The European and International standards, which CyberNEMO want to closely follow due to their special relevance for the CYBERNEMO project are the following:

ENISA: Since 2004, ENISA supports the pan-European Cybersecurity Exercises, the development and evaluation of National Cybersecurity Strategies and the CSIRTs cooperation. It performs studies on IoT and smart infrastructures, addressing data protection issues, privacy enhancing technologies and privacy on emerging technologies, eIDs and trust services, identifying the cyber threat landscape, and others. It assures the development and implementation of the European Union’s policy on matters relating to network and information security and assists the European institutions in establishing and implementing vulnerability disclosure policies on a voluntary basis. Since 2019, it draws up cybersecurity certification schemes.

AIOTI: The AIOTI (Alliance for Internet of Things Innovation) is a partner for the European Commission on IoT policies and programs, helping to the deployment of IoT Innovation in Real Scale Experimentation in Europe. It is a member-driven organisation with equal rights for all members. The document published by the WG3 in October 2019 “IoT LSP Standard Framework Concepts” provides a list of IoT Standards Developing Organisation (SDO), Alliance and Open-Source Software (OSS) landscapes to be used as input for the recommendations for Large Scale Pilots (LSPs). In addition to the WG3 on IOT standardization, the topic of the WG11 is “Smart Manufacturing” and the topic of one horizontal WG is on Distributed Ledger Technologies. The Distributed Ledger Technologies WG is working on mapping current Blockchain implementations, rate the models toward current legal compliance (incl. GDPR), assist all existing AIOTI WG’s on Blockchain implementations and develop Blockchain ecosystems across verticals.

ETSI: The European Telecommunication Institute works in different types of committees: TC (Technical Committees) addressing standardization activities in a specific technology area, Projects (EP) similar but established for a fixed period of time, ETSI Partnership Project established when there is a need to cooperate with other organizations to achieve a standardization goal and Industry Specification Group (ISG) focusing on a specific activity.

Several ETSI committees provide opportunities to demonstrate and validate proposed standards and to contribute project results to them. The TC SAI (securing artificial intelligence) WG focuses on securing artificial intelligence and provides trustworthiness for AI models and applications. The ISG ZSM (Zero Touch Network & Service Management) focuses on network automation and provides mechanisms and solutions to enable zero touch network. ETSI TC DATA (Data Solutions) focuses on standards for data interoperability, privacy, and responsible sharing across IoT and telecom sectors.

IETF: The Internet Engineering Task Force develops Internet standards that are widely adopted by users, network operators, and devices. The IETF influences in the evolution of the Internet, but do not govern it, encouraging participation from anyone interested, promoting inclusivity and diversity while adhering to principles of open processes, technical expertise, and a volunteer-driven, consensus-based decision-making approach. The IETF publishes technical standards, encapsulated in Requests for Comments (RFCs), that outline Internet protocols like DNS or TLS. The process begins with an Internet-Draft created by participants in a working group, which, after rigorous review, is finalized into an RFC. The IRTF (Internet Research Task Force) is a parallel organization focusing on long-term research issues.

ECSO: The European Cyber Security Organisation (ECSO) ASBL is a fully self-financed non-for-profit organisation under the Belgian law, established in June 2016. ECSO is the private counterpart to the European Commission in implementing the contractual Public-Private Partnership (cPPP) on cybersecurity. It unites a variety of European cybersecurity stakeholders across the EU Member States, the European Free Trade Association (EFTA) and H2020 Programme associated countries. ECSO’s main goal is to develop a competitive European cybersecurity ecosystem, to support the protection of the European Digital Single Market with trusted cybersecurity solutions, and to contribute to the advancement of the European digital autonomy.

6G-IA refers to the 6G Smart Networks and Services Industry Association (6G-IA). It is the voice of European Industry and Research for next generation networks and services. Its primary objective is to contribute to Europe’s leadership on 5G, 5G evolution and SNS/6G research. The 6G-IA represents the private side in both the 5G Public Private Partnership (5G-PPP) and the Smart Networks and Services Joint Undertaking (SNS JU). In the 5G-PPP and SNS JU, the European Commission represents the public side. The 6G-IA brings together a global industry community of telecoms & digital actors, such as operators, manufacturers, research institutes, universities, verticals, SMEs and ICT associations. The 6G-IA carries out a wide range of activities in strategic areas including standardization, frequency spectrum, R&D projects, technology skills, collaboration with key vertical industry sectors, notably for the development of trials, and international cooperation.

