Regulation (EU) 2023/1230

EU Machinery Regulation 2023/1230 compliance for AI agents.

On 20 January 2027, AI safety components become a regulated high-risk category requiring third-party Notified Body conformity assessment. Inkog produces the code-level evidence section of your technical file in 30 seconds.

Application date: 20 January 2027. Article 50 penalties applicable since 14 October 2023.

Book a 20-min compliance demo Read the deep dive

bash

npx -y @inkog-io/cli scan . --policy governance --output sarif

Annex III mapping

Three sections of Annex III do most of the work for AI safety components. Each maps onto Inkog detectors that already exist today.

Annex III §1.1.6Operator-machinery interface

Declared capabilities and intended autonomy
Human-readable manifest of tools and limits
Operator can interpret what the agent does

missing_human_oversightexcessive_permissions

Annex III §1.1.9Protection against corruption

Integrity of system prompts and model files
Authenticity of plant-policy or runtime config
Isolation of untrusted input from instructions

supply_chainsystem_prompt_leakdata_poisoning

Annex III §1.2.1Safety and reliability of control systems

Bounded execution loops
Validated output before actuation
Resilience to adversarial input and operating stress
Resource limits that prevent runaway consumption

output_validation_missingoverrelianceinfinite_looptoken_bombingmissing_rate_limits

Who is in scope

Annex I, Part A items 5 and 6 cover AI safety components using fully or partially self-evolving behaviour based on machine learning. The scope is wider than the word machinery suggests.

In scope

•Autonomous mobile robots, AGVs, and AMRs
•Robot arms and cobots with adaptive control
•Drones and ground robots with autonomous navigation
•Vision systems that decide whether a person is in a hazardous zone
•Predictive-maintenance agents that autonomously trip a shutdown
•Fleet orchestration agents for AGVs, conveyors, process equipment
•AI components that gate a safety function (anomaly detectors, classifiers, RL policies)

Out of scope

•Agents that only write text, emails, or generate code
•Pure rule-based control software with no machine learning component
•Internal back-office RAG assistants with no physical effect

The Notified Body track

Self-assessment is closed for AI safety components. Manufacturers must go through one of three procedures with a Notified Body.

Module B

EU Type-Examination

Notified Body examines the technical design and tests a representative sample. Most common for safety components placed independently on the market.

Module G

Unit Verification

Per-unit conformity assessment. Practical for low-volume bespoke machinery; impractical for software at scale.

Module H

Full Quality Assurance

Notified Body audits the design, production, and quality management system. The path most software-led manufacturers will follow.

TÜV SÜD became the first Notified Body designated under Regulation (EU) 2023/1230 in September 2024. Capacity is finite. Plan the engagement as a long-lead-time dependency.

What Inkog covers, honestly

Compliance is risk assessment, technical file, quality management system, Notified Body assessment, declaration of conformity, CE mark. No scanner replaces any of that.

What a scanner can do is produce reproducible, line-numbered evidence for the code-level parts of the technical file. Inkog detects eight patterns that map onto Annex III §1.1.6, §1.1.9, and §1.2.1. Each is already mapped to the corresponding EU AI Act article and OWASP LLM Top 10 category in SARIF output. The same evidence supports both regimes.

The 30-second scan is free. If you want a walkthrough of how the SARIF output feeds the integration evidence section of a Module B technical file, book a demo.

Frequently asked questions

When does the Machinery Regulation apply?

Regulation (EU) 2023/1230 was published on 29 June 2023 (OJ L 165) and applies in all EU Member States from 20 January 2027. Article 50(1) on penalties has been applicable since 14 October 2023.

Does my AI agent need a Notified Body assessment?

Yes, if it is a safety component using machine learning, or is embedded in machinery as a safety function. Annex I, Part A items 5 and 6 force the manufacturer through Module B, Module H, or Module G with Notified Body involvement. Self-assessment is not available for this category.

How does this overlap with the EU AI Act?

Annex I of the EU AI Act lists the Machinery Regulation as Union harmonisation legislation. Under AI Act Article 6, any AI safety component in scope of Regulation (EU) 2023/1230 is automatically a high-risk AI system and inherits all of AI Act Title III. The controls overlap, so the same evidence supports both regimes.

What does Inkog actually do for Machinery Regulation compliance?

Inkog scans your agent code in 30 seconds and produces a SARIF file with eight categories of finding that line up with Annex III §1.1.6, §1.1.9, and §1.2.1. Each finding is reproducible, line-numbered, and mapped to the EU AI Act article it satisfies. That output is the code-level evidence section of your technical file. You still need a risk assessment, a quality management system, and a Notified Body to actually certify.

Scan your agent code now. Talk later.

The first scan takes 30 seconds. The findings are the same shape a Notified Body asks for during a Module B or Module H assessment. If the gap list is non-trivial, that is your starting agenda for the demo.

Book a 20-min compliance demo Read the deep dive Glossary entry