EN ISO 12100 is being revised

The follow-up project ISO/CD 12100 is currently in the so-called ‘survey phase’. The current status ‘DIS ballot initiated’ means that the draft standard published in December 2024 has been revised again and published. The new draft document was registered on 7 October 2025 and issued for a 12-week survey on 28 October 2025. Users can obtain the draft standard from the Austrian Standards webshop since mid-November 2025. Comments on this document can be submitted until 2 December 2026.

Sources within the standards committee indicate that the reason for the creation of a second draft standard is a negative parallel survey at CEN level. Due to the numerous technical changes made after the comments on the first draft were clarified, a second survey by CEN is therefore necessary before the formal vote can take place.

Although only a minor revision was originally planned, the negative CEN result and the scope of the adjustments necessitate a new draft phase before formal voting can take place.

The ISO standardisation process is divided into several stages (known as ISO stages). The new standard is currently in phase 4 (survey phase). It will therefore be some time before the document reaches phase 6 (publication phase).

By way of comparison, the last revision of the standard in 2008 took just under two years from the committee stage to the publication stage. If the current revision follows a similar cycle, users can expect a new edition of the standard in mid/late 2026.

However, as the draft standard from December 2024 was not approved, a new document was drawn up by the committee from September 2025 onwards. This draft was published on 15 November 2025 by Austrian Standards as ÖNORM for public comment and is undergoing a second approval process. If the outcome is positive, this draft will be adopted and published.

This publication process only reflects the international version. CEN, the European standardisation organisation, has also launched a new standardisation project with the name prEN ISO 12100 rev. It is expected that the ISO and CEN committees will work closely together as they did for the 2010 edition of the standard. Publication at the European and then at the national level usually takes place a few months after the international edition is published.

On 20 January 2025, the standardisation request was issued by the EU Commission to CEN/CENELEC, calling for the development of harmonised standards for the new or amended requirements of the Machinery Regulation (EU) 2023/1230. Annex I of the document calls first for ‘standards and specifications on horizontal issues of risk reduction and safety of machinery and related products’, presumably referring to EN ISO 12100 as the only Type A standard. The deadline for the latest adoption of this standard by CEN/CENELEC (as for all other standards of the mandate) is set for 20 January 2026, exactly one year before the new MVO comes into force. Further information on this topic can be found in the technical article ‘New Machinery Regulation: Status of harmonised standards’.

When it comes to the question of a possible transition period, a distinction must be made between the various publishers:

• International: ISO is expected to withdraw the predecessor document immediately upon publication of the successor, i.e. there will be no transition period.
• Europe: CEN/CENELEC only communicate the date of withdrawal indirectly: In the date of the new standard, the DOW, the so-called "date-of-withdrawal", communicates the latest date by which national implementations of the standard that contradict the current edition must be withdrawn. This date is on average 2-3 years after a new publication.
• European Union: A special case in Europe is also the indirect publisher status of the European Commission, which publishes the new standard as a harmonised standard in the EU Official Journal in accordance with the Machinery Directive (in future the Machinery Regulation). With the listing in the EU Official Journal, the predecessor standard EN ISO 12100:2010 is expected to be granted a transitional period of 2.5 years for the presumption of conformity, during which both editions may be used.
• National level: National standardisation organisations such as DIN or Austrian Standards generally withdraw national predecessor standards immediately, but there are exceptions here too.
   

This question is not easy for manufacturers to answer, as they find themselves in a field of tension, especially in Europe.

On the one hand, the listing of the predecessor standard EN ISO 12100:2010 in the EU Official Journal in accordance with the Machinery Directive provides a certain degree of legal certainty, i.e. the presumption of conformity, while on the other hand the EU directives in particular require compliance with the state of the art. It could be argued here that the new edition of (EN) ISO 12100 better reflects this state of the art from the time of publication than the previous standard due to its up-to-dateness.

For more information - also from a legal perspective - on this topic, please refer to our technical article Standards topicality vs. presumption of conformity.
 

In the 2024 work programme of the European standardisation organisations CEN/CENELEC, the revision of the standard was listed as one of the main tasks of Technical Committee 114 (Safety of Machinery). The main objective of the revision is therefore to review some definitions, to align the content with the Machinery Regulation (EU) 2023/1230 and to introduce links to the latest horizontal documents of the committee.¹

This scope of revision was also reflected in the first draft standard for public comment, which was published on 1 January 2025 as prEN ISO 12100:2024. However, during the approval process, this content led to a negative vote at CEN/CENELEC level, which is why several additional sections were modified or newly added in the second draft standard of 15 November 2025.

Please note:

• The section on new features/changes is merely a list of what we consider to be the most important modifications to the second draft standard from November 2025.
• Changes may still be made before the final edition of the standard is published in 2026, as there is an opportunity for the public to comment.
   

