Acronym: CAGI
Address: Rte de Ferney 106, 1202 Genève, Switzerland
Stakeholder group: NGOs and associations
Archives: Actors CPT
Acronym: IEC
Established: 1906
Address: 3 rue de Varembé, 1211 Geneva 20 , Switzerland
Stakeholder group: International and regional organisations
The IEC is the world leader in preparing international standards for all electrical, electronic, and related technologies. A global, not-for-profit membership organisation, the IEC provides a neutral and independent institutional framework to over 170 countries, coordinating the work of more than 20,000 experts. We administer four IEC Conformity Assessment Systems, representing the largest working multilateral agreement based on the one-time testing of products globally. The members of each system certify that devices, systems, installations, services, and people perform as required.
IEC International Standards represent a global consensus of state-of-the-art know-how and expertise. Together with conformity assessment, they are foundational for international trade.
IEC Standards incorporate the needs of many stakeholders in every participating country and form the basis for testing and certification. Every member country and all its stakeholders represented through the IEC National Committees has one vote and a say in what goes into an IEC International Standard.
Our work is used to verify the safety, performance, and interoperability of electric and electronic devices and systems such as mobile phones, refrigerators, office and medical equipment, or electricity generation. It also helps accelerate digitisation, artificial intelligence (AI), or virtual reality applications, protects information technology (IT) and critical infrastructure systems from cyberattacks and increases the safety of people and the environment.
Digital activities
The IEC works to ensure that its activities have a global reach in order to meet all the challenges of digital transformation worldwide. The organisation covers an array of digital policy issues.
Digital policy issues
Artificial intelligence and the internet of things
AI applications are driving digital transformation across diverse industries, including energy, healthcare, smart manufacturing, transport, and other strategic sectors that rely on IEC Standards and Conformity Assessment Systems. AI technologies allow insights and analytics that go far beyond the capabilities of legacy analytic systems.
For example, the digital transformation of the grid enables increased automation, making it more efficient and able to integrate fluctuating renewable energy sources seamlessly. IEC Standards pave the way for the use of a variety of digital technologies relating to intelligent energy. They deal with issues such as integrating renewable energies within the electrical network but also increased automatisation.
The IEC’s work in the area of AI takes a three-pronged approach. IEC experts focus on sector-specific needs (vertical standards) and conformity assessment, while the joint IEC and International Organization for Standardization (ISO) technical committee on AI, JTC1/SC 42, brings together technology experts, as well as ethicists, lawyers, social scientists, and others to develop generic and foundational standards (horizontal standards).
In addition, IEC Safety Standards are an essential element of the framework for AI applications in power utilities and smart manufacturing. IEC Conformity Assessment Systems complete the process by ensuring the standards are properly implemented.
SC 42 addresses some concerns about the use and application of AI technologies. For example, data quality standards for ML and analytics are crucial for helping to ensure that applied technologies produce useful insights and eliminate faulty features.
Governance standards in AI and the business process framework for big data analytics address how the technologies can be governed and overseen from a management perspective. International standards in the areas of trustworthiness, ethics, and societal concerns will ensure responsible deployment.
The joint IEC and ISO technical committee also develop foundational standards for the IoT. Among other things, SC 41 standards promote interoperability, as well as architecture and a common vocabulary for the IoT.
Hardware
The IEC develops standards for many of the technologies that support digital transformation. Sensors, cloud, and edge computing are examples.
Advances in data acquisition systems are driving the growth of big data and AI use cases. The IEC prepares standards relating to semiconductor devices, including sensors.
Sensors can be certified under the IEC Quality Assessment System for Electronic Components (IECQ), one of the four IEC Conformity Assessment Systems.
Cloud computing and its technologies have also supported the increase of AI applications. The joint IEC and ISO technical committee prepares standards for cloud computing, including distributed platforms and edge devices, which are close to users and data collection points. The publications cover key requirements relating to data storage and recovery.
Building trust
International Standards play an important role in increasing trust in AI and help support public and private decision-making, not least because they are developed by a broad range of stakeholders. This helps to ensure that the IEC’s work strikes the right balance between the desire to deploy AI and other new technologies rapidly and the need to study their ethical implications.
