Risk Assessment under ISO 12100

Risk assessment is manageable if structured properly from the start. It becomes unmanageable when it is fragmented across disconnected spreadsheets, divorced from the design decisions it should be driving.

Most hardware teams know they need a risk assessment. Fewer know what that assessment should actually contain, how it connects to the rest of their conformity work, or why the way they currently manage it - typically in a spreadsheet that one engineer maintains and nobody else fully understands - creates problems that surface at the worst possible time.

For machinery, the risk assessment is not a supporting document. It is the central mechanism that determines which legal requirements apply, how far they need to be addressed, and whether the product can be placed on the EU market. As Torben Jespen writes in Risk Assessments and Safe Machinery, the machinery safety risk assessment is "the key aspect concerning Machinery directive compliance."

EN ISO 12100 is the harmonised standard that codifies how to do this work. It defines a structured, iterative methodology for identifying hazards, estimating and evaluating risks, and reducing them in a specific priority order. The standard is written for machinery, but the underlying logic - identify what can go wrong, assess how significant it is, determine what to do about it, and document the reasoning - applies across EU product legislation.

This article explains what ISO 12100 asks you to do, step by step, at a level that product managers and engineering leads can act on. It also explains why the tools most teams use to manage this process make it harder than it needs to be.

Note: This article is educational. It reflects the principles described in EU product legislation, the EU Blue Guide on implementation of product rules (2022), and established machinery safety literature. It is not legal advice. The binding interpretation of EU legislation is the exclusive competence of the Court of Justice of the European Union.

For the broader conformity assessment workflow - from identifying applicable directives through to CE marking - see EU Conformity Assessment for Machinery and Hardware Products.

What ISO 12100 is and why it matters

EN ISO 12100 - full title: Safety of machinery - General principles for design - Risk assessment and risk reduction - is a Type A harmonised standard. That means it applies across all machinery types. It does not contain requirements for a specific product category. Instead, it defines the general methodology for risk assessment and the principles of risk reduction that underpin all machinery safety work.

Following ISO 12100 gives a manufacturer a recognised path to demonstrating that the risk assessment methodology meets the requirements of the Machinery Directive (2006/42/EC). A product designed and assessed according to a relevant harmonised standard benefits from a presumption of conformity with the essential requirements that standard covers. Not following it means you must justify and document your alternative approach - which is legally permitted but practically heavier.

Two things about ISO 12100 are worth understanding early:

It defines the methodology, not the acceptable risk level. The Machinery Directive requires "safe machinery" on the market but does not specify numerical thresholds for acceptable, tolerable, or unacceptable risk. The standard provides the framework for assessing and reducing risk; the manufacturer determines - and must be able to defend - what constitutes adequate risk reduction for their specific product.

The logic extends beyond machinery. ISO 12100 is a machinery standard, but the pattern it describes - define the scope, identify hazards, estimate risk, evaluate acceptability, reduce in priority order - is the same operating logic that appears across EU product legislation. Teams working under the Low Voltage Directive, ATEX, the Pressure Equipment Directive, or other product rules will recognise the structure. Understanding ISO 12100 gives you a transferable framework.

Note on the Machinery Regulation: The Machinery Directive (2006/42/EC) is transitioning to the new Machinery Regulation (EU) 2023/1230. The risk assessment methodology described here remains applicable under both. Where relevant differences exist, they will be covered in a separate article.

The ISO 12100 workflow: step by step

The risk assessment under ISO 12100 is not a single pass through a form. It is an iterative process - a loop that repeats until all identified risks have been reduced to an acceptable level. The standard defines five connected steps, shown in the process flow below.

ISO 12100 works as an iterative risk assessment loop: define the machinery limits, identify hazards, estimate and evaluate risk, then reduce risk and repeat until the remaining risk is acceptable.

Step 1: Define the limits of the machinery

Before identifying hazards, define the boundaries of the assessment. ISO 12100 expects you to specify intended use, reasonably foreseeable misuse, space limits, and time limits. Without those limits, teams argue about scope instead of assessing risks, and lifecycle coverage becomes inconsistent.

Step 2: Identify the hazards

Hazard identification must be systematic and must cover all lifecycle phases of the machinery. In practice that means looking across transport, installation, operation, maintenance, cleaning, and decommissioning. Hazard categories include mechanical, electrical, thermal, noise, vibration, radiation, hazardous substances, ergonomics, and environmental conditions.

Step 3: Estimate the risk

Each identified hazard is estimated using two parameters:

1. Severity of possible harm
2. Probability of occurrence

Severity is usually easier to assess. Probability is harder because it depends on exposure, frequency, avoidability, operator behaviour, and the quality of existing protective measures.

