International Organization for Standardization

 Logo, First Aid, Symbol, Text
Digital Watch Atlas 2.0 member badge

Acronym: ISO

Established: 1947

Address: Chemin de Blandonnet 8, 1214 Vernier, Geneva, Switzerland

Website: https://www.iso.org/iso/home.html

Stakeholder group: International and regional organisation

ISO is the International Organization for Standardization, the world’s largest developer of international standards. It consists of a global network of 173 national standards bodies – our members. Each member represents ISO in its country. The organisation brings together global experts to share knowledge and develop voluntary, consensus-based, market-relevant international standards. It is best known for its catalogue of around 25,000 standards, spanning a wide range of sectors, including technology, food, and healthcare.

Digital activities

A large number of international standards and related documents developed by ISO are related to information and communications technologies (ICTs), such as the Open Systems Interconnection (OSI), which was created in 1983 to establish a universal reference model for communications protocols. The organisation is also active in the field of emerging technologies, including blockchain, the internet of things (IoT), and AI. The standards are developed by various technical committees dedicated to specific areas, including information security, cybersecurity, privacy protection, AI, and intelligent transport systems.

Digital policy issues

Artificial intelligence

The joint technical committee of ISO and the International Electrotechnical Commission (IEC) on AI is known as ISO/IEC JTC1/SC 42 Artificial intelligence and is responsible for the development of standards in this area. To date, it has published 34 standards specifically pertaining to AI, with 41 others in development. ISO/IEC 42001 is the flagship AI management system standard, which provides requirements for establishing, implementing, maintaining, and continually improving an AI management system within the context of an organisation. ISO/IEC TR 24028 provides an overview of trustworthiness in AI systems, detailing the associated threats and risks and addressing approaches on availability, resiliency, reliability, accuracy, safety, security, and privacy. Other recently published standards include those that cover concepts and terminology for AI (ISO/IEC 22989); bias in AI systems and AI-aided decision-making (ISO/IEC TR 24027); AI risk management (ISO/IEC 23894); a framework for AI systems using machine learning (ISO/IEC 23053); and the assessment of machine learning classification performance (ISO/IEC TS 4213). Other standards under development to support ISO/IEC 42001 include ISO/IEC 42005 on AI system impact assessments and ISO/IEC 42006, which contains requirements for bodies providing audit and certification of AI management systems. Up-to-date information on the technical committee (e.g. scope, programme of work, contact details) can be found on the committee page.

ISO has joined forces with its World Standards Cooperation (WSC) partners IEC and ITU to create the International AI Standards Summit, to be held on 2 and 3 December in Seoul and hosted by the Korean Agency for Technology and Standards (KATS). The initiative was announced at the World Economic Forum in Davos and responds to the UN’s call to enhance AI governance through international standards following the adoption of the Global Digital Compact by world leaders in September 2024.

In July, the WSC will join leading experts at the International AI Standards Day during the AI for Good Global Summit to help shape AI governance.ISO is also working alongside IEC and ITU in the AI and Multimedia Authenticity Standards Collaboration, launched in 2024 to develop global standards for AI watermarking, multimedia authenticity, and deepfake detection technologies.

Cloud computing

ISO and IEC also have a joint committee for standards related to cloud computing that currently has 29 published standards and a further 14 in development. Of those published, two standards of note include ISO/IEC 19086-1, which provides an overview, foundational concepts, and definitions for a cloud computing service level agreement framework, and ISO/IEC 22123-3, which specifies the cloud computing reference architecture. Other standards recently published include those on health informatics (ISO/TR 21332); the audit of cloud services (ISO/IEC 22123-2); and data flow, categories, and use (ISO/IEC 19944 series). Standards under development include the ISO/IEC 10822 series on multi-cloud management. Up-to-date information on the technical committee (e.g. scope, programme of work, contact details) can be found on the committee page.

Internet of things

Recognising the ongoing developments in the field of IoT, ISO currently has 50 published standards on the subject, including those for intelligent transport systems (ISO 19079), future networks for IoT (ISO/IEC TR 29181 series), unique identification for IoT (ISO/IEC 29161), internet of media things (ISO/IEC 23093-3), the trustworthiness of IoT (ISO/IEC 30149), and industrial IoT systems (ISO/IEC 30162). IoT security is addressed in standards such as ISO/IEC 27001 and ISO/IEC 27002, which provide a common language for governance, risk, and compliance issues related to information security. In addition, there are standards that provide a methodology for the trustworthiness of an IoT system or service (ISO/IEC 30147); a trustworthiness framework (ISO/IEC 30149); requirements for an IoT data exchange platform for various IoT services (ISO/IEC 30161); and a real-time IoT framework (ISO/IEC 30165). A further 20 standards are in development. Up-to-date information on the ISO and IEC joint technical committee on IoT (e.g. scope, programme of work, contact details) can be found on the committee page

Telecommunication infrastructure

ISO has published 12 standards on blockchain and distributed ledger technologies. Of these, ISO/TR 23455 gives an overview of smart contracts in blockchain and distributed ledger technologies; ISO/TR 23244 tackles privacy and personally identifiable information protection; ISO 22739 covers fundamental blockchain terminology; ISO/TR 23576 deals with security management of digital asset custodians; ISO/TS 23258 specifies a taxonomy and ontology; and ISO/TS 23635 provides guidelines for governance. A further 12 standards are in development, including ISO/TS 18126, which specifies a taxonomy and classification for smart contracts, and ISO 20435, which provides a framework for representing physical assets using tokens. Up-to-date information on the technical committee (e.g. scope, programme of work, contact details) can be found on the committee page.