The 6G-IA Security working group aims to bring together the projects within the 6G SNS-IA that have a common interest in the development and progression of topics related to 6G security. The group will ensure, to as great an extent as possible, that the projects are working in a complimentary manner towards consistent goals, exchanging ideas, minimizing the duplication of effort, contributing towards relevant standards and where possible cooperating on the development of compatible components, demonstrators, the exchange of expertise, experience and results.

OASIS was founded under the name “SGML Open” in 1993 as a consortium of vendors and users devoted to developing guidelines for interoperability among products that support the Standard Generalized Markup Language (SGML). The consortium changed its name to “OASIS” (Organization for the Advancement of Structured Information Standards) in 1998 to reflect an expanded scope of technical work.

There are several active OASIS Technical Committees linked to C4IIoT innovations:

• “Extensible Access Control Markup Language (XACML)” which represents and evaluates access control policies.
• “Message Queuing Telemetry Transport (MQTT)” which provides a lightweight publish/subscribe reliable messaging transport protocol suitable for communication in M2M/IoT contexts where a small code footprint is required and/or network bandwidth is at a premium.
• “PKCS 11” which enhances PKCS #11 standard for cryptographic tokens controlling authentication information (personal identity, cryptographic keys, certificates, digital signatures, biometric data)

3GPP: The 3GPP covers cellular telecommunications technologies, including radio access, core network and service capabilities, which provides a complete system description for mobile telecommunications. The 3GPP specifications also provide hooks for non-radio access to the core network, and for interworking with non-3GPP networks.

DAIRO: The association promotes Data, Big Data and Data-Driven AI research and innovation. Its main activities consist of:

• Developing strategic goals and roadmaps for research, development, innovation and deployment of European AI, Data and Robotic solutions, and supporting their implementation.
• Contributing to policy development, education and technology ramification in the widest possible sense, and addressing ethical, legal, and societal issues.
• Developing pre-standardisation activities and influencing standardization bodies.
• Supporting the federation of European experimentation AI, Data and Robotics infrastructures, digital innovation hubs and similar infrastructures.

In 2021, BDVA changed the legal name to DAIRO (Data, AI and Robotics AISBL). This new name testifies the ambition of the association to closely collaborate with other communities to jointly engage all the intersection of the key disciplines of Data, AI and Robotics.

GAIA-X: GAIA-X is an initiative to develop a federated secure data infrastructure for Europe, whereby data are shared, with users retaining control over their data access and usage, and according to some to ensure European digital sovereignty. It aims to develop digital governance, based on European values of transparency, openness, data protection, and security, which can be applied to cloud technologies to obtain transparency and controllability across data and services.

CEN: the European Committee for Standardization, is an association that brings together the National Standardization Bodies of 34 European countries. CEN provides a platform for the development of European Standards and other technical documents in relation to various kinds of products, materials, services and processes. CEN supports standardization activities in relation to a wide range of fields and sectors including air and space, chemicals, construction, consumer products, defence and security, energy, the environment, food and feed, health and safety, healthcare, ICT, machinery, materials, pressure equipment, services, smart living, transport and packaging.

CENELEC prepares voluntary standards in the electrotechnical field, which help facilitate trade between countries, create new markets, cut compliance costs and support the development of a Single European Market.

CENELEC supports standardization activities in relation to a wide range of fields and sectors such as Electric vehicles, smart grid, smart metering, solar (photovoltaic) electricity systems, etc.

