Category Archives: Internet Online activities and ICT standards

Internet usage is widespread throughout the European Union (EU). Nearly one person in two uses the Internet on a daily basis within the EU. The EU therefore faces a number of technical challenges such as the provision of a large number of virtual addresses and storage and transfer capacity, and the development of compatible technical standards throughout its territory, in order to guarantee interoperability, online privacy and accessibility.

The EU is also endeavouring to combat illegal online activities by introducing measures such as the Safer Internet Programme 2009-2013.

Information Society

Information Society

Information Society Contents

  • Current general legal framework: Regulatory framework. Competition.
  • Digital Strategy, i2010 Strategy, eEurope Action Plan, Digital Strategy Programmes: Digital Strategy. I2010 Strategy and eEurope Action Plans. Programmes.
  • Internet, Online activities and ICT standards: Internet and Online activities. Fight against illegal online activities. Network security and information system. Coordination and standardisation.
  • Data protection, copyright and related rights: Data protection. Copyright and related rights in the information society.
  • Radiofrequencies: Mobile communications. Radio spectrum.
  • Interaction of the information society with certain policies: The use of ITC for road safety. The use of ITC for electronic commerce. The use of ITC for payment systems. The use of ITC for research. The use of ITC for public health.
  • Enlargement: Ongoing enlargement. Enlargement of January 2007. Enlargement of May 2004.

See also

Overviews of European Union: Information technology.
Further information: Communications Networks, Contents and Technology Directorate-General of the European Commission.

The open internet and net neutrality

The open internet and net neutrality

Outline of the Community (European Union) legislation about The open internet and net neutrality

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Information society > Internet Online activities and ICT standards

The open internet and net neutrality

Document or Iniciative

Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions of 19 April 2011 – The open internet and net neutrality in Europe [COM(2011) 222 final – Not published in the Official Journal].

Summary

This Communication aims to promote the neutral and open character of the internet, in accordance with the Digital Agenda for Europe. The intention is to preserve the openness of the internet while enabling it to provide high-quality, innovative services, and to guarantee fundamental rights such as freedom of expression and freedom to conduct business.

The worldwide success of the internet may be explained in part by its openness and accessibility to all, individuals and companies alike. However, this Communication stresses that its full potential remains untapped.

Challenges to net neutrality

The concept of net neutrality is defined in part in the Framework Directive on electronic communications as the ability of end users to access and distribute information or run applications and services of their choice.

The current obstacles to net neutrality are:

  • the blocking or throttling of traffic by certain network operators, which takes the form of restricting access to internet services (online television, videoconferences, etc.) or to websites. The Body of European Regulators for Electronic Communications (BEREC) and the national regulatory authorities (NRAs) may receive users’ complaints;
  • traffic congestion, which requires reasonable management. There are three different traffic management techniques to alleviate congestion:

    1. packet differentiation;
    2. IP routing;
    3. filtering, which makes it possible to distinguish between “safe” and “harmful” traffic.
  • lack of transparency, which prevents consumers from making informed choices in terms of services. NRAs are therefore obliged to set minimum quality of service requirements.

Regulatory framework concerning net neutrality

The provisions of the regulatory framework are structured around two principal elements:

  • the principles of competition: net neutrality is strongly correlated with market competition. It is therefore important that retail pricing of internet access is not regulated in the EU in order that consumers can benefit from a wide variety of services at different price points adapted to their needs.
  • the amended Telecommunications framework: this legislative framework was amended in 2009. It helps to preserve the open and neutral character of the internet by ensuring that consumers are informed about the:

    1. conditions limiting access to and/or use of services and applications;
    2. procedures put in place by the provider in order to measure and shape traffic so as to avoid filling all the network links.

    This framework also enables consumers to switch operators while keeping their numbers, within one working day.

Net neutrality is also strongly dependent on the protection of personal data.

Ways to preserve net neutrality and openness

The Commission is currently studying solutions to put in place to deal with obstacles caused by:

  • switching;
  • blocking practices;
  • throttling practices;
  • certain commercial practices at the root of blocking and throttling;
  • discriminatory practices by a dominant player.

However, the Commission must ensure that the measures taken do not hinder freedom of expression and freedom of information and continue to preserve private and family life as well as personal data.

Context

This Communication is based on the results of a public consultation on the open internet and net neutrality conducted between 30 June and 30 September 2010 with participants including network operators, content providers, Member States, consumer and civil society organisations and individuals.

