The US publishes medical IoT cybersecurity regulations

The 2023 Federal spending bill includes cybersecurity requirements for IoT medical devices. According to the law, manufacturers of medical IoT devices will be obligated to (1) submit a plan on how to monitor post-market cybersecurity vulnerabilities that includes a coordinated vulnerability disclosure; (2) design and maintain processes and procedures to assure that the device and its related systems are secure, and provide updates and patches on a regular base and in critical events outside of regular cycles (3) provide a software bill of materials, including commercial, open-source, and off-the-shelf software components. The legislation also allows the FDA to take action against existing devices that were not submitted
for pre-market approval if they are found to be insecure.

Microsoft’s Cyber Signals report highlights a rise in cyber risks to critical infrastructure

The third edition of Cyber Signals, a yearly report which highlights security trends and insights from Microsoft’s 8,500 security experts and 43 trillion daily security signals, was recently launched. In this edition, experts present new information on broader threats to critical infrastructure posed by converging information technologies, the Internet of Things (IoT), and operational technology (OT) systems. 

Some of the report’s highlights include:

  • Unpatched, high-security vulnerabilities identified in 75% of the most common industrial controllers in customer OT networks.
  • Over one million connected devices publicly visible on the internet running Boa, an outdated and unsupported software widely used in IoT devices and software development kits.
  • An 78% increase in disclosures of high-severity vulnerabilities from 2020 to 2022 in industrial control equipment produced by popular vendors.

US National Institute of Standards and Technology issues draft guide for trusted IoT onboarding and lifecycle management

The US National Institute of Standards and Technology (NIST) and its National Cybersecurity Center of Excellence (NCCoE) published a draft practice guide for trusted internet of things (IoT) onboarding and lifecycle management. This guide demonstrates how organisations can protect their IoT devices and networks. It details standards, practices, and technology to demonstrate mechanisms for trusted network-layer onboarding of IoT devices. The guide also shows how to provide network credentials to IoT devices in a trusted manner and maintain a secure posture throughout the device lifecycle.

Egypt held its first IoT forum

The National Telecommunications Regulatory Authority of Egypt (NTRA), together with the Information Technology Industry Development Agency (ITIDA), held Egypt’s first forum for internet of things (IoT) services. The forum aims to promote and disseminate IoT services within Egypt’s market, particularly across national projects. Representatives of 36 public and private entities, technology manufacturers, and operators participated in the forum. The forum approved two main agendas. The first agenda concerns securing data, establishing regulatory and legislative frameworks, and raising awareness. The second agenda relates to using IoT services in public utilities such as health, education, environment, transportation, tourism, energy, industry, agriculture, irrigation, and smart cities sectors.

World Economic Forum

The World Economic Forum (WEF) is a not-for-profit foundation whose membership is composed of large corporations from around the world. We engage political, business, academic, and other leaders of society in collaborative efforts to shape global, regional, and industry agendas. Together with other stakeholders, we work to define challenges, solutions, and actions in the spirit of global citizenship. The Forum also serves and builds sustained communities through an integrated concept of high-level meetings, research networks, task forces, and digital collaboration.

Digital activities

The Fourth Industrial Revolution is one of the Forum’s key areas of work. Under this focus, we carry out a wide range of activities covering digital policy issues, from telecom infrastructure and cybersecurity to the digital economy and the future of work. We have set up multiple platforms and global forums focused on bringing together various stakeholders and initiatives to advance debates and foster cooperation on the issues explored. We also publish reports, studies, and white papers on our focus areas, and feature discussions on the policy implications of digital technologies in the framework of the Forum’s annual meeting in Davos and other events organised around the world.

The Centre for the Fourth Industrial Revolution is one of the Forum’s key centres of thematic work, with digital technologies as a core priority. Building on this focus area, we lead a diverse set of initiatives spanning digital governance, AI, digital safety, and the broader implications of technological advancements on society and the economy. We convene global stakeholders through dedicated platforms and partnerships to shape discussions, build consensus, and drive responsible innovation. Our work includes publishing reports, insights, and policy frameworks on key technology topics, as well as curating discussions on their societal and economic impact at the Forum’s Annual Meeting in Davos and other global events.

Digital policy issues

Telecommunications infrastructure

The Forum’s work in the area of telecom/digital infrastructure is broadly dedicated to shedding light on the need to advance connectivity and evolve towards new network technologies as a way to support the transition to the fourth industrial revolution and support the growth of digital economies. For instance, the Global Future Council of New Network Technologies, active between 2018 and 2020, explored, among others, incentives for network development and the role of new network systems in driving value and innovation. The Forum also promotes the role of digital public infrastructures in enabling digital inclusion and advancing sustainable development. 

A specific focus area for the Forum is 5G. We have identified 5G as an issue of global importance and work on analysing the impacts of 5G on industry and society. In our report titled The impact of 5G: Creating new value across industries and society, we note that 5G will be critical because it will enable unprecedented levels of connectivity, allowing for superfast broadband, ultra-reliable low latency communication, massive machine-type communications, and high reliability/availability and efficient energy usage, all of which will transform many sectors, such as manufacturing, transportation, public services, and health. In another example, the 5G Outlook Series: Enabling inclusive long-term opportunities looks at what can be done to ensure that 5G is a technology that benefits people, businesses, and society. The role of satellites in delivering connectivity and the challenges associated with growing competition in Earth orbit are other areas explored by the Forum. The Global Future Council on the Future of Space explores ways in which international cooperation and public-private partnerships can drive sustainable and inclusive use of space resources.

Artificial intelligence

WEF is shaping the future of AI through initiatives focused on responsible governance, collaborative development, and cross-sector engagement. At the core of these efforts is the AI Governance Alliance (AIGA), a flagship initiative of the Forum. With over 600 members from more than 460 organisations worldwide, AIGA fosters a trustworthy, equitable, and responsible AI ecosystem, bringing together leaders from industry, government, academia, and civil society. The Alliance provides a global platform to develop policy frameworks, enhance AI safety measures, and promote innovative approaches to ensure AI’s positive societal and economic impact aligns with evolving regulatory environments.

To achieve its mission, AIGA focuses on several key areas:

  • Resilient Governance and Regulation – Supports policymakers in shaping AI regulatory frameworks and fostering global regulatory alignment. This includes engagement with key regulatory frameworks such as the European Union’s AI Act and evolving AI strategies in the US, Canada, Brazil, the African Union, Japan, and China. The initiative is focused on creating actionable solutions to bridge the gap between AI governance ideals and their practical implementation. This includes developing best practices for AI policy adoption and fostering international cooperation on AI governance.
  • Safe Systems and Technologies – Brings together Chief Science Officers and AI producers to advance technical governance solutions, particularly in areas such as AI agents, safety mechanisms, and standardised best practices. This initiative fosters a consensus on AI development safety, ensuring that AI systems align with ethical and operational best practices.
  • AI Transformation of Industries – In collaboration with multiple Forum centers, this initiative explores AI’s impact across sectors including healthcare, financial services, energy, and manufacturing. In 2025, AIGA will focus on empowering global and regional AI leadership by providing a platform for country and regional leaders to develop AI capabilities, share insights, and adopt global best practices. This initiative aims to strengthen AI strategies, ecosystems, and coordination to ensure equitable AI access. AIGA will also support cross-industry collaborations that leverage AI to drive innovation, efficiency, and sustainability across sectors.
  • AI Competitiveness through Regional Collaboration – Focuses on strengthening AI capabilities at the regional level by addressing infrastructure disparities, fostering AI talent development, and ensuring responsible AI adoption in different economic contexts. This work is supported by regional AI activation networks that provide tailored strategies for AI implementation in emerging economies.

In addition to convening stakeholders, the Forum produces influential thought leadership on AI governance, ethics, and applications. Recent publications include the AI Governance Alliance’s Briefing Paper Series, which establishes foundational focus areas for steering AI’s development, adoption, and governance. Additionally, the ‘Governance in the Age of Generative AI: A 360° Approach for Resilient Policy and Regulation’ white paper equips policymakers and regulators with implementable strategies for resilient generative AI governance within a comprehensive framework. Navigating the AI Frontier: A Primer on the Evolution and Impact of AI Agents examines AI agents – autonomous systems powered by advances in large language and multimodal models – and their transformative impact across industries.

At the Annual Meeting 2025, the Forum released ‘Blueprint for Intelligent Economies’, a white paper outlining AI’s role in sustainable growth and inclusive prosperity. Additionally, the ‘Industries in the Intelligent Age White Paper Series’ explored AI’s transformative impact across multiple industries, providing a roadmap for responsible and innovative AI integration.

