1

Case Id: b91f47c9-97a0-4ae4-8228-28832da8b206Date: 28/12/2015 16:56:42

Standards in the Digital Single Market: setting prioritiesand ensuring delivery

Fields marked with * are mandatory.

General information on respondents

*Do you wish your contribution to be published?Please indicate clearly if you do not wish your contribution to be published.

YESNO

Submissions that are sent anonymously will neither be published nor taken into account.

The Commission may contact you in case a clarification regarding your submission is needed. Ifyou do not wish to be contacted, please state this clearly in your reply.

I wish to be contacted:YESNO

* I'm responding as:

An individual in my personal capacityThe representative of an organisation/company/institution

*What is your name?

Polina

*What is your surname?

Malaja

*

*

*

*

2

*Please enter your email address:

polina@fsfe.org

Please enter your telephone number:

*Please enter the name of your institution/organisation/business:

Free Software Foundation Europe e.V

* Is your organisation registered in the Transparency Register of the European Commission andthe European Parliament?

YesNo

*Please indicate your organisation's registration number in the Transparency Register.

33882407107-76

*Please enter the address of your organisation:

Schönhauser Allee 6/7

10119 Berlin

Germany

*My institution/organisation/business operates in:

EU

*What is the primary place of establishment of the entity you represent?

Germany

*Please indicate your main field of business activity and the field of activity related to theconsultation's topic (if not identical to the overall business activity).

Free Software

*

*

*

*

*

*

*

*

3

*Please select the description that applies to your organisation.

Other Stakeholders Association (e.g. Users, Consumers...)

Is your organisation active in ICT standardisation?YesNo

Questions

II.1 Questions on general framework and problem statement

It is of particular interest to understand if the standards currently under development effectivelymatch interoperability and successfully creating a Digital Single Market. In addition, it isespecially interesting to identify those actions in standards development that could act as asolution for wider industry and public needs, not limited to the specific technologies that havebeen standardized.

Please indicate whether you agree to the following statements and explain your answerbriefly.  

Q1.1 - Do you share the Commission's analysis in Part 2 of?this document

YESPARTLYNONO OPINION

*

4

*Please explain:

Free Software Foundation Europe (FSFE) agrees with the Commission that

standards priorities should be set up in order to bring the EU to

digital single market in accordance with the Commission's Digital Single

Market Strategy adopted on 6 May 2015 (COM(2015)195), and that

standardisation has to reflect European interests. However, it should be

acknowledged that digital market is a global market. Hence, Europe needs

to be the part of the global picture, as ICT standards by its nature are

international. In addition, it should be noted that Europe is not a

principal ICT standard-setting region, despite the fact that "European

experts are actively participating in international standard

organisations" (such as ITU, ISO, IEC). Therefore, Europe needs an

approach that is both effective in implementation and global, in order

to ensure its competitiveness on the digital market. The best way to

achieve both aims is to ensure that Europe implements standards that are

open, minimalistic and implementable with Free Software, as these

standards have proved to be sustainable. At the same time, European

"push" in standardisation should not result in more standards with

overcomplicated specifications. Hence, European standardisation has to

be aimed at implementing existing global standards that in the end will

benefit the majority of stakeholders, and encourage competition on both

European and global level.

Q1.2 - ICT is assuming a greater role in sectors of the economy which were not previouslysignificant users of ICT. How do you see for the economy, in particularthe role of ICT standardsbeyond the ICT sector?

Very ImportantImportantModest importanceNot importantNo opinion

*

5

*Your comment, indicating a specific sector:

The purpose of standardisation is to deliberately limit changes to

technological basis. These limits are introduced in order to allow

subsequent innovation by everyone that has access to the standard and

not just the party that controls the technological basis. As a

consequence, standards limit the ability to innovate by a single party

in order to allow innovation on the basis of that standard by multiple

parties. However, standardisation can only fulfil its purpose when

standards are actually implemented and wide-spread across industries. In

order to ensure the widest adoption and implementation of standards,

especially beyond the ICT sector, it is important for standards to be

understandable and easily implementable. This will contribute to the

cross-sector digitisation of industries that in result will lead to more

innovation, and a wider variety of services in the market. Open

Standards allow such innovation by all parties with no leverage for the

initial developer of the platform to limit such innovation or the

competition it represents.

