The European Commission is presenting its new, long-awaited regulation on Artificial Intelligence (AI). This focus on AI on the part of the European Commission brings forward not only valuable questions for the continued evolution and safe deployment of this technology, but opportunities for ensuring the digital sovereignty of Europe for the future. To help address these questions and provide support to the deployment of AI in Europe, European standards play a key role. To organise and develop standardization work on this issue, CEN and CENELEC have established the CEN-CENELEC Joint Technical Committee 21 ‘Artificial Intelligence’.

This group brings together experts that will implement and lead the recommendations available in CEN and CENELEC’s response to the EC White Paper on AI and CEN and CENELEC’s Road Map on AI. 

The Joint Technical Committee, whose Secretariat is held by DS, the Danish Standardization Body, will be responsible for the development and adoption of standards for AI and related data, as well as provide guidance to other Technical Committees concerned with AI. Standards are relevant for the evolution of AI for a variety of reasons:

• they provide expertise to an emerging technology, ensuring safety and security for products and services;
• they are intrinsically designed to be an inclusive and market-driven instrument of support for European regulation through the New Legislative Framework, benefitting the Single Market and reducing barriers to trade.  

The ETSI committee on Methods for Testing and Specifications (TC MTS) has recently completed a first set of seven standards addressing the testing of the IoT MQTT and CoAP protocols, and the foundational security IoT-Profile.

The ETSI TS 103 596 series provides an overall test suite structure and catalogue of test purposes for the Constrained Application Protocol (CoAP). It can serve as a reference for both client-side test campaigns and server-side test campaigns. Part 1 specifies the conformance issues, part 2 the security issues and part 3 the performance issues. 

The ETSI TS 103 597 series provides an overall test suite structure and catalogue of test purposes for the MQ Telemetry Transport (MQTT). It is also divided into three different parts for conformance, security and  performance  testing.

Cybersecurity is crucial in today’s world, as our society increasingly relies on connected infrastructure and devices. In the field of railways, connected trains and infrastructure are seen as a major source of improvement for the management of traffic and capacity, energy efficiency, and network communication. But this trend also means more potential threats of cyber-attacks. To protect the rolling stock and fixed installations, the support of adequate tools and requirements is needed.

CENELEC contributes to providing this protection with the brand new CLC/TS 50701 ‘Railway applications – Cybersecurity’ developed by ‘CLC/TC 9X - Electrical and electronic applications for railways’.

This Technical Specification is a major landmark for the European railway sector, as it aims to provide requirements and recommendations to handle cybersecurity in a unified way for the railway sector.

EN ISO/IEC 27701 “Security techniques. Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management. Requirements and guidelines” sets out generic requirements for a Privacy Information Management System whose guidance can be adapted by organisations according to their context and applicable obligations. It can be considered as an international framework, in which it is possible to define more particular, regional refinements.

CEN and CENELEC’s Joint Committee 13 ‘Cybersecurity and Data Protection’ (CEN-CLC/JTC 13) has now started a new project, which aims at developing a standard that offers such refinements for a European context: the aim is to develop guidelines that organisations will be able to use for the purpose of demonstrating compliance with their obligations relating to GDPR.

ETSI has recently released ETSI GR SAI 005, a report which summarizes and analyses existing and potential mitigation against threats for AI-based systems. Setting a baseline for a common understanding of relevant AI cyber security threats and mitigations will be key for widespread deployment and acceptance of AI systems and applications. This report sheds light on the available methods for securing AI-based systems by mitigating known or potential security threats identified in the recent ENISA threat landscape publication and ETSI GR SAI 004 Problem Statement Report. It also addresses security capabilities, challenges, and limitations when adopting mitigation for AI-based systems in certain potential use cases.

Artificial intelligence has been driven by the rapid progress of deep learning and its wide applications, such as image classification, object detection, speech recognition and language translation.

The Commission is laying out a vision to build a new Joint Cyber Unit to tackle the rising number of serious cyber incidents impacting public services, as well as the life of businesses and citizens across the European Union. Advanced and coordinated responses in the field of cybersecurity have become increasingly necessary, as cyberattacks grow in number, scale and consequences, impacting heavily our security. All relevant actors in the EU need to be prepared to respond collectively and exchange relevant information on a ‘need to share', rather than only ‘need to know', basis.

The Recommendation on the creation of the Joint Cyber Unit is an important step towards completing the European cybersecurity crisis management framework. It is a concrete deliverable of the EU Cybersecurity Strategy and the EU Security Union Strategy, contributing to a safe digital economy and society.

ETSI published a White Paper titled MEC security: Status of standards support and future evolutions written by several authors participating in MEC and other related ETSI groups. This White Paper, the very first initiative in this domain, aims to identify aspects of security where the nature of edge computing leaves typical industry approaches to cloud security insufficient. 

Edge computing environments are by nature characterized by a complex multi-vendor, multi-supplier, multi-stakeholder ecosystem of equipment and both HW and SW devices. Given this overall level of system heterogeneity, security, trust and privacy are key topics for the edge environments.

Download the MEC security: status of standards support and future evolutions White Paper HERE

2021 is the European Year of Rail. On this occasion, CEN and CENELEC are proud to highlight the important role European standards play to ensure the well-functioning of a key sector for the future of Europe. Standardization on railways application is part of CEN and CENELEC’s wider work on transportation, a complex and large portfolio: it includes 1234 standards from CEN and CENELEC. These standards are mainly developed by two Technical Committees (TCs), CEN/TC 256 'Railway Applications' and CLC/TC 9X 'Electrical and electronic applications for railways'. In particular, standards on rail cover a wide range of topics specifically related to railways applications (products, processes and services), such as, among others, safety, rolling stock capacity, system efficiency, as well as cybersecurity, digitalisation, and automatic couplings. This work on rail contributes massively to the development of safe, innovative and efficient railway systems infrastructure, rolling stock and systems, and supports the EU in its strategic ambitions.