Security Robot AI Certificate: Obligations 2026

A security robot without a complete certification file is a compliance risk for the operator in 2026, not only for the manufacturer. Four regulatory frameworks apply in parallel. Liability is distributed along the supply chain. Market surveillance authorities hold sanction powers that start in the six-figure range. This article assigns obligations by responsibility and deadline.

Security Robot AI Certificate: Which Evidence Is Mandatory in 2026

Four regulatory frameworks apply in parallel. The EU Machinery Regulation 2023/1230 replaces the old Machinery Directive from 20 January 2027. The EU AI Act governs AI components. EN ISO 13482 covers operational machine safety. The NIS-2 Directive requires KRITIS operators to secure networked systems.

CE marking remains the minimum requirement. It does not, however, cover AI-specific risks that the AI Act explicitly addresses. Security robots with autonomous person recognition can fall under the AI Act's high-risk classification, depending on deployment context. Full application of high-risk obligations takes effect from August 2026.

Conformity assessment for high-risk systems and for safety components with self-learning behaviour is carried out by notified bodies, not by manufacturer self-declaration. For the operator: anyone deploying a non-conforming system on KRITIS premises is jointly liable. The selection obligation is subject to documentation requirements. Violations can simultaneously trigger sanctions under the KRITIS-Dachgesetz, NIS-2, and product liability law.

Next step: KRITIS-Dachgesetz Checklist 2026.

EU Machinery Regulation 2023/1230: What Changes Compared to the Old Directive

Machinery Directive 2006/42/EC is replaced on 20 January 2027 (Regulation 2023/1230, Art. 52). The transition period ends without extension. Machines placed on the market after that date require conformity under the new Regulation.

Autonomous mobile robots and AI-supported safety functions are explicitly covered for the first time. The old Directive did not recognise these categories. Safety components with self-learning behaviour now require assessment by a notified body. A manufacturer's declaration of conformity is no longer sufficient here.

Technical documentation must disclose training data, model limitations, and update processes. This is a new requirement and demanding for many manufacturers. Operators must verify at every software update whether the conformity assessment must be re-triggered. A model update that changes recognition logic can qualify as a substantial modification. In that case, the assessment restarts from the beginning.

Practical note: anyone procuring a robot in 2026 should obtain written confirmation from the manufacturer that conformity under 2023/1230 has already been achieved. Otherwise it must be provided by the deadline at the latest. Failure to do so risks an operating ban for the device from January 2027.

Detailed cost comparison: TCO comparison with conventional Wachschutz.

EU AI Act: High-Risk Classification for Security Robots

Annex III of the AI Act lists high-risk applications. Biometric identification and behavioural analysis for person categorisation are included. A security robot that identifies persons based on biometric characteristics or classifies behaviour falls into this category.

An important distinction: pure anomaly detection without person identification can remain outside the high-risk classification. A robot that only reports "movement in Zone B outside operating hours" processes no biometric data and identifies no person. The deployment context decides. Blanket statements that "all AI robots are high-risk" are legally imprecise and lead to misdirected compliance investment.

Once high-risk status applies, binding obligations follow: a risk management system covering the entire lifecycle, documented data governance, and human oversight with intervention capability. Complete logging of all decisions is also mandatory. Registration in the EU database for high-risk AI systems is required before placing the system on the market.

The sanction framework for violations involving high-risk systems: up to €15 million or three percent of global annual turnover, whichever is higher (EU AI Act, Art. 99). For prohibited AI practices, the framework rises to up to €35 million or seven percent.

EN ISO 13482: The Operational Safety Standard for Personal Care Robots

EN ISO 13482 was originally developed for personal care and service robots operating in shared spaces with people. In practice it is also applied to security robots that move in areas where people are present. It is the operationally most relevant standard for the machine safety of autonomous robots.

The standard defines requirements for collision avoidance, emergency shutdown, and safe speed limitation. The risk assessment must document all foreseeable misuse scenarios. "Foreseeable" is to be interpreted broadly here. This includes deliberate manipulation by third parties, such as blocking sensors.

The QR-2 outdoor patrol and QR-3 with LiDAR and drone detection meet the standard for mixed outdoor areas with factory traffic. The certificate from a notified body is on file. For the operator, this significantly reduces liability exposure: in the event of damage, demonstrating compliant procurement is straightforward.

A certificate under ISO 13482 does not replace CE conformity or AI Act obligations. It supplements them. An operator who checks only one of the three levels has gaps in the file.

NIS-2 and Cybersecurity of Robot Systems

Security robots are networked systems. They communicate with control centres, transmit sensor data, and receive control commands. This places them within the supply-chain requirements of NIS-2.

The operator must demonstrate cryptographic protection of communications. Update packages must be signed. An unsecured OTA update function is not acceptable under NIS-2 and will be flagged in an audit. Penetration tests are mandatory annually. Vulnerabilities that may have significant impact must be reported to the BSI within 24 hours (NIS-2 Directive, Art. 23).

Board liability applies explicitly to the selection of compliant robotics suppliers. Anyone procuring a robot without formally verifying the provider's security posture breaches their duty of care. Quarero RaaS contracts include SLAs for patch cycles under seven days for critical vulnerabilities (as specified in the contractual service description). This is contract content, not marketing.

Further reading: NIS-2 compliance requirements and Board liability under NIS-2.

Conformity Assessment in Practice: Process and Duration

Step one: risk analysis under the Machinery Regulation and the AI Act, conducted in parallel. The analyses overlap but do not cover the same ground. Machine risks concern collision, crushing, and electrical safety. AI risks concern misclassification, bias, and model manipulation susceptibility.

Step two: technical documentation including training datasets and validation protocols. The manufacturer must demonstrate how the model was trained and which data were used. Achieved performance metrics must also be documented. Gaps here lead to rejection by the notified body.

Step three: examination by the notified body. Typical duration: eight to sixteen weeks. For complex AI components the period may extend. Anyone planning to procure a robot in April must initiate the assessment in January.

Step four: EU declaration of conformity from the manufacturer, CE marking on the device. The declaration must be dated, signed, and referenced to the specific serial number batch.

Step five: entry in the EU high-risk database, where applicable. Market surveillance in Germany is carried out by BNetzA and the competent Länder authorities. Authorities may request documentation at any time.

Operator Checklist: What Must Be in Place Before Pilot Operation

Before the first deployment of a security robot on KRITIS premises, the following documents must be complete in the operator's archive:

1. EU declaration of conformity from the robot manufacturer, dated and signed, referencing the specific device serial number.
2. Certificate from the notified body for the relevant machine class, including the validity date.
3. Proof of registration in the EU database, where the system qualifies as a high-risk AI system under AI Act Annex III.
4. Data protection impact assessment (DPIA) under GDPR Article 35, whenever person recognition or biometric processing takes place.
5. Operating instructions with roles, emergency procedures, and escalation chain in German. English manufacturer manuals are not sufficient for operational use.
6. Insurance certificate from the provider covering at least €5 million in operational liability, with explicit inclusion of AI-specific risks.

Depending on the site, additional requirements apply: approval from the local authority where movement occurs on publicly accessible areas; consultation with the works council where person recognition takes place within a plant; amendment of the existing Bewacherdienstordnung under §34a GewO where mixed operation with human Posten applies.

The Robotics-as-a-Service model reduces the operator's burden in obtaining manufacturer documents, because the provider assumes contractual responsibility for keeping conformity evidence current. The obligation to produce a DPIA and operating instructions remains with the operator.

Consequences of Missing Certificates

The consequences fall across four levels.

First: market surveillance authorities can order the system to be shut down. The standard deadline is 48 hours from service of the decision. Suspensive effect in urgent proceedings is not regularly to be expected.

Second: fines for operators under the AI Act up to €35 million or seven percent of group turnover for prohibited practices; up to €15 million or three percent for violations of high-risk obligations. These sanctions apply to pure operators, not only manufacturers.

Third: insurance cover lapses in the event of damage where a non-conforming system was causative. Personal injury caused by a robot without a valid certificate is uninsured. The operator bears full liability from its own assets. For legal entities, personal board liability applies in addition.

Fourth: KRITIS operators additionally risk sanctions under the KRITIS-Dachgesetz and NIS-2. The scope of the KRITIS facility concept follows from the KritisV. Sanction frameworks are cumulatively applicable. A single incident can trigger sanctions under the AI Act, NIS-2, and the KRITIS-Dachgesetz simultaneously.

Board members are personally liable where the selection process is not documented. The burden of proof in a dispute lies with the board. Anyone unable to produce documentation is treated by authorities as having not conducted the review.

Next Step

The complexity of the four regulatory frameworks is manageable where manufacturers and operators keep their roles clearly separated. Manufacturers deliver conformity assessments and certificates. Operators document the selection process, DPIA, operating instructions, and training. Leaving either package incomplete forfeits insurance cover and exposes board members personally.

To review the current state of your certificates and any open points before pilot operation on KRITIS premises, arrange a meeting via the advisory form for KRITIS operators. The file for the specific robot model will be brought to the meeting and reviewed item by item.