International technical standards that seek compliance in blockchain

In this article, I will discuss researching international technical standards that seek compliance in Blockchain, which is the topic I will explore in depth in this post. With the growing use of blockchain in various industries, the search for international technical standards that ensure compliance has become an urgent need. These standards seek to guarantee the interoperability, security, and transparency of blockchain-based solutions, creating a more secure and reliable environment for companies, developers, and users. The implementation of these standards is crucial for the adaptation and sustainable growth of this emerging technology, which offers great potential but also presents challenges related to regulation, governance, and data protection.

This is a Postgraduate article that seeks to research and comment on the objective described below. I hope that my post will somehow help someone in the future who is looking for the same thing or something similar.

Objective:
Research an international technical standard that seeks compliance in blockchain. It can be via ENISA, NIST, ISO, or NBR. Comment on some relevant points.

ENISA
ENISA analyzed the technology and identified benefits, challenges, and good security practices. The report identifies that some principles used in traditional systems security and blockchain, such as key management and cryptography, are still largely the same. However, the technology brings new challenges, such as consensus hijacking and smart contract management. In addition, it highlights that public and private ledger implementations will face different sets of challenges.

To protect commercial information while leveraging blockchain technology, financial institutions should seek to adopt best practices that enable them to:

• monitor internal activity
• automate regulatory compliance
• disclose information only to relevant counterparties and authorities
• adopt industry-wide governance procedures that will facilitate the updating of ledger implementations over time

NIST

NIST CSWP 9

A taxonomic approach to understanding emerging identity management systems in blockchain

Identity management systems (IDMSs) are widely used to provision user identities while managing authentication, authorization, and data sharing within organizations and on the web. Traditional identity systems typically suffer from single points of failure, lack of interoperability, and privacy concerns, such as enabling mass data collection and user tracking. Blockchain technology has the potential to alleviate these concerns: it can support users' ability to control custody of their own identifiers and credentials, enabling new models of data ownership and governance with built-in control and consent mechanisms. Therefore, blockchain-based IDMSs, which can benefit users and businesses, are beginning to proliferate. This work categorizes these systems into a taxonomy based on differences in blockchain architectures, governance models, and other important characteristics. Context is provided for the taxonomy through the description of related terms, emerging patterns, and use cases, highlighting relevant security and privacy considerations.

**
ISO**

International standards, technical barriers to trade, and WTO principles

To improve the quality of international standards and ensure the effective implementation of the TBT Agreement, the WTO/TBT Committee has developed six principles that clarify and strengthen the concept of international standards under the TBT Agreement and contribute to the advancement of its objectives.

These principles concern:

• transparency
• openness
• impartiality and consensus
• relevance and effectiveness
• coherence
• development dimension

All of the ISOs below comply with the WTO standards mentioned above.

ISO/TC 307
ISO technical committee responsible for developing international standards for blockchain and distributed ledger technologies, including security and governance.

Source: https://www.iso.org/committee/6266604.html

ISO/IEC 22739:2024(en): defines basic terms related to blockchain and distributed ledger technologies to clarify the meaning of terms and concepts used in other documents within the scope of ISO/TC 307 standards; applies to all types of organizations.

Introduction
This document defines terms related to blockchain and distributed ledger technologies (DLTs) to clarify the meaning of terms and concepts used in other documents within the scope of ISO/TC 307.

Clear, consistent, and coherent standards require clear, consistent, and coherent terminology. This document follows the rules and guidelines established by ISO/TC 37, Language and Terminology, for terminology standards.

This document applies to all types of organizations (e.g., commercial companies, government agencies, and non-profit organizations). The target audience includes, among others, academics, solution architects, customers, users, tool developers, regulators, auditors, and standards development organizations.

Source: https://www.iso.org/obp/ui/en/#iso:std:iso:22739:ed-2:v1:en

ISO/TR 23244:2020(en)
Technical report with an overview of privacy and the protection of personally identifiable information applied to blockchain systems and distributed ledger technologies (DLT)

Introduction
This document provides an overview of practical issues and concerns related to privacy and the protection of personally identifiable information (PII) in the context of blockchain and distributed ledger technologies (DLT) and their applications.

Privacy and PII protection issues are widely considered to be a major barrier to the adoption of DLT-based solutions. This document identifies and assesses known privacy-related risks and ways to mitigate them, as well as the potential for improving the privacy of blockchain and distributed ledger technology.

