Industry 4.0 is no longer a vision in 2026 — it is platform building. The Asset Administration Shell (AAS) has, since 2024, provided a mature vendor-neutral data model for digital twins; OPC UA with the VDMA-umati Companion Specs is the standard at the machine layer. In parallel, the EU Data Act (applicable since 12 September 2025), Cyber Resilience Act (fully applicable 11 December 2027), and EU AI Act have established a binding regulatory frame. Building an Industry 4.0 platform or Industry 4.0 software for the DACH Mittelstand today means designing against those three regulations — and against the next refactor.
The term "Industrie 4.0" was coined in 2011 by Henning Kagermann (acatech), Wolfgang Wahlster (DFKI), and Wolf-Dieter Lukas (BMBF) and introduced at Hannover Messe 2011. The Plattform Industrie 4.0, jointly led by the German Federal Ministry for Economic Affairs and Energy (BMWE) and the Federal Ministry of Education and Research (BMBF), is the national coordinating body and, by its own count, brings together more than 350 actors from over 150 organisations. Two of its core deliverables now underpin every serious Industry 4.0 platform: the reference architecture model RAMI 4.0 and the Asset Administration Shell.
The Industrial Digital Twin Association (IDTA) has maintained the AAS specifications since 2021 (IDTA-01001 ff.). As of May 2026, the metamodel is released as version 3.0.1, the API specification as 3.1.2. With Eclipse BaSyx and the IDTA AASX Server, mature open-source implementations (MIT licence, Java/.NET) are in production use — the toolkit for vendor-neutral Industry 4.0 software is no longer conceptual but production-ready. The BMWE-funded Manufacturing-X data-space initiative builds on this AAS stack and acts as the umbrella for sectoral data spaces such as Catena-X (automotive, in operation since 2023) and Factory-X (mechanical and plant engineering, scheduled to transition into a stable operational phase by mid-2026).
Regionally, the DACH industry is unevenly distributed: roughly one third of all German machinery and plant manufacturers are headquartered in Baden-Württemberg, with another large concentration in Bavaria. The Allianz Industrie 4.0 Baden-Württemberg and cluster initiatives such as bwcon, CyberForum, CyberLago, and Technology Mountains bundle the Mittelstand perspective on Industry 4.0 platform development. What manufacturers need now is not another requirements catalogue but Industry 4.0 software sized for them: AAS-compliant, OPC-UA-ready, operable in-house — and adoptable without an SAP-scale programme.
OPC UA, AAS, MQTT, RAMI 4.0 — the standards are in place and freely specified. What is missing in the DACH Mittelstand is an Industry 4.0 platform that is workable without being an SAP-scale rollout. Manufacturers with 50–500 employees need software that goes productive in 6–12 months, with a clear data model, a realistic upgrade path, and no single-hyperscaler lock-in.
Plant IT (ERP, MES) and the shop-floor layer (SCADA, PLC) are historically separated; service data lives in spreadsheets, order data in SAP, machine data in the control room. Industry 4.0 software does not resolve these breaks by adding another tool — it does so via a shared data model, typically AAS submodels over OPC UA paired with an event-driven telemetry pipeline. That is an architecture problem, not a tooling problem.
OEMs increasingly require structured data exchange via sectoral data spaces — Catena-X has been in operation since 2023 in the automotive field; Factory-X follows in 2026 for mechanical and plant engineering. An Industry 4.0 platform planned today should keep these data spaces ready not as an add-on but via AAS submodels and Eclipse Dataspace Connectors. Otherwise the next OEM requirement is effectively a refactor.
EU Data Act, Cyber Resilience Act, EU AI Act, the German NIS2 Implementation Act, EU Machinery Regulation — five regulations, each with its own deadlines and its own data-model implications. Without integrated architecture you end up building the same function multiple times: one data export for the Data Act, one audit trail for NIS2, one vulnerability report for CRA. Industry 4.0 software built around AAS submodels, an append-only event log, and an audit-trail-grade data layer addresses these obligations from a single source.
In 2026 DACH Mittelstand customers increasingly require EU hosting, customer-managed keys, and no third-country transfers. Machine data is core capital — it belongs in your own hands, in every layer of the architecture. Default hyperscaler setups rarely satisfy that bar without substantial configuration. An Industry 4.0 platform running on your own infrastructure (or with an EU host such as Hetzner or DigitalOcean Frankfurt) is here not a luxury but an architectural decision.
Regulation (EU) 2023/2854 grants users of connected industrial products the right to access, use, and share the data generated by their use. For an Industry 4.0 platform this means structured per-asset data export via an API — typically as an AAS submodel. For products first placed on the market after 12 September 2026, an additional access-by-design obligation applies.
Applicability: Applicable since 12 Sep 2025 · Access-by-design from 12 Sep 2026
Regulation (EU) 2024/2847 mandates security-by-design for all products with digital elements on the EU market. Industrial platforms, IoT gateways, connected machines and their Industry 4.0 software are in scope: vulnerability management over the expected lifetime, security updates, conformity assessment, 24-hour reporting for actively exploited vulnerabilities. Fines up to €15 million or 2.5 % of global annual turnover. Practical path: vulnerability-disclosure policy, signed update pipeline, SBOM generation in the build — see our note on CRA software architecture.
Applicability: In force since 10 Dec 2024 · Reporting obligations from 11 Sep 2026 · Fully applicable 11 Dec 2027
Regulation (EU) 2024/1689. Industrial AI applications — predictive maintenance, computer-vision quality control, AI-driven anomaly detection on production data — may be classified as high-risk depending on intended use. Obligations begin with risk management, data quality, technical documentation, and transparency. For any Industry 4.0 platform with AI components this implies a clearly separated AI module, documented training data, on-prem or EU-hosted inference, and an audit trail over predictions.
