The corona virus has shaken Europe and the world to its core, testing our healthcare and welfare systems, our societies and economies and our way of living and working together. The European Commission is coordinating a common European response to the coronavirus outbreak, aiming in particular at reinforcing our public health sectors and mitigating the socio-economic impact in the European Union.
Digital technologies and data have a valuable role to play in combating the COVID-19 crisis. Those technologies and data can offer an important tool for informing the public and helping relevant public authorities in their efforts to contain the spread of the virus or allowing healthcare organisations to exchange health data. However, a fragmented and uncoordinated approach risks hampering the effectiveness of measures aimed at combating the COVID-19 crisis, whilst also causing serious harm to the single market and to fundamental rights and freedoms.
It is therefore necessary to develop a common approach to the use of digital technologies and data in response to the current crisis. That approach should be effective in supporting competent national authorities by providing them with sufficient and accurate data to understand the evolution and spread of the COVID-19 virus as well as its effects. Similarly, these technologies may empower citizens to take effective and more targeted social distancing measures. At the same time, the proposed approach aims to uphold the integrity of the single market and protect fundamental rights and freedoms, particularly the rights to privacy and protection of personal data.
Mobile devices and applications can support health authorities at national and EU level in monitoring and containing the ongoing COVID-19 pandemic. They can provide guidance to citizens and facilitate the organisation of the medical follow-up of patients. Warning and tracing applications can play an important role in contact tracing, limiting the propagation of disease and interrupting transmission chains. Therefore, in combination with appropriate testing strategies and contact tracing, the applications can be particularly relevant in providing information on the level of virus circulation, in assessing the effectiveness of physical distancing and confinement measures, and in informing de-escalation strategies.
In accordance with the principle of data minimisation, public health authorities and research institutions should process personal data only where adequate, relevant and limited to what is necessary, and should apply appropriate safeguards such as pseudonymisation, aggregation, encryption and decentralization.
Effective cybersecurity and data security measures are essential to protect the availability, authenticity integrity and confidentiality of data.
With this purpose, the EU Members states with the support of the European Commission are working within the eHealth Network (eHN) to develop common approaches towards effective app solutions that minimise the processing of personal data, whilst providing for interoperability of the different solutions, including cross-border.
The eHN has issued a first version of a common EU toolbox as well as interoperability guidelines, which includes a first set of essential requirements for such applications, namely that they shall be: - voluntary; - approved by public health authorities; - anchored in accepted epidemiological guidance; - compliant with GDPR/ePrivacy regulations; - based on proximity technology (Bluetooth), not in geolocation technology (GPS); - based on anonymised data; - Interoperable [across the EU]; - [cyber] Secure & effective.
The pan-European approach for COVID-19 mobile applications by Member States and the Commission considers requirements for accessibility for persons with disabilities as a priority. Specifically, content of tracing apps is recommended to meet the accessibility requirements set out in the transposition legislation of the Web Accessibility Directive, which include reference to Harmonised European Standard EN 301 549 V2.1.2. Also, “Inclusiveness” is acknowledged as a foundational principle not only from a fundamental rights perspective, but also from an effectiveness perspective. Further, it highly encourages the publication/sharing of the source code for the apps supported by the national authorities, as an indicator of effectiveness, in particular in terms of security, auditability and interoperability requirements, as a way to maximise re-use, and also to address the need to enhance both national authorities’ but also citizens’ trust in the proper functioning of the applications and to provide transparency. Independent testing of the applications, access to source code and a policy for vulnerability handling and disclosure are in this respect deemed necessary.
Other technologies, such as blockchain/DLT have also the potential to support effective solution to cope with pandemics and support de-escalation strategies, in particular regarding decentralised and secure access to data. Such solutions shall also comply with EU values and provide for interoperability.
