According to the European Commission's Digital Single Market Strategy (6 May 2015, COM(2015) 192 final), standardisation plays a key role in steering the development of new technologies and boosting innovation. The rapid technological changes shape industries, and digital technologies are becoming the foundation of a modern economy and societies. The Commission's vision of Digital Single Market (DSM) is inter alia to "maintain Europe's position as a world leader in the digital economy that is inter alia envisaged with setting ICT priorities in the standardisation. Therefore, the Commission proposed to launch a standardisation plan to identify and define key priorities for standardisation with a focus on the technologies and domains that are deemed to be critical to the DSM. Before consulting different stakeholders, the Commission identified following domains that have a potential to bring Europe to the DSM: 5G, cloud, cybersecurity, data driven services and applications, digitisation of European Industry, eHealth, intelligent Transport Systems (ITS), Internet of Things, smart cities, smart and efficient energy use.
FSFE provided the Commission its input on setting ICT priorities within the objectives identified in the DSM Strategy and answered to the public consultation in the end on 2015.
Introduction
Free Software Foundation Europe (FSFE) agrees with the Commission that standards priorities should be set up in order to bring the EU to digital single market in accordance with the Commission's Digital Single Market Strategy adopted on 6 May 2015 (COM(2015)195), and that standardisation has to reflect European interests. However, it should be acknowledged that digital market is a global market. Hence, Europe needs to be the part of the global picture, as ICT standards by its nature are international. In addition, it should be noted that Europe is not a principal ICT standard-setting region, despite the fact that "European experts are actively participating in international standard organisations" (such as ITU, ISO, IEC). Therefore, Europe needs an approach that is both effective in implementation and global, in order to ensure its competitiveness on the digital market. The best way to achieve both aims is to ensure that Europe implements standards that are open, minimalistic and implementable with Free Software, as these standards have proved to be sustainable. At the same time, European "push" in standardisation should not result in more standards with overcomplicated specifications. Hence, European standardisation has to be aimed at implementing existing global standards that in the end will benefit the majority of stakeholders, and encourage competition on both European and global level.
The role of ICT standards for the economy, and beyond the ICT sector
The purpose of standardisation is to deliberately limit changes to technological basis. These limits are introduced in order to allow subsequent innovation by everyone that has access to the standard and not just the party that controls the technological basis. As a consequence, standards limit the ability to innovate by a single party in order to allow innovation on the basis of that standard by multiple parties. However, standardisation can only fulfil its purpose when standards are actually implemented and wide-spread across industries. In order to ensure the widest adoption and implementation of standards, especially beyond the ICT sector, it is important for standards to be understandable and easily implementable. This will contribute to the cross-sector digitisation of industries that in result will lead to more innovation, and a wider variety of services in the market. Open Standards allow such innovation by all parties with no leverage for the initial developer of the platform to limit such innovation or the competition it represents.
Interoperability and portability of data will also contribute to the improvement of digital skills amongst population. Digital Single Market cannot exist without digital literacy. Interoperable standards implementable with Free Software, that are easily adoptable, will contribute to that goal because they will facilitate the proliferation of technology, by granting everyone freedoms to use that technology, study how it works, share it with others without any restrictions, and improve it according to their needs.
In order to pursue the goals set in the Digital Single Market Strategy, Europe does not need to reinvent the wheel, and instead of trying to standardise from the scratch by developing new standards, Europe should focus on implementing existing global standards that are open, minimalistic and implementable with Free Software.
Open Standards that are implementable with Free Software will empower European industries to compete on the global market. Open Standards have already proven themselves: besides the obvious example of the Internet, it is worth mentioning that several of the biggest and most successful IT players, who have built their software model on either Free Software or proprietary equivalent, are based on Open Standards.
It is important to implement Open Standards that are minimalistic because this will enable the majority of European IT actors, that are small- and medium-sized enterprises (SMEs), to adapt them, and most importantly, to understand them. Overcomplicated and lengthy standards will take extra time and resources to be efficiently implemented and understandable for European SMEs, the majority of which do not have such capacity to fully follow the complex specification of a standard. It is noteworthy that SMEs are largely misrepresented in standardisation process in formal standard setting organisations (SSOs) that are dominated by large scale actors. Simply trying to implement standards originally developed for dominant actors will create extra burdens to the digitisation of European industries and prevent new actors from entering the market because companies are burdened by costly specifications or the need to invest in new infrastructure. Therefore, in order to digitalise industries cost efficiently, while at the same time ensuring the competitiveness and independence of European companies in accordance to the goals set in the Digital Single Market Strategy, the implemented standards have to be both open, minimalistic and implementable with Free Software.
How to ensure that standardisation priorities are widely supported?
