Liaison statement
LS on SG17 progress on child online protection

ITU-T Study Group 17 (SG17) is pleased to inform you that our Correspondence
Group on Child online protection (CG-COP) has been working to identify areas
where current technical standards fall short in addressing emerging online
threats to children.

Building on the gaps identified by the CG-COP (see Attachment 1), SG17 is
collaborating with ISO/IEC JTC 1/SC 27 and determined the IS text ISO/IEC
27566-1, Information security, cybersecurity and privacy protection — Age
assurance systems Part 1: Framework as  draft new Recommendation ITU-T X.1091
at SG17 meeting (Geneva, 3-11 December 2025), for TAP approval at SG17
e-plenary meeting on 9 April 2026.

Text of determined draft new ITU-T Recommendation X.1091 | ISO/IEC 27566-1 is
found in Attachment 2.

SG17 also established a new work item draft new Recommendation ITU-T X.PARCEP:
Interoperable Parental Control Enforcement Policies for Child Online
Protection” with the following scope and summary:

Scope

This Recommendation specifies a vendor-neutral shared data model and policies
for interoperable parental control policy exchange, synchronization, and
enforcement requirements across devices, operating systems, applications, 3rd
party online safety tools, and online services. It defines roles (guardians,
dependants, co guardians), trust and authorization models, security and privacy
requirements, minimal data collection principles, transparency indicators, and
a conformance profile enabling cross vendor interoperability. The
Recommendation does not prescribe UI/UX, business models, content taxonomies,
or jurisdictional rating schemes and does not require content scanning or
backdoors.

The Recommendation also covers integration with network-based enforcement at
CPE and ISP level as policy consumers within PARCEP. These apply household
rules across all connected devices using privacy-preserving methods (e.g.,
DNS-bound enforcement, time-based access control) without traffic decryption or
content scanning.

Summary

X.PARCEP provides the foundational ‘plumbing’ for families to manage consistent
household digital rules across heterogeneous ecosystems while preserving
privacy and encryption.

It covers:

(1) a normative data model for policies (screen time, schedules, feature/app
permissions, purchase approvals, content rating references),

(2) a secure policy transport and enforcement protocol (including discovery,
registration, update, revoke, and audit flows),

(3) role/delegation for multi household care, and

(4) security, privacy, and transparency requirements and a conformance test
profile.

X.PARCEP complements age assurance standards and automated content moderation
guidance. The Recommendation also enables integration with network-based
enforcement at CPE and ISP level, applying PARCEP policies across all connected
devices using privacy-preserving methods without traffic decryption or content
scanning.

SG17 will keep you informed about our progress and looks forward to more
collaborative effort with IETF ART/SEC areas & IAB working on this topic.

The CG-COP continues to function during the 2025–2028 study period. SG17
invites you to consider participation in its activities on child online
protection, including through its CG-COP mailing list:
t25sg17cgcop@lists.itu.int.