Location: Room D, World Trade Organization (WTO), Geneva
Although data is non-rivalrous, data controllers have the capacity to restrict access to data for a myriad of reasons, such as protecting privacy, intellectual property, or to maintain a competitive edge.
At present, there are insufficient incentives for data to be shared by data controllers, and insufficient obligations for them to fulfil the social value of data.
This session will address data sharing and data flows from national and international perspectives. It aims to establish a bridge between proposals advanced by actors in the Global North and in the Global South, such as Switzerland’s proposal of trustworthy data spaces, Japan’s proposal of data free flows with trust and India’s notion of community data.
Participants will discuss how these different proposals could contribute to promoting a more equal distribution of benefits in the data economy and to shed light on current negotiations on data flows taking place at the WTO.
This event, which is part of the WTO’s Public Forum 2022, is being organised by Diplo, the Swiss Federal Office of Communications (OFCOM), and the Geneva Internet Platform.
Moderator: Marilia Maciel (Head, Digital Commerce and Internet Policy, Diplo)
Panellists:
Andrin Eichin (Swiss Federal Office of Communications (OFCOM))
Torbjörn Fredriksson (Head, E-commerce and Digital Economy Branch, UN Conference on Trade and Development (UNCTAD))
Simon J. Evenett (Professor of International Trade and Economic Development, University of St. Gallen, Switzerland)
Parminder Jeet Singh (Executive Director, IT for Change)
Representatives of the member states in the Human Rights Council will come to Geneva to partake in 27 interactive dialogues (ID) Special Procedures mandate holders and mechanisms and 9 interactive dialogues with the High Commissioner. The Special Rapporteur on freedom of expression and opinion Ms Irene Khan will present her report (A/HRC/50/29) on media freedom of expression in the digital age in an ID. A public high-level panel discussion will focus on the laws and practices addressing the negative impact of disinformation on the enjoyment and realization of human rights.
For more information, and to register, please visit the official page.
The WIPO Symposium on Trade Secrets and Innovation provides an exchange platform for ideas and perspectives with regard to the intersection of trade secrets and innovation in both the technological and service sectors. The 2022 symposium will focus on the ‘roles of trade secret systems in supporting innovation and knowledge sharing in a rapidly changing innovation ecosystem’. The discussions will cover the interaction between trade secrets and innovation policies, how to balance legitimate interests in trade secret systems, the international/cross-border environment, the scope of data protection, trade secret management and knowledge sharing, the development and dissemination of medical technologies, and defence against allegations of trade secret misappropriation.
For more information, and to register, please visit the official page.
Address: 3 rue de Varembé, 1211 Geneva 20 , Switzerland
Website:
https://www.iec.ch/
Stakeholder group: International and regional organisations
The IEC is the world leader in preparing international standards for all electrical, electronic, and related technologies. A global, not-for-profit membership organisation, the IEC provides a neutral and independent institutional framework to over 170 countries, coordinating the work of more than 20,000 experts. We administer four IECConformity AssessmentSystems, representing the largest working multilateral agreement based on the one-time testing of products globally. The members of each system certify that devices, systems, installations, services, and people perform as required.
IEC International Standards represent a global consensus of state-of-the-art know-how and expertise. Together with conformity assessment, they are foundational for international trade.
IEC Standards incorporate the needs of many stakeholders in every participating country and form the basis for testing and certification. Every member country and all its stakeholders represented through the IEC National Committees has one vote and a say in what goes into an IEC International Standard.
Our work is used to verify the safety, performance, and interoperability of electric and electronic devices and systems such as mobile phones, refrigerators, office and medical equipment, or electricity generation. It also helps accelerate digitisation, artificial intelligence (AI), or virtual reality applications, protects information technology (IT) and critical infrastructure systems from cyberattacks and increases the safety of people and the environment.
Digital activities
The IEC works to ensure that its activities have a global reach in order to meet all the challenges of digital transformation worldwide. The organisation covers an array of digital policy issues.
Digital policy issues
Artificial intelligence and the internet of things
AI applications are driving digital transformation across diverse industries, including energy, healthcare, smart manufacturing, transport, and other strategic sectors that rely on IEC Standards and Conformity Assessment Systems. AI technologies allow insights and analytics that go far beyond the capabilities of legacy analytic systems.
For example, the digital transformation of the grid enables increased automation, making it more efficient and able to integrate fluctuating renewable energy sources seamlessly. IEC Standards pave the way for the use of a variety of digital technologies relating to intelligent energy. They deal with issues such as integrating renewable energies within the electrical network but also increased automatisation.
The IEC’s work in the area of AI takes a three-pronged approach. IEC experts focus on sector-specific needs (vertical standards) and conformity assessment, while the joint IECand International Organization for Standardization (ISO)technical committee on AI, JTC1/SC 42, brings together technology experts, as well as ethicists, lawyers, social scientists, and others to develop generic and foundational standards (horizontal standards).
In addition, IEC Safety Standards are an essential element of the framework for AI applications in power utilities and smart manufacturing. IEC Conformity AssessmentSystems complete the process by ensuring the standards are properly implemented.
SC 42 addresses some concerns about the use and application of AI technologies. For example, data quality standards for ML and analytics are crucial for helping to ensure that applied technologies produce useful insights and eliminate faulty features.
Governance standards in AI and the business process framework for big data analytics address how the technologies can be governed and overseen from a management perspective. International standards in the areas of trustworthiness, ethics, and societal concerns will ensure responsible deployment.
The joint IEC and ISO technical committee also develop foundational standards for the IoT. Among other things, SC 41 standards promote interoperability, as well as architecture and a common vocabulary for the IoT.
Hardware
The IEC develops standards for many of the technologies that support digital transformation. Sensors, cloud, and edge computing are examples.
Advances in data acquisition systems are driving the growth of big data and AI use cases. The IEC prepares standards relating to semiconductor devices, including sensors.