The eHN continues its work to provide further guidelines and recommendations for the different applications and solutions that could help dealing with pandemics and with COVID-19 in particular. These guidelines and recommendations will design new requirements for solutions that could be deployed effectively and operate across the EU whilst responding to the EU pandemic recovery strategies, and respecting the EU values.
The European Recovery Plan focusses on concrete lines of actions: - The European Green Deal as Europe’s growth strategy; - A deeper and more digital single market, including a deeper digital recovery helping to stimulate competitive innovation and to provide users with greater choice. This will include actions to support strategic digital capacities and capabilities, common European data spaces in key sectors and areas, a fairer and easier business environment in particular for online environment, digitisation of public procurement and justice systems and boosting the EU’s overall cybersecurity; - A fair and inclusive recovery, including reinforcing digital skills for children, students, teachers, trainers and all of us to communicate and work. These lines of actions will require ICT standardisation activities to support their take up and implementation.
- Common EU response - overview
- Commission Recommendation (EU) 2020/518 of 8 April 2020 on a common Union toolbox for the use of technology and data to combat and exit from the COVID-19 crisis, in particular concerning mobile applications and the use of anonymised mobility data (https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32020H0518&from=EN); (https://ec.europa.eu/commission/presscorner/detail/en/IP_20_626)
- Commission Communication 2020/2523 of 16 April 2020 on Guidance on Apps supporting the fight against COVID-19 pandemic in relation to data protection (https://ec.europa.eu/info/sites/info/files/5_en_act_part1_v3.pdf)
- eHealth Network Guidelines to the EU Member States and the European Commission on interoperability specifications for cross-border transmission chains between approved apps (https://ec.europa.eu/health/ehealth/key_documents_en#anchor0; https://ec.europa.eu/commission/presscorner/detail/en/ip_20_1043)
- COM/2020/112: Coordinated economic response to the COVID-19 Outbreak (https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1455633998284&uri=CELEX:52020DC0112)
- COM/2020/143: Coronavirus Response Using every available euro in every way possible to protect lives and livelihoods (https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1455633998284&uri=CELEX:52020DC0143)
- Commission Communication on the Recovery Plan COM 2020/456: Europe’s moment: Repair and Prepare for the Next Generation (https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1590732521013&uri=COM:2020:456:FIN)
- European Parliament resolution on EU coordinated action to combat the COVID-19 pandemic and its consequences. (2020/2616(RSP)) (https://www.europarl.europa.eu/doceo/document/RC-9-2020-0143_EN.html)
- ECDC TECHNICAL REPORT Guidelines for the use of non-pharmaceutical measures to delay and mitigate the impact of 2019-nCoV: https://www.ecdc.europa.eu/en/publications-data/guidelines-use-non-pharmaceutical-measures-delay-and-mitigate-impact-2019-ncov
- ECDC TECHNICAL REPORT Contact tracing: public health management of persons, including healthcare workers, having had contact with COVID-19 cases in the European Union https://www.ecdc.europa.eu/en/covid-19-contact-tracing-public-health-management
- EDPB - Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak
- eHealth network - Common EU Toolbox for Member States and inventory of mobile apps related to COVID-19 (https://ec.europa.eu/health/ehealth/key_documents_en#anchor0)
- eHealth network - Interoperability guidelines for approved contact tracing mobile applications in the EU (https://ec.europa.eu/health/sites/health/files/ehealth/docs/contacttracing_mobileapps_guidelines_en.pdf)
Actions in support of activities against SARS-CoV-2 and to protect citizens
Action 1.1 SDOs to prepare a comparison of existing pandemic contact tracing systems, applications and other aspects of a pandemic contact tracing system providing the requirements for further standardisation.
