European Union: Digital Single Market Update: Technology Standardization In The EU

Last Updated: 23 October 2018
Article by Wolfgang Schönig, Holger Kastler and Alistair Maughan

ICT standardization is a key part of the European Union's package of measures designed to improve Europe's competitiveness and productivity. As part of the EU's Digital Single Market (DSM) initiative, the European Commission has been working on common ICT standards that would ensure the interoperability of digital technologies, services, and devices.

The Commission has laid out a two-pronged plan of action. First, it plans to set standards in relation to core technologies such as 5G, the Internet of Things, Cloud Services, and Cybersecurity. Second, it will propose a series of measures to align research & development results with the new standards, and to improve collaboration between standard-setting organizations in Europe and internationally.

This Alert describes the current status of the Commission's action plans for more ICT standardization.


Standardization in the ICT sector is important both for software and hardware developers because it covers areas such as data management and interoperability as well as security of smart devices.

The EU believes that the constant emergence of new services, applications, and technologies necessitates a higher degree of interoperability between systems – on the basis that interoperability is essential to allow businesses and consumers to mix and change suppliers. The Commission wants to enforce more standardization in key areas to help deliver greater interoperability (and, ideally, without compromising innovation).

The Commission has encouraged businesses operating in the EU to get involved in various standards-related organizations, and to participate in the newly-created platform on European standardization.

Any business operating in the ICT sector should focus at least on awareness of the EU's standardization plans. For entities that want involvement and influence, there are plenty of opportunities to participate in open forums and standards-setting organizations.


The European Commission launched its Digital Single Market (DSM) strategy in May 2015. We have written a number of articles following the DSM's progress: on its inception, one year in, and in 2017 following a mid-term review. The DSM strategy consists of three "pillars" and 16 "Key Actions".

As far back as 2011, the Commission set up the European Multi Stakeholder Platform on ICT standardization (MSP) to advise on matters relating to the implementation of ICT standardization, including:

  • identification of potential future standardization needs in support of European legislation, policies, and public procurement; and
  • cooperation between ICT standards-setting organizations like the European Standardization Organizations (ESOs) or Standards Developing Organizations (SDOs).

The MSP is composed of national authorities' representatives from EU Member States and EFTA countries, European and international ICT standardization bodies, stakeholder organizations that represent the industry, small and medium-sized enterprises (SMEs) and consumers. It meets quarterly.

Since standards in general are voluntary, European standardization became the subject of EU legislation in 2012 – Regulation 1025/2012 of 25 October 2012 (European Standardization Regulation). It sets the legal framework in which the actors in standardization operate.

The European Standardization Regulation was set up to:

  • establish rules with regard to cooperation between European standardization organizations (e.g., European Committee for Standardization (CEN), the European Committee for Electrotechnical Standardization (Cenelec), and the European Telecommunications Standards Institute (ETSI)), national standardization bodies (e.g., Deutsches Institut für Normung (DIN) in Germany), Member States of the EU, and the Commission;
  • establish European standards and European standardization deliverables for products and services in support of EU legislation;
  • identify ICT technical specifications eligible for referencing; and
  • finance stakeholder participation in European standardization.

Under the European Standardization Regulation, annual work programs exist to identify strategic priorities for European standardization. Those programs will indicate the European standards and European standardization deliverables that the Commission intends to request from the various European standardization organizations. The Commission may even request one or several organizations to draft a European standard within a set deadline. In urgent cases, the Commission is allowed to issue standardization requests without prior notification in the annual work program. The annual work programs are available on the website of the Commission and provide a helpful guide that outlines what to expect in terms of new laws and regulations.

To bring the prior standardization programs within the DSM, in April 2016 the Commission adopted a Communication on ICT Standardization Priorities for the Digital Single Market (the Communication). This Communication builds on the European Standardization Regulation and proposes to prioritize ICT standardization as the cornerstone of its DSM strategy in order to support Europe's role in the global digital economy. The Commission sets out five priorities as the building blocks of ICT standards-setting that should increase competitiveness and help European technology businesses better access the global market.