Step 4: Evaluate the risk

Risk evaluation determines whether the estimated risk is acceptable or whether it requires further reduction. Most teams effectively classify risks as acceptable, tolerable, or unacceptable, then revisit that judgement after measures are applied.

Step 5: Reduce the risk - the three-step hierarchy

Risk reduction follows the legally required order embedded in the Machinery Directive:

1. Eliminate or minimise the risk through inherently safe design
2. Apply technical protective measures for remaining risks
3. Inform users about residual risks

This hierarchy is why the assessment has to happen early. The most effective measure - changing the design itself - disappears once the design is locked.

Why spreadsheets break down

The ISO 12100 methodology is logical and well-structured. The problem most teams encounter is not the methodology itself - it is the tools they use to manage it.

Spreadsheets can hold a list of hazards and scores, but they break down when the work needs:

• traceability from hazard to design decision, protective measure, standard, and test evidence
• iteration history that shows how the risk changed after measures were applied
• version control across multiple contributors and design revisions
• direct connection to the wider conformity workflow, including technical documentation and instructions

For a very small machine, a spreadsheet may be survivable. For a real project with many hazards and evolving design decisions, it becomes a maintenance problem rather than an engineering aid.

What the technical file needs from your risk assessment

The risk assessment is not a standalone exercise. Its outputs feed directly into the technical file - the manufacturer's central evidence package that must demonstrate conformity with all applicable essential requirements.

Under the Machinery Directive (Annex VII, Part A), the risk assessment documentation in the technical file must include:

• A list of the essential health and safety requirements that apply to the machinery - determined by the risk assessment
• A description of the protective measures implemented to eliminate hazards or reduce risks - traceable back to each applicable requirement
• An indication of residual risks associated with the machinery - with enough detail to inform the instructions for use

The technical file must also include the standards and other technical specifications applied, indicating which essential requirements they cover. This is where the risk assessment connects to the standards map: the standards you apply should address the hazards and requirements identified in the assessment.

One principle matters here: compliance with standard specifications does not dispense from the obligation to carry out the risk assessment. Standards and risk assessment are complementary. You need both.

A machinery example: making it concrete

Consider a team developing a compact industrial packaging machine with a rotary mechanism and an operator feed station. The machine will be sold into the EU market under the team's own brand. Here is how ISO 12100 applies in practice.

Define limits. The team specifies the intended use: automated packaging of consumer goods, operated by trained personnel, in an industrial environment. Foreseeable misuse includes operators reaching into the feed area during a jam without following the lockout procedure. The machine is expected to operate for 15 years with scheduled maintenance every 2,000 hours.

Identify hazards. Systematic review across all lifecycle phases identifies, among others: entanglement hazard from the rotary mechanism during operation, crushing hazard at the feed station during clearing of jams, electrical hazard from the drive system during maintenance, and ergonomic hazards from the operator interface during extended use.

Estimate and evaluate risk - one hazard through the full cycle. Take the entanglement hazard at the rotary mechanism. Severity: irreversible injury (potential loss of fingers or hand). Probability: possible - the mechanism is exposed during normal operation and operators work near it continuously. The risk is evaluated as unacceptable.

Reduce - applying the hierarchy. The team first redesigns the mechanism geometry to reduce exposure to the rotating parts. Then it adds a fixed guard with an interlocked panel. Finally, it documents the remaining residual risk and the lockout procedure in the instructions.

That one hazard should leave a traceable record of the initial estimate, the design change, the protective measure, the re-assessed risk, and the residual risk communicated to the user.

The takeaway

Risk assessment under ISO 12100 is a structured, iterative engineering process. It is not a form to fill in at the end of a project. It defines which legal requirements apply, drives design decisions, determines what needs to be tested, and feeds directly into the technical file that supports the declaration of conformity.

What makes it difficult in practice is not the methodology. It is managing the methodology across a real project, with multiple contributors, evolving designs, and the need to maintain traceability and version control over months or years. Teams that manage this work in fragmented, disconnected tools spend more time maintaining documentation than doing engineering analysis - and produce weaker evidence for their technical file.

Read the full workflow guide: EU Conformity Assessment for Machinery and Hardware Products.

Where to go deeper

• EU Conformity Assessment for Machinery and Hardware Products - The seven-step workflow from identifying applicable rules through to CE marking
• What EU Conformity Assessment Means in a Real Product Project - How conformity work maps onto your development phases
• Harmonised standards for product teams
• The technical file and declaration of conformity explained