Interoperability and portability of data will also contribute to the

improvement of digital skills amongst population. Digital Single Market

cannot exist without digital literacy. Interoperable standards

implementable with Free Software, that are easily adoptable, will

contribute to that goal because they will facilitate the proliferation

of technology, by granting everyone freedoms to use that technology,

study how it works, share it with others without any restrictions, and

improve it according to their needs.

Q1.3 - Do you agree that setting priorities for ICT standards at EU level, accompanied by cleartime-tables, could help standard-setting organisations in better organising their work andsupport the Digital Single Market?

YESPARTLYNONO OPINION

*

6

*Please explain why:

In order to pursue the goals set in the Digital Single Market Strategy,

Europe does not need to reinvent the wheel, and instead of trying to

standardise from the scratch by developing new standards, Europe should

focus on implementing existing global standards that are open,

minimalistic and implementable with Free Software.

Open Standards [^1] that are implementable with Free Software will

empower European industries to compete on the global market. Open

Standards have already proven themselves: besides the obvious example of

the Internet, it is worth mentioning that several of the biggest and

most successful IT players, who have built their software model on

either Free Software or proprietary equivalent, are based on Open

Standards.

It is important to implement Open Standards that are minimalistic[^2]

because this will enable the majority of European IT actors, that are

small- and medium-sized enterprises (SMEs), to adapt them, and most

importantly, to understand them. Overcomplicated and lengthy standards

will take extra time and resources to be efficiently implemented and

understandable for European SMEs, the majority of which do not have such

capacity to fully follow the complex specification of a standard. It is

noteworthy that SMEs are largely misrepresented in standardisation

process in formal standard setting organisations (SSOs) that are

dominated by large scale actors. Simply trying to implement standards

originally developed for dominant actors will create extra burdens to

the digitisation of European industries and prevent new actors from

entering the market because companies are burdened by costly

specifications or the need to invest in new infrastructure.

Therefore, in order to digitalise industries cost efficiently, while at

the same time ensuring the competitiveness and independence of European

companies in accordance to the goals set in the Digital Single Market

Strategy, the implemented standards have to be both open, minimalistic

and implementable with Free Software.

[^1]: https://fsfe.org/activities/os/

[^2]: Bernhard Reiter, "The minimal principle: because being an open

standard is not enough",

https://fsfe.org/activities/os/minimalisticstandards.en.html

Q1.4. - What other steps should be considered to ensure that any such prioritisation wouldenjoy broad support of key stakeholders?

In order to achieve the widest adoption of standards, it is crucial to

ensure that no unnecessary obstacles to their effective implementation

are in place. One of such unnecessary obstacles are standard-essential

*

7

patents (SEPs) that have been called "an important element of the

business model in terms of monetising investment in research and

innovation" in the Commission's Digital Single Market Strategy. While it

may be an option for some industries (i.e. telecommunications), it is

not the case for such areas such as software, internet and web

standards. It is important to acknowledge that one uniform

cross-sectoral approach towards patents in standardisation is not the

answer and can cause more harm if applied without taking into account

differences and inherent dynamics between sectors.

It is worthwhile to mention that several standard setting and developing

organisations in the field of software, internet and web standards (e.g.

W3C, IETF, UK BSI, OASIS) base their standards policies on royalty- and

restriction-free standards that do not include any proprietary rights.

This policy has no doubt contributed to the fact why internet has become

such an important and widely spread environment that has lead to the

spur of innovative products and services on the market. It is also

important to understand that technical standards in the field of

software are developed retrospectively, and as such do not contain any

innovative breakthroughs per se, by simply following the technology.

Consequently, the whole purpose of standardisation is to facilitate the

adoption of technology, instead of encumbering it.

Furthermore, ICT market is increasingly being dominated by web-services

and web-enabled devices, which permit web applications to replace the

functionality of client-side stand-alone software. Hence it is critical

to respond to the existing practice of standardisation in web and

software field in an adequate manner, that is follow the standardisation

examples of these industries that have shaped them and allowed them to

thrive.

Some of the problems caused by SEPs include a high possibility of vendor

lock-in and anti-competitive behaviour, as SEPs can confer significant

market power on their holders. Licensing under 'fair, reasonable and

non-discriminatory' (FRAND) terms, but including a royalty-payment

requirement, is often presented as a way to balance the interests of the

market with those of patent owners. However royalty- and

restriction-based FRAND serve only the interests of a handful of the

biggest companies - most often based outside of Europe - providing no

benefits to the local European actors, the majority of which are SMEs.