The IEC has been working with a wide range of international, regional, and national organisations to develop new ways to bring stakeholders together to address the challenges of AI. These include the Swiss Federal Department of Foreign Affairs (FDFA) and the standards development organisations, ISO, and the International Telecommunication Union (ITU).
More than 500 participants followed the AI with Trust conference, in-person and online, to hear different stakeholder perspectives on the interplay between legislation, standards and conformity assessment. They followed use-case sessions on healthcare, sensor technology, and collaborative robots, and heard distinguished experts exchange ideas on how they could interoperate more efficiently to build trust in AI. The conference in Geneva was the first milestone of the AI with Trust initiative.
The IEC is also a founding member of the Open Community for Ethics in Autonomous and Intelligent Systems (OCEANIS). OCEANIS brings together standardisation organisations from around the world to enhance awareness of the role of standards in facilitating innovation and addressing issues related to ethics and values.
Read more
– e-tech
IEC and ISO Work on Artificial Intelligence
Computational Approaches for AI Systems
– IEC Blog
– Video
AI with Trust conference interviews AI Governance
Network security and critical infrastructure
The IEC develops cybersecurity standards and conformity assessments for IT and operational technology (OT). One of the biggest challenges today is that cybersecurity is often understood only in terms of IT, which leaves critical infrastructure, such as power utilities, transport systems, manufacturing plants and hospitals, vulnerable to cyberattacks.
Cyberattacks on IT and OT systems often have different consequences. The effects of cyberattacks on IT are generally economical, while cyberattacks on critical infrastructure can impact the environment, damage equipment, or even threaten public health and lives.
When implementing a cybersecurity strategy, it is essential to consider the different priorities of cyber-physical and IT systems. The IEC provides relevant and specific guidance via two of the world’s best-known cybersecurity standards: IEC 62443 for cyber-physical systems and ISO/IEC 27001 for IT systems.
Both take a risk-based approach to cybersecurity, which is based on the concept that it is neither efficient nor sustainable to try to protect all assets in equal measure. Instead, users must identify what is most valuable and requires the greatest protection and identify vulnerabilities.
Conformity assessment provides further security by ensuring that the standards are implemented correctly: IECEE certification for IEC 62443 and IECQ for ISO/IEC 27001.
ISO/IEC 27001 for IT
IT security focuses equally on protecting the confidentiality, integrity, and availability of data – the so-called CIA triad. Confidentiality is of paramount importance and information security management systems, such as the one described in ISO/IEC 27001, are designed to protect sensitive data, such as personally identifiable information (PII), intellectual property (IP), or credit card numbers, for example.
Implementing the information security management system (ISMS) described in ISO/IEC 27001 means embedding information security continuity in business continuity management systems. Organisations are shown how to plan and monitor the use of resources to identify attacks earlier and take steps more quickly to mitigate the initial impact.
IEC 62443 for OT
In cyber-physical systems, where IT and OT converge, the goal is to protect safety, integrity, availability, and confidentiality (SIAC). Industrial control and automation systems (ICAS) run in a loop to check continually that everything is functioning correctly.
The IEC 62443 series was developed because IT cybersecurity measures are not always appropriate for ICAS. ICAS are found in an ever-expanding range of domains and industries, including critical infrastructure, such as energy generation, water management, and the healthcare sector.
ICAS must run continuously to check that each component in an operational system is functioning correctly. Compared to IT systems, they have different performance and availability requirements and equipment lifetime.
Conformity assessment: IECEE
Many organisations are applying for the IEC System of Conformity Assessment Schemes for Electrotechnical Equipment and Components (IECEE) conformity assessment certification to verify that the requirements of IEC 62443 have been met.
IECEE provides a framework for assessments in line with IEC 62443, which specifies requirements for security capabilities, whether technical (security mechanisms) or process (human procedures) related. Successful recipients receive the IECEE industrial cybersecurity capability certificate of conformity.
Conformity assessment: IECQ
While certification to ISO/IEC 27001 has existed since the standard was published in 2013, it is only in recent years that the IEC Quality Assessment System for Electronic Components (IECQ) has set up a true single standardised way of assessing and certifying an ISMS to ISO/IEC 27001.