Key Activities

The Commission identified the following five priority areas of ICT standards-setting:

  • 5G Communications
  • Cloud Computing
  • (Big) Data Technologies
  • Internet of Things (IoT)
  • Cybersecurity

These five key priority areas were chosen by the MSP and backed up by a public consultation. The Commission wants to increase competitiveness of European companies and innovators in these areas through stronger European leadership in the process of standards-setting.

1. 5G Communications

Priorities in this area include, among others, new radio access technologies. With regard to new radio access standards, the priorities are on backward compatibility with the existing xG ecosystem and improving spectrum efficiency usage in line with the existing EU spectrum policy.

The Commission plans to foster the emergence of global industry standards under EU leadership for key 5G technologies through the exploitation of the 5G public-private partnerships results at the level of key EU and international standardization bodies such as the 3rd Generation Partnership Project (3GPP), the International Telecommunication Union (ITU), and the Open Platform for Network Functions Virtualization (OPNFV).

Further, the Commission wants to ensure that 5G standards are compatible with innovative use cases of vertical markets (e.g., automotive, health, and manufacturing industries), notably through broader participation of industries with sector-specific needs in 5G standardization organizations.

2. Cloud Computing

The EU believes that proprietary solutions, purely national approaches, and standards that limit interoperability would severely hamper the potential of the DSM. Therefore, the Commission notes that the take-up of cloud computing services by businesses, consumers, public administrations, and the scientific sector requires not only seamless and user-friendly access, but also trust and confidence, particularly regarding cloud providers' compliance with appropriate levels of data protection, security, and service levels.

Hence, the Commission intends to support funding for the development and use of ICT standards to further improve the interoperability and portability of cloud technologies. More specifically, the Commission wants to make more use of open-source elements by better integrating open source communities into SDOs' standards-setting processes.

The Commission also maintains its long-standing goal of facilitating the adoption of cloud computing services through the use of international standards on service level agreements (SLA). In addition, the Commission has proposed that ESOs should update the mapping of cloud standards and guidelines for end users (especially SMEs and the public sector).

3. (Big) Data Technologies

As many authors, including the Commission, pointed out: "Data is the fuel of the digital economy." For the Commission, efficient sharing and exchange of data across national borders, within "data value chains" (e.g., data exchange on spare parts between vehicle manufacturers and the aftermarket, access to vehicle data for service providers, or ensuring cross-border energy trading) and across sectors (e.g., sharing traffic data with parcel services) is key to the DSM.

That is why the Commission proposed to increase investment in Research, Development & Innovation specifically for data interoperability and standards (including cross-sectoral data integration, e.g., for entity identifiers, data models, multilingual data management, and better interoperability of data and associated metadata). The Commission wants to bring the European data community together, through the H2020 Big Data Value Public-Private Partnership, to identify missing standards and design options for a big data reference architecture. In the field of scientific research, the Commission wants to support data and software infrastructure services for access and long-term preservation of scientific data.

4. Internet of Things (IoT)

The Commission expects the number of connected devices to exceed 20 billion by 2020 and, as a result, the EU needs an open platform approach that supports multiple application areas and cuts across silos to create competitive IoT ecosystems. For this approach, open standards would be required that support the entire value chain, integrating multiple technologies based on streamlined international cooperation and a clear intellectual property rights framework enabling easy and fair access to standard essential patents (SEPs).

That's why the Commission wants to foster an interoperable environment for the IoT, working with ESOs and international SDOs. This will develop consensus under the umbrella of the Alliance for Internet of Things Innovation (AIOTI), targeting reference architectures, protocols, and interfaces, the promotion of open application programming interfaces (APIs), support of innovation activities related to reference implementations and experimentation, and the development of missing interoperability standards. The Commission also wants to promote an interoperable IoT numbering space that transcends geographical limits, and an open system for object identification and authentication. Additionally, the Commission wants to explore options and guiding principles, including developing standards, for trust, privacy, and end-to-end security, e.g., through a "trusted IoT label". Furthermore, the Commission wants to promote the uptake of IoT standards in public procurement to avoid lock-in, notably in the area of smart city services, transport, and utilities, including water and energy.