In 2025, MINDS (Meaningful, Intelligent, Novel, Deployable Solutions) program was launched to identify and scale high-impact AI solutions that address global challenges. This initiative fosters collaboration, drives innovation, and shares success stories, guiding the adoption of transformative AI applications. The first cohort of MINDS will be announced at the World Economic Forum Annual Meeting of the New Champions 2025, with a focus on AI-driven solutions for equitable healthcare access, climate change mitigation, sustainable energy transitions, resilient supply chains, and workforce transformation. By scaling replicable, high-impact AI use cases, the MINDS program exemplifies the Forum’s commitment to harnessing AI’s transformative potential for societal and economic progress.

As AI continues to evolve, the AI Governance Alliance remains committed to ensuring its responsible and transformative development. By uniting industry, government, academia, and civil society, AIGA drives innovation, strengthens governance, and maximises AI’s benefits while mitigating risks.

Blockchain and cryptocurrencies

The Forum works on governance issues related to the equity, interoperability, security, transparency, and trust of blockchain and distributed ledger technology (DLT). We also analyse the relationship between blockchain and cybersecurity and international security, as well as the future of computing. We publish papers on issues such as blockchain data storage, the challenges blockchain faces and its role in security, as well as guides such as the Blockchain Development Toolkit to guide organisations through the development and deployment of blockchain solutions.

Internet of things

The Forum’s Centre for Urban Transformation explores various issues related to the implications of connected devices and smart technologies. For example, the Council on the Connected World focuses on strengthening innovation and the global governance of connected technologies to maximise the positive benefits and minimise harm for all. One specific area of work for the Council is the security of IoT devices; in 2022, the Forum facilitated a joint Statement of Support on consumer IoT device security outlining key security requirements for consumer-facing devices. In 2023, the Council published the State of the Connected World report, which tracks governance gaps related to IoT. 

The Global New Mobility Coalition explores issues related to sustainable mobility, including when it comes to the governance of shared, electric, and automated mobility. 

Other IoT-related issues that the Forum has been exploring through various publications and initiatives include the industrial internet, the safety of smart home products, and challenges associated with the concept of the internet of bodies. In cooperation with the Massachusetts Institute of Technology (MIT), we published a report on Realizing the Internet of Things – a Framework for Collective Action, outlining five pillars for the development of IoT: architecture and standards, security and privacy, shared value creation, organisational development, and ecosystem governance. 
We also lead the G20 Global Smart Cities Alliance on Technology Governance, dedicated to promoting the responsible and ethical use of smart city technologies.

Emerging technologies

Virtual/augmented reality

The Forum’s Global Future Council on Virtual and Augmented Reality focuses on raising awareness of the positive and negative aspects of the widespread adoption of VR/AR technologies. We carry out policy research and analysis related to the impact of VR/AR on society and its security implications in publications on issues such as immersive media technologies, AR innovation in manufacturing, and privacy in the context of VR use.

The Forum also pays attention to developments related to the metaverse and issues various publications on this topic. For instance, Exploring the Industrial Metaverse: A Roadmap to  the Future provides a framework for discussing steps towards a valuable ecosystem for the industrial metaverse, while the reports on Social Implications of the Metaverse and Privacy and Safety in the Metaverse explore the implications of metaverse adoptions for individuals and society at large. These and similar publications are issued in the context of the Defining and Building the Metaverse Initiative, whose focus is on ‘guiding the development of a safe, interoperable, and economically viable metaverse’.   

Quantum computing

Within the Centre of the Fourth Industrial Revolution, the Quantum Economy Network is an initiative and global platform that brings together governments, businesses, and academia to explore the potential of quantum technologies, shape their development, and prepare for their integration into the quantum economy. It focuses on identifying, deploying, and advancing near-term quantum applications for business and sustainability while developing tools to ensure a secure transition. The Network operates through two key workstreams: the Quantum Economy Blueprint, which democratizes access to quantum resources and guides policymakers in building a responsible quantum ecosystem, and the Quantum Application Hub, an experiential platform showcasing societal and industry applications of quantum technologies.

The Forum publishes regularly on matters related to quantum computing and quantum technologies. A few examples include the Quantum Technologies:Key Strategies and Opportunities for ICT Leaders, Embracing the Quantum Economy: A Pathway for Business Leaders, and Quantum Computing Governance Principles.

Cybercrime

Under its Centre for Cybersecurity, the Forum runs the Partnership against Cybercrime project, focused on advancing public-private partnerships (e.g. between law enforcement agencies, international organisations, cybersecurity companies, and other actors) to combat cybercrime. Outputs of the partnership include, for instance, the Recommendations for Public-Private Partnership against Cybercrime and the Cybercrime Prevention Principles for Internet Service Providers

We host a Cybercrime Atlas Initiative dedicated to strengthening coordination between the private sector and law enforcement in fighting cybercrime. 

Cybercrime also constitutes the focus of various studies and articles we have published, which delve into issues such as emerging threats and ways to tackle them.

Network security/critical infrastructure/cybersecurity

The Forum has launched a Centre for Cybersecurity dedicated to ‘fostering international dialogues and collaboration between the global cybersecurity community both in the public and private sectors’. Multiple projects are run under this platform, such as the Cybersecurity Learning Hub and the Digital Trust initiative. The cyber resilience of critical sectors, such as electricity and the oil and gas industry, is also a focus area for us. 

The Centre also issues reports and other publications covering various cybersecurity topics. Examples include the Global Cybersecurity Outlook; the insight report on Cybersecurity, Emerging Technology, and Systemic Risks; and the Principles for Board Governance of Cyber Risk.

The Forum hosts a Global Future Council on the Future of Cybersecurity, which explores modalities for strengthening cyber risk management across economies and societies. Quantum security and digital trust are among the Council’s focus areas. 

Every year, we bring together actors from the public and private sectors to foster collaboration on making cyberspace safer and more resilient, in the framework of the Annual Meeting on Cybersecurity

Data governance

The Forum has established a Data Policy Platform under our Centre for the Fourth Industrial Revolution, dedicated to developing innovative approaches to enable the responsible use of data. Within this platform, the Data for Common Purpose Initiative aims to support the creation of flexible data governance models, oriented around common purposes. Examples of white papers published by the initiative include Data for Common Purpose: Leveraging Consent to Build Trust and Towards a Data Economy: An Enabling Framework

The Cross-Border Data Flows project under the Forum’s Digital Trade Initiative looks at how policymakers can advance data transfer governance arrangements while ensuring policy interoperability for data flows. 

The Forum regularly publishes reports and papers on data governance issues such as restoring trust in data, cross-border data flows, data protection and security, among others.

E-commerce and trade and digital business models

Several activities and projects run by the Forum focus on e-commerce and broader digital economy-related issues. Under our Digital Trade initiative (part of the Centre for Regions, Trade and Geopolitics), we have been exploring opportunities and challenges associated with digital trade, while also engaging in the shaping of global, regional, and industry agendas on digital trade. Projects run within the initiative include, among others, the Digital Economy Agreement Leadership Group – which aims to contribute to the growth of inclusive and sustainable digital economies, and the TradeTech project – which facilitates dialogue on public policy and regulatory practices related to digital trade. The Digital Payments for Trade and Commerce Advisory Committee – also part of the Digital Trade initiative – is dedicated to fostering interoperability, inclusivity, and coherent regulatory reforms for digital payments.

E-commerce is also tackled in studies, white papers, and events we produce, which address issues such as e-commerce in emerging markets, the impact of e-commerce on prices, and digital currencies. 

Under the Centre for the New Economy and Society, we bring together various stakeholders to promote new approaches to competitiveness in the digital economy, with a focus on issues such as education and skills, equality and inclusion, and improved economic opportunities for people.

Future of work

The future of work is a topic that spans multiple Forum activities. For instance, under the Centre for the New Economy and Society, several projects focus on issues such as education, skills, upskilling and reskilling, and equality and inclusion in the world of work. We have also launched a Reskilling Revolution Initiative, aimed at contributing to providing better jobs, education, and skills to one billion people by 2030. Projects under this platform include, among others, Education 4.0 (focused on mapping needed reforms to primary and secondary education systems), Education and Skills Country Accelerators (dedicated to advancing gender parity, promoting upskilling and reskilling, and improving education systems), and Skills-first (focused on transforming adult education and workforce skills). Also part of the Reskilling Revolution is the Future Skills Alliance, whose main objective is to facilitate the adoption of skills-first management practices and give workers a fair and equal opportunity to excel in the labour market. 
The Forum publishes regular reports on the Future of Jobs, exploring the evolution of jobs and skills and how technology and socioeconomic trends shape the workplace of the future. Other notable publications and tools developed by the Forum include the white paper on Putting Skills First: A Framework for Action and the Global Skills Taxonomy.

