deen
close
Share
close
  • Sprache / language
  • deen
Test and Qualification

Integrated implementation of the AI Act, Cyber Resilience Act and Machinery Regulation

Test and Qualification

Integrated implementation of the AI Act, Cyber Resilience Act and Machinery Regulation

Holistic Approach for Product Safety

Safety & Security Testing of Mechatronic Systems

Integrated Testing of Mechatronic Products | Machinery Regulation, Cyber Resilience Act & AI Act

With the entry into force of the new EU regulations, manufacturers of mechatronic systems face a dual challenge: mechanical safety, cybersecurity and the use of AI must not only be considered individually, but also brought together in a systemic way. The Machinery Regulation, the Cyber Resilience Act and the AI Act are technically and regulatorily interlinked – across the entire product lifecycle.

For many companies, this means new roles, new evidence requirements and new processes – from development and conformity assessment through to operation and updates in the field. Isolated measures or stand-alone testing are no longer sufficient. What is required is an integrated approach that consistently combines safety, security and AI assurance.

IABG supports you as a central partner in the structured implementation of these requirements – with strong technical expertise, a clear regulatory understanding and a lifecycle-oriented approach.

Three sets of rules - one system

Mechatronic systems combine mechanics, electronics, software, networking and, increasingly, artificial intelligence. Accordingly, several European regulations apply simultaneously - with different focuses, but to the same product.

  • Machinery Regulation

    Safety of the physical product

    The Machinery Regulation (EU 2023/1230) ensures that machinery does not pose a risk to persons. The focus is on functional safety, risk assessment and protective measures against mechanical, electrical or control-related risks.

    What is new is that software, IT safety aspects and AI components are also explicitly taken into account. Safety therefore no longer ends at the mechanical interface, but encompasses the entire technical system.

  • Cyber Resilience Act

    Cybersecurity across the life cycle

    The Cyber Resilience Act affects all products with digital elements - and therefore practically all modern machines. Among other things, it requires "security by design", structured vulnerability management and secure update mechanisms.

    Particularly relevant: The responsibility does not end when the product is placed on the market. Manufacturers must also ensure security during operation, report security incidents and provide updates. Cyber security thus becomes a permanent manufacturer obligation.

  • AI Act

    Trustworthiness of intelligent functions

    As soon as a machine uses AI-based functions - for example for autonomous decisions, image processing or adaptive control - the AI Act also applies. Depending on the risk class, it requires, among other things

    • structured risk management,

    • traceable data and model processes,

    • technical documentation,

    • measures for human supervision.

    The regulation therefore affects not only the end product, but also development processes and training data.

Our offer | Our promise

We support you throughout the entire product lifecycle in all safety, security and compliance-related challenges.

Why this is relevant for you

The new European regulations do not just affect individual specialist departments. They affect product development, IT, quality management, purchasing and management in equal measure. For manufacturers of mechatronic systems, this has the following effects in particular:

  • Increased requirements for development processes
    Security and AI aspects must be considered and documented at an early stage.

  • Extended responsibility during operation
    With the Cyber Resilience Act, the focus extends significantly into the operational phase. Vulnerability management, updates and monitoring become ongoing responsibilities.

  • Increasing complexity in the provision of evidence
    Overlapping requirements from several regulations require a consistent documentation strategy.

  • Need for organisational adaptation
    Roles, responsibilities and interfaces must be clearly defined - particularly with regard to software and AI components.

For many companies, the challenge lies in bringing these requirements together in a structured way. A systematic approach creates transparency, reduces liability risks and increases planning security when introducing complex systems to the market.

Our service

Safeguarding over the entire product life cycle

From regulatory classification to operation in the field

The requirements of the Machinery Regulation, Cyber Resilience Act and AI Act do not just affect individual development phases. They affect the entire product life cycle - from design and conformity assessment to operation and decommissioning. A sustainable compliance strategy must systematically link these phases.

We take care of all relevant regulations for the safety of mechatronic systems. The CRA and AI Act are currently on everyone's lips. However, this also includes regulations such as EMC, 60825, Reach, Rohs, NIS2, ISO 27001, BSI-IT-Grundschutz, DIN SPEC 92005, MIL-STD 810, RTCA/DO-160 and others.

Phase model for holistic protection

Phase 1: Readiness check
01
Phase 2: Development conformity
02
Phase 3:Operation Support
03

Phase 1: Readiness check

Identify relevance. Structure next steps.

The starting point is a key question: Which regulatory requirements apply to your specific product – and in which role?

As part of a structured readiness check, we analyse:

  • regulatory applicability (Machinery Regulation, CRA, AI Act),
  • classification of software and digital components,
  • roles along the value chain,
  • existing risk management processes,
  • documentation and compliance structures.

The goal is to establish a solid foundation:

Where are requirements not yet fulfilled? Where do requirements overlap? Which measures should be prioritised?

The readiness check creates transparency – before significant development effort begins.

Phase 2: Development conformity

Integrating safety in a systematic way

During the development and conformity phase, regulatory requirements are implemented technically and documented in a verifiable manner. We support you in:

Analysis and assessment

  • integrated risk management
  • supply chain assessment
  • evaluation of training data and validation of AI systems

Technical implementation and assurance

  • safeguarding of control and software functions
  • implementation of measures for human oversight

Evidence and conformity

  • creation and assessment of SBOMs
  • preparation and support of conformity assessment procedures
  • validation through systematic testing at component and system level

Phase 3:Operation Support

Compliance does not end with placing a product on the market

With the Cyber Resilience Act (CRA) and the AI Act, the regulatory focus is shifting significantly towards the operational phase. Manufacturers bear ongoing responsibility for security, update capability, transparency and compliance evidence. Compliance therefore becomes a continuous organisational task.

We support you in:

  • establishing an integrated vulnerability, monitoring and incident management approach, including robust reporting processes
  • implementing sustainable update and patch management processes to ensure long-term security in the field
  • embedding regulatory requirements within governance and organisational structures, including the qualification of responsible personnel
  • conducting systematic re-assessments in the event of changes and maintaining legally robust technical documentation
  • managing end-of-life and decommissioning processes

The objective is to establish a resilient operational framework that proactively manages regulatory obligations, security responsibilities and liability risks.

IABG - Your one-stop store

An integrated approach - one central point of contact

The combination of all phases creates a consistent safeguarding process. Instead of individual isolated measures, you receive structured support with a central contact person, clear responsibilities and coordinated interfaces. This reduces coordination effort, increases planning reliability and accelerates the market launch of complex mechatronic systems.

 

What sets us apart
 

  • Integrated safeguarding of complex systems
    Today, regulatory requirements for mechatronic systems do not arise in isolation, but in the interplay of safety, security and AI. Our strength lies in the systematic integration of these perspectives.
     
  • Interdisciplinary expertise
    We combine functional safety, cyber security/OT security and AI safeguarding in a common methodological framework. Risks are not considered separately, but analyzed in their technical interaction.
     
  • Technical depth
    Our work does not end with process consulting or documentation checks. We have comprehensive testing and system expertise - from components and software to complete mechatronic systems.
     
  • Lifecycle orientation
    Compliance is not a one-off verification, but a continuous process. We support development, conformity assessment and operation with a consistent validation strategy.
Do not hesitate to contact me!
Michael Weidinger
Innovation & Engineering
Send message
Contact