Automotive plants and large-scale distribution centers across the U.S. and Europe are accelerating operational technology (OT) retrofit programs built around open interoperability standards, driven by vendor consolidation fatigue and mounting regulatory pressure from the EU's NIS2 Directive.
Background
Interoperability has long been a persistent challenge in manufacturing, primarily because control system, sensor, and automation device manufacturers rely on proprietary protocols and communication standards. Although the industry is shifting toward open systems, the prevalence of legacy equipment designed for closed-system applications continues to hinder unified environments.
That dynamic is now compounded by regulatory timelines. The EU's NIS2 Directive, which replaced NIS1 on 18 October 2024, expanded mandatory cybersecurity obligations to cover critical product manufacturing, logistics, and transport operators, according to the European Commission. All organizations with more than 50 employees and annual revenues exceeding €10 million must now comply, whether public or private. Penalties under NIS2 reach up to €10 million or 2% of global turnover, with potential personal liability for management.
On 20 January 2026, the European Commission proposed targeted amendments to the NIS2 Directive to increase legal clarity and simplify compliance requirements for companies operating in the EU. Despite those amendments, enforcement obligations on OT environments remain intact.
Details
The convergence of regulatory pressure and upgrade cycles is reshaping procurement. As digitalization deepens, growing interdependence across the value chain has made supply chain cybersecurity risks more pronounced. 60% of data breaches originating from third-party vendors underscore the importance of vendor governance. NIS2 requires procurement and vendor management processes to evolve, embedding security standards into contracts and RFQs.
For plant engineers evaluating retrofit pathways, open communication protocols are emerging as the primary technical lever. Open standards such as Message Queuing Telemetry Transport (MQTT) and OPC UA offer an increasingly popular route around proprietary systems. OPC UA has become a widely accepted standard for Industry 4.0, enabling manufacturer-independent data exchange. The VDMA - the largest industrial association in Europe - lists OPC UA as "a key prerequisite for the successful introduction of Industry 4.0 into production."
The cybersecurity implications are equally direct. NIS2 stresses the use of international standards to ensure effective cyber risk-management measures. ISA/IEC 62443 is a key cybersecurity standard for designing secured industrial automation and control system (IACS) infrastructures and is widely applied in manufacturing, power utilities, oil and gas, and other sectors where NIS2 applies. The U.S. and U.K. have also issued joint guidance for OT owners and operators, providing a road map for securing OT systems. Analysts note that this guidance and NIS2 together "highlight a converging international approach to OT cybersecurity."
OEMs are increasingly participating in cross-industry data exchange platforms. The European-led Catena-X initiative has emerged as a significant effort to standardize supply chain data sharing and traceability. In automotive intralogistics, the VDA 5050 standard for orchestrating autonomous mobile robot (AMR) fleets enables centralized, multi-vendor AMR management without proprietary middleware dependencies.
A recurring challenge across brownfield environments is integrating existing manufacturing facilities with legacy equipment not originally designed for digital connectivity.1The Impact of NIS2 on Operational Technology (OT) When devices and edge gateways share common protocols and data models, teams avoid costly point-to-point integrations and can scale from one-off proofs of concept to full rollouts. Research indicates that predictive-maintenance programs built on open, connected sensor architectures can reduce annual maintenance costs by approximately 10% and cut unplanned downtime by roughly 20%, according to IoT For All analysis of connected factory programs.
"The clear demand from customers is for open standard solutions and a higher interoperability between existing control system solutions," according to automation engineers cited by Control Design, though full compatibility across mixed legacy estates remains difficult to achieve.
For procurement teams, multi-protocol support helps break single-vendor dependency, eliminating the need to source controller, I/O, HMI, and SCADA software from the same supplier. Embedding open-standard requirements in RFQ specifications - alongside ISA/IEC 62443 certification evidence - is emerging as a practical procurement control that simultaneously addresses interoperability and NIS2 supply chain security obligations.
Outlook
As of 2025, several EU member states have published detailed NIS2 security requirements, and implementation is actively underway across critical sectors. Manufacturers operating across EU jurisdictions face additional complexity as national transposition timelines and enforcement intensities vary. Research identifies lack of awareness and the evolving threat landscape as the key factors reinforcing compliance gaps, with technical complexity and financial constraints acting as mediators that transmit their influence toward operational failures. For plant managers and operations directors overseeing retrofit pipelines, aligning open-standard adoption with ISA/IEC 62443 security zone definitions offers the most direct path to satisfying both production continuity requirements and NIS2 audit readiness.
