Learn about EN 50742, the standard for protecting machines against tampering and cyberattacks in line with the requirements of the Machinery Regulation (EU) 2023/1230.
Goals and scope
EN 50742 is being developed to protect machines from tampering that could negatively affect safety-critical functions. The aim of the standard is to ensure that machines are designed, manufactured and operated so that both unintentional and intentional tampering is prevented. This specifically includes protection against safety risks that can arise from physical, logical or indirect connections.
EN 50742 applies to machines and their components that include safety-critical functions. It covers the following areas:
- Hardware components, including interfaces to remote devices and control systems that transmit signals or data.
- Software and data, where these can influence the safety of the machine.
The requirements of the standard extend across the entire lifecycle of a machine, from design and manufacturing through commissioning to operation, maintenance and decommissioning. Functional safety requirements, as addressed in standards such as ISO 13849 or IEC 62061, are not part of EN 50742.
Relationship with the Machinery Regulation
EN 50742 addresses the requirements set out in Machinery Regulation (EU) 2023/1230, Annex III:
Protection against tampering (Annex III, section 1.1.9)
Machines must be designed so that no hazardous situations arise from physical, logical or indirect connections.
Safety and reliability of controls (Annex III, section 1.2.1)
Machines must be protected against both intentional and unintentional tampering.
The standard serves as a tool to implement the requirements of the Machinery Regulation and to address safety risks. Manufacturers can use it to demonstrate that they systematically address protection against tampering and design their machines in conformity with the regulation.
Structure and organization of EN 50742
The standard is divided into several sections that systematically cover the relevant topics:
Introduction and scope
Introduction to the aims and scope of the standard.
Terms and definitions
Clarification of key terms such as “physical connection” or “logical connection.”
Protection against tampering
Description of essential concepts such as risk assessments and protection objectives.
Process requirements
Requirements for the machine lifecycle based on IEC 62443-4-1.
Product safety requirements
Technical measures to protect against tampering based on IEC 62443-4-2, including requirements for connections, data storage and logging.
Information for use
Requirements for documentation and user information for the safe use of the machine.
Informative annexes and overviews linking the standard to the Machinery Regulation complete the structure.
Requirements
According to the current state of discussion and planning, the concrete requirements of EN 50742 will be based on IEC 62443. Process requirements will be covered by IEC 62443-4-1, and technical product requirements will draw on IEC 62443-4-2.
Process requirements according to IEC 62443-4-1
EN 50742 explicitly refers to the process requirements of IEC 62443-4-1. These include, among others:
- Security management: Implementation of a systematic security management approach for a secure development lifecycle, e.g., defined policies, roles and processes for all phases of development.
- Specification of security requirements: Definition of clear and verifiable requirements corresponding to threats and risks to ensure safety throughout the machine lifecycle.
- Verification and validation: Requirements for testing, verification and validation of security requirements, including white-box testing and penetration testing.
These provisions are intended to ensure that manufacturers identify security risks early and implement effective countermeasures.
Further information on IEC 62443-4-1 is available in the article IEC 62443-4-1 cybersecurity from the start.
Technical requirements according to IEC 62443-4-2
The product-specific requirements in EN 50742 are based on IEC 62443-4-2 and address the technical implementation of protection against tampering. These include, among others:
- Documentation of all connections: Every physical, logical or indirect connection must be identified and documented to reduce potential attack surfaces.
- Integrity and authenticity: Measures such as cryptographic signatures or HMACs must ensure that data and software cannot be manipulated.
- Secure logging of incidents: Security-relevant events must be logged and stored securely to ensure traceability.
- Protection against tampering: Systems must be designed to resist tampering, whether intentional or unintentional.
The standard requires manufacturers to implement and document technical solutions in accordance with the requirements of IEC 62443-4-2.
Current status of prEN 50742
EN 50742 is currently being developed as prEN 50742 by the technical committee CENELEC CLC/TC 44X, which specializes in electrotechnical aspects of machine safety. The draft has already been approved as a new project proposal and is expected to be released for public comment in the coming months.
After completion, the standard is intended to be published as a harmonized European standard to create a Presumption of Conformity for the Machinery Regulation, which will make it easier for manufacturers to meet legal requirements. According to the European Commission’s standardization request, harmonized standards covering the requirements of the Machinery Regulation should be adopted by no later than 20 January 2026.
Conclusion
EN 50742 provides an important foundation for security requirements for modern machines in the context of digitalization and connectivity. It helps manufacturers meet regulatory requirements and systematically improve safety. By aligning with IEC 62443, the standard offers a practical and proven approach to implementing security requirements both technically and organizationally. Security experts and manufacturers should therefore closely follow the development of the standard and prepare for its implementation to comply with the Machinery Regulation.
Support with implementation of EN 50742
EN 50742 defines cybersecurity for machines for the first time as a complement to the new Machinery Regulation. The requirements concern not only technical security measures but also processes for secure development and demonstration of compliance.
Secuvi supports manufacturers in classifying the requirements of EN 50742 and implementing them in practice. This includes, among other things, integrating security-relevant requirements into existing development processes, assessing technical risks and preparing for conformity assessments.
Whether for new products or existing machines, we help you implement the required measures in a structured and traceable way. Our consulting is aimed at both development teams and security officers who face the challenge of embedding cybersecurity in compliance with standards.
Learn more at: secuvi.com
