International Electrotechnical Commission

Acronym: IEC

Address: Rue de Varembé 3, 1211 Geneva 20, Switzerland

Website: https://iec.ch

Stakeholder group: International and regional organisations

Founded in 1906, the International Electrotechnical Commission (IEC) is the world’s leading organisation for the development of international standards for all electrical and electronic technologies. The IEC’s standardisation work is advanced by nearly 20 000 experts from government, industry, commerce, research, academia, and other stakeholder groups.

The IEC is one of three global sister organisations (in addition to the ISO and ITU) that develop international standards.

Digital Activities

The IEC works to ensure that its activities have a global reach in order to meet all the challenges of digital transformation worldwide. The organisation covers an array of digital policy issues illustrated below.

Digital policy issues

Digital standards 

 The IEC carries out standardisation and conformity assessment activities covering a vast array of technologies. These range from smart cities, grids, automation, and energy to electromagnetic compatibility between devices, digital system interfaces and protocols, and fibre optics and cables. Other areas covered by the IEC include multimedia home systems and applications for end-user networks, multimedia e-publishing and e-book technologies, information and communication technologies (ICTs), wearable electronic devices and technologies, cards and personal identification, programming languages, cloud computing and distributed platforms, the Internet of Things, and information technology (IT) for learning, education, and training.

Over the past 30 years, the IEC and ISO Joint Technical Committee (JTC 1) have been developing IT standards for global markets, meeting business and user requirements. This work addresses various aspects including the design and development of IT systems and tools; interoperability, performance, and quality of IT products and systems; harmonised IT vocabulary; and security of IT systems and information. Some of the areas that JTC 1 covers include:

  • Cards and security devices for personal identification
  • Computer graphics, image processing, and environmental data representation
  • Coding of audio, picture, multimedia, and hypermedia information
  • Automatic identification and data capture techniques
  • Data management and interchange
  • IT for learning, education, and training
  • Biometrics
  • Trustworthiness
  • Digital twins
  • Quantum computing
  • 3D printing
  • Augmented reality and virtual reality-based ICT
  • Autonomous and data-rich vehicles
Internet of things 
The Internet of Things (IoT) is one of the main technology sectors covered by the IEC (International Electrotechnical Commission) in its standardisation activities. Several technical committees (some of which are joint groups with the ISO – International Organization for Standardization) focus on various aspects of the Internet of Things. Examples include: standardisation in the area of IoT and related technologies, including sensor networks and wearable technologies; smart cities; smart grid (which involve the use of technology for optimal electricity delivery); and smart energy. In addition to developing standards, the IEC also publishes white papers, roadmaps with recommendations, and other resources on IoT-related issues. IECEE and IECQ, two of the four IEC Systems for Conformity Assessment, verify that digital devices/systems perform as intended.
Artificial intelligence 
Another important technology sector tackled by the IEC is artificial intelligence (AI). Standardisation activities in the area of AI are mostly covered by a joint IEC and ISO technical committee (ISO/IEC JTC 1/SC 42). The committee has recently published a new technical report that aims, among others, to assist the standards community in identifying specific AI standardisation gaps. SC 42 has set up several groups that cover specific aspects of AI, such as computational approaches and characteristics of AI systems, trustworthiness, use cases and applications of AI systems, to name a few.

The IEC also publishes white papers, recommendations and other resources on AI-related topics.

Cloud computing 
 Cloud computing is an enabling technology, based on the principles of shared devices, network access and shared data storage.

ISO/IEC JTC 1/SC 38 has produced international standards with cloud computing terms and definitions and reference architecture. Other work includes a standard which establishes a set of common cloud service building blocks, including terms and offerings, that can be used to create service level agreements (SLAs), which also covers the requirements for the security and privacy aspects of cloud service level agreements.

SC 38 has produced a standard for data taxonomy, which identifies the categories of data that flow across the cloud service customer devices and cloud services and how the data should be handled.

Network security 
In the area of cybersecurity, IEC works with ISO in their joint technical committee to develop the ISO/IEC 27000 family of standards. In addition, the IEC operates globally standardized systems for testing and certification (conformity assessment) to ensure that standards are properly applied in real-world technical systems and that results from anywhere in the world can be compared. To this end, IECQ (IEC Quality Assessment System For Electronic Component) provides an approved process scheme for ISO/IEC 27001. The IECEE (IEC System of Conformity Assessment Schemes for Electrotechnical Equipment and Components) Industrial Cybersecurity Programme focuses on cybersecurity in the industrial automation sector.
Critical infrastructure 
The IEC develops horizontal standards, such as the IEC 62443, for operational technology in industrial and critical infrastructure that includes power utilities, water management systems, healthcare and transport systems. These standards are technology independent and can be applied across many technical areas. On the other hand, several technical committees and subcommittees develop international standards to protect specific domains and critical infrastructure assets (vertical standards).

 

Sustainable development 
 The IEC international standards and conformity assessment systems contribute to the realisation of all 17 Sustainable Development Goals (SDGs). They provide the foundation allowing all countries and industries to adopt or build sustainable technologies, apply best practice, and form the basis for innovation as well as quality and risk management.

 

Capacity development 
The IEC Academy Platform aims to support IEC community members through formal learning and collaboration opportunities. The IEC offers a series of online courses and webinars that provide an in-depth understanding of IEC’s main activities.

Future of meetings

Any reference to online or remote meetings?

  • IEC technical committees have held online/remote meetings for many years, especially for focussed discussions on individual topics. In the context of the COVID-19 pandemic the breadth of technical online meetings has been further expanded to ensure optimal continuation of standardization and conformity assessment activities. Most face-to-face management board and governance meetings have been converted to online meetings during COVID-19. In support of the successful organization of online meetings, the IEC has published a virtual meeting guide.

Any reference to holding meetings outside HQ?

  • Many IEC meetings are held outside of IEC CO headquarters or online or in a hybrid format. The tools for that purpose include webinars, podcasts, online presentations and various teleconferencing facilities. In the future, augmented reality technology or digital twin approaches may also be considered to provide the benefits of face-to-face meetings. While face-to-face meetings have been the rule to date, some IEC Board meetings have also been held virtually to some extent already in the past, with documents being shared in advance on proprietary online platforms and collaboration taking place live online.

