{ "schema_proposal": "machinery_obligation_capability_linking_v0", "status": "PROPOSED", "proposed_by": "iace-session", "for_ratification_by": ["legal-knowledge-graph", "execution"], "reference_scenario": "RS-004", "regulation_code": "MaschVO_2023_1230", "regulation_aliases": ["MaschinenVO", "Machinery Regulation (EU) 2023/1230"], "authority_note": "IACE holds SAFETY-classification authority and offers these links as machinery-safety domain input. Obligation DEFINITIONS remain the Legal-KG's authority; capability/control MINTING and the canonical mapping FORMAT remain Execution's authority. Nothing here is asserted into either registry. cap.* ids on physical/process links are CANDIDATES (not minted) — ratify, rename, or remap before merging into the canonical mapping. See semantic-authority principle: propose, do not assert across authorities.", "scope": { "in_scope": "MaschVO obligation -> capability/control linking (RS-004 part A), from the machinery-safety side.", "out_of_scope": [ "EMV (EMC Directive 2014/30/EU) obligation authoring (RS-004 part B): EMV obligations do not yet exist in the registry. Legal-KG to author via its clustering+synthesis methodology. IACE can supply EMC domain input on request, but will not hand-author obligations (bypasses the owning authority's method).", "Regulation-ID normalization / scope-engine wiring so the map resolves regulation -> obligations (RS-004 part C): Reasoning/Execution consumer code. NOTE: regulation_code 'MaschVO_2023_1230' must alias to the scope-engine id 'MaschinenVO' for resolution to work (board TODO 'Regelwerk-ID-Normalisierung').", "Minting MCAP-/control-ids: Execution authority." ] }, "confidence_legend": { "high": "Link target already exists in the registry (cra_core obligation or minted capability). Immediately usable.", "medium": "Link target likely exists but the exact id needs an owner check.", "proposed": "Target capability is a CANDIDATE to be minted by Execution; the link is safety-expert input, not a wired reference.", "non_capability": "Obligation is regulatory/applicability in nature and does NOT map to a capability — flagged so Execution does not force a link." }, "links": [ { "obligation_id": "access_control_safety_functions", "subdomain": "cybersecurity", "link_kind": "cyber_safety_bridge", "confidence": "high", "targets_existing": { "cra_core_obligations": ["attack_surface_minimization"], "capabilities": ["cap.multi_factor_authentication", "cap.session_management"] }, "rationale": "MaschVO Anhang III 1.1.9: safety functions must be protected against unauthorized access/modification. Satisfied by the same access-control + attack-surface controls CRA already requires. Convergence link, not a new control.", "convergence": "CRA <-> MaschinenVO: one control set satisfies both" }, { "obligation_id": "protection_against_corruption", "subdomain": "cybersecurity", "link_kind": "cyber_safety_bridge", "confidence": "high", "targets_existing": { "cra_core_obligations": ["software_integrity_protection"], "capabilities": ["cap.code_signing"] }, "rationale": "MaschVO 1.1.9/1.2.1: protect control software and safety-relevant data against accidental or intentional corruption. Satisfied by CRA software-integrity + code/update signing.", "convergence": "CRA <-> MaschinenVO: one control set satisfies both" }, { "obligation_id": "security_functions_default_free", "subdomain": "cybersecurity", "link_kind": "cyber_safety_bridge", "confidence": "medium", "targets_existing": { "cra_core_obligations": ["secure_by_default"], "capabilities": [] }, "rationale": "Security functions provided secure-by-default and without extra cost. Maps to CRA secure-by-default posture.", "needs_owner_check": "Confirm a CRA 'secure_by_default' obligation id exists in cra_core; if not, propose one or link to the closest secure-configuration obligation." }, { "obligation_id": "ml_safety_components", "subdomain": "ml_safety", "link_kind": "cross_regulation_bridge", "confidence": "proposed", "proposed_capability": "cap.ml_safety_assurance", "bridges": ["AI-Act (high-risk safety components)", "MaschVO Anhang III adaptive behaviour"], "iace_grounding": "Adaptive/self-learning safety components: bounded behaviour, validation of learned states, fallback to safe state. IACE state-graph + failure-mode (FMEA) families apply.", "rationale": "MaschVO treats ML-driven safety components as high-risk; same assurance obligations recur under the AI-Act. Strong convergence candidate." }, { "obligation_id": "long_term_availability_updates", "subdomain": "maintenance", "link_kind": "cross_regulation_bridge", "confidence": "proposed", "proposed_capability": "cap.update_availability", "bridges": ["CRA vulnerability-handling / security updates"], "rationale": "Long-term availability of (security) updates overlaps CRA's vulnerability-handling obligations — link once the CRA update obligation id is confirmed." }, { "obligation_id": "guards_protective_devices", "subdomain": "protective_devices", "link_kind": "physical_safety", "confidence": "proposed", "proposed_capability": "cap.guards_protective_devices", "registry_candidate": true, "iace_grounding": "ISO 14120 (fixed/movable guards), ISO 14119 (interlocking