[Webinar] Enhancing signalling security and privacy using globally interoperable digital signatures

Event description

Event date: 16 June 2022, 15:00–17:00 CEST

The International Telecommunication Union (ITU) will explore the history and status quo of signalling systems and summarise ITU’s ongoing efforts in security-minded protocol standardisation to cope with potential signalling attacks on telecom operators. Signalling protocols play a cornerstone role in providing different ICT services. Nevertheless, as they were designed without security and privacy in mind, they are prone to attacks on ICT infrastructures. This webinar will cover the signalling architectures of telecommunication networks, an overview of the key signalling exchange procedures (call/SMS/USSD flows), and an outline of the vulnerabilities of existing signalling protocols. ITU-T recommendations and how they have been implemented will also be discussed.

For more information, and to register, please visit the official page.

International Electrotechnical Commission

Acronym: IEC

Address: Rue de Varembé 3, 1211 Geneva 20, Switzerland

Website: https://iec.ch

Stakeholder group: International and regional organisations

Founded in 1906, the International Electrotechnical Commission (IEC) is the world’s leading organisation for the development of international standards for all electrical and electronic technologies. The IEC’s standardisation work is advanced by nearly 20 000 experts from government, industry, commerce, research, academia, and other stakeholder groups.

The IEC is one of three global sister organisations (in addition to the ISO and ITU) that develop international standards.

Digital Activities

The IEC works to ensure that its activities have a global reach in order to meet all the challenges of digital transformation worldwide. The organisation covers an array of digital policy issues illustrated below.

Digital policy issues

Digital standards 

 The IEC carries out standardisation and conformity assessment activities covering a vast array of technologies. These range from smart cities, grids, automation, and energy to electromagnetic compatibility between devices, digital system interfaces and protocols, and fibre optics and cables. Other areas covered by the IEC include multimedia home systems and applications for end-user networks, multimedia e-publishing and e-book technologies, information and communication technologies (ICTs), wearable electronic devices and technologies, cards and personal identification, programming languages, cloud computing and distributed platforms, the Internet of Things, and information technology (IT) for learning, education, and training.

Over the past 30 years, the IEC and ISO Joint Technical Committee (JTC 1) have been developing IT standards for global markets, meeting business and user requirements. This work addresses various aspects including the design and development of IT systems and tools; interoperability, performance, and quality of IT products and systems; harmonised IT vocabulary; and security of IT systems and information. Some of the areas that JTC 1 covers include:

  • Cards and security devices for personal identification
  • Computer graphics, image processing, and environmental data representation
  • Coding of audio, picture, multimedia, and hypermedia information
  • Automatic identification and data capture techniques
  • Data management and interchange
  • IT for learning, education, and training
  • Biometrics
  • Trustworthiness
  • Digital twins
  • Quantum computing
  • 3D printing
  • Augmented reality and virtual reality-based ICT
  • Autonomous and data-rich vehicles
Internet of things 
The Internet of Things (IoT) is one of the main technology sectors covered by the IEC (International Electrotechnical Commission) in its standardisation activities. Several technical committees (some of which are joint groups with the ISO – International Organization for Standardization) focus on various aspects of the Internet of Things. Examples include: standardisation in the area of IoT and related technologies, including sensor networks and wearable technologies; smart cities; smart grid (which involve the use of technology for optimal electricity delivery); and smart energy. In addition to developing standards, the IEC also publishes white papers, roadmaps with recommendations, and other resources on IoT-related issues. IECEE and IECQ, two of the four IEC Systems for Conformity Assessment, verify that digital devices/systems perform as intended.
Artificial intelligence 
Another important technology sector tackled by the IEC is artificial intelligence (AI). Standardisation activities in the area of AI are mostly covered by a joint IEC and ISO technical committee (ISO/IEC JTC 1/SC 42). The committee has recently published a new technical report that aims, among others, to assist the standards community in identifying specific AI standardisation gaps. SC 42 has set up several groups that cover specific aspects of AI, such as computational approaches and characteristics of AI systems, trustworthiness, use cases and applications of AI systems, to name a few.

The IEC also publishes white papers, recommendations and other resources on AI-related topics.

Cloud computing 
 Cloud computing is an enabling technology, based on the principles of shared devices, network access and shared data storage.

ISO/IEC JTC 1/SC 38 has produced international standards with cloud computing terms and definitions and reference architecture. Other work includes a standard which establishes a set of common cloud service building blocks, including terms and offerings, that can be used to create service level agreements (SLAs), which also covers the requirements for the security and privacy aspects of cloud service level agreements.

SC 38 has produced a standard for data taxonomy, which identifies the categories of data that flow across the cloud service customer devices and cloud services and how the data should be handled.

Network security 
In the area of cybersecurity, IEC works with ISO in their joint technical committee to develop the ISO/IEC 27000 family of standards. In addition, the IEC operates globally standardized systems for testing and certification (conformity assessment) to ensure that standards are properly applied in real-world technical systems and that results from anywhere in the world can be compared. To this end, IECQ (IEC Quality Assessment System For Electronic Component) provides an approved process scheme for ISO/IEC 27001. The IECEE (IEC System of Conformity Assessment Schemes for Electrotechnical Equipment and Components) Industrial Cybersecurity Programme focuses on cybersecurity in the industrial automation sector.
Critical infrastructure 
The IEC develops horizontal standards, such as the IEC 62443, for operational technology in industrial and critical infrastructure that includes power utilities, water management systems, healthcare and transport systems. These standards are technology independent and can be applied across many technical areas. On the other hand, several technical committees and subcommittees develop international standards to protect specific domains and critical infrastructure assets (vertical standards).

 

Sustainable development 
 The IEC international standards and conformity assessment systems contribute to the realisation of all 17 Sustainable Development Goals (SDGs). They provide the foundation allowing all countries and industries to adopt or build sustainable technologies, apply best practice, and form the basis for innovation as well as quality and risk management.

 

Capacity development 
The IEC Academy Platform aims to support IEC community members through formal learning and collaboration opportunities. The IEC offers a series of online courses and webinars that provide an in-depth understanding of IEC’s main activities.

Future of meetings

Any reference to online or remote meetings?

  • IEC technical committees have held online/remote meetings for many years, especially for focussed discussions on individual topics. In the context of the COVID-19 pandemic the breadth of technical online meetings has been further expanded to ensure optimal continuation of standardization and conformity assessment activities. Most face-to-face management board and governance meetings have been converted to online meetings during COVID-19. In support of the successful organization of online meetings, the IEC has published a virtual meeting guide.

Any reference to holding meetings outside HQ?

