Solutions for Mobile Machines
Cybersecurity, Functional Safety and AI: What matters now for off-highway manufacturers
Starting in 2027, the regulatory framework for mobile work machines will change. In the first part of our blog series, we explain what manufacturers need to prepare for now to meet legal requirements and minimize risks.
In an increasingly connected world, cybersecurity, functional safety, and artificial intelligence are becoming key aspects of mobile work machines. The drive for greater efficiency and automation is accelerating digitalization. However, this also introduces significant risks: cyberattacks, data breaches, and manipulation not only threaten functionality, but also endanger the safety of operators and third parties. Bosch Rexroth, in close collaboration with the Bosch Group, has been addressing these challenges for many years and provides standard-compliant solutions.
Think safety throughout the entire product lifecycle
Considering the complex threat landscape – ranging from internal security vulnerabilities to external cyberattacks – regulations in the EU and around the world are becoming more stringent. However, mere compliance with technical standards is not enough: what is needed are holistic security concepts that cover the entire product lifecycle – from development and operation through to decommissioning.
Cybersecurity becomes a competitive advantage
Operators and end users are now increasingly aware of the importance of both physical and digital safety — and they expect comprehensive security concepts. Alongside digitalization, cybersecurity is evolving into a strategic competitive factor for mobile work machines such as construction, agricultural, and material handling vehicles. Manufacturers that offer robust security solutions earn the highest level of trust and are in a strong position to build long-term business relationships.
Complex compliance: Everything is connected
For construction equipment manufacturers, it is both essential and worthwhile to engage deeply with the topics of cybersecurity, functional safety, and AI regulation — especially as the relevant requirements are evolving rapidly due to fast-paced technological developments and are increasingly interlinked. Adding to the challenge, many regulations are currently being drafted or revised but are expected to come into force soon.
Overview: Key EU regulations starting in 2025
Bosch Rexroth has been closely engaged with the regulatory landscape for mobile work machines for many years. Here are the key requirements in the EU:
The Machinery Directive (MD) is one of the core regulations for protecting health and safety, as well as both physical and digital integrity. It requires comprehensive risk assessments and obliges manufacturers to implement security measures against unauthorized access and manipulation. As of January 20, 2027, the EU Machinery Regulation (MR) will come into effect, replacing the current Machinery Directive (MD). This transition introduces significant changes. In addition to functional safety, the regulation will now define specific requirements related to IT security and software-related risks. The EU Machinery Directive, and in the future the EU Machinery Regulation, is a CE-relevant regulation that must be observed in order to place mobile work machines on the European single market.
Relevant standards: ISO 13849, 19014, 25119 and corresponding Type-C standards
Affected products: All components that, according to the risk assessment, have an impact on the safety function – such as joysticks, control units, or hydraulic components.
Mandatory as of: January 2027
The Radio Equipment Directive (RED) defines, for the first time, the regulatory safety requirements for wireless systems. Devices covered by the directive must be designed in a way that prevents harm to or misuse of the network. The RED's strict safety standards apply to wireless technologies such as Wi-Fi, mobile networks, and Bluetooth. In addition, the directive aims to protect user privacy and prevent fraud.
Relevant standards: EN 18031-1, -2 and -3
Affected products: Wireless Systems
Mandatory as of: August 2025
The Cyber Resilience Act (CRA) defines, for the first time, regulatory cybersecurity requirements covering the entire product lifecycle – from development and operation through to decommissioning. The CRA combines and complements the requirements of the MD and the RED by establishing a cybersecurity framework for digital products. This includes the provision of security updates and the obligation to report vulnerabilities and incidents. In addition, the CRA requires the development of robust security strategies to anticipate future risks, as well as proof of implemented security measures and their regular review.
Relevant standards: In progress
Affected products: Any product with a digital interface (including USB interfaces)
Mandatory as of: November 2027
The Artificial Intelligence Act (AI Act) regulates the use of artificial intelligence within the EU, requiring a transparent, traceable, and safe implementation of AI systems. It also defines which AI systems are permitted and which are prohibited. Furthermore, manufacturers must ensure the integrity and safety of machines incorporating AI, which establishes direct links to functional safety and thus to the Machinery Directive.
Relevant standards: In progress (Draft?)
Affected products: Advanced automation systems and robotics that operate with AI (53), including autonomous decision-making by the machine
Mandatory as of: As of August 2027
Timeline of key regulatory acts (Image: Bosch Rexroth AG)
Security as an opportunity: Take action now and seek a partner
Given the high pace of regulatory change and the complexity of today’s threat landscape, cybersecurity, functional safety, and AI regulation should be at the top of every manufacturer’s agenda. The good news: manufacturers don’t have to face these challenges alone. Bosch Rexroth, in collaboration with the specialist teams of the Bosch group, offers in-depth expertise and standard-compliant solutions from the holistic BODAS ecosystem supporting the digital transformation of mobile work machines. This enables manufacturers to better manage security risks, meet legal requirements, and at the same time significantly improve the performance, efficiency, and user experience of construction equipment.
Curious to learn more?
In our upcoming blog posts, we’ll take a closer look at the specific requirements of the Machinery Regulation, the Cyber Resilience Act, and the AI Act. Stay tuned to find out how you can ensure your machines are compliant and future-ready with support from Bosch Rexroth and BODAS!
Do you want to know where Bosch Rexroth stands regarding safety and security, and exchange ideas with our experts and members of the myBODAS community?
Frank Ellenrieder is a Product Manager for digital solutions at Bosch Rexroth. He has more than five years of experience in mobile hydraulics and digitalization. In his current role, he develops new business concepts and digital products within the BODAS ecosystem.
Martin Sykora is Head of Sales for Mobile Electronics at Bosch Rexroth. He has been with the Bosch group for over 22 years and has worked in the field of mobile electronics for more than 19 years. In his role, Martin and his team serve as the global point of contact for mobile customers seeking BODAS-based solutions to support the digital transformation of mobile work machines.