Source: https://www.iso.org/obp/ui/#iso:std:iso🇹🇷23244:ed-1:v1:en

ISO/TR 23455:2019(en)
Technical report providing an overview of smart contracts in blockchain and DLT systems, describing what these contracts are and how they work.

Source: https://www.iso.org/obp/ui/en/#iso:std:iso🇹🇷23455:ed-1:v1:en

ISO/TS 23635:2022(en)
Technical specification with guiding principles and framework for the governance of blockchain and DLT systems, and guidelines for compliance with this governance, including regulatory and risk contexts that support the efficient, effective, and acceptable use of DLT systems.

Source: https://www.iso.org/obp/ui/en/#iso:std:iso:ts:23635:ed-1:v1:en

ISO/TR 23576:2020(en)
Technical report discussing threats, risks, and controls related to systems that provide digital asset custody and/or exchange services to their customers.

Introduction
A digital asset custodian keeps clients' digital assets safe in order to minimize the risk of theft or loss. This document illustrates the risks, threats, and security measures that digital asset custodians consider, design, and implement to protect their clients' assets, based on best practices, existing standards, and research. For example, the management of signature keys for digital assets requires special attention, taking into account the specific nature of blockchain and DLT systems and the security challenges they face. An important topic discussed is the proper management of signature keys by digital asset custodians in order to prevent misuse and transactions by unauthorized persons.

Source: https://www.iso.org/obp/ui/#iso:std:iso🇹🇷23576:ed-1:v1:en

This government PDF explains ISOs and their standards in each field defined by ISOs, and is very similar to those described above, but it is good to read from various sources on the subject. I will post a brief comment on the PDF.

Conclusions
Blockchain and related technologies have the potential to revolutionize various industries by offering security, transparency, and process efficiency, especially in those that generate digital products with short expiration dates, such as airline, train, and bus tickets, event tickets, and others of this nature. However, cybersecurity risks and the complexity associated with blockchain systems require a careful regulatory approach to ensure system integrity and data protection, while preventing, in the case of cryptocurrencies, the use of these digital assets for money laundering or enabling the operation of criminal groups. The creation of robust standards and regulations is essential to maximize the benefits of blockchain and other DLT systems, maintaining user confidence and mitigating potential vulnerabilities.

Source: https://www.gov.br/gsi/pt-br/seguranca-da-informacao-e-cibernetica/osic/osic-15-24.pdf

NBR
The ABNT NBR ISO 22739:2024 standard - Blockchain and distributed ledger technologies - Vocabulary, developed by the Brazilian Committee on Information Technology and Digital Transformation (ABNT/CB-021), has been published. To participate in the Study Committees, send an email to: carolina.martins@abnt.org.brSiga or visit the LinkedIn page of (ABNT/CB-021), and learn more: https://lnkd.in/e4K9ePnj

I looked for information on standards, norms, and compliance in NBR in relation to blockchain, but I ran into the problem of having to pay to read it, so it would not be right to include any of that information here, even partially. If that is not a problem for you reading this post now, just click on the link above and follow the flow, where you will find the standard mentioned and purchase it.

Conclusion
The adoption of international technical standards that promote compliance in blockchain is fundamental to the consolidation of this technology in the global market. These standards not only increase the confidence of users and companies, but also allow different systems and networks to communicate effectively and securely. As blockchain continues to evolve, the creation and continuous improvement of these standards will be essential to ensure the integrity, privacy, and scalability of solutions, providing a more secure and harmonious future for all involved.

Sources:

• https://www.enisa.europa.eu/publications/blockchain-security
• https://www.enisa.europa.eu/news/enisa-news/enisa-report-on-blockchain-technology-and-security
• https://www.iso.org/committee/6266604.html
• https://www.iso.org/obp/ui/en/#iso:std:iso:22739:ed-2:v1:en
• https://www.iso.org/obp/ui/#iso:std:iso🇹🇷23244:ed-1:v1:en
• https://www.iso.org/obp/ui/en/#iso:std:iso🇹🇷23455:ed-1:v1:en
• https://www.iso.org/obp/ui/en/#iso:std:iso:ts:23635:ed-1:v1:en
• https://www.iso.org/obp/ui/#iso:std:iso🇹🇷23576:ed-1:v1:en
• https://www.iso.org/foreword-supplementary-information.html
• https://csrc.nist.gov/pubs/cswp/9/a-taxonomic-approach-to-understanding-emerging-blo/final
• https://www.gov.br/gsi/pt-br/seguranca-da-informacao-e-cibernetica/osic/osic-15-24.pdf
• https://abnt.org.br