  • Many IEC meetings are held outside of IEC CO headquarters or online or in a hybrid format. The tools for that purpose include webinars, podcasts, online presentations and various teleconferencing facilities. In the future, augmented reality technology or digital twin approaches may also be considered to provide the benefits of face-to-face meetings. While face-to-face meetings have been the rule to date, some IEC Board meetings have also been held virtually to some extent already in the past, with documents being shared in advance on proprietary online platforms and collaboration taking place live online.

Any reference to deliberation or decision making online?

  • In the IEC, nearly all decision-making processes have been taking place virtually since many years, with voting/decisions being dispatched electronically, including collaboration and commenting via a dedicated electronic platform.

Ecma International

Address: Rhône Street 114, 1204 Geneva, Switzerland

Website: https://www.ecma-international.org/

Stakeholder group: NGOs and associations

Ecma International is an industry association that works on standardisation in information and communications technology (ICT) and consumer electronics. The association develops global standards and technical reports in order to facilitate and standardise the use of ICTs and consumer electronics. It also aims to encourage the correct use of standards by influencing the environment in which they are applied.

Its membership includes entities such as Alibaba, Facebook, Google, Hitachi, IBM, Intel, Konica Minolta, and Microsoft, as well as prominent universities and research institutes.

Digital Activities

Since its creation in 1961, Ecma has published numerous standards and technical reports covering areas such as data presentation and communication, data interchange and archiving, access systems and interconnection and multimedia, programming languages, and software engineering and interfaces. One of the oldest programming languages developed by Ecma is FORTRAN, which was approved in 1965. ECMAScript, with several billion implementations, is one of the most used standards worldwide.

Digital policy issues

Digital standards 

A large part of Ecma’s activity is dedicated to defining standards and technical reports for ICTs (hardware, software, communications, media storage, etc.). This work is carried out through technical committees and task groups focusing on issues such as information storage, multimedia coding and communications, programming languages, open XML formats, and product-related environmental attributes. The standards and technical reports developed in committees and groups are subject to an approval vote in the Ecma General Assembly. Once approved by the assembly, some standards are also submitted to other standardisation organisations (such as the International Organization for Standardization, the International Electrotechnical Commission, and the European Telecommunications Standards Institute) for their approval and publication through a liaison agreement that Ecma has with those organisations.

Telecommunication infrastructure 
Network security 
Sustainable development/Digital and environment 
Programming languages such as ECMAScript (JavaScript) and C# 

ECMA-262, ECMA-334, ECMA-335, ECMA-367, ECMA-372, ECMA-402, ECMA-404, ECMA-408, ECMA-414

Data-related standards 

Technical Committees (TC) and Task Groups (TG) covering issues such as access systems and information exchange between systems (TC51), product-related environmental attributes (TC38), office open XML formats (TC45), and ECMAScript modules for embedded systems (TC53).

Digital tools

In June 2020, Ecma’s General Assembly held a virtual meeting and approved two standards related to the ECMAScript language, accepted new members, and recognised Ecma contributors with the coveted Ecma recognition award. The meeting was held using videoconferencing and document-sharing tools.

For public communications purposes, Ecma uses its website, Twitter, and LinkedIn.

Future of meetings

Any reference to online or remote meetings?

  • In June 2020, Ecma’s 119th General Assembly was held as a virtual meeting and approved two standards related to the ECMAScript language, accepted new members, and recognized Ecma contributors with the coveted Ecma recognition award. The meeting was held using videoconferencing and document-sharing tools. Several technical committees are also scheduled to hold virtual meetings throughout the remainder of 2020.

Any reference to holding meetings outside HQ?

  • Ecma meetings are typically held outside of Ecma’s HQ at the invitation of a technical committee member who hosts the meeting at their own or another facility.

Any reference to deliberation or decision making online?

  • Economy and efficiency are factors in choosing the meeting place and the meeting mode. Digital or a combination of digital and face-to-face meetings are possible options. This is decided upon by the committee.

International Organization for Standardization

Acronym: ISO

Address: Chem. de Blandonnet 8, 1214 Vernier, Switzerland

Website: https://iso.org

Stakeholder group: International and regional organisations

The International Organization for Standardization (ISO) is a non-governmental international organisation composed of 165 national standard-setting bodies that are either part of governmental institutions or mandated by their respective governments. Each national standard-setting body therefore represents a member state.

After receiving a request from a consumer group or an industry association, ISO convenes an expert group tasked with the creation of a particular standard through a consensus process.

ISO develops international standards across a wide range of industries, including technology, food, and healthcare, in order to ensure that products and services are safe, reliable, of good quality, and ultimately, facilitate international trade. As such, it acts between the public and the private sector.

To date, ISO has published more than 22 000 standards.

Digital Activities

A large number of the international standards and related documents developed by ISO are related to information and communication technologies (ICTs), such as the Open Systems Interconnection (OSI) that was created in 1983 and established a universal reference model for communication protocols. The organisation is also active in the field of emerging technologies including blockchain, the Internet of Things (IoT), and artificial intelligence (AI).

The standards are developed by various technical committees dedicated to specific areas including information security, cybersecurity, privacy protection, AI, and intelligent transport systems.

Digital policy issues

Artificial intelligence 

The joint technical committee of ISO and the International Electrotechnical Commission (IEC) for AI is known as ISO/IEC JTC1/SC 42 Artificial intelligence and is responsible for the development of standards in this area. To date, it has published one standard specifically pertaining to AI with 18 others in development.

ISO/IEC TR 24028 provides an overview of trustworthiness in AI systems, detailing the associated threats and risks associated and addresses approaches on availability, resiliency, reliability, accuracy, safety, security, and privacy.

The standards under development include those that cover: concepts and terminology for AI (ISO/IEC 22989); bias in AI systems and AI-aided decision-making (ISO/IEC TR 24027); AI risk management (ISO/IEC 23894); a framework for AI systems using machine learning (ISO/IEC 23053); and the assessment of machine learning classification performance (ISO/IEC TS 4213).

Up-to-date information on the technical committee (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.

Cloud computing 

ISO and IEC also have a joint committee for standards related to cloud computing which currently has 19 published standards and a further 7 in development.

Of those published, two standards of note include ISO/IEC 19086-1, which provides an overview, foundational concepts, and definitions for a cloud computing service level agreement framework, and ISO/IEC 17789, which specifies the cloud computing reference architecture.

Standards under development include those on health informatics (ISO/TR 21332.2); the audit of cloud services (ISO/IEC 22123-2.2); and data flow, categories, and use (ISO/IEC 19944-1).

Up-to-date information on the technical committee (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.

Internet of things 

Recognising the ongoing developments in the field of IoT, ISO has a number of dedicated standards both published and in development, including those for intelligent transport systems (ISO 19079), future networks for IoT (ISO/IEC TR 29181-9), unique identification for IoT (ISO/IEC 29161), Internet of Media Things (ISO/IEC 23093-3), trustworthiness of IoT (ISO/IEC 30149), and industrial IoT systems (ISO/IEC 30162).

 IoT security is addressed in standards such as ISO/IEC 27001 and ISO/IEC 27002, which provide a common language for governance, risk, and compliance issues related to information security.

 In addition, there are seven standards under development, some of which provide a methodology for the trustworthiness of an IoT system or service (ISO/IEC 30147); a trustworthiness framework (ISO/IEC 30149); the requirements of an IoT data exchange platform for various IoT services (ISO/IEC 30161); and a real-time IoT framework (ISO/IEC 30165).

 Up-to-date information on the ISO and IEC joint technical committee for IoT (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.

Telecommunications infrastructure 

ISO’s standardisation work in the field of telecommunications infrastructure covers areas such as planning and installation of networks (e.g. ISO/IEC 14763-2 and ISO/IEC TR 14763-2-1), corporate telecommunication networks (e.g. ISO/IEC 17343), local and metropolitan area networks (e.g. ISO/IEC/IEEE 8802-A), private integrated telecommunications networks (e.g. ISO/IEC TR 14475), and wireless networks. Next generation networks – packet-based public networks able to provide telecommunications services and make use of multiple quality of service enabled transport technology – are equally covered (e.g. ISO/IEC TR 26905).

ISO also has standards for the so-called future networks, which are intended to provide futuristic capabilities and services beyond the limitations of current networks, including the Internet.

Up-to-date information on the joint ISO and IEC technical committee that develops these standards (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.

Blockchain 

ISO has published three standards on blockchain and distributed ledger technologies: ISO/TR 23455 gives an overview of smart contracts in blockchain and distributed ledger technologies; ISO/TR 23244 tackles privacy and personally identifiable information protection; and ISO 22739 covers fundamental blockchain terminology respectively.

ISO also has a further ten standards on blockchain in development. These include those related to: security risks, threats and vulnerabilities (ISO/TR 23245.2); security management of digital asset custodians (ISO/TR 23576); taxonomy and ontology (ISO/TS 23258); legally-binding smart contracts (ISO/TS 23259); and guidelines for governance (ISO/TS 23635).

Up-to-date information on the technical committee (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.

Emerging technologies 

ISO develops standards in the area of emerging technologies. Perhaps the largest number of standards in this area are those related to robotics. ISO has more than 40 different standards either published or in development that cover issues such as: collaborative robots (e.g. ISO/TS 15066); safety requirements for industrial robots (e.g. ISO 10218-2); and personal care robots (e.g. ISO 13482).

Autonomous or so-called intelligent transport systems (ITS) standards are developed by ISO’s ITS Technical Committee and include those for forward vehicle collision warning systems (ISO 15623) and secure connections between trusted devices (ISO/TS 21185).

Standards are also being developed to address the use of virtual reality in learning, education, and training (e.g. ISO/IEC 23843) and the display device interface for augmented reality (ISO/IEC 23763).

Network security 

Information security and network security is also addressed by ISO and IEC standards. The ISO and IEC 27000 family of standards covers information security management systems and are used by organisations to secure information assets such as financial data, intellectual property, and employee information.

For example, ISO/IEC 27031 and ISO/IEC 27035 are specifically designed to help organisations respond, diffuse, and recover effectively from cyberattacks. ISO/IEC 27701 is an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management, and details requirements and guidance for establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS).

Network security is also addressed by standards on technologies such as the IoT, smart community infrastructures, medical devices, localisation and tracking systems, and future networks.

Up-to-date information on the joint ISO and IEC technical committee (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.

Encryption 

As more and more information (including sensitive personal data) is stored, transmitted, and processed online, the security, integrity, and confidentiality of such information becomes increasingly important. To this end, ISO has a number of standards for the encryption of data. For example, ISO/IEC 18033-1, currently under development, addresses the nature of encryption and describes certain general aspects of its use and properties. Other standards include ISO/IEC 19772 that covers authenticated encryption, ISO/IEC 18033-3 that specifies encryption systems (ciphers) for the purpose of data confidentiality, and ISO 19092 that allows for encryption of biometric data used for authentication of individuals in financial services for confidentiality or other reasons.

ISO also has standards that focus on identity-based ciphers, symmetric and asymmetric encryption, public key infrastructure, and many more related areas.

Data governance 

Big data is another area of ISO standardization, and around 80% of related standards are developed by the ISO/IEC AI committee. The terminology for big data-related standards is outlined in ISO/IEC 20546, while ISO/IEC 20547-3 covers big data reference architecture.

ISO/IEC TR 20547-2 provides examples of big data use cases with application domains and technical considerations and ISO/IEC TR 20547-5 details a roadmap of existing and future standards in this area. A further eight standards are in development and include those for big data security and privacy (ISO/IEC 27045), terminology used in big data within the scope of predictive analytics (ISO 3534-5), and data science life cycle (ISO/TR 23347).

Up-to-date information on the technical committee (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.

Privacy and data protection 

Privacy and data protection in the context of ICTs is another area covered by ISO’s standardisation activities. One example is ISO/IEC 29101 which describes a privacy architecture framework.

Others include those for privacy-enhancing protocols and services for identification cards (ISO/IEC 19286); privacy protection requirements pertaining to learning, education, and training systems employing information technologies (ISO/IEC 29187-1); privacy aspects in the context of intelligent transport systems (ISO/TR 12859); and security and privacy requirements for health informatics (ISO/TS 14441).

Digital identities 

Digital signatures that validate digital identities help to ensure the integrity of data and authenticity of particulars in online transactions. This, therefore, contributes to the security of online applications and services. Standards to support this technology cover elements such as: anonymous digital signatures (e.g. ISO/IEC 20008-1 and ISO/IEC 20008-2); digital signatures for healthcare documents (e.g. ISO 17090-4 and ISO 17090-5); and blind digital signatures, which is where the content of the message to be signed is disguised, used in contexts where, for example, anonymity is required. Examples of such standards are ISO 18370-1 and ISO/IEC 18370-2.

Digital tools

ISO has developed an online browsing platform that provides up to date information on ISO standards, graphical symbols, publications, and terms and definitions.

Future of Meetings

Any reference to online or remote meetings?

Any reference to holding meetings outside HQ?

Any reference to deliberation or decision making online?

  • Yes, ISO governance groups are also meeting virtually.

