FEATURE: What the new cyber security regulations mean for OEMs
FEATURE: What the new cyber security regulations mean for OEMs
Publish Date: 2026-06-18 04:44:00
Source Domain: www.ivtinternational.com
Cyber security has shifted from a feature to a legal precondition for selling machines in Europe, and the accountability now sits squarely with the manufacturer. That was the message from Sylvie Mbayin, product cyber security lead for Danfoss Power Solutions, who set out the regulations, standards and design decisions that OEMs and their suppliers must address before a series of compliance deadlines arrive over the next 18 months
Why the exposure has changed
A modern machine runs software, is connected to a network and generates large volumes of data, and for an OEM that connectivity is now a source of liability as much as capability. Mbayin was clear that “network” does not only mean the internet; a CAN signal counts too, which means machines sold into low-connectivity sectors such as agriculture are not exempt. An attacker no longer needs physical access and can instead exploit wireless connections, cloud services or remote maintenance routes.
The attack surface is concrete. Because machines such as a combine and a sprayer communicate over the CAN interface, an attacker connecting to the bus can mount a attack, altering a command to spray 10 litres into 100 litres and destroying a crop, or capturing a tank-open command to replay later. Open-source and third-party components carry their own risk, where a single bug becomes an entry point. Calibration data, currently unprotected, can be manipulated so subtly that the only symptom is a harvest 20% below expectation at season’s end. For an OEM, each of these is a product-liability scenario, not merely an end-user inconvenience.
Three regulations, one accountability shift
Mbayin said the regulatory landscape is undergoing a fundamental transformation, with three pieces of EU legislation redefining what counts as a compliant product. The Radio Equipment Directive targets products with internet connectivity and has applied since 2025. The Machinery Regulation covers all products with safety…