Digital inclusion

The EDISON Alliance, launched in response to the COVID-19 pandemic, drives a holistic, ecosystem-led approach to digital inclusion. Part of the Forum’s Centre for the Fourth Industrial Revolution, the Alliance launched the 1 Billion Lives Challenge, an ambitious goal to enhance the lives of 1 billion people by 2025 through affordable and accessible digital solutions in education, financial services, and healthcare. Since its launch in 2021, the Alliance has mobilised over 350 initiatives across 130 countries, successfully impacting 1 billion lives. However, as global focus shifts to emerging technologies like AI, there is a growing risk of declining investment in digital inclusion, potentially widening the digital divide. Tools developed by the Alliance include principles for digital health inclusion, a guidebook for digital inclusion bond financing, and a Digital Inclusion Navigator that provides access to case studies and best practices related to bridging digital divides.

Cryptocurrencies

The Forum is also active on issues related to digital currencies and their policy implications. For instance, its Digital Currency Governance Consortium focuses on exploring the macroeconomic impacts of digital currencies and informing approaches to regulating digital currencies. The Central Bank Digital Currency (CBDC) Policy-Makers Toolkit, published in 2020, is intended to serve as a possible framework to ensure that the deployment of CBDCs takes into account potential costs and benefits. Various publications have been issued that explore topics such as the macroeconomic impact of cryptocurrency and stablecoins, cryptocurrency regulation, and the links between stablecoins and financial inclusion.

Digital tools

Digital platforms

Strategic Intelligence: The Forum’s platform provides access to transformation maps – mappings of ‘hundreds of global issues and their interdependencies’.

Social media channels

Facebook @worldeconomicforum

Flipboard @WEF

Instagram @worldeconomicforum

LinkedIn @ World Economic Forum

TikTok @worldeconomicforum

X @wef

YouTube @World Economic Forum

United Nations Economic Commission for Europe

UNECE is one of five regional commissions of the UN. Its major aim is to promote pan-European economic integration. To do so, it brings together 56 countries in Europe, North America, and Central Asia, which discuss and cooperate on economic and sectoral issues.

UNECE works to promote sustainable development and economic growth through policy dialogue, negotiation of international legal instruments, development of regulations and norms, exchange and application of best practices, economic and technical expertise, and technical cooperation for countries with economies in transition. It also sets out norms, standards, and conventions to facilitate international cooperation.

Digital activities

UNECE’s work touches on several digital policy issues, ranging from digital standards (in particular, in relation to electronic data interchange for administration, commerce, and transport) to the internet of things (IoT) (e.g. intelligent transport systems). Its activities on connected vehicles and automated driving systems are essential to seize the benefits of technical progress and disruptions in that field and to operationalise new mobility concepts such as Mobility as a Service (MaaS). Within the Trade sub-programme, guidance has been developed on the Compliance of products with embedded artificial intelligence, as well as ensuring gender mainstreaming of relevant standards.  Its UN/CEFACT develops trade facilitation recommendations and electronic business standards, covering both commercial and government business processes. UNECE also carries out activities focused on promoting sustainable development, in areas such as sustainable and smart cities for all ages, sustainable mobility and smart connectivity, and measuring and monitoring progress towards the SDGs.

UNECE’s work in the field of statistics is also relevant for digital policy issues. For example, the 2019 Guidance on Modernizing Statistical Legislation – which guides countries through the process of reviewing and revising statistical legislation – covers issues such as open data, national and international data exchanges, and government data management.

UNECE also pioneers digitalisation efforts towards sustainable transformation of the energy system, by enabling a constructive dialogue to help bridge the gap between academic research, industrial innovations, and policy needs.

UNECE carries out extensive work in the area of sustainable transport, leading on several UN Conventions. Accession to the conventions continues to increase as more and more member states realise the benefits in the time taken and associated costs in the movement of goods. Numerous digitised systems have been developed, and are maintained, hosted, and administered under the auspices of UNECE. For a number of other tools and mechanisms, work is underway.

Digital policy issues

Digital standards

UNECE’s intergovernmental body UN/CEFACT continues making great strides in the area of digital standards. In a recent collaboration with the International Federation of Freight-Forwarders Associations (FIATA), it developed the electronic FIATA Multimodal Bill of Lading (eFBL) data standard. The basis of the mapping of the Negotiable FIATA Multimodal Transport Bill of Lading (FBL) with the UN/CEFACT Multimodal Transport (MMT) reference data model, allows the exchange of BL data in a standardised way, facilitating interoperability between all modes of transport and industry stakeholders. Similar to other data standards developed by UN/CEFACT, the data standard is offered as open-source for all software providers and industry stakeholders to implement. UNECE’s standardisation work builds on a family of reference data models in alignment with its strategy to become the next generation of global standards for trade and transport information exchange. Other digital standards in the areas of supply chain management, agriculture, and travel and tourism (e.g. Buy Ship Pay Reference Data Model, Textile and Leather Data Model (Part 1 and Part 2), and Travel and Tourism Experience Programme Data Model) are a great step toward paperless trade and benefit all actors of the supply chain by reducing costs, increasing security, and gaining efficiency.

Artificial intelligence and internet of things

The UNECE has published a guidance and declaration on Compliance of products with embedded AI. One of the key challenges of such products is the possibility that it changes over time with distant updates which could potentially be coming from outside the market of consumption; market surveillance agencies will need to ensure that these products remain compliant with safety and security regulations throughout their lifecycle.

As the UN centre for inland transport, UNECE hosts international regulatory platforms in the field of automated driving and intelligent transport systems. It hosts multilateral agreements and conventions ruling the requirements and the use of these technologies (such as the UN agreements on vehicle regulations and the Vienna Convention on Road Traffic). Its activities (e.g. facilitating policy dialogue and developing regulations and norms) contribute to enabling automated driving functionalities and ensuring that the benefits of these technologies can be captured without compromising safety and progress achieved in areas such as border crossing and interoperability. It also collaborates with other interested stakeholders, including the automotive and information and communications technology (ICT) industries, consumer organisations, governments, and international organisations.

Another area of work for UNECE is related to harnessing smart technologies and innovation for sustainable and smart cities. In this regard, it promotes the use of ICTs in city planning and service provision, and it has developed (together with ITU) a set of key performance indicators for smart sustainable cities. UNECE also works to facilitate connectivity through sustainable infrastructure. For instance, it assists countries in developing smart grids for more efficient energy distribution, and it administers international e-roads, e-rail, and e-waterway networks.

UNECE launched the Advisory Group on Advanced Technology in Trade and Logistics (AGAT) in 2020 on topics, such as distributed ledger technologies (DLT) including blockchain, IoT, and AI.

The UNECE High-Level Group on Modernisation of Official Statistics (HLG-MOS) has been at the forefront of modernisation initiatives in the field of official statistics. These initiatives include innovative areas such as big data, synthetic data, and machine learning (ML) and AI. A UNECE guide, Machine Learning for Official Statistics (2021), can help national and international statistical organisations to harness the power of ML to modernise the production of official statistics. Responding to the growing interest in LLM, HLG-MOS published a white paper, LLM for Official Statistics (2023), to establish a common understanding of LLM’s potential within the statistical community by exploring implications and opportunities for official statistics. Building on its ongoing efforts to provide a platform for experts to exchange experiences and lessons learned in implementing AI solutions, HLG-MOS has launched a project on generative AI (2024-2025) and is organising the ‘Generative AI and Official Statistics’ in May (2025).

In trade, the newly released UN/CEFACT JSON-LD Web Vocabulary complements and enhances the capabilities of AI systems for trade-related exchanges. It aims to support the interoperability of trade by allowing supply chain actors to more easily integrate a common vocabulary in their business tools (e.g. software applications, AI algorithms) to ensure that data shared between different entities (e.g. suppliers, manufacturers, distributors, transporters, financiers, and regulators) is consistent and easily interpretable, reducing errors and misunderstandings.

Artificial intelligence for energy

AI and other technologies are inspiring energy suppliers, transmission and distribution companies, and demand sectors (buildings, industry, transport) to establish new business models to generate, deliver, and consume energy in a more sustainable way.

UNECE established a task force on digitalisation in energy to offer a platform for cross-industry experts from the energy sector and digital innovation to develop a unified voice on digitalisation in energy.

With systemic efficiency in view, the Task Force addresses a broad range of technical topics and policy issues beyond AI, from smart infrastructure and digital demand-side optimisation solutions for buildings also addressing behavioral barriers, to cyber resilience and overall governance of digitalisation in energy, extending activities across all sectors and aligning with the broader mission of UNECE.