International standards such as IEC 62443 and ISO/IEC 27001 are based on industry best practices and reached by consensus. Conformity assessment confirms that they have been implemented correctly to ensure a safe and secure digital society.
Read more
- Cyber Security: Ensuring IEC 62443 is Implemented Correctly
- Understanding IEC 62443
- IECQ Certification, a Crucial Requirement for ISO/IEC 27001
- Eight Things Organizations Should do to Ensure Compliance with Cyber Security Regulations
- Cyber Security for Critical Infrastructure
Video
- Cybersecurity for the Healthcare Sector
- Cybersecurity for Power Utilities and other Cyber Physical Systems
Digital tools
IEC has developed a number of online tools and services designed to help everyone with their daily activities.
Social media channels
Facebook @InternationalElectrotechnicalCommission
LinkedIn @IECStandards
Pinterest @IECStandards
X @IECStandards
YouTube @IECstandards
Acronym: ISO
Established: 1947
Address: Chemin de Blandonnet 8, 1214 Vernier, Geneva, Switzerland
Website: https://www.iso.org/iso/home.html
Stakeholder group: International and regional organisations
ISO is the International Organization for Standardization, the world’s largest developer of international standards. It consists of a global network of 170 national standards bodies – our members. Each member represents ISO in its country. The organisation brings together global experts to share knowledge and develop voluntary, consensus-based, market-relevant International Standards. It is best known for its catalogue of almost 25,000
standards spanning a wide range of sectors, including technology, food, and healthcare.
Digital activities
A large number of the international standards and related documents developed by ISO are related to information and communication technologies (ICTs), such as the Open Systems Interconnection (OSI) that was created in 1983 to establish a universal reference model for communication protocols. The organisation is also active in the field of emerging technologies including blockchain, the Internet of Things (IoT), and AI. The standards are developed by various technical committees dedicated to specific areas including information security, cybersecurity, privacy protection, AI, and intelligent transport systems.
Digital policy issues
Artificial intelligence
The joint technical committee of ISO and the International Electrotechnical Commission (IEC) for AI is known as ISO/IEC JTC1/SC 42 Artificial intelligence and is responsible for the development of standards in this area. To date, it has published 20 standards specifically pertaining to AI with 35 others in development. ISO/IEC 42001 is the flagship AI Management System Standard, which provides requirements for establishing, implementing, maintaining, and continually improving an AI management system within the context of an organisation. ISO/IEC TR 24028 provides an overview of trustworthiness in AI systems, detailing the associated threats and risks and addresses approaches on availability, resiliency, reliability, accuracy, safety, security, and privacy. The standards under development include those that cover concepts and terminology for AI (ISO/IEC 22989); bias in AI systems and AI-aided decision-making (ISO/IEC TR 24027); AI risk management (ISO/IEC 23894); a framework for AI systems using machine learning (ISO/IEC 23053); and the assessment of machine learning classification performance (ISO/IEC TS 4213). Up-to-date information on the technical committee (e.g. scope, programme of work, contact details) can be found on the committee page.
Cloud computing
ISO and IEC also have a joint committee for standards related to cloud computing which currently has 27 published standards and a further 5 in development. Of those published, two standards of note include ISO/IEC 19086-1, which provides an overview, foundational concepts, and definitions for a cloud computing service level agreement framework, and ISO/IEC 22123-3, which specifies the cloud computing reference architecture.Standards under development include those on health informatics (ISO/TR 21332); the audit of cloud services (ISO/IEC 22123-2); and data flow, categories, and use (ISO/IEC 19944 series). Up-to-date information on the technical committee (e.g. scope, programme of work, contact details) can be found on the committee page.
