What is the primary objective of **EN 1090**?

**EN 1090 ensures controlled execution and conformity assessment of structural steel and aluminium components for CE marking under the Construction Products Regulation (CPR).** It comprises **EN 1090-1** for conformity assessment including certified **Factory Production Control (FPC)** and **Declaration of Performance (DoP)**, **EN 1090-2** for steel technical requirements, and **EN 1090-3** for aluminium. Risk-based **Execution Classes (EXC1–EXC4)** scale requirements for welding, traceability, tolerances, and inspection based on consequence class (CC1–CC3), service category (SC1–SC2), and production category (PC1–PC2).

Who is legally or professionally required to comply with **EN 1090**?

**Manufacturers of load-bearing steel and aluminium structural components and kits for permanent incorporation in EU/EEA construction works must comply with EN 1090 to affix CE marking.** This includes fabricators, welding shops, and steelwork contractors supplying to buildings, bridges, or industrial structures. Compliance is mandatory under CPR for market placement; non-structural or non-metallic elements are excluded.

Does **EN 1090** require an external audit or third-party certification?

**Yes, EN 1090-1 mandates certification of the Factory Production Control (FPC) system by a notified body under AVCP systems 2+.** This involves initial inspection of the factory and FPC, initial type testing/calculation (ITT/ITC), and issuance of a certificate enabling CE marking and DoP. Ongoing surveillance audits by the notified body ensure continued conformity.

How often should an assessment for **EN 1090** be performed?

**EN 1090 requires initial certification followed by continuous surveillance audits by a notified body, typically annually depending on execution class and prior performance.** Internal audits maintain FPC effectiveness; significant changes (e.g., processes, personnel) trigger re-assessments. Surveillance frequency follows EN 1090-1 Table B.3, scaled to EXC.

What are the consequences of non-compliance with **EN 1090**?

**Non-compliance with EN 1090 prevents lawful CE marking, risking market exclusion, product withdrawal, certificate suspension, and CPR enforcement actions.** Notified bodies publicly report suspensions for major non-conformities; manufacturers face liability for structural failures, fines, and reputational damage without FPC traceability.

An **EN 1090** be mapped to other international frameworks?

**EN 1090 integrates with standards like ISO 3834 for welding quality, but formal mappings are not prescribed; it stands as the CPR harmonized route for CE marking.** Execution classes align welding coordination (ISO 14731), welder qualifications (EN ISO 9606), and quality systems (ISO 9001), enabling practical adaptation without cross-standard dependencies.

What is the first step to begin implementing **EN 1090**?

**The first step is to determine the Execution Class (EXC1–EXC4) for product families using the consequence class, service category, and production category matrix.** Default to **EXC2** if unspecified, then conduct a gap analysis of current FPC against EN 1090-1 requirements, prioritizing welding coordination and material traceability.

What is the primary objective of **MLPS 2.0 (Multi-Level Protection Scheme)**?

**The primary objective of MLPS 2.0 is to establish a graded cybersecurity protection system ensuring security controls match the potential harm from system compromise to national security, social order, and public interests.** It classifies systems into five levels based on impact severity, mandating commensurate technical, management, physical, and personnel controls per GB/T 22239-2020 and related standards. This integrates cybersecurity into national stability objectives via enforceable obligations under China's Cybersecurity Law Article 21.

Who is legally or professionally required to comply with **MLPS 2.0 (Multi-Level Protection Scheme)**?

**All network operators in mainland China, including domestic firms, foreign-invested enterprises, and multinationals with local systems, must comply with MLPS 2.0.** This covers virtually every entity operating IT networks, cloud services, IoT, big data platforms, or industrial control systems, per Cybersecurity Law Article 21. Critical sectors like energy, finance, telecom face heightened scrutiny, with Levels 2+ requiring PSB filing.

Oes **MLPS 2.0 (Multi-Level Protection Scheme)** require an external audit or third-party certification?

**Yes, MLPS 2.0 requires external security reviews by licensed Chinese firms for Level 2 and above systems, with PSB approval.** Reviews score compliance at least 75/100 across technical, management, and physical domains per GB/T 28448-2019. Level 1 needs only self-assessment; higher levels demand documentation submission and potential on-site inspections.

How often should an assessment for **MLPS 2.0 (Multi-Level Protection Scheme)** be performed?

**Assessments under MLPS 2.0 must occur periodically: biennially for Level 2, annually for Level 3, semi-annually for Level 4, and as mandated for Level 5.** Re-evaluations are also triggered by major system changes. Self-inspections are ongoing for all levels, with external audits by licensed firms for Level 2+ to maintain certification.

What are the consequences of non-compliance with **MLPS 2.0 (Multi-Level Protection Scheme)**?

