

For dealing with identified vulnerabilities, EN 50742 defines three clear principles:<\/p>\n\n

    \n
  1. Eliminate<\/strong>
    Vulnerabilities must be eliminated wherever they can lead to hazardous situations.<\/li>\n\n\n\n
  2. Mitigate<\/strong>
    If elimination is not possible, vulnerabilities must be mitigated.<\/li>\n\n\n\n
  3. Inform<\/strong>
    For all remaining vulnerabilities, the user information must contain all necessary details on appropriate countermeasures.<\/li>\n<\/ol>\n\n
    \n\n

    Two alternative implementation approaches<\/h2>\n\n

    For the practical implementation of the requirements, EN 50742 provides two equivalent alternatives:<\/p>\n\n

    Alternative A \u2013 EN 50742 based approach<\/h3>\n\n

    This approach is aimed at companies that do not already work according to the IEC 62443 series of standards<\/strong>.<\/p>\n\n

    Using the parameters:<\/p>\n\n