Regulation
Directive vs Regulation — why the legal instrument change matters more than you think
Most people in the robotics industry know that the EU Machinery Regulation 2023/1230 replaces the old Machinery Directive 2006/42/EC. Fewer understand why the change in legal instrument — from directive to regulation — matters as much as the changes in content.
A directive is a legislative act that sets goals which individual EU countries must achieve. Each member state chooses its own approach to transposing those goals into national law. The result, in practice, is 27 different national interpretations. Under the Machinery Directive 2006/42/EC, one country might apply stricter conformity assessment requirements for certain machine categories than another. National interpretation differences created compliance complexity for any manufacturer selling across multiple EU markets.
A regulation is directly applicable in all member states. It becomes law as written, on the same date, in all 27 countries. No transposition. No national interpretation. When Regulation 2023/1230 says that machines falling under Annex I Part A require notified body assessment, that requirement is identical in Germany, France, Italy, Spain, and every other member state. One set of rules. One interpretation.
For Physical AI companies, this matters in five specific ways.
First, scope. The old directive was scoped around mechanical hazards. The regulation explicitly includes autonomous systems and AI-based safety functions. If your robot uses a neural network in any part of its safety-related control system, it falls under the regulation's scope.
Second, AI coverage. The directive didn't mention AI. The regulation explicitly addresses it in multiple sections: §1.1.6 (ergonomics for machines with self-evolving behaviour), §1.2.1 (control system resilience against faults in autonomous logic), and §3.6.3.3 (autonomous mobile machinery boundaries).
Third, cybersecurity. The directive said nothing about it. The regulation requires protection of safety-related hardware and software against both accidental corruption and deliberate attack, with mandatory logging retained for a minimum of five years.
Fourth, software updates. The directive didn't address post-market software modifications. The regulation introduces lifecycle obligations for manufacturers — if a software update affects a safety function, the manufacturer retains compliance responsibility.
Fifth, format. Because the regulation is directly binding across all 27 states, a manufacturer no longer needs to navigate varying national interpretations. The compliance strategy is one strategy, not 27. That simplification comes at a cost: the requirements are now uniform and non-negotiable. There is no country with a softer interpretation to use as an entry point.
The regulation applies from 20 January 2027. No transition period. The old directive stops. The new regulation starts. Same machines. Different legal instrument. The compliance implications are more significant than most OEMs realize.