Sensors can be certified under the IEC Quality Assessment System for Electronic Components (IECQ), one of the four IEC Conformity Assessment Systems.
Cloud computing and its technologies have also supported the increase of AI applications. The joint IEC and ISO technical committee prepares standards for cloud computing, including distributed platforms and edge devices, which are close to users and data collection points. The publications cover key requirements relating to data storage and recovery.
Building trust
International Standards play an important role in increasing trust in AI and help support public and private decision-making, not least because they are developed by a broad range of stakeholders. This helps to ensure that the IEC’s work strikes the right balance between the desire to deploy AI and other new technologies rapidly and the need to study their ethical implications.
The IEC has been working with a wide range of international, regional, and national organisations to develop new ways to bring stakeholders together to address the challenges of AI. These include the Swiss Federal Department of Foreign Affairs (FDFA) and the standards development organisations, ISO, and the International Telecommunication Union (ITU).
More than 500 participants followed the AI with Trustconference, in-person and online, to hear different stakeholder perspectives on the interplay between legislation, standards and conformity assessment. They followed use-case sessions on healthcare, sensor technology, and collaborative robots, and heard distinguished experts exchange ideas on how they could interoperate more efficiently to build trust in AI. The conference in Geneva was the first milestone of the AI with Trust initiative.
The IEC is also a founding member of the Open Community for Ethics in Autonomous and Intelligent Systems (OCEANIS). OCEANIS brings together standardisation organisations from around the world to enhance awareness of the role of standards in facilitating innovation and addressing issues related to ethics and values.
The IEC develops cybersecurity standards and conformity assessments for IT and operational technology (OT). One of the biggest challenges today is that cybersecurity is often understood only in terms of IT, which leaves critical infrastructure, such as power utilities, transport systems, manufacturing plants and hospitals, vulnerable to cyberattacks.
Cyberattacks on IT and OT systems often have different consequences. The effects of cyberattacks on IT are generally economical, while cyberattacks on critical infrastructure can impact the environment, damage equipment, or even threaten public health and lives.
When implementing a cybersecurity strategy, it is essential to consider the different priorities of cyber-physical and IT systems. The IEC provides relevant and specific guidance via two of the world’s best-known cybersecurity standards: IEC 62443 for cyber-physical systems and ISO/IEC 27001 for IT systems.
Both take a risk-based approach to cybersecurity, which is based on the concept that it is neither efficient nor sustainable to try to protect all assets in equal measure. Instead, users must identify what is most valuable and requires the greatest protection and identify vulnerabilities.
IT security focuses equally on protecting the confidentiality, integrity, and availability of data – the so-called CIA triad. Confidentiality is of paramount importance and information security management systems, such as the one described in ISO/IEC 27001, are designed to protect sensitive data, such as personally identifiable information (PII), intellectual property (IP), or credit card numbers, for example.
Implementing the information security management system (ISMS) described in ISO/IEC 27001 means embedding information security continuity in business continuity management systems. Organisations are shown how to plan and monitor the use of resources to identify attacks earlier and take steps more quickly to mitigate the initial impact.
IEC 62443 for OT
In cyber-physical systems, where IT and OT converge, the goal is to protect safety, integrity, availability, and confidentiality (SIAC). Industrial control and automation systems (ICAS) run in a loop to check continually that everything is functioning correctly.
The IEC 62443 series was developed because IT cybersecurity measures are not always appropriate for ICAS. ICAS are found in an ever-expanding range of domains and industries, including critical infrastructure, such as energy generation, water management, and the healthcare sector.
ICAS must run continuously to check that each component in an operational system is functioning correctly. Compared to IT systems, they have different performance and availability requirements and equipment lifetime.
Conformity assessment: IECEE
Many organisations are applying for the IEC System of Conformity Assessment Schemes for Electrotechnical Equipment and Components (IECEE) conformity assessment certification to verify that the requirements of IEC 62443 have been met.
IECEE provides a framework for assessments in line with IEC 62443, which specifies requirements for security capabilities, whether technical (security mechanisms) or process (human procedures) related. Successful recipients receive the IECEE industrial cybersecurity capability certificate of conformity.
International standards such as IEC 62443 and ISO/IEC 27001 are based on industry best practices and reached by consensus. Conformity assessment confirms that they have been implemented correctly to ensure a safe and secure digital society.
Address: Palais Wilson 52, Rue des Pâquis, 1201 Geneva, Switzerland
Website:
https://www.ohchr.org/
Stakeholder group: International and regional organisations
The Office of the United Nations High Commissioner for Human Rights and other related UN human rights entities, namely the United Nations Human Rights Council, the Special Procedures, and the Treaty Bodies are considered together under this section.
The UN Human Rights Office is headed by the OHCHR and is the principal UN entity on human rights. Also known as UN Human Rights, it is part of the UN Secretariat. UN Human Rights has been mandated by the UN General Assembly (UNGA) to promote and protect all human rights. As such, it plays a crucial role in supporting the three fundamental pillars of the UN: peace and security, human rights, and development. UN Human Rights provides technical expertise and capacity development in regard to the implementation of human rights, and in this capacity assists governments in fulfilling their obligations.
UN Human Rights is associated with a number of other UN human rights entities. To illustrate, it serves as the secretariat for the UN Human Rights Council (UNHRC) and the Treaty Bodies. The UNHRC is a body of the UN that aims to promote the respect of human rights worldwide. It discusses thematic issues, and in addition to its ordinary session, it has the ability to hold special sessions on serious human rights violations and emergencies. The ten Treaty Bodies are committees of independent experts that monitor the implementation of the core internationalhuman rights treaties.
