Academia/Research

CEN/TC251 Health Informatics is a standards delivery organisation, meaning that it approves standards in Europe, but the standards do not have to be created in Europe. In fact, many of them come from the global health informatics committee ISO/TC215. For this reason, it is important to monitor and contribute to the standards prepared in ISO/TC215. This is what the purpose of this fellowship was about.
ISO/TC215 has around 10 working groups (WGs) and CEN/TC251 has two. I am the convener of the second one and I try to follow those ISO/TC215 WGs that operate within the scope of my WG in CEN/TC251. This is not always easy because the ISO/TC215 WG meetings take place at the same time. In ISO/TC215 I participate mainly in interoperability, information security, and health software development areas.
Artificial Intelligence (AI) is coming to healthcare, too. As I have AI experience through my doctoral studies and projects that followed, it has been natural for me to follow AI standardisation, too. The ISO/TC215 meeting in Toronto in October 2025 made it clear that the number of AI related work items is increasing in ISO/TC215. ISO/TC215 has a joint working group 3 (JWG3) with JTC1/SC42 Artificial Intelligence. The idea is that the ISO/TC215 AI work items are developed in this JWG3. Attendance in JWG3 is important also because I am a member of the CEN Strategic Advisory Group on AI in healthcare.
During the ISO/TC215 Toronto meetings in October 2025, SC42 held its meetings in Sydney, Australia. After the working day was over in Toronto, work began in Sydney in Toronto evening time. I participated in particularly the healthcare AI standards development JWG3 and SC42/WG4 Use Cases meetings virtually in Sydney. Attendance in JWG3 meetings was important to motivate the ISO/TC215 initiated standardisation projects to the SC42 leadership. Through my participation, the other parties became more aware of European values in AI standardisation.
 

Standardisation in the field of Blockchain and Distributed Ledger Technologies is imperative to promote interoperability, security, and innovation across European markets. The rapid evolution of these technologies has led to a fragmented landscape of standards globally. This fragmentation presents challenges such as hindered cross-border data flow and increased compliance burdens on European businesses. My activity aims to address these critical gaps by actively participating in the creation of comprehensive, internationally recognized standards.
My engagement in the Joint ISO/TC 307 - ISO/IEC JTC 1/SC 27 WG directly supports this action. By actively participating in WG, I am bolstering Europe's representation and influence in shaping global standards in this transformative domain.
From a European perspective, this activity is pivotal. Europe seeks to not only embrace but lead in the adoption and implementation of Blockchain and Distributed Ledger Technologies. By participating in the development of standards, we ensure that Europe's interests, values, and priorities are ingrained in the foundation of these technologies. This is paramount for bolstering Europe's digital sovereignty, fostering innovation, and ensuring that European businesses remain competitive on the global stage.
 

My fellowship supports the development of a standardized framework for trustworthy, AI-native digital infrastructure by moving away from centralized, opaque architectures toward decentralized, composable, and transparent platforms. It addresses key challenges in current digital ecosystems, such as fragmentation, centralization, and lack of trust, with priorities including the development of AI-native composable infrastructure that embeds transparency, privacy, and accountability; the advancement of standards for federated AI, digital twin interoperability, and decentralized identity; and the resolution of gaps in trustworthy execution and governance to reduce Europe’s dependency on non-European platforms. The fellowship further seeks to enable federated, decentralized AI, ensure data sovereignty, and align composable infrastructure with European values of privacy, fairness, and transparency. These standardisation efforts are very significant in facilitating the timely adoption of emerging technologies with a global, interoperable standard for future AI infrastructure. 
 

In my fellowship i have been working to support the challenge of native integration of AI in the context of communication networks. While much success has been achieved in addressing network use cases with intelligent technologies, this has predominantly been applied in a case by case basis, with resulting outputs added to the networks in an ad-hoc way. Instead, AI-native networks are envisioned to accommodate the ubiquitous and native deployment of AI-based solutions in the network.
Through the work of the ITU-T Focus Group on AI-Native Networks, I contributed to the elaboration of use case, and associated requirements. I have also been supporting on the analysis of relevant key technologies that are required to realise the requirements derived from the use cases. 
 

This fellowship supported my work in updating to the IEEE 802.11 standard to prevent a recently discovered security weakness. This weakness is related to mesh networks, where, without extra defenses, an adversary could inject arbitrary packets into protected mesh networks. We designed a defense to mitigate this challenging gap. Unique about our created defense is that it is fully backward compatible, meaning each individual mesh client can independently enable this defense. As a proof-of-concept, we also implemented this defense in the Linux kernel to demonstrate practicality and confirm it prevents attacks.
 

The fellowship addressed key limitations found in version 2.0 of the OASIS Collaborative Automated Course of Action Operations (CACAO) standard. While CACAO v2.0 introduced the first machine-readable format for cybersecurity playbooks, real-world use revealed gaps that limited interoperability and automation. The most critical issues included ambiguous schema elements, unclear execution semantics, and limited support for graphical and modular representations needed to visualize and exchange playbooks. From a European standpoint, these shortcomings directly affected operations. SOCs, CSIRTs, and critical infrastructure operators faced difficulties creating executable playbooks, hindering the coordinated responses envisioned by the NIS2 Directive, the Cyber Solidarity Act, and the EU Cyber Crisis Blueprint.

The fellowship, therefore, focused on three main goals:
1. Consolidating feedback from European and international stakeholders who implemented CACAO v2.0.
2. Designing and drafting CACAO v3.0 — a major revision introducing structural schema improvements, more precise execution semantics, and modular extensibility.
3. Aligning the work with EU cybersecurity policy and operational priorities so that standardized, machine-readable playbooks can support coordinated preparedness and response.

The effort resulted in the ongoing working CACAO v3.0 Draft Specification and accompanying validation outputs, now progressing toward formal adoption within OASIS. By resolving the main technical and semantic issues, the fellowship strengthened Europe’s role in cybersecurity standardization. It established a solid, vendor-neutral foundation for automated, collaborative cyber defense across the EU.
 

This was a one-shot contribution to provide travel support for participation to the Internet Engineering Task Force (IETF), and specifically participation at the July 2025 plenary meeting in Madrid. I attended this meeting as an Internet Transport expert contributing work and progressing standards to support the evolution of the Internet and its support for enhanced resilience, authentication and privacy. An in-person attendance at the technical sessions also allowed me to progress the work for which I am an editor: Qlog draft-ietf-tsvwg-careful-resume-qlog, a transport specification based on the “qlog” specification being developed by the IETF QUIC; and a recent work item in the IETF Congestion Control working group, “Increase of the Congestion Window when the Sender Is Rate-Limited” (draft-ietf-ccwg-ratelimited-increase). In-person participation at this meeting is particularly important in my current role as an Area Director of the WIT Area, where I will help organise and oversee the meeting as a whole and specifically support the WIT area WG chairs in organising WG sessions and supporting cross area review of emerging specifications.