ISO/IEC

Annegrit's priority is the Convenorship of CEN CENELEC JTC21 WG 5,  the organisation and project support to work on the AI Act standardisation request for Cybersecurity. This includes a close collaboration with other groups within JTC 21, JTC 13, ISO IEC SC 42 and SC 27 to collect all information of existing and work under development. The main challenge is that JTC 21 and also our WG5 has a diverse structure of experts and knowledge, which makes the work, the effort and efficiency very difficult. In this case, the challenge in addition is the collaboration with other existing standardisation groups within JTC 21 as well as with JTC 13 for Cyber Resilience Act, with ETSI and their view, with ISO IEC SC 27 and SC 42.

My work aims to develop robust frameworks for the verification of cryptographic protocols within the security of ICT products, services, and processes, thereby enhancing resilience against cyber threats.

This is a project with ISO/IEC JTC 1/SC 27/WG 5 addressing Identity Management and Privacy Technologies. It feeds into broader standardisation activity around digital identity (including the EUDI Wallet), child protection, prevention of exploitation and abuse, data minimisation, privacy preservation and security objectives.

This project, towards enabling a fairer marketplace for rights holders and remuneration of authors and performers, initiated work on a new standard ISO/IEC 23000-23 Decentralised Media Rights Application Format currently at the Working Draft (WD) stage. 

The ongoing contributions to the Biometric System-on-Card related interindustry ISO/IEC standards address the following three key aspects: bridging definition gaps, enhancing clarity and consistency, and prioritising practical applicability.

Identifying standardisation gaps and creating road maps is essential for ensuring technology development addresses key problem areas.  

Overall, I am taking a more holistic view of the AI standardisation roadmap while pursuing in parallel my contributions to specific AI standards in SC 42 and JTC 21.

Explainability is critical for ensuring trustworthiness of state-of-the-art AI. Standardising explainability will build consensus on best practices methods that allow developers to build more high-performing systems, provide enhanced end-user experience, and facilitate oversight.

In the transversal aspects in data spaces, there is a lack of guidance on the integration of security and privacy, and it is crucial to develop this further as it is a barrier for compliance with regulation (e.g. CRA, AI act). 

This fellowship allows me to take part to all meetings concerning Cybersecurity, Privacy and Artificial Intelligence (even most are very early or very late in the day, as per rules for scheduling in SDO's), whilst being able to keep delivering standard based consulting especially for SMEs which need to comply for ISO 27001 certifications mostly. 

The result of my current fellowship is a gap analysis and technical report including advice to all relevant major SDOs on how to develop or change their standards to fit better together. The JWG will also lay the foundation for producing an international reference architecture for LDT:s aligned with the international reference architectures for Digital Twins, IoT and Smart Cities among others.

This work is addressing the demand of harmonised standards for radio regulations certification. In particular it is addressing RFID in the UHF frequency bands 865-868 and 915-921 MHz.