Don't miss out on any news and changes relating to CE! Register now for the CE InfoService
Share Article
In a networked production environment, the functional safety of a machine is inextricably linked to its digital integrity. Defeating control systems – whether through targeted attacks or human error – can have catastrophic physical consequences. The prEN 50742 standard (‘Safety of machinery – Protection against corruption’) provides the methodological framework for this.
This article provides an overview of the most important definitions and explains how machine builders can align cybersecurity requirements with MR requirements.
Note: This technical article is therefore updated on an ongoing basis. Don't miss any important updates and register now for our free newsletter, the CE InfoService, or follow us on LinkedIn.
Subscribe to newsletter
Follow IBF on LinkedIn
When is the new prEN 50742 standard for ‘Protection against corruption’ expected to be published?
In summer 2024, Technical Committee 44X (Safety of machinery and equipment: electrotechnical aspects) of CENELEC, the European Committee for Electrotechnical Standardisation, started work on a harmonised standard prEN 50742 (Safety of machinery - Protection against corruption) to cover the relevant sections 1.1.9. and 1.2.1. of Machinery Regulation 2023/1230.1
This standardisation project is currently in the survey phase. The corresponding draft standard for public comment was published by Austrian Standards on 15 January 2026. Feedback on the document can be submitted via the national standardisation institutes until 15 February 2026.
According to the contents of the draft standardisation request to the European standardisation organisations from the EU Commission, harmonised standards to cover the requirements of the Machinery Regulation should be adopted by 20 January 2026 at the latest.
According to the CEN/CENELEC project plan, the standard is expected to be published in March 2026 at the earliest. Ideally, it should then be included in the EU Official Journal in accordance with the Machinery Regulation before January 2027. However, as the draft standard was not published until early 2026, it is more likely to be published by the end of 2026.
How does prEN 50742 relate to the MR – ‘Security for Safety’?
Section 1.1.9. of Annex III to the new EU Machinery Regulation 2023/1230 defines requirements for protection against interference, or in the wording ‘corruption’ (Protection against corruption). The legislator requires that neither the connection of a device (meaning all interfaces and connections to other equipment) nor the connection to ‘remote devices’, i.e. via the Internet, may lead to dangerous situations.
prEN 50742 specifies these requirements. Its aim is not to define general IT security, but to ensure that the control functions – in particular safety functions – of a machine cannot be compromised by external unauthorised interference.
The publication of prEN 50742 creates, for the first time a normative framework for protecting machines against safety-related manipulation (corruption). The standard shows a way to meet the requirements of Annex III, points 1.1.9 ‘Protection against corruption’ and 1.2.1 ‘Safety and reliability of control systems’ of the Machinery Regulation (EU) 2023/1230.
prEN 50742 addresses the question of how defeating software, data and interfaces can impair the effectiveness of protective measures. It becomes clear that the focus is not on new hazards, but on maintaining the effectiveness of already identified safety functions throughout the entire life cycle of the machine.
How broad is the scope of prEN 50742?
The standard generally applies to:
It is also intended to cover all lifecycle steps, including development, manufacture, commissioning, operation, maintenance and decommissioning.
All interfaces are covered, including, for example:
The standard does not apply to machinery installed before the publication of EN 50742.
What content in the draft standard prEN 50742:2025 is particularly noteworthy?
The basis for this is a dynamic risk assessment that accompanies the entire life cycle of the machine. This risk-based approach is implemented in a three-stage model.
1. Identification of critical assets
In this initial phase, the focus is on a holistic view of the machine control system in order to identify those components whose defeat would have a direct impact on functional safety. The analysis concentrates on safety-relevant software, communication between sensors and actuators, and all physical and digital interfaces, for example for remote maintenance or cloud connection. Only by defining the elements to be protected is it possible to develop a security strategy that is optimally tailored to a particular machine and thus effective.
2. Threat analysis and assessment of the probability of corruption
The second step, threat analysis, focuses on the interaction between potential vulnerabilities and active threat factors. In this phase, a systematic investigation is carried out to determine which vectors – such as physical interfaces or network access points – could be used to defeat the previously identified critical assets. The likelihood of a successful attack is determined by comparing the capabilities of potential attackers with the effort required to carry out a defeat. In this way, new threats and current attack methods can also be continuously incorporated into the assessment.
3. Determination of the required security level (SL)
Finally, the findings from asset identification and threat analysis are brought together in the final risk assessment. In this phase, the decisive consideration is made between the severity of potential physical damage and the probability of successful digital defeating.
The aim is to define an appropriate security level at which the robustness of the digital barriers increases in proportion to the hazard to people and the environment. This approach ensures that cyber resilience is in harmony with functional safety requirements. The result is a requirements profile that not only guides the technical design, but also provides the necessary documentation basis for proof of conformity within the framework of the EU Machinery Regulation.
To this end, the standard works with the SRSL (Safety-Related Security Level) and defines its levels from SRSL0 (low security, for completely isolated networks) to SRSL3 (significant or critical attack potential, i.e. a highly probable or almost guaranteed attack).
Product note
Safexpert 9.1 - The CE software already supports the new Machinery Regulation (EU) 2023/123030
Since version 9.1, Safexpert has been providing you with targeted support when switching to the new Machinery Regulation (EU) 2023/1230. For machines with a long service life that are placed on the market from 20 January 2027, you can now use the CE guide in accordance with the new Machinery Regulation!
More information
prEN 50742 requires machine builders to rethink their approach. Safety is no longer a condition that is certified once during acceptance, but rather a continuous process. The risk-based approach ensures that the effort required for security measures is proportionate to the potential risk.
For companies, this means that the design (safety) and IT/automation (security) departments must work more closely together from the early design phase onwards. This is the only way to create machines that are both safe from technical failure and resilient to digital defeating.
The new standard specifically closes the gap between functional safety and industrial security by normatively anchoring the protection of safety-related functions against unintentional and intentional manipulation. This extends the classic risk assessment to include a structured threat analysis without introducing new hazards or pursuing purely cybersecurity objectives. The only decisive factor is maintaining the effectiveness of safety functions throughout the entire life cycle of the machine.
With its two equivalent approaches, EN 50742 offers both a practical introduction for traditional machine manufacturers and compatible integration of existing IEC 62443 processes. Clear requirements for interfaces, traceability, logging and graduated protective measures ensure feasibility and proportionality.
Overall, prEN 50742 creates a clear, traceable and future-proof basis for safe, networked machines and is thus set to become a central building block for the implementation of the new Machinery Regulation (EU) 2023/1230.
Footnote:1 See CEN/CENELEC work programme 2024
Posted on: 2026-01-30 (Last amendment)
Hendrik Stupin
Trained technical editor (tekom-certified) and certified CE coordinator. Previously 11 years of experience in technical communication and as a CE coordinator in the field of mechanical and plant engineering, specialising in ‘Engineered to Order (ETO)’ products.
E-Mail: hendrik.stupin@ibf-solutions.com| www.ibf-solutions.com
Wolfgang Reich CE marking and safety expert HTL electrical engineering, specialising in power engineering (Dipl.-HTL-Ing.), 20 years of experience in CE marking, machine safety, conversion of machines, electrical engineering and explosion protection, 10 years of which at TÜV Austria and Intertek Deutschland GmbH. Chairman of the master craftsman examination commission in the Styrian Chamber of Commerce for mechatronics (automation technology and electronics).
E-Mail: wolfgang.reich@ibf-solutions.com
CE software for systematic and professional safety engineering
Practical seminars on aspects of risk assessment and ce marking
With the CE InfoService you stay informed about important developments in the field of product safety.