(A.) Policy and legislation
(A.1) Policy objectives
The corona virus has shaken Europe and the world to its core, testing our healthcare and welfare systems, our societies and economies and our way of living and working together.The European Commission is coordinating a common European response to the coronavirus outbreak, aiming in particular at reinforcing our public health sectors and mitigating the socio-economic impact in the European Union.
Digital technologies and data have a valuable role to play in combating the COVID-19 crisis. Those technologies and data can offer an important tool for informing the public and helping relevant public authorities in their efforts to contain the spread of the virus or allowing healthcare organisations to exchange health data. However, a fragmented and uncoordinated approach risks hampering the effectiveness of measures aimed at combating the COVID-19 crisis, whilst also causing serious harm to the single market and to fundamental rights and freedoms.
It is therefore necessary to develop a common approach to the use of digital technologies and data in response to the current crisis. That approach should be effective in supporting competent national authorities by providing them with sufficient and accurate data to understand the evolution and spread of the COVID-19 virus as well as its effects. Similarly, these technologies may empower citizens to take effective and more targeted social distancing measures. At the same time, the proposed approach aims to uphold the integrity of the single market and protect fundamental rights and freedoms, particularly the rights to privacy and protection of personal data.
Mobile devices and their applications can support health authorities at national and EU level in monitoring and containing the ongoing COVID-19 pandemic. They can provide guidance to citizens and facilitate the organisation of the medical follow-up of patients. Warning and tracing applications play an important role in contact tracing, limiting the propagation of disease and interrupting transmission chains. In particular, in combination with appropriate testing strategies and contact tracing, the applications can be particularly relevant in providing information on the level of virus circulation, in assessing the effectiveness of physical distancing and confinement measures, and in informing de-escalation strategies.
In accordance with the principle of data minimisation, public health authorities and research institutions should process personal data only where adequate, relevant and limited to what is necessary, and should apply appropriate safeguards such as pseudonymisation, aggregation, encryption and decentralization.
Effective cybersecurity and data security measures are essential to protect the availability, authenticity integrity and confidentiality of data.
(A.2) EC perspectiveand progress report
With this purpose, the EU Members states with the support of the European Commission are working within the eHealth Network (eHN) to develop common approaches towards protection-effective app solutions that also minimise the processing of personal data, whilst providing for interoperability of the different solutions, including cross-border.
The eHN has issued a first version of a common EU toolbox as well as interoperability guidelines, which includes a first set of essential requirements for such applications, namely that they shall be: - voluntary; - approved by public health authorities; - anchored in accepted epidemiological guidance; - compliant with GDPR/ePrivacy regulations; - based on proximity technology (Bluetooth), not in geolocation technology (GPS); - based on anonymised data; - Interoperable [across the EU]; - [cyber] Secure & effective.The Commission, at the invitation by EU Member States, has set up an EU-wide system to ensure interoperability contact tracing and warning apps – a so-called ‘gateway’.
The pan-European approach for COVID-19 mobile applications by Member States and the Commission considers requirements for accessibility for persons with disabilities as a priority. Specifically, content of tracing apps is recommended to meet the accessibility requirements set out in the transposition legislation of the Web Accessibility Directive, which include reference to Harmonised European Standard EN 301 549 V2.1.2. Also, “Inclusiveness” is acknowledged as a foundational principle not only from a fundamental rights perspective, but also from an effectiveness perspective. Further, it highly encourages the publication/sharing of the source code for the apps supported by the national authorities, as an indicator of effectiveness, in particular in terms of security, auditability and interoperability requirements, as a way to maximise re-use, and also to address the need to enhance both national authorities’ but also citizens’ trust in the proper functioning of the applications and to provide transparency. Independent testing of the applications, access to source code and a policy for vulnerability handling and disclosure are in this respect deemed necessary.
Other technologies, such as blockchain/DLT have also the potential to support effective solution to cope with pandemics and support de-escalation strategies, in particular regarding decentralised and secure access to data. Such solutions shall also comply with EU values and provide for interoperability.
