(A.) Policy and legislation

(A.1) Policy objectives

Establishing a coherent framework and conditions for cloud computing was one of the key priorities of the digital agenda for Europe. The digital single market strategy confirmed the importance of cloud computing, which is driving a paradigm shift in the delivery of digital technologies, enhancing innovation, digital single market and access to content. The Communication “2030 Digital Compass: the European way for the Digital Decade” sets two relevant goals for 2030: 75% business cloud adoption, and the deployment of 10 000 climate-neutral and highly secure edge nodes.

(A.2) EC perspective and progress report

By enabling data storage and processing, cloud and edge computing are key enabling technologies for the digital transformation.

In 2023, the European cloud computing market was worth over €110 billion and is forecast to reach €129 billion by 2024. The latest Eurostat data available (end of 2023) shows the current state of play in the European Union regarding the use of cloud computing by enterprises. The main findings are summarised below:

• 45.2 % of EU enterprises used cloud computing in 2023, mostly for e-mail, file storage, and office software.
• In 2023, among enterprises that purchased cloud computing services, 75.3 % were ‘highly dependent’ on cloud as purchasers of sophisticated cloud services.
• Compared with 2023, the use of cloud computing increased by 4.2 percentage points.

The development of the cloud computing market and the efficient delivery of cloud services particularly depend on the ability to build economies of scale. The establishment of a Digital Single Market will unlock the scale necessary for cloud computing to reach its full potential in Europe. EU-based cloud providers have only a small share of the cloud market, which leaves the EU exposed to dependency risks and limits the investment potential for the European digital industry in the data processing market. Also, given the impact of data centers and cloud infrastructures on energy consumption, the EU is taking steps to lead they way towards making these infrastructures climate-neutral and energy efficient by 2030, while using their excess energy to help heating homes, businesses and common public spaces.

The proposed actions follow the direction as outlined in the EU Communication on ICT standardisation priorities which identified cloud as a key priority for Europe. The actions include a follow-up of cloud standards coordination started in 2012/2013 when the Commission asked ETSI to coordinate stakeholders to produce a detailed map of the necessary standards (e.g. for security, interoperability, data portability and reversibility).

The Cloud Select Industry Group (C-SIG) has been open to all organisations, groups and individuals having a professional interest in cloud computing matters and are active in the European cloud market. The Communication “Unleashing the Potential of Cloud Computing in Europe” (2012) identified key actions to be supported by Cloud Select industry Groups. See section C1 below. The Commission is also pursuing international cooperation in the field of cloud computing, and a number of policy and joint research initiatives have been put in place with Japan, Brazil and South Korea and are ongoing with USA.

Cybersecurity is an important concern for users of cloud and edge computing. Under the Cybersecurity Act, ENISA is currently working on a draft Cybersecurity Certification Scheme for Cloud Services, which is regularly discussed with Member State experts in the EU cybersecurity certification group (ECCG). Once Member States reach consensus, the scheme will go through the comitology procedure to be adopted as an implementing act. The work of ENISA follows relevant work done as part of the study Certification Schemes for Cloud Computing ( SMART 2016/0029 ). In April 2018 the Commission launched two DSM (Digital Single Market) Cloud Stakeholder groups (https://ec.europa.eu/digital-single-market/en/news/cloud-stakeholder-work-ing-groups-start-their-work-cloud-switching-and-cloud-security). The DSM Working Group on Cloud Certification Scheme will begin exploring an EU certification scheme on cloud security. The Group consists of national cyber security authorities, cloud service provider, cloud service customer as well as auditing entities. The European Security Certification Framework (EU-SEC) strives to address the security, privacy and transparency challenges associated with the greater externalization of IT to Cloud services. EU-SEC will create a certification framework under which existing certification and assurance schemes can co-exist. EU-SEC is funded by Horizon 2020 and publishes its results at www.sec-cert.eu.

To enable customers to effectively switch between different cloud service providers, the Data Act removes vendor lock-in practices and sets minimum interoperability requirements. Article 30 paragraph 3 of the Data Act stipulates that when building open interfaces for their services, providers of Platform as a Service and Software as a Service must ensure compatibility with the standards and specifications published in a central Union standards repository for the interoperability of data processing services. Art. 35 paragraph 8 obliges the Commission to build this repository by means of implementing acts. To prepare this repository, the Commission will launch a study that will map the landscape of existing harmonised standards and open interoperability specifications that could qualify for recognition in the repository. The study will also seek to advice the Commission on possible gaps in the standardisation landscape, as the Data Act empowers the Commission to launch possible new requests for harmonised standards to European standardisation organisations. Previous work on interoperability and switching includes the CloudWatch2 project which (reported on the status of interoperability and security standards, developed a catalogue of cloud services and mapped EU cloud services and providers), a study on switching cloud providers (SMART 2016/0032), and SWIPO (self-regulatory codes of conduct to facilitate data portability and cloud switching in support of article 6 of the Regulation on the Free-Flow of Non-Personal Data, which ultimately did not gain the desired market traction https://swipo.eu/) These portability codes intend to support article 6 of the Regulation on the free-flow of non-personal data.

