Safety, transparency and due process online (RP2023)

 

A.) Policy and legislation

(A.1) Policy objectives

The initiative relates to the Commission’s policy and regulatory intervention to ensure a safe online environment and the respect of fundamental rights online. Meaningful transparency to users, regulators and third parties is a key enabler for this objective.

The clear, harmonised and, where appropriate, interoperable approach across services is key for a well-functioning single market for digital services, where start-ups can emerge and scale by proposing responsible innovations.

In particular, making the internet a safer and better place for children and young people is a key priority for the EU under the political ambition: to build a Europe fit for digital age. Through a range of activities the European Commission has supported safety online for more than 20 years. The European Strategy for a Better Internet for Children (BIK) defined a coherent EU-wide set of measures for the EU, Member States, industry and other stakeholders across Europe to support children, and their parents and teachers, online. The tools range from funding and coordination with Member States to contributions to the regulatory framework, including through self-regulatory initiatives. In addition, specific legal measures for the protection of minors online are set down in the revised Audio Visual Media Services Directive (AVMSD) and in the General Data Protection Regulation (GDPR), and most recently in the Digital Services Act.

Inappropriate content is one of the main concerns identified by both children and parents when contacting Safer Internet Centres’ helplines. As children become more active online, and from ever younger ages, the possibility they will encounter something age-inappropriate online is also increasing, e.g. material that is adult-only, pornographic material, information that might lead a child into unlawful or dangerous behaviour, violent or disturbing content, or adult-only services such gambling sites. Robust age verification mechanisms are one of the key elements to protect children and young people from this risk.

(A.2) EC perspective and progress report

A new regulatory framework addressing these objectives will be proposed through the Digital Services Act. The regulatory proposal includes harmonised obligations for content moderation processes and user redress, as well as a series of other due diligence obligations for meaningful transparency of platforms’ algorithmic systems, including online advertising. Standardisation work may facilitate interoperability and is needed to ensure that the technical design of systems and processes is efficiently and effectively implemented across all platforms and regulatory compliance in particular for newcomers is easily translated into technical requirements.

Such standards would need to rest on a broad and deep involvement of diverse stakeholders, including digital services and other businesses, and prominently including civil society focusing on fundamental rights and consumer rights in digital contexts. The availability of standards should facilitate the application of the regulatory provisions shortly after the entry into force.

Additionally, the protection of minors is one of the cornerstones of the new rules with an obligation under the DSA for online platforms accessible to minors to put in place measures ensuring a high level of privacy, safety, and security of minors. The recently updated European strategy for a better internet for kids (BIK+) recognizes the importance of age verification mechanisms but also their current flaws. Despite existing EU law, age verification mechanisms are still in many cases ineffective, with users often only required to tick a box to confirm they are aged 18 or older.

The Commission funded euCONSENT pilot project aims to demonstrate an interoperable technical infrastructure, effectively implementing child protection mechanisms (such as age verification) and parental consent mechanisms based on relevant EU legislation such as the AVMSD and GDPR. The project prepared a Common Standards Framework to ETSI drafting protocols which includes all of the technical infrastructure requirements, interoperability protocols and assessment and certification processes. This framework could gain ETSI or ISO standard status during the post-project implementation phase.

Building on ongoing work such as the above pilot project and taking account of the new DSA rules for online platforms, the Commission will support methods that allow consumers to prove age in a privacy-preserving and secure manner, to be recognised EU-wide. The BIK+ strategy requires the Commission to work with Member States (who in line with national legislation can choose to issue electronic IDs to the under-18s under the recent proposal on eID), relevant stakeholders and European standardisation organisations to strengthen effective age verification methods, as a priority. This work will encourage market solutions through a robust framework of certification and interoperability.

(A.3) References

• Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC (Digital Services Act)
• COM(2022) 212 final Digital Decade for children and youth: the new European strategy for a better internet for kids (BIK+)
• Revised Directive 2010/13/EU AVMSD consolidated version
• Regulation (EU) 2016/679 GDPR
• COM/2021/281 final Proposal for a European Digital Identity framework
• COM/2021/142 final EU strategy on the rights of the child
• euCONSENT pilot project

(B.) Requested actions

Action 1: SDOs to look into standardisation needs that may arise from the Commission’s proposal for a new Digital Services Act.

Action 2: Develop a European standard for online age assurance / age verification in the context of the proposal for a European Digital Identity framework (eID) proposal as well as the euCONSENT project.

(C.) Activities and additional information 

(C.1) Related standardisation activities

IEEE

In 2016 the IEEE Global Initiative on Ethics of Autonomous and Intelligent Systems ("The IEEE Global Initiative") started a project called ‘Ethically Aligned Design: A Vision for Prioritizing Human Wellbeing with Autonomous and Intelligent Systems. The final / latest version of Ethically Aligned Design, released in 2019, can be found here: https://ethicsinaction.IEEE.org/wp-content/uploads/ead1e.pdf. 