Both EU relevant institutions and bodies (see A.2) and SDOs (see C.1) have developed several works and initiatives. Among the formers, the eHN continues its work to provide further guidelines and recommendations for the different applications and solutions that could help dealing with pandemics and with COVID-19 in particular. These guidelines and recommendations will design new requirements for solutions that could be deployed effectively and operate across the EU whilst responding to the EU pandemic recovery strategies, and respecting the EU values.
The European Recovery Plan focuses on concrete lines of actions: -The European Green Deal as Europe’s sustainable growth strategy; -A deeper and more digital single market, including a deeper digital recovery helping to stimulate competitive innovation and to provide users with greater choice. This will include actions to support strategic digital capacities and capabilities, common European data spaces in key sectors and areas, a fairer and easier business environment in particular for online environment, digitisation of public procurement and justice systems and boosting the EU’s overall cybersecurity; -A fair and inclusive recovery, including reinforcing digital skills for children, students, teachers, trainers and all of us to communicate and work. These lines of actions will require ICT standardisation activities to support their take up and implementation.
With the availability of vaccination and the focus on providing the citizens of Europe with safe and effective vaccines fast, the situation around the pandemic has improved. Moreover, several measures have been taken and need to be continued in order to be prepared in case of any new waves of the Covid-19 pandemic occurring and in case of similar threats occurring in the future.
- Common EU response - overview
- Commission Recommendation (EU) 2020/518 of 8 April 2020 on a common Union toolbox for the use of technology and data to combat and exit from the COVID-19 crisis, in particular concerning mobile applications and the use of anonymised mobility data ()
- Commission Communication 2020/2523 of 16 April 2020 on Guidance on Apps supporting the fight against COVID-19 pandemic in relation to data protection ()
- eHealth Network Guidelines to the EU Member States and the European Commission on interoperability specifications for cross-border transmission chains between approved apps
- COM/2020/112: Coordinated economic response to the COVID-19 Outbreak
- COM/2020/143: Coronavirus Response Using every available euro in every way possible to protect lives and livelihoods
- Commission Communication on the Recovery Plan COM 2020/456: Europe’s moment: Repair and Prepare for the Next Generation
- European Parliament resolution on EU coordinated action to combat the COVID-19 pandemic and its consequences. (2020/2616(RSP)
- European Data Portal:specific section dedicated to COVID-19 related open data and applications:
- Open Data Portal: specific section is dedicated to COVID-19 related open data of the European Institutions and bodies.
- ECDC TECHNICAL REPORT Guidelines for the use of non-pharmaceutical measures to delay and mitigate the impact of 2019-nCoV:
- ECDC TECHNICAL REPORT Contact tracing: public health management of persons, including healthcare workers, having had contact with COVID-19 cases in the European Union
- EDPB - Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak
- eHealth network - Mobile applications to support contact tracing in the EU’s fight against COVID-19 - Common EU Toolbox for Member States and inventory of mobile apps related to COVID-19, Interoperability guidelines for approved contact tracing mobile applications in the EU and other documents in relation to the European gateway for interoperability of tracing applications are available at
- European gateway for interoperability of tracing applications
- Commission Implementing Decision (EU) 2020/1023 of 15 July 2020 amending Implementing Decision (EU) 2019/1765 as regards the cross-border exchange of data between national contact tracing and warning mobile applications with regard to combatting the COVID-19 pandemic
- Regulation (EU) 2021/953 on a framework for the issuance, verification and acceptance of interoperable COVID-19 vaccination, test and recovery certificates (EU Digital COVID Certificate) to facilitate free movement during the COVID-19 pandemic
(B.) Requested actions
(B.1) Actions in support of being better prepared for future waves of COVID-19 or future pandemics
Action 1 SDOs to identify ICT standards available or needs for new ICT standards for improving the processes and management of supply chains for products and services that are critical in the situation of an epidemic or pandemic. This may include standards for supporting the functioning and logistics of the distribution of vaccines, tasks like supply and capacity planning of medical supplies, hospital supplies, but also capacity planning and supply chains for vaccines and other medical equipment. If required, start activities to revise the respective standards, close functional gaps, or to develop new or additional standards to improve logistics and processes.Innovative technologies like AI, telemedicine and Blockchain/DLT may be considered in this context as well.