On 15 October 2020 all EU Member States signed a Declaration on building the next generation European cloud. A key role in building the European cloud plays the launch of the European Alliance for Industrial Data and Cloud . The objective of the Alliance is to establish a competitive European cloud supply and to foster cloud adoption in the EU private and public sectors, in order to build technological autonomy and data sovereignty in Europe. The Alliance will bring together the key EU industrial actors on the supply side and the demand side with Member States’ authorities. Its aim will be to substantially increase the share of EU suppliers on the European public cloud infrastructure market by 2030. More concretely the aim of the Alliance is to:

• Build the next generation cloud supply: the Commission is committed to co-invest in the interconnection and deployment across the EU.
• Deploy pan-European cloud marketplaces, which will offer users a single portal to cloud offerings meeting key EU standards and rules.
• Define common requirements for cloud services operating on the EU market. The future EU Cloud Rulebook will be developed by the Commission in close cooperation with Member States and in consultation with relevant stakeholders.

The JRC published a study on the relationship of open source software and standards setting at the end of 2019 ( https://ec.europa.eu/jrc/en/publication/eur-scientific-and-technical-research-reports/relationship-between-open-source-software-and-standard-setting ) . The objective of the study was to identify possible commonalities and barriers for interaction between standardisation and open source (OSS) processes and in particular the interplay between OSS and FRAND licensing in standardisation.

Open source continued to be a major driver of innovation in the area of Cloud services. Almost all Cloud services are largely based on open source technologies. The role of open source for Cloud interoperability and portability is of high importance.

(A.3) References

• Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (Data Act)
• Regulation (EU) 2018/1807 of the European Parliament and of the Council of 14 November 2018 on a framework for the free flow of non-personal data in the European Union
• COM(2016)176 “ICT Standardisation priorities for the digital single market”
• COM(2016)178 “European cloud initiative — building a competitive data and knowledge economy in Europe” (Along with SWD(2016)106 and SWD(2016)107)
• COM(2012)529 “Unleashing the potential of cloud computing in Europe”
• COM(2015)192 “A digital single market strategy for Europe”
• Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the EU (NIS Directive).
• COM(2021)118 “2030 Digital Compass: the European way for the Digital Decade”

The volume of data generated is greatly increasing. A growing proportion of data is expected to be processed at the edge, closer to the users and where data are generated. This shift will require the development and deployment of fundamentally new data processing technologies encompassing the edge, adding to those current and future developments concerning a centralised cloud-based infrastructure models

(B.) Requested actions and progress in standardisation

(B.1) Requested actions

The Communication on ICT Standardisation Priorities for the digital single market proposed priority actions in the domain of Cloud. Some actions are still relevant and mentioned below. Others come from the need to respond to the challenges of the Digital Decade Communication

Action 1: Identify needs for ICT standards and open source technologies to further improve the interoperability, data protection and portability of cloud services and continue or start respective development activities. In particular, a set of ICT standards, practices, and rules are needed to ensure (1) fair access to and use of data, (2) a trusted, legally compliant data sharing across parties, including data intermediaries and altruism organizations and (3) that data processing services are interoperable, such that switching between providers of data processing services. This should also take into account available open source technologies and their role for interoperability, data sovereignty, data protection and management of multiple clouds

Action 2: Promote the use of the ICT standards needed to further improve the interoperability, data sovereignty, data protection and portability of cloud services as well as multi-cloud management.

Action 3: Further strengthen the interlock between standardisation and open source in the area of Cloud and establish and support bilateral actions for close collaboration of open source and standardisation. Foster a level playing field that allows the use of Open Source procedures and deliverables where they make economic sense complementing or substituting standardisation.

Action 4: Promote international standards on service level agreements (SLAs) and usage of the cloud code of conduct (CoC).

Action 5: Promote the use of the ISO/IEC JTC 1 reference cloud architecture and define generic cloud architecture building blocks, taking into account available international standards. Map available standards to the generic cloud architecture building blocks. Define privacy, security and test standards for each building block. This will also help determine which standards can be used for open cloud platforms and architectures taking into account the key role of open source for cloud infrastructure design and implementations.

Action 6: Promote the development of adequate standards/open source developments to ensure a competitive playing field for cloud services provision in Europe and contribute to the green agenda.

Action 7: SDOs and open source communities to foster their collaboration, mutual exchange, integration of Open Source outcomes in SDO deliverables and identification of technologies, e.g. APIs, that have been developed in open source and could be standardised.

Action 8: SDOs should focus on addressing the edge/cloud X-continuum paradigm and standardisation challenges, taking into account available international standards. In particular, due to huge increase of connected devices and systems, several computing deployments are embracing the notion of computing continuum, where the right compute resources are placed at optimal processing points, i.e., cloud data centre, edge computing systems and end devices, This requires the support of: (1) continuum of technologies across sensors, connectivity, gateways, edge processing, robotics, platforms, applications, Al, and analytics, including underlying technologies like optical, wireless (cellular and non-cellular) and satellite communications, (2) continuum of intelligence and edge capabilities, (3) continuum of edge applications across vertical sectors and seamless integration.

Action 9: SDOs to contribute to the preparation of an overview of relevant harmonised standards and open interoperability specifications that respond to the legal requirements outlined in the Data Act and that could be recognised in the to-be-established common Union repository for the interoperability of data processing services.

Action 10: SDOs to Promote the development of a standard or a set of standards for processor sockets for cloud computing infrastructure.

