This document specifies cybersecurity requirements for new lifts, escalators and moving walks, referred to in this document as “equipment under control (EUC)”, designed in accordance with the ISO 8100 series. It is also applicable with other lift, escalator and moving walk standards that specify similar requirements, and to other lift-related equipment connected to the EUC.
This document specifies product and system requirements related to cybersecurity threats in the following lifecycle steps:
—    product development (process and product requirements);
—    manufacturing;
—    installation;
—    operation and maintenance;
—    decommissioning.
This document addresses the roles of product supplier and system integrator as shown in IEC 62443-4-1:2018, Figure 2, for the EUC.
This document does not address the role of asset owner as shown in IEC 62443-4-1:2018, Figure 2, but defines requirements for the product supplier and system integrator of the EUC to establish documentation allowing the asset owner, referred to as the “EUC owner” in this document, to achieve and maintain the security of the EUC.
This document specifies the minimum cybersecurity requirements for:
—    essential functions;
—    safety functions;
—    alarm functions.
This document is applicable to EUCs that are capable of connectivity to external systems such as building networks, cloud services, or service tools. The capability to connectivity can exist through equipment permanently available on site, or equipment temporarily brought to the location during the installation, operation and maintenance, or decommissioning steps.
EUC interfaces to external systems and services are in the scope of this document. External systems and services as such are out of the scope of this document.
This document does not apply to EUC that are installed before the date of its publication.

  • Draft
    53 pages
    English language
    e-Library read for
    1 day

This document specifies cybersecurity requirements for new lifts, escalators and moving walks, referred to in this document as “equipment under control (EUC)”, designed in accordance with the ISO 8100 series. It is also applicable with other lift, escalator and moving walk standards that specify similar requirements, and to other lift-related equipment connected to the EUC.
This document specifies product and system requirements related to cybersecurity threats in the following lifecycle steps:
—    product development (process and product requirements);
—    manufacturing;
—    installation;
—    operation and maintenance;
—    decommissioning.
This document addresses the roles of product supplier and system integrator as shown in IEC 62443-4-1:2018, Figure 2, for the EUC.
This document does not address the role of asset owner as shown in IEC 62443-4-1:2018, Figure 2, but defines requirements for the product supplier and system integrator of the EUC to establish documentation allowing the asset owner, referred to as the “EUC owner” in this document, to achieve and maintain the security of the EUC.
This document specifies the minimum cybersecurity requirements for:
—    essential functions;
—    safety functions;
—    alarm functions.
This document is applicable to EUCs that are capable of connectivity to external systems such as building networks, cloud services, or service tools. The capability to connectivity can exist through equipment permanently available on site, or equipment temporarily brought to the location during the installation, operation and maintenance, or decommissioning steps.
EUC interfaces to external systems and services are in the scope of this document. External systems and services as such are out of the scope of this document.
This document does not apply to EUC that are installed before the date of its publication.

  • Draft
    53 pages
    English language
    e-Library read for
    1 day

Frequently Asked Questions

A European Standardization Mandate is a formal request from the European Commission to the European Standardization Organizations (CEN, CENELEC, and ETSI) to develop European standards (ENs) in support of EU legislation and policies. Mandates are issued under Regulation (EU) No 1025/2012 and help ensure that products and services meet the essential requirements set out in EU directives and regulations.

M/622 is a European Standardization Mandate titled "COMMISSION IMPLEMENTING DECISION of 12.6.2026 on a standardisation request to the European Committee for Standardization and to the European Committee for Electrotechnical Standardization as regards self-evolving behaviour and cyber-safety developed in support of Directive 2014/33/EU of the European Parliament and of the Council of 26 February 2014 on the harmonisation of the laws of the Member States relating to lifts and safety components for lifts". COMMISSION IMPLEMENTING DECISION of 12.6.2026 on a standardisation request to the European Committee for Standardization and to the European Committee for Electrotechnical Standardization as regards self-evolving behaviour and cyber-safety developed in support of Directive 2014/33/EU of the European Parliament and of the Council of 26 February 2014 on the harmonisation of the laws of the Member States relating to lifts and safety components for lifts There are 2 standards developed under this mandate.

Standards developed in response to a mandate and cited in the Official Journal of the European Union become "harmonized standards". Products manufactured in compliance with harmonized standards benefit from a presumption of conformity with the essential requirements of the corresponding EU directive or regulation, facilitating CE marking and market access across the European Economic Area.