Action 1.2 Interoperability of contact tracing apps and devices: Following guidance and requirements published by the European Commission, the guidelines of the eHealth Network (eHN) and from ministerial discussions as well as taking into account regulation on security and privacy, in particular GDPR, SDOs should take a coordinated approach in developing technologically neutral standards for ensuring interoperability between different apps and different application programming interfaces (APIs). This should also allow interoperability between the centralized and decentralized modes of operation. SDOs should further set out the requirements to be observed concerning usability, accessibility, security, data protection and privacy, removal of data as well as cross-border mobility. This action should also take into account already available and ongoing activities and the availability of the standards to be implemented in open source.
Action 1.3 SDOs to prepare a standard for the quality and reliability of COVID-19 apps (track and trace) concerning the criteria which are needed to be able to do a conformity assessment of the app. This could result in a label for consumers or simply information for the public authorities deploying it. As a starting point CEN/CENELEC should consider to what extent the ongoing work on quality of mobile apps can be extended to cover this task.
Action 1.4 SDOs to prepare simple handbooks that describe the normative and informative standards that are relevant in the context of activities to combat and protect against epidemics or pandemics (e.g. also addressing certain sectors (health & wellness apps, for example)) and - in a concerted approach - perform a mapping of of the different normative and informative standards across SDOs.
Actions in support of being better prepared for a second wave of COVID-19 or future pandemics
Action 2.1 SDOs to develop standards for tracing virus spread and contacts through small, cheap personal devices, respecting security and privacy requirements, easily worn and carried also by the elderly and people with disabilities and interoperable with smartphone apps.
Action 2.2 SDOs and stakeholders to review ongoing work regarding standards for providing care and assistance (i.e. tele-assistance) to citizens in non-hospital premises. Consider extending available standards or work if required, or starting the development of new standards, in particular for interoperability, security and privacy. Stakeholders should also consider activities on promoting the respective technologies and their uptake for being better prepared in future emergency situations like a pandemic.
Action 2.3 Identify broader use cases in support of tracking and tracing in pandemic situations and develop the respective minimum requirements or specifications taking into account European regulation and European values. Possible use cases may be immunity passports or antibody testing and registering. The standards might consider the use of innovative technologies such as AI or blockchain as well as self-sovereign and digital identity as the basis for the exchange of sensitive personal information and health data.
Action 2.4 Healthcare data availability and integration - SDOs to update and, if needed, develop standards addressing the collection, storage of, and access to sensitive personal data. Topics to be addressed may be seen in the context of the European Commission’s data strategy for Europe, e.g. regarding interoperability, portability, APIs, ontology, and for European data spaces, in this case in the area of health. The standards should be fully compliant with EU legislation, in particular GDPR, and give the individual full control regarding usage and access rights.
Action 2.5 SDOs to consider whether ICT standards are available or new ICT standards should be developed for improving the processes and management of supply chains for products and services that are critical in the situation of an epidemic or pandemic. This may include tasks like supply and capacity planning of medical supplies, hospital supplies, but also capacity planning and supply chains and capacity planning for vaccines and other medical equipment. Innovative technologies like Blockchain/DLT may be considered in this context as well.
Action 2.6 Digital Skills - SDOs to review and update available standards like the eCompetence Framework in order to address a situation like confinement and to better equip citizens with needed digital skills and technologies for use cases like remote working, e-learning and distance learning including in particular online teaching of schools, universities, online exams, training - and in general use cases around the digital transformation including the topic of security and privacy.
Action 2.7 SDOs and stakeholders to analyse standards for processes and technologies around additive manufacturing and for agile re-focusing of production efforts in case of specific needs in an epidemic or pandemic. This may include development of a reference architecture or architecture and process guidelines.
Action 2.8 Specifications related to interoperability, where meta-data specifications need to be agreed to identify food suppliers and food supply value chains. As a consequence of the COVID-19 lockdowns, supply chains should be enabled for ‘flexible rerouting’, e.g if global food supply chains are to be replaced with shorter chains for more local suppliers. Retail platforms should be able to instantly discover alternative tracks and resources via ‘metadata discovery’.