(C.) Activities and additional information

(C.1) Related standardisation activities

CEN & CENELEC

When it comes to Cloud Security, CEN-CLC/JTC 13 ‘Cybersecurity and Data protection’ mirrors the activities of ISO/IEC JTC 1 SC 38 ‘Cloud Computing and distributed platforms’, and considers in this respect the potential adoption of International Standards as European Standards, where market relevant. CEN-CLC/JTC 13’s scope covers the development of standards for cybersecurity and data protection covering all aspects of the evolving information society. This includes notably: Management systems, frameworks, methodologies; Data protection and privacy; Services and products evaluation standards suitable for security assessment for large companies and small and medium enterprises (SMEs); Competence requirements for cybersecurity and data protection; Security requirements, services, techniques and guidelines for ICT systems, services, networks and devices, including smart objects and distributed computing devices.

CEN-CLC/JTC 13 developed the following deliverables:

• CEN/TS 18026:2024 “Three-level approach for a set of cybersecurity requirements for cloud services”
• CEN/CLC/TS 18072:2024 “Requirements for Conformity Assessment Bodies certifying Cloud Services” (under publication)

CEN/CLC JTC 25 ‘Data management, Dataspaces, Cloud and Edge’ was established in September 2024 to address standardization in cloud and edge computing areas including:

• Organizational frameworks and methodologies
• Smart technology, objects, distributed computing devices
• Cloud infrastructure and service management
• Edge computing architectures and deployments

The committee addresses cloud and edge computing through its Working Groups, particularly:

• WG 4: Cloud and Edge, focusing on standards for cloud service management, edge computing architectures, and the computing continuum.

CEN-CLC/JTC 25 aims to develop standards supporting the European cloud strategy implementation, particularly addressing the Data Act activities for cloud switching and interoperability. It took over the activities of the CEN/CLC Focus Group on Data, Dataspaces, Cloud and Edge, which was disbanded on December 31, 2024.

ETSI

ISG NFV (Network Functions Virtualisation): https://www.etsi.org/committee/NFV adapts standard IT virtualisation technologies, consolidating heterogeneous network infrastructures based on disparate, ad hoc equipment types onto industry standard servers, switches and storage. ISG NFV develops the NFV architectural framework to make more efficient the integration of edge computing and NFV.

GS NFV-EVE 011 documents the set of criteria to help characterize cloud-native VNFs.

GR NFV-REL 014 studies and evaluates reliability for cloud-native VNFs.

GS NFV-IFA 029 documents enhancements of the NFV architecture for providing “PaaS”-type capabilities and supporting virtualised network functions (VNFs) which follow “cloud-native” design principles.

Specifications and reports on container infrastructure management:

• GS NFV-IFA040 “Network Functions Virtualisation (NFV) Release 4; Management and Orchestration; Requirements for service interfaces and object model for OS container management and orchestration specification”
• GS NFV-IFA036 “ Network Functions Virtualisation (NFV) Release 4; Management and Orchestration; Specification of requirements for the management and orchestration of container cluster nodes”
• GR NFV-IFA038 “Network Functions Virtualisation (NFV) Release 4; Architectural Framework; Report on network connectivity for container based VNF”
• GS NFV-SEC023 “ Network Functions Virtualisation (NFV) Release 4; Security; Container Security Specification”
• GS NFV-SOL 018 “Network Functions Virtualisation (NFV) Release 4; Protocols and Data Models; Profiling specification of protocol and data model solutions for OS Container management and orchestration”

Specifications and reports on multi-site / multi-domain deployments

• GS NFV-IFA 032 “ Network Functions Virtualisation (NFV) Release 3; Management and Orchestration; Interface and Information Model Specification for Multi-Site Connectivity Services”
• GS NFV-IFA 030 “Network Functions Virtualisation (NFV) Release 3; Management and Orchestration; Multiple Administrative Domain Aspect Interfaces Specification”
• GR NFV-SOL 017 “Network Functions Virtualisation (NFV) Release 3 Protocols and Data Models Report on protocol and data model solutions for Multi-site Connectivity Services”

ETSI ISG NFV started cooperation with several open source projects. Especially a gap analysis was performed to align NFV standards with open source, see GS NFV-IFA 051. NFV works in close cooperation with OpenStack. Interfaces of CNCF are profiled to create specifications on container infrastructure management. Cooperation has started with LFN Anuket, Nephio, Sylva.

ISG MEC (Multi-access Edge Computing): https://www.etsi.org/committee/MEC offers to application developers and content providers cloud-computing capabilities and an IT service environment at the edge of the network. ISG MEC is developing a set of standardized Application Programming Interfaces (APIs) to enable MEC services. To application developers and content providers, the access network offers a service environment with ultra-low latency and high bandwidth and direct access to real-time network information that can be used by applications and services to offer context-related services. 
Relevant ISG MEC documents:

• The group led the publication of a White Paper on “MEC security: Status of standards support and future evolutions” written by several authors participating in ETSI ISG MEC, ETSI ISG NFV SEC and ETSI TC CYBER. The work identified aspects of security where the nature of edge computing leaves typical industry approaches to cloud security insufficient.
• Following the white paper, ISG MEC has completed a study on MEC Security (ETSI GR MEC041) and has commenced associated normative work, including API Gateway for Client Applications (ETSI GS MEC 060) with architectural impacts captured in the latest draft of the Framework and Reference Architecture specification (ETSI GS MEC 003).
• Also multi-MEC and MEC-Cloud environments can be relevant in this context. In the domain of Cloud Federation, ETSI ISG MEC published a study ETSI GR MEC 035.
• As a follow-up to the previous study (MEC 035), the group has completed the related normative work (ETSI GS MEC 040) to standardize MEC Federation Enablement APIs.
• A MEC specific testing methodology framework (ETSI GR MEC-DEC 025), which forms the basis for the creation of Conformance Test Specification for MEC APIs. These are captured in a multi-part deliverable comprising of Test Requirements and Implementation Conformance Statements (ETSI GS MEC-DEC 032-1); Test Purposes (ETSI GS MEC-DEC 032-2); and Abstract Test Suite in both TTCN-3 and the Robot Framework (ETSI GS MEC-DEC 032-3). Test Descriptions, with associated Interoperability Feature Statement templates, are also specified in support of MEC Interoperability testing (ETSI GS MEC-DEC 042).

