The Information Security Management System (ISMS) from SEW-EURODRIVE is certified according to ISO/IEC 27001 and thus forms a structured and established basis for dealing with information security. In addition, our company is categorised as a "Very Important Entity" in the context of the NIS2 directive and is registered accordingly with the relevant authority. This categorisation is taken into account in the further development of internal security and governance structures.
We process the personal data of our customers' employees as part of our customer service. SEW-EURODRIVE therefore has suitable technical and organisational measures in place to protect the data protection rights of employees.
SEW-EURODRIVE also applies the highest quality requirements for products, applications and system solutions in the area of product security. In order to ensure that these requirements are met throughout the entire service life of the products, we have set up a security incident reporting and security-related enquiry system. central mailbox and a contact form contact form.
Any vulnerabilities and security incidents that become known are dealt with via our central CERT for all SEW-EURODRIVE products with digital elements. SEW-EURODRIVE publishes the resulting updates or other security recommendations to minimise risk in the form of Security Advisories. Furthermore, there is the possibility to register in a newsletter via which we automatically send information on new and updated security advisories for our products.
The Product Security Management introduced by SEW-EURODRIVE was already successfully certified by TÜV NORD in 2021 in accordance with IEC 62443-4-1.
The NIS2 Directive was published on 27 December 2022 and was to be transposed into national law in the EU member states by 17 October 2024. The German NIS2 Implementation Act came into force on 6 December 2025. Other EU member states have also already transposed the NIS2 Directive into their national laws. The aim of this directive is to sustainably strengthen the general resilience of companies and supply chains to cyber security incidents.
Institutions (companies) that are critical and important to society must introduce technical and organisational measures to increase cyber resilience in order to ensure business continuity. These include, among other things:
The EU Radio Equipment Directive (RED) defines the requirements for electronic devices with radio interfaces in the EU. With effect from 1 August 2025, the RED was extended by a Delegated Act to include legally binding cyber security requirements. Compliance with the RED is formally confirmed in the declaration of conformity. Products that do not fulfil the security requirements of the extended RED may no longer be placed on the market in the EU and EEA from 1 August 2025.
The EU regulation was published in July 2023 and will be binding for all EU member states from mid-January 2027 after a transition period of 42 months. Compliance with the Machinery Directive will be formally confirmed in the declaration of conformity. Machinery that does not meet the requirements of the new Machinery Ordinance may no longer be placed on the market in the EU and EEA from 20 January 2027.
The Cyber Resilience Act (CRA) is the first European regulation to set a minimum level of cyber security for all connected products placed on the EU market. Compliance with the CRA is formally confirmed in the declaration of conformity. Products that do not comply with the CRA may no longer be placed on the market in the EU and EEA from 11 December 2027.
The European Regulation on harmonised rules for fair access to and use of data ("Data Act" for short) aims to strengthen the rights of users of connected products and services. The standardised legal framework is also intended to promote the exchange of data between companies in the EU and open up new opportunities for data-based business models.
As a pioneer in drive technology, we integrate security by design into all our solutions and products and accompany our customers through the secure digital transformation as a competent partner.Dr Hans Krattenmacher
In view of existing and upcoming EU regulations and the plethora of requirements, plant manufacturers and operators are becoming increasingly perplexed. We have compiled the most frequently asked questions that our customers ask us every day.
Unfortunately, the German language does not distinguish between security and safety. The difference in meaning in English is elementary: Safety refers to all measures to avoid unintentional dangers. Depending on the application, this aspect of safety is taken care of by the appropriate safety technology or "functional safety" in our products and system solutions. Security, on the other hand, protects against malicious and criminal attacks on companies and their services.
Product security is a state in which an automation or control solution is protected against unauthorised access and against unintentional or deliberate changes, loss or destruction. Security includes protection against both digital threats (cybersecurity) and physical threats (physical security). The EU has defined corresponding guidelines (see above), which are either binding or will become binding in the near future.
If you are a manufacturer of products, machines and systems that contain digital elements that are networked, exchange data with each other or emit radio waves, you must comply with the applicable regulatory requirements and take appropriate measures to minimise the safety risks for users, operators and third parties.
SEW-EURODRIVE's Information Security Management System has been certified to ISO 27001 since 2006 and has been continuously recertified since then to meet the latest requirements. SEW-EURODRIVE's Product Security Management has been successfully certified by TÜV NORD in accordance with IEC 62443-4-1. It takes precautions and measures to protect our products, solutions and services from cyber threats throughout the entire product life cycle - from development and production through to use by our customers.
SEW-EURODRIVE uses product security measures to protect its products, solutions and services against cyber threats. This applies throughout the entire life cycle of our products and services. These measures are continuously developed further. An important element of this is the establishment of our central, international CERT team, which receives, analyses and processes reports of vulnerabilities.