The UNHRC established the Special Procedures, which are made up of UN Special Rapporteurs (i.e. independent experts or working groups) working on a variety of human rights thematic issues and country situations to assist the efforts of the UNHRC through regular reporting and advice. The Universal Periodic Review (UPR), under the auspices of the UNHRC, is a unique process that involves a review of the human rights records of all UN member states, providing the opportunity for each state to declare what actions they have taken to improve the human rights situations in their countries. UN Human Rights also serves as the secretariat to the UPR process.
Certain non-governmental organisations (NGOs) and national human rights institutions participate as observers in UNHRC sessions after receiving the necessary accreditation.
Digital activities
Digital issues are increasingly gaining prominence in the work of UN Human Rights, the UNHRC, the Special Procedures, the UPR, and the Treaty Bodies.
A landmark document that provides a blueprint for digital human rights is the UNHRC resolution (A/HRC/20/8) on the promotion, protection, and enjoyment of human rights on the internet, which was first adopted in 2012, starting a string of regular resolutions with the same name addressing a growing number of issues. All resolutions affirm that the same rights that people have offline must also be protected online. Numerous other resolutions and reports from UN human rights entities and experts considered in this overview tackle an ever-growing range of other digital issues including the right to privacy in the digital age; freedom of expression and opinion; freedom of association and peaceful assembly; the rights of older persons; racial discrimination; the rights of women and girls; human rights in the context of violent extremism online; economic, social, and cultural rights; human rights and technical standard-setting; business and human rights; and the safety of journalists.
Digital policy issues
Artificial intelligence
In 2018, the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression presented a report to the UNGA on ArtificialIntelligence (AI) Technologies and Implications for theInformation Environment. Among other things, the document addresses the role of AI in the enjoyment of freedom of opinion and expression including ‘access to the rules of the game when it comes to AI-driven platforms and websites’ and therefore urges for a human rights-based approach to AI.
In 2020, the Committee on the Elimination of Racial Discrimination published its General Recommendation No. 36 on preventing and combating racial profiling by law enforcement officials (CERD/C/GC/36), which focuses on algorithmic decision-making and AI in relation to racial profiling by law enforcement officials.
In 2021, UN Human Rights published a report analysing how AI impacts the enjoyment of the right to privacy and other human rights. It clarifies measures that states and businesses should take to ensure that AI is developed and used in ways that benefit human rights and prevent and mitigate harm.
The UN Human Rights B-Tech project is running a Generative AI project that demonstrates the ways in which the UN Guiding Principles on Business and Human Rights should guide more effective understanding, mitigation, and governance of the risks associated with generative AI.
UN Human Rights also weighs in on specific policy and regulatory debates, such as by an open letter concerning the negotiations of a European Union AI Act.
Child safety onlineWithin the work of the OHCHR, ‘child safety online’ is referred to as ‘rights of the child’ and dealt with as a human rights issue.
The issue of child safety online has garnered the attention of UN human rights entities for some time. A 2016 resolution on Rights of the Child: Information and Communications Technologies and Child Sexual Exploitation adopted by the UNHRC calls on states to ensure ‘full, equal, inclusive, and safe access […] to information and communications technologies by all children and safeguard the protection of children online and offline’, as well as the legal protection of children from sexual abuse and exploitation online. The Special Rapporteur on the sale and sexual exploitation of children, including child prostitution, child pornography, and other child sexual abuse material, mandated by the UNHRC to analyse the root causes of sale and sexual exploitation and pro- mote measures to prevent it, also looks at issues related to child abuse, such as the sexual exploitation of children online, which has been addressed in a report (A/HRC/43/40) published in 2020, but also in earlier reports.
The Committee on the Rights of the Child published its General Comment No. 25 on Children’s Rights in Relationto the Digital Environment (CRC/C/GC/25), which lays out how states parties should implement the convention in relation to the digital environment and provides guidance on relevant legislative, policy, and other measures to ensure full compliance with their obligations under the convention and optional protocols in the light of opportunities, risks, and challenges in promoting, respecting, protecting, and fulfilling all children’s rights in the digital environment.
Data governance
UN Human Rights maintains an online platform consisting of a number of databases on anti-discrimination and jurisprudence, as well as the Universal Human RightsIndex (UHRI), which provides access to recommendations issued to countries by Treaty Bodies, Special Procedures, and the UPR of the UNHCR.
UN Human Rights launched the Guiding Principles in Technology Project (B-Tech Project) to provide guidance and resources to companies operating in the technology space with regard to the implementation of the UN GuidingPrinciples on Business and Human Rights (UNGPs on BHR). Following the publication of a B-Tech scoping paper in 2019, several foundational papers have delved into a broad range of business-related issues, from business-model-related human rights risks to access to remedies. At the heart of the B-Tech project lies multistakeholder engagement, informing all of its outputs. The B-Tech project is enhancing its engagement in Africa, working with technology company operators, investors, and other key digital economy stakeholders, including civil society, across Africa in a set of African economies and their tech hubs to create awareness of implementing the UNGPs on BHR.
Following a multistakeholder consultation held on 7–8 March 2022, the High Commissioner presented her report on UN Guiding Principles on Business and HumanRights and Technology Companies (A/HRC/50/56), which demonstrated the value and practical application of the UNGPs in preventing and addressing adverse human rights impacts by technology companies.
Extreme povertyWithin the work of the OHCHR, ‘extreme poverty’ is dealt with as a human rights issue.
The Special Rapporteur on extreme poverty and human rights has in recent years increased his analysis of human rights issues arising in the context of increased digitisation and automation. His 2017 report to the General Assembly tackled the socio-economic challenges in an emerging world where automation and AI threaten traditional sources of income and analysed the promises and possible pitfalls of introducing a universal basic income. His General Assembly report in 2019 addressed worrying trends in connection with the digitisation of the welfare state. Moreover, in his 2022 report to the UNHRC on non-take-up of rights in the context of social protection, the Special Rapporteur highlighted, among other things, the benefits and considerable risks associated with automation of social protection processes.
Content policy
Geneva-based human rights organisations and mechanisms have consistently addressed content policy questions, in particular in the documents referred under Freedom of Expression and Freedom of Peaceful Assembly and of Association. Other contexts where content policy plays an important role include Rights of the Child, Gender Rights Online, and Rights of Persons with Disabilities. Moreover, the use of digital technologies in the context of terrorism and violent extremism is closely associated with content policy considerations.
UN Human Rights, at the request of the UNHRC, prepared a compilation report in 2016, which explores, among other issues, aspects related to the prevention and countering of violent extremism online, and underscores that responses to violent extremism that are robustly built on human rights are more effective and sustainable.
UN Human Rights is leading a UN system-wide process to develop a human rights due diligence (HRDD) guidance for digital technology, as requested by the Secretary-General’s Roadmap for Digital Cooperation and his Call to Action for Human Rights. The HRDD guidance in development pertains to the application of human rights due diligence and human rights impact assessment related to the UN’s design, development, procurement, and use of digital technologies, and is expected to be completed by the end of 2022.
As part of the implementation of the Secretary-General’s Call to Action for Human Rights, UN Human Rights launched the UN Hub for Human rights and DigitalTechnology, which provides a central repository of authoritative guidance from various UN human rights mechanisms on the application of human rights norms to the use and governance of digital technologies.
In addition, UN Human Rights is a member of the LegalIdentity Agenda Task Force, which promotes solutions for the implementation of SDG target 16.9 (i.e. by 2030, provide legal identity for all, including birth registration). It leads its work on exclusion and discrimination in the context of digitised identity systems.
Neurotechnology
Rapid advancements in neurotechnology and neuroscience, while holding promises of medical benefits and scientific breakthroughs, present a number of human rights and ethical challenges. Against this backdrop, UN Human Rights has been contributing significantly to an inter-agency process led by the Executive Office of the Secretary-General to develop a global roadmap for effective and inclusive governance of neurotechnology.
Secretary-General’s Report on Our Common Agenda
Since the adoption of A/RES/76/6 on Our Common Agenda in November 2021, the follow-up by the UN system has been underway. UN Human Rights is co-leading several proposals in collaboration with other entities, notably on the application of the human rights framework in the digital sphere, mitigation and prevention of internet shutdowns, and disinformation.
Smart Cities
Making Cities Right for Young People” is a participatory research project, supported by the Botnar Foundation, which examines the impact of the digitalisation of cities on the enjoyment of human rights. It also examines strategies to ensure that “smartness” is measured not solely by technological advancements but by the realisation and promotion of inhabitants’ human rights and well-being, and explores ways to promote digital technologies for civic engagement, participation, and the public good, with a focus on meaningful youth participation in decision-making processes. Launched in 2023, this project will survey the current landscape and detail key human rights issues in urban digitalisation. Based on participatory research carried out in three geographically, socially, culturally, and politically diverse cities, it will produce a report with initial findings and develop a roadmap for future human-rights-based work on smart cities.
Migration
In September 2023, UN Human Rights published a study, conducted with the University of Essex, that analyses the far-reaching human rights implications of specific border technologies. It provides recommendations for states and stakeholders on how to take a human-rights-based approach in ensuring the use of digital technologies at borders aligns with international human rights law and standards. The study draws from a collective body of expertise, research, and evidence, as well as extensive interviews and collaborative meetings with experts.
The UNHRC has also mandated the Special Rapporteur onthe right to privacy to address the issue of online privacy in its Resolution on the Right to Privacy in the Digital Agefrom 2015 (A/HRC/RES/28/16). To illustrate, the Special Rapporteur has addressed the question of privacy fromthe stance of surveillance in the digital age (A/HRC/34/60), which becomes particularly challenging in the context of cross-border data flows. More recently, specific attention has been given to the privacy of health data that is being produced more and more in the day and age of digitalisation, and that requires the highest legal and ethicalstandards (A/HRC/40/63). In this vein, in 2020, the Special Rapporteur examined data protection and surveillance in relation to COVID-19 and contact tracing in his preliminary report (A/75/147), in which he provided a more definitive analysis of how pandemics can be managed with respect to the right to privacy (A/76/220) in 2021. In another
The UNHRC also tackles online privacy and data protection. Resolutions on the promotion and protection of human rights on the internet have underlined the need to address security concerns on the internet in accordance with international human rights obligations to ensure the protection of all human rights online, including the right to privacy. The UNHRC has also adopted specific resolutions on the right to privacy in the digital age, addressing issues such as mass surveillance, AI, the responsibility of business enterprises, and the key role of the right to privacy as an enabler of other human rights. Resolutions on the safety of journalists have emphasised the importance of encryption and anonymity tools for journalists to freely exercise their work. Two resolutions on new and emerging technologies (2019 and 2021) have further broadened the lens, for example by asking for a report on the human rights implications of technical standard-setting processes.
The UNHRC has also mandated the Special Rapporteur onthe right to privacy to address the issue of online privacy in its Resolution on the Right to Privacy in the Digital Agefrom 2015 (A/HRC/RES/28/16). To illustrate, the Special Rapporteur has addressed the question of privacy fromthe stance of surveillance in the digital age (A/HRC/34/60), which becomes particularly challenging in the context of cross-border data flows. More recently, specific attention has been given to the privacy of health data that is being produced more and more in the day and age of digitalisation, and that requires the highest legal and ethicalstandards (A/HRC/40/63). In this vein, in 2020, the Special Rapporteur examined data protection and surveillance in relation to COVID-19 and contact tracing in his preliminary report (A/75/147), in which he provided a more definitive analysis of how pandemics can be managed with respect to the right to privacy (A/76/220) in 2021. In another
Address: Chemin de Blandonnet 8, 1214 Vernier, Geneva, Switzerland
Website:
https://www.iso.org/iso/home.html
Stakeholder group: International and regional organisations
ISO is the International Organization for Standardization, the world’s largest developer of international standards. It consists of a global network of 170 national standards bodies – our members. Each member represents ISO in its country. The organisation brings together global experts to share knowledge and develop voluntary, consensus-based, market-relevant International Standards. It is best known for its catalogue of almost 25,000 standards spanning a wide range of sectors, including technology, food, and healthcare.
Digital activities
A large number of the international standards and related documents developed by ISO are related to information and communication technologies (ICTs), such as the Open Systems Interconnection (OSI) that was created in 1983 to establish a universal reference model for communication protocols. The organisation is also active in the field of emerging technologies including blockchain, the Internet of Things (IoT), and AI. The standards are developed by various technical committees dedicated to specific areas including information security, cybersecurity, privacy protection, AI, and intelligent transport systems.
Digital policy issues
Artificial intelligence
The joint technical committee of ISO and the International Electrotechnical Commission (IEC) for AI is known as ISO/IEC JTC1/SC 42 Artificial intelligence and is responsible for the development of standards in this area. To date,it has published 20 standards specifically pertaining to AI with 35 others in development. ISO/IEC 42001 is the flagship AI Management System Standard, which provides requirements for establishing, implementing, maintaining, and continually improving an AI management system within the context of an organisation. ISO/IEC TR 24028 provides an overview of trustworthiness in AI systems, detailing the associated threats and risks and addresses approaches on availability, resiliency, reliability, accuracy, safety, security, and privacy. The standards under development include those that cover concepts and terminology for AI (ISO/IEC 22989); bias in AI systems and AI-aided decision-making (ISO/IEC TR 24027); AI risk management (ISO/IEC 23894); a framework for AI systems using machine learning (ISO/IEC 23053); and the assessment of machine learning classification performance (ISO/IEC TS 4213). Up-to-date information on the technical committee (e.g. scope, programme of work, contact details) can be found on the committee page.
Cloud computing
ISO and IEC also have a joint committee for standards related to cloud computing which currently has 27 published standards and a further 5 in development. Of those published, two standards of note include ISO/IEC 19086-1, which provides an overview, foundational concepts, and definitions for a cloud computing service level agreement framework, and ISO/IEC 22123-3, which specifies the cloud computing reference architecture.Standards under development include those on health informatics (ISO/TR 21332); the audit of cloud services (ISO/IEC 22123-2); and data flow, categories, and use (ISO/IEC 19944 series). Up-to-date information on the technical committee (e.g. scope, programme of work, contact details) can be found on the committee page.
Internet of things
Recognising the ongoing developments in the field of IoT, ISO has a number of dedicated standards both published and in development, including those for intelligent transport systems (ISO 19079), future networks for IoT (ISO/IEC TR 29181 series), unique identification for IoT (ISO/IEC 29161), Internet of Media Things (ISO/IEC 23093-3), the trustworthiness of IoT (ISO/IEC 30149), and industrial IoT systems (ISO/IEC 30162). IoT security is addressed in standards such as ISO/IEC 27001 and ISO/IEC 27002, which provide a common language for governance, risk, and compliance issues related to information security. In addition, there are 26 standards under development, some of which provide a methodology for the trustworthiness of an IoT system or service (ISO/IEC 30147); a trustworthiness framework (ISO/IEC 30149); the requirements of an IoT data exchange platform for various IoT services (ISO/IEC 30161); and a real-time IoT framework (ISO/IEC 30165). Up-to-date information on the ISO and IEC joint technical committee for IoT (e.g. scope, programme of work, contact details) can be found on the committee page.
Telecommunication infrastructure
ISO’s standardisation work in the field of telecommunications infrastructure covers areas such as planning and installation of networks (e.g. ISO/IEC 14763-2), corporate telecommunication networks (e.g. ISO/IEC 17343), local and metropolitan area networks (e.g. ISO/IEC/IEEE 8802-A), private integrated telecommunications networks (e.g. ISO/IEC TR 14475), and wireless networks. Next-generation networks – packet-based public networks able to provide telecommunications services and use multiple quality-of-service-enabled transport technologies – are equally covered (e.g. ISO/IEC TR 26905). ISO also has standards for the so-called future networks, which are intended to provide futuristic capabilities and services beyond the limitations of current networks, including the internet. Up-to-date information on the joint ISO and IEC technical committee that develops these standards (e.g. scope, programme of work, contact details ) can be found on the committee page.
Blockchain
ISO has published 11 standards on blockchain and distributed ledger technologies: ISO/TR 23455 gives an overview of smart contracts in blockchain and distributed ledger technologies; ISO/TR 23244 tackles privacy and personally identifiable information protection; and ISO 22739 covers fundamental blockchain terminology respectively. ISO also has a further eight standards on blockchain in development. These include those related to: security management of digital asset custodians (ISO/TR 23576); taxonomy and ontology (ISO/TS 23258); and guidelines for governance (ISO/TS 23635). Up-to-date information on the technical committee (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.
Emerging technologies
ISO develops standards in the area of emerging technologies.
Dozens of standards in the area of emerging technologies are those related to robotics. ISO has more than 40 different standards either published or in development that cover issues such as collaborative robots (e.g. ISO/TS 15066); safety requirements for industrial robots (e.g. ISO 10218 series); and personal care robots (e.g. ISO 13482). Autonomous or so-called intelligent transport systems (ITS) standards are developed by ISO’s ITS Technical Committee and include those for forward vehicle collision warning systems (ISO 15623) and secure connections between trusted devices (ISO/TS 21185). Standards are also being developed to address the use of virtual reality in learning, education, and training (e.g. ISO/IEC 23843).
Network security
ISO and IEC standards also address information security and network security . The ISO and IEC 27000 family of standards covers information security management systems and are used by organisations to secure information assets such as financial data, intellectual property, and employee information. For example,ISO/IEC 27031 and ISO/IEC 27035 are specifically designed to help organisations respond, diffuse, and recover effectively from cyberattacks. ISO/IEC 27701 is an extension of ISO/IEC 27001 and ISO/IEC 27002 for privacy information management, and details requirements and guidance for establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS).Network security is also addressed by standards on technologies such as the IoT, smart community infrastructures, medical devices, localisation and tracking systems, and future networks. Up-to-date information on the joint ISO and IEC technical committee (e.g. scope, programme of work, contact details) can be found on the committee page.
Encryption
As more and more information (including sensitive personal data) is stored, transmitted, and processed online, the security, integrity, and confidentiality of such information becomes increasingly important. To this end, ISO has a number of standards for the encryption of data. For example, ISO/IEC 18033-1, currently under development, addresses the nature of encryption and describes certain general aspects of its use and properties. Other standards include ISO/IEC 19772 which covers authenticated encryption, ISO/IEC 18033-3 which specifies encryption systems (ciphers) for the purpose of data confidentiality, and ISO 19092 which allows for encryption of biometric data used for authentication of individuals in financial services for confidentiality or other reasons. ISO also has standards that focus on identity-based ciphers, symmetric and asymmetric encryption, public key infrastructure, and many more related areas.
Data governance
Big data is another area of ISO standardisation; around 80% of related standards are developed by the ISO/IEC AI committee. The terminology for big-data-related standards is outlined in ISO/IEC 20546, while ISO/IEC 20547-3 covers big data reference architecture. ISO/IEC TR 20547-2 provides examples of big data use cases with application domains and technical considerations and ISO/IEC TR 20547-5 details a roadmap of existing and future standards in this area. Up-to-date information on the technical committee (e.g. scope, programme of work, contact details) can be found on the committee page.
Digital identities
Digital signatures that validate digital identities help to ensure the integrity of data and authenticity of particulars in online transactions. This, therefore, contributes to the security of online applications and services. Standards to support this technology cover elements such as anonymous digital signatures (e.g. ISO/IEC 20008 series); digital signatures for healthcare documents (e.g. ISO 17090-4 and ISO 17090-5); and blind digital signatures, which is where the content of the message to be signed is disguised, used in contexts where, for example, anonymity is required. Examples of such standards are ISO 18370-1 and ISO/IEC 18370-2.
Privacy and data protection
Privacy and data protection in the context of ICTs is another area covered by ISO’s standardisation activities. One example is ISO/IEC 29101 which describes a privacy architecture framework. Others include those for privacy-enhancing protocols and services for identification cards (ISO/IEC 19286); privacy protection requirements pertaining to learning, education, and training systems employing information technologies (ISO/IEC 29187-1); privacy aspects in the context of intelligent transport systems (ISO/TR 12859); and security and privacy requirements for health informatics (ISO/TS 14441).
Digital tools
ISO has developed an online browsing platform that provides up-to-date information on ISO standards, graphical symbols, publications, and terms and definitions.
Address: 4 route des Morillons, 1211 Geneva 22, Switzerland
Website:
https://www.ilo.org/
Stakeholder group: International and regional organisations
The ILO is the United Nations agency for the world of work. It was founded on the conviction that universal and lasting peace can be established only if it is based on social justice.
The ILO brings together governments, employers, and workers from its 187 member states in a human-centred approach to the future of work based on decent employment creation, rights at work, social protection, and social dialogue.
The ILO’s tripartite membership drafts, adopts, and monitors the implementation of international labour standards on key world of work issues – ILO Conventions and Recommendations.
The ILO undertakes research and data collection across the range of world of work topics. It publishes flagship reports and a wide range of publications and working papers. Its globally renowned set of statistical databases is maintained and updated with nationally sourced labour market data.
The ILO manages a wide range of development cooperation projects in all regions of the world. Realised in partnership with donor countries and organisations, these projects aim to create the conditions for delivery of the ILO’s decent work agenda.
Three initiatives are central to the ILO’s current work: the establishment of a global coalition to promote social justice, advancing the 2030 Agenda for Sustainable Development through the Global Accelerator on Jobs and Social Protection for Just Transitions, and its four priority action programmes. The latter focuses on the transition from the informal to the formal economy, just transitions towards environmentally sustainable economies and societies, decent work in supply chains, and decent work in crises and post-crisis situations.
Digital activities
As the ILO covers the full scope of the world of work, digital issues are present across the organisation’s work. The ILO addresses digitalisation through a wide range of topics including digital labour platforms, digital skills knowledge, employability, artificial intelligence (AI), automation and data governance – and more broadly, the future of work. The ILO also tracks the effects of digitalisation on specific work sectors, for instance, the postal andtelecommunication services sector.
The ILO has long been a leading resource for policymakers, researchers, and other users of data on the labour markets and all aspects of the world of work. ILOSTAT (a portal to its comprehensive labour statistics) and the ILOKnowledgePortal (offering access to country information and data on labour laws, standards, policies, and statistics) make real-time data available to users around the world. The World Employment and Social Outlook Data Finder provides customised datasets on request for measures such as the global labour force, unemployment, and employment by sector. The ILO also has a Development Cooperation Dashboard with data on labour-related policy areas and on the organisation’s field projects, funding, and expenditures. All materials published by the ILO are collected and freely available in Labordoc, the organisation’s digital repository. The ILO’s new Research Repository allows users to easily access our knowledge products by topic and author.
Future of work
The future of work has been a key unifying digital issue in the ILO’s activities for many years. In 2015, the ILO Director-General presented a report to the International Labour Conference that proposed a special initiative on the future of work. Since that time, much of the research the ILO has undertaken and many of the reports we have published have fallen under this rubric. In 2019, the ILO established the ILO Global Commission on the Future of Work as part of our Future of Work Initiative. The Commission was composed of representatives from government, civil society, academia, and business and worker representatives.
The Commission published a landmark report, Work for a BrighterFuture, that called for a human-centred agenda for the future of work and explored the impacts of technological progress in the fields of AI and robotics and on issues such as the gender labour gap and the automation of work. That same year, the ILO issued the ILO Centenary Declaration, which advocated ‘full and productive employment and decent work’ in the context of the digital transformation of work, including platform work. Examining the future of work in its myriad implications remains a primary focus for the organisation to this day.
Sustainable development
The ILO is playing a pivotal role in advancing the 2030 Agenda for Sustainable Development, most specifically specifically sustainable development goal (SDG) 8 (decent work and economic growth). The ILO is one of the main actors supporting the Global Accelerator on Jobs and Social Protection for Just Transitions initiative, the UN system’s collective response for addressing the multiple challenges that threaten to erase development progress. The Global Accelerator aims to direct investments to help create at least 400 million decent jobs, primarily in the green, digital, and care economies, and to extend social protection coverage to the over 4 billion people currently excluded. The ILO has also created the Decent Work for Sustainable Development (DW4SD)Resource Platform, which maps the interplay between sustainable development and decent work. The platform provides guidance and working resources to ILO staff, development partners, UN country teams, and other stakeholders. A recent ILO report, Transformative Change and SDG 8, outlines an integrated policy approach that countries can follow to achieve SDG 8.
Capacity development
Capacity development is another digital-related issue at the core of the ILO’s activities. As part of our skills, knowledge, and employability initiatives, the ILO helps governments develop education and training systems to take advantage of new educational technologies and give greater attention to digital skills. We support enterprises and employers to make investments to expand education and training programmes, and workers to proactively upgrade their skills or acquire new ones.
Together with the Norwegian Ministry of Foreign Affairs, the ILO developed the SKILL-UP programme, which assists developing countries in building capacity and improving their digital skills systems, as well as the Skills Innovation Facility. The Facility focuses on identifying and testing innovative ideas and solutions to address current and future skills challenges. In addition, the ILO’s SkillsInnovation Network provides a platform for innovators to collaborate and share experiences on developing innovations for skills development.
In regard to privacy and data protection, the ILO has published a set of principles on the protection of workers’personal data, which explores trends, principles, and good practices related to the protection of personal data.
The International Training Centre, established by the ILO, provides online courses on a variety of labour issues. The ILO also organises webinars and uses a number of social media accounts. The following digital tools are also available:
Information on conferences and events is available on the ILO events page.
Digital tools
Digital labour platforms and telework
A key focus of ILO research is the effects of digitalisation on labour market evolution and new forms of work. The organisation has been closely tracking the implications of digital labour platforms digital and remote work (e.g. teleworking). The ILO has published some essential references on these new subjects including the World Employment and Social Outlook report on digital labour platforms and the report, Working from Home, published during the COVID-19 pandemic. Most other ILO studies also reflect digital issues. For example, recent Global Employment Trends for Youth reports cover inequalities in youth labour markets arising from digital transformation, as well as investment in young people’s skills,
Address: 19 Avenue de la paix, 1202 Geneva, Switzerland
Website:
https://www.icrc.org
Stakeholder group: International and regional organisations
Established in 1863, the ICRC is an independent international humanitarian organisation headquartered in Geneva. It defends and promotes the respect of international humanitarian law (IHL) and is dedicated to protecting the lives and dignity of victims of war and to providing assistance. Along these lines, it cooperates with governments, the private sector, and other entities affected by international and internal armed conflict and violence.
Together with the International Federation of Red Cross and Red Crescent Societies and 192 individual national societies, the ICRC makes up the so-called International Red Cross and Red Crescent Movement.
Digital activities
Digitalisation is increasingly present in the context of armed conflict and violence. On one hand, affected populations are in demand for digital tools, which humanitarian organisations need to provide in a responsible manner. On the other hand, states use cyber operations as part of warfare with humans affected by the consequences of such operations and other digital risks. To this end, humanitarian organisations also use digital tools to improve their operations. The ICRC addresses the implications of technology, which are multifold and range from data protection for humanitarian actions to the application of IHL to cyber operations in armed conflict. We host expert and intergovernmental discussions and have developed a number of (digital) tools to help improve awareness and understanding of IHL and relevant standards. The ICRC cooperates with other organisations on digital policy issues.
Digital policy issues
Artificial intelligence
The ICRC has explored the impact of AI tools in armed conflict, in particular their use by armed actors. In a document titled Artificial Intelligence and Machine Learning in Armed Conflict: A Human-Centred Approach (2019, revised 2021), we argue: ‘Any new technology of warfare must be used, and must be capable of being used, in compliance with existing rules of international humanitarian law.’ The document touches on the use of AI and machine learning (ML) technologies capable of controlling physical military hardware. It argues that from a humanitarian perspective, AWS are of particular concern given that humans may not be able to control such weapons or the resulting use of force, and AI-controlled AWS would exacerbate these risks. The ICRC has urged states to adopt new international rules on AWS. The position paper also emphasises the potential for AI to exacerbate the risks to civilians and civilian infrastructure posed by cyber and information operations, as well as changing the nature of military decision-making in armed conflict. The ICRC calls for a human-centred approach to the application of AI in armed conflict that preserves human judgement and jointly with the United Nations Secretary-General, ICRC’s president is calling for establishing new prohibitions and restrictions on AWS. The question has been further explored in other reports, such as Autonomy, Artificial Intelligence, Robotics: Technical Aspects of Human Control (2019).
Cyber operations during armed conflict
The use of cyber operations during armed conflict is a reality today and is likely to increase in future. Through bilateral confidential dialogue, expert discussions, participation in intergovernmental processes, and constant monitoring and analysis, the ICRC is raising awareness of the potential human cost of cyber operations and the application of IHL to cyber operations during armed conflict. Our efforts on this matter date back over two decades. Ever since, the ICRC has held the view that IHL limits cyber operations during armed conflict just as it limits the use of any other weapon, means and methods of warfare in an armed conflict, whether new or old.
Over the years, the ICRC has been actively involved in global policy discussions on cyber-related issues, including those held within the UN (various Groups of Governmental Experts (GGEs) and the Open-Ended Working Groups (OEWGs)). In addition, we convene regional consultations among government experts on how IHL applies to cyber operations, and global expert meetings, such as the potential human cost of cyber operations and avoiding civilian harm from military cyber operations during armed conflicts. Our legal views on how IHL applies to cyber operations during armed conflict are found in a 2019 position paper that was sent to all UN member states in the context of the different UN-mandated processes on information and communications technology (ICT) security. The ICRC explores innovative solutions, such as a digital emblem, to protect medical and humanitarian missions in cyberspace.
‘Protection’ in the digital agaeThe ICRC deals with privacy and data protection within its mandate and context of IHL. In this Atlas, following the Digital Watch Observatory taxonomy, privacy and data protection are part of the human rights basket.
Without undermining the positive impact technology can bring in conflict, including enhancing access to life-saving information and potentially minimising collateral damage, protection work must consider the risks in the digital age. In other words, it must encompass the protection of the rights of people when their lives intersect with the digital sphere. This question remains under-regarded and a blog post tries to shed light on this grey area.
The ICRC puts a special emphasis on the impact of misinformation and disinformation as they can increase people’s exposure to risk and vulnerabilities. For example, if displaced people in need of humanitarian assistance are given intentionally misleading information about life-saving services and resources, they can be misdirected away from help and towards harm.
Hate speech, meanwhile, contributes directly or indirectly to endangering civilian populations’ safety or dignity. For example, when online hate speech calls for violence against a minority group, it can contribute to psychological and social harm through harassment, defamation, and intimidation.
These issues have been tackled in a document we published in 2021 called Harmful Information.
Misinformation and disinformation can also impact humanitarian organisations’ ability to operate in certain areas, potentially leaving the needs of people affected by armed conflict or other violence unmet. When false and manipulated information spreads, it can erode trust within communities and damage the reputation of humanitarian operations.
For the ICRC, whose work is founded on trust, the spread of disinformation, especially where tensions are high, could quickly lead to humanitarian personnel being unable to leave their offices, distribute live-saving assistance, visit detainees, or bring news to people who have lost contact with a family member.
Space systems have been employed for military purposes since the dawn of the space era. As the role of these systems in military operations during armed conflicts increases, so too does the likelihood of their being targeted, with a significant risk of harm to civilians and civilian objects on Earth and in space. This is because technology enabled by space systems permeates most aspects of civilian life, making the potential consequences of attacks on space systems a matter of humanitarian concern. Find out more in this blog called War, Law and Outer Space: Pathways to Reduce the Human Cost of Military Space Operations.
Privacy and data protection
The ICRC plays an active role in regard to privacy and data protection in the context of humanitarian action. It has a data protection framework compliant with international data protection standards that aims to protect individuals from a humanitarian standpoint. The framework consists of ICRC rules on personal data protection, which were revised in 2020 in response to the rapid development of digital technologies, while supervisory and control mechanisms are overseen by an independent data protection commission and a data protection officer. In 2019, the ICRC spearheaded the adoption of a resolution on Restoring Family Links While Respecting Privacy, Including as it Relates to Personal Data Protection at the International Conference of the Red Cross and Red Crescent. In 2022, we pushed for the adoption of a resolution on Safeguarding Humanitarian Data at the Council of Delegates of the Red Cross and Red Crescent Movement.
Despite the wide range of data sources employed and dealt with by the ICRC, specific attention is dedicated to biometric data, which is often used in forensics and the restoration of family links. To manage this highly sensitive information and to ensure the responsible deployment of new technologies (including new biometric identification techniques), the ICRC has adopted a Biometrics Policy, which sets out the roles and responsibilities of the ICRC and defines the legitimate bases and specified purposes for the processing of biometric data.
Data protection is also addressed by the ICRC Handbook on Data Protection in Humanitarian Action. The Handbook provides suggestions as to how current data protection principles apply to humanitarian organisations and builds on existing regulations, working procedures, and practices. The second edition specifically provides guidance on the technical aspects of data protection by design and by default and covers technological security measures. In addition, through dedicated chapters, it addresses the potential and risks of digital technology such as blockchain, AI, digital identity, and connectivity for data protection in humanitarian action.
The ICRC has argued in favour of the digitalisation of the Geneva Conventions and on the occasion of the 70th anniversary of these very treaties and additional protocols, released an IHL digital app. The app provides access to over 75 treaties including the Geneva Conventions, and allows users to read through the content and familiarise themselves with the text. The ICRC has a number of databases on IHL, including its customary IHL database and the ICRC national implementation database.
Digital tools
Research and development
In 2022, the ICRC opened a Delegation for Cyberspace in Luxembourg, which serves as a safe and secure space to do due diligence research and develop and test solutions and ideas to prepare the ground for the support, protection, and deployment of digital services to affected people on a global scale. It will also further explore what it means to be a digital stakeholder in a manner compatible with its mandate; operational modalities; and the principles of neutrality, independence, and impartiality.
Resources
The ICRC’s Law and Policy blog provides a large number of short pieces on cyber operations, featuring tech expert, legal, and policy perspectives.
Online learning is also used by the ICRC to promote the implementation of IHL. In 2019, we launched an e-learning course entitled Introduction to International Humanitarian Law aimed at non-legal practitioners, policymakers, and other professionals who are interested in the basics of IHL. Other online courses are available through the ICRC training centre as well as e-briefings which are available in the e-briefing library.
The ICRC maintains an online training centre and an app with all ICRC publications in English and French.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok
Social media channels
Facebook @isostandards
Instagram @isostandards
LinkedIn @isostandards
X @isostandards
YouTube @iso