Any reference to deliberation or decision making online?

  • In the IEC, nearly all decision-making processes have been taking place virtually since many years, with voting/decisions being dispatched electronically, including collaboration and commenting via a dedicated electronic platform.

United Nations International Computing Centre

Acronym: UNICC

Address: Palais des Nations 1211 Geneva 10. Switzerland

Website: https://unicc.org/

Stakeholder group: International and regional organisations

The United Nations International Computing Centre (UNICC) is a specialized entity whose role is to provide digital tools and solutions to the UN family.

UNICC is currently positioned as the preferred operational and shared services centre of excellence for the UN system. UNICC is committed to delivering reliable digital services driven by best practices, offering world-class technology, state-of-the-art infrastructure, and a system-wide cross-domain experience of knowledge and data, enabling its Clients and Partners Organizations to achieve their Sustainable Development Goal (SDG) mandate through accelerated digital delivery.

UNICC’s portfolio covers more than 80 Client and Partner Organizations subscribe to UNICC’s 50 trusted services and digital solutions, offered from 5 strategic operation locations worldwide (Geneva, New York, Valencia, Rome, and Brindisi). UNICC is a full cost-recovery organization.

Digital Activities 

UNICC provides core digital business services to United Nations Agencies and related international organizations, including client services, support for innovative technologies, information security, data and analytics, software as a service and cloud integration services, infrastructure and platform services including network service, enterprise backup, ERP, web hosting and enterprise collaboration platforms. UNICC offers cost savings, business efficiencies, and volume discounts based on the scale of its engagements. UNICC operates on a full cost recovery basis, with surplus funds being refunded at the end of projects or initiatives. These services are designed to protect organizational assets, intellectual property, sensitive data, and reputation, and leverage the shared expertise of the umbrella of UN organizations and are adaptable to Client needs.

2020 brought forward new challenges and no one in the UN system could have predicted the transformation process initiated by the COVID-19 pandemic. However, UNICC was well prepared as it had strengthened its digital resiliency and moved core functions to the cloud in 2019. This made working-from-home a technologically effortless process. At the same time, UNICC was able to swiftly react to the requirements of its partners and clients, assisting them with digital solutions and technological tools that facilitated their mandate and mission of delivering SDG-related solutions through digital tools

Note: The specificities of the UNICC’s work as a service provider for the UN system are reflected in the coverage of their digital activities in the Geneva Digital Atlas. The UNICC is affected by digital policies on data, cybersecurity, and blockchain, but it does not operate in the policy space where these issues are negotiated and governed by diplomats, tech community, and other stakeholders.

Digital policy issues

Response to COVID-19 and Digital Solutions 
UNICC has responded in an agile way to the COVID-19 pandemic by supporting teleworking and virtual conferencing mainly by its:

For more information, please visit the UNICC website.

Cybersecurity 

UNICC offers highly valued services in information security and monitoring, protecting its clients’ assets from digital threats through proactive monitoring. The COVID-19 pandemic strengthened the fact that a proper Information Security Management System (ISMS) framework mitigates: risk of exposure of an organisation to a high risk of negative reputational impact, loss of valuable information, and exposure to malicious acts, as well as sophisticated and complex cyber-attacks. Institutions without an identified individual (or group) responsible for overall information security are susceptible to exposure, attacks, and financial damage, as well as an unquantifiable loss of information.

With this purpose in mind and in order to assist its staff, and in particular its partners and clients to continue delivering their activities mandated by their Member States, UNICC organised an awareness event to support UN and affiliated organisations to raise awareness about the importance of cybersecurity, information protection, and data privacy within the UN system. Its foundational idea continues to be ‘how to stay secure in a digital environment’.

Blockchain and biometrics 

Emphasising emerging and frontier technologies, UNICC has partnered with the UN Joint Staff Pension Fund (UNJSPF) and Hyperledger to deliver an innovative digital tool to improve and secure pension processes worldwide. Thus, enabling UNJSPF’s beneficiaries to confirm their identity digitally through their Certification of Entitlement (CE), leveraging innovative technologies to update manual processes and streamline efficiencies. The UNJSPF CE certifies that retiree beneficiaries are able to digitally confirm their identity using an open source blockchain technology, making the storage of biometrics not only secure but also easy to access through the download of a mobile app. (For more information, visit the dedicated website).

Digital industry exchange 
Standardising and creating a digital exchange for the entire industry, UNICC and the International Plant Protection Convention (IPPC) developed the IPPC ePhyto solution, which is a centralised hub to facilitate the exchange of electronic phyto-sanitary certificates and to ensure safe standards in the arrival and clearance of plants across national boundaries. The ePhyto solution received a trade facilitation innovation award at the UNESCAP Asia-Pacific Trade Facilitation Forum (India) in September 2019. A tailor-made service by UNICC creating value to customer by: Standardization of data, centralized industry exchange, supporting emerging countries who don’t have the resource to build their own solutions, directly assisting on delivering the mandate, and accelerating the achievement of SDG 13, SDG 15, SDG 12, mainly. (For more information, please visit the dedicated page).
Robotics automation 

Optimising processes by leveraging emerging technologies to automate routine tasks, UNICC co-creates value by offering ‘best-of-breed’ and ‘absolute fit-for-purpose’ robotic process automation (RPA) solutions across various RPA platforms. UNICC’s value proposition provides for complete services, from the inception to the management of ‘bots’ and all related RPA functions.

UNICC’s RPA Centre of Excellence (CoE) was created to help drive efficiencies across the entire UN system by enabling and scaling RPA adoption. UNICC benefits from its strategic partnerships with UiPath, Blue Prism, and Automation Anywhere and their ongoing commitments to enable UNICC’s CoE to support RPA adoption and drive shared efficiencies, while at the same time enabling economies of scale. UNICC’s RPA CoE’s clients include UHCR, WFP, and UNJSPF.

Data and analytics 

UNICC offers data and analytics services, including information management,  information analysis, and a business intelligence platform and support. Data is an asset and UNICC is well-positioned to facilitate and support data from ingestion through to channel publication resulting in trusted and reliable data services. This, combined with data visualisation and advanced analytics improves business insights.