Action 2 SDOs to develop standards for tracing virus spread and contacts through small, cheap personal devices, respecting security and privacy requirements, easily worn and carried also by the elderly and people with disabilities and interoperable with smartphone apps.
Action 3 SDOs and stakeholders to review ongoing work regarding standards for providing care and assistance (i.e. tele-assistance) to citizens in non-hospital premises. Consider extending available standards or work if required, or starting the development of new standards, in particular for interoperability, security and privacy. Stakeholders should also consider activities on promoting the respective technologies and their uptake for being better prepared in future emergency situations like a pandemic.
Action 4 Healthcare data availability and integration - SDOs to update and, if needed, develop standards addressing the collection, storage of, and access to sensitive personal data. Topics to be addressed may be seen in the context of the European Commission’s data strategy for Europe, e.g. regarding interoperability, portability, APIs, ontology, and for European data spaces, in this case in the area of health. The standards should be fully compliant with EU legislation, in particular GDPR, and give the individual full control regarding usage and access rights.
Action 5 Digital Skills - SDOs to review and update available standards like the eCompetence Framework in order to address a situation like confinement and to better equip citizens with needed digital skills and technologies for use cases like remote working, e-learning and distance learning including in particular online teaching of schools, universities, online exams, training - and in general use cases around the digital transformation including the topic of security and privacy.
Action 6 SDOs and stakeholders to analyse standards for processes and technologies around additive manufacturing and for agile re-focusing of production efforts in case of specific needs in an epidemic or pandemic. This may include development of a reference architecture or architecture and process guidelines.
Action 7 Specifications related to interoperability, where meta-data specifications need to be agreed to identify food suppliers and food supply value chains. As a consequence of the COVID-19 lockdowns, supply chains should be enabled for ‘flexible rerouting’, e.g if global food supply chains are to be replaced with shorter chains for more local suppliers. Retail platforms should be able to instantly discover alternative tracks and resources via ‘metadata discovery’.
Action 8 Prepare a horizontal cross-domain IoT standard, with the specification of minimum requirements on all professional and general public IoT devices, to ensure that the devices themselves can be used according to their initial objectives (e.g. easy installation and configuration) and that the data they provide can easily be understood and acted upon by non-ICT users (e.g. medical teams and their patients in the medical sector, mechanics in the automotive sector, first responders in the emergency sector, etc.). As a basis existing standards like ISO 9241should be used.
Action 9 Analyse whether HL7 FHIR Implementation Guide: Electronic Case Reporting (eCR) may be used or may have to be updated to better support public health surveillance as well as the delivery of relevant public health information to clinical care. This may be important with the adoption and maturing of Electronic Health Records (EHRs) and with Electronic Case Reporting (eCR) providing more complete and timely case data, support disease / condition monitoring, and assist in outbreak management and control. (See http://hl7.org/fhir/us/ecr/index.html)
(C.) Activities and additional information
(C.1) Related standardisation activities
Standards Development Organisations have reacted to COVID-19. Special activities, including concrete technical standards development projects, were started to support any action to help combat the virus, protect people, prepare for coming challenges and support the recovery of the economy.
Many of the ongoing standards projects will naturally assist and support ICT related initiatives, e.g. by providing basic technologies that are used in ICT infrastructures and applications. This includes many of the activities listed in the EU Rolling Plan for ICT Standardisation in general, and in the Rolling Plan chapter on eHealth in particular. As standards are maintained, reviewed and standardisation activites are undertaken, all stakeholders are encouraged to look at possible changes or additions to the standards based on the experience of the current pandemic and requirements for technologies and solutions to assist reacting to the challenges of such an exceptional situation.
The list below provides an overview of Covid-19 focused initiatives that have been undertaken:
The Commission, in particular the JRC Coronavirus Task Force, is collaborating with CEN and CENELEC to prepare a short report listing opportunities and specific standardisation needs in relevant sectors linked to COVID-19 and other pandemics. This will include a stakeholder survey on (1) Existing standards, methodologies, procedures and guidelines relevant to confronting the present and future pandemics; and (2) Standardisation needs according to three different timelines: Short term (less than 1 year), Medium term (between 1-3 years), Long term (more than 3 years).
A CEN-CENELEC COVID-19 Crisis Management Network was established, bringing together national representatives from each Member to facilitate a direct exchange of information between National Standards Bodies and National Committees - a fast tracked response at the European level.
CEN/TC 251 (linked with ISO/TC 215) in relation to DTS 82304-2 “Health Software — Part 2: Health and wellness apps — Quality and reliability” (the DTS that was born also taking as main inputs the Italian UNI/TR 11708 and BSI’s PAS277).
Decentralized Privacy-Preserving Proximity Tracing (DP-3T)
Ecma Technical Committee TC51 works on access systems and information exchange between systems and developedECMA-417, whichspecifies the architecture for a distributed real-time access system takingintoaccount manytechnologies.This includesthe layer concept of the system, thefunctionalities of each layer and the interfaces. ECMA-417 3rd edition (also published as ISO/IEC 24643) introduces vaccine passports as additional examples of complicated authentication.
EP eHealth acts as coordinating body for ETSI’s wider response and management of standards for eHealth.
EP eHealth White Paper: The role of SDOs in developing standards for ICT to mitigate the impact of a pandemic
ISG E4P: “Europe for Privacy-Preserving Pandemic Protection”
The ISG E4P has delivered a set of specifications for proximity tracing systems. The work included the development of backward compatible and interoperable proximity tracing applications to be used to combat pandemics by helping to break virus transmission chains. Activities focus on technical documents to define “Requirements for Pandemic Tracing Systems”, the “Proximity Detection”, and the “Proximity Tracing System”
ETSIReport comparing worldwide COVID-19 contact-tracing systems
TC ATTM SDMC
Standards on the relationship between deployment of ICT systems and implementation of services including COVID-19 and other health related services for cities and communities.
SC USER Group is involved in the analysis of the impact of the lockdown on the use of electronic and numeric tools and is working, in the project «User-centric approach in the digital ecosystem» on the Smart Identity which may be a significant improvement for the personal data and access to services.
Central websites set up informing about specific projects around COVID-19.
ISO/HL7 10781:2015 Health Informatics — HL7 Electronic Health Records-System Functional Model, Release 2 (EHR FM); also EN ISO 10781:2015
Voting on release 2.1 currently in progress in HL7.
Further updating may be done to improve the functional requirements to support the needs of RWD(real-world-data)-based pandemic management.
Please replace the IEEE entry in C.1. with the following text (it adds new information, and also streamlines and reorders some of the previously existing information):
Information about IEEE members developing technologies to fight the virus, the resources available from across IEEE, coping strategies from engineers around the world, and opportunities to get involved:
11073 series (Health Informatics): IEEE/ISO 11073 is a family of Health Informatics/ Device Communication for data interoperability and architecture standards intended to support interoperable communications for health care and wellness devices to assist healthcare product manufacturers and integrators create devices and systems for disease management, health and fitness, and independent living. Some are adopted as EN under the EN ISO 11073 series.
Covid-19 opened the conversation and catalyzed a movement towards innovative forms of healthcare monitoring, therapeutics and clinical research in a remote environment while exposing the many unaddressed challenges of utilizing connected technologies. The current pre-standards programs feature multidisciplinary experts from around the globe supporting innovation through open and standardized means for the benefit of equitable, sustainable and protected right to care.
The IEEE SA WAMIII Program develops consensus for solutions to establish stakeholder trust in the use of connected wireless medical devices that have the potential to bring myriad benefits to pharmaceutical manufacturers, patients, and healthcare providers, especially with the pandemic.
Papers on contact tracing from the 2020 21st IEEE International Conference on Mobile Data Management (MDM) are in the proceedings
The IEEE SA Transforming the Telehealth Paradigm: Sustainable Connectivity, Accessibility, Privacy, and Security for All pre-standards activity seeks to address the challenges impeding trust and accessibility of telemetry services and devices for non-urgent care to enable ALL individuals with right to care, protection and privacy of their health and their data.
