The European Commission (EC) has published a new Standardization Strategy outlining the EU's approach to standards within the Single Market as well as globally. The Strategy is accompanied by a proposal for an amendment to the Regulation on standardization, a report on its implementation, and the 2022 annual Union work programme for European standardization. This new Strategy aims to strengthen the EU's global competitiveness, enable a resilient, green, and digital economy, and to enshrine democratic values in technology applications. The new Standardization strategy illustrates the EU approach to standards concerning the Single Market and globally proposes five main actions:

• Anticipate, prioritize and address standardization needs in strategic areas

• Improve the governance and integrity of the European standardization system

• Enhance European leadership in global standards

• Support innovation

• Enable the next generation of standardization experts

European Committee for Standardization (CEN) and European Committee for Electrotechnical Standardization (CENELEC), two of the three officially recognized European Standardization Organizations, welcome the new European Standardization Strategy which reinforces the common efforts to deliver on the ambitions of the twin transition.

The Strategy, newly released by the European Commission, aims to respond to the need for Europe to strengthen the strategic role standards play in the Single and the Global Market. It sets the pathway to better support Europe’s competitiveness and strategic autonomy, facilitate the dissemination of European innovations and ensure that European and international standards are in line with the EU's interests and values. CEN and CENELEC share the value the Strategy gives to standards as a key tool to contribute to a resilient green and digital transformation of the EU’s industrial ecosystem.

As part of the European Standardization Package, the Commission presented a proposal for an amendment to Regulation (EU) No 1025/2012 – which sets the principles for how the European Standardization Organizations (ESOs) support European legislation – and subjected it to a consultation process to receive input from interested stakeholders. In particular, the proposed amendment concerns the decisions of ESOs concerning European standards and European standardization deliverables.

Given the relevance of the topic and their commitment to contribute to the reflection on the future of the European Standardization System (ESS), CEN and CENELEC, as two of the officially recognized ESOs, issued a response. In particular, the two organizations welcome the proposed amendment of Regulation 1025/2012 and the fact that it emphasizes the national delegation principle.

The Commission proposed new rules on who can use, and access data generated in the EU across all economic sectors. The Data Act will ensure fairness in the digital environment, stimulate a competitive data market, open opportunities for data-driven innovation and make data more accessible for all. It will lead to new, innovative services and more competitive prices for aftermarket services and repairs of connected objects. This last horizontal building block of the Commission's data strategy will play a key role in the digital transformation, in line with the 2030 digital objectives. 

In addition, the Data Act reviews certain aspects of the Database Directive, which was created in the 1990s to protect investments in the structured presentation of data. Notably, it clarifies that databases containing data from Internet-of-Things (IoT) devices and objects should not be subject to separate legal protection. This will ensure they can be accessed and used.

Privacy and personal data protection are essential in our current society as our offline and digital experiences are increasingly entwined. To ensure that these essential values are taken into account early on in the development of products and services, newly developed EN 17529 ‘Data protection and privacy by design and by default’ provides manufacturers and service providers with requirements before, or independently of, any specific application integration.

EN 17529 was developed in response to a request from the European Commission and is a perfect example of how European standards can be developed to complement international adoptions to address European values. Under this same mandate, there are also two Technical Reports that are currently being finalized which contain recommendations on how to integrate the principle of ‘data protection and privacy by design’ during the entire lifecycle of biometric access-control products and services, in order to achieve ‘data protection and privacy by default’. EN 17529 was developed by CEN-CLC/JTC 13 ‘Cybersecurity and Data Protection’, the Secretariat of which is currently held by DIN. JTC 13 is currently working on more standards to address similar issues, notably through its Working Group 5 ‘Data Protection, Privacy and Identity Management’.

The Commission proposed new rules to establish common cybersecurity and information security measures across the EU institutions, bodies, offices and agencies. The proposal aims to bolster their resilience and response capacities against cyber threats and incidents, as well as to ensure a resilient, secure EU public administration, amidst rising malicious cyber activities in the global landscape. 

Cybersecurity Regulation: The proposed Cybersecurity Regulation will put in place a framework for governance, risk management and control in the cybersecurity area. It will lead to the creation of a new inter-institutional Cybersecurity Board, boost cybersecurity capabilities, and stimulate regular maturity assessments and better cyber-hygiene. It will also extend the mandate of the Computer Emergency Response Team for the EU institutions, bodies, offices and agencies (CERT-EU), as a threat intelligence, information exchange and incident response coordination hub, a central advisory body, and a service provider.