Internet of things
Recognising the ongoing developments in the field of IoT, ISO has a number of dedicated standards both published and in development, including those for intelligent transport systems (ISO 19079), future networks for IoT (ISO/IEC TR 29181 series), unique identification for IoT (ISO/IEC 29161), Internet of Media Things (ISO/IEC 23093-3), the trustworthiness of IoT (ISO/IEC 30149), and industrial IoT systems (ISO/IEC 30162). IoT security is addressed in standards such as ISO/IEC 27001 and ISO/IEC 27002, which provide a common language for governance, risk, and compliance issues related to information security. In addition, there are 26 standards under development, some of which provide a methodology for the trustworthiness of an IoT system or service (ISO/IEC 30147); a trustworthiness framework (ISO/IEC 30149); the requirements of an IoT data exchange platform for various IoT services (ISO/IEC 30161); and a real-time IoT framework (ISO/IEC 30165). Up-to-date information on the ISO and IEC joint technical committee for IoT (e.g. scope, programme of work, contact details) can be found on the committee page.
Telecommunication infrastructure
ISO’s standardisation work in the field of telecommunications infrastructure covers areas such as planning and installation of networks (e.g. ISO/IEC 14763-2), corporate telecommunication networks (e.g. ISO/IEC 17343), local and metropolitan area networks (e.g. ISO/IEC/IEEE 8802-A), private integrated telecommunications networks (e.g. ISO/IEC TR 14475), and wireless networks. Next-generation networks – packet-based public networks able to provide telecommunications services and use multiple quality-of-service-enabled transport technologies – are equally covered (e.g. ISO/IEC TR 26905). ISO also has standards for the so-called future networks, which are intended to provide futuristic capabilities and services beyond the limitations of current networks, including the internet. Up-to-date information on the joint ISO and IEC technical committee that develops these standards (e.g. scope, programme of work, contact details ) can be found on the committee page.
Blockchain
ISO has published 11 standards on blockchain and distributed ledger technologies: ISO/TR 23455 gives an overview of smart contracts in blockchain and distributed ledger technologies; ISO/TR 23244 tackles privacy and personally identifiable information protection; and ISO 22739 covers fundamental blockchain terminology respectively. ISO also has a further eight standards on blockchain in development. These include those related to: security management of digital asset custodians (ISO/TR 23576); taxonomy and ontology (ISO/TS 23258); and guidelines for governance (ISO/TS 23635). Up-to-date information on the technical committee (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.
Emerging technologies
ISO develops standards in the area of emerging technologies.
Dozens of standards in the area of emerging technologies are those related to robotics. ISO has more than 40 different standards either published or in development that cover issues such as collaborative robots (e.g. ISO/TS 15066); safety requirements for industrial robots (e.g. ISO 10218 series); and personal care robots (e.g. ISO 13482). Autonomous or so-called intelligent transport systems (ITS) standards are developed by ISO’s ITS Technical Committee and include those for forward vehicle collision warning systems (ISO 15623) and secure connections between trusted devices (ISO/TS 21185). Standards are also being developed to address the use of virtual reality in learning, education, and training (e.g. ISO/IEC 23843).
Network security
ISO and IEC standards also address information security and network security . The ISO and IEC 27000 family of standards covers information security management systems and are used by organisations to secure information assets such as financial data, intellectual property, and employee information. For example,ISO/IEC 27031 and ISO/IEC 27035 are specifically designed to help organisations respond, diffuse, and recover effectively from cyberattacks. ISO/IEC 27701 is an extension of ISO/IEC 27001 and ISO/IEC 27002 for privacy information management, and details requirements and guidance for establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS).Network security is also addressed by standards on technologies such as the IoT, smart community infrastructures, medical devices, localisation and tracking systems, and future networks. Up-to-date information on the joint ISO and IEC technical committee (e.g. scope, programme of work, contact details) can be found on the committee page.
Encryption
As more and more information (including sensitive personal data) is stored, transmitted, and processed online, the security, integrity, and confidentiality of such information becomes increasingly important. To this end, ISO has a number of standards for the encryption of data. For example, ISO/IEC 18033-1, currently under development, addresses the nature of encryption and describes certain general aspects of its use and properties. Other standards include ISO/IEC 19772 which covers authenticated encryption, ISO/IEC 18033-3 which specifies encryption systems (ciphers) for the purpose of data confidentiality, and ISO 19092 which allows for encryption of biometric data used for authentication of individuals in financial services for confidentiality or other reasons. ISO also has standards that focus on identity-based ciphers, symmetric and asymmetric encryption, public key infrastructure, and many more related areas.
