The European Union in recent years has developed several regulations and directives that will, or do, impact innovations in the semiconductor industry related to artificial intelligence (AI) and data aggregation and transmission.
AI adoption is growing in semiconductor manufacturing as more chipmakers work to increase production efficiencies. AI can optimize manufacturing equipment processes, support predictive maintenance and energy usage optimization in sub-fab equipment operations, and bring new efficiencies to designers, manufacturing workflow and logistics. AI also supports business activities such as selecting job candidates and improving employee satisfaction and retention.
The proposed EU recast of the Machinery Directive into the Machinery Products Regulation introduces criteria for AI used in machinery safety components. In addition, the EU is developing an Artificial Intelligence Regulation (AIR) proposal that targets any AI software – whether it integrated into a machine or a desktop computer. The regulation is also structured as CE Marking legislation, which, until now, has been applied only to hardware products.
What’s unclear is whether the core of the AI system must be located in the EU to be in scope, or if the scope extends to software accessed through client devices in the EU but also connect to an AI core system outside the region.
AI, general machinery operations, and non-machinery business operations depend on the exchange of massive amounts of data from a broad spectrum of devices and terminals. In parallel with the AIR, Europe is developing an extensive net of cybersecurity legislation that will impact nearly all software and channels of data transmission. For example:
- The proposed Machinery Products Regulation (MPR) also contains daunting cybersecurity criteria that has been the focus of the SEMI European Union Machinery Directive (EUMD) working group’s advocacy, aimed at bringing the EUMD to a more practicable level.
- The Cybersecurity Certification Act (CCA), which took effect in June of 2021, establishes a European Cybersecurity Certification Group, national cybersecurity authorities, and ENISA – the European Union Agency for Cybersecurity. The CCA also provides a cybersecurity certification framework that can be referenced by other regulations (such as the MPR) as mandatory or voluntary.
- The proposed Cybersecurity Resilience Act, also a CE marking regulation, applies to products with digital elements that have a logical or physical data connection to a device or network. In coordination with the Machinery Products Directive, the Act defines various design, documentation, software updating, testing, and reporting criteria related to privacy, security, and exploitable vulnerabilities depending on the product type. The Act specifically references microcontrollers, application specific integrated circuits (ASIC), field-programmable gate arrays (FPGA), industrial automation and control systems (IACS), programmable logic controllers (PLC), distributed control systems (DCS), and supervisory control and data acquisition systems (SCADA).
These radical changes in the EU regulatory landscape extend beyond the expertise of the environment, health and safety (EHS) professionals in the SEMI EUMD working group. They can impact any company with products entering, or business operations in, Europe, ranging from remote access maintenance support systems in equipment to parts inventory management systems. The EUMD working group aims to cover topics related to semiconductor manufacturing and equipment hardware design, but the working group sees a coverage gap for other aspects of these regulations and directives.
SEMI members are encouraged to coordinate with SEMI EHS division to develop additional working groups and learning and advocacy plans for topics unrelated to machine hardware. To propose working groups focused on business operation systems, software, data communication, email SEMI EHS at EHS@semi.org.
James Amano is senior director of EHS & Sustainability at SEMI.