Documentation and publications 2020-2025 include:

In 2025, the Task Force advances research on the issues of interoperability and open source, explores the intersection between large-scale digitalisation and environmental sustainability focusing on data centres, launches its regional survey on Digitalisation in Energy, and continues studies and initiatives on the twin transition.

The group found that AI and digitalisation have the potential to reduce residential and commercial buildings’ energy use by as much as 10% globally by 2040 if applied throughout a building’s value chain and life cycle. In particular, applications of AI may help optimise a building’s orientation for solar heat gain and predict power and heat needs, thus increasing overall energy security and maximising the integration of renewable energy sources.

The group also found that AI and digitalisation could help achieve energy savings of at least 10%–20% in the industrial sector (which consumes around 38% of global final energy and produces 24% of greenhouse gasses).

UNECE has partnered with the University of Zürich to develop a beta-mode AI-powered tool (chatenergy.ia) that would offer a real-time interactive compendium of information and data resources on the resilience of energy systems. The platform showed how policymakers could benefit from a cutting-edge tool that could inform their policy decisions by facilitating knowledge management and dissemination capabilities. It could also help identify technology and policy breakthroughs and mobilise financial flows for resilience. The European Investment Bank, the International Atomic Energy Agency (IAEA), the International Energy Agency, ITU, the Organization for Security and Co-operation in Europe (OSCE), the World Meteorological Organization (WMO), the World Bank, and other organisations contributed their knowledge base to support and shape this beta-mode tool. 

Automated driving

Blockchain

UNECE’s subsidiary body UN/CEFACT has been exploring the use of blockchain for trade facilitation. For instance, work carried out within the Blockchain White Paper Project has resulted in two white papers: one looking at the impact of blockchain on the technical standards work of UN/CEFACT and another looking at how blockchain could facilitate trade and related business processes. The ongoing Chain Project is focused on developing a framework/mechanism for the development and implementation of blockchain services infrastructure, and creating a whitepaper on a strategy for the development and implementation of interoperable global blockchain technology infrastructure. Another blockchain-related project looks into the development of a standard on the creation of a cross-border inter-customs ledger using blockchain technology.

Critical infrastructure

UNECE achieved a transformative milestone with regard to cybersecurity in the broad automotive sector with the adoption of UN Regulation No. 155 (Cyber Security and CSMS) and UN Regulation No. 156 (Software Updates).

Before that, cyber risks related to connected vehicles were apparent but not systematically addressed. Security researchers alerted the public to them by revealing various vulnerabilities. There were only narrow standards and guidelines for securing vehicles, such as standards for secure communication among Electronic Control Units (ECUs) and for hardware encryption.

UNECE’s World Forum for Harmonization of Vehicle Regulations (Working Party on Automated/Autonomous and Connected Vehicles (GRVA) WP.29) adopted two important new regulations on cybersecurity and over-the-air software updates and led to the situation where cybersecurity became non-negotiable for securing market access via type approval for those countries applying this regime. GRVA also developed recommendations on uniform provisions concerning cybersecurity and software updates for countries applying the self-certification regime.

Under the 1958 Agreement (binding to 54 countries)

Data governance

UNECE carries out multiple activities of relevance for the area of data governance.

First, its work on trade facilitation also covers data management issues. For example, it has issued a white paper on data pipeline concept for improving data quality in the supply chain and a set of Reference Data Model Guidelines. Several projects carried out in the framework of UNECE’s subsidiary UN/CEFACT also cover data-related issues. Examples include the  Buy-Ship-Pay  Reference Data Model (BSP-RDM), the Supply Chain Reference Data Model (SCRDM), the Multi-Modal Transport Reference Data Model (MMT-RDM), the Cross-border Management Reference Data Model Project (to provide a regulatory reference data model within the UN/CEFACT semantic library in order to assist authorities to link this information to the standards of other organisations), the Sustainable Development and Circular Economy Reference Data Model Project, and the Accounting and Audit Reference Data Model Project.

Second, UNECE has a statistical division, which coordinates international statistical activities between UNECE countries and helps to strengthen, modernise, and harmonise statistical systems under the guidance of the Conference of European Statisticians. Its activities in this area are guided by the Fundamental Principles of Official Statistics, adopted in 1992 and later endorsed by the ECOSOC and the UNGA. Areas of work include economic statistics, statistics on population, gender and society, statistics related to sustainable development and the environment, and modernisation of official statistics. In 2019, UNECE published a Guidance on Modernizing Statistical Legislation to guide countries through the process of reviewing and revising statistical legislation. The guidance covers issues such as open data, national and international data exchanges, and government data management.

Third, UNECE keeps abreast of external developments (e.g. in Europe or an OECD country) related to challenges related to AI, privacy, and human rights. This is the case, for example, with the activities on transport and automated vehicles. The GRVA is reflecting on the impact of general AI policies in its activities and developed possible ways to add layers in its multi-pillar approach to validate the performance of the Automated Driving System, and therefore to integrate considerations on data management in the context of AI agent training, support features, and functions of automated driving, and collaborate with the automotive sector on this matter.

E-commerce and trade

UNECE’s subsidiary, UN/CEFACT, serves as a focal point (within ECOSOC) for trade facilitation recommendations and electronic business standards, covering both commercial and government business processes. In collaboration with the Organization for the Advancement of Structured Information Standards (OASIS), UNECE developed the Electronic business using eXtensible Mark-up Language (ebXML). Another output of UNECE is represented by the UN rules for Electronic Data Interchange for Administration, Commerce and Transport (UN/ EDIFACT), which include internationally agreed upon standards, directories, and guidelines for the electronic interchange of structured data between computerised information systems. UNECE has also issued recommendations on issues such as Single Window, electronic commerce agreements, and e-commerce self-regulatory instruments. In addition, UN/CEFACT works on supporting international, regional, and national e-government efforts to improve trade facilitation and e-commerce systems.

Recommendation 33 – Single Window Recommendation

In addition, UN/CEFACT is reviewing its mandates and developing white papers analysing how AI can be used to facilitate trade processes. This includes examining how AI technology could be used to facilitate trade and related processes in the international supply chain including the study of areas such as data privacy, AI-based trade policies, the use of AI in e-Commerce and payments; how existing UN/CEFACT deliverables could be used in AI applications; and possible changes to existing UN/CEFACT deliverables, or new deliverables, that could be considered to support AI trade facilitation applications.

The UNECE Working Party on Regulatory Cooperation and Standardization Policies (WP.6) is currently reviewing the challenges that online marketplaces pose to regulatory agencies at entry into the market. The increase of small parcels each containing a small number of products poses significant challenges to market surveillance agencies in order to ensure that goods entering the market are safe for consumers; WP.6 is currently working on guidance based on best practices in the United Kingdom and other economies to address this issue.CT deliverables, or new deliverables, that could be considered  to support AI trade facilitation applications.

Digital and environment

UNECE’s work in the area of environmental policy covers a broad range of issues, such as air pollution, transboundary water cooperation,  industrial safety,  environmental democracy, the green economy, environmental monitoring and impact assessment, and education for sustainable development. Much of this work is carried out by the Committee on Environmental Policy, which, among other tasks, supports countries in their efforts to strengthen their environmental governance and assesses their efforts to reduce their pollution burden, manage natural resources, and integrate environmental and socio-economic policies. UNECE has put in place an Environmental Monitoring and Assessment Programme to assist member states in working with environmental data and information and enable informed decision-making processes. As part of this programme, it promotes the use of electronic tools for accessing information and knowledge on environmental matters and supports the continued development of a Shared Environmental Information System across the UNECE region. The system is intended to enable countries to connect databases and make environmental data more accessible.

The INForest database offers the most up-to-date source of information about the size of the forest area in the UNECE region, how it has changed over decades, the structure of forests, the goods and services forests provide, as well as their contribution to the economy, society, and the environment.

UNECE has developed policy guidance to support the digital inclusion of older people. In the Rome Ministerial Declaration on Ageing, adopted in June 2022, Ministers pledged to ‘promote age-friendly digitalisation, products and services, and support innovation for the silver economy’.

Recognising the importance of environmental, social, and governance (ESG) traceability in achieving SDG 12 and considering the rich body of expertise and standards already available through UNECE, it  broadened the focus of the Team of Specialists (ToS) on sustainable fisheries to ESG traceability of sustainable value chains in the circular economy.