Data governance
Big data is another area of ISO standardisation; around 80% of related standards are developed by the ISO/IEC AI committee. The terminology for big-data-related standards is outlined in ISO/IEC 20546, while ISO/IEC 20547-3 covers big data reference architecture. ISO/IEC TR 20547-2 provides examples of big data use cases with application domains and technical considerations and ISO/IEC TR 20547-5 details a roadmap of existing and future standards in this area. Up-to-date information on the technical committee (e.g. scope, programme of work, contact details) can be found on the committee page.
Digital identities
Digital signatures that validate digital identities help to ensure the integrity of data and authenticity of particulars in online transactions. This, therefore, contributes to the security of online applications and services. Standards to support this technology cover elements such as anonymous digital signatures (e.g. ISO/IEC 20008 series); digital signatures for healthcare documents (e.g. ISO 17090-4 and ISO 17090-5); and blind digital signatures, which is where the content of the message to be signed is disguised, used in contexts where, for example, anonymity is required. Examples of such standards are ISO 18370-1 and ISO/IEC 18370-2.
Privacy and data protection
Privacy and data protection in the context of ICTs is another area covered by ISO’s standardisation activities. One example is ISO/IEC 29101 which describes a privacy architecture framework. Others include those for privacy-enhancing protocols and services for identification cards (ISO/IEC 19286); privacy protection requirements pertaining to learning, education, and training systems employing information technologies (ISO/IEC 29187-1); privacy aspects in the context of intelligent transport systems (ISO/TR 12859); and security and privacy requirements for health informatics (ISO/TS 14441).
Digital tools
ISO has developed an online browsing platform that provides up-to-date information on ISO standards, graphical symbols, publications, and terms and definitions.
Future of meetings
Future ISO meetings can be found at ISO – meeting calendar.
Acronym: SDI
Address: c/o Campus Biotech, Chemin des Mines 9, 1202 Geneva, Switzerland
The SDI is an independent, non-profit foundation established in 2019. In September 2019, the first Swiss Global Digital Summit took place in Geneva to provide a platform to promote in-depth discussions on Ethics and Fairness in the Age of Digital Transformation. This Summit represented the starting point of the Foundation. During the 2020 World Economic Forum in Davos, the SDI celebrated its official launch and the creation of the foundation.
Rooted in Swiss values yet driven by a global vision, the Foundation is headquartered in Geneva, aiming to strengthen and advance a trustworthy digital ecosystem with diverse stakeholders. Its mission is to bring ethical principles and values into digital technologies through concrete projects such as the Digital Trust Label (DTL).
Digital activities
SDI actively works on tangible projects to implement ethical standards in the digital age, with a primary focus on cultivating digital trust.
The awareness of the importance of digital trust is growing. To foster collaboration among like-minded stakeholders, the SDI has compiled a comprehensive report on the digital trust ecosystem. Labels and Certifications for the Digital World – Mapping the International Landscape takes a closer look at 12 of the most relevant initiatives and analyses success factors as well as similarities and differences compared to the Digital Trust Label (DTL) by the SDI. In addition, it provides a regularly updated interactive overview to keep track of the dynamic Digital Trust Ecosystem.
The Digital Trust White Paper provides a comprehensive overview of the dynamic digital trust ecosystem. The compiled knowledge should form the basis for better cooperation and knowledge sharing. Instead of fragmentation, more cooperation is needed to define internationally valid labels and standards. It also provides the theoretical background for the SDI’s ongoing engagement in different working groups, for example, the Working Group on Digital Trust of the World Economic Forum
To assess the Swiss population’s mindset regarding trust in the digital world, a qualitative study Digital Trust from the User’s Perspective was carried out in November 2019.
In a trend map Landscape of the Digital Economy and Society, the trends identified further increase the importance of trustworthy digital services.