United Nations Economic Commission for Europe

Acronym: UNECE

Address: Palais des Nations, 8-14 Avenue de la Paix CH-1211, Geneva 10, Switzerland

Website: https://unece.org

Stakeholder group: International and regional organisations

The United Nations Economic Commission for Europe (UNECE) is one of five regional commissions of the UN. Its major aim is to promote pan-European economic integration. To do so, it brings together 56 countries in Europe, North America, and Asia, which discuss and co-operate on economic and sectoral issues.

UNECE works to promote sustainable development and economic growth through policy dialogue, negotiation of international legal instruments, development of regulations and norms, exchange and application of best practices, economic and technical expertise, and technical co-operation for countries with economies in transition. It also sets out norms, standards, and conventions to facilitate international co-operation.

Digital Activities

UNECE’s work touches on several digital policy issues, ranging from digital standards (in particular in relation to electronic data interchange for administration, commerce, and transport) to the Internet of Things (e.g. intelligent transport systems and automated driving). Its UN Centre for Trade Facilitation and Electronic Business (UN/CEFACT) develops trade facilitation recommendations and electronic business standards, covering both commercial and government business processes. UNECE also carries out activities focused on promoting sustainable development, in areas such as sustainable and smart cities for all ages; sustainable mobility and smart connectivity; and measuring and monitoring progress towards the sustainable development goals (SDGs).

UNECE’s work in the field of statistics is also relevant for digital policy issues. For example, the 2019 Guidance on Modernizing Statistical Legislation – which guides countries through the process of reviewing and revising statistical legislation – covers issues such as open data, national and international data exchanges, and government data management.

Digital policy issues

E-commerce and trade 

UNECE’s subsidiary, CEFACT, serves as a focal point (within the UN Economic and Social Council) for trade facilitation recommendations and electronic business standards, covering both commercial and government business processes. In collaboration with the Organization for the Advancement of Structured Information Standardisation (OASIS), UNECE developed the Electronic Business using eXtensible Markup Language (ebXML). Another output of UNECE is represented by the UN rules for Electronic Data Interchange for Administration, Commerce and Transport (UN/EDIFACT), which include internationally agreed upon standards, directories, and guidelines for the electronic interchange of structured data between computerised information systems. UNECE has also issued recommendations on issues such as electronic commerce agreements and e-commerce self-regulatory instruments. CEFACT also works on supporting international, regional, and national e-government efforts to improve trade facilitation and e-commerce systems.

Digital standards 

UNECE’s subsidiary body CEFACT has developed, together with OASIS, the Electronic Business using eXtensible Markup Language (ebXML) standard (containing specifications which enable enterprises around the world to conduct business over the Internet). UNECE’s standardisation work has also resulted in the development of EDIFACT), as well as other digital standards in areas such as agriculture (e.g. electronic crop reports, electronic animal passports, and fishering languages for universal eXchange), e-tendering, and transfer of digital records.

Internet of things 

As part of its work in the field on intelligent transport systems, UNECE carries out several activities in the field of automated driving. It hosts multilateral agreements and conventions ruling the requirements and the use of these technologies (such as the Vienna Convention on Road Traffic). Its activities (e.g. facilitating policy dialogue and developing regulations and norms) are aimed at contributing to enabling automated driving functionalities and to ensuring that the benefits of these technologies can be captured without compromising safety and progress achieved in areas such as border crossing and interoperability. It also collaborates with other interested stakeholders, including the automotive and information and communication technology (ICT) industries, consumer organisations, governments, and international organisations.

Another area of work for UNECE is related to harnessing smart technologies and innovation for sustainable and smart cities. In this regard, it promotes the use of ICTs in city planning and service provision and it has developed (together with the ITU) a set of key performance indicators for smart sustainable cities. UNECE also works to facilitate connectivity through sustainable infrastructure. For instance, it assists countries in developing smart grids for more efficient energy distribution, and it administers international e-roads, e-rail, and e-waterway networks.

Blockchain 

UNECE’s subsidiary body CEFACT has been exploring the use of blockchain for trade facilitation. For instance, work carried out within the Blockchain White Paper Project has resulted in two white papers: One looking at the impact of blockchain on the technical standards work of CEFACT and another looking at how blockchain could facilitate trade and related business processes. The ongoing Chain Project is focused on developing a framework/mechanism for the development and implementation of blockchain services infrastructure, and creating a whitepaper on strategy for development and implementation of interoperable global blockchain technology infrastructure. Another blockchain-related project looks into the development of a standard on the creation of a cross-border inter customs ledger using blockchain technology.

Digital and environment 

UNECE’s work in the area of environmental policy covers a broad range of issues, such as the green economy, shared and safe water, environmental monitoring and assessment, and education for sustainable development. Much of this work is carried out by the Committee on Environmental Policy, which, among other tasks, supports countries in their efforts to strengthen their environmental governance and assesses their efforts to reduce their pollution burden, manage natural resources, and integrate environmental and socioeconomic policies. UNECE has put in place an Environmental Monitoring and Assessment Programme to assist member states in working with environmental data and information and enable informed decision-making processes. As part of this programme, it promotes the use of electronic tools for accessing information and knowledge on environmental matters and is developing a Shared Environmental Information System across the UNECE region. The system is intended to enable countries to connect databases and make environmental data more accessible.

UNECE Environmental Conventions (not necessarily covering digital issues directly, but relevant)

Sustainable development 

UNECE assists countries in its region to address sustainable development challenges (in areas such as environment, connectivity, and urbanisation) through leveraging its norms, standards and conventions, building capacities, and providing policy assistance. It focuses on driving progress towards the following SDGs: 3 (good health and well-being), 6 (clean water and sanitation), 7 (affordable and clean energy), 8 (decent work and economic growth), 9 (industry, innovation and infrastructure), 11 (sustainable cities and communities), 12 (responsible consumption and production), 13 (climate action), and 15 (life on land). SDG 5 (gender equality) and 17 (partnerships) are overarching for all UNECE activities. Activities undertaken by UNECE in relation to these SDGs converge under 4 high-impact areas: sustainable use of natural resources; sustainable and smart cities for all ages; sustainable mobility and smart connectivity; and measuring and monitoring progress towards the SDGs.

UNECE has developed a series of tools and standards to support countries in measuring and monitoring progress towards the SDGs. It has also put in place an Innovation Policy Outlook which assesses the scope, quality, and performance of policies, institutions and instruments promoting innovation for sustainable development.

Data governance 

UNECE carries out multiple activities of relevance for the area of data governance. To start with, its work on trade facilitation also covers data management issues. For example, it has issued a White Paper on a data pipeline concept for improving data quality in the supply chain and a set of Reference Data Model Guidelines. Several projects carried out in the framework of UNECE’s subsidiary CEFACT also cover data-related issues. Examples include the Cross-border Management Reference Data Model Project (aimed to provide a regulatory reference data model within the CEFACT semantic library in order to assist authorities to link this information to the standards of other organisations) and the Accounting and Audit Reference Data Model Project.

Secondly, UNECE has a Statistical Division which coordinates international statistical activities between UNECE countries and helps to strengthen, modernise, and harmonise statistical systems, under the guidance of the Conference of European Statisticians. Its activities in this area are guided by the Fundamental Principles of Official Statistics, adopted in 1992 and later endorsed by the UN Economic and Social Council and the General Assembly. Areas of work include: economic statistics, statistics on population, gender and society, statistics related to sustainable development and the environment, and modernisation of official statistics. In 2019, UNECE published a Guidance on Modernizing Statistical Legislation to guide countries through the process of reviewing and revising statistical legislation. The guidance covers issues such as open data, national and international data exchanges, and government data management.White Paper: Data Pipeline (2018)

Digital tools

UNECE Dashboard of SDG indicators

UNECE digital tools facilitating access to statistical information:

UNECE online platforms and observatories gathering updates and policy resources to help member states respond to the COVID-19 crisis:

Future of meetings

Any reference to online or remote meetings?

  • Yes, UNECE Executive Committee – Special procedures during the COVID-19 pandemic (adopted in April 2020 and extended in July 2020 authorise the Chair of the Commission to convene remote informal meetings of the members of the Executive Committee. It also encourages UNECE subsidiary bodies to explore innovative formats to conduct business remotely. The Executive Committee held a remote informal meeting of members on 20 May 2020. Subsequently, its 110th meeting was also held online, on 10 July 2020.
  • The Conference of European Statisticians held its 68th plenary as a hybrid meeting on 22 June and as an informal virtual meeting on 23–24 June 2020.
  • Several UNECE groups have been holding online meetings. For instance, the 118th session of the Working Party on General Safety Provisions (GRSG) (15–17 July) was held via Webex, without interpretation, and is considered an informal meeting

Any reference to deliberation or decision making online?

  • UNECE Executive Committee – Special procedures during the COVID-19 period (adopted in April 2020 and extended in July 2020) refers to use of the silence procedure for decision-making.
  • Proceedings of the 118th session of GRSG: ‘Decisions taken during the informal virtual meeting will be circulated after the meeting in the three ECE official languages to the delegations of Contracting Parties via their missions in Geneva for final approval under silence procedure of 10 days.’

European Organization for Nuclear Research

Acronym: CERN

Address: Espl. des Particules 1, 1211 Meyrin, Switzerland

Website: https://home.cern/

Stakeholder group: NGOs and associations

CERN is widely recognised as one of the world’s leading laboratories for particle physics. At CERN, physicists and engineers probe the fundamental structure of the universe. To do this, they use the world’s largest and most complex scientific instruments – particle accelerators and detectors – to study the basic constituents of matter and the forces that shape the universe. Technologies developed at CERN go on to have a significant impact through their applications in wider society.

Digital activities

CERN has had an important role in the history of computing and networks. The World Wide Web (WWW) was invented at CERN by Sir Tim Berners-Lee. The web was originally conceived and developed to meet the demand for automated information-sharing between scientists at universities and institutes around the world. Grid computing was also developed at CERN with partners and thanks to funding from the European Commission. The organisation also carries out activities in the areas of cybersecurity, big data, machine learning, artificial intelligence (AI), data preservation, and quantum technology.

Digital policy issues

Cloud computing 

The scale and complexity of data from the Large Hadron Collider (LHC), the world’s largest particle accelerator, is unprecedented. This data needs to be stored, easily retrieved, and analysed by physicists all over the world. This requires massive storage facilities, global networking, immense computing power, and funding. CERN did not initially have the computing or financial resources to crunch all of the data on site, so in 2002 it turned to grid computing to share the burden with computer centres around the world. The Worldwide Large Hadron Collider Computing Grid (WLCG) builds on the ideas of grid technology initially proposed in 1999 by Ian Foster and Carl Kesselman. The WLCG relies on a distributed computing infrastructure, as data from the clashes of protons or heavy ions is distributed via the Internet for processing at data centres worldwide. This approach of using ‘virtual machines’ is based on the same paradigm as cloud computing. It is expected that further CERN developments in the field of data processing will continue to influence digital technologies.

Telecommunications infrastructure 

In the 1970s, CERN developed CERNET, a lab-wide network to access mainframe computers in its data centre. This pioneering network eventually led CERN to become an early European adopter of TCP/IP for use in connecting systems on site. In 1989, CERN opened its first external TCP/IP connections and by 1990, CERN had become the largest Internet site in Europe and was ready to host the first WWW server. Nowadays, in addition to the WLCG and its distributed computing infrastructure, CERN is also the host of the CERN Internet eXchange Point (CIXP), which optimises CERN’s Internet connectivity and is also open to interested Internet Service Providers (ISPs).

Digital standards 

Ever since releasing the World Wide Web software under an open-source model in 1994, CERN has been a pioneer in the open-source field, supporting open-source hardware (with the CERN Open Hardware Licence), open access (with the Sponsoring Consortium for Open Access Publishing in Particle Physics – SCOAP3) and open data (with the CERN Open Data Portal). Several CERN technologies are being developed with open access in mind, such as  Indico, Invenio, Zenodo. Open-source software, such as CERNBox, CTA, EOS, FTS, GeantIV, ROOT , RUCIO, SWAN have been developed to handle, distribute and analyse the huge volumes of data generated by the LHC experiments and are also made available to the wider society.

Data governance 
>

CERN manages vast amounts of data, and not only scientific data, but also data in more common formats such as webpages, images and videos, documents, and more. For instance, the CERN Data Centre processes on average one petabyte (one million gigabytes) of data per day. As such, the organisation notes that it faces the challenge of preserving its digital memory. It also points to the fact that many of the tools that are used to preserve data generated by the LHC and other scientific projects are also suitable for preserving other types of data and are made available to the wider society.

Artificial intelligence 

Through CERN openlab, CERN collaborates with leading ICT companies and research institutes. The R&D projects carried out through CERN openlab are currently addressing topics related to data acquisition, computing platforms, data storage architectures, compute provisioning and management, networks and communication, machine learning and data analytics, and quantum technologies. CERN researchers are using machine learning techniques as part of their efforts to ‘maximise the potential for discovery…and optimise resources usage’. Machine learning is used, for instance, to improve the performance of LHC experiments in areas such as particle detection and managing computing resources. Going one step further, at the intersection of AI and quantum computing, CERN openlab is exploring the feasibility of using quantum algorithms to track the particles produced by collisions in the LHC, and is working on developing quantum algorithms to help optimise how data is distributed for storage in the WLCG.

United Nations Conference on Trade and Development

Acronym: UNCTAD

Address: Palais des Nations, Av. de la Paix 8-14, 1211 Genève, Switzerland

Website: https://unctad.org

Stakeholder group: International and regional organisations

The United Nations Conference on Trade and Development (UNCTAD) is a UN body dedicated to supporting developing countries in accessing the benefits of a globalised economy more fairly and effectively. It provides analysis, facilitates consensus-building, and offers technical assistance, thus helping countries use trade, investment, finance, and technology to support inclusive and sustainable development.

UNCTAD also works to facilitate and measure progress towards achieving the sustainable development goals (SDGs), through a wide range of activities in areas such as technology and innovation, trade, investment, environment, transport and logistics, and the digital economy.

UNCTAD’s work often results in analyses and recommendations that can inform national and international policy-making processes, and contribute to promoting economic policies aimed at ending global economic inequalities and generating human-centric sustainable development.

Digital Activities

UNCTAD is particularly active in the field of e-commerce, trade, and the digital economy, carrying out a wide range of activities from research and analysis to providing assistance to member states in developing adequate legislative frameworks and facilitating international dialogue on the development opportunities and challenges associated with the digital economy. UNCTAD also works to facilitate and measure progress towards achieving the SDGs, in particular through (but not limited to) its activities in the field of science, technology, and innovation (STI) for development. Consumer protection, gender equality, and privacy and data protection are other digital policy areas where UNCTAD is active.

Digital policy issues

E-commerce and trade 

UNCTAD’s work programme on e-commerce and the digital economy (ECDE Programme), encompasses several research and analysis, consensus building and technical assistance activities, as follows:

Research and analysis

UNCTAD conducts research and analysis on e-commerce and the digital economy and their implications for trade and development. These are mainly presented in its flagship publication, the Digital Economy Report (known as Information Economy Report until 2017), and in its Technical Notes on ICT for Development.

Consensus building on e-commerce and digital economy policies

UNCTAD’s Intergovernmental Group of Experts on E-commerce and the Digital Economy meets regularly to discuss ways to strengthen the development dimension of e-commerce and the digital economy. The group’s meetings are usually held in conjunction with the eCommerce Week, an annual event hosted by UNCTAD and featuring discussions on development opportunities and challenges associated with the digital economy.

E-Commerce assessments and strategy formulation

The eTrade Readiness Assessments (eT Readies) assist least developed countries (LDCs) and other developing countries in understanding their e-commerce readiness in key policy areas in order to better engage in and benefit from e-commerce. The assessments provide recommendations to overcome identified barriers and bottlenecks to growth and enjoying the benefits of digital trade.

UNCTAD’s work on information and communication technology (ICT) policy reviews and national e-commerce strategies involves technical assistance, advisory services, diagnostics, and strategy development on e-commerce, and national ICT planning at the request of governments. Through an analysis of the infrastructural, policy, regulatory, institutional, operational, and socioeconomic landscape, the reviews help governments to overcome weaknesses and bureaucratic barriers, leverage strengths and opportunities, and put in place relevant strategies.

Legal frameworks for e-commerce

UNCTAD’s E-commerce and Law Reform work helps to develop an understanding of the legal issues underpinning e-commerce through a series of capacity-building workshops for policymakers at the national and regional levels. Concrete actions include: Assistance in establishing domestic and regional legal regimes to enhance trust in online transactions, regional studies on cyber laws harmonisation, and the global mapping of e-commerce legislation through its ‘Global Cyberlaw Tracker’.

Measuring the information economy

UNCTAD’s work on measuring the information economy includes statistical data collection and the development of methodology, as well as linking statistics and policy through the Working Group on Measuring E-commerce and the Digital Economy, established by the Intergovernmental Group of Experts on E-Commerce and the Digital Economy. Figures are published in the biennial Digital Economy Report and the statistics portal UNCTADstat. Technical co-operation here aims to strengthen the capacity of national statistical systems to produce better, more reliable, and internationally comparable statistics on the following issues: ICT use by enterprises, size and composition of the ICT sector, and e-commerce and international trade in ICT-enabled services. UNCTAD also produces the B2C E-commerce Index which measures an economy’s preparedness to support online shopping.

Smart Partnerships through eTrade for all

The eTrade for all initiative (eT4a) is a global collaborative effort of 32 partners to scale up co-operation, transparency, and aid efficiency towards more inclusive e-commerce. Its main tool is an online platform (etradeforall.org), a knowledge-sharing and information hub that facilitates access to a wide range of information and resources on e-commerce and the digital economy. It offers a gateway for matching the suppliers of technical assistance with those in need. Beneficiaries can connect with potential partners, learn about trends, best practices, up-to-date e-commerce indicators, and upcoming events all in one place. The initiative also acts as catalyst of partnership among its members for increased synergies. This collaboration has concretely translated into the participation of several eT4a partners as key contributors to the various eCommerce Weeks organised by UNCTAD and in the conduct and review of eTrade Readiness Assessments.

Consumer protection 

Through its Competition and Consumer Policies Programme, UNCTAD works to assist countries in improving their competition and consumer protection policies. It provides a forum for intergovernmental deliberations on these issues, undertakes research, policy analysis and data collection, and provides technical assistance to developing countries. The Intergovernmental Group of Experts on Consumer Protection Law and Policy monitors the implementation of the UN Guidelines for Consumer Protection and carries out research and provides technical assistance on consumer protection issues (including in the context of e-commerce and the digital economy).

UNCTAD’s work programme on consumer protection is guided, among others, by the UN Conference of Competition and Consumer Protection (held every five years). In 2020, the conference will hold high-level consultations on strengthening consumer protection and competition in the digital economy, and international enforcement co-operation among consumer protection authorities in electronic commerce.

Given the significant imbalances in market power in the digital economy, competition policy is becoming increasingly relevant for developing countries. UNCTAD addresses this issue in the Intergovernmental Group of Experts on Competition Law and Policy.

UNCTAD also runs the Research Partnership Platform, aimed at contributing to the development of best practices in the formulation and implementation of competition and consumer protection laws and policies.

Sustainable development 

UNCTAD works to facilitate and measure progress towards achieving the SDGs, in particular through (but not limited to) its activities in the field of STI for development. The organisation supports countries in their efforts to integrate STI in national development strategies, through initiatives such as Science, Technology and Innovation Policy Reviews and capacity building programmes (such as the Innovation Policy Learning Programme). The eT4a initiative is also intended to contribute to several SDGs, especially in relation to decent work and economic growth, innovation and infrastructure, global partnerships, and gender equality. Moreover, UNCTAD’s SDG Pulse offers statistical information on developments related to the 2030 Agenda for Sustainable Development.

