SEW-EURODRIVE operates an information security management system that is certified to ISO/IEC 27001 – a standard designed to ensure the security of data.
In the course of our customer support activities, we process personal data belonging to our customers' employees. SEW-EURODRIVE therefore has appropriate technical and organizational measures in place to protect employees' data protection rights.
Products, applications, and system solutions at SEW-EURODRIVE are subject to the most stringent of quality requirements, including in relation to product security. We have put various measures in place to ensure these requirements can be met throughout the entire product lifecycle. For example, we have set up a central mailbox and contact form for reporting security incidents and submitting inquiries about security.
Our corporate CERT handles emerging vulnerabilities and security incidents for all SEW-EURODRIVE products with digital elements. SEW-EURODRIVE publishes resulting updates or other security recommendations for minimizing risk in the form of security advisories. There is also the option to sign up for a newsletter we send out automatically with information about new and updated security advisories relating to our products.
In 2021, the product security management systems rolled out by SEW-EURODRIVE were successfully certified to IEC 62443-4-1 by TÜV NORD.
The NIS 2 Directive was published on December 27, 2022, and EU Member States had until October 17, 2024, to transpose the Directive into national law. The German NIS 2 implementation act is expected by late 2025, while other EU Member States have already transposed the NIS 2 Directive into their national legislation. The aim of the NIS 2 Directive is to achieve a high common level of cybersecurity across the EU.
Facilities (companies) that are important for and critical to society must introduce technical and organizational measures to increase cyber resilience and thus ensure business continuity. These include:
The EU Radio Equipment Directive (RED) stipulates the requirements applicable to electronic devices with radio interfaces in the EU. With effect from August 1, 2025, a delegated act introduced a legally binding extension of the RED to include cybersecurity requirements. Compliance with the RED is formally confirmed in the declaration of conformity. With effect from August 1, 2025, it is prohibited to market products in the EU or the EEA that do not comply with the security requirements of the extended RED.
Published in July 2023, this EU Regulation will become binding for all EU Member States from mid-January 2027, after a transition period of 42 months. Compliance with the Machinery Regulation is formally confirmed in the declaration of conformity. With effect from January 20, 2027, it is prohibited to market machines in the EU or the EEA that do not comply with the requirements of the new Machinery Regulation.
The Cyber Resilience Act (CRA) is the first European Regulation to establish a minimum level of cybersecurity for all networked products placed on the EU market. Compliance with the CRA is formally confirmed in the declaration of conformity. With effect from December 11, 2027, it is prohibited to market products in the EU or the EEA that do not comply with the CRA.
The aim of the EU Regulation on harmonized rules on fair access to and use of data ("Data Act") is to strengthen the rights of users of networked products and services. The harmonized legal framework is also intended to promote data sharing between companies in the EU and to open up new possibilities for data-based business models.
As a pioneer in drive technology, we integrate security by design into all our solutions and products and, as a highly skilled partner, we support our customers through a secure digital transformation.Dr. Hans Krattenmacher
The extensive existing and upcoming EU legislation and the huge volume of requirements are causing ever greater uncertainty among plant manufacturers and operators. We've put together a list of the most common questions our customers ask us on a daily basis.
Safety refers to all measures designed to prevent the unintentional occurrence of hazards. Depending on the application, this aspect of safety is addressed by the appropriate safety technology or functional safety in our products and system solutions. Security, on the other hand, protects against malicious and criminal attacks on companies and their services.
Product security is a state in which an automation or control solution is protected against unauthorized access and against unintentional or intentional changes, losses, or destruction. Security includes protection against both digital threats (cybersecurity) and physical risks (physical security). In this context, the EU has imposed legislation (see above) that is either already binding or will become binding in the near future.
If you are a manufacturer of products, machinery, or plants that contain digital elements, are networked, exchange data with each other, or transmit radio waves, you must comply with the applicable regulatory requirements and take appropriate measures to minimize security risks for users, operators, and third parties.
The information security management system at SEW-EURODRIVE has been certified to ISO 27001 since 2006 and has been continually recertified since then to ensure it meets the latest requirements. Product security management at SEW-EURODRIVE has been successfully certified to IEC 62443-4-1 by TÜV NORD. With its various precautions and measures, our product security management helps protect our products, solutions, and services against cyber threats throughout the entire product lifecycle – from development and production through to use by our customers.
SEW-EURODRIVE uses product security measures to protect its products, solutions, and services against cyber threats. This applies throughout the entire lifecycle of our products and services. What's more, we develop these measures on a continuous basis. One important element in this context is the establishment of our international, corporate CERT, which receives, analyzes, and processes reports of vulnerabilities.