The IEEE SA Technology and Data Harmonization for Enabling Decentralized Clinical Trials (DCT) pre-standards activity. The goal of the program is to prioritize the areas DCT using DHT (Digital Health Toolkits) standards can accelerate adoption, mitigate risks, and optimize efficiencies with sponsors, regulators, sites, technologists, service providers, patient advocacy organizations, and other relevant stakeholders.
IEEE SA Ethical Assurance of Data-Driven Technologies for Mental Healthcare pre-standards activity. Even prior to the global pandemic, the use of data-driven technologies in mental healthcare was increasing. The use of such technologies also poses a series of well-known ethical, social, and legal risks for matters such as data privacy, explainability of automated decisions, and respect for mental integrity that must be addressed.
IEEE Digital Resilience - Tools and Methods to Support Response and Recovery from Crises pre-standards activity proposes plans to develop a framework that enables communities, villages, cities, regions, and countries to deploy architectures and select standardized technologies so they may address immediate and urgent needs during a crisis without sacrificing the long-term wellbeing and rights of people. Current subcommittees focus on Logistics and Supply Chain, e-Health and Telemedicine, Building Human Digital Resilience, and e-Resilience in Education Systems, etc. https://standards.ieee.org/industry-connections/digital-resilience.html
For more information, please visit https://ieeesa.io/rp-covid-19
Contribution on European Commission recommendation “On a common Union toolbox for the use of technology and data to combat and exit from the COVID-19 crisis, in particular concerning the application mobile applications and the use of anonymized mobility data” https://www.ihe-europe.net/ihe-in-europe/EU-policies
IHE also issued a public call for information about situations where IHE Profiles are used in addressing COVID-19. See https://www.ihe-europe.net/
Several drafts relevant for e-health are developing in ISO, and even if not focused on covid-19, because they started before, they are reported as “affected” by Covid-19.
JTC 1/SC38 NP 5195 Technical requirements of community service system based on cloud computing in major public health emergencies
JTC 1/WG11 NP 5153 Smart City — City Service Platform for Public Health Emergency
JTC 1/SC 41 AHG 23 Study report on IoT Personnel positioning management system (PPMS)
For system, software, data quality models see ISO/IEC 25000 series
Overview page on activities to address Covid19 challenges
Series of webinars providing insights on how the application of digital financial services can help governments and private sector, in emerging economies especially, to implement measures related to social distancing during a lockdown caused by pandemic, e.g. Covid19. The objective is to provide insights on the innovative applications of telecommunications services, digital payments and fintech in addressing COVID-19 triggered social distancing and lockdown as well as to share lessons learned from governments and DFS stakeholders on the measures that they are implementing.
The “United for Smart Sustainable Cities” (U4SSC) is a UN initiative coordinated by ITU, UNECE and UN-Habitat, and supported by other 14 UN bodies to achieve Sustainable Development Goal 11: “Make cities and human settlements inclusive, safe, resilient and sustainable”. A thematic group on“Emergency response of cities to COVID-19”has been recently established to address the urban dimension of cities in response to the COVID-19 pandemic.
Special and regularly maintained and updated website informing about OASIS specifications that can help governments, businesses and projects in the fight against COVID-19.
Pan-European Privacy-Preserving Proximity Tracing - enabling tracing of infection chains across national borders. https://www.pepp-pt.org/
ROBust and privacy-presERving proximity Tracing protocol - protocol for robust and privacy-preserving proximity tracing https://github.com/ROBERT-proximity-tracing/
Clearinghouse for experience and guidelines for people who are suddenly called to avoid travel or meetings, work-at-home or do classes online. Focus on current capabilities and future needs. https://www.w3.org/community/covid-19/
Community Group for achieving the following objectives: (1) to create a repository of already existing Web resources related to covid19 (2) to identify other Web-based initiatives which are on-going (3) to share Web-based initiatives of CG Members in order to get on-board other Members and achieve the maximum impact https://www.w3.org/community/web-vs-covid19/
Covid-19 Credentials Initiative (CCI)
Hosted by Linux Foundation Public Health (LFPH). CCI has adopted an open-standard-based open-source development approach to public health. CCI is looking to deploy and/or help deploy privacy-preserving verifiable credential projects in order to mitigate the spread of COVID-19. The community builds on Verifiable Credentials (VCs), an open standard and emerging technology.
