Skip to main content

TRUst-Enhancing certified Solutions for SEcurity and protection of Citizens’ rights in digital Europe

Periodic Reporting for period 2 - TRUESSEC.EU (TRUst-Enhancing certified Solutions for SEcurity and protection of Citizens’ rights in digital Europe)

Reporting period: 2018-04-01 to 2018-12-31

TRUESSEC.EU is a Coordination and Support Action investigating the role of certification and labelling schemes in measuring the trustworthiness properties of ICT products. Within TRUESSEC.EU trustworthiness metrics were investigated and defined from a multidisciplinary legal, ethical, sociological, technical and business perspective. Emphasis was devoted to human rights and explicit individuals desires, when metrics to measure trust for ICT services are defined and assessed.

With this aim, TRUESSEC.EU works and results were sustained by three pillars:

A StakeHolders' Online Platform (SHOP), where associated cluster projects and stakeholders from industry, academia, governments and civil society gathered, participated in debates throughout Europe, were informed, and provided their opinions and feedback on the topics of the project.
A series of Support Analysis and Studies (SUPPA) from multidisciplinary perspectives on issues of trustworthiness certification and assurance, were set up and looked at the situation of trust-enhancing labels, barriers/incentives to industry adoption and consumer acceptance.
A set of Recommendations on European Trust-Enhancing Labels (ETEL) were offered and dealt with: methodological aspects of certification and assurance, a catalogue of criteria for labels and certifications, and regulatory aspects to foster their adoption, plus a strategic agenda.

Who was the project designed for?

The project was designed to inform EU Commission on the required steps to increase trust in ICT products. It did so by connecting and engaging with different stakeholders in various sectors of the digital economy and to leverage their perspective on what are the barriers, the incentives and the needs to develop more trustworthy ICT products. TRUESSEC.EU did not consider only one specific vertical market but worked horizontally across a number of them, however particular interest was devoted to digital health sector, where a number of issues related to privacy and trust of ICT products arise.

Why is it important for society?

TRUESSEC.EU project aims to increase consumer trust in ICT products, having at its core consideration for human rights and working on how to digitally re-instantiate them into ICT products. By understanding and identifying recommendations on how to solve existing tensions between end-users and service providers, TRUESSEC.EU aimed to inform a number of stakeholders, including EU Commission, policy makers and service providers on how more trustworthiness can be embedded into ICT services, for the benefit of individuals and their human rights.
Please briefly describe the results your project achieved so far

TRUESSEC.EU produced a number of multidisciplinary studies aiming at understanding current individuals desire for trust in ICT services and tensions from businesses to satisfy them. This resulted in a number of multidisciplinary support papers and a set of debates across different stakeholders taking place through the project stakeholders engagement platform SHOP.

6 sociological and ethical core values that represent the pillar on how trustworthiness metrics should be developed were identified, including: transparency, privacy, autonomy, anti-bias, respect and protection.

In parallel, TRUESSEC.EU conducted investigation of existing technologies able to translate these core values into technical solutions for trustworthy ICT products, while current gaps have been also identified. On the other end, TRUESSEC partners investigated businesses tensions to adopt these values and technologies in current ICT products. Legal requirements from ICT product legislation were investigated to understand where opportunities between compliance and incentives to create more trustworthy ICT products reside.
Impact to business: In addition to providing business-relevant questions (based on best practice) for the proposed TRUESSEC solution, the TRUESSEC consortium partners have found that the work undertaken has provided them with a standard best practice framework for when they engage with digital service providers. Therefore, before even the TRUESSEC recommendations have been fully developed and/or adopted by the EU, we feel that the day to day impact of understanding best business practices allows for better informed advice and support to those companies we work with.

Impact to Policy: Work developed has already impacted EU and UK policy. For instance, the data from the business survey on labelling and certification that ran as part of D6.1 was shared with the DG Connect to help inform its policy on certification and labelling and to additionally target responses to address the security certification of national critical infrastructure. In the UK, the work developed by TRUESSEC has informed a major industrial strategy challenge initiative to “design out” many classes of cyber threats by acknowledging that “Software based solutions allow for fast reaction to a changing threat landscape but can often be limited to individual vendors or vulnerabilities. Hardware, using the lessons learnt from software-based defences, can remove whole classes of attacks where the benefit can be far-reaching” .

In Austria, the University of Graz, thanks to Truessec, established a research network looking into the human factor in digital transformation. The University of Grass also used Truessec criteria as a starting point for a regional project looking at the assisted driving.

Finally, Truessec partner APWG is in the final stages of developing a platform or labelling portal as a proof of concept, which would benefit greatly Truessec stakeholders.