Action 2.9 Prepare a horizontal cross-domain IoT standard, with the specification of minimum requirements on all professional and general public IoT devices, to ensure that the devices themselves can be used according to their initial objectives (e.g. easy installation and configuration) and that the data they provide can easily be understood and acted upon by non-ICT users (e.g. medical teams and their patients in the medical sector, mechanics in the automotive sector, first responders in the emergency sector, etc.). As a basis existing standards like ISO 9241should be used.
Action 2.10 Analyse whether HL7 FHIR Implementation Guide: Electronic Case Reporting (eCR) may be used or may have to be updated to better support public health surveillance as well as the delivery of relevant public health information to clinical care. This may be important with the adoption and maturing of Electronic Health Records (EHRs) and with Electronic Case Reporting (eCR) providing more complete and timely case data, support disease / condition monitoring, and assist in outbreak management and control. (See http://hl7.org/fhir/us/ecr/index.html)
Actions in support of the recovery of Europe
Action 3.1 Based on the European recovery plan Communication, SDOs should continue or consider special efforts to support the recovery plan, e.g. for supporting industry in identifying standards that are critical for specific sector business, for compliance with regulatory requirements, for integrating technologies, for market access, etc. E.g. simple handbooks or similar compilations may be prepared that contain and describe the normative and/or informative standards that are relevant in a respective sector.
Action 3.2 In supporting the European recovery plan and considering permanent and structural changes in societal and economic life, SDOs should address issues like more teleworking, e-learning, e-commerce, e-government and the potential of developing a universally accepted e-ID - public electronic identity – to allow for simple, trusted and secure access to cross-border digital public services.
Activities and Additional information
Related standardisation activities
Standards Development Organisations have reacted to COVID-19. Special activities, including concrete technical standards development projects, were started to support any action to help combat the virus, protect people, prepare for coming challenges and support the recovery of the economy.
Many of the ongoing standards projects will naturally assist and support ICT related initiatives, e.g. by providing basic technologies that are used in ICT infrastructures and applications. This includes many of the activities listed in the EU Rolling Plan for ICT Standardisation in general, and in the Rolling Plan chapter on eHealth in particular. As standards are maintained, reviewed and standardisation activities are undertaken, all stakeholders are encouraged to look at possible changes or additions to the standards based on the experience of the current pandemic and requirements for technologies and solutions to assist reacting to the challenges of such an exceptional situation.
The list below provides an overview of Covid-19 focused initiatives that have been undertaken:
The Commission, in particular the JRC Coronavirus Task Force, is collaborating with CEN and CENELEC to prepare a short report listing opportunities and specific standardisation needs in relevant sectors linked to COVID-19 and other pandemics. This will include a stakeholder survey on (1) Existing standards, methodologies, procedures and guidelines relevant to confronting the present and future pandemics; and (2) Standardisation needs according to three different timelines: Short term (less than 1 year), Medium term (between 1-3 years), Long term (more than 3 years).
A CEN-CENELEC COVID-19 Crisis Management Network was established, bringing together national representatives from each Member to facilitate a direct exchange of information between National Standards Bodies and National Committees - a fast tracked response at the European level.
CEN/TC 251 (linked with ISO/TC 215) in relation to DTS 82304-2 “Health Software — Part 2: Health and wellness apps — Quality and reliability” (the DTS that was born also taking as main inputs the Italian UNI/TR 11708 and BSI’s PAS277).
Decentralized Privacy-Preserving Proximity Tracing (DP-3T)
EP eHealth acts as coordinating body for ETSI’s wider response and management of standards for eHealth.
EP eHealth White Paper: The role of SDOs in developing standards for ICT to mitigate the impact of a pandemic
ISG E4P “Europe for Privacy-Preserving Pandemic Protection”
The ISG E4P aims to develop a framework and a consistent set of specifications for proximity tracing systems. The work will facilitate the development of backward compatible and interoperable proximity tracing applications to be used to combat pandemics by helping to break virus transmission chains. Activities focus on technical documents to define “Requirements for Pandemic Tracing Systems”, the “Proximity Detection”, and the “Proximity Tracing System”. The work will consider recommendations on Data Protection and Information Security, and the requisite APIs will be developed in compliance with GDPR and EC regulation.