(C.2) Additional information
Small and Medium Entreprises - SMEs (SBS/EuropeanDIGITAL SME Alliance)
Although European SMEs were hit the hardest during this crisis, they played a vital role in combating COVID-19 in different industries. Utilising ICT technologies and standards, many European Digital SMEs have offered their solutions to citizens and enterprises for free, reflecting on European Solidarity during the crisis. Digital SMEs should be supported during the post COVID-19 recovery plan in order to scale up their technologies and be better prepared for future crises. The use of and access to ICT standards enabled Digital SMEs to provide their services. It is important for SMEs to be part of the standardisation making process, i.e actively engaged in drafting of standards, and be perceived as standards makers. Since SMEs are under-represented in this process, SDOs should proactively seeks to engage SMEs and/or take their needs into account.
In the context of contact tracing apps and other technologies to combat COVID-19 or to offer solutions for the recovery phase, standards that define security, privacy, access to and storage of data, and interoperability are important for SMEs. Although SMEs are aware of these solutions, they need to be made aware of ICT standards behind them. These solutions were possible because of ICT standards that supported the backbone for ICT services in smart working, E-learning, e-Health, E-Banking, logistic, smart cities, tourism, and other industries. Therefore, standards are key to access and use new technologies that are made available to SMEs in an open and interoperable way. In addition, there is a need to raise awareness among SMEs on the use of ICT Standards. For example ETSI has already started the ETSI Technology Awareness Roadshow for SMEs. ESOs should initiate standards raising awareness actions towards SMEs.
Not only SMEs need awareness actions, but they also need practical guides for the use of ICT standards. As most SMEs suffer from limited capacities, it is essential for them to have specific and adapted instructions. SMEs associations such as SBS and the European DIGITAL SME Alliance, are well placed to support the development of such SME guides as they did for instance in the ISO27001 Guide for SMEs or the current development of SME Guides on (1) Industrial IoT and (2) Information Security Controls.
Although the effectiveness of deploying technologies, such as tracing applications, has generally not been evaluated, these could be helpful tools to keep pandemics under control and allow a progressive lift of the lockdown. Nevertheless, it then becomes more important than ever to protect the fundamental rights and freedoms of consumers.
Standards can play a fundamental role in not only ensuring the effectiveness of the technology, but in ensuring the entitlement of consumers to data privacy and protection,and in making the technology accessible to consumers of all ages and abilities.
Although the challenges posed by the pandemic are understood, environmental legislation and targets must not be compromised and de-prioritised. The climate emergency poses serious threats and therefore citizens’ health should remain a priority even after the pandemic. This means that post-COVID recovery plans should be based on the Green Deal and help to make the economy become more resilient to such shocks. In fact, environmental laws, taking for example those under the ecodesign framework, not only help the planet but also achieve cost savings and create jobs through innovation, all necessary in the situation we currently find ourselves in.
ETUC policy at European level has been set out in a public letter from the General Secretary to the Presidents of the EU institutions, which states: “Our priority at the moment is to save the enterprises, making sure that they can survive the lockdown and come back to the markets when it will be finished. And to protect the jobs of our members, making sure that those who are suspended from work do not become unemployed, but can keep their job and receive decent income compensation.”
ETUC has established a web resource, at https://www.etuc.org/en/trade-unions-and-coronavirus, with comprehensive links to briefing material at European and national levels.
Digital Europe’s White Paper on “How to relaunch manufacturing in a post-COVID-19 world” inter alia addresses standardisation needs:
ECSO - European Cyber Security Organisation
ECSO Recommendations. Cybersecurity in light of the COVID-19 crisis
COVID-19 CYBERSECURITY RESPONSE PACKAGE - An ECSO Cyber Solidarity Campaign. Updates from the home page:https://www.ecs-org.eu/
The European Data Portal, where Open data from Member States open data portals are referenced, has implemented a specific section dedicated to COVID-19 related open data and applications:https://www.europeandataportal.eu/en/covid-19/overview
Overview on role of open source and robotics in the context of COVID-19: https://opensource.com/article/20/5/robotics-covid19