ISG IPE (IPv6 Enhanced Innovation): https://www.etsi.org/committee/1424-ipe has published a report “IPv6 based Data Centers, Network and Cloud Integration”.

ISG NIN (Non-IP Networking): is investigating communications and networking protocols to provide the scale, security, mobility and ease of deployment required for a connected society. It is developing a forwarding plane standard that, while still supporting traditional Internet protocols, will also natively support new forms of routing, with a clean interface between the forwarding plane and the control and management planes. Thus, when accessing a service that might be provided at the edge or centrally, a client no longer needs to discover an IP address which identifies an interface to the equipment that provides the service, but can identify the service, content, etc, directly.

ISG ETI (Encrypted Traffic Integration): is exploring means to ensure the smooth integration of encrypted traffic to the operation of networks. The concern is that with an over enthusiastic approach to encryption the data required to manage the network effectively is hidden from management points (e.g. routers, switches, control planes). The intent of the work of the ISG is captured in the published problem statement (ETSI GR ETI 001) and is being addressed in ongoing work that endorses the Zero Trust Architecture wherein network elements have to attest to their function in the network before managing it.

ISG ZSM (Zero Touch Management): https://www.etsi.org/committee/ZSM. Provides a framework which enables the management of the network and services without human involvement. The automation of operation will ease the management of the edge-cloud continuum, and the enforcement of security and privacy policies.

ISG F5G (Fixed 5G): completed three releases for the F5G (ETSI GR F5G 001) and F5G Advanced (ETSI GR F5G 021) network generations. The F5G Advanced Use Cases (ETSI GR F5G 020) are driving the different F5G standards release requirements. Currently, release 3 is finalized and release 4 has been started. From the beginning of the ISG, the use of cloud services was a focus of F5G and the requirements for the fixed network have been specified for guaranteed and mission critical cloud services. Starting from the F5G Advanced generation, computing takes a prominent role within the F5G Advanced network, where the F5G Advanced architecture defines cross-plane computing to use computing for the optimization of networks and providing cloud-based services. Dedicated interfaces to cloud services and the interfaces between different cloud computing resources, which are located throughout the F5G Advanced network are defined in the F5G Advanced Architecture. The E2E F5G Advanced management provides specifications about how the F5G Advanced network should handle requests for Cloud based services to support them with the Optical Cloud Network (OCN) architecture.

OSM (Open Source MANO): http://osm.etsi.org/ developing an open source Management and Orchestration (MANO) software stack aligned with ETSI NFV.

ISG NIN (Non-IP Networking): is investigating communications and networking protocols to provide the scale, security, mobility and ease of deployment required for a connected society. It is developing a forwarding plane standard that, while still supporting traditional Internet protocols, will also natively support new forms of routing, with a clean interface between the forwarding plane and the control and management planes. Thus, when accessing a service that might be provided at the edge or centrally, a client no longer needs to discover an IP address which identifies an interface to the equipment that provides the service, but can identify the service, content, etc, directly.

ISO/IEC

ISO/IEC JTC 1/SC 27 Information security, cybersecurity and privacy protection

ISO/IEC 27017 — Code of practice for information security controls based on ISO/IEC 27002 for cloud services

ISO/IEC 27018 — Code of practice for personally identifiable information (PII) protection in public cloud acting as PII processors

ISO/IEC 27036-4 — Information security for supplier relationships — Part 4: Guidelines for security of cloud services

ISO/IEC JTC 1/SC 38 Cloud computing and distributed platforms:

A full suite of standards is available and in progress in ISO/IEC JTC 1 SC 38 on cloud computing technologies including, most notably, the ISO Cloud Reference Architecture but also work on vocabulary, SLAs, etc. This is complemented by work in ISO/IEC JTC 1 SC27 on cybersecurity and on more specific work as on Virtualisation. Below is a non-exhaustive list of relevant ISO standards.

https://www.iso.org/committee/601355.html

ISO/IEC 19086-1 — Cloud computing — service level agreement (SLA) framework — Part 1: Overview and concepts

ISO/IEC 19086-2 — Cloud computing — Service level agreement (SLA) framework — Part 2: Metric model

ISO/IEC 19086-3 — Cloud computing — Service level agreement (SLA) framework — Part 3: Core conformance requirements

ISO/IEC 19086-4 — Cloud computing — Service level agreement (SLA) framework — Part 4: Components of security and of protection of PII

ISO/IEC 19941 Cloud Computing — Interoperability and portability

ISO/IEC TR 22678 — Cloud Computing — Guidance for Policy Development

ISO/IEC TR 23186 — Cloud computing — Framework of trust for processing of multi-sourced data

ISO/IEC TR 23187 — Cloud computing — Interacting with cloud service partners (CSNs)

ISO/IEC TR 23613 — Cloud service metering and billing elements

ISO/IEC 23751 — Cloud computing and distributed platforms — Data sharing agreement (DSA) framework

ISO/IEC TR 23951 — Cloud computing — Best practices for cloud SLA metrics

ISO/IEC 22624 — Cloud Computing — Taxonomy based data handling for cloud services

ISO/IEC 22123-1 — Cloud computing — Part 1: Vocabulary

ISO/IEC 22123-2 — Cloud computing — Part 2: Concepts

ISO/IEC 22123-3 — Cloud computing — Part 3: Reference architecture

ISO/IEC TS 23167 — Cloud Computing — Common Technologies and Techniques (work in progress)

ISO/IEC TR 23188 — Cloud computing — Edge computing landscape (work in progress)

ISO/IEC TR 3445 — Cloud computing — Audit of cloud services

ISO/IEC 5140 — Cloud computing — Concepts for multi-cloud and other interoperation of multiple cloud services

ISO/IEC TS 5928 Cloud computing and distributed platforms — Taxonomy for digital platforms

ISO/IEC TS 7339 Cloud computing and distributed platforms — Cloud computing — Platform capabilities type and Platform as a Service (PaaS)

ISO/IEC 19944-1 Cloud computing and distributed platforms — Data flow, data categories and data use — Part 1: Fundamentals

ISO/IEC 19944-2 Cloud computing and distributed platforms — Data flow, data categories and data use — Part 2: Guidance on application and extensibility

ISO/IEC DTR 10822 — Cloud computing — Multi-cloud management — Part 1: Overview and use cases

ISO/IEC DTS 10866 — Cloud computing and distributed platforms — Framework and concepts for organizational autonomy and digital sovereignty

ISO/IEC 20151 — Cloud computing and distributed platforms — Dataspace concepts and characteristics

ISO/IEC 19274 — Cloud computing and distributed platforms — Networking in cloud computing and edge computing

ISO/IEC 20996 — Cloud computing — Cloud service customer business continuity and resilience

ISO/IEC JTC 1/SC 7 Software and systems engineering

ISO/IEC TS 25052-1:2022 Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE): cloud services — Part 1: Quality model

ISO/IEC NP TS 25052-2 ISO/IEC Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE): cloud services — Part 2: Measurement of Cloud Service Quality

ITU

ITU-T SG13 leads ITU’s work on standards for future networks and 5G and is the primary SG working on cloud computing and data handling. ITU-T SG13 produced Y.3500-series Recommendations and approved 42 Recommendations and 2 Supplements and has 23 ongoing work items covering different aspects of cloud computing (e.g. overview and functional requirements for data storage federation, cloud computing infrastructure requirements, functional requirements of knowledge as a service, principles of cloud native application development, functional requirements of computing resource abstraction, functional requirements of cloud resource optimisation, and cloud computing - functional requirements of function as a service).

In July 2022 SG13 set up an ad-hoc “Future ICT Evolution for emerging Web Era” to consider technology evolution in line with the future Web 3.0 era.

Y.Sup49 to ITU-T Y.3500-series (11/2018) - Cloud computing standardisation roadmap, including deliverables of various SDOs: 
https://www.itu.int/rec/T-REC-Y.Sup49/en .

Flipbook “Cloud computing: From paradigm to operation” with a collection of many ITU-T outputs on cloud computing:
https://www.itu.int/en/publications/Documents/tsb/2020-Cloud-computing-From-paradigm-to-operation/index.html

In the domain of Big Data for Cloud, ITU-T related work is listed in the Big Data chapter of this Rolling Plan.

More info: SG13 - Future networks and emerging network technologies (itu.int)

ITU-T SG11 is developing standards on cloud and edge computing with regard to signalling, monitoring and interoperability testing. SG11 developed several Recommendations which cover monitoring of cloud computing, signalling requirements of intelligent edge computing for different applications (e.g. data management interfaces for intelligent edge computing-based smart agriculture service and data management interfaces for intelligent edge computing-based flowing-water smart aquaculture system), interoperability testing of cloud computing and testing requirements for virtual switches (ITU-T Q.3914, ITU-T Q.4040-Q.4059-series, ITU-T Q.5001, Q.5007, Q.5011, Q.5028, Q.5029, Q.5030). The ITU-T Q.Supplement 65 “Cloud computing interoperability activities”, provides the summary information for cloud computing interoperability activities of existing standards development organisations (SDOs) and the groups, forums and open sources developing the specifications that have the potential to utilize cloud computing interoperability testing tools.

The ongoing work items of SG11 focus on: signalling requirements for orchestration supporting confidential computing in multi-access edge computing, protocol for supporting computing and network convergence in fixed, mobile and satellite convergence in IMT-2020 network and beyond, signalling requirements and interfaces of edge-aided energy management agent at intelligent edge computing, signalling architecture for microservices based intelligent edge computing, data management interfaces in educational robot system with intelligent edge computing, data management interfaces for public decision-making framework on Intelligent edge computing, data management interfaces for intelligent edge computing-based smart pest and disease management service.

SG11 developed several Recommendations which define signalling architecture and requirements for Computing Power Network (CPN) – ITU-T Q.4140-Q.4159 series.