Annexes ZC and ZD explaining the relationships with the Machinery Directive and the Machinery Regulation

The previous Annex ZA (Relation of this document and the Essential Health and Safety Requirements of Directive 2006/42/EC) was transferred to Annexes ZA (MD) and ZB (MR).

In addition, Annex ZC (MD) and Annex ZD (MR) have been added to provide further information explaining the relationship between the standard and the directive or regulation. These annexes set out principles for the safe design of machinery, including the selection of appropriate safety standards and their application to minimise risk. The focus is on the presumption of conformity through harmonised standards, in particular C-type standards that cover specific requirements. It also explains protection against risks from moving transmission parts, such as fixed or movable safeguards.

1 Scope

The scope has been expanded to include an additional paragraph on the effects of artificial intelligence/machine learning and cyber threats and data corruption on machine safety. The latter content has been slightly modified compared to the first draft of the standard dated 1 January 2025, which still referred to cybersecurity attacks.

The future standard is intended to specify measures for the effects of such hazardous situations on machine safety.

In addition, the new standard specifies that hygiene aspects are also relevant to machine safety.

Two further points have been added to the previous comments in the scope of application: a note that the risk assessment process can be used not only for personal injury but also for damage to domestic animals, property or the environment, and a clarification of the role of the designer, who may be a manufacturer, integrator, supplier or user.

3 Terms

The following terms have been added to Section 3:

• 3.18: complementary risk reduction measure
• 3.19: tolerable risk: level of risk that is accepted in a given context based on the current values of society at a minimum in accordance with legal requirements
• 3.40: cybersecurity: measures to protect a machine control system against unauthorized access or attack that can result in a hazardous situation
• 3.41: remote access: process of communicating with one or more device on the machinery from another network or from a terminal device which is not permanently connected, physically or logically, to the device(s)
• 3.42: remote control: process where parameters can be changed and machine functions can be initiated, stopped or modified from a location without visibility to the hazard zones
• 3.43: remote programming: process where active programs can be created, modified or tested from a location without visibility to the hazard zones

On the other hand, the terms ‘relevant hazard’ (formerly 3.7), ‘failure to danger’ (formerly 3.32) and ‘comparative emission data’ (formerly 3.42) have been deleted. The term ‘risk reduction measure’ replaces the previous term ‘protective measure’, and the definition of ‘risk evaluation’ has been revised.

In the 2010 edition of the standard, a distinction was still made between relevant hazard (a hazard identified as present on the machine or associated with its use) and significant hazard (a hazard identified as relevant and requiring the designer to take special measures [...]). In the future, according to the draft, there will be only the term ‘significant hazard’.

4 Strategy for risk assessment and risk reduction

In Section 4, a new Figure 1 has been added, which shows the iterative process for risk assessment/risk reduction as an overall process. The previous Figure 1 of EN ISO 12100:2010 (Schematic representation of risk reduction process including iterative three-step method) is listed in an unchanged manner as Figure 2.

5 Risk assessment

With regard to the use limits (5.3.2), restrictions relating to cybersecurity and the use of artificial intelligence have been added to the aspects to be taken into account.

Section 5.4 (Hazard identification) has been renumbered, and in the new section 5.4.1 (General), a note has been added stating that although a potential cybersecurity breach does not pose any new hazards, it should be considered a trigger for hazardous events (for details, refer to ISO/TR 22100-4).

In section 5.4.3 (previously subsection b)), additional references to a ‘cybersecurity breach’ and ‘unintended self-developing behaviour’ of  applied AI have been added to the possible operating states of the machine. Users can find details on the latter point in the technical rule CEN ISO/TR 22100-5. This document describes how hazards associated with artificial intelligence (AI) applications for machine learning in machines or machine systems, which are intended to operate within certain limits, can be taken into account in the risk assessment process.

In Section 5.5 (Risk estimation), general information on the use of measurement methods for emissions was added to Subsection 5.5.1. This is intended to enable better risk estimation, evaluation of protective measures and transparent information for buyers and users.

6 Risk reduction

In this section, the previous Figure 4 has been replaced by a new Figure 5 and now includes guidance for selecting safeguards against hazards, without focusing on moving power transmission elements or parts, but only on the hazard as a whole.

The new section 6.2.14 specifically addresses hygiene aspects of machinery and equipment used in applications that have requirements for hygiene and cleanability (e.g. food and pharmaceuticals).

Section 6.2.3 deals with the consideration of general technical knowledge regarding design. A note has been added stating that emission values for existing machines/prototypes can be used to estimate the emissions of similar machines.

More detailed information can be found in 6.2.9 Electrical hazards: according to this, the electrical equipment of a machine must be designed in such a way that users are protected from the hazard of electric shock and the energy source can be reliably switched off.