UNCTAD’s Investment Policy Framework for Sustainable Development provides guidance for policymakers in formulating national investment policies and in negotiating investment agreements. The organisation is also part of the Toolbox for Financing for SDGs – a platform launched in 2018 at the initiative of the President of the UN General Assembly to assist countries and financial actors in exploring solutions to the challenges of financing the SDGs.

UNCTAD carries out research and analysis work covering various development-related issues, examples being its Digital Economy Report and the Technical notes on ICT for development. As the body responsible for servicing the UN Commission on Science and Technology for Development (CTSD), UNCTAD also assists the CSTD in its sustainable development-related work, for instance by preparing studies and reports on issues such as the impact of advanced technologies on sustainable development.

Other UNCTAD activities designed to contribute to sustainable development cover issues such as climate change, the circular economy, and intellectual property.

Capacity development 

Many activities undertaken by UNCTAD have a capacity development dimension. For instance, its work on e-commerce and trade includes supporting developing countries in establishing adequate legal frameworks in these areas (e.g. its eCommerce and Law Reform work) and in producing statistics that can guide effective policy-making (e.g. the Measuring E-commerce and the Digital Economy activities and the ICT Policy Reviews ). UNCTAD’s E-Learning on Trade platform provides courses and training on issues such as trade, gender and development and non-tariff measures in trade.

UNCTAD also works to build capacity in STI policy-making in developing countries, through initiatives such as the Innovation Policy Learning programme and STI training provided in the context of the P166 programme.

Additionally, UNCTAD’s Virtual Institute – run in co-operation with universities worldwide – is dedicated to building knowledge for trade and development. Another area where UNCTAD provides capacity building for developing countries is that of statistics: The organisation and its partners assist national statistics organisations in the collection, compilation and dissemination of their statistics in domains such as trade, sustainable development, and investments.

Gender rights online 

UNCTAD runs a Trade, Gender and Development Programme dedicated to assisting countries in developing and implementing gender-sensitive trade policies, conducting gender impact analyses of trade policies and agreements, and strengthening the links between trade and gender. One notable initiative is the eTrade for Women initiative, dedicated to advancing the empowerment of women through ICTs.

Other initiatives undertaken in this area include capacity building on trade and gender, the Women in STEM: Changing the narrative dialogues, and the  Data and statistics for more gender-responsive trade policies in Africa, the Caucasus and Central Asia project.

Data governance? 

As data has become a key resource in the digital economy, data governance is a fundamental part of the work of UNCTAD. This is illustrated, for example, in the research and analysis work of the Digital Economy Report 2019, which focused on the role of data as the source of value in the digital economy and how it is created and captured. Moreover, some of UNCTAD’s work on e-commerce and digital trade touches specifically on privacy and data protection issues. For instance, the eCommerce and Law Reform work dedicated to supporting developing countries in their efforts to establish adequate legal frameworks for e-commerce also covers data protection and privacy among the key issues addressed. The Global Cyberlaw Trackers offers information on data protection laws in UNCTAD member states.

Also relevant for data governance discussions is UNCTAD’s work on statistics, as the organisation collects and analyses a wide range of data on issues such as economic trends, international trade, population, and the digital economy. Moreover, UNCTAD’s SDG Pulse offers statistical information on developments related to the 2030 Agenda for Sustainable Development.

UNCTAD is also running several projects focused on improving the efficiency of data management in the context of activities such as maritime trade (e.g. the Digitising Global Maritime Trade project) and customs operations (e.g. the Automated System for Customs Data).

Digital tools

 UNCTAD has developed several digital tools and online platforms in recent years. Examples include:

Future of meetings

Any reference to online or remote meetings?

Any reference to deliberation or decision making online?

World Trade Organization

Acronym: WTO

Address: Rue de Lausanne 154, 1202 Genève, Switzerland

Website: https://wto.org

Stakeholder group: International and regional organisations

The World Trade Organization (WTO) is an intergovernmental organisation that deals with the rules of trade among its members. Its main functions include: administering WTO trade agreements; providing a forum for trade negotiations; settling trade disputes; monitoring national trade policies; providing technical assistance and training for developing countries; and ensuring co-operation with other international organisations.

WTO Members have negotiated and agreed upon rules regulating international trade, fostering transparency and predictability in the international trading system. The main agreements are the Marrakesh Agreement Establishing the WTO, the General Agreement on Tariffs and Trade (GATT); the General Agreement on Trade in Services (GATS); and the Agreement on Trade-related Aspects of Intellectual Property Rights (TRIPS Agreement).

Digital Activities

Several Internet governance and digital trade policy related issues are discussed in the WTO. These include e-commerce, intellectual property (IP), and market access for information and communication technology (ICT) ICT products and services. E-commerce discussions are ongoing under the Work Programme on Electronic Commerce and among a group of members currently negotiating e-commerce rules under the Joint Statement on E-commerce. Discussions focus on several digital issues, including: data flows and data localisation; access to source code; cybersecurity; privacy; consumer protection; and customs duties on electronic transmissions.

As part of its outreach activities, the WTO organises an annual Public Forum, which brings together governments, non-governmental organisations, academics, businesses, and other stakeholders, for discussions on a broad range of issues, including many relating to the digital economy.

Digital policy issues

E-commerce and trade 

The WTO agreements cover a broad spectrum of trade topics, including some related to e-commerce, which has been on the WTO’s agenda since 1998 when the ministers adopted the Declaration on Global Electronic Commerce. The Declaration instructed the General Council to establish a Work Programme on electronic commerce. In that Declaration, members also agreed to continue the practice of not imposing customs duties on electronic transmissions (the ’moratorium’). The Work Programme provides a broad definition of e-commerce and instructs four WTO bodies to explore the relationship between WTO Agreements and e-commerce. The Work Programme and the moratorium have been periodically reviewed and renewed. In December 2019, the General Council agreed to reinvigorate the Work Programme and continue the moratorium until the Twelfth Ministerial Conference. In addition, members agreed to have structured discussions on all trade-related topics of interest brought forward by members, including on the scope, definition, and impact of the moratorium.

At the Eleventh Ministerial Conference in 2017, a group of members issued a Joint Statement on Electronic Commerce (JSI) to explore work towards future WTO negotiations on trade-related aspects of e-commerce. Following the exploratory work, in January 2019, 76 Members confirmed their ’intention to commence WTO negotiations on trade-related aspects of electronic commerce’ and to ’achieve a high standard outcome that builds on existing WTO agreements and frameworks with the participation of as many WTO Members as possible.’ Negotiations are continuing among 85 Members and are structured under 6 broad themes, namely: enabling digital trade/e-commerce; openness and digital trade/e-commerce; trust and digital trade/e-commerce; cross-cutting issues; telecommunications; and market access. Specific issues under discussion include provisions related to customs duties, paperless trading. cross-border transfers of information, spam, cybersecurity, electronic authentication and electronic signatures, location of computing facilities, consumer protection, protection of personal information, and market access.

