Search Results

Back Up Next ISO/IEC 27566-1 ISO/IEC 27566-1 :2025 — Information security, cybersecurity and privacy protection — Age assurance systems — Part 1: Framework [First edition] Up Abstract ISO/IEC 27566 part 1 "establishes a framework for age assurance systems and describes their core characteristics, including privacy and security, for enabling age-related eligibility decisions." [Source: ISO/IEC 27566-1:2025 ] Introduction This standard will lay out the core principles and a framework for determining someone’s age or age-range independently of their identity, for use in age-related eligibility decisions. Scope Age assurance framework Structure Main clauses: 4: Overview of age assurance 5: Functional characteristics - functional requirements 6: Performance characteristics - assurance and metrics 7: Privacy characteristics - privacy requirements 8: Security characteristics - cybersecurity requirements 9: Acceptability characteristics - nondiscrimination requirements 10: Practice statements - documenting the arrangements Status The standard development project set out in 2022. The current first edition was pubished in 2025 . Commentary Whereas self-assertion (e.g. “Click here if you are an adult”) is a simple and commonplace but clearly very weak control, the standard aims to standardise and where necessary strengthen the process of determining someone’s age or age-range without (necessarily) requiring them to disclose their identity and thereby risk compromising their privacy. The cunning plan is to develop and incorporate appropriate assurance controls into the framework indicating confidence in the determined age or age-range, giving policy- and law-makers options when defining age-related criteria for various purposes. In situations where age is particularly important, additional confidence in the age determination is warranted, even if that implies completing a more involved and lengthy process of age verification, perhaps utilising a third party age-verification service or aggregating multiple age indicators taking account of any contraindications, inconsistencies or doubts. Conversely, if age verification is relatively unimportant, simpler, quicker, cruder approaches may suffice. Spoofing (e.g . where an older person pretends or claims to be, and completes the age-verification process on behalf of, a youngster, or a child simply presents a fake credential) is just one of the challenges for this project. There are also identities, credentials, tokens and age-verification subsystems and services, plus individual rights and freedoms to protect (such as privacy and inclusivity), in a framework that allows communication and collaboration between age-verifiers. Up Up Up This page last updated: 12 February 2026

Back Up Next ISO/IEC 27574 ISO/IEC 27574 Information security, cybersecurity and privacy protection— Privacy in brain computer interface (BCI) applications [DRAFT] Up Abstract [ISO/IEC 27574] "provides requirements and guidelines on privacy for brain computer interface applications. It provides privacy controls specific to brain computer interface applications to address the privacy risks based on the principles described in ISO/IEC 29100 and ISO/IEC 27701." [Source: Preliminary Work Item/initial draft] Introduction 'B rain-C omputer I nterface' refers to cutting-edge telepathic technologies such as brain implants allowing users to control smart prosthetic devices and receive information from sensors and systems directly back into their brains. This standards development project under ISO/IEC JTC 1/SC 27/WG 5 is focused on the privacy aspects of such intimate biotech connections, for example the potential for adversaries to monitor/intercept and exploit sensitive personal datacommunications. Scope Judging by the proposal, it appears the project is addressing: Privacy aspects of the intimate B rain-C omputer I nterface, rather than broader information and cyber security aspects. BCI applications i.e. the software elements of 'systems' using BCI, as opposed to, say, the hardware and procedural aspects, or indeed the medical element and biotech in general. That's not to say those other areas won't even be mentioned, and it is very early days for this project so changes are entirely possible. Structure Main clauses [from the initial draft]: 5: Classification of B rain-C omputer I nterface 6: Processing of neuro data in BCI applications 7: Privacy risk management Annex A: Typical applications (use cases) of BCI Annex B: Threat modelling Status ISO/IEC JTC 1/SC 27/WG 5 agreed to develop this standard in December 2025. The standard's development project timeline allows roughly: 1 year for drafting; 1 year for formal committee comments and approval; 1 year for finalisation ... culminating in publication at the end of 2028. Commentary Addressing privacy at the early stages of such technological developments demonstrates the principle of 'security by design', particularly if the project is able to offer constructive guidance to this nascent field on how to treat the associated information risks (ideally, not just privacy risks!). Up Up Up This page last updated: 12 February 2026

404 error: Page not found Could be an availability or integrity failure Try removing .html from the URL and reloading the page, or find your way to the page you seek using the menu. Go home