From shopping online to listening to music, products and services in the field of Information & Communication Technologies (ICT) are playing an increasingly key role in consumers’ everyday lives. But, although they have potential to improve consumer welfare by making a greater range of products and services available, new technologies pose several challenges in terms of the protection of traditional consumer rights, with issues such as data protection, and accessibility to online services by vulnerable consumers, coming to the fore. Hence it is essential that ICT standardisation processes, both formal and informal, ensure full and effective consumer participation in order to take consumer requirements into account.

The ANEC Digital Society WG strives to ensure the safety, accessibility, interoperability and privacy of ICT products & services.

Work areas

1) E-accessibility and e-inclusion

Digital 1

The European Commission e-Inclusion Communication, published in November 2007, recognised the strong evidence showing that voluntary mainstreaming of accessibility in goods and services had not led to significant progress, and in particular that the market had failed to ensure the accessibility of ICT products and services consumers expect. Binding legislation and standards should be seen as complementary instruments. Legislation should set accessibility requirements and the standards are to set specific technical requirements.

This was the main message voiced in two joint ANEC/European Disability Forum (EDF) positions papers on eAccessibility - December 2007 - and on web and eAccessibility legislation - July 2008 -. Later in February 2009, ANEC and EDF decided to join forces with AGE Platform Europe, the European platform for older people, to reiterate the call for eAccessibility legislation (AGE/ANEC/EDF joint position on EC communication on eAccessibility).

In June 2011, we successfully launched our joint campaign “Access denied”.

Web Accessibility Directive

AGE Platform Europe, ANEC, EBU, EDF  joined forces to call on the Commission to make a legislative proposal that would deliver web accessibility for all by 2015.

In December 2012, ANEC welcomed the proposal by the European Commission for mandatory provisions on web-accessibility as it took into account many of our suggestions about the use of standards and monitoring of implementation.

Four years later, on 26 October 2016, ANEC welcomed the adoption of Directive (EU) 2016/2102 on the accessibility of the websites and mobile applications of public sector bodies (‘Web Accessibility Directive’), which aims to ensure access to online public services to all consumers, regardless of their age or ability. The European Parliament, in agreement with the Council, made significant improvements to the original Commission proposal issued in 2012, in terms of the websites covered and enforcement provisions, as well as the inclusion of access from a handheld mobile device and mobile apps. These improvements were largely in line with ANEC’s position.

The adoption of the Directive brought to a close several years of intensive work by ANEC and its partners in campaigning for web accessibility legislation.

Following the adoption of the Directive, a Committee and Expert Group (‘WADEX’), comprised of Member States, was set up to advise the European Commission in the execution of its implementing powers. In addition, a WADEX sub-group of stakeholders was created. An expert, nominated by ANEC with the European Disability Forum (EDF), European Blind Union (EBU) and AGE Platform Europe, represents the organisations in the stakeholder sub-group. Through its participation in the stakeholder sub-group, ANEC contributed to drafting the implementing acts under the Web Accessibility Directive (WAD), published in October 2018.

Web accessibility is a joint priority of the ANEC Digital Society and Accessibility Working Groups. To learn more about the latest developments, please visit our ‘Accessibility’ page.

The first European Standard for accessible ICT products and services (M/376)

The Web Accessibility Directive makes use of harmonised standards to provide a presumption of conformity to its essential requirements. To this end, a draft standardisation request for harmonised standards on the accessibility of websites and mobile apps was issued by the EC, with ANEC’s support. In May 2017, it was approved by CEN-CENELEC and the EC Committee on Standards. CEN, CENELEC & ETSI were asked to deliver harmonised standard(s) based on EN 301 549 V1.1.2 (2015-04), including necessary provisions needed to support the implementation of Article 4 of Directive (EU) 2016/2102. In August 2018, the standard EN 301 549 was published and is now freely available online at ETSI website.

ANEC also participates in the work of CEN TC 224 WG 6 ‘User Interface’ on the revision of prEN 1332-3:2016 ‘Identification card system - User Interface-Part 3: Keypads’ by making sure that consumer relevant functionalities including tactile symbols and contrast requirements for blind and partially-sighted persons are taken into account. Similarly, through our involvement in CEN TC 224 WG 18 ‘Biometrics’ and WG 19 ‘Breeder document’, we strive to ensure the accessibility of concerned systems and devices.