Taxation 

WTO members agreed to a temporary moratorium on the imposition of customs duties on electronic transmissions at the Second WTO Ministerial Conference in the 1998  Geneva Ministerial Declaration. The moratorium has been extended periodically, including most recently in December 2019. While some WTO members argue that the moratorium should be made permanent, others have noted the need to clarify its scope and for further analysis of its impact; for example on development and customs revenues, especially given concerns that more types of physical goods could be digitised or transmitted digitally in the future. Other members have supported a more holistic approach to the moratorium, beyond the revenue implications.

Access 

Information Technology Agreement (ITA-I and ITA-II)

The ITA-I was concluded by 29 participants in 1996. Through this agreement, participating WTO members eliminated tariffs on several ICT products – including computers and mobile telephones – with the aim to intensify global competition among certain ICT goods allowing for greater access to the Internet and growth of the digital economy, including for least-developed countries. Currently, 82 WTO members are participants in ITA-I, accounting for approximately 97% of world trade in ITA-I products. At the Tenth WTO Ministerial Conference in Nairobi in 2015, over 50 WTO members concluded ITA-II, an agreement expanding the coverage of ITA-I by 201 tariff lines. ICT products such as optical lenses and GPS navigation equipment were added. The rationale of this product expansion was to keep the benefits of tariff elimination in touch with innovation. At present, the ITA-II consists of 55 WTO members, representing approximately 90% of world trade in ITA-II products. The ITA is being discussed in the JSI under the market access focus group.

Telecommunications infrastructure 

In 1997, WTO members successfully concluded negotiations on market access for basic telecommunications services through the GATS Annex on Telecommunications, which contains provisions to guarantee service suppliers access to and use of basic telecommunications needed to supply their services. Through a reference paper on regulatory principles, members also agreed to safeguard against anticompetitive practices by dominant suppliers of basic telecommunications. Since 1997, an increasing number of WTO members have undertaken commitments on telecommunications. Under the JSI negotiations, participants are discussing a proposal focused on telecommunications services, aiming to update provisions of the reference paper.

Digital standards 

International standards are important to the global digital economy as they can enable interconnectivity and interoperability for telecommunications and Internet infrastructures. The WTO Technical Barriers to Trade Agreement (TBT Agreement) aims to ensure that technical regulations, standards, and conformity assessment procedures affecting trade in goods (including telecommunications products) are non-discriminatory and do not create unnecessary obstacles to trade. The TBT Agreement strongly encourages that such regulatory measures be based on relevant international standards.

The TBT Committee serves as a forum where governments discuss and address concerns with specific regulations, including those affecting digital trade. Examples of relevant TBT measures notified to or discussed at the TBT Committee include: (i) measures addressing the Internet of Things (IoT) and related devices in terms of their safety, interoperability, national security/cybersecurity, performance, and quality; (ii) measures regulating 5G cellular network technology for reasons related to, among others, national security and interoperability; (iii) measures regulating 3D printing (additive manufacturing) devices; (iv) measures regulating drones (small unmanned aircraft systems) due to risks for humans/consumers, interoperability problems, and national security risks; and (v) measures dealing with autonomous vehicles, mostly concerned with their safety and performance.

Data governance 

The growth of the global digital economy is fuelled by data. Discussions on how provisions of WTO agreements apply to data flows are ongoing among WTO members. In this context, the GATS is particularly relevant, as it could apply to services such as: (i) data transmission and data processing by any form of technology (e.g. mobile or cloud technologies); (ii) new ICT business models such as infrastructure as a service (IaaS); (iii) online distribution services e.g. (e-commerce market platforms); and (iv) financial services such as mobile payments. The extent to which members can impose restrictions on data or information flows is determined by their GATS schedules of commitments. Under the JSI, proposals on cross-border data flows have been submitted and are being discussed. These proposals envision a general rule establishing free flow of data for the purpose of commercial activities. Proposed exceptions to this general rule are, for the most part, similar to the existing GATS General Exceptions and relate to, for example, protection of personal data, protection of legitimate public policy objectives, national security interests, and exclusion of governmental data. Issues related to data flows have also been raised by members in other contexts at the WTO, especially when national measures adopted for cybersecurity have been considered as trade barriers.

Intellectual property rights 

The TRIPS Agreement is a key international instrument for the protection of IP and is of relevance to e-commerce. The technologies that underpin the Internet and enable digital commerce such as software, routers, networks, switches, and user interfaces are protected by IP. In addition, e-commerce transactions can involve digital products with IP-protected content, such as e-books, software, or blueprints for 3D -printing. As IP licences often regulate the usage rights for such intangible digital products, the TRIPS Agreement and the international IP Conventions provide much of the legal infrastructure for digital trade.

IP-related issues are also being discussed in the JSI. Submitted proposals include text on limiting requests to the access or transfer of source code. The source code or the data analysis used in the operation of programmes or services is often legally protected by IP law through copyright, patent, or trade secret provisions. The main goal of the JSI proposals on access to source code is to prevent members from requiring access or transfer of the source code owned by a national of another member. Some exceptions to this general prohibition have also been proposed. For example, for software that is used for critical infrastructures and public procurement transactions.

Arbitration 
One of the core activities of the WTO is to provide a dispute settlement mechanism through which WTO members can enforce their rights under the WTO agreements. A trade dispute arises when a member considers that another member is violating a legal provision or commitment made under any of the WTO agreements. Disputes under this mechanism have involved Internet-related issues, telecommunications services, electronic payment services, IP rights, ICT products, and online gambling. The US – Gambling case concerning the cross-border supply of online gambling and betting services is particularly relevant to e-commerce.
Cybersecurity 

Cybersecurity issues have been addressed in several WTO bodies. For example, the TBT Committee has discussed national cybersecurity regulations applicable to ICT products and their potential impact on trade. In the TBT Committee, to date, WTO members have raised over 15 specific trade concerns related to cybersecurity regulations. Some of the specific issues discussed include how cybersecurity regulations discriminating against foreign companies and technologies can have a negative impact on international trade in ICT products. Proposals on cybersecurity have also been tabled in the JSI on e-commerce. Discussions have focused on strengthening national capacities for incident response and collaboration mechanisms; encouraging co-operation; and sharing of information and best practices on addressing incidents. Cybersecurity has also been discussed in the context of cross-border data flows and electronic authentication.