More info: https://itu.int/go/tsg11

ITU-T SG20 develops standards on Internet of things (IoT), smart cities and communities. It also studies aspects related to edge computing for the Internet of things (IoT) which allows IoT deployments to be enhanced through data processing closer to the end device. ITU-T SG20 has approved the following Recommendations:

• Recommendation ITU-T Y.4122 “Requirements and capability framework of edge computing-enabled gateway in the IoT”
• Recommendation ITU-T Y.4208 “IoT requirements for support of edge computing”
• Recommendation ITU-T Y.4486 “Framework of cross edge decentralized service by using DLT and edge computing technologies for IoT devices”

Additionally, ITU-T SG20 is also progressing draft Recommendations and draft Supplements in this field, including:

• Draft Recommendation ITU-T Y.IoT-IIEC “Framework of the integrated intelligent IoT service based on multi edge computing”
• Draft Supplement ITU-T Y.Sup.EdgeIoT-usecases “Supplement to ITU-T Y.4208 - Use cases of edge computing based Internet of Things”

More info: https://itu.int/go/tsg20

ITU-T SG17 works on cloud computing security. It has approved four Recommendations:

• ITU-T X.1603 “Data security requirements for the monitoring service of cloud computing”,
• ITU-T X.1604 “Security requirements of network as a service (NaaS) in cloud computing”
• ITU-T X.1605 “Security requirements of public infrastructure as a service (IaaS) in cloud computing”
• ITU-T X.1606 “Security requirements for communication as a service application environments”. . SG17 is working on Security guidelines for container, distributed cloud, multi-cloud, edge cloud and Security requirements of cloud-based platform under low latency and high reliability application scenarios, network security situational awareness platform for cloud computing, etc.

More details here: https://www.itu.int/en/ITU-T/studygroups/2017-2020/17

IEEE

Cloud computing:

IEEE 2302, IEEE Standard for Intercloud Interoperability and Federation (SIIF), provides a model that allows a range of deployment topologies and governance, and can be applied to many application domains using different implementation approaches; IEEE P2303 Standard for Adaptive Management of Cloud Computing Environments.

Fog/Edge Computing:

Work is going on in IEEE P1934.1, “Nomenclature and Taxonomy for Distributing Computing, Communications and Networking along the Things-to-Cloud Continuum” and IEEE P1935 “Standard for Edge/Fog Manageability and Orchestration.”

More recently IEEE SA initiated a new family of standards on cloud-edge collaborative framework through its work on IEEE P2805.1 on “Self-Management Protocols for Edge Computing Node,” IEEE P2805.2 on “Data Acquisition, Filtering and Buffering Protocols for Edge Computing Node,” IEEE P2805.3 on “Cloud-Edge Collaboration Protocols for Machine Learning,” and IEEE P2961 on “Guide for an Architectural Framework and Application for Collaborative Edge Computing.”

With increased usage of cloud computing, cybersecurity is a core consideration. IEEE SA has initiated a pre-standards Industry Connections program to focus on “Cybersecurity of Agile Cloud Computing.”

For more information, see: https://ieee-sa.imeetcentral.com/eurollingplan/

IETF

The IETF has multiple groups working on standards for virtualization techniques, including techniques used in cloud computing and datacenters.

The Layer 2 Virtual Private Networks (L2VPN) Working Group produced specifications defining and specifying solutions for supporting provider-provisioned Layer-2 Virtual Private Networks (L2VPNs). They also addressed requirements driven by cloud computing services and data centers as they apply to Layer-2 VPN services. The L2VPN Service Model (L2SM) Working Group is tasked to created a data model that describes an L2VPN service.

The Layer 3 Virtual Private Networks (L3VPN) Working Group was responsible for defining, specifying and extending solutions for supporting provider-provisioned Layer-3 (routed) Virtual Private Networks (L3VPNs). These solutions provide IPv4, IPv6, and MPLS services including multicast.

The Layer Three Virtual Private Network Service Model (L3SM) Working Group was tasked to create a YANG data model that describes an L3VPN service (an L3VPN service model) that can be used for communication between customers and network operators, and to provide input to automated control and configuration applications.

The Network Virtualization Overlays (NVO3) Working Group develops a set of protocols and extensions that enable network virtualization within a datacenter environment that assumes an IP-based underlay. An NVO3 solution provides layer 2 and/or layer 3 services for virtual networks enabling multi-tenancy and workload mobility, addressing management and security issues.

The System for Cross-domain Identity Management (SCIM) Working Group worked on standardising methods for creating, reading, searching, modifying, and deleting user identities and identity-related objects across administrative domains, with the goal of simplifying common tasks related to user identity management in services and applications.

The Computing in the Network Research Group (coinrg) of the IRTF explores existing research and fosters investigation of “Compute In the Network” and resultant impacts to the data plane. The goal is to investigate how to harness and to benefit from this emerging disruption to the Internet architecture to improve network and application performance as well as user experience.

The Workload Identity in Multi System Environments (wimse) Working Group is chartered to address the challenges associated with implementing fine-grained, least privilege access control for workloads deployed across multiple service platforms, spanning both public and private clouds. The work will build on existing standards, open source projects, and community practices, focusing on combining them in a coherent manner to address multi-service workload identity use cases such as those identified in the Workload Identity Use Cases Internet Draft. The goal of the WIMSE working group is to identify, articulate, and bridge the gaps and ambiguities in workload identity problems and define solutions across a diverse set of platforms and deployments, building on various protocols used in workload environments. The WG will standardise solutions (as proposed standard) and document existing or best practices (as informational or BCP) per the Program of Work.

https://wiki.ietf.org/en/group/iab/Multi-Stake-Holder-Platform#h-312-cloud-and-edge-computing

Fraunhoffer Institute and OFE

The Fraunhoffer Institute and Open Forum Europe (OFE) have been carrying out a study on behalf of the European Commission, entitled “The impact of Open Source Software and Hardware on technological independence, competitiveness and innovation in the EU economy”. The study is in latest stages of being published (foreseen September 2021). The analysis estimates a cost-benefit ratio of above 1:4 and predicts that an increase of 10% of OSS contributions would annually generate an additional 0.4% to 0.6% GDP as well as more than 600 additional ICT start-ups in the EU. Case studies reveal that by procuring OSS instead of proprietary software, the public sector could reduce the total cost of ownership, avoid vendor lock-in and thus increase its digital autonomy. The study also contains policy recommendations including the promotion OSS in addition to standardisation as a further channel of knowledge and technology transfer, e.g., as an explicit dissemination channel for Horizon Europe projects.

