SEW-EURODRIVE operates a certified information security management system in accordance with ISO/IEC 27001, which ensures data security. In line with the NIS 2 Directive, comprehensive OT security measures have been implemented to ensure the security and availability of products and services. These measures help to increase resilience against cyber attacks and ensure the continuity of business processes.
As part of our customer service, we process the personal data of our customers' employees. SEW-EURODRDRIVE therefore has appropriate technical and organizational measures in place to protect the data protection rights of employees.
For products, applications and system solutions, SEW-EURODRIVE also has the highest quality requirements in the area of product security. To ensure this throughout the entire service life of the products, we have set up a central mailbox and a contact form, among other things, for reporting security incidents or security-related inquiries.
Our central CERT handles emerging vulnerabilities and security incidents with digital elements for all SEW-EURODRIVE products. SEW-EURODRIVE publishes the resulting updates or other security recommendations to minimize risk in the form of security advisories. In addition, you can subscribe to a newsletter, through which we automatically send information about new and updated security advisories to our products.
The product security management introduced by SEW-EURODRIVE was already successfully certified by TÜV NORD in 2021 in accordance with IEC 62443-4-1.
The NIS 2 Directive was published on 27.12.2022 and was to be transposed into national laws in the EU states by 17.10.2024. The German NIS-2 implementation law is expected by the end of 2025, while other EU states have already transposed the NIS-2 directive into their national law. The NIS 2 Directive aims to achieve a uniform high level of cybersecurity in the EU.
Critical and important facilities (companies) for society must introduce technical and organizational measures to increase cyber resilience to ensure business continuity. These include:
The EU Directive for Radio Equipment RED defines the requirements for electronic devices with radio interfaces in the EU. With effect from 01.08.2025, a Delegated Act introduced a legally binding extension of the RED to include cyber security requirements. Compliance with RED is formally confirmed in the declaration of conformity. Products that do not meet the security requirements of the extended RED may no longer be placed on the market in the EU and the EEA as of 1.8.2025.
The EU Regulation was published in July 2023 and will be binding for all EU countries after a transitional period of 42 months from mid-January 2027. Compliance with the Machinery Regulation is formally confirmed in the declaration of conformity. Machines that do not meet the requirements of the new Machinery Regulation may no longer be placed on the market in the EU and the EEA as of 20.01.2027.
The Cyber Resilience Act (CRA) is the first European regulation that establishes a minimum level of cyber security for all networked products placed on the EU market. Compliance with the CRA is formally confirmed in the declaration of conformity. Products that do not comply with the CRA may no longer be placed on the market in the EU and the EEA as of 11.12.2027.
The European Regulation on harmonized rules for fair data access and fair data use (abbreviation "Data Act") aims to strengthen the rights of users of networked products and services. The uniform legal framework is also intended to promote data exchange between companies in the EU and open up new opportunities for data-based business models.
As a pioneer in drive technology, we integrate security by design into all our solutions and products and support our customers as a competent partner through secure digital transformation.Dr. Hans Krattenmacher
In view of existing and upcoming EU regulations and the multitude of requirements, plant manufacturers and operators are becoming increasingly perplexed. We have compiled the most frequently asked questions that our customers ask us every day.
Unfortunately, the German language does not distinguish between security and safety. However, the difference in meaning in English is fundamental: safety refers to all measures taken to prevent unintentional hazards. Depending on the application, this aspect of safety is addressed by the appropriate safety technology or “functional safety” in our products and system solutions. Security, on the other hand, protects against malicious and criminal attacks on companies and their services.
Product Security is a state in which an automation or control solution is protected against unauthorized access and against unintentional or intentional changes, losses or destruction. Security includes both protection against digital threats (cybersecurity) and against physical threats (physical security). The EU has defined relevant directives here (see above), which are either binding or will become mandatory in the near future.
If you are a manufacturer of products, machines and systems that contain digital elements, are networked, exchange data with each other, or send radio waves, you must comply with the applicable regulatory requirements and take appropriate measures to minimize the safety risks for users, operators, and third parties.
The information security management system of SEW-EURODRIVE has been ISO 27001-certified since 2006 and has been continuously recertified since then to meet current requirements. The SEW-EURODRIVE product security management has been successfully certified by TÜV NORD according to IEC 62443-4-1. It helps protect our products, solutions and services from cyber threats throughout the entire product life cycle – from development to production and use by our customers.
SEW-EURODRIVE uses product security measures to protect its products, solutions and services from cyber threats. This applies throughout the entire life cycle of our products and services. These measures are continuously being developed. An important element is the establishment of our central, international CERT team, which receives, analyzes and processes reports of weak points.
Note:
Devices, system solutions, spare parts and repairs that have already been delivered are not affected by the aforementioned EU directives and regulations.