Furthermore, royalty-based FRAND licensing has been shown to be

detrimental and incompatible with Free Software.[^1] This is a major

obstacle for achieving the widest competition of goods and services on

the digital market, as Free Software actors should be able to compete on

the same conditions as their proprietary counterparts.

[^1]:

https://fsfe.org/activities/os/why-frand-is-bad-for-free-software.en.htm

l

8

Q1.5 - What would be the most effective instrument at EU level to ensure that any suchprioritisation is taken up by relevant standard-setting organisations? (please select and rank upto 3 instruments)

1 2 3

A Commission Communication

A Commission Recommendation

Standardization requests issued to EU standard-setting organisations andincluded in the Annual Union Work Programme for Europeanstandardisation

Regulation

Priorities stated in the Rolling Plan for ICT Standardisation

No opinion

None of them

Your comment:

Europe should learn from the best practices and ensure that the Member

States and companies understand the benefits of standardisation. While

it is feasible to set guidelines, it is necessary to let market shape

its needs. At the same time, EU is in position to raze barriers before

competition with its policies. Hence, the most effective way for the EU

to boost competition, but at the same time refraining from too much

governmental interference, is to adopt open and minimalistic standards

-- implementable with Free Software -- through procurement, research and

education. These measures might be followed by soft law instruments such

as a Commission recommendation, or the priorities stated in the Rolling

Plan for ICT Standardisation. However, the development of these

political guidances should be lead by example and should take into

consideration the differences between ICT and other standardised

sectors.

Q1.6 - What would be the impact of a priority ICT standards plan defined at the level of the EUon Europe's effort ?to pursue leadership in global standard-setting

POSITIVENEUTRALNEGATIVENO OPINION

9

*Please explain:

Leadership should not entail the development of new standards but

instead can be achieved by prioritising existing standards that are

open, minimalistic and implementable with Free Software. Even if such

standards need to be developed in the respective new fields, these

standards should pursue abovementioned characteristics as this will

ensure their wide-spread adoption.

In order for Europe to become globally competitive, Europe should be the

part of global standards and not lock itself regionally. The obvious

example of such "no border" standardised platform is internet itself

which is based on non-propretary, non-regulatory, transparent and open

standards. This point is crucial: the way internet functions today has

lead to the creation of services, products and business models

unimaginable in analogue world. Furthermore, the strong endorsement of

aforementioned standards reflects the fact that software, the internet

and the web are widely distributed and constantly evolving.

Q1.7 - What would be the impact of a priority ICT standards plan defined at the level of the EUon the ability of European companies ?to capture new global market opportunities

POSITIVENEUTRALNEGATIVENO OPINION

*

10

*Please explain:

Positive outcome for European companies to capture new global market

opportunities can be only achieved if the market is open for companies

of different size. It is important to bear in mind that the majority of

European stakeholders are SMEs. Hence it is vitally important to ensure

that the market opportunities are open for SMEs who can easily adapt to

the new opportunities. Standardisation can both hamper and encourage

such participation, hence European approach needs to be careful in this

regard. Developing more standards will not necessarily bring any relief

to the goal of interoperability per se, instead, standards need to be

adaptable and implemented as easily as possible. This will ensure their

adoption on the market, at the same time securing the support for the

widest variety of companies that in return will provide the widest

competition.

According to the EU competition rules (e.g. Article 101 of the TFEU,

also see C-8/08, T-Mobile Netherlands BV and Others, [2009] ECJ)

European policies should be aimed at protecting competition as such,

so-called 'fifth freedom' in the EU. SMEs and consumers are the voices

that are the least present in the standardisation processes, hence to

benefit these groups is to contribute to the competition.

*

11

Q1.8 - Besides establishing a priority ICT standards plan, what other measures could theCommission (or other EU institutions) take to ensure that standardisation plays its role inachieving a Digital Single Market?

There is a need for governmental and EU-level policies promoting Free

Software through public procurement in order to realise the efficiencies

of Free Software to the Digital Single Market. Due to its nature, the

danger of anti-competitive behaviour and the vendor lock-in is

eliminated in promoting Free Software as the innovative technology is

available to everyone to use and improve, leading to the existence of

various service providers based on the same technology. This is exactly

the goal that the standardisation is aimed to achieve.