Digital infrastructure 

In the domain of infrastructure services, the UNICC provides entities across the UN system with physical and virtual servers, operating systems, and data storage and hosting on one of its global data centres or its cloud systems. Additionally, it manages, maintains, and monitors network services such as wireless access, web proxy, and IP addresses, and also deals with Internet and connectivity issues such as shared Internet access services and DNS hosting and domain registrations. UNICC provides cloud services that include unlimited infrastructure while at the same time maintaining UN privileges and immunities. The value of digital infrastructure for the customer is a robust, scalable infrastructure supporting responsible optimisation of resources by leveraging shared services.

Sustainable development goal enablement 

Technology has enormous potential to accelerate the achievement of the SDGs, with new technologies such as blockchain, automation, AI, and big data at the forefront. UNICC provides technological tools and digital solutions that are designed and developed for its partners and clients, assisting them in fulfilling their mandate while at the same time remaining focused on the 2030 Agenda.

Digital diplomacy 

UNICC continues to design, develop, enable, and implement digital tools and solutions, ensuring diplomatic efforts are able to continue with confidentiality, multilingual simultaneous interpretation, diplomatic protocols, safety of delegates, and efficient online accessibility. UNICC supports remote virtual conferencing, requiring interpretation and secure access today, with a view towards continuing to enhance features to drive a differentiated, seamless customer experience in digital diplomacy.

CyberPeace Institute

Address: Av. de Sécheron 15, 1202 Genève, Switzerland

Website: https://cyberpeaceinstitute.org

Stakeholder group: NGOs and associations

 The CyberPeace Institute, an independent, neutral, and collaborative non-governmental organization, was created to enhance the stability of cyberspace. It aims to decrease the frequency, harm, and scale of cyber-attacks on civilians and critical civilian infrastructure, and increase the resilience of vulnerable actors. The Institute subscribes to the following principles in its work:

  • Impact: Reducing the frequency, harm, and scale of cyber-attacks by pushing for greater restraint in the use of cyber-attacks, increasing accountability for attacks that occur, and enhancing capabilities to prevent and recover from attacks.
  • Inclusiveness: Being inclusive and collaborative in the approach, cooperating with, and supporting, existing synergistic efforts.
  • Independence: Operating free from the direction or control of any other actors, including states, industries, and other organisations.
  • Integrity: Ensuring that its work and interactions with the cybersecurity community and victims of cyber-attacks reflect the highest ethical and analytical standards.
  • Neutrality: Supporting the stability and security of cyberspace rather than the interests of individual actors; as such, engaging with stakeholders and cyber-attack victims regardless of geographic location, nationality, race, or religion.
  • Transparency: Being transparent about its operations and methodologies, when it is feasible and responsible.

Through field analysis and global campaigning, the Institute’s goal is to protect the most vulnerable and to achieve peace and justice in cyberspace.  Its work is structured around three pillars: assistance, analysis, and advancement. These pillars form the core of the Institute’s mission, building on the simple reality that infrastructure, networks, regulations, norms, and protocols are merely enablers in cyberspace.

To fulfil this mission, and to deliver products and services which have a real impact, the Institute has four strategic objectives, ensuring a human-centric response to the technological, ethical, and regulatory challenges of cyberspace. Each of these objectives enables operational, tactical, and strategic responses with the goal of empowering people by maintaining a vibrant, open, free, and peaceful online space. The first three objectives are aligned with the three pillars, while the fourth objective ensures that the Institute and its staff are at the forefront of what will be tomorrow’s challenges in cyberspace.

  1. Strategic Objective 1: To increase and accelerate assistance efforts towards the most vulnerable, globally.
  2. Strategic Objective 2: To close the accountability gap through collaborative analyses of cyberattacks.
  3. Strategic Objective 3: To advance international law and norms in order to promote responsible behaviour in cyberspace.
  4. Strategic Objective 4: To forecast and analyse security threats associated with emerging and disruptive technologies, to innovate breakthrough solutions, and to close the skill gap to address global cyber challenges.

The Institute has an international scope, and is independent, apolitical, and impartial in its operations, publications, and partnerships.

Digital Activities

The Institute provides assistance to vulnerable communities, analyses cyberattacks to increase accountability, advocates for the advancement of the role of international law and norms for responsible behaviour in cyberspace, forecasts future threats (with a focus on disruptive technology), and supports capacity building.

Example of operational activities include:

  • Mapping the threat landscape in relation to critical civilian infrastructure.
  • Supporting the delivery of assistance at scale to the most vulnerable victims of cyberattacks.
  • Co-ordinating resources to amplify the impact of existing assistance efforts.
  • Conducting forensic and impact analyses of sophisticated cyberattacks and cyber operations, in co-operation with a consortium of experts from academia, industry, and civil society.
  • Co-ordinating relief efforts through a network of volunteers and providing knowledge products to increase resiliency.
  • Advancing the role of international law and norms governing the behaviour of state and non-state actors in cyberspace.
  • Analysing responses to violations of norms, and how normative or legal gaps are exposed and undermined.
  • Increasing public awareness of the real-life impact of cyberattacks, and providing a platform where vulnerable populations can tell their stories.
  • Analysing potential threats and opportunities stemming from the convergence of disruptive technologies (e.g., artificial intelligence, brain machine interface, augmented Reality, virtual Reality, 5G, etc.).
  • Acting as a platform to share innovative approaches and capacity-building strategies.

Digital policy issues

Critical infrastructure 
Consistent with its human-centric approach, one of the Institute’s key areas of focus is the protection of civilian infrastructure from systemic cyberattacks. For instance, in 2020, the Institute, together with a number of partners, launched Cyber 4 Healthcare, a targeted service for healthcare organizations fighting COVID-19. The initiative helps people find trusted and free cybersecurity assistance provided by qualified and reputable companies. In May 2020, the Institute issued a call for governments to stop all cyberattacks on healthcare organizations and to work with civil society and the private sector to ensure that medical facilities are protected and that perpetrators are held accountable.

