THE EUROPEAN COMMISSION,

Having regard to the Treaty on the Functioning of the European Union,

Having regard to Regulation (EU) No 1025/2012 of the European Parliament and of the Council of 25 October 2012 on European standardisation, amending Council Directives 89/686/EEC and 93/15/EEC and Directives 94/9/EC, 94/25/EC, 95/16/EC, 97/23/EC, 98/34/EC, 2004/22/EC, 2007/23/EC, 2009/23/EC and 2009/105/EC of the European Parliament and of the Council and repealing Council Decision 87/95/EEC and Decision No 1673/2006/EC of the European Parliament and of the Council(1), and in particular Article 13(1) thereof,

After consulting the European multi-stakeholder platform on ICT standardisation,

Whereas:

(1) Standardisation plays an important role in supporting the Europe 2020 strategy, as set out in the Communication from the Commission entitled ‘Europe 2020: a strategy for smart, sustainable and inclusive growth’(2). Several flagship initiatives of the Europe 2020 strategy underline the importance of voluntary standardisation in product or services markets to assure the compatibility and interoperability between products and services, foster technological development and support innovation.

(2) In the digital society standardisation deliverables become indispensable to ensure the interoperability between devices, applications, data repositories, services and networks. The Communication from the Commission entitled ‘A strategic vision for European standards: moving forward to enhance and accelerate the sustainable growth of the European economy by 2020’(3) recognises the specificity of ICT standardisation where ICT solutions, applications and services are often developed by global ICT Fora and Consortia that have emerged as leading ICT standards development organisations.

(3) Regulation (EU) No 1025/2012 aims at modernising and improving the European standardisation framework. It establishes a system whereby the Commission may decide to identify the most relevant and most widely accepted ICT technical specifications issued by organisations that are not European, international or national standardisation organisations. The possibility to use the full range of ICT technical specifications when procuring hardware, software and information technology services will enable interoperability, will help avoid lock-in for public administrations and will encourage competition in the supply of interoperable ICT solutions.

(4) The ICT technical specifications that may be eligible for referencing in public procurement must comply with the requirements set out in Annex II to Regulation (EU) No 1025/2012. Compliance with those requirements guarantees the public authorities that the ICT technical specifications are established in accordance with the principles of openness, fairness, objectivity and non-discrimination that are recognised by the World Trade organisation (WTO) in the field of standardisation.

(5) The decision to identify the ICT specifications is to be adopted after consultation of the European multi-stakeholder platform on ICT standardisation set up by Commission Decision 2011/C 349/04(4) complemented by other forms of consultation of sectoral experts.

(6) On 17 October 2013, the European multi-stakeholder platform on ICT standardisation evaluated a first set of six ICT technical specifications: internet Protocol version 6 (‘IPv6’), Lightweight Directory Access Protocol version 3 (‘LDAPv3’), Domain Name System Security Extensions (‘DNSSEC’), DomainKeys Identified Mail Signatures (‘DKIM’), ECMAScript-402 Internationalisation Specification (‘ECMA-402’) and Extensible Markup Language version 1.0 (‘W3C XML’). The platform gave a positive advice concerning the identification of those specifications. The six technical specifications were subsequently submitted to a broad public consultation that confirmed the advice of the Platform.

(7) ‘IPv6’ specification issued by the internet Engineering Task Force (IETF) comprises a set of technical specifications to be applied to a broad range of equipment and services through different sets of ‘Requests for Comments’ (RFCs). Depending on the context and the application, public procurers would need to select those RFCs that are needed for each product or service without hampering interoperability. ‘IPv6’ expands the number of available IP addresses thereby allowing the increasing number of operating systems, web servers, search engines and multimedia sites to interact successfully. ‘IPv6’ is based on advanced technological developments and supports the continuing growth of the internet, enabling new internet scenarios such as internet of Things.

(8) ‘LDAPv3’ is an internet Protocol issued by internet Engineering Task Force (IETF) for accessing distributed directory services that act in accordance with X.500 data and service models. ‘LDAPv3’ is specified in a series of IETF Standard Track ‘Requests For Comments’ (RFCs) set out in detail in RFC 4510-to-4519 and is able to ensure a high availability with a replication of LDAP servers. Most products for directory services with relevance to the market support ‘LDAPv3’. This is a stable technology that has the potential to increase interoperability and constitutes a de-facto standard for authentication, authorisation and user-/address-directories for ICT systems that can provide better accessibility and continuity especially for public services to be delivered by the public administration.

(9) ‘DNSSEC’ was issued by internet Engineering Task Force (IETF) and is a security extension of the Domain Name System (DNS) that provides data origin authentication and data integrity protection to the Domain Name System (DNS) itself. The ‘DNSSEC’ identification comprises the set of documents that form the core of the DNS security extensions that are needed to support public procurement of the ‘DNSSEC’ block. With ‘DNSSEC’ the DNS is better suited for the exchange of security service parameters that are coupled to domain names. This enhances the trust in the DNS (a critical and fundamental internet service) as a whole and thereby allows its use for certificate storage, distribution and verification infrastructure of applications.

(10) ‘DKIM’ is an ICT technical specification developed by internet Engineering Task Force (IETF) that permits a person, role or organisation that owns the signing domain to claim some responsibility for a message by associating the domain with the message. DKIM separates the question of the identity of the signer of the message from the purported author of the message. Assertion of responsibility is validated through a cryptographic signature and by querying the signer's domain directly to retrieve the appropriate public key. ‘DKIM’ is implemented across several market sectors, i.e. the financial and banking sector, e-mail providers, social networks or internet commerce providers. If used by public authorities, ‘DKIM’ would establish a basic level of trust in the origin of communications so that interoperability between sending and receiving organisations improves.

(11) ‘ECMA-402’ developed by Ecma International is a general multipurpose programming language described by several specifications that adapt to the linguistic and cultural conventions used by different human languages and countries. The range of ECMAScript is a widely used programming language on the Web, also in Europe. Its usage is very broad, covering web-client based applications like web-browsers, or server-based applications like electronic banking, e-mail severs or even computer games and is also an important programming language used for the World Wide Web. The internationalisation features offered by ECMA-402 are a particularly relevant enhancement of ECMAScript for the multi-linguistic European environment. ECMAScript specifications and standards effectively contribute to an improved interoperability and are very commonly included in national lists of interoperability standards and specifications for public procurement purposes.

(12) ‘W3C XML’, issued by World Wide Web Consortium (W3C), is a package of related data structuring specifications that promote widely-scalable sharing of information and computational resources. XML version 1.0 is one of the most widely-used formats for sharing structured information today and many other data format specifications are built on extensions of XML. Its pervasive use as both a person-to-person format and a computer-to-computer format for communicating information makes it an inextricable element of most internet usage. Procurers would need to select the specifications that match the requirements for which they need to procure. The widespread penetration of XML in the world's data stores and networks will ensure that it will be a key format for global ICT interoperability among applications, services and products for decades to come,

HAS ADOPTED THIS DECISION: