Benjamin Admin
363c76d274
Additive proposal for RS-004 (MaschinenVO/EMV registry-linking gap), from IACE's machinery-safety authority. Links all 31 MaschVO obligations to capability/control targets: 2 high-confidence cyber-safety bridges wired to existing CRA-core obligations + capabilities (the CRA<->MaschinenVO convergence), the rest as safety-expert capability candidates for Execution to mint and Legal-KG to ratify. Asserts nothing into the obligation/capability registries — status=PROPOSED, for_ratification_by legal-knowledge-graph + execution. Respects semantic-authority (propose, don't assert across authorities) and the knowledge freeze (data, no new classes). EMV obligation authoring + reg-id/scope wiring explicitly left to their owners (out_of_scope). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
327 lines
17 KiB
JSON
327 lines
17 KiB
JSON
{
|
|
"schema_proposal": "machinery_obligation_capability_linking_v0",
|
|
"status": "PROPOSED",
|
|
"proposed_by": "iace-session",
|
|
"for_ratification_by": ["legal-knowledge-graph", "execution"],
|
|
"reference_scenario": "RS-004",
|
|
"regulation_code": "MaschVO_2023_1230",
|
|
"regulation_aliases": ["MaschinenVO", "Machinery Regulation (EU) 2023/1230"],
|
|
"authority_note": "IACE holds SAFETY-classification authority and offers these links as machinery-safety domain input. Obligation DEFINITIONS remain the Legal-KG's authority; capability/control MINTING and the canonical mapping FORMAT remain Execution's authority. Nothing here is asserted into either registry. cap.* ids on physical/process links are CANDIDATES (not minted) — ratify, rename, or remap before merging into the canonical mapping. See semantic-authority principle: propose, do not assert across authorities.",
|
|
"scope": {
|
|
"in_scope": "MaschVO obligation -> capability/control linking (RS-004 part A), from the machinery-safety side.",
|
|
"out_of_scope": [
|
|
"EMV (EMC Directive 2014/30/EU) obligation authoring (RS-004 part B): EMV obligations do not yet exist in the registry. Legal-KG to author via its clustering+synthesis methodology. IACE can supply EMC domain input on request, but will not hand-author obligations (bypasses the owning authority's method).",
|
|
"Regulation-ID normalization / scope-engine wiring so the map resolves regulation -> obligations (RS-004 part C): Reasoning/Execution consumer code. NOTE: regulation_code 'MaschVO_2023_1230' must alias to the scope-engine id 'MaschinenVO' for resolution to work (board TODO 'Regelwerk-ID-Normalisierung').",
|
|
"Minting MCAP-/control-ids: Execution authority."
|
|
]
|
|
},
|
|
"confidence_legend": {
|
|
"high": "Link target already exists in the registry (cra_core obligation or minted capability). Immediately usable.",
|
|
"medium": "Link target likely exists but the exact id needs an owner check.",
|
|
"proposed": "Target capability is a CANDIDATE to be minted by Execution; the link is safety-expert input, not a wired reference.",
|
|
"non_capability": "Obligation is regulatory/applicability in nature and does NOT map to a capability — flagged so Execution does not force a link."
