Cybersecurity/Network and Information security

In this fellowship the original objective is to start to prepare a NWI to address the age approriate topic and start the standard development. The aim is to improve the benefits and reduce the risks in the digital world for young users up to the age of 18. The solution is to adapt the content delivered by online products and services according to the age of users. Moreover, the process requires establishing the age/capacity of users, including age verification and age estimation. The CWA does NOT define age estimation and verification processes (Out of scope) but requires to select an appropriate age assurance tools/approach in conformity with established standards and official guidance.

The standards being developed should cover the requirements of the full range of stakeholders (including users, affected bystanders and manufacturers etc) over the complete lifetime of the product.

The gaps that this fellowship enables me to address has been to dedicate solid time first for the ECMA meetings that I convened, but also for the community background work that needs support and attention. The priorities are to users the creation of the core specifications for ECMA approval, which has been challenging because of the influx of attention on PURL for SBOM and CRA compliance. The challenge from PURL getting increased attention meant needing to cater to new contributors and supporting long debates and addressing objections, in particular on topics like character encoding.

This fellowship supports my engagement in ISO/IEC JTC 1 ‘Information technology’ is not on a working level (such as a contributor to specific standards) but on a strategic level.

My work aims to rationalise the resulting compliance efforts through a dedicated Technical Report (TR) under ETSI CYBER. This report will help reduce legal ambiguity, support standardisation across sectors, and ensure proportional and efficient compliance.

Through this fellowship, I am contributing to shape the standards around next-generation secure computing infrastructure. We are on the verge of a new paradigm where the security of the computing infrastructure is endorsed by hardware features and ensures protection of data at rest, in transit, and in use. 

The use of digital identity wallets is foreseen to be the best appropriate solution to support an age verification method, which uses the date of birth of the individual without disclosing it.

There is currently no standard addressing the cybersecurity of AI systems. In ISO/IEC JTC1 SC27 WG4  27090 is under development; and I contribute directly to this work.

Annegrit's priority is the Convenorship of CEN CENELEC JTC21 WG 5,  the organisation and project support to work on the AI Act standardisation request for Cybersecurity. This includes a close collaboration with other groups within JTC 21, JTC 13, ISO IEC SC 42 and SC 27 to collect all information of existing and work under development. The main challenge is that JTC 21 and also our WG5 has a diverse structure of experts and knowledge, which makes the work, the effort and efficiency very difficult. In this case, the challenge in addition is the collaboration with other existing standardisation groups within JTC 21 as well as with JTC 13 for Cyber Resilience Act, with ETSI and their view, with ISO IEC SC 27 and SC 42.