FRAND
In order to achieve the widest adoption of standards, it is crucial to ensure that no unnecessary obstacles to their effective implementation are in place. One of such unnecessary obstacles are standard-essential patents (SEPs) that have been called "an important element of the business model in terms of monetising the investment in research and innovation" in the Commission's Digital Single Market Strategy. While it may be an option for some industries (i.e. telecommunications), it is not the case for such areas such as software, internet and web standards. It is important to acknowledge that one uniform cross-sectoral approach towards patents in standardisation is not the answer and can cause more harm if applied without taking into account differences and inherent dynamics between sectors.
It is worthwhile to mention that several standard setting and developing organisations in the field of software, internet and web standards (e.g. W3C, IETF, UK BSI, OASIS) base their standards policies on royalty- and restriction-free standards that do not include any proprietary rights. This policy has no doubt contributed to the fact why internet has become such an important and widely spread environment that has lead to the spur of innovative products and services on the market. It is also important to understand that technical standards in the field of software are developed retrospectively, and as such do not contain any innovative breakthroughs per se, by simply following the technology. Consequently, the whole purpose of standardisation is to facilitate the adoption of technology, instead of encumbering it.
Furthermore, ICT market is increasingly being dominated by web-services and web-enabled devices, which permit web applications to replace the functionality of client-side stand-alone software. Hence it is critical to respond to the existing practice of standardisation in web and software field in an adequate manner, that is follow the standardisation examples of these industries that have shaped them and allowed them to thrive. Some of the problems caused by SEPs include a high possibility of vendor lock-in and anti-competitive behaviour, as SEPs can confer significant market power on their holders. Licensing under 'fair, reasonable and non-discriminatory' (FRAND) terms, but including a royalty-payment requirement, is often presented as a way to balance the interests of the market with those of patent owners. However royalty- and restriction-based FRAND serve only the interests of a handful of the biggest companies - most often based outside of Europe - providing no benefits to the local European actors, the majority of which are SMEs. Furthermore, royalty-based FRAND licensing has been shown to be detrimental and incompatible with Free Software.[^1] This is a major obstacle for achieving the widest competition of goods and services on the digital market, as Free Software actors should be able to compete on the same conditions as their proprietary counterparts.
EU policy instruments to support the adoption of ICT priorities
Europe should learn from the best practices and ensure that the Member States and companies understand the benefits of standardisation. While it is feasible to set guidelines, it is necessary to let market shape its needs. At the same time, EU is in position to raze barriers before competition with its policies. Hence, the most effective way for the EU to boost competition, but at the same time refraining from too much governmental interference, is to adopt open and minimalistic standards -- implementable with Free Software -- through procurement, research and education. These measures might be followed by soft law instruments such as a Commission recommendation, or the priorities stated in the Rolling Plan for ICT Standardisation. However, the development of these political guidances should be lead by example and should take into consideration the differences between ICT and other standardised sectors.
Standards and Europe's leadership on the global ICT market
Leadership should not entail the development of new standards but instead can be achieved by prioritising existing standards that are open, minimalistic and implementable with Free Software. Even if such standards need to be developed in the respective new fields, these standards should pursue abovementioned characteristics as this will ensure their wide-spread adoption. In order for Europe to become globally competitive, Europe should be the part of global standards and not lock itself regionally. The obvious example of such "no border" standardised platform is internet itself which is based on non-propretary, non-regulatory, transparent and open standards. This point is crucial: the way internet functions today has lead to the creation of services, products and business models unimaginable in analogue world. Furthermore, the strong endorsement of aforementioned standards reflects the fact that software, the internet and the web are widely distributed and constantly evolving.
Positive outcome for European companies to capture new global market opportunities can be only achieved if the market is open for companies of different size. It is important to bear in mind that the majority of European stakeholders are SMEs. Hence it is vitally important to ensure that the market opportunities are open for SMEs who can easily adapt to the new opportunities. Standardisation can both hamper and encourage such participation, hence European approach needs to be careful in this regard. Developing more standards will not necessarily bring any relief to the goal of interoperability per se, instead, standards need to be adaptable and implemented as easily as possible. This will ensure their adoption on the market, at the same time securing the support for the widest variety of companies that in return will provide the widest competition.
According to the EU competition rules (e.g. Article 101 of the TFEU, also see C-8/08, T-Mobile Netherlands BV and Others, [2009] ECJ) European policies should be aimed at protecting competition as such, so-called 'fifth freedom' in the EU. SMEs and consumers are the voices that are the least present in the standardisation processes, hence to benefit these groups is to contribute to the competition.
Standards and public procurement
There is a need for governmental and EU-level policies promoting Free Software through public procurement in order to realise the efficiencies of Free Software to the Digital Single Market. Due to its nature, the danger of anti-competitive behaviour and the vendor lock-in is eliminated in promoting Free Software as the innovative technology is available to everyone to use and improve, leading to the existence of various service providers based on the same technology. This is exactly the goal that the standardisation is aimed to achieve.
In particular, there is a need for a clear requirement of publicly financed software to be published under Free Software licences, that will allow Free Software to act as a reference implementation. Instead of developing lengthy specifications to the standard and expecting stakeholders to find their ways to implement it, it is more efficient to publish the source code and let everyone to copy and reshape the technology according to their specific needs. This is particularly important because for most software standards the formal specification is insufficient, and the actual standard is defined both through the written specification and actual implementations. For the implementer the reference implementation is more valuable because it allows her to avoid the extended phase of trial-and-error in order to resolve specification ambiguities. Consequently for software solutions the need for a reference implementation to implement the standard can be fulfilled by publishing it under a Free Software licence. Reference implementation published under Free Software licence may act as a the formal specification without the institutional standard setting process and can be reproduced by any potential vendor of the technology. Therefore, allowing technology to be implemented directly will abstain from duplicating standards in order for technology to be applied. Hence, reference implementation under a Free Software licence will avoid unnecessary duplications, while at the same encourage competition.
How should SSOs respond to the increased speed of technological changes?
Regarding the adaptation of existing standards to new developments
Software and web services are the sectors to develop at the fact pace. Traditional standardisation processes, especially in the formal SSOs, cannot keep up with the more and more diversifying ICT sectors with the approach that used to work for other industries, such as telecommunications. This is especially evident with SEPs and their FRAND licensing terms that instead of promoting innovation, are restricting innovative potential to enter standardisation. It is a well-established fact that royalty-based FRAND licensing is discriminatory towards Free Software, which is undeniable competitor to the proprietary software on the market. Therefore, FRAND cannot be encouraged or perceived as the primary licensing solution in standardisation. As technology is developing faster, there is no need to introduce additional barriers through standardisation.
Another barrier that impedes with innovation are large and complex standards' specifications. This barrier can be lift by applying minimalistic standards, that are modular. Minimalistic modular standards will allow to change a part of a system, i.e. if necessary to switch to a new standard and apply innovative technology there, while keeping the other part under the old standard. Hence, minimalistic standards will allow a more flexible and gradual approach to new developments in the areas with already existing standards. It is crucial to understand that technical standards may solely help facilitate technology, but do not contain any innovation per se. Due to this factor a very careful policy approach is needed in order to not achieve the opposite effect detrimental to innovation.
Since royalty free open standards implementable with Free Software are proved to be sustainable, interoperable, easily implementable and pro-competitive, SSOs are in need to better respond to the new developments and include the aforementioned standards into their policies. One-size-fits all approach, especially in regard to FRAND licensing, is harmful to the new developments and does not take into consideration all the existing standardisation practices amongst such ICT fields as software, internet and web.
Regarding the introduction of new standards for new technologies/products
When it comes to the new technologies that have not been standardised before, it is critical to ensure the widest interoperability and avoid vendor lock-in from the beginning, in order to mitigate the risk of developing monopolies and oligopolies on the market. Where innovations are at an early stage of market development, the standardisation process should be evaluated by whether these standards are implementable and usable. As stated above, royalty- and restriction free, open and minimalistic standards that are implementable with Free Software are the most adequate answer to the standardisation in software, internet and web services.
In addition, many SSOs are in need to improve their collaboration with Free Software communities, in order to adequately respond to the existing realities of the market. In particular, some formal SSOs (e.g. see Resolution GSC-13/22, by the Global Standards Collaboration) have publicly condemned the policies mandating royalty-free licensing of standards. This approach is short-sighted and harmful to innovation.
Standardisation of "cloud"
As stated above, cloud is becoming an increasing ICT sector on the market. This is the sector that is heavily relying on web standards that are most likely royalty free and open. This practice needs to be promoted and encouraged, as these standards will ensure the objectives set in the Digital Single Market Strategy.
* Fair competition of good and services: royalty free, open and minimalistic standards that are implementable with Free Software will guarantee the widest competition on the market in the field of software, as these standards will allow more players to enter the market and base their goods and services on existing technology. This is due to the fact that access to technology is available to all potential economic actors on equal terms without any advantages to the right holders. This is especially crucial for SMEs which participation in standardisation processes is often non-present or minimal. Consequently, if priorities need to be set, they should be in accordance with the competition rules of the EU enshrined inter alia in the Article 101 of TFEU that is aimed at securing the fair competition.
* High level of consumer and personal data protection: consumers benefit from royalty free, open and minimalistic standards that are implementable with Free Software through the fact that these standards will allow the wider variety of goods and services to appear on the market, and will enable the portability of consumers' personal data from one service provider to another in the most secure and transparent way. Other standards cannot provide such high level of interoperability, which in return will ensure consumers' control over their personal data, which is in line with the Data Protection Regulation and the users' right to their data portability therein. Consequently, it is notable that software that is exploiting the exported data needs to be Free Software in order for consumers to be able to re-use their data and applications in an efficient way.