Following that appeal to governments, the Institute launched a Strategic Analysis Report in March 2021.  Playing with Lives: Cyberattacks on Healthcare are Attacks on People  urges governments to remove rewards for criminals and hostile states attacking healthcare. The first of its kind, this analytical report focuses on the impacts of attacks on people and society and highlights the responsibilities of nation-states in leading the way for attacks to decrease globally and threat actors to be held accountable.  It maps existing initiatives and provides actionable recommendations to governments and policymakers to engage with civil society, industry and academia and design collective solutions.

Cyberpeace: From Human Experience to Human Responsibility
While the international community has recognized the need to be more “human-centric,” the CyberPeace Institute believes that an increased focus on human impact is not enough. In our pursuit of cyberpeace, we must start with the human impact. In each and every response, we must recall that the digital is human.

In cyberspace, everyone has a role to play. This collective action is essential to promoting justice, effecting change and ensuring human security, dignity and equity.

The CyberPeace Institute is gathering testimonials and digital evidence from the field to track these diverse accountabilities, ensuring that cyberattacks and cyberoperations are investigated in their local context. Closing the accountability gap will be made possible by shedding light on responsibilities in the context of the societal impact of irresponsible behaviour.

Network security 

To increase the scale and impact of its efforts to assist civilian victims of cyber-attacks, the Institute is building the CyberPeace Builders network, composed of volunteers from a range of backgrounds and locations worldwide, administered by a dedicated management structure, in collaboration with partners with established assistance capabilities. The network will provide emergency incident response and longer-term recovery plans to civilian victims recovering from significant cyberattacks perpetrated by malicious actors. It also assists vulnerable individuals in increasing their resilience and guarding against future cyberattacks.

Interdisciplinary approaches 

In order to contribute to closing the accountability gap in cyberspace, the Institute seeks to advance the role of international law and norms. This includes initiatives such as: publishing analyses of the economic and social impacts of cyberattacks; driving external engagement with stakeholders, individuals, and organizations focused on enhancing the stability of cyberspace; conducting reviews of cyberattacks based on international law and norms; and assessing potential remedies to fill the identified gaps. The Institute is actively engaged in the work of the United Nations Open-Ended Working Group on Developments in the Field of Information and Telecommunications in the Context of International Security, and is co-Chair of the Paris Call Working Group 5:  Building a cyberspace stability index, one of six groups established in November 2020 which are dedicated to ensure that fundamental rights and principles that apply in the physical world are respected in cyberspace.  More information on the Paris Call here

Capacity development 
In 2020, the Institute initiated a series of CyberPeace Labs webinars, bringing together experts from academia, the private sector, international organizations, civil society, and governmental bodies as discussants. Within the context of the COVID-19 pandemic, the first CyberPeace Lab:  Infodemic: A Threat to Cyberpeace, explored how malicious actors exploit infodemics to facilitate cyberattacks. The discussions from the series produced a set of best practices and actionable recommendations to inform initiatives undertaken by the Institute and, ultimately, to improve resilience against cyberattacks and bring about online peace.

The Institute also aims to facilitate the creation and scale-up of operational partnerships for cyber capacity-building, notably with grassroots practitioners and civil society organizations, to maximise the beneficial impact on local communities and individuals, while taking into account specific human contexts.

The Institute is also developing tailored products, such as the Resilience Toolkits, which are tailored to improve cyber hygiene.  These Toolkits reflect specific local and regional contexts and are designed, produced, and delivered in collaboration with local partners and stakeholders to accelerate existing efforts at the regional level.

In 2021 the Institute launched the Cyber Awareness Café, an online resource that promotes cyber awareness through sharing of information and cybersecurity tips with NGOs and local entities around the world.

Digital tools

In addition to its CyberPeace Labs, the Institute shares useful video materials and discussion recordings on its YouTube channel, maintains blogs on Medium, and is an active user of a number of social media channels, for example, Twitter, LinkedInInstagram and Facebook.

International Organization for Standardization

Acronym: ISO

Address: Chem. de Blandonnet 8, 1214 Vernier, Switzerland

Website: https://iso.org

Stakeholder group: International and regional organisations

The International Organization for Standardization (ISO) is a non-governmental international organisation composed of 165 national standard-setting bodies that are either part of governmental institutions or mandated by their respective governments. Each national standard-setting body therefore represents a member state.

After receiving a request from a consumer group or an industry association, ISO convenes an expert group tasked with the creation of a particular standard through a consensus process.

ISO develops international standards across a wide range of industries, including technology, food, and healthcare, in order to ensure that products and services are safe, reliable, of good quality, and ultimately, facilitate international trade. As such, it acts between the public and the private sector.

To date, ISO has published more than 22 000 standards.

Digital Activities

A large number of the international standards and related documents developed by ISO are related to information and communication technologies (ICTs), such as the Open Systems Interconnection (OSI) that was created in 1983 and established a universal reference model for communication protocols. The organisation is also active in the field of emerging technologies including blockchain, the Internet of Things (IoT), and artificial intelligence (AI).

The standards are developed by various technical committees dedicated to specific areas including information security, cybersecurity, privacy protection, AI, and intelligent transport systems.

Digital policy issues

Artificial intelligence 

The joint technical committee of ISO and the International Electrotechnical Commission (IEC) for AI is known as ISO/IEC JTC1/SC 42 Artificial intelligence and is responsible for the development of standards in this area. To date, it has published one standard specifically pertaining to AI with 18 others in development.

ISO/IEC TR 24028 provides an overview of trustworthiness in AI systems, detailing the associated threats and risks associated and addresses approaches on availability, resiliency, reliability, accuracy, safety, security, and privacy.

The standards under development include those that cover: concepts and terminology for AI (ISO/IEC 22989); bias in AI systems and AI-aided decision-making (ISO/IEC TR 24027); AI risk management (ISO/IEC 23894); a framework for AI systems using machine learning (ISO/IEC 23053); and the assessment of machine learning classification performance (ISO/IEC TS 4213).

Up-to-date information on the technical committee (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.

Cloud computing 

ISO and IEC also have a joint committee for standards related to cloud computing which currently has 19 published standards and a further 7 in development.