Blockchain

ISO has published 11 standards on blockchain and distributed ledger technologies: ISO/TR 23455 gives an overview of smart contracts in blockchain and distributed ledger technologies; ISO/TR 23244 tackles privacy and personally identifiable information protection; and ISO 22739 covers fundamental blockchain terminology respectively. ISO also has a further eight standards on blockchain in development. These include those related to:  security management of digital asset custodians (ISO/TR 23576); taxonomy and ontology (ISO/TS 23258); and guidelines for governance (ISO/TS 23635). Up-to-date information on the technical committee (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.

Emerging technologies

ISO develops standards that address many different emerging technologies. These include more than 40 standards either published or in development on robotics, covering issues such as collaborative robots (e.g. ISO/TS 15066), safety requirements for industrial robots (e.g. ISO 10218 series), and personal care robots (e.g. ISO 13482). 

The ISO technical committee on intelligent transport systems (ITS) has over 350 published standards, including those on forward vehicle collision warning systems (ISO 15623) and management of electronic traffic regulations (ISO/TS 24315-1). Standards are also being developed to address the use of virtual reality in learning, education, and training (e.g. ISO/IEC 23843).A further three issues are currently being explored in collaboration with IEC, with further developments anticipated in the next couple of years: bio-digital convergence, the metaverse, and brain–computer interfaces (ISO/IEC JTC1/SC43).

Quantum technologies

In January 2024, ISO and IEC launched a new joint technical committee, ISO/IEC JTC 3, on quantum technologies. The committee will develop standards on quantum computing, quantum simulation, quantum sources, quantum metrology, quantum detectors, quantum communications, and fundamental quantum technologies. One standard, on the quantum computing vocabulary (ISO/IEC 4879), has already been published, and an introduction to quantum computing (ISO/IEC TR 18157) is in development.

Network security

ISO and IEC jointly develop standards that address information security and network security. The ISO/IEC 27000 family of standards covers information security management systems (ISMSs) and can be used by organisations to secure information assets such as financial data, intellectual property, and employee information. For example, ISO/IEC 27031 and ISO/IEC 27035 are specifically designed to help organisations respond to, diffuse, and recover effectively from cyberattacks. ISO/IEC 27701, an extension of ISO/IEC 27001 and ISO/IEC 27002, details requirements and guidance for establishing, implementing, maintaining, and continually improving a privacy information management system (PIMS). We have also developed a handbook to assist small and medium-sized enterprises (SMEs) in establishing and maintaining an ISMS according to ISO/IEC 27001, the premier standard for information security. Network security is also addressed by standards on technologies such as IoT, smart community infrastructures, medical devices, localisation and tracking systems, and future networks. Up-to-date information on the joint ISO and IEC technical committee (e.g. scope, programme of work, contact details) can be found on the committee page.

Encryption

As more and more information (including sensitive personal data) is stored, transmitted, and processed online, the security, integrity, and confidentiality of such information become increasingly important. To this end, ISO has a number of standards for the encryption of data. For example, ISO/IEC 18033-1 addresses the nature of encryption and describes certain general aspects of its use and properties. Other standards include ISO/IEC 19772, which covers authenticated encryption, ISO/IEC 18033-3, which specifies encryption systems (ciphers) for data confidentiality purposes, and ISO 19092, which allows for encryption of biometric data used for authentication of individuals in financial services for confidentiality or other reasons. 

ISO also has standards that focus on identity-based ciphers, symmetric and asymmetric encryption, public key infrastructure, and other related areas.

Data governance

Big data represents another significant area of standardisation for ISO, with around 80% of related standards being developed by ISO/IEC JTC1/SC42. The terminology for standards related to big data is defined in ISO/IEC 20546, while ISO/IEC 20547-3 covers big data reference architecture. ISO/IEC TR 20547-2 provides examples of big data use cases with application domains and technical considerations, and ISO/IEC TR 20547-5 details a roadmap of existing and future standards in this area. Up-to-date information on the technical committee (e.g. scope, programme of work, contact details) can be found on the committee page.

Digital identities

Digital signatures that validate digital identities help ensure the integrity of data and the authenticity of particulars in online transactions, thereby contributing to the security of online applications and services. Standards to support this technology cover elements such as anonymous digital signatures (e.g. ISO/IEC 20008 series); digital signatures for healthcare documents (e.g. ISO 17090-4 and ISO 17090-5); and blind digital signatures, in which the content of the message to be signed is concealed, used in contexts where, for example, anonymity is required. Examples of such standards include ISO 18370-1 and ISO/IEC 18370-2.

Privacy and data protection

Privacy and data protection in the context of ICTs is another area addressed by ISO standards. One prominent example, ISO/IEC 29101, describes a privacy architecture framework. Others include standards for privacy-enhancing protocols and services for identification cards (ISO/IEC 19286); privacy protection requirements pertaining to learning, education, and training systems employing information technologies (ISO/IEC 29187-1); privacy aspects in the context of intelligent transport systems (ISO/TR 12859); and security and privacy requirements for health informatics (ISO/TS 14441).

ISO in numbers

ISO is proud to count 173 members.

Our experts work across 823 technical committees and subcommittees.

In 2024, we published 1,533 new standards and related documents.

The ISO store contains more than 25,703* international standards and related documents.

* Total as of end December 2024.

Digital tools

ISO’s online browsing platform provides up-to-date information on ISO standards, graphical symbols, publications, and terms and definitions.

Social media channels

Facebook @isostandards

Instagram @isostandards

LinkedIn @isostandards

X @isostandards

YouTube @iso