What’s New in the 2024 Updates to NFPA 79 – Part 1

07 Oct 2025

Cybersecurity Takes Center Stage

Why NFPA 79 Matters

The Electrical Standard for Industrial Machinery, NFPA 79, has long been the reference point for safe electrical design and installation of industrial machinery intended for the U.S. market. The latest 2024 Edition replaces the 2021 Edition, introducing several significant updates aimed at improving clarity, aligning with current technologies, and addressing modern risks.

NFPA 79 applies to machinery operating at up to 1000 V ac or 1500 V dc, beginning from the machine’s supply circuit terminals. It covers equipment such as machining centers, robotic systems, packaging lines, industrial 3D printers, and automation cells. If your equipment is installed in the U.S., this is the standard that Authorities Having Jurisdiction (AHJs) and inspection bodies will most often rely on.

Mandatory vs Permissive Rules – A Quick Refresher

NFPA 70, Article 90.5 defines three types of requirements:

Rule Type	Language Signal	Practical Meaning
Mandatory	shall / shall not	Actions are strictly required or prohibited.
Permissive	shall be permitted to / shall not be required to	Actions are allowed but not automatically required.
Explanatory	note / informative	These are not enforceable as requirements.

Understanding this distinction is important when interpreting new content in the 2024 edition – especially Clause 4.10, which introduces the topic of cybersecurity.

Cybersecurity in the Spotlight: New Clause 4.10

The most notable addition in Chapter 4 is the introduction of Clause 4.10, dedicated to cybersecurity in network-connected machinery. This clause acknowledges that as machines become more interconnected and remotely accessible, they also become more vulnerable to cyber threats that can directly impact safety and operational reliability.

Importantly, Clause 4.10 is written as a permissive rule. This means that compliance is not automatically required in every case, but permitted when applicable – particularly when driven by customer specifications, internal company policies, authorities or external regulatory frameworks.

Why This Matters for Safety

The inclusion of cybersecurity reflects an expanded understanding of machine safety. A successful cyberattack can compromise not just data, but core functions of the machine itself - altering protection settings, overriding emergency stops, disrupting SCADA signals, or disabling fire protection systems. These scenarios pose a real and growing risk in today's industrial environments.

What Clause 4.10 Requires (When Applied)

When triggered by relevant use cases or external requirements, Clause 4.10 outlines a cybersecurity framework built around three key components:

Pillar	Requirement	Real‑World Example
Assessment	A vulnerability analysis of the connected system.	Testing the PLC, HMI, or network interfaces for known threats.
Commissioning Certification	Documentation that the system resists known cyber threats.	Certification by a third-party body or internal CoC.
Documentation	Records of assessment and certification must be accessible to stakeholders.	Inclusion of cybersecurity records alongside the machine's technical file.

The clause also introduces further expectations around secure development practices, data port management, physical protection of communication media, regular threat reviews, and security patch updates.

Practical Takeaways for OEMs and System Integrators

1. Treat cybersecurity like any other safety risk. It should be addressed during system design, just like electrical shock or fire hazards.
2. Integrate secure practices into your development lifecycle. Change management, secure coding, and incident response planning are now part of what AHJs may look for.
3. Establish a patch and review process. Threats evolve constantly - having a documented plan for monitoring and applying security updates is increasingly expected.
4. Be ready to demonstrate compliance. Whether through certification, manufacturer declaration, or recognised programs, having verifiable evidence builds trust and ensures smoother inspection processes.

How Intertek Can Help

Intertek offers end-to-end support for compliance with the 2024 edition of NFPA 79, including its new cybersecurity provisions:

• Gap analyses against NFPA 79 Ed.2024
• Cybersecurity Risk Assessments and SDLC consultation
• Commissioning Certification through Intertek’s Cyber Assured™ program
• Combined NFPA 79 + UL 508A evaluations for control panels and assemblies

We help manufacturers stay ahead of evolving safety expectations and reduce risk during product deployment.

Coming Up Next: Section 5.1 – Machine Supply Circuit & Disconnecting Means

In Part 2 of this NFPA 79 blog series, we’ll focus on the revised requirements in Section 5.1, which clarify the expectations for supply circuit layout, disconnecting means, and labeling. These updates are critical for field approvals and wiring compliance.

Stay tuned!