UNECE Environmental Conventions and Protocols (not necessarily covering digital issues directly, but relevant):

Other valuable resources on the environment include:

Sustainable development

UNECE assists countries in its region to address sustainable development challenges (in areas such as environment, connectivity, and urbanisation) through offering policy advice, leveraging its norms, standards, and conventions, and building capacities. It focuses on driving progress towards the following SDGs: good health and well-being (SDG 3), clean water and sanitation (SDG 6), affordable and clean energy (SDG 7), decent work and economic growth (SDG 8), industry, innovation and infrastructure (SDG 9), sustainable cities and communities (SDG 11), responsible consumption and production (SDG 12), climate action (SDG 13), and life on land (SDG 15). Gender equality (SDG 5) and partnerships (SDG 17) are overarching for all UNECE activities. Activities undertaken by UNECE concerning these SDGs converge under four high-impact areas: sustainable use of natural resources; sustainable and smart cities for all ages; sustainable mobility and smart connectivity; and measuring and monitoring progress towards the SDGs.

UNECE has developed a series of tools and standards to support countries in measuring and monitoring progress towards the SDGs. It has also put in place an Innovation Policy Outlook, which assesses the scope, quality, and performance of policies, institutions, and instruments promoting innovation for sustainable development.

AI in sustainable Public-Private Partnerships (PPPs) and infrastructure finance

The UNECE launched a new 2-year workstream on the use of AI in Public-Private Partnerships (PPPs) for the SDGs. This work will consider the transformative potential of AI in PPP and infrastructure projects by exploring the opportunities and challenges of leveraging AI to advance the SDGs. The UNECE will release a series of forward-looking policy briefs and organise webinars that will discuss key focus areas. In 2025, the following topics will be addressed:

  • Harnessing the power of data in PPPs: opportunities and challenges.
  • Enhancing PPP project identification and planning through AI.  
  • Improving PPP stakeholder engagement and fostering transparency in public consultation using AI. 
  • Transforming PPP financial modelling and investment decision making with AI. 
  • Leveraging AI to optimise the longevity and safety of infrastructure assets.

This workstream was approved by the Working Party on Public-Private Partnerships at its eighth session on 25–26 November 2024.

Privacy and data protection

The World Forum for Harmonization of Vehicle Regulations has included guidelines on cybersecurity and data protection in its consolidated resolution on the construction of vehicles, including principles of lawful, fair, and transparent processing of personal data: (1) respecting the identity and privacy of the data subject; (2) not discriminating against data subjects based on their personal data; (3) paying attention to the reasonable expectations of the data subjects with regard to the transparency and context of the data processing; (4) maintaining the integrity and trustworthiness of information technology systems and in particular not secretly manipulating data processing; (5) taking into account the benefit of data processing depending on the free flow of data, communication and innovation, as far as data subjects have to respect the processing of personal data with regard to the overriding general public interest; and (6) ensuring the preservation of individual mobility data according to necessity and purpose.

These guidelines were referred to in the Resolution on Data Protection in Automated and Connected Vehicles adopted during the 39th International Conference of Data Protection and Privacy Commissioners, Hong Kong, 25–29 September 2017.

Digital tools

UNECE hosts several portals, applications, and digitalised conventions.

eTIR International System Application

The Customs Convention on the International Transport of Goods under Cover of TIR (Transports Internationaux Routiers) Carnets (TIR Convention, 1975) is one of the most successful international transport conventions. It is the only universal customs transit system in existence.

The TIR system, used by over 34,000 transport and logistics companies in its 77 contracting parties, has already reduced cross-border transport time by up to 80%, and costs by up to 38%. The eTIR international system aims to ensure the secure exchange of data between national customs systems related to the international transit of goods, vehicles, or containers according to the provisions of the TIR Convention and to allow customs to manage the data on guarantees, issued by guarantee chains to holders authorised to use the TIR system.

ITDB: International TIR Data Bank

The ITDB is an international online repository of information for all those authorised by contracting parties to use the TIR procedure. It is an integral part of the eTIR International system since only users approved in the ITDB can use the eTIR system. The main goal of the ITDB is to foster the exchange of information between competent authorities of contracting parties and national associations.

eCPD

The Carnet de Passages en Douane (CPD) system (i.e. a passport card for your vehicle) facilitates the temporary importation of private and commercial vehicles. The CPD system is based on two international conventions: the 1954 Customs Convention on the Temporary Importation of Private Road Vehicles and the 1956 Customs Convention on the Temporary Importation of Commercial Road Vehicles. Hosted by UNECE, the conventions combined have 96 contracting parties. Work has started to prepare the appropriate amendments to the 1954 and 1956 conventions describing the eCPD; prepare the high-level architecture, including the concepts and functional and technical specifications of the future eCPD application; and develop the eCPD system based on these specifications.

eCMR

The eCMR is based on the provisions of the Convention on the Contract for the International Carriage of Goods by Road (CMR) (1956) and especially on the provisions of the Additional Protocol to CMR Concerning the Electronic Consignment Note (2008). UNECE, which administers the CMR Convention, has been mandated by governments to administer the eCMR protocol and to establish a formal group of experts on the operationalisation of the eCMR procedure.

PIERS online platform

The PIERS online platform is a publicly available digital tool accessible to governments and other stakeholders, enabling them to assess the sustainability of their Public-Private Partnerships and infrastructure projects, using the UNECE PPP and Infrastructure Evaluation and Rating System (PIERS). The PIERS methodology establishes a set of core sustainable indicators deriving from the SDGs, ensuring that PPP and infrastructure projects create ‘value for people’ and ‘value for the planet’, with a focus on the world’s most vulnerable.

Digital visualisation

International Transport Infrastructure Observatory (ITIO)

The observatory will be developed on a geographic information systems (GIS) platform with three main pillars of services: it offers an electronic repository of UNECE inland transport conventions, an innovative tool to finance transport infrastructure, and a way to promote sustainable regional and interregional connectivity.

ITIO GIS Platform

Climate Change Adaptation and Transport Infrastructure Tool – The ITIO GIS platform assists in the analysis of possible future impacts of climate change on transport networks. The tool enables experts to identify sections of transport networks potentially exposed to the effects of climate change.

Digital enabler

SITCIN: Sustainable Inland Transport Connectivity Indicators tool

The SITCIN tool allows countries to measure their degree of transport connectivity, both domestically and bilaterally/sub-regionally, as well as in terms of soft and hard infrastructure.

UNECE Dashboard of SDG Indicators

UNECE digital tools facilitating access to statistical information:

UNECE online platforms and observatories gather updates and policy resources to help member states respond to the COVID-19 crisis:

Social media channels

Facebook @UNECE

Flickr @UNECE

Instagram @un_ece

LinkedIn @ United Nations Economic Commission for Europe

X @UNECE

YouTube @UNECE

Sign up for the monthly newsletter on digital issues to receive updates.

International Organization for Standardization

ISO is the International Organization for Standardization, the world’s largest developer of international standards. It consists of a global network of 173 national standards bodies – our members. Each member represents ISO in its country. The organisation brings together global experts to share knowledge and develop voluntary, consensus-based, market-relevant international standards. It is best known for its catalogue of around 25,000 standards, spanning a wide range of sectors, including technology, food, and healthcare.

Digital activities

A large number of international standards and related documents developed by ISO are related to information and communications technologies (ICTs), such as the Open Systems Interconnection (OSI), which was created in 1983 to establish a universal reference model for communications protocols. The organisation is also active in the field of emerging technologies, including blockchain, the internet of things (IoT), and AI. The standards are developed by various technical committees dedicated to specific areas, including information security, cybersecurity, privacy protection, AI, and intelligent transport systems.

Digital policy issues

Artificial intelligence

The joint technical committee of ISO and the International Electrotechnical Commission (IEC) on AI is known as ISO/IEC JTC1/SC 42 Artificial intelligence and is responsible for the development of standards in this area. To date, it has published 34 standards specifically pertaining to AI, with 41 others in development. ISO/IEC 42001 is the flagship AI management system standard, which provides requirements for establishing, implementing, maintaining, and continually improving an AI management system within the context of an organisation. ISO/IEC TR 24028 provides an overview of trustworthiness in AI systems, detailing the associated threats and risks and addressing approaches on availability, resiliency, reliability, accuracy, safety, security, and privacy. Other recently published standards include those that cover concepts and terminology for AI (ISO/IEC 22989); bias in AI systems and AI-aided decision-making (ISO/IEC TR 24027); AI risk management (ISO/IEC 23894); a framework for AI systems using machine learning (ISO/IEC 23053); and the assessment of machine learning classification performance (ISO/IEC TS 4213). Other standards under development to support ISO/IEC 42001 include ISO/IEC 42005 on AI system impact assessments and ISO/IEC 42006, which contains requirements for bodies providing audit and certification of AI management systems. Up-to-date information on the technical committee (e.g. scope, programme of work, contact details) can be found on the committee page.