The new section 6.2.14 specifically concerns hygiene aspects of machinery and equipment used in applications where hygiene and cleanability requirements apply (e.g. food and pharmaceuticals).

Sections 6.2.15 (noise) and 6.2.16 (vibration) are also new additions: here too, machinery and equipment must be designed in such a way that the corresponding emissions are reduced at source.

Subsection 6.3.1 has been supplemented with a paragraph on the topic of ‘whole body access’ when a person can enter the safeguarded space of a machine completely. Reference is made here to a standard currently in development. Details can be found in our technical article prEN ISO 12895 on whole body access in machinery.

The new point ‘Remote control’ is specified in the new section 6.3.5.11 of the same name and refers to the requirements of EN ISO 13849-1 and, in the case of possible whole body access, to the new standard prEN ISO 12895. Hazardous situations caused by remote-controlled software updates (new section 6.3.5.12) must also be prevented.

The last newly added subsection 6.3.5.17 is titled ‘Cyber security and protection against corruption’. Aspects of cyber security had been expected in the course of the publication of the Cyber Resilience Act (EU) 2024/2847, but for further details (or subsequently specific requirements), for detailed information (or subsequent special requirements),  reference should be made to the ISO/IEC 24392 standard (Cybersecurity — Security reference model for industrial internet platform (SRM-IIP)). The first draft standard from early 2025 still mentioned the future type-B standard prEN 50742 (Safety of machinery – Protection against corruption).

In prEN ISO 12100, only a few rough measures for risk reduction for cyber security and protection against data corruption are defined, e.g.:

• Preventing unauthorized access to hardware, software, application software and related configuration data,
• Preventing accidental or unintended changes;
• air gapping
• locking access to ports,
• control of remote access.

In addition, section 6.3.7 includes additional risk-reducing measures for stability, e.g. movement limiters or locking devices.

Finally, Section 6.4 (information for use) was adapted to the new option of providing the documents in electronic form in the future. The revision is supplemented by the note that the accompanying documents (operating instructions) must meet the requirements of the standard EN ISO 20607 in the future. This standard, in contrast to EN IEC 82079-1 (Preparation of information for use (instructions for use)), is listed in the Official Journal of the European Union in accordance with the Machinery Directive – in future in accordance with the Machinery Regulation. EN ISO 20607 is also currently being revised and could be published together with the new EN ISO 12100. In addition, a new point has been added to the ‘Information on the use of the machine’ on the ‘significance and purpose of signals and warning devices’.

A revision in section 6.4.4 (Markings, signs (...) and written warnings) could still be a topic of discussion when it comes to practical implementation: there, the necessary markings for declaring the machine's compliance with mandatory requirements are supplemented by ‘the version of the safety-related software installed and the values of the safety-related parameters’.

Annex B – Examples of hazards, hazardous situations and hazard events

There are almost no changes in Annex B, which lists examples of hazards. Apart from minor editorial adjustments, only the mechanical hazard situation ‘lack of mechanical strength’ and other situations were minimally adjusted in Table B.1. The description of the electrical hazard ‘electromagnetic processes’ with the sentence ‘including those related to permanent magnets’. 

In Table B.3, the term ‘verification’ will be replaced by ‘validation’ in some places in the future. Finally, Table B.4 (hazard events) was modified in the area of control systems: ‘Machine action resulting from inhibition [...] of protective devices’ becomes the new term ‘machine action resulting from inhibition [...] of protective devices’.

Annex C - Using the system of type-A, type-B and type-C standards to design a machine to achieve a level of tolerable risk by adequate risk reduction

This new Annex C has been taken from the contents of the technical report ISO/TR 22100-1. This provides informative guidance on the application of Type A, Type B and Type C standards for machine safety, with the aim of achieving an acceptable level of risk through appropriate risk reduction. The focus is on the role of type C standards, which define specific safety measures and requirements, supplemented by verification methods. The annex explains how these standards interact, particularly when type C standards deviate from type B standards, and provides practical steps for implementing these standards during design.

Annex D – Relationship between this document and ISO 13849-1

The new Annex D of EN ISO 12100 reproduces the contents of the technical report ISO/TR 22100-2 and explains the link to ISO 13849-1 and its integration into the risk assessment. It describes how safety-related control parts are incorporated into the process in order to achieve an acceptable level of risk, and illustrates this with graphics and examples. This rule has not yet been adopted by CEN/CENELEC as a European standard and is therefore reflected in European standardisation.
 

With the first details of the content of the (revised) draft standard now available, we will begin preparatory work in the near future so that our customers can carry out risk assessments in accordance with the new standard as soon as possible after the final version is published.

Of course, we cannot definitively define the functions until the official documents are available. Implementing the new requirements in Safexpert is a top priority.