|
Cybersecurity/ Network and information security
-Standards Development Organisations (SDOs) to develop standards for critical infrastructure protection and thus in support of and responding to the requirements laid down in the NIS Directive.
-SDOs to investigate the availability of standards as regards to the security and incident notification requirements for digital service providers as defined in the NIS Directive and in support of possible other pieces of EU law.
-SDOs to assess existing standards required to support the European Cybersecurity Certification Framework to ensure that standards are available for providing the core of any certification activity. In particular, SDOs are encouraged to work on standards related to the specification and assessment of security properties in ICT products and services as well as those related to security in processes related to the design, development, delivery and maintenance of an ICT product or service.
-SDOs to assess gaps and develop standards on cybersecurity of consumer products in support of possible certification schemes completed under the European Cybersecurity Act and in support of possible other pieces of EU law.
Electronic identification and trust services
The Commission explains that further standardisation work will be needed to support the implementation of eIDAS. In the case of trust services, the planned secondary legislation refers extensively to the availability of standards as possible means to meet the regulatory requirements. Existing standards should be checked to take account of the protection of individuals with regard to personal data processing and the free movement of such data. Specific privacy by design standards should be identified and where needed developed. The accessibility needs of persons with disabilities should also be taken into account.
The following actions are requested:
-Build on the work done under Mandate M/460, in the following way: Support harmonisation of identity proofing, particularly in relation certificate issuance and remote signing. Define extended validation procedures that can be followed to determine if a signed document might be wrongly interpreted, even if the signed bytes have not changed.
-Take ongoing EU policy activities into account in standardisation, e.g. in ISO/IEC JTC 1/SC 27/WG 5 (identity management and privacy technologies) and other working groups of ISO/IEC JTC 1/SC 27. Furthermore, in order to promote the strengths of the European approach to electronic identification and trust services at global level and to foster mutual recognition of electronic identification and trust services with non-EU countries, European and international standards should be aligned wherever possible. The promotion and maintenance of related European approaches, which especially take into account data protection considerations, in international standards should be supported.
-Support and improve the development of interoperable standards by facilitating the organisation of plugtests (interoperability events) and developing and enhancing conformity testing tools. Such interoperability events may address CAdES, XAdES, PAdES, ASiC, use of trusted lists, signature validation, remote signature creation and validation, e-delivery services, preservation ser-vices, etc
-Foster the development of standards supporting the implementation of the measures derived from the revision of the eIDAS regulation, aimed to improve its effectiveness, extend its benefits to the private sector and promote trusted digital identities for all Europeans.
Additionally, the COVID section of the document also mentions standards for a “vaxproof” document and the use of innovative technologies such as AI or blockchain, as well as self-sovereign and digital identity as the basis for the exchange of sensitive personal information and health data. In the context of the EU recovery, SDOs should also addresses the potential of developing a universally accepted eID.
Artificial intelligence
The Commission refers to the OECD definition of AI: “An AI system is a machine-based system that can, for a given set of human-defined objectives, make predictions, recommendations, or decisions influencing real or virtual environments. AI systems are designed to operate with varying levels of autonomy.”
The following actions are requested:
-Foster coordination and interaction of all stakeholders in providing European requirements for AI, e.g. based on the work of the AI High Level Expert Group, Members States initiatives, OECD etc. Encourage the development of shared visions as a basis for input and requirements to standardisation.
-SDOs should further increase their coordination efforts around AI standardisation both in Europe and internationally in order to avoid overlap or unnecessary duplication of efforts and aim to the highest quality to ensure a trustworthy and safe deployment of this technology.
-SDOs to consider cybersecurity and related aspects of artificial intelligence, to identify gaps and develop the necessary standards on safety, privacy and security of artificial intelligence, to protect against malicious artificial intelligence and to use artificial intelligence to protect against cyber-attacks.
-Within the AI4EU initiative, identify leading open source activities which complement standardisation work and analyse to what extend they respond to EU requirements. Where useful establish dialogue, liaisons or partnerships with such open source projects.
5G
-Foster the emergence of global industry standards for key 5G technologies and network architectures.
-Take into account the specific needs of different sectors, in collaboration with other industry specific standards developing organisations.
-Foster the emergence of standards for legal interception mechanisms.
IoT
-SDOs to complement ongoing gap analysis by analysis of gaps in wireless technologies required by IoT, including URLL (Ultra Reliable Low Latency) technologies required by Industry Automation.
-Develop a European standard for cyber security compliance of products that is aligned with the current compliance framework of organisations based on the ISO 27000 Information Security Management Standards series and the GDPR regulation. Preferably the standard could be used to harmonise the requirements set out in the NIS directive.
-SDOs to assess further gaps and develop standards on the safety and cybersecurity of IoT consumer products under the European Cybersecurity Act or sectorial legislation.
-SDOs should consider further inclusion of and outreach to verticals
ePrivacy
-SDOs to work on standardised solutions for location data used by mobile applications.
-SDOs to investigate standards for supporting compliance and certification of compliance with GDPR and possible other EU data privacy requirements. Also a gap analysis should be run so to understand needed future work that may have to be prioritised.
-SDOs to continue investigating technical measures apt to make personal data anonymous or pseudonymised (and therefore unintelligible by those who are not authorised to access them).
-SDOs to continue investigating how to warrant a user-centric approach in privacy & access management
-SDOs to prevent unwarranted pervasive monitoring by default when developing standards. This is not only relevant in the context the internet but also the IoT.
-SDOs to develop secure coding standards for secure application development
Blockhain and distributed ledger technologies
-Continue identifying use cases which are relevant for EU (including EU regulatory requirements like from GDPR, ePrivacy, eIDAS, TOOP, etc) and submit them to relevant standardisation bodies, including CEN-CENE-LEC and ETSI, and also ISO, ITU
-A general framework for Governance of the European networks based on DLT should be developed to allow the flow of smart contracts between different networks.
ICT environmental impact
The document mentions the definition of Global KPIs for 1) management of fixed and mobile access, core networks, 2) data centres, 3) data services.
If you have any questions on these issues, please contact Camille Dornier - Policy Manager: camille.dornier@eurosmart.com
|