Of those published, two standards of note include ISO/IEC 19086-1, which provides an overview, foundational concepts, and definitions for a cloud computing service level agreement framework, and ISO/IEC 17789, which specifies the cloud computing reference architecture.

Standards under development include those on health informatics (ISO/TR 21332.2); the audit of cloud services (ISO/IEC 22123-2.2); and data flow, categories, and use (ISO/IEC 19944-1).

Up-to-date information on the technical committee (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.

Internet of things 

Recognising the ongoing developments in the field of IoT, ISO has a number of dedicated standards both published and in development, including those for intelligent transport systems (ISO 19079), future networks for IoT (ISO/IEC TR 29181-9), unique identification for IoT (ISO/IEC 29161), Internet of Media Things (ISO/IEC 23093-3), trustworthiness of IoT (ISO/IEC 30149), and industrial IoT systems (ISO/IEC 30162).

 IoT security is addressed in standards such as ISO/IEC 27001 and ISO/IEC 27002, which provide a common language for governance, risk, and compliance issues related to information security.

 In addition, there are seven standards under development, some of which provide a methodology for the trustworthiness of an IoT system or service (ISO/IEC 30147); a trustworthiness framework (ISO/IEC 30149); the requirements of an IoT data exchange platform for various IoT services (ISO/IEC 30161); and a real-time IoT framework (ISO/IEC 30165).

 Up-to-date information on the ISO and IEC joint technical committee for IoT (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.

Telecommunications infrastructure 

ISO’s standardisation work in the field of telecommunications infrastructure covers areas such as planning and installation of networks (e.g. ISO/IEC 14763-2 and ISO/IEC TR 14763-2-1), corporate telecommunication networks (e.g. ISO/IEC 17343), local and metropolitan area networks (e.g. ISO/IEC/IEEE 8802-A), private integrated telecommunications networks (e.g. ISO/IEC TR 14475), and wireless networks. Next generation networks – packet-based public networks able to provide telecommunications services and make use of multiple quality of service enabled transport technology – are equally covered (e.g. ISO/IEC TR 26905).

ISO also has standards for the so-called future networks, which are intended to provide futuristic capabilities and services beyond the limitations of current networks, including the Internet.

Up-to-date information on the joint ISO and IEC technical committee that develops these standards (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.

Blockchain 

ISO has published three standards on blockchain and distributed ledger technologies: ISO/TR 23455 gives an overview of smart contracts in blockchain and distributed ledger technologies; ISO/TR 23244 tackles privacy and personally identifiable information protection; and ISO 22739 covers fundamental blockchain terminology respectively.

ISO also has a further ten standards on blockchain in development. These include those related to: security risks, threats and vulnerabilities (ISO/TR 23245.2); security management of digital asset custodians (ISO/TR 23576); taxonomy and ontology (ISO/TS 23258); legally-binding smart contracts (ISO/TS 23259); and guidelines for governance (ISO/TS 23635).

Up-to-date information on the technical committee (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.

Emerging technologies 

ISO develops standards in the area of emerging technologies. Perhaps the largest number of standards in this area are those related to robotics. ISO has more than 40 different standards either published or in development that cover issues such as: collaborative robots (e.g. ISO/TS 15066); safety requirements for industrial robots (e.g. ISO 10218-2); and personal care robots (e.g. ISO 13482).

Autonomous or so-called intelligent transport systems (ITS) standards are developed by ISO’s ITS Technical Committee and include those for forward vehicle collision warning systems (ISO 15623) and secure connections between trusted devices (ISO/TS 21185).

Standards are also being developed to address the use of virtual reality in learning, education, and training (e.g. ISO/IEC 23843) and the display device interface for augmented reality (ISO/IEC 23763).

Network security 

Information security and network security is also addressed by ISO and IEC standards. The ISO and IEC 27000 family of standards covers information security management systems and are used by organisations to secure information assets such as financial data, intellectual property, and employee information.

For example, ISO/IEC 27031 and ISO/IEC 27035 are specifically designed to help organisations respond, diffuse, and recover effectively from cyberattacks. ISO/IEC 27701 is an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management, and details requirements and guidance for establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS).

Network security is also addressed by standards on technologies such as the IoT, smart community infrastructures, medical devices, localisation and tracking systems, and future networks.

Up-to-date information on the joint ISO and IEC technical committee (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.

Encryption 

As more and more information (including sensitive personal data) is stored, transmitted, and processed online, the security, integrity, and confidentiality of such information becomes increasingly important. To this end, ISO has a number of standards for the encryption of data. For example, ISO/IEC 18033-1, currently under development, addresses the nature of encryption and describes certain general aspects of its use and properties. Other standards include ISO/IEC 19772 that covers authenticated encryption, ISO/IEC 18033-3 that specifies encryption systems (ciphers) for the purpose of data confidentiality, and ISO 19092 that allows for encryption of biometric data used for authentication of individuals in financial services for confidentiality or other reasons.

ISO also has standards that focus on identity-based ciphers, symmetric and asymmetric encryption, public key infrastructure, and many more related areas.

Data governance 

Big data is another area of ISO standardization, and around 80% of related standards are developed by the ISO/IEC AI committee. The terminology for big data-related standards is outlined in ISO/IEC 20546, while ISO/IEC 20547-3 covers big data reference architecture.

ISO/IEC TR 20547-2 provides examples of big data use cases with application domains and technical considerations and ISO/IEC TR 20547-5 details a roadmap of existing and future standards in this area. A further eight standards are in development and include those for big data security and privacy (ISO/IEC 27045), terminology used in big data within the scope of predictive analytics (ISO 3534-5), and data science life cycle (ISO/TR 23347).

Up-to-date information on the technical committee (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.

Privacy and data protection 

Privacy and data protection in the context of ICTs is another area covered by ISO’s standardisation activities. One example is ISO/IEC 29101 which describes a privacy architecture framework.

Others include those for privacy-enhancing protocols and services for identification cards (ISO/IEC 19286); privacy protection requirements pertaining to learning, education, and training systems employing information technologies (ISO/IEC 29187-1); privacy aspects in the context of intelligent transport systems (ISO/TR 12859); and security and privacy requirements for health informatics (ISO/TS 14441).