2) Electronic communications products, networks and services 

Digital 2

All consumers should be able to participate in the Digital Society and reap its benefits. Therefore, in ANEC’s opinion, digital products and services need to be safe and accessible for all consumers. However, due to their intrinsic characteristics, such as rapid technological developments and convergence, digital products and services represent a challenge for regulators. The role of standardisation, to ensure that consumers’ interests such as safety, quality of service and accessibility are adequately guaranteed, is crucial.

Radio Equipment Directive

The Radio Equipment Directive (RED) (Directive 2014/53/EU), which replaced the Radio and Telecommunications Terminal Equipment (R&TTE, Directive 1999/5/EC) in June 2016, sets safety, interoperability and accessibility requirements, to be complemented by the adoption of standards for products such as music players and mobile phones. The new RED allows the European Commission to request interoperability of mobile phones and other devices with universal chargers, a long-standing request of the consumer movement. In addition, the RED provides for additional means for market surveillance in order to track and monitor products which fail to comply with the essential requirements. The concept of “foreseeable use” must be taken into account for conformity assessment. All these points were supported and proposed by ANEC. A new standardisation request (M/536) to implement the RED was issued by the Commission, and the standardisation work, which ANEC follows, started in 2016.

Since 2017, ANEC is calling the European Commission and Member States to make privacy and security requirements mandatory for connected products in order to protect consumers from cyber risks. We support the adoption of a Commission delegated act on Internet-connected radio equipment and wearable radio under Radio Equipment Directive 2014/53/EU, to be underpinned by standards. We are working on relative standards which could become Harmonised Standards. The Impact Assessment for the delegated act should be done by end 2019.

Human exposure to electromagnetic fields

The development of harmonised standards in the framework of the Council Recommendation (1999/519/EC) on the exposure of the public to electromagnetic fields, the Low Voltage Directive (2014/35/EU) and the Radio and Equipment Directive (2014/53/EU), is of paramount importance for consumers to ensure that exposure levels are translated into emission requirements of products. Mobile phones and radio transmitters fall within this area. 

Safety of IT audio-video equipment

Television sets, computers, mobile phones and music players are used by consumers of all ages every day. It is therefore essential that those products are safe when they are used by consumers. The term "safety" applies both in the sense of immediate physical risks of human injury, or damage to health, such as in the case of noise exposure level of music players, and through the indirect consequences that can arise from other sources of risk such as chemicals.

In summer 2019, ANEC welcomed the CENELEC TC 61 ‘Safety of household appliances’ decision to abandon the development of prEN 50679’ Household and similar electrical appliances with a radio communication interface and/or a radio determination interface – Safety’. Following negative opinions, CLC TC 61 decided to stop the project, in line with ANEC’s position. This was the second enquiry to which ANEC had to submit a not favourable opinion and comments as the standard did not contain any safety requirement for connected appliances and thus did not provide legal certainty. The results of both enquiries were positive as the majority of National Committees approved the draft standard.

3) eRecognition

Near Field Communication (NFC) technologies such as Radio Frequency Identification (RFID), exponentially increase the possibilities of tracing and tracking consumers. The multiplication of authentication and authorisation mechanisms - such as readers and contact-less cards – is everywhere, from the workplace to public transport networks. ANEC believes there is a need for private data handling to be performed in a clear, legal and standardised framework and with absolute respect for individual privacy and accessibility (see section below on RFID). 

4) Privacy and security

Digital 3

The Digital Society WG follows activities in privacy and security standardisation, one of the main priorities in the age of IoT.

Standards can help industry implement the provisions of data protection legislation, such as “privacy by design”, from the early stages of technical development. This principle guides the Digital Society WG when following privacy-related work, such as in CEN-CENELEC TC 8 ‘Privacy management in products and services’ which was set up in 2015, to implement the draft standardisation request on privacy management in the design, development, production and service provision of security technologies (M/530). The committee also works on two Technical Reports providing guidelines for the application of privacy-by-design principles for video-surveillance and for biometrics for access control (including facial recognition).