Central websites set up informing about specific projects around COVID-19.
ISO/HL7 10781:2015 Health Informatics — HL7 Electronic Health Records-System Functional Model, Release 2 (EHR FM); also EN ISO 10781:2015
Voting on release 2.1 currently in progress in HL7.
Further updating may be done to improve the functional requirements to support the needs of RWD (real-world-data)-based pandemic management.
Websites with updates about IEEE members developing technologies to fight the virus, the resources available from across IEEE, coping strategies from engineers around the world, and opportunities to get involved in the fight:
11073 series (Health Informatics)
ISO/IEEE 11073 is a family of Health Informatics/ Device Communication for data interoperability and architecture standards intended to support interoperable communications for health care and wellness devices to assist healthcare product manufacturers and integrators create devices and systems for disease management, health and fitness, and independent living.
Some are adopted as EN under the EN ISO 11073 series.
Global IEEE SA WAMIII Program: Collaborate and build consensus for solutions to establish stakeholder trust in the use of connected wireless medical devices that enable drug manufacturers to continue to conduct hybrid or decentralized clinical trials without risking patients having to come to sites; patients to receive mobilized critical or urgent care without ever leaving the home in the form of tele-ICU’s and tele emergency rooms; patients to be remotely monitored in real-time and receive autonomous drug delivery through devices that are ingested or implanted into the human body; disease outbreaks to be predicted and trends with the use of real-time autonomous patient data aggregation
Contribution on European Commission recommendation “On a common Union toolbox for the use of technology and data to combat and exit from the COVID-19 crisis, in particular concerning the application mobile applications and the use of anonymized mobility data”
IHE also issued a public call for information about situations where IHE Profiles are used in addressing COVID-19. See https://www.ihe-europe.net/
Overview page on activities to address Covid19 challenges
Series of webinars providing insights on how the application of digital financial services can help governments and private sector, in emerging economies especially, to implement measures related to social distancing during a lockdown caused by pandemic, e.g. Covid19. The objective is to provide insights on the innovative applications of telecommunications services, digital payments and fintech in addressing COVID-19 triggered social distancing and lockdown as well as to share lessons learned from governments and DFS stakeholders on the measures that they are implementing.
The “United for Smart Sustainable Cities” (U4SSC) is a UN initiative coordinated by ITU, UNECE and UN-Habitat, and supported by other 14 UN bodies to achieve Sustainable Development Goal 11: “Make cities and human settlements inclusive, safe, resilient and sustainable”. A thematic group on “Emergency response of cities to COVID-19” has been recently established to address the urban dimension of cities in response to the COVID-19 pandemic.
Special and regularly maintained and updated website informing about OASIS specifications that can help governments, businesses and projects in the fight against COVID-19.
Pan-European Privacy-Preserving Proximity Tracing - enabling tracing of infection chains across national borders.
ROBust and privacy-presERving proximity Tracing protocol - protocol for robust and privacy-preserving proximity tracing
Clearinghouse for experience and guidelines for people who are suddenly called to avoid travel or meetings, work-at-home or do classes online. Focus on current capabilities and future needs.
Community Group for achieving the following objectives: (1) to create a repository of already existing Web resources related to covid19 (2) to identify other Web-based initiatives which are on-going (3) to share Web-based initiatives of CG Members in order to get on-board other Members and achieve the maximum impact
Small and Medium Entreprises - SMEs (SBS/European DIGITAL SME Alliance)
Although European SMEs were hit the hardest during this crisis, they played a vital role in combating COVID-19 in different industries. Utilising ICT technologies and standards, many European Digital SMEs have offered their solutions to citizens and enterprises for free, reflecting on European Solidarity during the crisis. Digital SMEs should be supported during the post COVID-19 recovery plan in order to scale up their technologies and be better prepared for future crises. The use of and access to ICT standards enabled Digital SMEs to provide their services. It is important for SMEs to be part of the standardisation making process, i.e actively engaged in drafting of standards, and be perceived as standards makers. Since SMEs are under-represented in this process, SDOs should proactively seeks to engage SMEs and/or take their needs into account.