Digital identities 

Digital signatures that validate digital identities help to ensure the integrity of data and authenticity of particulars in online transactions. This, therefore, contributes to the security of online applications and services. Standards to support this technology cover elements such as: anonymous digital signatures (e.g. ISO/IEC 20008-1 and ISO/IEC 20008-2); digital signatures for healthcare documents (e.g. ISO 17090-4 and ISO 17090-5); and blind digital signatures, which is where the content of the message to be signed is disguised, used in contexts where, for example, anonymity is required. Examples of such standards are ISO 18370-1 and ISO/IEC 18370-2.

Digital tools

ISO has developed an online browsing platform that provides up to date information on ISO standards, graphical symbols, publications, and terms and definitions.

Future of Meetings

Any reference to online or remote meetings?

Any reference to holding meetings outside HQ?

Any reference to deliberation or decision making online?

  • Yes, ISO governance groups are also meeting virtually.

World Intellectual Property Organization

Acronym: WIPO

Address: 34, chemin des Colombettes, CH-1211 Geneva 20, Switzerland

Website: https://wipo.int

Stakeholder group: International and regional organisations

The World Intellectual Property Organization (WIPO) is a UN agency functioning as a global forum for intellectual property (IP) related services (patents, copyright, trademarks, and designs), policy, information, and co-operation. The organisation was established in 1967 and it currently has 188 member states, in addition to over 200 observers representing non-governmental organisations and intergovernmental organisations.

WIPO’s activities are focused on: Contributing to the development of a balanced and effective international IP system; providing global services to protect IP at a global level and to resolve disputes; sharing of knowledge and information on IP-related issues; and encouraging co-operation and offering capacity building programmes ​aimed to enable countries to use IP for economic, social, and cultural development.

Digital Activities

WIPO provides domain name dispute resolution services, through its Arbitration and Mediation Center. In this regard, the organisation has developed (in collaboration with the Internet Corporation for Assigned Names and Numbers (ICANN)) the Uniform Domain Name Dispute Resolution Policy (UDRP) – the main domain name dispute resolution mechanism for conflicts on the right to register and use domain names under certain generic top level domains (gTLDs). The Center also administers disputes under a number of specific policies adopted by individual gTLD registries and provides domain name dispute resolution services for over 70 country code top level domains (ccTLDs).

The organisation administers the WIPO Copyright Treaty and the WIPO Performances and Phonogram Treaty (known as the ‘Internet Treaties’), which contain international norms aimed at preventing unauthorised access to and use of creative works on the Internet or other digital networks. It also carries out research and provides recommendations on issues related to the protection of intellectual property rights in the digital environment (especially with regards to copyright and trademarks).

Digital policy issues

Artificial intelligence 

WIPO is paying particular attention to the interplay between artificial intelligence (AI) and IP. In December 2019, it published a draft issue paper on AI and IP, which was later revised based on public comments and re-published in May 2020. The paper explores the (potential) impact of AI on IP policies in areas such as copyright and related rights, patents, trademarks, designs, and overall IP administration. Building on this exploratory work, WIPO is leading a Conversation on IP and AI, bringing together governments and other stakeholders, to discuss the impact of AI on IP. WIPO is also working on an AI and IP strategy clearing house, through which it is collating government instruments (strategies, regulations, etc.) that are relevant to AI and IP. The organisation is additionally developing and deploying AI solutions in the context of various activities; relevant examples are the WIPO Translate and WIPO Brand Image Search, which use AI for automated translation and image recognition.

Alternative dispute resolution 

WIPO’s activities in regard to the Domain Name System revolve around the protection of trademarks and related rights in the context of domain names. It has developed, together with ICANN, the UDRP. Under this policy, WIPO’s Arbitration and Mediation Centre provides dispute resolution services for second level domain name registrations under gTLDs to which the UDPR applies. The Arbitration and Mediation Centre also administers disputes under specific policies adopted by some gTLD registries (e.g. .aero, .asia, .travel). In addition, the Centre offers domain name dispute resolution services for over 70 country code top-level domains (ccTLDs). WIPO has developed a ccTLD Program, with the aim to provide advice to many ccTLD registries on the establishment of dispute resolution procedures. WIPO also contributes to the work carried out within the framework of ICANN in regard to the strengthening of existing trademark rights protection mechanisms or the development of new such mechanisms.

Intellectual property rights 

Trademarks: WIPO has long been involved in issues related to the protection of trademarks in the context of the Domain Name System. The first phase of the WIPO Internet Domain Name Process, carried out in 1991, explored trademark abuse in second-level domain names, and led to the adoption, by ICANN, of the UDRP. WIPO has also contributed to the development of several trademark rights protection mechanisms applicable to generic top-level domains  (such as legal rights objections, the Trademark Clearinghouse, and the uniform rapid suspension system). The WIPO Arbitration and Mediation Centre administers trademark-related dispute resolution cases for several gTLDs and ccTLDs.

Copyright: WIPO is actively contributing to international discussions on the protection of copyright in the digital environment. The organisation administers the ‘Internet Treaties’, which contain international norms aimed at preventing unauthorised access to and use of creative works on the Internet or other digital networks. Among others, the treaties clarify that existing IP rights apply on the Internet, but also introduce new ‘online rights’. WIPO also carries out research and organises seminars and other meetings on aspects concerning challenges and possible solutions for the protection of copyright and related rights in the digital era.

Liability of intermediaries 

Given WIPO’s concerns with regard to the protection of copyright and related rights on the Internet, the organisation is exploring issues related to the roles and responsibilities of Internet intermediaries when it comes to online copyright infringements. The organisation carries out or commissions research and publishes studies on the relationship between copyright and Internet intermediaries (such as comparative analysis of national approaches of the liability of Internet intermediaries), and organises events (seminars, workshops, sessions at the World Summit on the Information Society Forum and Internet Governance Forum meetings, etc.) aimed at facilitating multistakeholder discussions on the potential liability of Internet intermediaries in relation to copyright infringements.

