On 25 February 2026, the UK Government published its response to the Machinery Call for Evidence, signalling significant changes ahead for the advanced manufacturing sector.

This article provides an overview of these developments, examines their relationship with the new EU Machinery Regulation (Regulation (EU) 2023/1230) (the "EU Machinery Regulation"), and offers practical guidance on what these changes are likely to mean for manufacturers, importers and distributors operating in the UK market.

The consultation process

Between July and October 2025, the Department for Business and Trade (DBT) ran a comprehensive Call for Evidence seeking views on the UK Government's approach to the EU's new Machinery Regulation and the continued recognition of CE-marked machinery in Great Britain.

The EU Machinery Regulation: a new framework in Europe

The EU Machinery Regulation represents a significant modernisation of the regulatory framework that has governed machinery safety across Europe for nearly two decades.

The EU Machinery Regulation will apply from 20 January 2027, replacing the Machinery Directive 2006/42/EC, with no transition period.

There are several important changes under the new EU framework. Unlike the current Machinery Directive, which required national transposition, the EU Machinery Regulation is directly applicable in all Member States.

Key substantive changes include:

  1. Restructured conformity assessment requirements. The high-risk machinery categories previously listed in Annex IV of the Machinery Directive have been restructured into Annex I Part A (mandatory third-party assessment in all cases) and Annex I Part B (third-party assessment required only where harmonised standards have not been fully applied). Notably, two new categories have been added to Part A: safety components with fully or partially self-evolving behaviour using machine learning approaches ensuring safety functions, and machinery with embedded systems using such approaches. Any machinery using machine learning for safety functions will require mandatory Notified Body certification.
  2. AI and machine learning. Additional specific provisions also apply to machinery with self-evolving behaviour using machine learning approaches. Such machinery must be designed to operate within defined limits regardless of how its behaviour evolves during operation; that is, the safety characteristics of the machinery must remain within acceptable parameters even as the machine learning system adapts and learns.
  3. Cybersecurity requirements. New Essential Health and Safety Requirements address cybersecurity risks for connected machinery. Manufacturers must ensure that hardware components transmitting signals or data are designed to prevent accidental or intentional corruption, and that software and data critical to compliance are identified and protected. Machinery must be designed so that unauthorised interference, including via cyber-attack, does not create a hazardous situation. 'Reasonably foreseeable misuse' will explicitly include malicious third-party actions.
  4. Software updates. Manufacturers must provide security updates throughout the expected lifetime of the machinery to address vulnerabilities and retain technical documentation for 10 years after placing products on the market.
  5. Digital documentation. Instructions for use may now be provided in digital format, with paper copies available on request.

The UK Government's response

In light of the consultation feedback, the UK Government has announced its intention to pursue a three-pronged approach:

  • First, the new EU Machinery Regulation will be implemented in Northern Ireland by October 2026, in line with Windsor Framework obligations.
  • Second, the Government will continue CE recognition in Great Britain (GB), meaning that CE-marked products which meet the requirements of the EU Machinery Regulation can still be sold in GB.
  • Third, and most significantly for GB-based manufacturers, the Government intends to update the Supply of Machinery (Safety) Regulations 2008 as they apply in GB to introduce measures similar to those in the EU Regulation, tailored for the GB context (for example, it will include references to the UK conformity assessment).

What does this mean for your business?

Enhanced safety requirements

The changes are likely to bring GB into alignment with the EU's enhanced Essential Health and Safety Requirements, including those relating to cybersecurity.

Manufacturers of connected machinery and software products will need to ensure that safety-related control systems and software are protected against both accidental failures and deliberate cyber-attacks.

IoT, networked functions, and remote access features must be designed so that they do not create hazardous situations, and systems must be capable of logging interventions to detect and trace tampering.

High-risk machinery and conformity assessment

Manufacturers of high-risk machinery should anticipate that GB legislation will introduce a similar restructured approach to conformity assessment. This is particularly relevant for those developing machinery incorporating AI or machine learning approaches for safety functions, which may face mandatory third-party conformity assessment requirements where previously self-certification was possible.

Enforcement alignment

The Government has stated that its approach is intended to protect machinery users from undue harm whilst supporting frictionless trade and reducing unnecessary administrative burdens. This suggests that enforcement priorities are likely to be risk-based, focusing on products and practices that pose the greatest risk to health and safety.

Manufacturers should expect that enforcement authorities will be equipped to address the new risk categories introduced by the EU framework, including those relating to cybersecurity and AI safety.

How to prepare for the new machinery rules

We recommend that clients in the advanced manufacturing sector take the following steps:

  1. Review existing product classifications against both the current Machinery Directive requirements and the forthcoming EU Machinery Regulation, paying particular attention to any products that may fall within the restructured high-risk categories.
  2. Assess current and planned products for AI and machine learning functionality, as any machinery using such approaches for safety functions will likely face mandatory third-party conformity assessment under the new regime.
  3. Evaluate connected machinery and software products against the new cybersecurity Essential Health and Safety Requirements, including the obligation to provide security updates and maintain technical documentation for extended periods.
  4. Monitor the progress of the secondary legislation through Parliament and engage with industry bodies and the DBT as appropriate.