The Commission intends to continue working with BEREC in order to adopt additional provisions on net neutrality.

Future networks and the internet

Future networks and the internet

Outline of the Community (European Union) legislation about Future networks and the internet

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Information society > Internet Online activities and ICT standards

Future networks and the internet

Document or Iniciative

Communication from the Commission of 29 September 2008: Future networks and the internet [COM(2008) 594 final– Not published in the Official Journal].

Summary

The internet is constantly evolving. Not only will it become much faster due to the development of very high speed broadband networks, it will also become much more pervasive and available anytime, anywhere. This Communication can be seen as a preparatory step towards this internet of the future.

Emerging trends will challenge the digital economy

The widespread use of broadband has changed the way people use the internet. While it merely provided information in the mid-1990s, the new ‘Web 2.0’ is increasingly participative and interactive due to fundamental advances in user-friendly services.

It is possible to discern four main trends:

  • There will be an evolution of social business networking which will also generate collaboration tools for businesses, Enterprise 2.0. Together with the development of software as a service, this will result in a new generation of computer services easily available on demand and with much reduced overheads, known as the Internet of Services;
  • There will be the emergence of the Internet of Things, which is the seamless connection of devices, sensors, objects, etc. through fixed and wireless networks;
  • Nomadic use through portable devices will transform work organisation patterns;
  • An increase in bandwidth will be required due to the massive projected increase of data traffic.

Challenges and responses

Competitive pressure constitutes the most effective means to encourage the migration to broadband. However, it will be crucial to keep the internet open and e-communications markets competitive. Stimulating investment in high-speed broadband access will be necessary due to the challenges of high investment costs of the necessary civil engineering works, which represent up to 80% of the total costs, and the uncertainty as to whether consumers are willing to pay a sufficient amount for the broadband services for these investments to be profitable.

It will become a policy priority to provide Broadband for all at an affordable price bothin rural and in urban areas. In this line, the Commission proposed a ‘Broadband Performance Index’ in its Annual Progress Report on the Lisbon Strategy. The index is a composite indicator which reflects the need for speed, coverage, affordable prices, innovation, high-quality services and a favourable socio-economic context.

There is also the issue of competition and convergence. Whereas convergence is blurring the market boundaries between telecoms, consumer electronics, media services and internet companies, it is important to ensure that the internet remains open to competition and innovation. It is important that consumers have real choices and do not get locked to services and products.

The existing internet architecture is insufficient to deal with the challenges arising from nomadic computing and the Internet of Things. It is therefore necessary to launch a debate on the design and development of the internet of the future, as it must meet the rising demands of scalability, mobility, flexibility, security, trust and robustness.

It is fundamental to preserve the Privacy and security of the internet of the future at an early stage. To this end, the Commission will provide clear guidelines on the implementation of existing rules on data protection and a coherent strategy for a secure internet of the future.

In all these developments, the crucial role played by international policy, regulatory dialogue and research cooperation should be taken into account. To this end, the Commission is expected to adopt a Communication on the external dimension of information society policies in late 2008.

Background

The aim of promoting access for all to a good-quality internet connection at an affordable price was introduced by the EU policy to ‘Bridge the Broadband Gap’. As part of this policy, the Commission will update and summarise the state-aid rules applicable to broadband projects and launch a debate on the role of Universal Service in providing broadband for all in autumn 2008.

This Communication falls within the context of the Lisbon Agenda post-2010. The internet of the future is a valuable source of economic growth for the EU and it is therefore important that this growth is encouraged by a sound regulatory framework.

Towards an accessible information society

Towards an accessible information society

Outline of the Community (European Union) legislation about Towards an accessible information society

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Information society > Internet Online activities and ICT standards

Towards an accessible information society

Document or Iniciative

Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions – ‘Towards an accessible information society’ [COM(2008) 804 final – Not published in the Official Journal].

Summary

In view of the large number of European citizens who are still excluded from information technologies, the Commission considers it necessary to strengthen the common approach to e-accessibility and web accessibility.

E-Accessibility

E-accessibility means the integration of disabled and/or elderly people with regard to information and communication technologies (ICTs). Disabled people represent around 15% of the population of the European Union.

Within the framework of the information society, European citizens should have equal access to:

  • computers;
  • telephones;
  • televisions;
  • online administration;
  • online shopping;
  • call centres;
  • self-service terminals;
  • automatic teller machines;
  • ticket machines.

Whereas the lack of e-accessibility can exclude significant sectors of the population.

In order to counteract this lack, dialogue is to be reinforced between relevant stakeholders such as:

  • consumer organisations;
  • representatives of disabled and elderly users;
  • enterprises in the ICT sector;
  • assistive technology and service industries;
  • academia and relevant authorities.

These stakeholders will define guidelines on priorities and a coherent approach in terms of e-accessibility, related to:

  • the web;
  • digital television;
  • electronic communications;
  • a single European emergency number;
  • self-service terminals;
  • electronic banking.

Under the 2009 Competitiveness and Innovation Programme (CIP), the funding of a network on e-accessibility and web accessibility is provided for, in order to further enhance stakeholder cooperation and good practices.

The Commission intends to support e-accessibility more actively within the framework of research and innovation policy.

Moreover, work on the development of standards for e-accessibility will be carried out, based on cooperation between stakeholders concerned and an exchange of good practices.

Web-Accessibility

Accessibility to the web means the possibility for disabled and/or elderly people to navigate and interact in this field. This type of accessibility is still underdeveloped in the European Union.

Strengthening web accessibility has a clear advantage, not only for disabled and/or elderly people, but also for the whole population and should also increase the competitiveness of enterprises in the long term.

Member States should improve web accessibility by 2010, in line with the undertaking made in the Ministerial Declaration on an inclusive information society adopted in Riga in 2006. However, the Commission has a role to play, in particular by supporting efforts in Member States and by improving accessibility to its own websites.

Recommended actions in terms of promotion of web accessibility are:

  • providing clear information and guidelines;
  • supporting training programmes;
  • sharing knowledge and to exchange good practice;
  • acquiring accessible tools and websites;
  • to designate a contact point for web accessibility;
  • to monitor progress.

Context

The information society is part of many European citizens’ daily lives. However, disabled and/or elderly people are still suffering from a lack of accessibility to technology-based products and services.

The question of e-accessibility and web accessibility has gained in political visibility in the last few years, in particular following the 2006 Riga Declaration . It is therefore important to form a common approach in these areas to make the information society accessible to all citizens of the European Union as announced in the Renewed Social Agenda.

ICT infrastructures for e-science

ICT infrastructures for e-science

Outline of the Community (European Union) legislation about ICT infrastructures for e-science

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Information society > Internet Online activities and ICT standards

ICT infrastructures for e-science

Document or Iniciative

Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions – ICT infrastructures for e-science [COM(2009) 108 final – Not published in the Official Journal].

Summary

This Communication aims at developing the infrastructure of information and communication technologies (ICTs), also known as “e-Infrastructures”, in the area of e-science.

The potential of e-Infrastructures

The performance of information technology is constantly improving with regard to computation capacity, storage capacity and network speed. It allows new needs to be met in terms of modelling and simulation in sectors such as research into climate change or targeted healthcare but generates problems when designing e-Infrastructures.

It is therefore necessary to adopt ICTs to each phase of the scientific process, so that researchers can work together efficiently. This adoption will also allow the scope of research to be extended, which should generate, in the long term, a scientific renaissance and contribute to the success of the Lisbon strategy for growth and jobs.

The current position of e-Infrastructures

The European Commission’s Framework Programme for Research and Technological Development has promoted the development and deployment of e-Infrastructures, in order to strengthen scientific excellence, and to promote innovation and industrial competitiveness.

 GEANT is the world’s largest multi-gigabit communication network for researchers and educators. In Europe, GEANT is widely used and connects 34 National Research and Education Networks (NRENs).

E-science grids (devoted to subjects such as high-energy physics and bioinformatics) are also present in Europe, in particular through EGEE which operates a multi-disciplinary grid with over 80 000 computers on 300 sites in 50 countries worldwide.

Scientific data necessitates new tools and methods. Projects are being developed in Europe so that all scientific content resources are accessible through e-Infrastructure services.

A new supercomputer infrastructure has been identified by ESFRI as a priority to improve European scientific performance and meet socio-economic challenges. The combined action of Member States and the Commission will generate the creation of PRACE, a new European e-Infrastructure dedicated to high-performance computing.

Global Virtual Research Communities are growing fast, which is opening up new perspectives for collaboration in the field of research on a worldwide scale.

European strategy for e-Infrastructures

The Commission proposes a renewed strategy to meet the challenges of e-science for 2020 and beyond. Three interrelated vectors are key to this strategy:

  • attaining worldwide leadership in e-science;
  • establishing e-Infrastructures;
  • exploiting these e-Infrastructures in order to promote innovation.

