|
[To Eurosmart members only]
2022 ICT standardisation rolling plan
The European Commission recently published the 2022 rolling plan for ICT standardisation. This rolling plan is the outcome of a dialogue with the European multi-stakeholder platform on ICT standardisation (MSP), of which Eurosmart is a member. The rolling plan identifies standardisation actions that can support EU policies.
Among other things, the following topics are addressed:
Cybersecurity
Cybersecurity must be integrated into all digital investments, particularly key technologies like AI, encryption and quantum computing. Regarding encryption, the rolling plan also notes that the Commission will work with Member States to identify possible solutions for lawful access.
Among the requested actions, the rolling plan invites the Standards Development Organisations (SDOs) to:
-develop standards for critical infrastructure protection (in support of NIS). They shall also foster the application of EN 62443 series.
-assess existing standards required to support the European cybersecurity certification schemes, including standards on cybersecurity of consumer products.
-investigate requirements for secure protocols for network and highly constrained devices and heavily constrained protocol interaction.
5G
The rolling plan invites the SDOs to foster the emergence of global industry standards under EU leadership for 5G and 6G technologies.
In addition, SDOs should work on lawful interception and lawful disclosure related standards. SDOs should encourage law enforcement involvement in 5G standardisation related committees.
Internet of Things
The rolling plan enjoins the SDOs to “develop a European standard for cybersecurity compliance of products that is aligned with the current compliance framework of organisations based on the ISO 27000 Information Security Management Standards series and the GDPR regulation”.
Furthermore, SDOs should assess gaps and develop standards on the safety and cybersecurity of IoT consumer products under the Cybersecurity Act or sectorial legislation.
Electronic identification and trust services, including e-Signature
The rolling plan invites the SDOs to take ongoing EU policy activities into account in standardisation, for instance, in ISO/IEC JTC 1/SC 27/WG 5. European and international standards should be aligned -wherever possible- to foster mutual recognition of eID and trust services with non-EU countries.
SDOs should prepare standards for:
-interfaces between the European Digital Identity Wallet and trust services, as well as services for signing by means of electronic signatures and seals
-interfaces between the European Digital Identity Wallet and relying parties
-security evaluation and certification of the European Digital Identity Wallet
-Protocol and security standards for new trust services, including electronic attestation of attributes, electronic archiving and electronic ledgers.
-Supporting additional requirements for identity proofing and validation of attributes.
-Adapting existing standards to take into account new provisions of eIDAS 2.0, including alignment with NIS2 and ensuring that the requirements of privacy by design are met.
Finally, SDOs should cooperate and work on identifiers, vocabularies, semantics, taxonomies, and ontologies for electronic attestations.
Artificial Intelligence
The rolling plan refers to the OECD definition for Artificial Intelligence (AI): “An AI system is a machine-based system that can, for a given set of human-defined objectives, make predictions, recommendations, or decisions influencing real or virtual environments. AI systems are designed to operate with varying levels of autonomy.”
The rolling plan notes that AI standardisation activities are flourishing. The challenge now is to coordinate them. SDOs should increase their coordination efforts around AI standardisation to avoid overlap or unnecessary duplication of efforts. They should also establish links with European requirements, including the AI Act and the Commission’s 2022 request on AI.
In addition, SDO should consider cybersecurity aspects of AI to protect against malicious AI and to use AI to protect against cyber-attacks.
The Commission’s JRC will coordinate with SDOs to develop a standardisation landscape and a gap analysis for AI.
For more information, including on blockchain, eCall, smart grids, Transport Systems and other topics, please follow the link below to the rolling plan.
|
