International Electrotechnical Commission
Address: 3 rue de Varembé, 1211 Geneva 20 , Switzerland
Stakeholder group: International and regional organisation
The IEC is the world leader in the preparation and publication of international standards for all electrical, electronic, and related technologies. A global, not-for-profit membership organisation, the IEC provides a neutral and independent institutional framework to over 170 countries, coordinating the work of more than 20,000 experts. We administer four IEC Conformity Assessment Systems, which represent the largest working multilateral agreement based on one-time testing of products globally. The members of each system certify that devices, systems, installations, services, and people perform as required.
IEC International Standards represent a global consensus of state-of-the-art know-how and expertise. Together with conformity assessment, they are foundational for international trade.
IEC Standards incorporate the needs of many stakeholders in every participating country and form the basis for testing and certification. Every member country, and all its stakeholders represented through the IEC National Committees has one vote and a say in what goes into an IEC International Standard.
Our work is used in the verification of the safety, performance, and interoperability of electric and electronic devices and systems such as mobile phones, refrigerators, office and medical equipment, or electricity generation. It also helps accelerate digitisation, arteficial inteligence (AI), or virtual reality applications; protects information technology (IT) and critical infrastructure systems from cyberattacks, and increases the safety of people and the environment.
The IEC works to ensure that its activities have a global reach in order to meet all the challenges of digital transformation worldwide. The organisation covers an array of digital policy issues.
Digital policy issues
Artificial intelligence and the internet of things
AI applications are driving digital transformation across a diverse range of industries, including energy, healthcare, smart manufacturing, transport, and other strategic sectors that rely on IEC Standards and Conformity Assessment Systems. AI technologies allow insights and analytics that go far beyond the capabilities of legacy analytic systems.
For example, digital transformation of the grid is enabling increased automation, making it more efficient and able to integrate fluctuating renewable energy sources seamlessly. IEC Standards pave the way for the use of a variety of digital technologies relating to smart energy. They deal with issues such as the integration of renewable energies within the electrical network but also increased automatisation.
The IEC’s work in the area of AI takes a three-pronged approach. IEC experts focus on sector-specific needs (vertical standards) and conformity assessment, while the joint IEC and International Organization for Standardization (ISO) technical committee on AI, JTC1/SC 42, brings together technology experts, as well as ethicists, lawyers, social scientists, and others to develop generic and foundational standards (horizontal standards).
In addition, IEC Safety Standards are an essential element of the framework for AI applications in power utilities and smart manufacturing. IEC Conformity Assessment Systems complete the process by ensuring that the standards are properly implemented.
SC 42 addresses some of the concerns about the use and application of AI technologies. For example, data quality standards for ML and analytics are crucial for helping to ensure that applied technologies produce useful insights and eliminate faulty features.
Governance standards in AI and the business process framework for big data analytics address how the technologies can be governed and overseen from a management perspective. International standards in the areas of trustworthiness, ethics, and societal concerns will ensure responsible deployment.
The joint IEC and ISO technical committee also develop foundational standards for the IoT. Among other things, SC 41 standards promote interoperability, as well as architecture and a common vocabulary for the IoT.
The IEC develops standards for many of the technologies that support digital transformation. Sensors, cloud, and edge computing are examples.
Advances in data acquisition systems are driving the growth of big data and AI use-cases. The IEC prepares standards relating to semiconductor devices, including sensors.
Cloud computing and its technologies have also supported the increase of AI applications. The joint IEC and ISO technical committee prepares standards for cloud computing including distributed platforms and edge devices, which are situated close to users and data collection points. The publications cover key requirements relating to data storage and recovery.
International Standards play an important role in increasing trust in AI and help support public and private decision-making, not least because they are developed by a broad range of stakeholders. This helps to ensure that the IEC's work strikes the right balance between the desire to deploy AI and other new technologies rapidly and the need to study their ethical implications.
The IEC has been working with a wide range of international, regional, and national organisations to develop new ways to bring stakeholders together to address the challenges of AI. These include the Swiss Federal Department of Foreign Affairs (FDFA) and the standards development organisations, ISO, and the International Telecommunication Union (ITU).