with/without guard locking). IACE hazard categories: mechanical, crushing, shearing, drawing-in.", "rationale": "Already listed in cra_machinery capability_candidates_physical. Safety-expert grounding attached." }, { "obligation_id": "emergency_stop_interlocking", "subdomain": "safety_functions", "link_kind": "physical_safety", "confidence": "proposed", "proposed_capability": "cap.emergency_stop_interlocking", "registry_candidate": true, "iace_grounding": "ISO 13850 (emergency stop), ISO 14118 (prevention of unexpected start-up), ISO 14119 (interlocking).", "rationale": "Already listed in cra_machinery capability_candidates_physical. Safety-expert grounding attached." }, { "obligation_id": "safety_functions_design", "subdomain": "safety_functions", "link_kind": "physical_safety", "confidence": "proposed", "proposed_capability": "cap.safety_functions_design", "registry_candidate": true, "iace_grounding": "ISO 13849-1 (PL, categories) / IEC 62061 (SIL) for safety-related parts of control systems (SRP/CS); validation per ISO 13849-2.", "rationale": "Already listed in cra_machinery capability_candidates_physical. Safety-expert grounding attached." }, { "obligation_id": "safety_components_conformity", "subdomain": "safety_components", "link_kind": "physical_safety", "confidence": "proposed", "proposed_capability": "cap.safety_component_conformity", "iace_grounding": "Listed safety components (MaschVO Anhang I) carry their own conformity duty; design validation per ISO 13849-2.", "rationale": "Distinct from safety_functions_design: this is conformity of the COMPONENT placed on the market, not the integrated function." }, { "obligation_id": "residual_risk_management", "subdomain": "residual_risk", "link_kind": "physical_safety", "confidence": "proposed", "proposed_capability": "cap.residual_risk_reduction", "iace_grounding": "ISO 12100 three-step method (inherently safe design -> safeguarding -> information for use); residual-risk warnings + instructions.", "rationale": "Directly mirrors IACE's measure-hierarchy output." }, { "obligation_id": "blocking_release_procedure", "subdomain": "protective_devices", "link_kind": "physical_safety", "confidence": "proposed", "proposed_capability": "cap.energy_isolation_loto", "iace_grounding": "ISO 14118 (unexpected start-up), lockout/tagout, safe isolation of energy sources for maintenance.", "rationale": "Maintenance-state hazard control; IACE lifecycle-state = maintenance." }, { "obligation_id": "vibration_noise_emission", "subdomain": "emissions", "link_kind": "physical_safety", "confidence": "proposed", "proposed_capability": "cap.emission_reduction", "iace_grounding": "EHSR on vibration + noise; emission reduction at source, declared emission values.", "rationale": "Health-hazard category in IACE (vibration, noise)." }, { "obligation_id": "risk_assessment_machinery_lifecycle", "subdomain": "risk_assessment", "link_kind": "process", "confidence": "proposed", "proposed_capability": "cap.machinery_risk_assessment", "iace_grounding": "ISO 12100 risk assessment across the full lifecycle. THIS IS IACE'S CORE OUTPUT — strongest provider-fact alignment of the set.", "rationale": "IACE already produces lifecycle hazard logs; this obligation is the regulatory counterpart." }, { "obligation_id": "risk_assessment_documentation", "subdomain": "risk_assessment", "link_kind": "process", "confidence": "proposed", "proposed_capability": "cap.risk_assessment_record", "iace_grounding": "Documented risk-assessment record feeding the technical file.", "rationale": "IACE hazard-log export is the evidence artifact." }, { "obligation_id": "risk_assessment_methodology_competence", "subdomain": "risk_assessment", "link_kind": "process", "confidence": "proposed", "proposed_capability": "cap.risk_assessment_competence", "tier": "BEST_PRACTICE", "rationale": "Competence/methodology assurance for the assessor — organizational, not a machine control." }, { "obligation_id": "operating_instructions", "subdomain": "operating_instructions", "link_kind": "process", "confidence": "proposed", "proposed_capability": "cap.safety_information_instructions", "iace_grounding": "ISO 12100 6.4 information for use; IEC/IEEE 82079-1 instructions.", "rationale": "Carries IACE residual-risk warnings into the instructions." }, { "obligation_id": "conformity_assessment", "subdomain": "conformity", "link_kind": "process", "confidence": "proposed", "proposed_capability": "cap.conformity_assessment_procedure", "iace_grounding": "MaschVO Anhang XI procedures (internal control vs notified-body routes).", "rationale": "Procedure selection depends on Anhang I high-risk classification." }, { "obligation_id": "technical_documentation", "subdomain": "documentation", "link_kind": "process", "confidence": "proposed", "proposed_capability": "cap.technical_file", "iace_grounding": "MaschVO Anhang IV technical file; risk assessment is a mandatory part.", "rationale": "IACE hazard log is a required input to the technical file." }, { "obligation_id": "eu_declaration_ce_marking", "subdomain": "conformity", "link_kind": "process", "confidence": "proposed", "proposed_capability": "cap.ce_marking_declaration", "iace_grounding": "MaschVO