GEANT must continue to increase its performance in collaboration with NRENs, so as to facilitate access to resources and equipment for researchers, educators and students. Both developed and developing regions must be covered. In this regard, Member States must prioritise the use of GEANT as an experimental platform.

Industry is to be invited to use European e-Science grids. To this end, Member States must develop National Grid Initiatives (NGIs). The European Commission plans to facilitate interaction between European e-Science grids and global grids.

Access to scientific information must be improved by developing data-centric science. Member States thus have a duty to invest in the field of scientific data infrastructures and exchange best practice.

A new generation of supercomputing facilities must be implemented. The European Union must comply with the ESFRI objectives which aim to achieve peta-flop performance by 2010 and move towards exa-scale computing in 2020. Research and development in software and hardware must therefore be intensified so as to implement supercomputers. The preparatory work carried out by PRACE is a starting point for Member States that are also invited to invest in associated research fields. In the mid-term, the Commission will prepare a European scientific agenda in the field of supercomputing, covering the components, systems, software and services required.

Member States are also requested to fully exploit infrastructures to serve science and research. The objective is to host global virtual research communities.

Context

A new vision for the European Research Area based on the free movement of knowledge (the “fifth freedom”) was defined at the 2008 Ljubljana Council meeting. Moreover, the Aho Report of May 2008 highlighted the importance of developing infrastructures that would allow e-science to be disseminated. This indeed represents a new scientific revolution. It is essential for the European Union to be at the cutting edge of innovation in this field.

Internet of Things

Internet of Things

Outline of the Community (European Union) legislation about Internet of Things

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Information society > Internet Online activities and ICT standards

Internet of Things

2 emissions through the development in particular of health monitoring systems, connected trees and cars. The interconnection of physical objects will generate a genuine paradigm shift for society.

Document or Iniciative

Communication of 18 June 2009 from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions – Internet of Things: an action plan for Europe [COM(2009) 0278 final – Not published in the Official Journal].

Summary

This Communication presents the perspectives and challenges for the development of the Internet of Things (IoT).

Definition and existing applications of IoT

IoT is composed of a series of new independent systems operating with their own infrastructures which are partly based on existing Internet infrastructures. IoT can be implemented in symbiosis with new services. It covers three types of communication which can be established in restricted areas (‘intranet of things’) or made publicly accessible (‘Internet of things’):

  • things-to-person;
  • thing-to-thing;
  • Machine-to-Machine (M2M).

IoT currently covers several applications such as:

  • web-enabled mobile phones equipped with cameras;
  • unique serial numbers or bar-codes on pharmaceutical products;
  • smart electrical metering systems which provide a consumption report in real time;
  • ‘intelligent objects’ in the logistics sector (eFreight), manufacturing or retail.

The challenges of public governance

According to the European Commission, policymakers should also participate in the development of IoT alongside the private sector. Some challenges are indeed policy-related, as highlighted by the World Summit on the Information Society, which encourages IoT governance designed and exercised in a coherent manner with all the public policy activities related to Internet Governance.

Many questions concerning the implementation of the connection of objects arise such as:

  • object naming;
  • the authority responsible for assigning the identifier;
  • ways to find information about the object;
  • how information security is ensured;
  • the ethical and legal framework of IoT;
  • control mechanisms.

Faced with these challenges, the Commission proposes to prepare a set of principles underlying the governance of IoT, as well as a decentralised management structure.

Principles underlying the governance of IoT

The development of IoT must not take place to the detriment of privacy and personal data protection. In this regard, the Commission intends to publish a Communication on privacy and trust in the information society, as well as launching a debate on the freedom for individuals to disconnect from a network at any time.

In order to safeguard information security, the Commission proposes to step up monitoring and protection of critical information infrastructure.

Regarding standardisation, the Commission considers it sensible to take advantage of the deployment of Ipv6, making it possible to directly address objects. The Commission also intends to assess existing standards mandates which may include some issues related to IoT, or create others if necessary.

In the field of research and development, IoT represents a considerable challenge, insofar as it is related to wide societal problems. In this regard, the Commission will fund research projects in the field of IoT under the Seventh Framework Programme. Furthermore, IoT may also have a role to play in the four public-private partnerships set up by the Commission in the following areas:

  • ‘green cars’;
  • ‘energy-efficient buildings’;
  • ‘factories of the future’;
  • ‘Future Internet’.

