The Convergence between technology and standards, along with regulatory coherence, are critical in the global information and communication industry. In this analysis, we will explore the challenges and strategies for establishing and adopting technology and regulatory standards, both in the European context and internationally, highlighting the importance of open hardware and regulatory policies in this process.
Technology and Regulatory Standardization Strategies: Overcoming Challenges in a Global Context
Open Standards: Key to Innovation and Interoperability
Open standards are essential in fostering innovation, ensuring interoperability, and promoting competition in the technology sector. Unlike proprietary standards, open standards are publicly available and can be used by anyone, which encourages widespread adoption and integration across different systems and platforms.
- Definition and Importance: Open standards refer to specifications that are openly accessible and can be used and implemented by anyone. They are crucial in creating a level playing field, allowing different technologies and solutions to work seamlessly together.
- Examples of Open Standards: Notable examples include the Internet Protocol (IP), which underpins the functioning of the internet, and the Hypertext Transfer Protocol (HTTP), which is used for transferring web pages. In the hardware domain, standards such as those promoted by the Open Compute Project (OCP) facilitate the development of interoperable and cost-effective data center hardware.
- Benefits of Open Standards: They enhance interoperability, reduce costs by preventing vendor lock-in, and spur innovation by allowing multiple stakeholders to contribute to and build upon a common framework. Moreover, open standards support regulatory goals by ensuring that technologies adhere to established benchmarks for security, privacy, and performance.
As we have highlight in the course of the Horizon Europe GoIT project, openness is key also in the transition from de facto standards to de iure standards.
Physically Unclonable Functions (PUFs): Enhancing Security Standards
Physically Unclonable Functions (PUFs) are a crucial advancement in enhancing the security of technology standards. PUFs leverage the inherent manufacturing variations in physical objects to create unique identifiers that are nearly impossible to duplicate. This makes them highly effective for security applications, such as device authentication and secure key generation. These identifiers can be used for secure communication, anti-counterfeiting measures, and robust authentication mechanisms.
- Applications in Technology Standards: The inclusion of PUFs in technology standards can significantly enhance security. For instance, in the Internet of Things (IoT) devices, PUFs can provide a secure method for device authentication, ensuring that only authorized devices can access the network. This is particularly important as the number of connected devices continues to grow exponentially.
- Relevant Standards and Regulations: Various international standards address the use of PUFs. For example, ISO/IEC 20897 provides guidelines on the test and evaluation methods for PUFs, ensuring their reliability and effectiveness in security applications. Incorporating these standards into regulatory frameworks can enhance the overall security posture of technology systems.
- Challenges and Future Directions: While PUFs offer significant security benefits, there are challenges in their widespread adoption, including the need for standardization and the integration of PUF technology into existing systems. Future efforts should focus on developing comprehensive standards and promoting industry collaboration to overcome these challenges.
Cooperation Needs between the Regulator and the Standardization Body
Standards bodies, as industry consortia, play a crucial role in defining technology standards globally. For example, hardware open solutions such as OpenPLC and Eclipse 4diac, which adhere to IEC standards, are outstanding examples of how collaboration between regulators and standards bodies can promote innovation and interoperability.
The importance of security requirements and test methods for Physically Unclonable Functions (PUFs) is also addressed, with reference to relevant ISO standards.
CONCEPT | POLICY INTERVENTION | EFFECTS ON TECHNOLOGY |
Access to telecommunication content | National laws | Ensuring lawful intercept capabilities in telecommunications networks by influencing the use of encryption in hops between networks, or the use of identifiers inside of networks. |
Accessibility | EU Web Accessibility Directive | Upholding of W3C WCAG. Technologies and websites designed with disabled in mind. Assistive technologies. |
Do Not Track (DNT) signals | ePrivacy Directive | Used to be considered a pathway to regulatory compliance, also within the EU. Now with diminishing support and legal clarity. |
On-demand operating system modifications | French policymaker pressure (contact tracing)US requests of iOS unlocking in judicial probe | No effects. |
Privacy in the design phase | GDPR and laws modeled on it | Privacy considered on the design phase of technologies and standards. Standardisation checklists for privacy considerations influenced on activities in basic communication standards at organisations like the W3C, IETF, and IEEE. Impact on how identifiers are constructed (i.e. to limit privacy risks of fingerprinting), or the amount of attention paid to security work while completing the standard. |
Reversible encryption / on-demand decryption | (Predominantly) national laws | Impact on integrity and confidentiality of elements in communications technologies or web services (i.e., delayed improvements, fewer safeguards against flaws, etc.). |
Challenges of the Current Regulatory Approach
The current regulatory approach faces a number of significant challenges in the context of technology standardization. One of the main challenges lies in the speed of adaptation to technological advances. Emerging technologies, such as artificial intelligence, the Internet of Things (IoT) and cloud computing, are evolving rapidly, making it difficult for regulations and standards to keep up.
In addition, the globalization of markets and the diversity of regulatory approaches between different regions and countries add complexity to the standardization process. Lack of harmonization and divergence in regulatory requirements can hinder interoperability and the adoption of common standards, which in turn can affect competitiveness and innovation in the global marketplace.
Another major challenge is the need to balance innovation with security and consumer protection. As technologies advance, concerns arise about data privacy, cybersecurity and the social impact of technology. Regulations must be flexible enough to encourage innovation, but also robust enough to protect users and ensure the integrity of systems.
Complexity and bureaucracy in the certification and compliance processes also represent significant challenges. High costs and lack of transparency in these processes can be barriers to entry for new companies and limit competition in the market.
Finally, the lack of participation and equitable representation of all stakeholders in standardization and regulatory processes is another key challenge. It is critical to ensure the inclusion of diverse perspectives, including those of civil society, academia and small and medium-sized enterprises, to develop regulations and standards that reflect the needs and concerns of all stakeholders.
Inadequacy of the Standardization Model
Technology standardization, both at the international and European levels, faces practical and complex challenges that require careful attention and innovative strategies to address them effectively. One of these challenges is the lack of harmonization and coordination between different regions and standardization bodies. The diversity of approaches and regulations can hinder interoperability and widespread adoption of common standards, which in turn can hinder innovation and limit the development of more efficient and accessible technology solutions.
In addition, the rapid evolution of emerging technologies, such as artificial intelligence, the Internet of Things (IoT) and cloud computing, poses additional challenges for standardization processes. The ability of standards bodies to keep up with these technological advances and develop relevant and effective standards in a timely manner is crucial to ensure competitiveness and sustainability in the global marketplace.
At the policy level, concerns arise related to semiconductor manufacturing, digital sovereignty and technological independence. Dependence on certain regions or countries in the technology supply chain can pose risks to security and strategic autonomy. Therefore, it is critical to foster dialogue between experts and policy makers to address these concerns and develop policies and strategies that promote diversification and resilience in the technology supply chain.
At the community level, it is crucial to leverage EU-funded projects and actively engage with stakeholders in the open hardware community. These initiatives can provide opportunities to collaborate on the development of open standards, promote innovation and strengthen Europe’s position in the global technology landscape.
Policy Recommendations for the Future
To address these challenges, three key policy directions are proposed.
- Simplify standardization procedures to accelerate the adoption of global technology standards.
- Develop a modern and coherent strategy for participation in technology standards, aligned with European values and international standards.
- Structure the influence on technology standardization through an active and long-term policy that fosters collaboration between the public and private sectors at a global level.
Conclusions
European values and technology standards are closely intertwined, but their relevance extends beyond European borders, affecting the global landscape. Effective implementation of policies, standards, procedures and guidelines in the technological and regulatory domain is critical to drive innovation, competitiveness and market coherence globally.
References
For more details on the findings of the publication:
- Evidence-based policy making and stakeholder engagement, in the book “OECD Regulatory Policy Outlook 2021”
- The Internet is for End Users
- Policy strategies for value-based technology standards
- The Making of Conservation Standards Version 4.0
- Physically Unclonable Functions: A Study on the State of the Art and Future Research Directions
Final Note
The detailed analysis of the challenges and strategies in technological and regulatory standardization at both the European and international level, in relation to open hardware, highlights the complexity and importance of coordinated and proactive action to address global market challenges.