Anhang V EU declaration of conformity + CE marking affixing.", "rationale": "Final conformity attestation step." }, { "obligation_id": "manufacturer_economic_operator_obligations", "subdomain": "economic_operators", "link_kind": "process", "confidence": "proposed", "proposed_capability": "cap.economic_operator_duties", "rationale": "Manufacturer/importer/distributor duty chain — organizational." }, { "obligation_id": "essential_safety_requirements_compliance", "subdomain": "ehsr", "link_kind": "process", "confidence": "proposed", "proposed_capability": "cap.ehsr_compliance", "iace_grounding": "MaschVO Anhang III essential health and safety requirements — the umbrella that the physical_safety capabilities collectively satisfy.", "rationale": "Composite: satisfied via the physical_safety capabilities above; model as an aggregate rather than a single control." }, { "obligation_id": "harmonised_standards_selection", "subdomain": "standards", "link_kind": "process", "confidence": "proposed", "proposed_capability": "cap.harmonised_standards", "tier": "BEST_PRACTICE", "iace_grounding": "Use of harmonised standards grants presumption of conformity; IACE's ISO references (12100/13849/14120/13850) are the candidate set.", "rationale": "Links the standards IACE already cites to the presumption-of-conformity mechanism." }, { "obligation_id": "notified_body_requirements", "subdomain": "notified_body", "link_kind": "process", "confidence": "proposed", "proposed_capability": "cap.notified_body_involvement", "iace_grounding": "MaschVO Anhang I Part A high-risk machinery requires notified-body involvement.", "rationale": "Triggered by Anhang I classification of the machine." }, { "obligation_id": "modification_substantial_change", "subdomain": "modification", "link_kind": "process", "confidence": "proposed", "proposed_capability": "cap.substantial_modification_assessment", "iace_grounding": "Substantial modification can create a 'new' machine requiring fresh conformity; re-run risk assessment.", "rationale": "IACE re-assessment is the trigger artifact." }, { "obligation_id": "autonomous_mobile_machinery", "subdomain": "mobile_machinery", "link_kind": "physical_safety", "confidence": "proposed", "proposed_capability": "cap.amr_safety", "iace_grounding": "Mobile/autonomous machinery EHSR: travel functions, supervision, monitoring, safe stop in autonomous mode.", "rationale": "Distinct hazard family (mobility) in IACE." }, { "obligation_id": "verification_inspection_maintenance", "subdomain": "verification", "link_kind": "process", "confidence": "proposed", "proposed_capability": "cap.in_service_verification", "tier": "BEST_PRACTICE", "rationale": "In-service inspection/maintenance regime — lifecycle-state = in_service/maintenance." }, { "obligation_id": "quality_management_system", "subdomain": "quality_management", "link_kind": "process", "confidence": "proposed", "proposed_capability": "cap.quality_management_system", "tier": "BEST_PRACTICE", "iace_grounding": "MaschVO Anhang IX full quality-assurance route.", "rationale": "Organizational QA enabling the conformity route." }, { "obligation_id": "market_surveillance_safeguard", "subdomain": "market_surveillance", "link_kind": "non_capability", "confidence": "non_capability", "rationale": "Cooperation with market-surveillance authorities + safeguard procedure: a regulatory-interaction duty, not a machine/process capability. Flagged so Execution does not force a capability link.", "owner_decision": "Legal-KG to decide whether to model as an obligation-only node." }, { "obligation_id": "sanctions", "subdomain": "sanctions", "link_kind": "non_capability", "confidence": "non_capability", "rationale": "Penalty regime — a legal consequence, not a capability. No control link.", "owner_decision": "Legal-KG: obligation-only node." }, { "obligation_id": "scope_transition_application", "subdomain": "scope", "link_kind": "non_capability", "confidence": "non_capability", "rationale": "Applicability + transition dates (old Directive 2006/42/EC -> Regulation 2023/1230). This drives the SCOPE engine, not a capability. RS-004 part C (reg-ID/scope wiring) is the right home.", "owner_decision": "Reasoning/scope-engine, not a capability." }, { "obligation_id": "specific_machine_types", "subdomain": "specific_machinery", "link_kind": "composite", "confidence": "proposed", "rationale": "Machine-type-specific EHSR (e.g. lifting, portable, wood/food machinery). Resolves to MULTIPLE physical_safety capabilities depending on machine type — model as a type-conditional set, not one control.", "owner_decision": "Execution: expand per machine-type once the physical_safety capabilities are minted." } ], "summary": { "obligations_total": 31, "cyber_safety_bridges_high_confidence": 2, "cyber_safety_bridges_needs_check": 1, "cross_regulation_bridges": 2, "physical_safety_candidates": 7, "process_candidates": 13, "non_capability_flags": 3, "composite": 1, "headline": "The 2 high-confidence cyber-safety bridges are immediately wirable to existing CRA-core obligations + capabilities (the CRA<->MaschinenVO convergence USP). Everything else is safety-expert input for Execution to mint and Legal-KG to ratify." } }