Paolo Campegiani
The fellowship tackles the lack of international, or European, standard or technical specification that focuses explicitly on privacy and data protection capabilities of DLT systems. With this regards, ISO TS 24946 “Requirements and guidance for improving, preserving, and
assessing the privacy capability of DLT systems” has now reached CD stage (July 2025) and will endeavour to move through this process and be completed in 2026. This process requires continued support from experts to ensure delivery, as scheduled. In this sense, the priority of this activity focuses at the European level, CEN/CENELEC JTC 19/WG3 to produce a European standard on PII protection within DLT which is strongly influenced by ‘DIN Spec 4997 - Privacy by Blockchain Design’ and the aforementioned ISO TS 24946. This European specification will seek to harmonise the GDPR and recent EDPB guidance to produce a technical specification intended for the European DLT ecosystem.
This European specification will provide much needed clarity for the DLT ecosystem as regards data protection and privacy capabilities, affordances, and assessment. Further harmonisation between the international specification at ISO and the European standard will support interoperability, and ensure that privacy and data protection capabilities are harmonised globally. The main challenges concerns exacting requirements from regulations such as Article 76(3) of MiCAR, as well as Article 79(1) of the European AMLR will require navigation. Standards
require alignment and compatibility with those legal texts, as well as corresponding regulations regarding personal data, data markets, and trust services (e.g., GDPR, Data Act, eIDAS2). Ensuring there are no gaps between regulatory texts and the proposed European standards will be a primary focus. Also, it must be ensured that there are no substantial gaps between international specifications and European standards will be the second focus. Standards alignment between ISO and CEN/CENELEC is viewed as a key outcome to benefit the global DLT ecosystem, and one that requires strong consensus building, given slightly different international privacy perspectives and preferences.
The main priorities of my fellowship are to support the development of two European standards for AI systems, Risk Management and Cybersecurity, which will enable organisations to manage risks and address cybersecurity concerns in alignment with the AI Act.
In this fellowship the original objective is to start to prepare a NWI to address the age approriate topic and start the standard development. The aim is to improve the benefits and reduce the risks in the digital world for young users up to the age of 18. The solution is to adapt the content delivered by online products and services according to the age of users. Moreover, the process requires establishing the age/capacity of users, including age verification and age estimation. The CWA does NOT define age estimation and verification processes (Out of scope) but requires to select an appropriate age assurance tools/approach in conformity with established standards and official guidance.
The priority of my activity is the coordination of the 3GPP activities to update the ITU-R Recommendations on IMT-Advanced and IMT-2020.
The AI Act is a European regulation promoting the uptake of human-centric and trustworthy AI, while ensuring protection of health, safety, and fundamental rights. Companies can prove conformity with the AI Act by complying with the 10 harmonised standards drafted by CEN-CENELEC. My fellowship contributes to two harmonised standards supporting the AI Act.
Incorporation of at least two sensory channels for information consumption is required by the European Accessibility Act, but currently not widely realized in technical communication. With its structured semantic approach, the proposed standard seeks to help eliminate this shortcoming.
Annegrit's priority is the Convenorship of CEN CENELEC JTC21 WG 5, the organisation and project support to work on the AI Act standardisation request for Cybersecurity. This includes a close collaboration with other groups within JTC 21, JTC 13, ISO IEC SC 42 and SC 27 to collect all information of existing and work under development. The main challenge is that JTC 21 and also our WG5 has a diverse structure of experts and knowledge, which makes the work, the effort and efficiency very difficult. In this case, the challenge in addition is the collaboration with other existing standardisation groups within JTC 21 as well as with JTC 13 for Cyber Resilience Act, with ETSI and their view, with ISO IEC SC 27 and SC 42.