From add16ad970b9503f375b58bed7dd7d98828ad059 Mon Sep 17 00:00:00 2001 From: Benjamin Admin Date: Sun, 14 Jun 2026 15:39:03 +0200 Subject: [PATCH] refactor(cra): pull Machinery-Reg obligations from Controls-API, drop hardcode MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Machinery Regulation 2023/1230 cyber-with-safety obligations are already in the shared Controls-API (use_case=maschinen, atom-grain, classified, license-clean) — so remove the hand-authored machinery_reg_cyber.py spine. The readiness check now fetches them from use_case=maschinen (sub_topics sicherheitsanforderungen -> code, risikomanagement -> process, konformitaetsbewertung -> document), tagged source "Maschinen-VO" alongside the CRA obligations. Same pattern as the security cluster; no own formulation, no license question. Co-Authored-By: Claude Opus 4.7 --- .../compliance/api/machinery_reg_cyber.py | 50 ------------------- 1 file changed, 50 deletions(-) delete mode 100644 backend-compliance/compliance/api/machinery_reg_cyber.py diff --git a/backend-compliance/compliance/api/machinery_reg_cyber.py b/backend-compliance/compliance/api/machinery_reg_cyber.py deleted file mode 100644 index 1886bc85..00000000 --- a/backend-compliance/compliance/api/machinery_reg_cyber.py +++ /dev/null @@ -1,50 +0,0 @@ -"""Machinery Regulation (EU) 2023/1230 — the NEW cyber-with-safety essential -requirements (Annex III). Applies from 20 Jan 2027 and, for the first time, -puts cybersecurity-affecting-safety into the CE machinery framework — the -counterpart to the CRA for machine/plant builders. - -Own-words summaries of the regulation text (EU legal texts are freely reusable -incl. commercial with source acknowledgement, Commission Decision 2011/833/EU). -We do NOT reproduce verbatim, and harmonised standards (prEN 50742, EN ISO 13849, -EN ISO 12100) are referenced BY IDENTIFIER ONLY — they are copyrighted (CEN/ISO). - -Scope note: only the two well-corroborated Annex III cyber clauses (1.1.9, 1.2.1) -are modelled. Further clauses are intentionally omitted rather than guessed. -""" - -SOURCE_REGULATION = "Maschinenverordnung (EU) 2023/1230" - -MACHINERY_REG_CYBER = [ - { - "req_id": "MR-1.1.9", - "annex_anchor": "Anhang III, 1.1.9", - "title": "Schutz vor Korruption/Manipulation", - "category": "Manipulationsschutz", - "description": ( - "Vernetzung oder Fernzugriff darf keine gefaehrliche Situation ausloesen. " - "Sicherheitsrelevante Hardware, Software und uebertragene Signale muessen identifiziert und " - "gegen versehentliche wie absichtliche Manipulation geschuetzt werden; Eingriffe in " - "sicherheitsrelevante Software/Konfiguration muessen als legitim oder unzulaessig " - "nachvollziehbar (protokolliert) sein." - ), - "severity": "HIGH", - "evidence_type": "hybrid", - "norm_references": ["Maschinenverordnung (EU) 2023/1230, Anhang III, 1.1.9", "prEN 50742 (Entwurf)"], - "source_regulation": SOURCE_REGULATION, - }, - { - "req_id": "MR-1.2.1", - "annex_anchor": "Anhang III, 1.2.1", - "title": "Sicherheit und Zuverlaessigkeit der Steuerungen", - "category": "Steuerungssicherheit", - "description": ( - "Steuerungen sind so auszulegen, dass Fehler, aeussere Einfluesse (auch Funkstoerungen), " - "Bedienfehler und vernuenftigerweise vorhersehbare Manipulationsversuche Dritter zu keiner " - "gefaehrlichen Situation fuehren — die Sicherheit der Sicherheitsfunktionen muss erhalten bleiben." - ), - "severity": "HIGH", - "evidence_type": "code", - "norm_references": ["Maschinenverordnung (EU) 2023/1230, Anhang III, 1.2.1", "EN ISO 13849", "prEN 50742 (Entwurf)"], - "source_regulation": SOURCE_REGULATION, - }, -]