ISO/IEC

In the framework of this fellowship, I worked on a Technical Report (TR) that addresses critical gaps and challenges in the international standards landscape for digital content identification and binding mechanisms.
The absence of a common terminology across standardisation communities poses a major challenge. Different communities use inconsistent language when describing how content is connected with its metadata or other associated information. Whereas the C2PA initiative uses its own distinct terminology, other standardisation communities (e.g. W3C or OAIS) have different interpretations of what bindings mean. This terminological divergence leads to interoperability and mutual understanding barriers. The TR is establishing a comprehensive taxonomy that provides a neutral reference framework for multiple standardisation efforts, facilitating clearer communication across standardisation communities.
A gap the TR is addressing, is the limited comprehension of how binding mechanisms respond to content transformations. Digital content undergoes frequent alterations through compression, format conversion, and editing. Traditional identifier systems often fail when these changes occur, particularly when embedded metadata is stripped. The Working Group systematically analyses characteristics and limitations of different binding approaches, from cryptographic hashing to robust fingerprinting to watermarking techniques. This analysis will help stakeholders to make informed architectural decisions tailored to their specific requirements.
Moreover, the fellowship further contributes to positioning the recently published ISCC standard (ISO 24138:2024) within a broader global context. The TR serves as an educational resource, helping stakeholders understand how similarity-preserving identification methods complement established identification systems and address emerging needs in content provenance and authenticity verification, particularly relevant with current growth of AI-generated content.
 

This was a short-term fellowship supporting my convernorship. During the period, I contributed to the following activities: 
Ensuring the sustainability of the standards developed within the IEC/JTC1/SC7/WG19 working group,
Identifying existing difficulties and proposing solutions to resolve them,
Raising awareness among the various members of the working group of the need to use OSD in future standards development,
Coordinating actions with the WG19 secretary and reporting to the SC7 secretariat.
 

This fellowship targets consumer-centric privacy by design in international standards work. Moreover, the Specific priorities, gaps and challenges identified are: 

• Consumer trust and privacy gaps: Fragmented practice and fast-moving online services erode user trust; legal principles (e.g., privacy by design, accountability) are not consistently translated into usable, testable requirements. 
• Stakeholder involvement: Consumer organisations and SMEs face high barriers to engage in lengthy, technical processes; national mirrors vary widely in how consumer voices are integrated. 
• Skills & usability deficits: Lack of shared patterns (consent, transparency UX, data control) and uneven digital skills hinder meaningful participation and compliant implementations. 
• Landscape fragmentation: Overlapping activities across SDOs make it hard for newcomers to find entry points, slowing delivery on e-privacy, safety, and transparency outcomes. 

How the fellowship addressed these

This fellowship supports my engagement as the chair of Chair of  ISO/IEC JTC 1/SC 44. The group’s Strategic Business Plan (SBP) aims to respond the the challenges identified above in the following manners: 

• Th TC establishes an inclusive, modular work approach that supplements ISO 31700-1 with smaller, technology-/sector-specific deliverables—lowering thresholds for participation and speeding time-to-impact on safety, transparency, and e-privacy. 
• Low-threshold stakeholder mechanisms: Communications/outreach plan and light-touch consultation formats to systematically bring in consumer groups and civil society, aligned with ISO/COPOLCO and relevant liaisons. 
• SME: A stepwise, outcome-oriented approach envisaged in the SBP to accommodate different maturity levels and resource constraints, easing adoption by SMEs. 
• Early scoping of verticals: Following the September 2025 SC 44 meetings in Kunming, first preliminary work is being initiated with additional verticals to follow.

The fellowship tackles the lack of international, or European, standard or technical specification that focuses explicitly on privacy and data protection capabilities of DLT systems. With this regards, ISO TS 24946 “Requirements and guidance for improving, preserving, and 
assessing the privacy capability of DLT systems” has now reached CD stage (July 2025) and will endeavour to move through this process and be completed in 2026. This process requires continued support from experts to ensure delivery, as scheduled. In this sense, the priority of this activity focuses  at the European level, CEN/CENELEC  JTC 19/WG3 to produce a European standard on PII protection within DLT which is strongly influenced by ‘DIN Spec 4997 - Privacy by Blockchain Design’ and the aforementioned ISO TS 24946. This European specification will seek to harmonise the GDPR and recent EDPB guidance to produce a technical specification intended for the European DLT ecosystem. 
This European specification will provide much needed clarity for the DLT ecosystem as regards data protection and privacy capabilities, affordances, and assessment. Further harmonisation between the international specification at ISO and the European standard will support interoperability, and ensure that privacy and data protection capabilities are harmonised globally. The main challenges concerns exacting requirements from regulations such as Article 76(3) of MiCAR, as well as Article 79(1) of the European AMLR will require navigation. Standards 
require alignment and compatibility with those legal texts, as well as corresponding regulations regarding personal data, data markets, and trust services (e.g., GDPR, Data Act, eIDAS2). Ensuring there are no gaps between regulatory texts and the proposed European standards will be a primary focus. Also, it must be ensured that there are no substantial gaps between international specifications and European standards will be the second focus. Standards alignment between ISO and CEN/CENELEC is viewed as a key outcome to benefit the global DLT ecosystem, and one that requires strong consensus building, given slightly different international privacy perspectives and preferences.