CEN-CENELEC Joint Technical Committee 21 on Artificial Intelligence created a dedicated task group (TG) dedicated to inclusiveness to help facilitate the participation of all relevant stakeholders in AI standardization. Multiple of the standards being developed in this task group is planned to become harmonized standard supporting the EU AI Act. This means being compliant to the standards e.g. for cyber security made in WG5, will presume compliance with the act, while engineering aspects are addressed in WG3, covering also data governance and quality. A similar effort of harmonized standards is in the making for Cyber Resilience Act. These standards are planned to become part of or harmonized with the legislations and standards to be used by EU notified body certification regimes for product certification, in short often called CE marking.

NetworldEurope is the new incorporation of the European Technology Platform (ETP) for communications networks and services, the follow-up of Networld 2020 to follow the European changing policies as stated in Horizon Europe. Communications networks and services enable interaction between users of various types of equipment, either mobile or fixed, to fulfil society’s requirements for interconnection. They are the foundation of the Internet and of our digital society. NetworldEurope ETP gathers players in the communications systems sector: industry leaders, innovative SMEs, and leading academic institutions, thus reaching out to a significant part of the European ICT community.

OpenID: the OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. It was founded in 2007 and it is a global vibrant community where identity peers and thought leaders convene to craft the identity ecosystems of tomorrow. It is mission is to lead the global community in creating identity standards that are secure, interoperable and privacy-preserving.

NATO. Is a political and military alliance of countries from Europe and North America. Its members are committed to protecting each other from any threat. The NATO standardization agreement (STANAG) was created to build a common framework for security policies and confidentiality metadata to facilitate information sharing between member nations and industry partners. However, implementing the NATO STANAG 4774 and 4778 policies for classification can be complicated due to the disparate systems in use by member nations, nation-specific security classifications, and clearance levels.

A STANAG specifies the agreement of member countries to implement a standard. They provide a framework for interoperability, including common operational and administrative procedures and logistics, information systems (CIS), and formats to facilitate sharing of intelligence and other information for NATO and Allied operations.

STANAG 4774 outlines the metadata syntax required for a confidentiality label to better facilitate and protect sensitive information sharing. In addition, STANAG 4778 defines how a confidentiality label is bound to the data throughout its lifecycle and between the sharing parties. It also outlines cryptographic techniques to ensure the integrity of data and labels.

CNCF. The Cloud Native Computing Foundation (CNCF) is a Linux Foundation project that was started in 2015 to help advance container technology and align the tech industry around its evolution.

It was announced alongside Kubernetes 1.0, an open-source container cluster manager, which was contributed to the Linux Foundation by Google as a seed technology. Founding members include Google, CoreOS, Red Had, Twitter, Huawei, Intel, Cisco, IBM, Docker, Univa, Mesosphre, and VMware. Today, CNCF is supported by over 450 members. In order to establish qualified representatives of the technologies governed by the CNCF, a program was announced at the inaugural Cloud native Day in Toronto in August 2016.

CNCF technology projects are catalogued with a maturity level of Sandbox, Incubated, and Graduated, in ascending order. The defined criteria include rate of adoption, longevity and whether the open-source project can be relied upon to build a production-grade product.

CNCF’s process brings projects in as incubated projects and then aims to move them through to graduation, which implies a level of process and technology maturity. A graduated project reflects overall maturity; these projects have reached a tipping point in terms of diversity of contribution, community scale/growth, and adoption.

The CNCF Sandbox is a place for early-stage projects, and it was first announced in March 2019. The Sandbox replaces what had originally been called the “inception project level”.

ISO/IEC JTC1 is a Jointed technical committee of ISO and IEC created to promote standards in the fields of Information Technology and Information and Communication Technology. The interesting subgroups related to AI, IoT are WG3 on IoT architecture, and AI trustworthiness, AI sustainability, WG4 on IoT interoperability and WG5 on IoT applications.

ISO/IEC JTC1/SC42 focuses on the standardization around Artificial Intelligence. It serves as the focus and proponent for JTC 1’s standardization program on Artificial Intelligence. It also provides guidance to JTC1, IEC, and ISO committees developing Artificial Intelligence applications. The ISO/IEC JTC1/SC42 WG3 focuses on AI trustworthiness. The ISO/IEC JTC1/SC 42/JAG is the Joint Advisory Group on AI and sustainability.