The International Standards Organisation (ISO) is working on a series of blockchain and DLT standards ISO/TC 307. This week the ISO published a business plan which says the first standards will be released no later than 2021. While it’s enormously time-consuming to develop standards, 3.5 years from now is generations in blockchain years.
The ISO plans to develop a terminology standard no later than 2020. However, some of the most critical aspects don’t yet have timeframes, because the requirements need further definition. These include security, privacy, identity, and interoperability.
The standards are:
- Terminology and concepts (2020)
- Overview of privacy and personally identifiable information protection (no date)
- Security risks and vulnerabilities (no date)
- Overview of identity (no date)
- Reference architecture (2021)
- Taxonomy and Ontology (unclear)
- Legally binding smart contracts (2021)
- Overview of and interactions between smart contracts in blockchain and DLT systems (no date)
Pretty much every industry is crying out for standards. People are starting to realize that interoperability isn’t just optional, it’s critical. That interoperability is at many levels. The most important is probably data definitions, and some industries already have that covered. Think ACORD for insurance and GS1 for logistics and retail.
Then there’s interoperability between different technologies such as Hyperledger Fabric, R3’s Corda, and Ethereum. One of the issues is that each protocol is fundamentally different in how they define permissions. Translating one to the other is risky.
There’s a proliferation of consortia. Having many consortia in the same industry doing the same thing kills the network effects that blockchain promises. For now, each consortium can argue they have a different approach. With standardization, that rationale is less valid.
On the technical front, there need to be standard technical implementations and architectures. There’s too much reinventing the wheel at the moment. This is referring to project applications as opposed to technological innovations.
Jeremy Millar a board member of the Enterprise Ethereum Alliance (EEA), recently made a powerful case for the urgency of standards. A key argument was the increasingly rapid adoption of new technologies.
The report identified many risk factors that could impact the completion of the standards and their adoption. Two general risks of note are the lack of availability of experts and consensus issues. Experts in this sector are very busy. By consensus, the ISO is referring to getting agreement on a standard from diverse geopolitical and market interests.
They identified numerous blockchain industry-specific factors. Below are just some highlights.
Firstly, open source projects may have no interest in standards. That would certainly apply to some segments of the community, but less so the permissioned ones used by industry. And the Enterprise Ethereum Alliance has already produced their reference architecture.
A second concern is that industries will roll their own standards resulting in duplication and conflict. If the ISO’s target date is 2021, this scenario is extremely likely. The whole purpose of BiTA is to create standards in the transport industry.
Thirdly the blockchain industry is fragmented and trying to address a diverse range of problems. Plus there’s a lot of dependency on other technologies. So the ability to create standards that make everyone happy and don’t conflict with existing standards will be tricky.
Fourthly, there are legal implications of smart contracts. Hence creating a cross-jurisdictional standard may be insurmountable. No matter what the ISO produces, it’s not a global legislative body. Perhaps the focus should be more technical for smart contracts.
Finally, the ISO included a controversial caveat that blockchain or DLT may not be able to support the high transaction rates of IoT and financial trading.
Background and business environment
The ISO report acknowledged that blockchain and DLT are still immature, but also that it’s progressing rapidly and industry needs standards quickly. Arguably the demand is urgent because many different organizations and consortia are creating their own standards.
The fact that blockchain is interoperable with separate technologies means that any blockchain standards will depend on other ISO standards. These related standards include cloud computing, industry messaging, security, identity, risk, governance, and financial instruments.
Plus there are also standards that are outside of the ISO’s remit. These are from the International Telecommunication Union (ITU) and the International Electrotechnical Committee (IEC). The ISO acknowledged that other bodies also have standards that are relevant to blockchain. These include the IETF, OASIS, and W3C.
The standards body recognizes that many blockchain implementations already exist. Some are at scale, particularly in Asia. Plus blockchain applies to many different sectors. Hence any standards have to be sufficiently flexible. There is also a diverse range of stakeholders including governments; many industries but especially finance and technology; through to consumers and citizens.
Several globally significant regulations impact blockchain. These include the EU’s GDPR, and two EU directives that are based on G20 requirements: the Payment Services Directive and Anti-Money Laundering Directive. On the legal front, the impact of smart contracts is an issue to address.
With all these diverse inputs, developing standards is hard.
The ISO outlined the benefits of developing standards. Ledger Insights roughly divided them into three groups.
- unified terminology
- interoperability between different ledger technologies and other technologies
- improved security and privacy
- enabling compatibility between tech and legal frameworks
- reduced implementation cost
- removing barriers to entry (lack of standards is a barrier)
- reduce the risk of locking-in to non-standard approaches
- aid the assessment of blockchain quality
- for service providers, increase trust and reputation
- support of innovation, competition, governance, development and growth, especially cross-organization and cross-border
- increased understanding
- potential use case references or repository
- increased adoption
- increased investment in blockchain
Participation in developing these blockchain standards is heavily biased towards Europe in particular as well as North America and Asia-Pacific. Grouping Russia as part of Europe for these purposes might ruffle a few feathers given current political tensions.
The ISO noted that Estonia is not included and they’re encouraging participation. The Estonian government has already deployed active blockchain projects. Plus Guardtime is a significant player and based in Estonia. So the country could make a significant contribution.
While creating blockchain standards is a Herculean undertaking, timing is critical. With a late-2021 publication deadline industries may conclude they need to roll their own.