OGF

Open Grid Forum (OGF) is a leading standards development organisation operating in the areas of grid, cloud and related forms of advanced distributed computing. The OGF community pursues these topics through an open process for development, creation and promotion of relevant specifications and use-cases.

http://www.ogf.org/

OMG

Object Management Group (OMG): the OMG’s focus is always on modelling, and the first specific cloud-related specification efforts have only just begun, focusing on modelling deployment of applications & services on the clouds for portability, interoperability & reuse. http://www.omg.org/

Hosted by the OMG is the Cloud Standards Customer Council, which has produced a series of customer-oriented white papers on diverse topics related to cloud computing, all of which are publicly accessible at: http://www.cloud-council.org/resource-hub.htm 

OneM2M

The oneM2M architecture is based on distributed computing capabilities, data management and storage, and it supports interworking with non-oneM2M entities and integrates with communication infrastructures. The oneM2M system operates in the cloud when the data are centralized. At the same time, separate oneM2M based cloud services may be federated as an alternative to the direct integration of dedicated data bases. The oneM2M standards also address edge related technologies for Automotive and Industry 4.0 domains. In 2018 oneM2M started a dedicated work item on Edge and Fog Computing (WI-0080). Different solutions have been developed, such as Edge/Fog offloading, dynamic service management, common service description /service-awareness, loosely/tightly coupled Edge/Fog Computing. The study of those solutions resulted in related normative work that contains advanced features and enhancements for oneM2M specifications TS-0001, TS-0004 and TS-0026. Specific studies are available as Technical reports as well as all specifications being made publicly accessible at: <https://onem2m.org/technical/published-specifications>.

Related guidelines are also provided in ETSI TR 103 527 V1.1.1 (2018-07) SmartM2M; Virtualized IoT Architectures with Cloud Back-ends.

OASIS

The Topology and Orchestration Specification for Cloud Applications (TOSCA) TC works to enhance the interoperability and portability of cloud applications and services, throughout the lifecycle of users’ needs, regardless of changes of cloud vendor or vendor interfaces. TOSCA enables the interoperable description of application and infrastructure cloud services, and changes to services (such as adding servers or storage), independent of the supplier creating the service, and any particular cloud provider or hosting technology. TOSCA is at the top of the list of “most used standards projects” in the Cloudwatch2 study. TOSCA’s base specification v1.0 and object model was issued in 2013. The TC developed a YAML profile for simple representations and data exchange; the current version 1.3 was issued in 2020. The OASIS TOSCA TC and ETSI NFV ISG cooperate to align their Network Functions Virtualisation (NFV) service models and specifications.

The Cloud Application Management for Platforms (CAMP) TC advances an interoperable protocol that cloud implementers can use to package and deploy their applications. CAMP defines interfaces for self-service provisioning, monitoring, and control. Common CAMP use cases include: moving on-premise applications to the cloud (private or public) or redeploying applications across cloud platforms from multiple vendors.

The OASIS Open Data Protocol (Odata) TC works to simplify the querying and sharing of data across disparate applications and multiple stakeholders for re-use in the enterprise, Cloud, and mobile devices. A REST-based protocol, OData builds on HTTP and JSON using URIs to address and access data feed resources. OASIS OData standards have been approved as ISO/IEC 20802-1:2016 and ISO/IEC 20802-2:2016.

The goal of the OASIS Virtual I/O Device (VIRTIO) TC is to simplify virtual devices, making them more extensible and more recognizable. It ensures that virtual environments and guests have a straightforward, efficient, standard, and extensible mechanism for virtual devices. Guest can use similar standard PCI drivers and discovery mechanisms for PCI devices of the VIRTIO family as for physical PCI devices.

The OASIS Infrastructure Data-Plane Function (IDPF) committee defines interoperable multi-vendor interfaces for devices, on physical or virtualised systems, based on the PCI Express (Peripheral Component Interconnect Express) high-speed serial expansion bus standard used in both virtualised data centers and physical motherboards. Standardized composition and sharing of networked devices allows for live migration and decoupling of data center tenants as well as operator infrastructure, significantly improving the portability of data and data center installations.

OFE

Recently Open Forum Europe (OFE) carried out a study on behalf of the European Commission, entitled “Standards and Open Source: bringing them together”. The aim of this study was to analyse and make practical progress on the collaboration models between SDOs and cloud open source software development initiatives, and to develop a roadmap of actions to improve the integration of open source communities in the standard setting process.

https://ec.europa.eu/digital-single-market/en/news/standards-and-open-source-bringing-them-together

W3C

The Web & Networks Interest Group explores solutions for web applications to leverage network capabilities in order to achieve better performance and resources allocation, both on the device and network. The group discusses requirements of a client, edge, and cloud coordination mechanism and its standardization in Client-Edge-Cloud coordination Use Cases and Requirements .