5. Cybersecurity

The Communication states that "cybersecurity provides the bedrock of trust and reliability on which the [DSM] will be built." According to the Commission, innovative communication technologies, widespread use of smart objects, distributed computing devices, and data services will provide even bigger business and growth opportunities if they are fully integrated into the DSM. Seamless and interoperable secure authentication across objects, devices, individuals, and entities is in fact needed to enable secure and transparent access to and exchange of data. More specifically, new authentication protocols may be required to build trust in seamless electronic identification and authentication, supported by global cross-domain interoperability standards based on comparable authentication schemes.

The Commission wants to invite ESOs, other SDOs, and relevant stakeholders to draw up practical guidelines covering IoT, 5G, Cloud, Big Data, and smart factories. The Commission might consider adopting a Recommendation regarding the integration of cyber security and application of privacy and personal data protection requirements including data protection-by-design and data protection-by-default. In addition, the Commission will invite ESOs and other SDOs and relevant stakeholders to develop standards that support global interoperability and seamless trustworthy authentication across objects, devices, and natural and legal persons based on comparable trust models. Furthermore, the Commission wants to support ESOs, SDOs, European regulators, as well as public-private initiatives, including those in support of the existing Directive 2016/1148 on security of network and information systems (NIS Directive) implementation, in the development of standards-based cybersecurity risk management guidelines for organizations and of corresponding audit guidelines for authorities or regulators with oversight responsibilities.

Next Steps for 2018 and Beyond

European ICT standardization is an on-going project of the Commission, which plans to re-visit the area frequently in the near future in order to adapt to the fast-paced environment of technological changes and current needs of the EU to compete with other industries in a globalized economy.

New technologies, such as distributed digital ledger technologies (blockchain), will gain more priority and become subject to European standardization once the underlying infrastructure becomes more available. Standardization, especially regarding the development of smart homes and smart cities, as well as intelligent transportation systems and advanced manufacturing, is likely to become a key EU priority in the next few years.

The Commission will continue to publish an annual "Rolling Plan on ICT Standardization" with the support of the MSP, and its annual work programs for European ICT standardization. The Rolling Plan reflects on new EU policies and new technologies that need to be incorporated into the ICT standardization process. Currently, the priority activities for a connected DSM include:

  • Quality improvement of fixed and wireless/mobile services, including industrial networks
  • Establishing standards facilitating the development of 5G technological advances in the 26 GHz band (24.25 – 27.50 GHz) and higher mm-wave bands
  • Improvement of railway radio communication systems, the exchange of data for passengers and schedules, and IT security
  • Increase of interoperability and easy data-sharing between operators across value chains, notably on product lifecycle management and logistics.

The Commission also wants to:

  • strengthen the role of CESNI, European Committee for Inland Navigation Standards, for the development of technical standards for inland navigation vessels
  • match European global navigation satellite system products with end-user applications
  • harmonize safety standards for 3D printers, robots, autonomous vehicles, wind turbines, automated machines, and food machines
  • strengthen safety and performance requirements for medical devices and for in vitro diagnostic medical devices
  • update hygiene and safety requirements and test methods for construction products in contact with water
  • support work on the essential requirements for unmanned aircraft.

While standardization generally facilitates marketing of products, new standards and regulatory frameworks may also require better compliance systems and adherence to legal requirements for, e.g., smart devices. It would not come as a surprise if, for instance, the EU follows the United States in establishing a law requiring reasonable security features in all connected devices sold or offered for sale in the EU (for a U.S. perspective, see our MoFo article " New California IoT Law Requires Security for Connected Devices"). It remains important for companies operating in this area (whether emerging companies aiming to develop such technology, or established enterprises digitizing their businesses or rolling out new products) to stay current with legal trends on both sides of the Atlantic.

Digital Single Market

For more information about the Digital Single Market:

Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Morrison & Foerster LLP. All rights reserved

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

In association with
Related Topics
Related Articles
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of

To Use you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions