diff --git a/obligations/PROPOSED_machinery_capability_linking_iace.json b/obligations/PROPOSED_machinery_capability_linking_iace.json new file mode 100644 index 00000000..aff729ba --- /dev/null +++ b/obligations/PROPOSED_machinery_capability_linking_iace.json @@ -0,0 +1,326 @@ +{ + "schema_proposal": "machinery_obligation_capability_linking_v0", + "status": "PROPOSED", + "proposed_by": "iace-session", + "for_ratification_by": ["legal-knowledge-graph", "execution"], + "reference_scenario": "RS-004", + "regulation_code": "MaschVO_2023_1230", + "regulation_aliases": ["MaschinenVO", "Machinery Regulation (EU) 2023/1230"], + "authority_note": "IACE holds SAFETY-classification authority and offers these links as machinery-safety domain input. Obligation DEFINITIONS remain the Legal-KG's authority; capability/control MINTING and the canonical mapping FORMAT remain Execution's authority. Nothing here is asserted into either registry. cap.* ids on physical/process links are CANDIDATES (not minted) — ratify, rename, or remap before merging into the canonical mapping. See semantic-authority principle: propose, do not assert across authorities.", + "scope": { + "in_scope": "MaschVO obligation -> capability/control linking (RS-004 part A), from the machinery-safety side.", + "out_of_scope": [ + "EMV (EMC Directive 2014/30/EU) obligation authoring (RS-004 part B): EMV obligations do not yet exist in the registry. Legal-KG to author via its clustering+synthesis methodology. IACE can supply EMC domain input on request, but will not hand-author obligations (bypasses the owning authority's method).", + "Regulation-ID normalization / scope-engine wiring so the map resolves regulation -> obligations (RS-004 part C): Reasoning/Execution consumer code. NOTE: regulation_code 'MaschVO_2023_1230' must alias to the scope-engine id 'MaschinenVO' for resolution to work (board TODO 'Regelwerk-ID-Normalisierung').", + "Minting MCAP-/control-ids: Execution authority." + ] + }, + "confidence_legend": { + "high": "Link target already exists in the registry (cra_core obligation or minted capability). Immediately usable.", + "medium": "Link target likely exists but the exact id needs an owner check.", + "proposed": "Target capability is a CANDIDATE to be minted by Execution; the link is safety-expert input, not a wired reference.", + "non_capability": "Obligation is regulatory/applicability in nature and does NOT map to a capability — flagged so Execution does not force a link." + }, + "links": [ + { + "obligation_id": "access_control_safety_functions", + "subdomain": "cybersecurity", + "link_kind": "cyber_safety_bridge", + "confidence": "high", + "targets_existing": { + "cra_core_obligations": ["attack_surface_minimization"], + "capabilities": ["cap.multi_factor_authentication", "cap.session_management"] + }, + "rationale": "MaschVO Anhang III 1.1.9: safety functions must be protected against unauthorized access/modification. Satisfied by the same access-control + attack-surface controls CRA already requires. Convergence link, not a new control.", + "convergence": "CRA <-> MaschinenVO: one control set satisfies both" + }, + { + "obligation_id": "protection_against_corruption", + "subdomain": "cybersecurity", + "link_kind": "cyber_safety_bridge", + "confidence": "high", + "targets_existing": { + "cra_core_obligations": ["software_integrity_protection"], + "capabilities": ["cap.code_signing"] + }, + "rationale": "MaschVO 1.1.9/1.2.1: protect control software and safety-relevant data against accidental or intentional corruption. Satisfied by CRA software-integrity + code/update signing.", + "convergence": "CRA <-> MaschinenVO: one control set satisfies both" + }, + { + "obligation_id": "security_functions_default_free", + "subdomain": "cybersecurity", + "link_kind": "cyber_safety_bridge", + "confidence": "medium", + "targets_existing": { + "cra_core_obligations": ["secure_by_default"], + "capabilities": [] + }, + "rationale": "Security functions provided secure-by-default and without extra cost. Maps to CRA secure-by-default posture.", + "needs_owner_check": "Confirm a CRA 'secure_by_default' obligation id exists in cra_core; if not, propose one or link to the closest secure-configuration obligation." + }, + { + "obligation_id": "ml_safety_components", + "subdomain": "ml_safety", + "link_kind": "cross_regulation_bridge", + "confidence": "proposed", + "proposed_capability": "cap.ml_safety_assurance", + "bridges": ["AI-Act (high-risk safety components)", "MaschVO Anhang III adaptive behaviour"], + "iace_grounding": "Adaptive/self-learning safety components: bounded behaviour, validation of learned states, fallback to safe state. IACE state-graph + failure-mode (FMEA) families apply.", + "rationale": "MaschVO treats ML-driven safety components as high-risk; same assurance obligations recur under the AI-Act. Strong convergence candidate." + }, + { + "obligation_id": "long_term_availability_updates", + "subdomain": "maintenance", + "link_kind": "cross_regulation_bridge", + "confidence": "proposed", + "proposed_capability": "cap.update_availability", + "bridges": ["CRA vulnerability-handling / security updates"], + "rationale": "Long-term availability of (security) updates overlaps CRA's vulnerability-handling obligations — link once the CRA update obligation id is confirmed." + }, + { + "obligation_id": "guards_protective_devices", + "subdomain": "protective_devices", + "link_kind": "physical_safety", + "confidence": "proposed", + "proposed_capability": "cap.guards_protective_devices", + "registry_candidate": true, + "iace_grounding": "ISO 14120 (fixed/movable guards), ISO 14119 (interlocking with/without guard locking). IACE hazard categories: mechanical, crushing, shearing, drawing-in.", + "rationale": "Already listed in cra_machinery capability_candidates_physical. Safety-expert grounding attached." + }, + { + "obligation_id": "emergency_stop_interlocking", + "subdomain": "safety_functions", + "link_kind": "physical_safety", + "confidence": "proposed", + "proposed_capability": "cap.emergency_stop_interlocking", + "registry_candidate": true, + "iace_grounding": "ISO 13850 (emergency stop), ISO 14118 (prevention of unexpected start-up), ISO 14119 (interlocking).", + "rationale": "Already listed in cra_machinery capability_candidates_physical. Safety-expert grounding attached." + }, + { + "obligation_id": "safety_functions_design", + "subdomain": "safety_functions", + "link_kind": "physical_safety", + "confidence": "proposed", + "proposed_capability": "cap.safety_functions_design", + "registry_candidate": true, + "iace_grounding": "ISO 13849-1 (PL, categories) / IEC 62061 (SIL) for safety-related parts of control systems (SRP/CS); validation per ISO 13849-2.", + "rationale": "Already listed in cra_machinery capability_candidates_physical. Safety-expert grounding attached." + }, + { + "obligation_id": "safety_components_conformity", + "subdomain": "safety_components", + "link_kind": "physical_safety", + "confidence": "proposed", + "proposed_capability": "cap.safety_component_conformity", + "iace_grounding": "Listed safety components (MaschVO Anhang I) carry their own conformity duty; design validation per ISO 13849-2.", + "rationale": "Distinct from safety_functions_design: this is conformity of the COMPONENT placed on the market, not the integrated function." + }, + { + "obligation_id": "residual_risk_management", + "subdomain": "residual_risk", + "link_kind": "physical_safety", + "confidence": "proposed", + "proposed_capability": "cap.residual_risk_reduction", + "iace_grounding": "ISO 12100 three-step method (inherently safe design -> safeguarding -> information for use); residual-risk warnings + instructions.", + "rationale": "Directly mirrors IACE's measure-hierarchy output." + }, + { + "obligation_id": "blocking_release_procedure", + "subdomain": "protective_devices", + "link_kind": "physical_safety", + "confidence": "proposed", + "proposed_capability": "cap.energy_isolation_loto", + "iace_grounding": "ISO 14118 (unexpected start-up), lockout/tagout, safe isolation of energy sources for maintenance.", + "rationale": "Maintenance-state hazard control; IACE lifecycle-state = maintenance." + }, + { + "obligation_id": "vibration_noise_emission", + "subdomain": "emissions", + "link_kind": "physical_safety", + "confidence": "proposed", + "proposed_capability": "cap.emission_reduction", + "iace_grounding": "EHSR on vibration + noise; emission reduction at source, declared emission values.", + "rationale": "Health-hazard category in IACE (vibration, noise)." + }, + { + "obligation_id": "risk_assessment_machinery_lifecycle", + "subdomain": "risk_assessment", + "link_kind": "process", + "confidence": "proposed", + "proposed_capability": "cap.machinery_risk_assessment", + "iace_grounding": "ISO 12100 risk assessment across the full lifecycle. THIS IS IACE'S CORE OUTPUT — strongest provider-fact alignment of the set.", + "rationale": "IACE already produces lifecycle hazard logs; this obligation is the regulatory counterpart." + }, + { + "obligation_id": "risk_assessment_documentation", + "subdomain": "risk_assessment", + "link_kind": "process", + "confidence": "proposed", + "proposed_capability": "cap.risk_assessment_record", + "iace_grounding": "Documented risk-assessment record feeding the technical file.", + "rationale": "IACE hazard-log export is the evidence artifact." + }, + { + "obligation_id": "risk_assessment_methodology_competence", + "subdomain": "risk_assessment", + "link_kind": "process", + "confidence": "proposed", + "proposed_capability": "cap.risk_assessment_competence", + "tier": "BEST_PRACTICE", + "rationale": "Competence/methodology assurance for the assessor — organizational, not a machine control." + }, + { + "obligation_id": "operating_instructions", + "subdomain": "operating_instructions", + "link_kind": "process", + "confidence": "proposed", + "proposed_capability": "cap.safety_information_instructions", + "iace_grounding": "ISO 12100 6.4 information for use; IEC/IEEE 82079-1 instructions.", + "rationale": "Carries IACE residual-risk warnings into the instructions." + }, + { + "obligation_id": "conformity_assessment", + "subdomain": "conformity", + "link_kind": "process", + "confidence": "proposed", + "proposed_capability": "cap.conformity_assessment_procedure", + "iace_grounding": "MaschVO Anhang XI procedures (internal control vs notified-body routes).", + "rationale": "Procedure selection depends on Anhang I high-risk classification." + }, + { + "obligation_id": "technical_documentation", + "subdomain": "documentation", + "link_kind": "process", + "confidence": "proposed", + "proposed_capability": "cap.technical_file", + "iace_grounding": "MaschVO Anhang IV technical file; risk assessment is a mandatory part.", + "rationale": "IACE hazard log is a required input to the technical file." + }, + { + "obligation_id": "eu_declaration_ce_marking", + "subdomain": "conformity", + "link_kind": "process", + "confidence": "proposed", + "proposed_capability": "cap.ce_marking_declaration", + "iace_grounding": "MaschVO Anhang V EU declaration of conformity + CE marking affixing.", + "rationale": "Final conformity attestation step." + }, + { + "obligation_id": "manufacturer_economic_operator_obligations", + "subdomain": "economic_operators", + "link_kind": "process", + "confidence": "proposed", + "proposed_capability": "cap.economic_operator_duties", + "rationale": "Manufacturer/importer/distributor duty chain — organizational." + }, + { + "obligation_id": "essential_safety_requirements_compliance", + "subdomain": "ehsr", + "link_kind": "process", + "confidence": "proposed", + "proposed_capability": "cap.ehsr_compliance", + "iace_grounding": "MaschVO Anhang III essential health and safety requirements — the umbrella that the physical_safety capabilities collectively satisfy.", + "rationale": "Composite: satisfied via the physical_safety capabilities above; model as an aggregate rather than a single control." + }, + { + "obligation_id": "harmonised_standards_selection", + "subdomain": "standards", + "link_kind": "process", + "confidence": "proposed", + "proposed_capability": "cap.harmonised_standards", + "tier": "BEST_PRACTICE", + "iace_grounding": "Use of harmonised standards grants presumption of conformity; IACE's ISO references (12100/13849/14120/13850) are the candidate set.", + "rationale": "Links