A similar work is underway for the Ethics of Extended Reality and has produced numerous reports: https://standards.IEEE.org/industry-connections/ethics-extended-reality/

IEEE has various standards and pre-standards activities that contribute to safety, transparency and due process online. The P7000 Series has relevant activities, including IEEE 7000-2021 - IEEE Standard Model Process for Addressing Ethical Concerns during System Design and IEEE P7001™ - Standards for Transparency of Autonomous Systems. Other projects include IEEE P2876 on Recommended Practice for Inclusion, Dignity and Privacy in Online Gaming 

IEEE 2089-2021 focuses on providing age appropriate digital services, and is based on the 5Rights principles which were developed with youth and children involved.  IEEE also submitted this standard as the basis for the CEN/CENELEC Workshop Agreement on Age Appropriate Digital Services Framework.  

A standard for Online Age Verification (IEEE P2089.1) is under development in this series.

• IEEE P1589™ -Standard For An Augmented Reality Learning Experience Model
• IEEE P2840 Standard for Responsible AI Licensing
• IEEE P2863 - Recommended Practice for Organizational Governance of Artificial Intelligence
• IEEE P2874 Standard for Spatial Web Protocol, Architecture and Governance
• IEEE P2987 Recommended Practice for Principles for Design and Operation Addressing Technology-Facilitated Inter-personal Control
• IEEE 1232-2010 IEEE Standard for Artificial Intelligence Exchange and Service Tie to All Test Environments (AI-ESTATE)
• IEEE 1232.1 Trial Use - Standard for Artificial Intelligence Exchange and Service Tie to All Test Environments (AI-ESTATE): Data and Knowledge Specification
• IEEE P2660.1™ - Recommended Practices On Industrial Agents: Integration Of Software Agents And Low Level Automation Functions
• IEEE 2089-2021 - Standard for Age Appropriate Digital Services Framework – Based on the 5 Rights Principles for Children
• P2418.4™ -Standard For The Framework Of Distributed Ledger Technology (DLT) Use In Connected And Autonomous Vehicles (CAVs)
• PC37.249™ - Guide For Categorizing Security Needs For Protection And Automation Related Data Files
• P2672™ -Guide For General Requirements Of Mass Customization
• P2812™ - Guide For Minor Guardianship System For Online Mobile Gaming
• P3333.1.3™ - Standard For The Deep Learning-Based Assessment Of Visual Experience Based On Human Factors
• IEEE 7000™-2021 -Model Process For Addressing Ethical Concerns During System Design
• IEEE P7001™ -Transparency Of Autonomous Systems
• IEEE 7002™-2022 -Standard For Data Privacy Process 
• IEEE P7003™ -Algorithmic Bias Considerations
• IEEE P7004™ -Standard On Child And Student Data Governance
• IEEE P7005™ -Standard On Employer Data Governance
• IEEE P7006™ -Standard On Personal Data AI AgentIEEE P7007™ -Ontological Standard For Ethically Driven Robotics And Automation Systems
• IEEE P7008™ - Standard For Ethically Driven Nudging For Robotic, Intelligent And Autonomous Systems
• IEEE P7009™ -Standard For Fail-Safe Design Of Autonomous And Semi-Autonomous Systems
• IEEE 7010™-2020 -Wellbeing Metrics Standard For Ethical Artificial Intelligence And Autonomous Systems
• IEEE P7011™ -Standard For The Process Of Identifying & Rating The Trust-Worthiness Of News Sources
• IEEE P7012™ -Standard For Machine Readable Personal Privacy Terms
• IEEE P7014™ -Standard For Emulated Empathy In Autonomous And Intelligent Systems
• IEEE P7015™ Standard for Data and Artificial Intelligence (AI) Literacy, Skills, and Readiness
• IEEE P7030™ Recommended Practice for Ethical Assessment of Extended Reality (XR) Technologies

The IEEE CertifAIEd Program: Through certification guidance, assessment and independent verification, IEEE CertifAIEd offers the ability to scale responsible innovation implementations, thereby helping to increase the quality of AIS, the associated trust with key stakeholders, and realizing associated benefits. (https://engagestandards.IEEE.org/IEEEcertifaied.html)

For more information, go to https://ieeesa.io/eu-rolling-plan

ISO

ISO has started work on ISO/IEC PWI 7732 Age Assurance Systems. This standard aims to develop a framework for the creation of age assurance systems, including age verification and age estimation within five standardised levels of confidence (self-asserted, basic, standard, enhanced and strict). The project seeks to develop the privacy and technological framework that will sit around Age Assurance. This work is being progressed by ISO/IEC/JTC1/SC27/WG5 - Privacy and Identity Management.

(C.2) additional information

euConsent 

The euConsent pilot programme was initiated by the Commission to explore the needs for standardisation and interoperability for age verification and parental consent mechanisms across at least 3 member states. The programme included a workstream (WS 5) on standardisation, which has drafted standards for technical requirements for age verification and for parental consent as they would apply to eIDAS as it stands today. The programme also developed requirements for certification of age verification and parental consent providers. It is recognised that the programme needs to progress through preparatory action, not just to adopt the standards for today’s interoperability through eIDAS, but also to prepare for eIDAS 2.0 as the standards framework for that develops over the next few years.