2025

In this fellowship the original objective is to start to prepare a NWI to address the age approriate topic and start the standard development. The aim is to improve the benefits and reduce the risks in the digital world for young users up to the age of 18. The solution is to adapt the content delivered by online products and services according to the age of users. Moreover, the process requires establishing the age/capacity of users, including age verification and age estimation. The CWA does NOT define age estimation and verification processes (Out of scope) but requires to select an appropriate age assurance tools/approach in conformity with established standards and official guidance.

The gaps that this fellowship enables me to address has been to dedicate solid time first for the ECMA meetings that I convened, but also for the community background work that needs support and attention. The priorities are to users the creation of the core specifications for ECMA approval, which has been challenging because of the influx of attention on PURL for SBOM and CRA compliance. The challenge from PURL getting increased attention meant needing to cater to new contributors and supporting long debates and addressing objections, in particular on topics like character encoding.

Annegrit's priority is the Convenorship of CEN CENELEC JTC21 WG 5,  the organisation and project support to work on the AI Act standardisation request for Cybersecurity. This includes a close collaboration with other groups within JTC 21, JTC 13, ISO IEC SC 42 and SC 27 to collect all information of existing and work under development. The main challenge is that JTC 21 and also our WG5 has a diverse structure of experts and knowledge, which makes the work, the effort and efficiency very difficult. In this case, the challenge in addition is the collaboration with other existing standardisation groups within JTC 21 as well as with JTC 13 for Cyber Resilience Act, with ETSI and their view, with ISO IEC SC 27 and SC 42.

My work aims to develop robust frameworks for the verification of cryptographic protocols within the security of ICT products, services, and processes, thereby enhancing resilience against cyber threats.

Understanding how to work in international standardisation committees is vital, which implies going beyond IT asset management microcosm to deliver more value to related disciplines such as cybersecurity or sustainability. 

This technical report, resulting from my fellowship’s contributions, is an equitable analysis of the relationship between Quantum Key Distribution (QKD) and Post-quantum Cryptography (PQC) technologies. It describes the two technologies' complementary nature and highlights their potential advantages and benefits.

My fellowship significantly contributes to the ICT standards landscape by advancing the Biometric System-on-Card (BSoC) standards, particularly within the ISO/IEC 17839 series.

This fellowship is meant to increase confidence in cybersecurity through the convergence of international SDOs and the alignment behind a common international standard which relates both to the market and society.