These research activities are to be supplemented by the launch of pilot projects under the Competitiveness and Innovation Framework Programme (CIP). These pilots should help to promote activities related to e-health, e-accessibility, climate change, or helping to bridge the digital divide.

The international aspect is also essential, insofar as the Commission intends to intensify dialogue with its international partners in order to establish benchmarks for common principles in the field of IoT.

Waste recycling should be facilitated by the implementation of IoT through tags which will make objects easier to distinguish during the process.

The Commission is currently concentrating its work more particularly on the availability of appropriate radio spectrum resources and on electromagnetic fields.

Context

The Internet has reached a turning point in its development. A network of interconnected computers is to evolve into a network of interconnected objects such as books, cars or electrical appliances. Although IoT is not yet actually implemented, this Communication gives an indication of the technology to come over the next 15 years.

This summary is for information only. It is not designed to interpret or replace the reference document, which remains the only binding legal text.

Internet governance: the next steps

Internet governance: the next steps

Outline of the Community (European Union) legislation about Internet governance: the next steps

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Information society > Internet Online activities and ICT standards

Internet governance: the next steps

Document or Iniciative

Communication from the Commission to the European Parliament and the Council of 18 June 2009 – Internet governance: the next steps [COM(2009) 277 final – Not published in the Official Journal].

Summary

This Communication gives details of existing Internet governance systems and future action in this field.

Internet: architecture and operation

Internet stems from the world of academia and research. Originally, governance was established on a closed model, carried out by engineers and scientists.

Over time, the architecture has gradually opened up, to the benefit of new stakeholders and individual users.

The Internet is now based on an open architecture which is neutral and distributed. This structure constitutes an advantage in terms of security since any localised failure is less likely to interfere with traffic elsewhere.

The private sector has been in the forefront since the Internet began. It provides the investment, expertise and entrepreneurial initiative which foster innovation. The private sector operates most of the international backbone infrastructure, the national cable networks, and provides services that facilitate and manage traffic.

The IETF (Internet Engineering Task Force), a private body, has developed certain technical rules for the functioning of the Internet. RIPE NCC, another private entity, is responsible for assigning IP addresses at regional level.

The role of governments

Given the increasing role of the Internet in society, it is important that governments play a more active role in its development process.

The financial crisis of October 2008 has also changed public attitudes towards the concept of self-regulation. The public now aspires to more involvement on the part of public authorities in promoting the public interest.

However, the private sector must continue to play its role with regard to the daily management and development of the Internet.

The role of the European Union (EU)

The EU has been at the forefront of the discussions on Internet governance, particularly at the World Summit on the Information Society (WSIS) between 2003 and 2005.

The EU was also a leading actor in the international discussions which contributed to setting up the Internet Corporation for Assigned Names and Numbers (ICANN).

The EU also highlights the importance of bridging the ‘digital divide’ and taking into account the interests of users in developing countries in Internet governance arrangements.

The EU puts forward the following key principles concerning Internet governance:

  • the core architecture should be respected;
  • the private sector should retain a leading role;
  • there should be multi-stakeholder participation;
  • governments should participate more actively;
  • inclusion should be a basic principle.

Assigning Internet names and addresses

The coordination of resources with regard to names and addresses is a key element in the functioning of the Internet. Originally, the IANA (Internet Assigned Numbers Authority) was responsible for assigning Internet names and addresses.

Given the development of the Internet, the American government decided, in the late 1990s, to contract some of the services provided by IANA from ICANN. This organisation operates according to the principle of self-regulation, whilst being responsible to the international community.

The American government agreement with ICANN ended in 2006, replaced by the JPA (Joint Project Agreement (pdf ).

ICANN succeeded in maintaining the stability of the Domain Name System for ten years and encouraged a participative decision-making process. However, some criticisms were made concerning its lack of representativeness and its monopolistic tendencies.

The next steps

The Commission encourages international partners to promote intergovernmental cooperation and dialogue in order to implement public policy principles in cooperation with the EU.

ICANN is also encouraged to complete its internal reforms in order to improve its transparency. It is, moreover, necessary that multilateral accountability should apply to ICANN.

Context

Internet governance is an absolute priority in terms of public policy. The EU has a leading role to play since it includes nearly 19 % of the world’s Internet users.

This summary is for information only. It is not designed to interpret or replace the reference document, which remains the only binding legal text.