In addition, as a member of the World Economic Forum’s Digital Trust Working Group, the SDI actively participates in digital-trust-related activities to advance digital ethics and responsibility. Earning Digital Trust: Decision-Making for Trustworthy Technologies is an insight report published in 2022 emphasising the importance of leaders cultivating digital trust. Measuring Digital Trust: Supporting Decision-Making for Trustworthy Technology, published in October 2023, supports accessing an organisation’s advancement in achieving digital trust objectives and the level of maturity across dimensions.
Digital policy issues
Digital standards
Digital Trust Label
Trust is at the core of every human interaction, and the relationship we have with technology is no exception. The ongoing digital transformation needs to be founded in digital trust to be successful. Users of the digital space are demanding more and more transparency in the technology they use and caring more about the decisions of companies’ leadership. Hence, to address transparency and trustworthiness in digital technology, the SDI developed the first-of-its-kind DTL. Launched in January 2022, the DTL shows that a digital product or service meets mandatory criteria and thus a certain standard of trustworthiness. It also provides more information and transparency for users regarding four aspects: security, data protection, reliability of the application, and fair user interaction (use of AI).
The DTL builds trust between the users and digital technology providers. It benefits all stakeholders::
- Complies with a specific standard and puts the user at the centre: The digital application meets 35 different criteria in 4 dimensions.
- Offers more transparency and information: Users understand what happens with their data and whether an algorithm makes a decision.
- Showcases responsible companies: The DTL shows that a digital application provider takes its responsibilities towards its users seriously.
Priority in addressing digital trust should be given to digital services that are used in fields where
- the handled data is very sensitive and the consequences of using digital services matter greatly;
- automated decision-making algorithms are used
- there is not much choice whether to use a digital service; and
- digital services are rolled out at a high pace and on a large scale.
This particularly concerns digital services in healthcare, the public sector, the media sector, banking and insurance, HR, and the education sector.
Artificial intelligence
Ethical Artificial intelligence
As Generative AI is booming, the SDI is committed to further advancing efforts to guarantee that AI is developed in a secure, inclusive, and trustworthy manner for the good and benefit of all.
As part of ongoing efforts to raise awareness of the importance of digital responsibility and ethics in AI, the SDI has partnered up with the renowned Geneva School of Art and Design (HEAD) to create the interactive experience Adface. The web-based tool uses AI to analyse a person’s face and create a user profile to produce targeted advertisements that fit the assumed profile of the person. This tool shows that AI is already deeply embedded in and influencing everyday life (how AI algorithms influence decisions or automate a person’s decisions) and also how AI algorithms can make incorrect assumptions. Art and design can be valuable allies for raising awareness and stimulating critical thinking around the societal implications of new technologies.
Digital responsibility
The SDI and the Institute for Management Development (IMD) co-developed a resource to help organisations understand Corporate Digital Responsibility (CDR). The CDR Starter Kit, based on insights from top organisations and ongoing IMD research, is here to help businesses kick-start their CDR journey and sustain their digital responsibility efforts. Through lessons, common challenges, inspiration, and additional resources, the Starter Kit facilitates the adoption of CDR within and across organisations.
Digital tools
Start your Digital Trust journey with practical tools!
Digital Trust Criteria Catalogue
An expert group led by the Ecole Polytechnique Fédérale de Lausanne (EPFL) has compiled a catalogue of 35 criteria aimed at building trust for users of digital services. The criteria are based on four categories: security, data protection, reliability, and fair user interaction. The Digital Trust Criteria is the base and inspiration of all the SDI’s projects and trust tools. It is also a clear starting point for other organisations to understand what digital trust is and what they should do to make sure they keep it.
Digital Trust Compass
The Digital Trust Compass is an online self-assessment tool to determine whether your organisation respects and protects the interests of its users and to assess the level of digital trust awareness among end users. It serves as a compass, guiding you along your digital trust journey, and providing the right direction.
Digital Trust Guide
Based on the criteria, the SDI has created a user guide to digital trust. This Digital Trust Guide is designed to assist businesses or organisations that handle user data. The primary objective is to support organisations to establish a robust framework of trust that safeguards the interests of users based on this guide and continue their digital trust journey.
Social media channels
Facebook @isostandards
Instagram @isostandards
LinkedIn @isostandards
X @isostandards
YouTube @iso