In particular, there is a need for a clear requirement of publicly

financed software to be published under Free Software licences, that

will allow Free Software to act as a reference implementation. Instead

of developing lenghty specifications to the standard and expecting

stakeholders to find their ways to implement it, it is more efficient to

publish the source code and let everyone to copy and reshape the

technology according to their specific needs. This is particularly

important because for most software standards the formal specification

is insufficient, and the actual standard is defined both through the

written specification and actual implementations. For the implementer

the reference implementation is more valuable because it allows her to

avoid the extended phase of trial-and-error in order to resolve

specification ambiguities. Consequently for software solutions the need

for a reference implementation to implement the standard can be

fulfilled by publishing it under a Free Software licence. Reference

implementation published under Free Software licence may act as a the

formal specification without the institutional standard setting process

and can be reproduced by any potential vendor of the technology.

Therefore, allowing technology to be implemented directly will abstain

from duplicating standards in order for technology to be applied. Hence,

reference implementation under a Free Software licence will avoid

unnecessary duplications, while at the same encourage competition.

Q1.9 - How should standard-setting organisations best respond to the increasing speed oftechnological development and the integration of technologies in business processes across allindustrial sectors?

12

A - Regarding the adaptation of existing standards tonew developments:

Software and web services are the sectors to develop at the fact pace.

Traditional standardisation processes, especially in the formal SSOs,

cannot keep up with the more and more diversifying ICT sectors with the

approach that used to work for other industries, such as

telecommunications. This is especially evident with SEPs and their FRAND

licensing terms that instead of promoting innovation, are restricting

innovative potential to enter standardisation. It is a well-established

fact[^1] that royalty-based FRAND licensing is discriminatory towards

Free Software, which is undeniable competitor to the proprietary

software on the market. Therefore, FRAND cannot be encouraged or

perceived as the primary licensing solution in standardisation. As

technology is developing faster, there is no need to introduce

additional barriers through standardisation.

Another barrier that impedes with innovation are large and complex

standards' specifications. This barrier can be lift by applying

minimalistic standards, that are modular. Minimalistic modular standards

will allow to change a part of a system, i.e. if necessary to switch to

a new standard and apply innovative technology there, while keeping the

other part under the old standard. Hence, minimalistic standards will

allow a more flexible and gradual approach to new developments in the

areas with already existing standards.

It is crucial to understand that technical standards may solely help

facilitate technology, but do not contain any innovation per se. Due to

this factor a very careful policy approach is needed in order to not

achieve the opposite effect detrimental to innovation.

Since royalty free open standards implementable with Free Software are

proved to be sustainable, interoperable, easily implementable and

pro-competitive, SSOs are in need to better respond to the new

developments and inlcude the aforementioned standards into their

policies. One-size-fits all approach, especially in regard to FRAND

licensing, is harmful to the new developments and does not take into

consideration all the existing standardisation practices amongst such

ICT fields as software, internet and web.

[^1]: Iain Mitchell, Stephen Mason, "Compatibility Of The Licensing Of

Embedded Patents With Open Source Licensing Terms", IFOSLR Vol. 3, No. 1

(2011)

13

B - Regarding the introduction of new standards for new:technologies/products

When it comes to the new technologies that have not been standardised

before, it is critical to ensure the widest interoperability and avoid

vendor lock-in from the beginning, in order to mitigate the risk of

developing monopolies and oligopolies on the market. Where innovations

are at an early stage of market development, the standardisation process

should be evaluated by whether these standards are implementable and

usable. As stated above, royalty- and restriction free, open and

minimalistic standards that are implementable with Free Software are the

most adequate answer to the standardisation in software, internet and

web services.

In addition, many SSOs are in need to improve their collaboration with

Free Software communities, in order to adequately respond to the

existing realities of the market. In particular, some formal SSOs (e.g.

see Resolution GSC-13/22, by the Global Standards Collaboration) have

publicly condemned the policies mandating royalty-free licensing of

standards. This approach is short-sighted and harmful to innovation.

Q1.10 - How do you see the involvement of European ICT Standardization experts ininternational standardisation organisations (ITU, ISO, IEC) and global standard settingorganizations (i.e. IEEE, IETF, OASIS, W3C, ECMA international)?

A - The :SCOPE (or LEVEL?) of involvementIs appropriateShould be increasedShould be decreasedNo opinion

B - The :QUALITY of involvementIs appropriateShould be improvedNo opinion

II.2 Questions on priority domains for standardisation in the Digital SingleMarket

In this section, the Commission invites survey participants to express opinions and ideas onsetting priorities for ICT standardisation.