**Non-compliance with MLPS 2.0 results in administrative fines up to 100,000 yuan, operational suspensions, system shutdowns, and intensified PSB inspections.** Enforcement links to business license renewals; severe cases involve blacklisting or criminal liability, as seen in fines exceeding RMB 200 million for data breaches tied to inadequate protections.

An **MLPS 2.0 (Multi-Level Protection Scheme)** be mapped to other international frameworks?

**Yes, MLPS 2.0 control domains—physical, network, data, operations, governance—map to frameworks like ISO 27001 Annex A and NIST CSF categories.** Organizations use Statements of Applicability and risk treatment plans to align, but MLPS adds prescriptive grading, PSB oversight, and data localization not in voluntary standards.

EN 1090 vs MLPS 2.0 (Multi-Level Protection Scheme)

Standards Comparison

EN 1090

Mandatory

2009

European standard for steel/aluminium structural execution

MLPS 2.0 (Multi-Level Protection Scheme)

Mandatory

N/A

China's mandatory graded protection scheme for network security

Quick Verdict

EN 1090 ensures safe steel/aluminium fabrication with CE marking for EU construction, while MLPS 2.0 mandates graded cybersecurity for Chinese networks. Companies adopt EN 1090 for market access; MLPS 2.0 to avoid fines and ensure compliance.

Structural Metalwork

EN 1090

EN 1090 Execution of steel and aluminium structures

Cost

€€€€

Complexity

High

Implementation Time

6-12 months

Key Features

Factory Production Control (FPC) certification required
Risk-based Execution Classes (EXC1-EXC4)
Mandates CE marking under CPR
Technical execution rules for steel/aluminium
Welding quality aligned with ISO 3834

Standard

MLPS 2.0 (Multi-Level Protection Scheme)

Multi-Level Protection Scheme 2.0

Cost

€€€€

Complexity

Medium

Implementation Time

12-18 months

Key Features

Five-level classification based on societal impact
Mandatory audits and PSB approval for Level 2+
Technical controls for cloud, IoT, big data, ICS
Governance with role separation and personnel vetting
Enforced by Public Security Bureaus inspections

Detailed Analysis

A comprehensive look at the specific requirements, scope, and impact of each standard.

EN 1090 Details

What It Is

EN 1090 is a harmonized European standard series for execution and conformity assessment of structural steel and aluminium components. It implements CPR requirements, enabling CE marking. Primary scope covers fabrication, assembly, and market placement of load-bearing components. Key approach is risk-based via Execution Classes (EXC1-EXC4), scaling controls by consequence, service, and production categories.

Key Components

**EN 1090-1Conformity assessment, FPC certification, DoP.
**EN 1090-2/-3Technical rules for steel/aluminium (materials, welding, tolerances, corrosion, NDT).
Core: Traceability, welding per ISO 3834, inspection regimes.
AVCP systems with Notified Body oversight.

Why Organizations Use It

Mandated for EU market access; reduces liability, ensures safety. Drives capability in welding, traceability; enhances competitiveness via certification. Builds stakeholder trust through verified performance.

Implementation Overview

Phased: gap analysis, FPC build, personnel training, NB certification, surveillance. Targets fabricators; 6-12 months typical. Requires welding coordinators, digital records.

MLPS 2.0 (Multi-Level Protection Scheme) Details

What It Is

MLPS 2.0 (Multi-Level Protection Scheme 2.0) is China's mandatory cybersecurity regulation, operationalizing Article 21 of the Cybersecurity Law. It classifies information systems into five protection levels based on potential impact to national security, social order, and public interests, requiring graded technical, management, and governance controls.

Key Components

Core domains: physical security, network protection, data security, access control, monitoring, governance.
Baseline controls for all levels plus extended requirements for cloud, IoT, big data, ICS.
Built on national standards like GB/T 22239-2020.
Compliance via self-classification, third-party audits (Level 2+), PSB approval.

Why Organizations Use It

Legal obligation for all network operators in China; non-compliance risks fines, suspensions.
Enhances risk management, resilience; supports market access, procurement.
Builds regulator trust, avoids enforcement by Public Security Bureaus.

Implementation Overview

Phased: scoping, classification, gap analysis, remediation, audits, ongoing monitoring.
Applies to all sizes, industries in mainland China; higher costs/audits for Level 3+. (178 words)

Key Differences

Aspect	EN 1090	MLPS 2.0 (Multi-Level Protection Scheme)
Scope	Execution of steel/aluminium structures, CE marking	Graded cybersecurity for all networks/systems
Industry	Construction, fabrication (EU/EEA)	All sectors operating networks (China)
Nature	Harmonized technical standard, FPC certification	Mandatory cybersecurity regulation, PSB enforcement
Testing	FPC audits, ITT/ITC by notified bodies	Third-party evaluations, PSB inspections (Level 2+)
Penalties	Market exclusion, no CE marking	Fines, operations suspension, inspections