The European Standards Organizations (ESOs), CEN, CENELEC and ETSI, joined forces with ENISA, the European Union Agency for Cybersecurity, to organize their 6th annual conference. The virtual conference focused on ‘European Standardization in support of the EU cybersecurity legislation’. The event opened with the European Standards Organizations, ENISA and the European Commission giving an overview of the EU cybersecurity standardization landscape. 

The purpose of the conference was twofold. First of all, the event presented current developments in the area of cybersecurity standardization. It also fostered a dialogue among policy makers, industry, research, consumer associations, standardization, and certification organizations, including all of those involved in the development of the ICT certification framework in Europe.

The EU Agency for Cybersecurity seizes the opportunity of the standardization conference to issue two new reports on standardization in support of cybersecurity policy. The first is overview of existing standards in relation to risk management describing methodologies & tools used to meet standards’ requirements. The second report focuses on 5G cybersecurity and analyzes standards contributing to the mitigation of technical and organizational risks in the 5G ecosystem. Both reports identify standardization gaps, and provide recommendations to enhance standards coverage in these areas, based on the needs of stakeholders.

CEN and CENELEC are fully committed to ensuring that, through their standards, goods and services are equally accessible to all. In this context, they just released the updated “CEN-CENELEC Protocol on accessibility following a Design for All approach in standardization”. The protocol outlines the procedure to help technical bodies decide whether accessibility, with a Design for All approach, should be addressed when developing or revising a standardization deliverable. The new version, adopted by CEN/BT/Working Group 213 ‘Strategic Advisory Group on Accessibility’ (SAGA), was made shorter and more simple to use, based on the feedback received on its previous version: in the current format, the protocol is now reduced from 6 to 2 documents.

Interested Technical Body officers are invited to start with document 1 – ‘The Protocol Form’, which helps understand if and how accessibility is applicable to projects. Further information and guidance on how to include accessibility to standardization projects can be found under document 2 – ‘Relevance’.

In the last two months, ETSI MEC has updated many Phase 2 reports and specifications. For its Phase 3 work, the ISG MEC recently released the updated MEC Terminology, ETSI GR MEC 001. A major milestone of the group is the ETSI specification on MEC Framework and Reference Architecture, GS MEC 003, introducing the MEC Federation architecture variant. This concept is a key enabler for supporting the requirements coming from GSMA OPG (Operator Platform Group). It enables inter-MEC system communication and allows 5G operators to collaborate among themselves and with service cloud providers and other stakeholders. This architecture also "federates" their edge computing resources by offering their MEC service capabilities for mutual consumption, and for application developers and end customers (e.g. vertical market segments).

MEC Open Area : In addition, the group enhanced its MEC Open Area with drafts of two updated specifications to foster the collaboration with other bodies such as GSMA and 3GPP. These two specifications on Edge Platform Application Enablement (MEC 011) and Federation enablement APIs (MEC 040), are critical for Phase 3 work, especially in the view of MEC Federation. Publicly available, this open area provides visibility to all stakeholders about ISG MEC’s on-going progress on key specifications.

Following on from meetings conducted in late 2021, ETSI has now completed Release 2 of its Experiential Networked Intelligence (ENI) specifications with the system architecture ETSI GS ENI 005. ETSI GS ENI 005 and associated documents will provide better insight into network operations - allowing more effective closed-loop decision making plus better lifecycle management. Through its use, operators will be able to leverage acquired data and apply artificial Intelligence (AI) algorithms to it. This will mean that they can respond much quicker to changing situations and gain far greater agility. The services being delivered across their networks may thereby be rapidly adapted and the resources they have available correctly assigned in accordance with subscribers’ requirements, or any other alterations in circumstances (either operationally or commercially driven).

An industry specification group (ISG) focused on ENI was first established by ETSI five years ago.  ETSI ENI Release 2 defines the key architectural requirements (GS ENI 002), and provides a more comprehensive array of potential use cases (GS ENI 001) and applicable proof of concept (PoC) specifications. To support this release, the ENI ISG has produced a series of reports.