Sustainable development 

WIPO is of the view that IP is a critical incentive for innovation and creativity, and, as such, a key to the success of the sustainable development goals (SDGs). The organisation works to enable member states to use the IP system to drive the innovation, competitiveness, and creativity needed to achieve the SDGs. It does so, for instance, through supporting countries in their efforts to build an innovative IP ecosystem, providing legislative advice on updating national IP laws, and supporting judiciary systems in keeping up with technological innovation. WIPO’s contribution to the implementation of the Agenda 2030 is guided by its Development Agenda.

Climate change 

WIPO’s Global Challenges programme brings together various stakeholders to explore issues related to green technologies and the environment. For instance, it hosts WIPO Green, a multistakeholder platform aimed to promote innovation and diffusion of green technologies, and it provides analysis of relevant IP issues to facilitate international policy dialogue.

Digital tools

WIPO is using multiple digital tools in relation to its services. Below are some examples:

  • WIPO Match – platform that matches seekers of specific IP-related development needs with potential providers offering resources
  • WIPO Proof – a service that provides a date- and time-stamped digital fingerprint of any file
  • Madrid e-services – online tools and resources
  • Electronic Forum – enables the electronic distribution and submission by email of comments concerning preliminary draft working documents and draft reports.
  • WIPO Academy, which also includes an eLearning Centre
  • Platforms for online meetings (not so clear which platform(s) WIPO is using)

World Economic Forum

Acronym: WEF

Address: Route de la Capite, 1223 Cologny, Switzerland

Website: https://weforum.org

Stakeholder group: NGOs and associations

The World Economic Forum (WEF) is a not-for-profit foundation whose membership is composed of large corporations from around the world.

The WEF engages political, business, academic, and other leaders of society in collaborative efforts to shape global, regional, and industry agendas. Together with other stakeholders, it works to define challenges, solutions, and actions in the spirit of global citizenship. It also serves and builds sustained communities through an integrated concept of high-level meetings, research networks, task forces, and digital collaboration.

Digital Activities 

The fourth industrial revolution is one of the WEF’s key areas of work. Under this focus, it carries out a wide range of activities covering digital policy issues, from telecom infrastructure and cybersecurity to the digital economy and the future of work. It has set up multiple platforms and global fora focused on bringing together various stakeholders and initiatives to advance debates and foster co-operation on the issues explored. It also publishes reports, studies, and white papers on its focus areas, and features discussions on the policy implications of digital technologies in the framework of its annual meeting in Davos and other events organised around the world.

Digital policy issues

Telecommunications infrastructure 

The WEF’s work in the area of telecom infrastructure is broadly dedicated to shedding light on the need to advance connectivity and evolve towards new network technologies as a way to support the transition to the fourth industrial revolution. Initiatives in this area include the Global Future Council of New Network Technologies, dedicated, among others, to exploring incentives for network development, and the EDISON Initiative (Essential Digital Infrastructure & Services Network), aimed at developing strategies to achieve 75% broadband penetration before 2025. A specific focus area for the WEF is 5G: It has identified 5G as an issue of global importance and works on analysing the impacts of 5G on industry and society. The new mobile network is tackled under initiatives such as the WEF Platform on Internet of Things, Robotics and 5G, and the 5G Global Accelerator. In its report titled The Impact of 5G: Creating New Value Across Industries and Society, the WEF notes that 5G will be critical because it will enable unprecedented levels of connectivity, allowing for superfast broadband, ultra-reliable low latency communication, massive machine-type communications, and high reliability/availability and efficient energy usage, all of which will transform many sectors, such as manufacturing, transportation, public services, and health.

Artificial intelligence;

The WEF is carrying out multiple activities in the field of artificial intelligence (AI). The WEF Platform on AI and Machine Learning brings together actors from public and private sectors to co-design and test policy frameworks that accelerate the benefits and mitigate the risks of AI. Project areas include standards for protecting children, creating an ‘AI regulator for the twenty-first century’, and addressing the challenges of facial recognition technology. In addition, the WEF created a Global AI Council to address governance gaps and to provide policy guidance under its Center for the Fourth Industrial Revolution. The WEF explores issues related to AI safety, security, and standards; AI ethics and values; and machine learning and predictive systems in relation to global risks and international security. The WEF extensively publishes articles on the need to build a new social contract to ensure that technological innovation, in particular AI, is deployed safely and aligned with the ethical needs of a globalising world. It is also assisting policymakers in devising appropriate AI-related policies. For instance, it published a Framework for Developing a National Artificial Intelligence Strategy to guide governments in their efforts to elaborate strategies for the development and deployment of AI. In recent years, AI and its impact on national and international policy spaces have featured highly on the agenda of the WEF’s annual meetings in Davos.

Blockchain and cryptocurrencies 

The WEF Platform for Blockchain and Distributed Ledger Technologies (DLT) works to advance a systemic and inclusive approach to governing DLT, to ensure that everyone can benefit from these technologies. The WEF works on governance issues related to the equity, interoperability, security, transparency, and trust of DLT. It also analyses the relationship between blockchain and cybersecurity and international security, as well as the future of computing. It publishes papers on issues such as the challenges blockchain faces and its role in security. In addition, the WEF has created a Global Blockchain Council to address governance gaps and to provide policy guidance under its Center for the Fourth Industrial Revolution.

The WEF is also active on issues related to digital currencies and their policy implications. In January 2020, it created a Global Consortium for Digital Currency Governance to work on designing a framework for the governance of digital currencies, including stablecoins. It aims to facilitate access to the financial system through inclusive and innovative policy solutions. Along with the launch of the consortium, the WEF published a Central Bank Digital Currency (CBDC) Policy-Makers Toolkit, intended to serve as a possible framework to ensure that the deployment of CBDCs takes into account potential costs and benefits.

Internet of things 

The WEF Platform on Internet of Things, Robotics and 5G works with key players from the public and private sectors to accelerate the impact of Internet of Things (IoT) technologies, build trust in consumer IoT, unlock the shared value of IoT data, enable an inclusive roll-out of 5G and next-generation connectivity, and promote the responsible adoption of smart city technologies. Specifically, the WEF analyses questions of IoT and data ownership, infrastructure security, and the vulnerability of IoT to cyber-attacks. In co-operation with the Massachusetts Institute of Technology (MIT), the WEF published a report on Realizing the Internet of Things – a Framework for Collective Action outlining five pillars for the development of IoT: architecture and standards, security and privacy, shared value creation, organisational development, and ecosystem governance. WEF also created three Global Councils related to IoT to address governance gaps and to provide policy guidance: Global Internet of Things Council, Global Drones and Aerial Mobility Council, and Global Autonomous and Urban Mobility Council.

Emerging technologies 

Virtual/augmented reality. The WEF is expanding and streamlining its work on virtual and augmented reality (VR/AR) by creating the Global Future Council on Virtual and Augmented Reality, which will explore and raise awareness of the positive and negative aspects of the widespread adoption of VR/AR technologies. The WEF carries out policy research and analysis related to the impact of VR/AR on the society and its security implications in publications such as the ‘Virtual Reality Discovery’ and the ‘Industry review boards are needed to protect VR user privacy’.

Quantum computing. The WEF has created the Global Future Council on Quantum Computing, through which it intends to explore computing-related trends, including new foundational technologies and techniques for centralised and distributed processing. The forum also publishes regularly on the relationship between quantum computing and cybersecurity.

Robotics. Robotics is part of the WEF agenda under the Platform on Internet of Things, Robotics and 5G. The WEF analyses the impacts of advances in robotics in particular within the AI and IoT context. It works on co-designing, piloting, and scaling up the next generation of policies and protocols related to robotics. The WEF regularly publishes on issues such as the merging of human and machine approaches to cybersecurity and the role of robotics in warfare, and potential rules for future AI and robotics.The WEF has also created three global councils related to robotics to address governance gaps and to provide policy guidance: Global Internet of Things Council, Global Drones and Aerial Mobility Council, and Global Autonomous and Urban Mobility Council.

Data governance 

The WEF has established a Platform for Data Policy dedicated to maximising data use to benefit society while protecting users from risks associated with the data economy. Within this platform, the Building a Roadmap for Cross Border Data Flows project aims to support the development of cohesive policy frameworks and cross-border governance protocols, which ‘can accelerate societal benefits and minimise adverse risks of data flows’. The WEF regularly publishes reports on data governance issues such as restoring trust in data, cross-border data flows, data protection and security, among others.

E-commerce and trade 

Several activities and projects run by the WEF focus on e-commerce and broader digital economy-related issues. Under its Digital Trade initiative (part of its Shaping the Future of Trade and Global Economic Interdependence Platform), the WEF has proposed a set of digital economy policy proposals aimed at, among others, defining best practices for cross-border data flows and stimulating progress on e-commerce best practices. E-commerce is also tackled in studies, white papers, and events produced by the WEF, which address issues such as: e-commerce in emerging markets, the impact of e-commerce on prices, and digital currencies. The WEF has also established a Platform for Shaping the Future of Digital Economy and New Value Creation, aimed to ‘help companies leverage technology to be agile in the face of disruption and to create the new digitally enabled business models.’ Under the Platform for Shaping the Future of the New Economy and Society, the WEF brings together various stakeholders to promote new approaches to competitiveness in the digital economy, with a focus on issues such as education and skills, equality and inclusion, and improved economic opportunities for people.

Future of work 

Future of work is a topic that spans across multiple WEF activities. For instance, under the Platform for Shaping the Future of the New Economy and Society, several projects are run that focus on issues such as education, skills, upskilling and reskilling, and equality and inclusion in the world of work. The WEF has also launched a Reskilling Revolution Platform, aimed to contribute to providing better jobs, education, and skills to 1 billion people over a 10-year period. Initiatives under this platform include: Closing the Skills Gap Accelerators, Preparing for the Future of Work Industry Accelerators, the Promise of Platform Work, and Education 4.0, which are dedicated to ‘creating and piloting replicable models for action at the national, industry, organisational, and school levels.’

Cybercrime 

Under its Shaping the Future of Cybersecurity and Digital Trust Platform, the WEF runs the Partnership against Cybercrime project, focused on developing recommendations and frameworks to enhance co-operation in cybercrime investigations between law enforcement agencies, international organisations, cybersecurity companies, and other actors. In addition, the Future Series: Cybercrime 2025 programme has been put in place to understand how new technologies will change the cybersecurity and cybercrime landscape and how to address related challenges. Another important WEF project is the High Volume Cybercrime initiative, which explores ways in which Internet Service Providers (ISPs) and governments can take action to reduce the harm from high volume cyber-attacks. Cybercrime also constitutes the focus

DiploFoundation

Address: 7bis, Avenue De La Paix, CH-1202 Geneva, Switzerland

Website: https://diplomacy.edu

Stakeholder group: Academia & think tanks

DiploFoundation is a leading global capacity development organisation in the field of Internet governance.

Diplo was established by the governments of Switzerland and Malta with the goal of providing low cost, effective courses and training programmes in contemporary diplomacy and digital affairs, in particular for developing countries. Its main thematic focuses are on Internet governance (IG), e-diplomacy, e-participation, and cybersecurity.

Diplo’s flagship publication ‘An Introduction to Internet governance’ is among the most widely used texts on IG, translated into all the UN languages and several more. Its online and in situ IG courses and training programmes have gathered more than 1500 alumni from 163 countries. Diplo also hosts the Geneva Internet Platform (GIP).

Diplo also provides customised courses and training both online and in situ.

Geneva Internet Platform

Acronym: GIP

Address: WMO Building, 7bis, Avenue de la Paix, CH-1202 Geneva, Switzerland

Website: https://giplatform.org

Stakeholder group: NGOs and associations

The Geneva Internet Plaform (GIP) is a Swiss initiative operated by DiploFoundation that strives to engage digital actors, foster digital governance, and monitor digital policies.

It aims to provide a neutral and inclusive space for digital policy debates, strengthen the participation of small and developing countries in Geneva-based digital policy processes, support activities of Geneva-based Internet governance (IG) and ICT institutions and initiatives, facilitate research for an evidence-based, multidisciplinary digital policy, bridge various policy silos, and provide tools and methods for in situ and online engagement that could be used by other policy spaces in International Geneva and worldwide. The GIP’s activities are implemented based on three pillars: a physical platform in Geneva, an online platform and observatory, and a dialogue lab.