ISO has joined forces with its World Standards Cooperation (WSC) partners IEC and ITU to create the International AI Standards Summit, to be held on 2 and 3 December in Seoul and hosted by the Korean Agency for Technology and Standards (KATS). The initiative was announced at the World Economic Forum in Davos and responds to the UN’s call to enhance AI governance through international standards following the adoption of the Global Digital Compact by world leaders in September 2024.

In July, the WSC will join leading experts at the International AI Standards Day during the AI for Good Global Summit to help shape AI governance.ISO is also working alongside IEC and ITU in the AI and Multimedia Authenticity Standards Collaboration, launched in 2024 to develop global standards for AI watermarking, multimedia authenticity, and deepfake detection technologies.

Cloud computing

ISO and IEC also have a joint committee for standards related to cloud computing that currently has 29 published standards and a further 14 in development. Of those published, two standards of note include ISO/IEC 19086-1, which provides an overview, foundational concepts, and definitions for a cloud computing service level agreement framework, and ISO/IEC 22123-3, which specifies the cloud computing reference architecture. Other standards recently published include those on health informatics (ISO/TR 21332); the audit of cloud services (ISO/IEC 22123-2); and data flow, categories, and use (ISO/IEC 19944 series). Standards under development include the ISO/IEC 10822 series on multi-cloud management. Up-to-date information on the technical committee (e.g. scope, programme of work, contact details) can be found on the committee page.

Internet of things

Recognising the ongoing developments in the field of IoT, ISO currently has 50 published standards on the subject, including those for intelligent transport systems (ISO 19079), future networks for IoT (ISO/IEC TR 29181 series), unique identification for IoT (ISO/IEC 29161), internet of media things (ISO/IEC 23093-3), the trustworthiness of IoT (ISO/IEC 30149), and industrial IoT systems (ISO/IEC 30162). IoT security is addressed in standards such as ISO/IEC 27001 and ISO/IEC 27002, which provide a common language for governance, risk, and compliance issues related to information security. In addition, there are standards that provide a methodology for the trustworthiness of an IoT system or service (ISO/IEC 30147); a trustworthiness framework (ISO/IEC 30149); requirements for an IoT data exchange platform for various IoT services (ISO/IEC 30161); and a real-time IoT framework (ISO/IEC 30165). A further 20 standards are in development. Up-to-date information on the ISO and IEC joint technical committee on IoT (e.g. scope, programme of work, contact details) can be found on the committee page

Telecommunication infrastructure

ISO has published 12 standards on blockchain and distributed ledger technologies. Of these, ISO/TR 23455 gives an overview of smart contracts in blockchain and distributed ledger technologies; ISO/TR 23244 tackles privacy and personally identifiable information protection; ISO 22739 covers fundamental blockchain terminology; ISO/TR 23576 deals with security management of digital asset custodians; ISO/TS 23258 specifies a taxonomy and ontology; and ISO/TS 23635 provides guidelines for governance. A further 12 standards are in development, including ISO/TS 18126, which specifies a taxonomy and classification for smart contracts, and ISO 20435, which provides a framework for representing physical assets using tokens. Up-to-date information on the technical committee (e.g. scope, programme of work, contact details) can be found on the committee page.

Blockchain

ISO has published 11 standards on blockchain and distributed ledger technologies: ISO/TR 23455 gives an overview of smart contracts in blockchain and distributed ledger technologies; ISO/TR 23244 tackles privacy and personally identifiable information protection; and ISO 22739 covers fundamental blockchain terminology respectively. ISO also has a further eight standards on blockchain in development. These include those related to:  security management of digital asset custodians (ISO/TR 23576); taxonomy and ontology (ISO/TS 23258); and guidelines for governance (ISO/TS 23635). Up-to-date information on the technical committee (e.g. scope, programme of work, contact details, etc.) can be found on the committee page.

Emerging technologies

ISO develops standards that address many different emerging technologies. These include more than 40 standards either published or in development on robotics, covering issues such as collaborative robots (e.g. ISO/TS 15066), safety requirements for industrial robots (e.g. ISO 10218 series), and personal care robots (e.g. ISO 13482). 

The ISO technical committee on intelligent transport systems (ITS) has over 350 published standards, including those on forward vehicle collision warning systems (ISO 15623) and management of electronic traffic regulations (ISO/TS 24315-1). Standards are also being developed to address the use of virtual reality in learning, education, and training (e.g. ISO/IEC 23843).A further three issues are currently being explored in collaboration with IEC, with further developments anticipated in the next couple of years: bio-digital convergence, the metaverse, and brain–computer interfaces (ISO/IEC JTC1/SC43).

Quantum technologies

In January 2024, ISO and IEC launched a new joint technical committee, ISO/IEC JTC 3, on quantum technologies. The committee will develop standards on quantum computing, quantum simulation, quantum sources, quantum metrology, quantum detectors, quantum communications, and fundamental quantum technologies. One standard, on the quantum computing vocabulary (ISO/IEC 4879), has already been published, and an introduction to quantum computing (ISO/IEC TR 18157) is in development.

Network security

ISO and IEC jointly develop standards that address information security and network security. The ISO/IEC 27000 family of standards covers information security management systems (ISMSs) and can be used by organisations to secure information assets such as financial data, intellectual property, and employee information. For example, ISO/IEC 27031 and ISO/IEC 27035 are specifically designed to help organisations respond to, diffuse, and recover effectively from cyberattacks. ISO/IEC 27701, an extension of ISO/IEC 27001 and ISO/IEC 27002, details requirements and guidance for establishing, implementing, maintaining, and continually improving a privacy information management system (PIMS). We have also developed a handbook to assist small and medium-sized enterprises (SMEs) in establishing and maintaining an ISMS according to ISO/IEC 27001, the premier standard for information security. Network security is also addressed by standards on technologies such as IoT, smart community infrastructures, medical devices, localisation and tracking systems, and future networks. Up-to-date information on the joint ISO and IEC technical committee (e.g. scope, programme of work, contact details) can be found on the committee page.

Encryption

As more and more information (including sensitive personal data) is stored, transmitted, and processed online, the security, integrity, and confidentiality of such information become increasingly important. To this end, ISO has a number of standards for the encryption of data. For example, ISO/IEC 18033-1 addresses the nature of encryption and describes certain general aspects of its use and properties. Other standards include ISO/IEC 19772, which covers authenticated encryption, ISO/IEC 18033-3, which specifies encryption systems (ciphers) for data confidentiality purposes, and ISO 19092, which allows for encryption of biometric data used for authentication of individuals in financial services for confidentiality or other reasons. 

ISO also has standards that focus on identity-based ciphers, symmetric and asymmetric encryption, public key infrastructure, and other related areas.

Data governance

Big data represents another significant area of standardisation for ISO, with around 80% of related standards being developed by ISO/IEC JTC1/SC42. The terminology for standards related to big data is defined in ISO/IEC 20546, while ISO/IEC 20547-3 covers big data reference architecture. ISO/IEC TR 20547-2 provides examples of big data use cases with application domains and technical considerations, and ISO/IEC TR 20547-5 details a roadmap of existing and future standards in this area. Up-to-date information on the technical committee (e.g. scope, programme of work, contact details) can be found on the committee page.

Digital identities

Digital signatures that validate digital identities help ensure the integrity of data and the authenticity of particulars in online transactions, thereby contributing to the security of online applications and services. Standards to support this technology cover elements such as anonymous digital signatures (e.g. ISO/IEC 20008 series); digital signatures for healthcare documents (e.g. ISO 17090-4 and ISO 17090-5); and blind digital signatures, in which the content of the message to be signed is concealed, used in contexts where, for example, anonymity is required. Examples of such standards include ISO 18370-1 and ISO/IEC 18370-2.

Privacy and data protection

Privacy and data protection in the context of ICTs is another area addressed by ISO standards. One prominent example, ISO/IEC 29101, describes a privacy architecture framework. Others include standards for privacy-enhancing protocols and services for identification cards (ISO/IEC 19286); privacy protection requirements pertaining to learning, education, and training systems employing information technologies (ISO/IEC 29187-1); privacy aspects in the context of intelligent transport systems (ISO/TR 12859); and security and privacy requirements for health informatics (ISO/TS 14441).

ISO in numbers

ISO is proud to count 173 members.

Our experts work across 823 technical committees and subcommittees.

In 2024, we published 1,533 new standards and related documents.

The ISO store contains more than 25,703* international standards and related documents.

* Total as of end December 2024.

Digital tools

ISO’s online browsing platform provides up-to-date information on ISO standards, graphical symbols, publications, and terms and definitions.