Applicability: GPAI obligations since 2 Aug 2025 · High-risk (Annex III) from 2 Aug 2026 · Embedded high-risk (Annex I) from 2 Aug 2027
The German NIS2UmsuCG transposes Directive (EU) 2022/2555 into national law. The Bundestag passed it on 13 November 2025, the Bundesrat approved on 20 November 2025; it came into force on publication in the Federal Law Gazette on 6 December 2025. The BSI registration window closed on 6 March 2026. Some 29,500 companies are now in scope (up from roughly 4,500) — many mid-sized industrial manufacturers are directly affected for the first time. Architecture implications for Industry 4.0 software: asset inventory, incident management, MFA, network segmentation, and an in-platform audit trail. More in our note on NIS2 & software architecture.
Applicability: In force since 6 Dec 2025 · BSI registration deadline 6 Mar 2026
Regulation (EU) 2023/1230 replaces Machinery Directive 2006/42/EC from 20 January 2027. For the first time it connects machinery safety with cybersecurity in a single regulation — relevant for every manufacturer whose product has a connected controller or a software portion. For an Industry 4.0 platform: safety functions must be protected against unauthorised software access, and AI-driven safety functions face additional requirements.
Applicability: Applicable from 20 Jan 2027
Every physical asset gets a digital twin per the AAS standard, stored in a central or decentralised repository. Submodels cover master data, lifecycle, and data-export obligations. This is the "contract" between manufacturer, operator, and service — and the technical answer to the EU Data Act.
OPC UA with the umati Companion Specs (e.g. OPC 40501 for machine tools) as the vendor-neutral machine language; MQTT 5 for lightweight edge telemetry. An edge gateway buffers, normalises, and forwards — so a brief connectivity loss does not drop data.
High-throughput intake via a streaming platform, structured processing in a typed backend, time series in TimescaleDB. In parallel, an append-only event log as an audit-grade trail — one source for CRA incident reporting, NIS2 evidence, and EU AI Act model traceability.
Lifecycle data model with an immutable birth snapshot per unit, plus dynamic service and telemetry data. Eclipse Dataspace Connectors bridge to Catena-X / Factory-X without sending raw data outside the house. AI inference on-prem or in EU cloud — not in third-country SaaS.
Three frontends, one API layer: a self-service portal for end customers (with EU-Data-Act-ready data export), a mobile service app for technicians, an admin cockpit. Platform-wide monitoring and logging as a prerequisite for traceable incident analysis — depending on setup we run OpenTelemetry with Sentry, the Grafana stack, or Datadog.
The concrete stack is decided per project — driven by data volume, compliance, existing systems, and team skills. This table lists the capabilities we cover and two to three tools we have shipped in production for each.
| Capability | How we deliver it |
|---|---|
| Asset Administration Shell (IDTA) | Standardised digital-twin data model with freely available specifications (metamodel v3.0.1, API v3.1.2). Eclipse BaSyx (Java/.NET) and the IDTA AASX Server are mature open-source implementations — the foundation of any serious Industry 4.0 platform. |
| OPC UA + umati Companion Specs | Global standard for industrial machine communication. With the VDMA-/VDW-driven umati Companion Specs (as of 2026 around 25 published, around 30 in development) usable vendor-neutrally — e.g. OPC 40501 for machine tools, finalised in late 2025. |
| Typed platform backend | Structured API layer with clear modularity, performant HTTP and WebSocket layer. TypeScript (NestJS, Fastify) is our default; Go or Rust where throughput or regulatory memory-safety demands. Choice follows load and team, not the other way around. |
| Hybrid relational + time-series storage | One database for relational master data, lifecycle data, and time-series telemetry — typically Postgres + TimescaleDB. We reach for ClickHouse or Influx where write volume or analytical load demands it; append-only event log lives in the primary store. |
| Streaming platform for plant and edge telemetry | High-throughput streams from plant controllers via a streaming platform (e.g. Kafka, NATS JetStream); lightweight edge / IoT devices via MQTT 5. Event-driven architecture cleanly decouples telemetry intake from the application API. |
| Web portal & cross-platform app | Self-service portal for end customers with structured data export (EU-Data-Act-ready) — typically in a mature TS framework such as Next.js or Astro. Cross-platform service app (Flutter) for technicians, one codebase for iOS and Android. |
| EU-hosted or on-prem infrastructure | Data sovereignty in every layer: EU region for compliance without CLOUD Act exposure. We have shipped on Hetzner, DigitalOcean (Frankfurt), AWS Frankfurt, and on-prem Kubernetes among others; own container orchestration (Kubernetes, Kamal) keeps the platform independent of any single hyperscaler. |
As of: 2026-05-01
IoT platform development, B2B apps, and backend software for connected devices — from BLE sensors to EU Data Act-compliant telemetry platforms.
Automotive software for Tier-1 suppliers and connected vehicles — companion apps, OTA backends, diagnostics tools, and telemetry platforms that carry UN-R155, UN-R156, and ISO/SAE 21434 from the first line of code.
Mechanical engineering software, service apps, MES integration, and OPC UA connectivity for DACH Mittelstand — VDMA-umati-compatible.
Facility management software & platforms for CAFM, smart building, and EU energy-efficiency compliance — aligned with GEFMA 444/445.
Custom handwerker app and construction software for DACH Mittelstand businesses — mobile-first, offline-capable, from on-site measurement and site diary through e-invoicing (ZUGFeRD / X-Rechnung) to BIM connectivity.
We build software that fits the regulatory, technical, and organisational realities of your industry — without excess complexity.