In the context of contact tracing apps and other technologies to combat COVID-19 or to offer solutions for the recovery phase, standards that define security, privacy, access to and storage of data, and interoperability are important for SMEs. Although SMEs are aware of these solutions, they need to be made aware of ICT standards behind them. These solutions were possible because of ICT standards that supported the backbone for ICT services in smart working, E-learning, e-Health, E-Banking, logistic, smart cities, tourism, and other industries. Therefore, standards are key to access and use new technologies that are made available to SMEs in an open and interoperable way. In addition, there is a need to raise awareness among SMEs on the use of ICT Standards. For example ETSI has already started the ETSI Technology Awareness Roadshow for SMEs. ESOs should initiate standards raising awareness actions towards SMEs.
Not only SMEs need awareness actions, but they also need practical guides for the use of ICT standards. As most SMEs suffer from limited capacities, it is essential for them to have specific and adapted instructions. SMEs associations such as SBS and the European DIGITAL SME Alliance, are well placed to support the development of such SME guides as they did for instance in the ISO27001 Guide for SMEs or the current development of SME Guides on (1) Industrial IoT and (2) Information Security Controls.
Although the effectiveness of deploying technologies, such as tracing applications, has generally not been evaluated, these could be helpful tools to keep pandemics under control and allow a progressive lift of the lockdown. Nevertheless, it then becomes more important than ever to protect the fundamental rights and freedoms of consumers.
Standards can play a fundamental role in not only ensuring the effectiveness of the technology, but in ensuring the entitlement of consumers to data privacy and protection, and in making the technology accessible to consumers of all ages and abilities.
Although the challenges posed by the pandemic are understood, environmental legislation and targets must not be compromised and de-prioritised. The climate emergency poses serious threats and therefore citizens’ health should remain a priority even after the pandemic. This means that post-COVID recovery plans should be based on the Green Deal and help to make the economy become more resilient to such shocks. In fact, environmental laws, taking for example those under the ecodesign framework, not only help the planet but also achieve cost savings and create jobs through innovation, all necessary in the situation we currently find ourselves in.
ETUC policy at European level has been set out in a public letter from the General Secretary to the Presidents of the EU institutions, which states: “Our priority at the moment is to save the enterprises, making sure that they can survive the lockdown and come back to the markets when it will be finished. And to protect the jobs of our members, making sure that those who are suspended from work do not become unemployed, but can keep their job and receive decent income compensation.”
ETUC has established a web resource, at https://www.etuc.org/en/trade-unions-and-coronavirus, with comprehensive links to briefing material at European and national levels.
Digital Europe’s White Paper on “How to relaunch manufacturing in a post-COVID-19 world” inter alia addresses standardisation needs:
ECSO - European Cyber Security Organisation
ECSO Recommendations. Cybersecurity in light of the COVID-19 crisis
COVID-19 CYBERSECURITY RESPONSE PACKAGE - An ECSO Cyber Solidarity Campaign. Updates from the home page: https://www.ecs-org.eu/
The European Data Portal, where Open data from Member States open data portals are referenced, has implemented a specific section dedicated to COVID-19 related open data and applications: https://www.europeandataportal.eu/en/covid-19/overview
Overview on role of open source and robotics in the context of COVID-19: https://opensource.com/article/20/5/robotics-covid19
TC ATTM SDMC
Standards on the relationship between deployment of ICT systems and implementation of services including COVID-19 and other health related services for cities and communities.