(C.2) Other activities related to standardisation

AIOTI

The Alliance for AI, IoT and Edge Continuum (AIOTI) has an active Working Group that focuses on standardisation, covering topics such as high-level architectures, landscape and gap analysis and semantic interoperability. In the area of cloud and edge computing, several reports were published on identifying high-priority standardisation gaps, standardisation contributions from EU-funded projects and various computing continuum scenarios. All deliverables can be found here: https://aioti.eu/resources-standardisation/

The AIOTI Focus Group on High-Level Architectures is working on guidance for IoT and Edge Computing Integration in Data Spaces. This report provides an analysis of the integration of IoT and edge computing in data spaces. It explains the context, provides a definition of data spaces, and enumerates the challenges of data spaces, as well as the positioning of data spaces in the AIOTI high-level architecture (HLA). It describes the relation to existing solutions: a construction approach relying on reference architecture standards and patterns; the use of reference architectures proposal from IDSA, oneM2M, ETSI MEC; the work carried out by several large-scale projects: PLATOON, INTERCONNECT, SmartBear, ASSIST-IoT. It provides recommendations for data space standards. The second report this group prepared is about Guidance for the Integration of Digital Twins in Data Spaces. This report focuses on the integration of digital twins in data spaces: it provides a context on data spaces, digital twins, IoT and edge computing and standardisation: it provides an analysis of the integration of digital twins in data spaces taking an architecture approach; it describes a large number of digital twin use cases in domains such as agriculture, connected vehicles, smart cities, energy, smart manufacturing; The document can be used to provide insights and sources for future standardisation work related to the integration of digital twins in data spaces. This document also leverages the following reports: The EU Observatory for ICT Standardisation (EUOS) published in June 2022 a report prepared by the StandICT technical work group (TWG) entitled Landscape of Digital Twins and BDVA report published in February 2024 prepared by the task force on data spaces and task force on standards entitled Data Sharing Spaces and Interoperability.

BSI

Cloud Computing Compliance Controls Catalogue (C5)

The C5 defines a baseline for cloud security, divided into thematic sections (e.g. organisation of information security, physical security), using mostly recognised security standards. C5 outlines prerequisites for a conformity assessment using international standards (ISAE 3000, ISAE 3402), adding cloud specific requirements, especially for transparency.

C-SIGs

The cloud select industry groups as a contribution from Europe to the global cloud standardisation community.

• Cloud Select Industry Group on Code of Conduct: the European Commission has been working with industry to finalise a code of conduct for cloud computing providers. The code of conduct supports a uniform application of data protection rules by cloud service providers. The Code of Conduct for Protection of Personal Data in cloud services has been published in June 2016. Strong relationship with ISO/IEC 27018 standard.
• Cloud Select Industry Group on Service Level Agreements: the goal of this subgroup is to work towards the development of standardisation guidelines for SLAs for cloud services. Work was submitted to ISO/IEC SC38 committee as input to the work on the 19086 standards.
• Cloud Select Industry Group on Certification Schemes: the Digital Single Market Strategy 2015 (DSM) committed the European Commission to delivering a European Cloud Initiative, including certification.

GICTF

Global Inter-Cloud Technology Forum (GICTF) is promoting standardisation of network protocols and the interfaces through which cloud systems inter-work with each other, to promote international interworking of cloud systems, to enable global provision of highly reliable, secure and high-quality cloud services, and to contribute to the development Japan’s ICT industry and to the strengthening of its international competitiveness.

http://www.gictf.jp/index_e.html .

GAIA-X

Gaia-X aims at developing common requirements for a European data infrastructure based on standards which ensure transparency and interoperability. GAIA-X addresses this requirement by aligning network and interconnection providers, Cloud Solution Providers (CSP), High Performance Computing (HPC) as well as sector specific clouds and edge systems. https://www.data-infrastructure.eu/ ”

OCC

The Open Cloud Consortium (OCC) supports the development of standards for cloud computing and frameworks for interoperating between clouds; develops benchmarks for cloud computing; and supports reference implementations for cloud computing, preferably open source reference implementations. The OCC has a particular focus in large data clouds. It has developed the MalStone Benchmark for large data clouds and is working on a reference model for large data clouds.

https://www.occ-data.org/

TM Forum

TM Forum: The primary objective of TM Forum’s Cloud Services Initiative is to help the industry overcome these barriers and assist in the growth of a vibrant commercial marketplace for cloud-based services. The centrepiece of this initiative is an ecosystem of major buyers and sellers who will collaborate to define a range of common approaches, processes, metrics and other key service enablers.

https://www.tmforum.org/ioe/

SNIA

Storage Networking Industry Association (SNIA): The Cloud Work Group exists to create a common understanding among buyers and suppliers of how enterprises of all sizes and scales of operation can include cloud computing technology in a safe and secure way in their architectures to realise its significant cost, scalability and agility benefits. It includes some of the industry’s leading cloud providers and end-user organisations, collaborating on standard models and frameworks aimed at eliminating vendor lock-in for enterprises looking to benefit from cloud products and services.

http://www.snia.org/cloud

 

(C.3) additional information

Open source projects address particular aspects of cloud computing (e.g. OpenStack (IaaS), the Open Networking Foundation (ONF), Cloud Foundry (PaaS), Docker (Container technology) and kubernetes) and as such, open source communities should be encouraged to collaborate with standardisation and submit their APIs for standardisation.