14

The Commission has identified 10 domains set out below, as well as a set of sub-domainswithin each domain. Please note that domains and subdomains are interrelated and thatoverlaps are possible and desirable in particular with respect to synergies between differentsectors. Some domains are horizontal and may benefit a large number of sectorialapplications; some other domains are more sectorial and were identified as areas where ICTstandardisation would bring important benefits.

First check whether the list of domains is complete and relevant. If the list is consideredincomplete, please complement it with additional domains that you consider priority.

Q2.1 - Please identify and rank the domains (up to 5) and subsequently subdomains (up to 3per domain) within each domain that you consider a priority. If specific domains or subdomainsare missing please add them.at most 5 answered row(s)

1 2 3 4 5

Domain 1: 5G communications

Domain 2: Cloud computing

Domain 3: Cybersecurity

Domain 4: Data driven services and applications

Domain 5: Digitisation of European Industry

Domain 6: eHealth and aging

Domain 7: Intelligent Transport Systems (ITS)

Domain 8: Internet of Things

Domain 9: Smart Cities

Domain 10: Smart and Efficient Energy Use

Others

15

Domain 2: Cloud computingat most 3 answered row(s)

1 2 3

Application portability

As a service solutions (IaaS, PaaS, SaaS)

Cloud networking infrastructures

Cloud platforms

Moving non-personal data between service providers

Service Level Agreements (SLAs)

Process Computation Integrity

Others

Domain 3: Cybersecurity

at most 3 answered row(s)

1 2 3

Cyber security design requirements

Process standard for incident reporting

Process standard for cyber risk management

Process standard for vulnerability disclosure

Technical standards for encryption

Technical standards for public key infrastructure

Technical standard for security and privacy by design

Others

Please answer to Q2.2 to Q2.6 . In your answer pleasefor each of the domains selectedspecify if applicable the subdomains that you have selected.

16

*Q2.2 - For the  and the subdomains which you have selected,Domain 2: Cloud computingplease explain briefly how the criteria indicated in Box I apply to them.

:We copy the criteria for your convenience

Link to DSM objectives and other EU policies

Competitiveness of the European industry

Clear and achievable targets

Evidence of market relevance and stakeholders needs

Domains where standard setting has direct benefits for consumers

As stated above, cloud is becoming an increasing ICT sector on the

market.

This is the sector that is heavily relying on web standards that are

most likely royalty free and open. This practice needs to be promoted

and encouraged, as these standards will ensure the objectives set in the

Digital Single Market Strategy.

* Fair competition of good and services: royalty free, open and

minimalistic standards that are implementable with Free Software will

guarantee the widest competition on the market in the field of software,

as these standards will allow more players to enter the market and base

their goods and services on existing technology. This is due to the fact

that access to technology is available to all potential economic actors

on equal terms without any advantages to the right holders. This is

especially crucial for SMEs which participation in standardisation

processes is often non-present or minimal. Consequently, if priorities

need to be set, they should be in accordance with the competition rules

of the EU enshrined inter alia in the Article 101 of TFEU that is aimed

at securing the fair competition.

* High level of consumer and personal data protection: consumers benefit

from royalty free, open and minimalistic standards that are

implementable with Free Software through the fact that these standards

will allow the wider variety of goods and services to appear on the

market, and will enable the portability of consumers' personal data from

one service provider to another in the most secure and transparent way.

Other standards cannot provide such high level of interoperability,

which in return will ensure consumers' control over their personal data,

which is in line with the Data Protection Regulation and the users'

right to their data portability therein.

Consequently, it is notable that software that is exploiting the

exported data needs to be Free Software in order for consumers to be

able to re-use their data and applications in an efficient way.

*

17

Q2.3 - The Priority ICT standards plan should lead to the production of technical specifications,standards or architectures where there is a need/gap, but could also propose any other type ofstandardisation action such as landscape analysis, gap finding, roadmaps or, ecosystembuilding that could contribute to ensure that standardisation plays its role in achieving a DigitalSingle Market. Please explain if a standardisation need/gap exists in the Domain 2: Cloud

and sub-domains which you have selected.. Please also indicate within whichcomputing time-frame such need could be addressed. Please limit to a maximum of five needs/gaps perdomain or sub-domain:

Q2.4 - Among those below, which action could be a priority in the Domain 2: Cloud computingand the subdomains which you have selected? Please rank the list below and explain yourchoice.