ICT standardisation: modernisation and the way forward

ICT standardisation: modernisation and the way forward

Outline of the Community (European Union) legislation about ICT standardisation: modernisation and the way forward

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Information society > Internet Online activities and ICT standards

ICT standardisation: modernisation and the way forward

Document or Iniciative

Commission White Paper of 3 July 2009 – Modernising ICT Standardisation in the EU: the Way Forward [COM(2009) 324 final – Not published in the Official Journal].

Summary

This White Paper presents various proposals aimed at modernising European Information and Communication Technology (ICT) standardisation policy. This modernisation should allow the needs of industry and society to be met more appropriately.

Why modernise ICT standardisation policy?

In order to ensure that quality ICT standards are developed, it is important that these standards and standardisation procedures meet certain requirements. The European Commission proposes to use the criteria established by the World Trade Organization (WTO) in order to define a list of attributes that ICT standards should fulfil. In particular this list should include openness and transparency, as well as standards covering neutrality, maintenance and intellectual property rights.

The use of ICT standards in public procurement

Public procurement is regulated by Directive 2004/18/EC which allows technical standards to be used in public procurement. Decision 87/95, which lays down EU standardisation policy in the field of ICT, provides guidance for public procurement of ICT systems. This Decision is now considered to be outdated insofar as it only takes into consideration products and not the services and ICT applications that are used today.

The Commission therefore proposes to amend Decision 87/95 and adapt it, as regards public procurement in the field of ICT, to the current needs of the ICT sector.

Fostering synergy between research, innovation and standardisation

Establishing standards in the field of ICT should facilitate the translation of research results into practical applications. In order to do this, the issue of standardisation should be taken into account at an early stage in the research cycle.

The Commission would like to see closer collaboration between European Technology Platforms and standard setting organisations.

Intellectual property rights

ICT interoperability is one of the features of the current technological environment. In this context, taking into account the protection of intellectual property rights (IPR) when establishing ICT standards is essential. Establishing standards should not however hinder free competition.

The Commission proposes that standard setting organisations in the field of ICT should implement clear and non-discriminatory policies with respect to IPR which guarantee competition. The Commission also suggests that standard setting organisations consider a declaration of the most restrictive licensing terms, in particular stating maximum royalty rates prior to a standard being adopted.

Integration of fora and consortia

Current European standardisation policy only takes into account standards established by European Standardisation Organisations (ESOs). Increasingly however, ICT standards are established by fora and consortia (e.g. standards relating to Internet protocols established by IETF or web accessibility guidelines produced by W3C). The Commission now wishes to see better cooperation between these ICT fora and consortia and the ESOs.

The Commission also considers it necessary to authorise the use of standards established by fora and consortia in order to fill specific standardisation gaps.

Enhancing dialogue and partnership with stakeholders

Decision 87/95 establishes a Committee: the Senior Officials group on standardisation in the field of Information Technology (SOGITS). This group is responsible for assisting the Commission in implementing the Decision and may extend invitations to experts. However, until now its success has been relatively limited.

The Commission wishes to replace the SOGITS Group by a platform bringing together all stakeholders concerned by ICT standardisation policy. This organisation would be based on the model of the ICT Standard Board (ICTSB) whose function and current composition the Commission wishes to review.

Context

ICT represents a key industrial sector in the 21st century. In 2007, the European ICT industry had a turnover of EUR 670 billion and accounted for over 5 % of employment. European ICT nevertheless requires a clear standardisation framework which will foster competitiveness and innovation.

This summary is for information only. It is not designed to interpret or replace the reference document, which remains the only binding legal text.

Information security

Information security

Outline of the Community (European Union) legislation about Information security

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Information society > Internet Online activities and ICT standards

Information security

Document or Iniciative

Council Decision 92/242/EEC of 31 March 1992 in the field of information security.

Summary

This decision approves action in the field of security of information systems. This action includes two components:

  • setting up an action plan for an initial 24-month period. An amount of ECU 12 million is considered necessary to implement the action for an initial period of twenty-four months;
  • setting up a Senior Officials Committee with a long-term mandate to advise the Commission on action to be undertaken in the field of the security of information systems.

Action Plan

The action plan shall have as its objective the development of overall strategies aiming to provide users and producers of electronically stored, processed or transmitted information with appropriate protection of information systems against accidental or deliberate threats.

The action plan shall be implemented in close collaboration with the sector actors. It shall take into account and complement the world-wide standardisation activities under way in this field.

It shall include the following lines of action:

  • development of an information security strategy framework;
  • identification of user and service provider requirements for the security of information systems;
  • solutions for immediate and interim needs of users, suppliers and service providers;
  • specifications, standardisation and verification of information security;
  • technological and operational developments for information security within a general strategy;
  • provision of security of information systems.

Details of the action plan are set out in the annex to the Decision.

Committee

The Committee is consulted by the Commission systematically on issues relating to the security of the information systems for the various activities carried out by the Community, in particular on the definition of work strategies and programmes.

References

Act Entry into force Deadline for transposition in the Member States Official Journal
Decision 92/242/EC 31.03.1992 OJ L 123 of 31.03.1992

Related Acts

COMBATING COMPUTER-RELATED CRIME

Council Framework Decision 2005/222/JHA of 24 February 2005 on attacks against information systems [Official Journal L 69 16.03.2005].
This framework decision aims to strengthen judicial cooperation on criminal matters relating to attacks against information systems by developing tools and effective procedures.

Communication of the Commission to the Council, the European Parliament, the Economic and Social Committee and the Committee of the Regions: creating a Safer Information Society by Improving the Security of Information Infrastructures and Combating Computer-related Crime [COM(2000) 890 final – not published in the Official Journal].

EUROPEAN NETWORK AND INFORMATION SECURITY AGENCY (ENISA)

Regulation (EC) No 460/2004 of the European Parliament and of the Council of 10 March 2004 establishing the European Network and Information Security Agency.

In order to guarantee the highest degree of security to users, the EU is equipped with a European network and information security agency ENISA.The aim of creating ENISA first and foremost is to enhance the ability of the Union, the Member States and the business sector to address and to respond to network and information security problems.

Strategy for a secure information society

Strategy for a secure information society

Outline of the Community (European Union) legislation about Strategy for a secure information society

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Information society > Internet Online activities and ICT standards

Strategy for a secure information society (2006 communication)

Document or Iniciative

Communication from the Commission of 31 May 2006: A strategy for a Secure Information Society – “Dialogue, partnership and empowerment” [COM(2006) 251 final – not published in the Official Journal].

Summary

Community action: overview

Up to now, the European Commission has tackled security issues in the Information Society by adopting a three-pronged approach embracing:

  • specific network and information security measures;
  • the regulatory framework for electronic communications and, in particular, the Directive on privacy and electronic communications;
  • the fight against cybercrime.

Community measures in this area also include:

  • European programmes devoted to research and development – the 7th Framework Programme will help reinforce security-related research by establishing a European Security Research Programme;
  • the Safer Internet programme, which promotes safer Internet usage and aims to protect end-users against undesirable content.
  • involvement in international forums addressing these topics, such as the Organisation for Economic Co-operation and Development, the Council of Europe and the United Nations. At the world summit on the Information Society, held in Tunis in November 2005, the European Union (EU) strongly supported the discussions on the availability, reliability and security of networks and information.

In 2004, the Community established the European Network and Information Security Agency (ENISA). ENISA’s mission is to help increase network and information security within the Community and to promote the emergence of a culture of network and information security for the benefit of citizens, consumers, businesses and public sector organisations.

These measures and initiatives are to a large extent interdependent and involve many different stakeholders, and so a coordinated strategy is called for. This Communication sets out such a strategy for developing a coherent, holistic approach to network and information security.

KEY CHALLENGES

Despite the efforts already made, security continues to pose challenges to public bodies, businesses and private users alike. The risks are often underestimated even though the relevance of information and communication technologies (ICT) for the European economy and European society as a whole is undeniable. Furthermore, other critical infrastructures are also becoming more and more dependent on the integrity of their respective information systems.

Attacks on information systems

Attacks on information systems are increasingly motivated by financial profit. Personal data are illegally mined without the user’s knowledge, while the number of malware variants is increasing rapidly, as is the rate at which they are evolving. For example, spam is now used as a vehicle for spreading viruses and spyware.

Use of mobile devices

The increasing deployment of mobile devices (including 3G mobile phones, portable videogame consoles, etc.) and mobile-based network services poses new threats to security. These threats could turn out to be more dangerous than attacks on PCs as the latter already have a significant level of security.

Advent of “ambient intelligence”

Another significant development in the Information Society is the advent of “ambient intelligence”, where intelligent devices supported by computing and network technology will become a ubiquitous part of everyday life in the near future. This development brings with it many opportunities, but it will also create additional security and privacy-related risks.