the standards IACE already cites to the presumption-of-conformity mechanism." + }, + { + "obligation_id": "notified_body_requirements", + "subdomain": "notified_body", + "link_kind": "process", + "confidence": "proposed", + "proposed_capability": "cap.notified_body_involvement", + "iace_grounding": "MaschVO Anhang I Part A high-risk machinery requires notified-body involvement.", + "rationale": "Triggered by Anhang I classification of the machine." + }, + { + "obligation_id": "modification_substantial_change", + "subdomain": "modification", + "link_kind": "process", + "confidence": "proposed", + "proposed_capability": "cap.substantial_modification_assessment", + "iace_grounding": "Substantial modification can create a 'new' machine requiring fresh conformity; re-run risk assessment.", + "rationale": "IACE re-assessment is the trigger artifact." + }, + { + "obligation_id": "autonomous_mobile_machinery", + "subdomain": "mobile_machinery", + "link_kind": "physical_safety", + "confidence": "proposed", + "proposed_capability": "cap.amr_safety", + "iace_grounding": "Mobile/autonomous machinery EHSR: travel functions, supervision, monitoring, safe stop in autonomous mode.", + "rationale": "Distinct hazard family (mobility) in IACE." + }, + { + "obligation_id": "verification_inspection_maintenance", + "subdomain": "verification", + "link_kind": "process", + "confidence": "proposed", + "proposed_capability": "cap.in_service_verification", + "tier": "BEST_PRACTICE", + "rationale": "In-service inspection/maintenance regime — lifecycle-state = in_service/maintenance." + }, + { + "obligation_id": "quality_management_system", + "subdomain": "quality_management", + "link_kind": "process", + "confidence": "proposed", + "proposed_capability": "cap.quality_management_system", + "tier": "BEST_PRACTICE", + "iace_grounding": "MaschVO Anhang IX full quality-assurance route.", + "rationale": "Organizational QA enabling the conformity route." + }, + { + "obligation_id": "market_surveillance_safeguard", + "subdomain": "market_surveillance", + "link_kind": "non_capability", + "confidence": "non_capability", + "rationale": "Cooperation with market-surveillance authorities + safeguard procedure: a regulatory-interaction duty, not a machine/process capability. Flagged so Execution does not force a capability link.", + "owner_decision": "Legal-KG to decide whether to model as an obligation-only node." + }, + { + "obligation_id": "sanctions", + "subdomain": "sanctions", + "link_kind": "non_capability", + "confidence": "non_capability", + "rationale": "Penalty regime — a legal consequence, not a capability. No control link.", + "owner_decision": "Legal-KG: obligation-only node." + }, + { + "obligation_id": "scope_transition_application", + "subdomain": "scope", + "link_kind": "non_capability", + "confidence": "non_capability", + "rationale": "Applicability + transition dates (old Directive 2006/42/EC -> Regulation 2023/1230). This drives the SCOPE engine, not a capability. RS-004 part C (reg-ID/scope wiring) is the right home.", + "owner_decision": "Reasoning/scope-engine, not a capability." + }, + { + "obligation_id": "specific_machine_types", + "subdomain": "specific_machinery", + "link_kind": "composite", + "confidence": "proposed", + "rationale": "Machine-type-specific EHSR (e.g. lifting, portable, wood/food machinery). Resolves to MULTIPLE physical_safety capabilities depending on machine type — model as a type-conditional set, not one control.", + "owner_decision": "Execution: expand per machine-type once the physical_safety capabilities are minted." + } + ], + "summary": { + "obligations_total": 31, + "cyber_safety_bridges_high_confidence": 2, + "cyber_safety_bridges_needs_check": 1, + "cross_regulation_bridges": 2, + "physical_safety_candidates": 7, + "process_candidates": 13, + "non_capability_flags": 3, + "composite": 1, + "headline": "The 2 high-confidence cyber-safety bridges are immediately wirable to existing CRA-core obligations + capabilities (the CRA<->MaschinenVO convergence USP). Everything else is safety-expert input for Execution to mint and Legal-KG to ratify." + } +}