1 2 3 4 5 6 7 8 9

• Mandating EuropeanStandardisation Organisations(ESOs) for fast delivery ofstandards/technicalspecifications.

• Foster cooperation amongstandards developmentorganisations for ICT priorities

• Support Research & Innovationprojects to contribute tostandardisation

• Community Building

• Support creation ofpublic-private partnerships - PPP

• Increase strategic coordinationof ICT standardisation at EUlevel.

• Ensure consistent application ofexisting standards

• Accelerate the identification ofICT technical specifications mostcommonly used for theirreference in public procurement

• Other

• No opinion

18

*Please explain:

In order to ensure consistent application of existing standards, the

increase of strategic coordination of ICT standardisation at the EU

level is needed. This includes industry-sensitive policies that

adequately respond to the market developments, but at the same time

eliminate the possibility of vendor lock-in and anti-competitive

behaviour. This includes stronger promotion of royalty-free, open and

minimalistic standards that are implementable with Free Software by

inter alia issuing the recommendations and updating the EU Rolling Plan

on ICT Standardisation. But most importantly, the wider adoption of

these standards is achievable when the EU bodies and institutions

implement abovementioned standards themselves, including through public

procurement.

Q2.5 - Please indicate any other standardisation initiatives which would help achieving theDigital Single Market in the  and the subdomains which you haveDomain 2: Cloud computingselected, and who in the standardisation landscape would be best placed to lead on theseinitiatives:

Q2.6 - Would your organisation be prepared to invest resources in standard-setting to achievethe priority standards within the proposed time-frames?

Please answer this question only if you are responding as the representative of an

organisation/company/institution.

YESYES, provided some conditions are metNONo opinion

*Please explain your choice and specify conditions:

FSFE is not a standard setting organisation, but we are willing to

provide our assistance to the EU policy makers in the questions related

to Free Software and open standards.

*

*

19

*Q2.2 - For the  and the subdomains which you have selected,Domain 3: Cybersecurityplease explain briefly how the criteria indicated in Box I apply to them.

:We copy the criteria for your convenience

Link to DSM objectives and other EU policies

Competitiveness of the European industry

Clear and achievable targets

Evidence of market relevance and stakeholders needs

Domains where standard setting has direct benefits for consumers

The main goal of cybersecurity in the context of DSM, and the

competitiveness of the European industry, is in 'trust' consumers need

to have whilst accessing and exercising online activities. This entails

the technical standard for security and privacy by design. In order for

digital economy to thrive and flourish the consumer perspective is no

less valuable than of other stakeholders. In order to effectively build

digital economy, consumers must trust the environment and service

providers, and if needed be granted with effective remedy in case that

trust is misused.

Privacy by design is an important feature to secure consumers trust in

digital environment and the standardisation efforts need to be directed

towards this goal. Hereby, it is necessary to stress that the needed

level of privacy can be achieved with the standards that are

transparent, open and global, as internet itself. However, one of the

most critical points to security is the principle of 'minimalistic'

standards. The complexity of overblown standards with many rarely used

features is the biggest threat to software security acknowledged by

experts. These standards are more likely to introduce or leave

vulnerabilities for attackers to take advantage of. Consequently, the

standards for cybersecurity need to be designed according to their

purpose and in minimalistic way.

Due to its feature of high public interest, standards in cybersecurity

need to accepted as widely and as efficient as possible. Allowing secure

solutions to act as reference implementations will contribute to their

de facto standardisation. Hence, releasing software as Free Software and

its reference implementation under Free Software licences is the most

optimal solution in cybersecurity. It is a well established fact that it

is easier to discover and fix vulnerabilities in Free Software. Free

Software licenses will also allow the reuse of reference implementations

as modules which will help to the adoption of technical standards.

*

20

Q2.3 - The Priority ICT standards plan should lead to the production of technical specifications,standards or architectures where there is a need/gap, but could also propose any other type ofstandardisation action such as landscape analysis, gap finding, roadmaps or, ecosystembuilding that could contribute to ensure that standardisation plays its role in achieving a DigitalSingle Market. Please explain if a standardisation need/gap exists in the Domain 3:

and the subdomains which you have selected. Please also indicate within which Cybersecuritytime-frame such need could be addressed. Please limit to a maximum of five needs/gaps perdomain or sub-domain:

Q2.4 - Among those below, which action could be a priority in the  anDomain 3: Cybersecurityd the subdomains which you have selected? Please rank the list below and explain your choice.