As the IoT ecosystem grows, the exposure of connected products to an eventual cybersecurity breach also increases. According to the Special Eurobarometer from the European Commission, 86% of consumers believe that the risk of becoming a victim of a cybercrime is increasing. Also, 87% of consumers avoid disclosing personal information online because of cybersecurity-related issues (EC, Special Eurobarometer 464a, Europeans’ attitudes towards cyber security, September 2017). There is a need to move the security burden from European consumers to IoT manufacturers and service providers.

Consequently, ANEC has to accelerate consumer representation in cybersecurity to ensure that consumer interests are properly represented and taken into account in developing cybersecurity standardisation solutions.

A new CEN–CENELEC TC 13 ‘Cybersecurity and data protection’ started work in the second half of 2017. The scope covers the development of standards for data protection, information protection and security techniques, with specific focus on cybersecurity, covering all concurrent aspects of the evolving information society, including organisational frameworks and methodologies; data protection and privacy guidelines; processes and product evaluation schemes; smart technology; distributed computing devices and data services.

ANEC is also represented in ETSI TC CYBER, which is recognised as a major centre of expertise in cybersecurity. There, we aim to contribute to standards such as the ETSI TS ‘Cyber Security for Consumer Internet of Things', which was proposed by the UK Government and based on the UK Code of Practice for Consumer Internet of Things (IoT) Security for manufacturers.

On 19 February 2019, the ETSI Technical Committee on Cybersecurity (TC Cyber) published ETSI TS 103 645 'Cyber Security for Consumer Internet of Things', a technical specification for cybersecurity in the Internet of Things, which specifies high-level provisions for the security of internet-connected consumer devices and their associated services. The technical specification establishes a security baseline for internet-connected consumer products and provide a basis for future IoT certification schemes. ANEC as a member of ETSI has greatly contributed to the development of ETSI TS 103 645 and was invited to join the ETSI press release, with a quote from ANEC’ Secretary General, on the ETSI website.

Following the publication of ETSI TS 103 645, European Digital Rights (EDRi) published an article on the new IoT Consumer Standard. This was possible thanks to the collaboration of ANEC and Article 19.

At international level, in February 2018, ISO approved creation of a new Project Committee (PC). ANEC is committed to participate and contribute to the work of ISO PC 317 ‘Consumer protection: privacy by design for consumer goods and services’, which aims to achieve a single standard that allows providers to address all the lifecycle issues of privacy by design. In 2015, ANEC released the following guidance to assist consumer representatives in standardisation committees to address personal data protection:

Privacy, security, accessibility and interoperability remain the issues advocated by ANEC in smart cities standardisation (CEN-CENELEC-ETSI Smart and Sustainable Cities and Communities Sector Forum).

Relevant links:

ANEC/BEUC/CI/ICRT Principles and Recommendations 'Securing consumer trust in the Internet of Things' [November 2017].

5) Cybersecurity and Artificial Intelligence

As the IoT ecosystem grows, the exposure of connected products to an eventual cybersecurity breach also increases. According to the Special Eurobarometer from the European Commission, 86% of consumers believe that the risk of becoming a victim of a cybercrime is increasing. Also, 87% of consumers avoid disclosing personal information online because of cybersecurity-related issues (EC, Special Eurobarometer 464a, Europeans’ attitudes towards cyber security, September 2017). There is a need to move the security burden from European consumers to IoT manufacturers and service providers.

Consequently, ANEC has to accelerate consumer representation in cybersecurity to ensure that consumer interests are properly represented and taken into account in developing cybersecurity standardisation solutions.

A new CEN–CENELEC TC 13 ‘Cybersecurity and data protection’ started work in the second half of 2017. The scope covers the development of standards for data protection, information protection and security techniques, with specific focus on cybersecurity, covering all concurrent aspects of the evolving information society, including organisational frameworks and methodologies; data protection and privacy guidelines; processes and product evaluation schemes; smart technology; distributed computing devices and data services.

ANEC is also represented in ETSI TC CYBER, which is recognised as a major centre of expertise in cybersecurity. There, we aim to contribute to standards such as the ETSI TS ‘Cyber Security for Consumer Internet of Things', which was proposed by the UK Government and based on the UK Code of Practice for Consumer Internet of Things (IoT) Security for manufacturers.

ANEC also keeps its focus on Artificial Intelligence. In November 2018, ANEC Deputy Secretary-General, Chiara Giovannini, was appointed to the EC High-Level Expert Group on Artificial Intelligence, which aims to support implementation of the European strategy on Artificial Intelligence. Following an open selection process, the EC appointed 52 experts to the HLEG, comprising representatives from academia, civil society, as well as industry.

On 8 April 2019, the Commission’s High-Level Expert Group on Artificial Intelligence (HLEG), of which ANEC is a member, published its “Ethics Guidelines for Trustworthy AI”. ANEC signed the Guidelines as ANEC is an opponent of most of the content of ethics guidance. However, ANEC continues to call for regulatory measures to ensure that consumers are protected when confronted and affected by AI systems (eg: robots, self-driving cars). On this occasion, ANEC together with AccessNow and BEUC - members of the HLEG - released a statement in support of these guidelines. We stressed, however, that the guidelines can be only a first step.

On 26 June 2019 the EC High Level Group on AI report on Policy and investment recommendations for trustworthy Artificial Intelligence was released and presented to EC Commissioner Gabriel. ANEC signed the report as most of our comments were taken into account. The role of standards in delivering Trustworthy AI is part of the recommendations, as well as the need to map existing regulation and consider adopting a new one.

Related links:

ANEC-BEUC position paper on cybersecurity of connected products (including European Cybersecurity Act) [March 2018]

6) On-line disinformation and ‘fake news’

ANEC was able to influence the final draft CEN Workshop Agreement ‘Journalism Trust Indicators’. The ANEC comments were taken into account, especially the merging of the three CWAs into one, which ANEC had asked since the beginning but was not agreed by the majority of the participants. In addition, the ANEC request to have mandatory indication of revenue sources was accepted. Both points are an important achievement as key to ensure consumer trust.

The CEN Workshop Agreement (CWA) on Journalism Trust Initiative public consultation opened on 2 July until 18 October 2019.

7) Smart & Sustainable Cities and Communities

In 2014, ANEC joined the CEN-CENELEC-ETSI Coordination Group on Smart and Sustainable Cities and Communities (SSCC-CG). For consumers, it is important to participate in the use of information and communication technologies ICTs, social and environmental capital in supporting city development and competitiveness, and especially in terms of protection of their rights as citizens in an increasingly interconnected environment. You can read more about the citizens’ requirements for smart cities and what standards can do in our infographic.

In 2017, the SSCC-CG was transformed into a CEN-CENELEC-ETSI Sector Forum with a new plan of activities. It acts as an advisory and coordinating body for the European standardisation activities related to SSCC, analysing and recommending standards for development, adoption, adaptation, or revision by CEN, CENELEC and ETSI, and organising events on standardisation activities for smart and sustainable cities.

In 2017, ANEC made a new proposal to ETSI Human Factors Technical Committee (TC HF) for a work item on Smart Cities standardisation for consumers and citizens, which was approved by ETSI TC HF and ETSI Board. Accessibility is one aspect to be considered in this work which should start at the beginning of 2019.

smartcities

Activities in the European & international standards bodies

ANEC is represented in:

  • CEN TC 224 ‘Personal identification and related personal devices with secure element, systems, operations and privacy in a multi sectorial environment’
  • CEN TC 224 WG 6 ‘User interface’
  • CEN TC 224 WG 18 'Biometrics'
  • CEN TC 224 WG 19 'Breeder documents'
  • CEN TC 225 'AIDC Technologies'
  • CEN TC 225 WG 5 - 'RFID, RTLS and on board sensors'
  • CEN TC 225 WG 6 ‘Internet of Things – Identification, Data Capture and Edge Technologies’
  • CEN TC 225 Project Team C 'Privacy Impact Assessment'
  • IEC TC 106 'Methods for the assessment of electric, magnetic and electromagnetic fields associated with human exposure' (Monitoring)
  • CENELEC TC 106x 'Electromagnetic fields in the human environment’
  • CENELEC TC 106x WG 20 ‘Reasonably Foreseeable Use’
  • CENELEC TC 106x WG 21 ‘Basic standards and generic standards’
  • CENELEC TC 108x ‘Safety of electronic equipment within the field of audio/video, information technology and communication technology’
  • CENELEC TC 108X WG 3 ‘Sound pressure related to portable music players’
  • IEC TC 108 'Safety of electronic equipment within the field of audio/video, information technology and communication technology'
  • ETSI TC Human Factors
  • ETSI TC CYBER
  • CEN-CENELEC-ETSI Joint Working Group on eAccessibility
  • CEN/CLC/TC 8 ‘Privacy management in products and services’
  • CEN Workshop on Human-driven data economy IHAN
  • CEN-CENELEC JTC 13 ‘Cybersecurity and Data Protection’
  • CEN-CENELEC JTC 13 WG 1 ‘Chairman Advisory Group’ (CAG)
  • CEN-CENELEC JTC 13 WG 6 ‘Product security”
  • CEN-CENELEC-ETSI Sector Forum 'Smart and Sustainable Cities and Communities' (SSCC-SF)
  • ISO PC 317 ‘‘Consumer protection: privacy by design for consumer goods and services’
  • CWA Journalism Trust Initiative
  • CEN-CENELEC Focus Group on Artificial Intelligence (AI)

News and recent success stories

Web Accessibility standard published

In August 2018, the standard EN 301 549 was published and is now freely available online at ETSI website. It will become a harmonised standard as soon as the European Commission cites it in the Official Journal of the European Union. The standard was drafted by the CEN/CENELEC/ETSI JWG ‘eAccessibility’ and the ETSI TC ‘Human Factors’, with the involvement of ANEC experts. The standard will be used to provide presumption of conformity to the Web Accessibility Directive.

NLEd7 9

Opting-in into consumer protection

On 12 May 2009, the EC adopted a Recommendation on privacy and security aspects of RFID which implements the “opt-in” principle. Hence the Commission backed ANEC’s long-standing request for consumers not to be obliged to ask for Radio Frequency Identification (RFID) tags on a product to be deactivated in order to avoid tracking or profiling. Deactivation must be done by default if consumers are to trust commercial use of RFID. ANEC was pleased with the provision calling for a unified RFID sign to be developed by the European Standards Organisations, as we believe consumers should be told of the presence of an RFID tag by a sign, that is easy to understand and accessible to all consumers.

The EC also issued a standardisation mandate to request the European Standards Organisations to develop standards on data protection, privacy and information security aspects of RFID applications. ANEC was able to influence the content of the mandate as far as “privacy by design” is concerned with the results of our research study on RFID standards(visit our Technical Studies page).

In 2014, ANEC welcomed the adoption of European standards on the procedures and logo for the protection of consumers personal data when Radio Frequency Identification (RFID) chips are used.

In July 2009, ANEC welcomed the European Commission Communication on the ‘Internet of things - An action plan for Europe’ as it fully takes on board consumer demands that the “Internet of Things (IoT)” is an “Internet for people”. Internet of Things is a paradigm where novel applications combine mainly wireless, physical objects that can be located and can communicate with each other. ANEC, which works with BEUC and Consumers International (CI), on this issue, believes that the Internet of Things needs to be built in such a way as to ensure easy and safe user control. Consumers need confidence to fully embrace the Internet of Things in order to enjoy its potential benefits and avoid risks to their security and privacy.

In June 2010, the European Parliament adopted a Resolution on Internet of Things in response to the European Commission Communication of 18 June 2009 on the "Internet of Things – An action plan for Europe" (COM(2009) 278final). ANEC welcomed the Resolution as MEPs call for the European Commission to further assess many of ANEC’s requests, such as the impact on health of radio waves and other means of enabling identification technologies; the right to "chip silence", which provides empowerment and user control and the environmental impact of the chips and of their recycling, among others. In addition, the Parliament stressed that “(…) the consumer has the right to privacy by opt-in and/or privacy by design, notably through the use of automatic tag disablement at the point of sale, unless the consumer expressly agrees otherwise” (section 16). And that it “(…) believes that the IoT encompasses many benefits for people with disabilities and may be a way to meet the needs of an ageing population and provide assertive care services”.