|
|
},
|
|
"links": [
|
|
{
|
|
"obligation_id": "access_control_safety_functions",
|
|
"subdomain": "cybersecurity",
|
|
"link_kind": "cyber_safety_bridge",
|
|
"confidence": "high",
|
|
"targets_existing": {
|
|
"cra_core_obligations": ["attack_surface_minimization"],
|
|
"capabilities": ["cap.multi_factor_authentication", "cap.session_management"]
|
|
},
|
|
"rationale": "MaschVO Anhang III 1.1.9: safety functions must be protected against unauthorized access/modification. Satisfied by the same access-control + attack-surface controls CRA already requires. Convergence link, not a new control.",
|
|
"convergence": "CRA <-> MaschinenVO: one control set satisfies both"
|
|
},
|
|
{
|
|
"obligation_id": "protection_against_corruption",
|
|
"subdomain": "cybersecurity",
|
|
"link_kind": "cyber_safety_bridge",
|
|
"confidence": "high",
|
|
"targets_existing": {
|
|
"cra_core_obligations": ["software_integrity_protection"],
|
|
"capabilities": ["cap.code_signing"]
|
|
},
|
|
"rationale": "MaschVO 1.1.9/1.2.1: protect control software and safety-relevant data against accidental or intentional corruption. Satisfied by CRA software-integrity + code/update signing.",
|
|
"convergence": "CRA <-> MaschinenVO: one control set satisfies both"
|
|
},
|
|
{
|
|
"obligation_id": "security_functions_default_free",
|
|
"subdomain": "cybersecurity",
|
|
"link_kind": "cyber_safety_bridge",
|
|
"confidence": "medium",
|
|
"targets_existing": {
|
|
"cra_core_obligations": ["secure_by_default"],
|
|
"capabilities": []
|
|
},
|
|
"rationale": "Security functions provided secure-by-default and without extra cost. Maps to CRA secure-by-default posture.",
|
|
"needs_owner_check": "Confirm a CRA 'secure_by_default' obligation id exists in cra_core; if not, propose one or link to the closest secure-configuration obligation."
|
|
},
|
|
{
|
|
"obligation_id": "ml_safety_components",
|
|
"subdomain": "ml_safety",
|
|
"link_kind": "cross_regulation_bridge",
|
|
"confidence": "proposed",
|
|
"proposed_capability": "cap.ml_safety_assurance",
|
|
"bridges": ["AI-Act (high-risk safety components)", "MaschVO Anhang III adaptive behaviour"],
|
|
"iace_grounding": "Adaptive/self-learning safety components: bounded behaviour, validation of learned states, fallback to safe state. IACE state-graph + failure-mode (FMEA) families apply.",
|
|
"rationale": "MaschVO treats ML-driven safety components as high-risk; same assurance obligations recur under the AI-Act. Strong convergence candidate."
|
|
},
|
|
{
|
|
"obligation_id": "long_term_availability_updates",
|
|
"subdomain": "maintenance",
|
|
"link_kind": "cross_regulation_bridge",
|
|
"confidence": "proposed",
|
|
"proposed_capability": "cap.update_availability",
|
|
"bridges": ["CRA vulnerability-handling / security updates"],
|
|
"rationale": "Long-term availability of (security) updates overlaps CRA's vulnerability-handling obligations — link once the CRA update obligation id is confirmed."
|
|
},
|
|
{
|
|
"obligation_id": "guards_protective_devices",
|
|
"subdomain": "protective_devices",
|
|
"link_kind": "physical_safety",
|
|
"confidence": "proposed",
|
|
"proposed_capability": "cap.guards_protective_devices",
|
|
"registry_candidate": true,
|
|
"iace_grounding": "ISO 14120 (fixed/movable guards), ISO 14119 (interlocking with/without guard locking). IACE hazard categories: mechanical, crushing, shearing, drawing-in.",
|
|
"rationale": "Already listed in cra_machinery capability_candidates_physical. Safety-expert grounding attached."
|
|
},
|
|
{
|
|
"obligation_id": "emergency_stop_interlocking",
|
|
"subdomain": "safety_functions",
|
|
"link_kind": "physical_safety",
|
|
"confidence": "proposed",
|
|
"proposed_capability": "cap.emergency_stop_interlocking",
|
|
"registry_candidate": true,
|
|
"iace_grounding": "ISO 13850 (emergency stop), ISO 14118 (prevention of unexpected start-up), ISO 14119 (interlocking).",
|
|
"rationale": "Already listed in cra_machinery capability_candidates_physical. Safety-expert grounding attached."
|
|
},
|
|
{
|
|
"obligation_id": "safety_functions_design",
|
|
"subdomain": "safety_functions",
|
|
"link_kind": "physical_safety",
|
|
"confidence": "proposed",
|
|
"proposed_capability": "cap.safety_functions_design",
|
|
"registry_candidate": true,
|
|
"iace_grounding": "ISO 13849-1 (PL, categories) / IEC 62061 (SIL) for safety-related parts of control systems (SRP/CS); validation per ISO 13849-2.",
|
|
"rationale": "Already listed in cra_machinery capability_candidates_physical. Safety-expert grounding attached."
|
|
},
|
|
{
|
|
"obligation_id": "safety_components_conformity",
|
|
"subdomain": "safety_components",
|
|
"link_kind": "physical_safety",
|
|
"confidence": "proposed",
|
|
"proposed_capability": "cap.safety_component_conformity",
|
|
"iace_grounding": "Listed safety components (MaschVO Anhang I) carry their own conformity duty; design validation per ISO 13849-2.",
|
|
"rationale": "Distinct from safety_functions_design: this is conformity of the COMPONENT placed on the market, not the integrated function."
|
|
},
|
|
{
|
|
"obligation_id": "residual_risk_management",
|
|
"subdomain": "residual_risk",
|
|
"link_kind": "physical_safety",
|
|
"confidence": "proposed",
|
|
"proposed_capability": "cap.residual_risk_reduction",
|
|
"iace_grounding": "ISO 12100 three-step method (inherently safe design -> safeguarding -> information for use); residual-risk warnings + instructions.",
|
|
"rationale": "Directly mirrors IACE's measure-hierarchy output."
|
|
},
|
|
{
|
|
"obligation_id": "blocking_release_procedure",
|
|
"subdomain": "protective_devices",
|
|
"link_kind": "physical_safety",
|
|
"confidence": "proposed",
|
|
"proposed_capability": "cap.energy_isolation_loto",
|
|
"iace_grounding": "ISO 14118 (unexpected start-up), lockout/tagout, safe isolation of energy sources for maintenance.",
|
|
"rationale": "Maintenance-state hazard control; IACE lifecycle-state = maintenance."
|
|
},
|
|
{
|
|
"obligation_id": "vibration_noise_emission",
|
|
"subdomain": "emissions",
|
|
"link_kind": "physical_safety",
|
|
"confidence": "proposed",
|
|
"proposed_capability": "cap.emission_reduction",
|
|
"iace_grounding": "EHSR on vibration + noise; emission reduction at source, declared emission values.",
|
|
"rationale": "Health-hazard category in IACE (vibration, noise)."
|
|
},
|
|
{
|
|
"obligation_id": "risk_assessment_machinery_lifecycle",
|
|
"subdomain": "risk_assessment",
|
|
"link_kind": "process",
|
|
"confidence": "proposed",
|
|
"proposed_capability": "cap.machinery_risk_assessment",
|
|
"iace_grounding": "ISO 12100 risk assessment across the full lifecycle. THIS IS IACE'S CORE OUTPUT — strongest provider-fact alignment of the set.",
|
|
"rationale": "IACE already produces lifecycle hazard logs; this obligation is the regulatory counterpart."
|
|
},
|
|
{
|
|
"obligation_id": "risk_assessment_documentation",
|
|
"subdomain": "risk_assessment",
|
|
"link_kind": "process",
|
|
"confidence": "proposed",
|
|
"proposed_capability": "cap.risk_assessment_record",
|
|
"iace_grounding": "Documented risk-assessment record feeding the technical file.",
|
|
"rationale": "IACE hazard-log export is the evidence artifact."
|
|
},
|
|
{
|
|
"obligation_id": "risk_assessment_methodology_competence",
|
|
"subdomain": "risk_assessment",
|
|
"link_kind": "process",
|
|
"confidence": "proposed",
|
|
"proposed_capability": "cap.risk_assessment_competence",
|
|
"tier": "BEST_PRACTICE",
|
|
"rationale": "Competence/methodology assurance for the assessor — organizational, not a machine control."
|
|
},
|
|
{
|
|
"obligation_id": "operating_instructions",
|
|
"subdomain": "operating_instructions",
|
|
"link_kind": "process",
|
|
"confidence": "proposed",
|
|
"proposed_capability": "cap.safety_information_instructions",
|
|
"iace_grounding": "ISO 12100 6.4 information for use; IEC/IEEE 82079-1 instructions.",
|
|
"rationale": "Carries IACE residual-risk warnings into the instructions."
|
|
},
|
|
{
|
|
"obligation_id": "conformity_assessment",
|
|
"subdomain": "conformity",
|
|
"link_kind": "process",
|
|
"confidence": "proposed",
|
|
"proposed_capability": "cap.conformity_assessment_procedure",
|
|
"iace_grounding": "MaschVO Anhang XI procedures (internal control vs notified-body routes).",
|
|
"rationale": "Procedure selection depends on Anhang I high-risk classification."
|
|
},
|
|
{
|
|
"obligation_id": "technical_documentation",
|
|
"subdomain": "documentation",
|
|
"link_kind": "process",
|
|
"confidence": "proposed",
|
|
"proposed_capability": "cap.technical_file",
|
|
"iace_grounding": "MaschVO Anhang IV technical file; risk assessment is a mandatory part.",
|
|
"rationale": "IACE hazard log is a required input to the technical file."
|
|
},
|
|
{
|
|
"obligation_id": "eu_declaration_ce_marking",
|
|
"subdomain": "conformity",
|
|
"link_kind": "process",
|
|
"confidence": "proposed",
|
|
"proposed_capability": "cap.ce_marking_declaration",
|
|
"iace_grounding": "MaschVO Anhang V EU declaration of conformity + CE marking affixing.",
|
|
"rationale": "Final conformity attestation step."
|
|
},
|
|
{
|
|
"obligation_id": "manufacturer_economic_operator_obligations",
|
|
"subdomain": "economic_operators",
|
|
"link_kind": "process",
|
|
"confidence": "proposed",
|
|
"proposed_capability": "cap.economic_operator_duties",
|
|
"rationale": "Manufacturer/importer/distributor duty chain — organizational."
|
|
},
|
|
{
|
|
"obligation_id": "essential_safety_requirements_compliance",
|
|
"subdomain": "ehsr",
|
|
"link_kind": "process",
|
|
"confidence": "proposed",
|
|
"proposed_capability": "cap.ehsr_compliance",
|
|
"iace_grounding": "MaschVO Anhang III essential health and safety requirements — the umbrella that the physical_safety capabilities collectively satisfy.",
|
|
"rationale": "Composite: satisfied via the physical_safety capabilities above; model as an aggregate rather than a single control."
|
|
},
|
|
{
|
|
"obligation_id": "harmonised_standards_selection",
|
|
"subdomain": "standards",
|
|
"link_kind": "process",
|
|
"confidence": "proposed",
|
|
"proposed_capability": "cap.harmonised_standards",
|
|
"tier": "BEST_PRACTICE",
|
|
"iace_grounding": "Use of harmonised standards grants presumption of conformity; IACE's ISO references (12100/13849/14120/13850) are the candidate set.",
|
|
"rationale": "Links the standards IACE already cites to the presumption-of-conformity mechanism."
|
|
},
|
|
{
|
|
"obligation_id": "notified_body_requirements",
|
|
"subdomain": "notified_body",
|
|
"link_kind": "process",
|
|
"confidence": "proposed",
|
|
"proposed_capability": "cap.notified_body_involvement",
|
|
"iace_grounding": "MaschVO Anhang I Part A high-risk machinery requires notified-body involvement.",
|
|
"rationale": "Triggered by Anhang I classification of the machine."
|
|
},
|
|
{
|
|
"obligation_id": "modification_substantial_change",
|
|
"subdomain": "modification",
|
|
"link_kind": "process",
|
|
"confidence": "proposed",
|
|
"proposed_capability": "cap.substantial_modification_assessment",
|
|
"iace_grounding": "Substantial modification can create a 'new' machine requiring fresh conformity; re-run risk assessment.",
|
|
"rationale": "IACE re-assessment is the trigger artifact."
|
|
},
|
|
{
|
|
"obligation_id": "autonomous_mobile_machinery",
|
|
"subdomain": "mobile_machinery",
|
|
"link_kind": "physical_safety",
|
|
"confidence": "proposed",
|
|
"proposed_capability": "cap.amr_safety",
|
|
"iace_grounding": "Mobile/autonomous machinery EHSR: travel functions, supervision, monitoring, safe stop in autonomous mode.",
|
|
"rationale": "Distinct hazard family (mobility) in IACE."
|
|
},
|
|
{
|
|
"obligation_id": "verification_inspection_maintenance",
|
|
"subdomain": "verification",
|
|
"link_kind": "process",
|
|
"confidence": "proposed",
|
|
"proposed_capability": "cap.in_service_verification",
|
|
"tier": "BEST_PRACTICE",
|
|
"rationale": "In-service inspection/maintenance regime — lifecycle-state = in_service/maintenance."
|
|
},
|
|
{
|
|
"obligation_id": "quality_management_system",
|
|
"subdomain": "quality_management",
|
|
"link_kind": "process",
|
|
"confidence": "proposed",
|
|
"proposed_capability": "cap.quality_management_system",
|
|
"tier": "BEST_PRACTICE",
|
|
"iace_grounding": "MaschVO Anhang IX full quality-assurance route.",
|
|
"rationale": "Organizational QA enabling the conformity route."
|
|
},
|
|
{
|
|
"obligation_id": "market_surveillance_safeguard",
|
|
"subdomain": "market_surveillance",
|
|
"link_kind": "non_capability",
|
|
"confidence": "non_capability",
|
|
"rationale": "Cooperation with market-surveillance authorities + safeguard procedure: a regulatory-interaction duty, not a machine/process capability. Flagged so Execution does not force a capability link.",
|
|
"owner_decision": "Legal-KG to decide whether to model as an obligation-only node."
|
|
},
|
|
{
|
|
"obligation_id": "sanctions",
|
|
"subdomain": "sanctions",
|
|
"link_kind": "non_capability",
|
|
"confidence": "non_capability",
|
|
"rationale": "Penalty regime — a legal consequence, not a capability. No control link.",
|
|
"owner_decision": "Legal-KG: obligation-only node."
|
|
},
|
|
{
|
|
"obligation_id": "scope_transition_application",
|
|
"subdomain": "scope",
|
|
"link_kind": "non_capability",
|
|
"confidence": "non_capability",
|
|
"rationale": "Applicability + transition dates (old Directive 2006/42/EC -> Regulation 2023/1230). This drives the SCOPE engine, not a capability. RS-004 part C (reg-ID/scope wiring) is the right home.",
|
|
"owner_decision": "Reasoning/scope-engine, not a capability."
|
|
},
|
|
{
|
|
"obligation_id": "specific_machine_types",
|
|
"subdomain": "specific_machinery",
|
|
"link_kind": "composite",
|
|
"confidence": "proposed",
|
|
"rationale": "Machine-type-specific EHSR (e.g. lifting, portable, wood/food machinery). Resolves to MULTIPLE physical_safety capabilities depending on machine type — model as a type-conditional set, not one control.",
|
|
"owner_decision": "Execution: expand per machine-type once the physical_safety capabilities are minted."
|
|
}
|
|
],
|
|
"summary": {
|
|
"obligations_total": 31,
|
|
"cyber_safety_bridges_high_confidence": 2,
|
|
"cyber_safety_bridges_needs_check": 1,
|
|
"cross_regulation_bridges": 2,
|
|
"physical_safety_candidates": 7,
|
|
"process_candidates": 13,
|
|
"non_capability_flags": 3,
|
|
"composite": 1,
|
|
"headline": "The 2 high-confidence cyber-safety bridges are immediately wirable to existing CRA-core obligations + capabilities (the CRA<->MaschinenVO convergence USP). Everything else is safety-expert input for Execution to mint and Legal-KG to ratify."
|
|
}
|
|
}
|