Digital autonomy through standardization.

Those who set standards determine not only the technical framework of communication, but also the formulability and validity of the content.

In a fully networked world, the categories we use to form a picture of the world are changing. Instead of thinking in terms of people, things, and information flows, the connectivity of the IoT forces us to think in terms of “entities,” units with attributes, attribute values, and relationships. In the IoT, the data spaces of people, things, and situations can overlap. This creates the conditions for new experiences, but also the first small breaches of trust in the authenticity of this new kind of experience. It is also the beginning for the perceived need for shared situational awareness. Recalling that everything is perception and that the choice of a perspective always implies a situational, context-aware and context-based awareness, the creation of a shared situational awareness means that as many participants as possible create a shared reality. A good way to achieve this is through the creation of standards.

According to Thierry Breton, EU Commissioner for the Internal Market, “Technical standards are of strategic importance. Europe’s technological sovereignty, its ability to reduce dependencies and the protection of EU values depend on our ability to set standards worldwide. With today’s strategy, we are clear about our priorities in standardization and are creating the conditions for European standards to become global benchmarks. We are taking action to preserve the integrity of the European standardization process by putting European SMEs and the European interest at the center.” (These are the outlines of Breton’s strategy for standardization:)

According to Gwenole Cozigou, Director for Industrial Transformation and Advanced Value Chains (DG GROW) at the EU Commission, the main issue on the political agenda in the course of future standardization is strategic autonomy. Standardization, she said, is a bottom-up process in which exports support policy. It is a key tool to create open access to thirty national markets with a single solution, he said. Technical sovereignty can be achieved all the more easily if the EU takes the lead on standards.

Standards are also one way to create common situational awareness. Another way is through imaging. Gartner recently predicted that by 2024, 60 percent of the data used for AI and data analytics projects will be synthetic. By 2030, synthetic data will have completely overtaken real data in AI models. As model outputs become increasingly important for decision-making (AI as automation of decision-making), standards for describing high-level concepts and their “meaning,” even reality itself, are absolutely necessary.

This is exactly what the European Commission is currently doing. This was made clear at the recent Brussels conference “European Standardisation in support of the EU Legislation”. There is a comprehensive and rather bold master plan to gain or regain control over the entire digital transformation. Aimed at are new spheres of influence and design – from chips to radio modules, IoT gateways, cloud, blockchain and DLT, data, cybersecurity and AI. Only if we re-engage at all levels, was the conference tenor, is it possible to truly speak of European sovereignty and not just digital sovereignty on terrain that has now become fully hybrid.

In my 2019 text “Welcoming the digital as a new Agora” in the “European Cybersecurity Journal” (Vol. 5 (2019) Issue 2), I wished for a living ecosystem with the best possible balance between extreme centralization of infrastructure, protocols and identity management and extreme decentralization of data, applications and services. Resilience and self-healing properties should serve as radical new concrete functionalities of a digital environment infrastructure. This including readable interfaces to those properties that are important to citizens: Stability, Solidarity, Reciprocity, and Fairness, all in an inclusive sustainable environment. On such a basis, “locality” could be imagined as a centralized protocol of coherent actions that could be fully decentralized. We would move away from democracy as we know it to a new political-democratic system attuned to the reality of what is happening in every sphere of human activity in real time. The utopia of this agora consists of a polity that couples real-time data streams and sensor input, and that places Big Data and analytics at the center of democratic decision-making processes. The goal in the future would be to operate a digital territory, rather than a state or nation, as a service to all.

For the 2023 Standardization Conference, “European Standardization in Support of EU Legislation,” the European standards organizations CEN, CENELEC and ETSI teamed up with ENISA, the EU’s cybersecurity agency. The 2023 conference program included dedicated sessions on standardization activities in areas related to the new EU regulatory framework, including the Cyber Resilience Act, the eIDAS Regulation, the RED Directive, the EU Chip Act, the Data or the AI Act.

My conclusions from the conference in the form of nine reasons why cybersecurity is not under control and a great need for action:

  • Europe does not yet have the access I would like to see.
  • Companies patch too rarely, even when patches are available.
  • Digital transformation is very fast. The EU is pouring billions into digitalization. If this is not accompanied by investment in cyberspace, every euro makes us weaker.
  • IoT projects are growing and growing, 75 billion networked objects in a few years, and this process will not stop.
  • ChatGPT can write malware and phishing emails.
  • Post-quantum encryption is in its infancy in the EU.
  • Cyber becomes strategic when it comes to autonomy and digital sovereignty and protecting and embedding European values. This means that cyber ethics, already important, becomes even more essential. Common EU values are achievable through standardization.
  • The strongly values-based EU vision behind a total of 17 laws, directives and legislation – from NIS2, Cyber Resilience Act, Artificial Intelligence Act to the Chip Act – is designed to be as future-proof as possible, taking into account what businesses and citizens can expect in terms of regulatory burden.
  • When we do certifications, it is because of the important relationship between public and private interests.
  • We need more technological breakthroughs in Europe.


Rob van Kranenburg, CTO, asvin GmbH