1 2 3 4 5 6 7 8 9

• Mandating EuropeanStandardisation Organisations(ESOs) for fast delivery ofstandards/technicalspecifications.

• Foster cooperation amongstandards developmentorganisations for ICT priorities

• Support Research & Innovationprojects to contribute tostandardisation

• Community Building

• Support creation ofpublic-private partnerships - PPP

• Increase strategic coordinationof ICT standardisation at EUlevel.

• Ensure consistent application ofexisting standards

• Accelerate the identification ofICT technical specifications mostcommonly used for theirreference in public procurement

• Other

• No opinion

21

*Please explain:

There is a need for SSOs to address the standardisation of security and

privacy by design. Due to the fact that privacy as such is not a market

driven notion (while data in itself is) and as a product is not

considered 'sucessful', there is a need of a EU level priority in this

area. Standardisation on the EU level in the area of 'privacy by design'

has to be in line with the EU Data Protection Regulation, and such

priority can contribute to the European leadership in this area,

especially to the global consensus on privacy and data protection.

Q2.5 - Please indicate any other standardisation initiatives which would help achieving theDigital Single Market in the  and the subdomains which you haveDomain 3: Cybersecurityselected, and who in the standardisation landscape would be best placed to lead on theseinitiatives:

Q2.6 - Would your organisation be prepared to invest resources in standard-setting to achievethe priority standards within the proposed time-frames?

Please answer this question only if you are responding as the representative of an

organisation/company/institution.

YESYES, provided some conditions are metNONo opinion

*Please explain your choice and specify conditions:

FSFE is not a standard setting organisation, but we are willing to

provide our assistance to the EU policy makers in the questions related

to Free Software and open standards.

II.3 Other Comments

Other comments:

*

*

22

In conclusion Europe needs global solutions that are easily

implementable and adoptable by the majority of stakeholders in order to

achieve the widest competition in the digital single market.

Standardisation can without a doubt play a significant role in achieving

these aims. However, these can only be realised if the set priorities

take into consideration the fast pace technology and the needs deriving

from the market itself. At the same time, European policy can be

designed to raze the barriers before competition and innovation.

The standardisation processes and the policies adopted by formal

standard setting organisations have been designed in pre-digital era

mainly for telecommunications sector. Digital, as we know it nowadays,

relies mainly on software, internet and web standards that are royalty-

and restriction-free and that have evolved differently than the

traditional standardisation in the formal standard setting

organisations. Therefore, it is important to maintain that practice and

encourage the cooperation between different standard setting and

developing organisations, irrespective of their "formal" status (e.g.

formal SSOs, fora and consortia, or Free Software community).

Priorities at the EU level need to be set carefully and in accordance

with the EU anti-competition law. The most efficient way to achieve the

adoption of standards by the majority of stakeholders across Member

States is through the EU taking the lead and implementing the desired

standards through public procurement: this entails the promotion of

standards that are open, minimalistic, and implementable with Free

Software, that have proven to be sustainable, interoperable,

pro-competitive and transparent.

Standards that are open, minimalistic, and implementable with Free

Software will allow different sized actors to easily adopt and implement

them that in return will guarantee the widest competition of goods and

services on the market, and the widest proliferation of technology.

Another important feature of ICT standardisation is to allow Free

Software to act as a reference implementation of the standard and to

make sure a reference implementation is published under a Free Software

licence, including all software that has been developed with public

funds to be released as Free Software. As a consequence, this practice

will contribute to digitisation of the European industries and increase

in digital skills amongst population.

Consequently, adopting standards that are open, minimalistic and

implementable with Free Software will contribute to the majority of aims

set in the Digital Single Market strategy, and will allow Europe to be

competitive on the global ICT market. The European "push" in

standardisation needs to be directed at taking most of the existing

standardisation practices in the fields of software, internet and web,

while at the same time refraining from locking itself regionally that

will hamper Europe's innovative potential. In order for European

innovation to boost, Europe needs innovative solutions in the

standardisation.

23

Background Documentsanalysis.pdf (/eusurvey/files/f2d6718c-7e07-4955-9505-c94113bbbe0f)

Contact ec-ict-std-platform@ec.europa.eu