Internet Architecture Board (IAB) Comments on the Proposal for a Revision of Regulation (EU) No 1025/2012, also called the ‘EU Standardisation Regulation’
statement-iab-internet-architecture-board-iab-comments-on-the-proposal-for-a-revision-of-regulation-eu-no-1025-2012-also-called-the-eu-standardisation-regulation-00

On 2025-12-17, the IAB responded to the Public Consultation on the proposal for a revision of Regulation (EU) No 1025/2012, also called the ‘EU Standardisation Regulation.’ The IAB's comments are below.

Internet Architecture Board (IAB) Comments on the Proposal for a Revision of Regulation (EU) No 1025/2012, also called the ‘EU Standardisation Regulation’

The Internet Architecture Board (IAB), a technical committee in the Internet Engineering Task Force (IETF), the premier standards development organization (SDO) for the Internet, is pleased to provide input to the consultation.

We have kept most questions in the questionnaire blank; these questions are primarily targeted at European organizations and not relevant to a global SDO such as the IETF. What follows are a few contributions that are relevant to the review of 1025/2012.

Fragmentation

The IETF is the premier standards organization for the Internet. Should the EU wish to develop harmonized standards in the technology area for which the IETF is responsible, we risk global technology fragmentation, leading to inconsistencies and reduced interoperability across jurisdictions. The IETF operates according to the OpenStand principles, whereby SDOs respect the autonomy, integrity, processes, and intellectual property rules of other SDOs.

EU participation

With reference to questions in section H of the consultation, we want to clarify that, as a global standards organization, the IETF is open to participants from all countries and regions and does not give preferential treatment to the EU or any other region. The influence that individuals from a particular region or country have on standard-setting depends on their competence in the subject at hand. That competency is usually informed by research and development, implementation of the specifications in their products, or the use of standards in their operations. Programs that raise awareness of global SDOs, such as the IETF, would lead to higher participation, which in turn would increase influence. The recognition that IETF standards are on par with those of international SDOs may also help.

Participants from the EU already have a strong presence in the IETF, and the IETF’s established global meeting rotation includes one plenary meeting per year in Europe, which helps facilitate in-person participation from the EU.

Identification

Regulation 1025/2012 established an Identification process by which technical specifications from fora and consortia would be identified and used in procurement. We feel that the identification process never really matched the IETF’s processes. For instance, when the commission or a country carried forward a technology for identification, it was usually requested in broad categories, such as IPv6 or the Domain Name System (DNS). For instance, the ‘Commission Implementing Decision (EU) 2017/168 of 31 January 2017 on the identification of ‘Internet Engineering Task Force’ Technical Specifications for referencing in public procurement’ mentions 27 technologies. Those individual technologies are specified in one or more RFCs (RFCs are individual specifications, the building blocks of a technology). The implementing decision does not refer to any individual RFCs, raising the question of whether procurement based on specific RFCs is possible. For interoperability, procurement must be based on individual RFCs.

We therefore suggest changing the regulation to allow IETF Stream RFCs to be used in procurement without the overhead of identification. Since the publication of RFC8789 (in 2020), all IETF Stream documents are published with rough consensus. Before that, only Internet Protocol Standards or Best Current Practice (BCP) documents met the requirements of Annex II of 1025/2012.

Harmonized standards and the IETF

The IETF does not seek recognition as a European Standardization Organization (ESO). However, it is open to developing standards that are relevant to EU regulation or harmonization. Any IETF participant can propose the related requirements or solutions for the appropriate working group to consider.

Mutual awareness of policy requirements and standardization, such as those exchanged through the rolling program on ICT standardization produced by the Multistakeholder Platform for ICT standardization, is a valuable tool.

Further, there are working examples, such as our collaboration on the European Digital Identity Wallet, where IETF experts work with the commission on a document that provides an initial, informal overview of the current alignment between the European Commission’s technical requirements for the EUDI Wallet and relevant IETF technical specifications under development or review.

Our previous response.

In preparing this document, we reviewed our response to the EC’s RFI on Forums and Consortiums from 2010. Even though our processes and procedures have evolved, the considerations provided in that response are still relevant to the broader context in which this consultation takes place.