In order to ensure consistent application of existing standards, the increase of strategic coordination of ICT standardisation at the EU level is needed. This includes industry-sensitive policies that adequately respond to the market developments, but at the same time eliminate the possibility of vendor lock-in and anti-competitive behaviour. This includes stronger promotion of royalty-free, open and minimalistic standards that are implementable with Free Software by inter alia issuing the recommendations and updating the EU Rolling Plan on ICT Standardisation. But most importantly, the wider adoption of these standards is achievable when the EU bodies and institutions implement abovementioned standards themselves, including through public procurement.
Standards in cybersecurity
The main goal of cybersecurity in the context of DSM, and the competitiveness of the European industry, is in 'trust' consumers need to have whilst accessing and exercising online activities. This entails the technical standard for security and privacy by design. In order for digital economy to thrive and flourish the consumer perspective is no less valuable than of other stakeholders. In order to effectively build digital economy, consumers must trust the environment and service providers, and if needed be granted with effective remedy in case that trust is misused.
Privacy by design is an important feature to secure consumers trust in digital environment and the standardisation efforts need to be directed towards this goal. Hereby, it is necessary to stress that the needed level of privacy can be achieved with the standards that are transparent, open and global, as internet itself. However, one of the most critical points to security is the principle of 'minimalistic' standards. The complexity of overblown standards with many rarely used features is the biggest threat to software security acknowledged by experts. These standards are more likely to introduce or leave vulnerabilities for attackers to take advantage of. Consequently, the standards for cybersecurity need to be designed according to their purpose and in minimalistic way.
Due to its feature of high public interest, standards in cybersecurity need to accepted as widely and as efficient as possible. Allowing secure solutions to act as reference implementations will contribute to their de facto standardisation. Hence, releasing software as Free Software and its reference implementation under Free Software licences is the most optimal solution in cybersecurity. It is a well established fact that it is easier to discover and fix vulnerabilities in Free Software. Free Software licenses will also allow the reuse of reference implementations as modules which will help to the adoption of technical standards.
There is a need for SSOs to address the standardisation of security and privacy by design. Due to the fact that privacy as such is not a market driven notion (while data in itself is) and as a product is not considered 'successful', there is a need of a EU level priority in this area. Standardisation on the EU level in the area of 'privacy by design' has to be in line with the EU Data Protection Regulation, and such priority can contribute to the European leadership in this area, especially to the global consensus on privacy and data protection.
Conclusion
In conclusion Europe needs global solutions that are easily implementable and adoptable by the majority of stakeholders in order to achieve the widest competition in the digital single market. Standardisation can without a doubt play a significant role in achieving these aims. However, these can only be realised if the set priorities take into consideration the fast pace technology and the needs deriving from the market itself. At the same time, European policy can be designed to raze the barriers before competition and innovation.
The standardisation processes and the policies adopted by formal standard setting organisations have been designed in pre-digital era mainly for telecommunications sector. Digital, as we know it nowadays, relies mainly on software, internet and web standards that are royalty-and restriction-free and that have evolved differently than the traditional standardisation in the formal standard setting organisations. Therefore, it is important to maintain that practice and encourage the cooperation between different standard setting and developing organisations, irrespective of their "formal" status (e.g. formal SSOs, fora and consortia, or Free Software community).
Priorities at the EU level need to be set carefully and in accordance with the EU competition law. The most efficient way to achieve the adoption of standards by the majority of stakeholders across Member States is through the EU taking the lead and implementing the desired standards through public procurement: this entails the promotion of standards that are open, minimalistic, and implementable with Free Software, that have proven to be sustainable, interoperable, pro-competitive and transparent. Standards that are open, minimalistic, and implementable with Free Software will allow different sized actors to easily adopt and implement them that in return will guarantee the widest competition of goods and services on the market, and the widest proliferation of technology.
Another important feature of ICT standardisation is to allow Free Software to act as a reference implementation of the standard and to make sure a reference implementation is published under a Free Software licence, including all software that has been developed with public funds to be released as Free Software. As a consequence, this practice will contribute to digitisation of the European industries and increase in digital skills amongst population.
Consequently, adopting standards that are open, minimalistic and implementable with Free Software will contribute to the majority of aims set in the Digital Single Market strategy, and will allow Europe to be competitive on the global ICT market. The European "push" in standardisation needs to be directed at taking most of the existing standardisation practices in the fields of software, internet and web, while at the same time refraining from locking itself regionally that will hamper Europe's innovative potential. In order for European innovation to boost, Europe needs innovative solutions in the standardisation.