More than 500 participants followed the AI with Trust conference, in-person and online, to hear different stakeholder perspectives on the interplay between legislation, standards and conformity assessment. They followed use-case sessions on healthcare, sensor technology, and collaborative robots, and heard distinguished experts exchange ideas on how they could interoperate more efficiently to build trust in AI. The conference in Geneva was the first milestone of the AI with Trust initiative.
The IEC is also a founding member of the Open Community for Ethics in Autonomous and Intelligent Systems (OCEANIS). OCEANIS brings together standardisation organisations from around the world to enhance awareness of the role of standards in facilitating innovation and addressing issues related to ethics and values.
– IEC Blog
Network security and critical infrastructure
The IEC develops cybersecurity standards and conformity assessments for both IT and operational technology (OT). One of the biggest challenges today is that cybersecurity is often understood only in terms of IT, which leaves critical infrastructure, such as power utilities, transport systems, manufacturing plants and hospitals, vulnerable to cyberattacks.
Cyberattacks on IT and OT systems often have different consequences. The effects of cyberattacks on IT are generally economic, while cyberattacks on critical infrastructure can impact the environment, damage equipment, or even threaten public health and lives.
When implementing a cybersecurity strategy, it is essential to take the different priorities of cyber-physical and IT systems into account. The IEC provides relevant and specific guidance via two of the world’s best-known cybersecurity standards: IEC 62443 for cyber-physical systems and ISO/IEC 27001 for IT systems.
Both take a risk-based approach to cybersecurity, which is based on the concept that it is neither efficient nor sustainable to try to protect all assets in equal measure. Instead, users must identify what is most valuable and requires the greatest protection and identify vulnerabilities.
ISO/IEC 27001 for IT
IT security focuses in equal measure on protecting the confidentiality, integrity, and availability of data – the so-called CIA triad. Confidentiality is of paramount importance and information security management systems, such as the one described in ISO/IEC 27001, are designed to protect sensitive data, such as personally identifiable information (PII), intellectual property (IP), or credit card numbers, for example.
Implementing the information security management system (ISMS) described in ISO/IEC 27001 means embedding information security continuity in business continuity management systems. Organisations are shown how to plan and monitor the use of resources to identify attacks earlier and take steps more quickly to mitigate the initial impact.
IEC 62443 for OT
In cyber-physical systems, where IT and OT converge, the goal is to protect safety, integrity, availability, and confidentiality (SIAC). Industrial control and automation systems (ICAS) run in a loop to check continually that everything is functioning correctly.
The IEC 62443 series was developed because IT cybersecurity measures are not always appropriate for ICAS. ICAS are found in an ever-expanding range of domains and industries, including critical infrastructure, such as energy generation, water management, and the healthcare sector.
ICAS must run continuously to check that each component in an operational system is functioning correctly. Compared to IT systems, they have different performance and availability requirements and equipment lifetime.
Conformity assessment: IECEE
Many organisations are applying for the IEC System of Conformity Assessment Schemes for Electrotechnical Equipment and Components (IECEE) conformity assessment certification to verify that the requirements of IEC 62443 have been met.
IECEE provides a framework for assessments in line with IEC 62443, which specifies requirements for security capabilities, whether technical (security mechanisms) or process (human procedures) related. Successful recipients receive the IECEE industrial cybersecurity capability certificate of conformity.
Conformity assessment: IECQ
While certification to ISO/IEC 27001 has existed since the standard was published in 2013, it is only in recent years that the IEC Quality Assessment System for Electronic Components (IECQ), has set up a true single standardised way of assessing and certifying an ISMS to ISO/IEC 27001.
International standards such as IEC 62443 and ISO/IEC 27001 are based on industry best practices and reached by consensus. Conformity assessment confirms that they have been implemented correctly to ensure a safe and secure digital society.
- Cyber Security: Ensuring IEC 62443 is Implemented Correctly
- Understanding IEC 62443
- IECQ Certification, a Crucial Requirement for ISO/IEC 27001
- Eight Things Organizations Should do to Ensure Compliance with Cyber Security Regulations
- Cyber Security for Critical Infrastructure
- Cybersecurity for the Healthcare Sector
- Cybersecurity for Power Utilities and other Cyber Physical Systems
Social media channels
YouTube @IEC - International Electrotechnical Commission