Social media channels

Facebook @isostandards

Instagram @isostandards

LinkedIn @isostandards

X @isostandards

YouTube @iso

International Electrotechnical Commission

The IEC is the world leader in preparing international standards for all electrical, electronic, and related technologies. A global, not-for-profit membership organisation, the IEC provides a neutral and independent institutional framework to around 170 countries, coordinating the work of some 30,000 experts. We administer four IEC Conformity Assessment Systems, representing the largest working multilateral agreement based on the one-time testing of products globally. The members of each system certify that devices, systems, installations, services, and people perform as required.

IEC international standards represent a global consensus of state-of-the-art know-how and expertise. Together with conformity assessment, they are foundational for international trade.

IEC standards incorporate the needs of many stakeholders in every participating country and form the basis for testing and certification. Experts come from both developed and developing countries. Each member country and all its stakeholders represented through the IEC National Committees have one vote and a say in what goes into an IEC international standard.

Our work is used to verify the safety, performance, and interoperability of electric and electronic devices and systems such as mobile phones, refrigerators, office and medical equipment, or electricity generation. It also helps accelerate digital transformation, artificial intelligence (AI), or virtual reality applications, protects information technology (IT) and critical infrastructure systems from cyberattacks and increases the safety of people and the environment.

Digital activities 

The IEC works to ensure that its activities have a global reach to meet all the challenges of digital transformation worldwide. The organisation covers an array of digital policy issues. IEC international standards and conformity assessment play a crucial role in shaping global AI and digital policies by providing a structured, collaborative, and consensus-driven framework that addresses technical, ethical, and governance challenges.

Digital policy issues

Artificial intelligence

AI applications are driving digital transformation across diverse industries, including energy, healthcare, smart manufacturing, transport, and other strategic sectors that rely on IEC Standards and Conformity Assessment Systems. AI technologies allow insights and analytics that go far beyond the capabilities of legacy analytic systems.

For example, the digital transformation of the grid enables increased automation, making it more efficient and able to seamlessly integrate fluctuating renewable energy sources. IEC standards pave the way for the use of a variety of digital technologies relating to intelligent energy. They deal with issues such as the integration of renewable energies within the electrical network but also increased automatisation.

A joint IEC and ISO technical committee on AI, JTC1/SC 42, brings together technology experts, as well as ethicists, lawyers, social scientists, and others to develop generic and foundational standards (horizontal standards). IEC experts focus on sector-specific needs (vertical standards) and conformity assessment.

JTC 1/SC 42 addresses concerns about the use and application of AI technologies. For example, data quality standards for ML and analytics are crucial for helping to ensure that applied technologies produce useful insights and eliminate faulty features.

Governance standards in AI and the big data analytics business process framework address how the technologies can be governed and overseen from a management perspective. International standards in the areas of trustworthiness, ethics, and societal concerns will ensure responsible deployment.

Quantum computing

The joint IEC and ISO technical committee for quantum technologies, IEC/ISO JTC 3, is working on standards for all aspects of quantum, including computing, metrology, sources, detectors, communications and fundamental quantum technologies.

Infrastructure

The IEC develops standards for many of the technologies that support digital transformation. Fibre optic cables, sensors, semiconductors, cloud and edge computing are examples.

Cloud computing

The joint ISO/IEC technical committee prepares standards for cloud computing, including distributed platforms and edge devices. The standards cover key requirements relating to data storage and recovery.

Network security and critical infrastructure

The IEC develops cybersecurity standards and conformity assessment for IT and operational technology (OT). Cybersecurity is often understood only in terms of IT, which leaves critical infrastructure, such as power utilities, transport systems, manufacturing plants and hospitals, vulnerable to attacks.

Digital tools

The IEC has developed a number of online tools and services designed to help everyone with their daily activities.

Find out more
IEC website
IEC news and blog
IEC e-tech

Social media channels

LinkedIn @IECStandards

Facebook @InternationalElectrotechnicalCommission

YouTube @IECstandards

International Committee of the Red Cross

Established in 1863, the ICRC is an independent international humanitarian organisation headquartered in Geneva. It defends and promotes the respect of international humanitarian law (IHL) and is dedicated to protecting the lives and dignity of victims of war and to providing assistance. Along these lines, it cooperates with governments, the private sector, and other entities affected by international and internal armed conflict and violence.

Together with the International Federation of Red Cross and Red Crescent Societies and 192 individual national societies, the ICRC makes up the so-called International Red Cross and Red Crescent Movement.

Digital activities

Digitalisation is increasingly present in the context of armed conflict and violence. On one hand, affected populations are in demand for digital tools, which humanitarian organisations need to provide in a responsible manner. On the other hand, states use cyber operations as part of warfare with humans affected by the consequences of such operations and other digital risks. To this end, humanitarian organisations also use digital tools to improve their operations. The ICRC addresses the implications of technology, which are multifold and range from data protection for humanitarian actions to the application of IHL to cyber operations in armed conflict. We host expert and intergovernmental discussions and have developed a number of (digital) tools to help improve awareness and understanding of IHL and relevant standards. The ICRC cooperates with other organisations on digital policy issues.

Digital policy issues

Artificial intelligence

The ICRC has explored the impact of AI tools in armed conflict, in particular their use by armed actors. In a document titled Artificial Intelligence and Machine Learning in Armed Conflict: A Human-Centred Approach (2019, revised 2021), we argue: ‘Any new technology of warfare must be used, and must be capable of being used, in compliance with existing rules of international humanitarian law.’ The document touches on the use of AI and machine learning (ML) technologies capable of controlling physical military hardware. It argues that from a humanitarian perspective, AWS are of particular concern given that humans may not be able to control such weapons or the resulting use of force, and AI-controlled AWS would exacerbate these risks. The ICRC has urged states to adopt new international rules on AWS. The position paper also emphasises the potential for AI to exacerbate the risks to civilians and civilian infrastructure posed by cyber and information operations, as well as changing the nature of military decision-making in armed conflict. The ICRC calls for a human-centred approach to the application of AI in armed conflict that preserves human judgement and jointly with the United Nations Secretary-General, ICRC’s president is calling for establishing new prohibitions and restrictions on AWS. The question has been further explored in other reports, such as Autonomy, Artificial Intelligence, Robotics: Technical Aspects of Human Control (2019). 

Cyber operations during armed conflict

The use of cyber operations during armed conflict is a reality today and is likely to increase in future. Through bilateral confidential dialogue, expert discussions, participation in intergovernmental processes, and constant monitoring and analysis, the ICRC is raising awareness of the potential human cost of cyber operations and the application of IHL to cyber operations during armed conflict. Our efforts on this matter date back over two decades. Ever since, the ICRC has held the view that IHL limits cyber operations during armed conflict just as it limits the use of any other weapon, means and methods of warfare in an armed conflict, whether new or old.

Over the years, the ICRC has been actively involved in global policy discussions on cyber-related issues, including those held within the UN (various Groups of Governmental Experts (GGEs) and the Open-Ended Working Groups (OEWGs)). In addition, we convene regional consultations among government experts on how IHL applies to cyber operations, and global expert meetings, such as the potential human cost of cyber operations and avoiding civilian harm from military cyber operations during armed conflicts. Our legal views on how IHL applies to cyber operations during armed conflict are found in a 2019 position paper that was sent to all UN member states in the context of the different UN-mandated processes on information and communications technology (ICT) security. The ICRC explores innovative solutions, such as a digital emblem, to protect medical and humanitarian missions in cyberspace. 

Recently we have focused on non-state actors such as civilians and technological companies getting more and more involved in cyber operations. We first issued three documents. The first focuses on the growing trend of civilians at large getting involved in digital operations and the related risks. The second focuses on when might digital tech companies become targetable in war. And last and more specifically on hacking, we published a paper called 8 Rules for “Civilian Hackers” During War, and 4 Obligations for States to Restrain Them

‘Protection’ in the digital age

The ICRC deals with privacy and data protection within its mandate and context of IHL. In this Atlas, following the Digital Watch Observatory taxonomy, privacy and data protection are part of the human rights basket.

Without undermining the positive impact technology can bring in conflict, including enhancing access to life-saving information and potentially minimising collateral damage, protection work must consider the risks in the digital age. In other words, it must encompass the protection of the rights of people when their lives intersect with the digital sphere. This question remains under-regarded and a blog post tries to shed light on this grey area

The ICRC puts a special emphasis on the impact of misinformation and disinformation as they can increase people’s exposure to risk and vulnerabilities. For example, if displaced people in need of humanitarian assistance are given intentionally misleading information about life-saving services and resources, they can be misdirected away from help and towards harm.

