EU Machinery Regulation 2023/1230
and Simplinx Products
Our approach and roadmap for customers preparing for the new regulation, which becomes mandatory on 20 January 2027.
EU Machinery Regulation 2023/1230, which takes effect on 20 January 2027, confronts machine builders with new cybersecurity and digital compliance requirements. We are proactively aligning our products and documentation with these requirements so that our customers are not left to navigate this process alone.
What Is EU Machinery Regulation 2023/1230?
EU 2023/1230 is the new European regulation that replaces the Machinery Directive 2006/42/EC. Published on 14 June 2023, it becomes mandatory from 20 January 2027. There is no transition period: after that date, CE marking can only be issued under the new regulation.
The new regulation preserves approximately 90% of the existing directive but introduces significant additions in the following areas:
- Cybersecurity: Machines must be protected against digital attacks.
- IoT and remote access: Connected systems must not be capable of creating a hazardous situation.
- Software updates: Security-relevant software changes must be recorded and traceable.
- AI and digital components: Software that performs a safety function falls within the scope of the regulation.
- Digital documentation: Instructions for use may now be provided in digital format.
Who Does This Regulation Affect?
- Machine manufacturers
- "Partly completed machinery" manufacturers
- Importers and distributors placing products on the European market
- Manufacturers of safety components integrated into machines
- IoT and remote access solution providers
- Industrial communication device manufacturers
Simplinx falls in the second group. We proactively prepare and provide the information and documentation that our machine builder customers will need during their CE processes.
Where Do Simplinx Products Fit?
SMX-RNS20 and our other remote access and IoT devices play a critical role in our machine builder customers' EU 2023/1230 processes. Our devices are not the machine itself — they are the infrastructure that provides the machine's secure connection to the outside world. Cybersecurity and remote access security — among the regulation's highest priorities — are directly within our area of expertise.
- Simplinx products are an essential part of the machine's cybersecurity chain
- They strengthen the machine builder's CE process and reduce risk
- They directly address the regulation's IoT, remote access, and update security requirements
- They add value to the machine while reducing the customer's compliance burden
Our products already carry CE marking in compliance with the following EU directives:
- EMC Directive 2014/30/EU
- LVD Directive 2014/35/EU
- RoHS and REACH compliance
Simplinx also operates with an ISO 27001-certified Information Security Management System, meaning information security is managed in accordance with international standards.
Advantages Simplinx Offers Its Customers
Machine builder customers working with Simplinx have a direct advantage in addressing remote access and cybersecurity requirements under EU 2023/1230, because our products are designed to meet exactly these needs:
- ISO 27001 certified organisation — Information security managed to international standards
- Protection against cyber attacks — Multi-layered security architecture
- Secure remote access — TLS encryption and certificate-based authentication
- P2P (end-to-end) connection architecture — Data does not pass through Simplinx servers
- Automatic security updates — Devices automatically receive and apply new security patches — every device in the field is always current
- Full traceability — Complete access and intervention logs
- IEC 62443-4-1 and 4-2 compliance process — Independent security validation from development through product (2026–2027)
- Long-term security support commitment — Security updates committed for the product lifetime
Our customers can access documentation for these features for their own CE processes; Simplinx documents can be used as references in supplier audits and risk assessments.
Security by Design
Simplinx products are developed on the principle of Security by Design. Security is not a feature added after the fact — it is a principle that forms the foundation of our products from the design stage. This means our customers can use Simplinx documentation directly as supplier evidence in their own CE processes.
Security features currently present in Simplinx products:
- TLS encryption: All communication is encrypted end-to-end.
- Certificate-based authentication: 4096-bit keys with SHA-256 signing.
- Automatic, encrypted, and signed firmware updates: Devices automatically pull and apply new security updates. No manual intervention required. Unauthorised or tampered software is rejected.
- Role-based access control: User permissions are defined in granular detail.
- Access and intervention logs: All operations are recorded for traceability.
- Secure connection tunnel: The device does not directly control the machine — it provides a secure channel for authorised users only.
- Vulnerability management process: A published vulnerability disclosure policy is in place.
Automatic security lifecycle: One of the regulation's most critical requirements is that a machine remains secure throughout its product lifetime. Simplinx devices automatically receive and apply new security updates — no manual update from our customers is required. This ensures every device in the field is always at the latest security level and reduces the machine builder's long-term compliance burden.
Simplinx Infrastructure and P2P Architecture
One of the standout features of the Simplinx solution is its end-to-end (P2P) connection architecture. Unlike many competitors, the Simplinx solution has no central VPN server — data does not flow through a data centre server.
- The customer and field device establish a direct peer-to-peer connection
- Simplinx servers are used only to initiate the connection — the content of data traffic does not pass through them
- This architecture provides a high level of data privacy — customer data is not stored or transmitted through Simplinx infrastructure
- Lower latency and higher connection throughput
- A simpler, more sustainable infrastructure — and therefore a smaller attack surface
The Simplinx servers used for connection setup are:
- Managed in accordance with ISO 27001 standards
- Monitored 24/7 by autonomous systems
- Equipped with automated alerting when anomalous behaviour is detected
- Subject to regular security updates and hardening procedures
Our Roadmap
We are following this roadmap to ensure customers can access the full documentation package before 2027:
Document Package for Our Customers
We are preparing the all required document package for customers to use in their post-2027 CE processes:
Some documents are shared publicly; detailed technical documents are provided to customers through direct communication.
Frequently Asked Questions
SMX-RNS20 is not directly in scope of the regulation, so it does not automatically affect your CE documentation. However, it must be identified as a remote access component in your risk assessment and its cybersecurity implications must be evaluated. Simplinx documentation can be used as a reference in this process.
Yes. Simplinx devices automatically pull and apply new security updates. No manual update or additional action is expected from our customers. This means every device in your field is always at the latest security level and naturally meets the regulation's "security throughout product lifetime" requirement.
No. All our firmware updates are encrypted and digitally signed — only software signed by Simplinx is accepted. Security-significant changes are noted in release notes, so customers can keep their own traceability records up to date.
Simplinx operates with an end-to-end (P2P) connection architecture. Data traffic between the customer and field device does not pass through Simplinx servers — it is carried directly end-to-end. The Simplinx servers used for connection setup are managed in accordance with ISO 27001 standards and monitored 24/7 by autonomous systems.
Security is a foundational principle of our products from the design stage. Software development processes incorporate secure coding, code reviews, security testing, and regular vulnerability assessments. Our ISO 27001 certification documents that these processes are managed to international standards.
Please contact us using the information at the bottom of this page. We will provide the appropriate documents in response to your request.
Yes. We have a two-phase process planned: under IEC 62443-4-2, our product will be tested by an independent test lab in Q3–Q4 2026. Under IEC 62443-4-1, the compliance of our secure development processes will be completed in 2026–2027. Relevant documents will be shared with customers once the processes are complete.
Request the Document Package
We would be glad to support you in your EU 2023/1230 preparation. To request our detailed document package or to ask questions about your process, please contact:
Please include in your email:
- Company name and industry
- Simplinx products you use
- Which documents you are requesting
- Contact person
We will respond within 5 business days of receiving your request.
V1.0 (2026-05): Initial release
Want to Know More About How Simplinx Works?
Talk to our engineering team — we're happy to go deeper on any aspect of the platform.