"Pump down the volume!"

Young consumers often listen to music using personal music players and radio communication devices including such a facility. It is essential to ensure these devices do not cause certain health risks, in particular unforeseen hearing loss or hearing impairment.

In April 2008, ANEC commented on a draft international safety standard for IT and Audio/Video equipment (IEC 108/276/CDV), noting the sound level of 118dBA – to 125dBA for “long-term” exposure (>0,5s) to be extremely high but below the barrier of pain. A sound pressure at such high level can result in hearing damage and even loss. The requirements of a safety standard should avoid such injuries.

The draft standard also proposed that equipment instructions should require a general warning along with a warning label on the product. However, ANEC believes that the users of portable sound systems are often children or young adults who often do not understand or respond well to cautionary advice. Hence, in order to protect the users of portable sound systems from hearing damage, a technical limitation of sound pressure is necessary. ANEC’s position was confirmed by scientists who conclude that 5-10% of personal music players listeners risk permanent hearing loss within 5 years due to the excessive use of personal music player. ANEC called for sound levels to be limited by default settings in personal music players at a European Commission conference held on 27 January 2009 in Brussels. ANEC also proposed that the role of headphones and in-ear earphones in protecting consumers should be better assessed. For example, the anti-noise function of noise-cancelling headphones can allow consumers to enjoy listening to music at lower sound levels without losing the “groove” (ANEC position paper on the Safety of Music Players).

In June 2009, the European Commission issued a standardisation mandate to develop and revise standards for the safety of personal music players (PMPs). ANEC participated.

In 2011, we welcomed approval of the new standards for Personal Music Players (EN 60065:2002/A12:2011 ‘Audio, video and similar electronic apparatus - Safety requirements" and EN 60950-1:2006/A12:2011 "Information technology equipment - Safety -- Part 1: General requirements’). The approach adopted is based on an average sound pressure limit of 85dBA. This is a level that is considered to be safe under all conditions of use. Nevertheless, there is the possibility for consumers to choose to override the limit so that the level can be increased up to a maximum average of 100dBA. In this case, users are informed by warnings, repeated after every 20 hours of listening time, about the risks of listening music at such a high volume. Lower limits are prescribed for PMPs for children. The 85dBA and 100dBA limits became applicable in 2013.

Since then, we have been working on a sound level dosage system now detailed in prEN 62368-1:2014/prAD:2018. Among other improvements, it provides the user with much-needed information on safe periods for listening. The aim is to avoid young consumers potentially reaching the safe maximum weekly dosage in a matter of minutes, and then continuing to listen at a high volume simply by acknowledging a warning.

NLEd7 10

To read more about ANEC’s achievements in different sectors please visit our ‘Success stories’ web page.

European Cybersecurity Act

In June 2019, the European Cybersecurity Act was published in the Official Journal of the European Union and will enter into force 20 days after its publication (27 June 2019). According to the Regulation (EU) 2019/881, a European cybersecurity certification scheme ‘shall include at least the following elements: (...) references to the international, European or national standards applied in the evaluation (...).

Furthermore, the act establishes a European cybersecurity certification framework for the development of schemes. The EC will adopt schemes concerning specific groups of ICT products, ICT services and ICT processes. These should be implemented and supervised by national cybersecurity certification authorities, with certificates issued under these schemes valid throughout the EU.

Standards will therefore be the basis for several schemes, with the purpose of ensuring that ICT products, ICT services and ICT processes that are certified as complying with specified requirements which aim to protect the availability, authenticity, integrity and confidentiality of stored, transmitted or processed data throughout their life cycle.

ANEC is already participating in relevant cybersecurity standardisation activities in CEN CENELEC and ETSI.

Publications

 To access position papers related to Digital Society please click the link, Position papers.