Hate speech, meanwhile, contributes directly or indirectly to endangering civilian populations’ safety or dignity. For example, when online hate speech calls for violence against a minority group, it can contribute to psychological and social harm through harassment, defamation, and intimidation. 

These issues have been tackled in a document we published in 2021 called Harmful Information.

Misinformation and disinformation can also impact humanitarian organisations’ ability to operate in certain areas, potentially leaving the needs of people affected by armed conflict or other violence unmet. When false and manipulated information spreads, it can erode trust within communities and damage the reputation of humanitarian operations.

For the ICRC, whose work is founded on trust, the spread of disinformation, especially where tensions are high, could quickly lead to humanitarian personnel being unable to leave their offices, distribute live-saving assistance, visit detainees, or bring news to people who have lost contact with a family member.

Ultimately, it is important also to note that information operations have limits under IHL!

Outer space

Space systems have been employed for military purposes since the dawn of the space era. As the role of these systems in military operations during armed conflicts increases, so too does the likelihood of their being targeted, with a significant risk of harm to civilians and civilian objects on Earth and in space. This is because technology enabled by space systems permeates most aspects of civilian life, making the potential consequences of attacks on space systems a matter of humanitarian concern. Find out more in this blog called War, Law and Outer Space: Pathways to Reduce the Human Cost of Military Space Operations.

Privacy and data protection

The ICRC plays an active role in regard to privacy and data protection in the context of humanitarian action. It has a data protection framework compliant with international data protection standards that aims to protect individuals from a humanitarian standpoint. The framework consists of ICRC rules on personal data protection, which were revised in 2020 in response to the rapid development of digital technologies, while supervisory and control mechanisms are overseen by an independent data protection commission and a data protection officer.  In 2019, the ICRC spearheaded the adoption of a resolution on Restoring Family Links While Respecting Privacy, Including as it Relates to Personal Data Protection at the International Conference of the Red Cross and Red Crescent. In 2022, we pushed for the adoption of a resolution on Safeguarding Humanitarian Data at the Council of Delegates of the Red Cross and Red Crescent Movement.

Despite the wide range of data sources employed and dealt with by the ICRC, specific attention is dedicated to biometric data, which is often used in forensics and the restoration of family links. To manage this highly sensitive information and to ensure the responsible deployment of new technologies (including new biometric identification techniques), the ICRC has adopted a Biometrics Policy, which sets out the roles and responsibilities of the ICRC and defines the legitimate bases and specified purposes for the processing of biometric data. 

Data protection is also addressed by the ICRC Handbook on Data Protection in Humanitarian Action. The Handbook provides suggestions as to how current data protection principles apply to humanitarian organisations and builds on existing regulations, working procedures, and practices. The second edition specifically provides guidance on the technical aspects of data protection by design and by default and covers technological security measures. In addition, through dedicated chapters, it addresses the potential and risks of digital technology such as blockchain, AI, digital identity, and connectivity for data protection in humanitarian action.

The ICRC has argued in favour of the digitalisation of the Geneva Conventions and on the occasion of the 70th anniversary of these very treaties and additional protocols, released an IHL digital app. The app provides access to over 75 treaties including the Geneva Conventions, and allows users to read through the content and familiarise themselves with the text. The ICRC has a number of databases on IHL, including its customary IHL database and the ICRC national implementation database.  

Digital tools

Research and development

In 2022, the ICRC opened a Delegation for Cyberspace in Luxembourg, which serves as a safe and secure space to do due diligence research and develop and test solutions and ideas to prepare the ground for the support, protection, and deployment of digital services to affected people on a global scale. It will also further explore what it means to be a digital stakeholder in a manner compatible with its mandate; operational modalities; and the principles of neutrality, independence, and impartiality.

Resources

The ICRC’s Law and Policy blog provides a large number of short pieces on cyber operations, featuring tech expert, legal, and policy perspectives. 

Online learning is also used by the ICRC to promote the implementation of IHL. In 2019, we launched an e-learning course entitled Introduction to International Humanitarian Law aimed at non-legal practitioners, policymakers, and other professionals who are interested in the basics of IHL. Other online courses are available through the ICRC training centre as well as e-briefings which are available in the e-briefing library

The ICRC maintains an online training centre and an app with all ICRC publications in English and French. 

Social media channels

Facebook @ICRC

Instagram @ICRC

LinkedIn @ICRC

TikTok @ICRC

X @ICRC

YouTube @ICRC

Ecma International

Ecma International is a global standards development organisation dedicated to the standardisation of information and communication systems. Established in 1961, Ecma has been a pioneer in providing a framework for the collaboration of standardisation and open source. The work is driven by Ecma members to address market requirements, providing a healthy competitive environment where competition is based on the differentiation of products and services and where vendors and users can rely on the interoperability of technical solutions.

Areas of work include the development and publication of standards and technical reports for information and communications technology (ICT) and consumer electronics (CE), with a broad scope of standardisation topics including hardware, software, communications, consumer electronics, the internet of things (IoT), programming languages, media storage, and environmental subjects. Ecma’s pragmatic, flexible, member-driven model is effective in enabling technical committees to form and iterate rapidly on internationally recognised open standards.

Digital activities

For over 60 years, Ecma has actively contributed to worldwide standardisation in information technology and telecommunications. More than 420 Ecma standards and 110 technical reports have been published, covering areas such as data presentation and communication, data interchange and archiving, access systems and interconnection and multimedia, programming languages, and software engineering and interfaces, two-thirds of which have also been adopted as international standards and/or technical reports.

One of the first programming languages developed by Ecma, FORTRAN, was approved in 1965. ECMAScript® (JavaScript), with several billion implementations, is one of the most used standards worldwide.

Digital policy issues

Digital standards

A large part of Ecma’s activity is dedicated to defining standards and technical reports for ICTs (hardware, software, communications, media storage, etc.). This work is carried out through technical committees and task groups focusing on issues such as information storage, multimedia coding and communications, programming languages, open XML formats, and product-related environmental attributes. Our members are committed to Ecma’s success and progress and follow best practices and efficient processes for the development and approval of standards, making Ecma a respected and trusted industry association. Ecma has close working relations – such as liaisons, cooperation agreements, and memberships – with European and international standardisation bodies as well as with some forums and consortia. Our long-established relationships with other standardisation organisations are well maintained and enable us to publish our specifications as international standards. A list of Ecma standards is noted below.

Telecommunications infrastructure

Network security

Sustainable development/Digital and environment

Programming languages such as ECMAScript (JavaScript) and C#

Software engineering and interfaces

Data-related standards

Technical committees (TCs) and task groups (TGs), covering issues such as access systems and information exchange between systems (TC51), information storage (TC31),

product-related environmental attributes (TC38), ECMAScript® language (TC39), office open XML formats (TC45), and ECMAScript® modules for embedded systems (TC53). Additional technical committees include acoustics (TC26), software and system transparency (TC54), web-interoperable server runtimes (TC55), and communication with artificial intelligence (AI) agents (TC56).

In addition, ECMA-425 was published in December 2024, specifying a statistical background correction for information technology and telecommunications equipment noise measurements.

Future of standards

The participation in Ecma of many leading global companies ensures not only the acceptance of Ecma standards in European and international standardisation but also their worldwide implementation.

Ecma’s goal in the next decade is to continue to play a key role in the extraordinary development of IT, telecommunications, and consumer electronics by disseminating new technologies and delivering first-class standards to our members, partners, and the standard-user community. Ecma aims to continue to bring in major contributions, move technology from members to mature standards, and collaborate with the world’s major standards development organisations (SDOs).

In December 2024, Ecma established Technical Committee TC55, tasked with defining, refining, and standardising a ‘minimum common API’ surface, along with a verifiable definition of compliance with that API. This is intended to improve interoperability across multiple ECMAScript environments, expanding beyond web browsers, specifically web servers. In addition, Ecma established TC56, a natural language interaction protocol for communication with AI agents. The scope is to specify a common protocol, framework and interfaces for interactions between AI agents using natural language while supporting multiple modalities.

Digital tools

Conferencing technologies

Ecma maintains a pragmatic approach to meeting participation. Our General Assembly typically takes place as a physical meeting to allow in-person discussions and interaction among members. For members who cannot participate in person, remote attendance is possible with videoconferencing and other digital tools.

Ecma’s technical committees hold either physical, hybrid, or virtual meetings depending on their specific needs.

Ecma meetings are typically held outside of Ecma’s HQ. As a general principle, members are encouraged to host meetings.  Invitations are by a technical committee member who host the meeting at a facility of their choice.

For meetings, consensus building, and voting, Ecma focuses on being efficient and effective. The meeting place and mode are decided upon by the committee.

Social media channels

LinkedIn @ecma-international

X @EcmaIntl