Raising awareness of users

In order to successfully tackle the problem of underestimating the risks, all stakeholders need reliable data on security incidents and trends.

At the same time, it is important that awareness programmes designed to highlight security threats do not undermine the trust and confidence of consumers and users by focusing only on the negative aspects of security. Network and information security should be presented as a virtue and an opportunity rather than as a liability and a cost.

THE PROPOSED APPROACH

In order to tackle the challenges presented by network and information security, the Commission proposes an approach which is based on dialogue, partnership and empowerment.

Dialogue

The Commission proposes a series of measures designed to establish an open, inclusive and multi-stakeholder dialogue:

  • benchmarking exercise for national policies relating to network and information security. This should help identify the most effective practices so that they can then be deployed on a broader basis throughout the EU. In particular, this exercise will identify best practices to improve awareness among small and medium-sized enterprises (SMEs) and citizens of the risks and challenges associated with network and information security;
  • a structured multi-stakeholder debate on how best to exploit existing regulatory instruments. This debate will be organised within the context of conferences and seminars.

Partnership

Effective policy making requires a clear understanding of the nature of the challenges to be tackled. This calls for reliable, up-to-date statistical and economic data. Accordingly, the Commission will ask ENISA

  • to build up a partnership of trust with Member States and stakeholders in order to develop an appropriate framework for collecting data;
  • to examine the feasibility of a European information sharing and alert system to facilitate effective responses to threats. This system would include a multilingual European portal to provide tailored information on threats, risks and alerts.

In parallel, the Commission will invite Member States, the private sector and the research community to establish a partnership to ensure the availability of data pertaining to the ICT security industry.

Empowerment

The empowerment of stakeholders is a prerequisite for fostering their awareness of security needs and risks, thus promoting network and information security.

For this reason, Member States are invited to

  • proactively participate in the proposed benchmarking exercise for national policies;
  • promote, in cooperation with ENISA, awareness campaigns on the benefits of adopting effective security technologies, practices and behaviour;
  • leverage the roll-out of e-government services to promote good security practices;
  • stimulate the development of network and information security programmes as part of higher-education curricula.

Private sector stakeholders are also encouraged to take initiatives to

  • define responsibilities for software producers and Internet service providers in relation to the provision of adequate and auditable levels of security;
  • promote diversity, openness, interoperability, usability and competition as key drivers for security, and to stimulate the deployment of security-enhancing products and services to combat ID theft and other privacy-intrusive attacks;
  • disseminate good security practices for network operators, service providers and SMEs;
  • promote training programmes in the private sector to provide employees with the knowledge and skills necessary to implement security practices;
  • work towards affordable security certification schemes for products, processes and services that will address EU-specific needs;
  • involve the insurance sector in developing risk management tools and methods.

COMPLEMENTARY INITIATIVES

The Commission will complement this approach with other initiatives by

  • adopting a Communication on the way in which spam and other threats, such as spyware, is evolving;
  • making proposals for improving cooperation between law enforcement authorities and for addressing new forms of criminal activity – this issue will be the subject of a Communication dealing specifically with cybercrime;
  • creating an action plan to achieve the objectives of the Commission’s Green Paper on the European Programme for Critical Infrastructure Protection;
  • conducting a review of the regulatory framework for electronic communications in 2006.

Background

This Communication follows on from the ” i2010- A European Information Society for growth and jobs ” initiative, which aims to boost the e-economy in Europe. The i2010 initiative highlights the importance of network and information security for the creation of a single European information space.

Related Acts

Communication from the Commission of 1 June 2005: “i2010 -A European Information Society for growth and employment” [COM(2005) 229 final – not published in the Official Journal].

Council Framework Decision 2005/222/JHA of 24 February 2005 on attacks against information systems.

Regulation (EC) No 460/2004 of the European Parliament and of the Council of 10 March 2004 establishing the European Network and Information Security Agency [Official Journal L 77, 13.3.2004].

Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) [Official Journal L 201, 31.7.2002].

Communication from the Commission to the Council, the European Parliament, the European Economic and Social Committee and the Committee of the Regions of 6 June 2001: “Network and Information Security: Proposal for a European Policy Approach” [COM (2001) 298 final – not published in the Official Journal].

Communication from the Commission to the Council of 26 January 2001: “Creating a Safer Information Society by Improving the Security of Information Infrastructures and Combating Computer-related Crime” [COM(2000) 890 final – not published in the Official Journal].