As technology becomes integrated into more aspects of our lives, the profile of risks associated with technology is also expanding. New advances in many kinds of technologies pose potentially, significant ethical challenges (e.g. ‘Artificial intelligence’ (AI), ‘Biotechnology’, or decarbonization technologies). This coincides with our increasing use of these technologies, creating potential risks at a macro-level (e.g. cybersecurity of a nation’s critical infrastructures) and at a micro-level (e.g. security of personal data and individuals’ vulnerability to online manipulation). Such risks are certainly to be expected with the advent of disruptive technologies and they are the price we have to pay for the great benefits these technologies offer us; it is a question of how well we recognize and mitigate these risks so as to ensure that new technologies can be used for the benefit of all.

Ethics of technology

Many governments around the world are turning their attention to the ethics of technology and the implications of fast-developing technology for future societies.

Ethics related to the use of ‘Artificial intelligence’ for automated vehicles, automated decisions, and consumer interactions are topics that are frequently raised[1] and governments will increasingly be expected to address concerns around digital harm, disinformation, antitrust and foreign interference.[2] The AI-enabled technologies of the future must benefit from effective ‘technical, legal, and ethical frameworks’, according to the UK Ministry of Defence. Ethical questions are perhaps most critical in the area of militarized AI, and the use of technology in conflict. While machines could behave without regard for human suffering, they may also more accurately calculate the costs of conflict. Complexities can be expected to arise if countries develop conflicting ethical and legal frameworks for AI, both in military contexts and more broadly.[3] Other key ethical issues related to AI systems are about unwanted bias, eavesdropping, and safety, and industry is already busy trying to address these. The ISO/IEC committee working on AI (ISO/IEC JTC 1/SC 42) has collected 132 use cases for AI, including ethical considerations and societal concerns for each (for more details, see ISO/IEC TR 24030:2021, Information technology – Artificial intelligence (AI) – Use cases).

When considering the ethics of using AI, however, it is equally important to consider the ethics of not using AI. The risks of using AI are frequently discussed, but one question that is not addressed often enough is – when does it become unethical for us not to use AI? For example, if AI technology could predict the next pandemic or speed up vaccine development, one could argue that it would be unethical not to use this technology. There are plenty of examples like this, for instance, a common question posed is: if an AI-enabled autonomous vehicle had to hit someone, who should it hit? But is this the right question if the proper use of AI-enabled autonomous driving can help save lives by reducing accidents overall?

Of course, AI is not the only emerging technology that could pose significant ethical challenges in the future. Advancements in biotechnology could – alone, or in combination with AI – lead to the creation of synthetic life forms or augmented human beings, with enhanced physical or cognitive abilities. How to regulate technologies that can fundamentally alter human capabilities or change the human gene pool “could prompt strident domestic and international battles” in coming decades (see ‘Gene editing’).[4] Even technological advances to treat diseases could engender political debates about the ethics of access (since treatments are likely to be available only to those who can afford them).[4] Not to mention continued ethical debates about genetically engineered crops and foods and their potential ecological or health-related consequences.[5]

As the climate crisis becomes more urgent, we may also soon face ethical issues related to the use of new technologies for decarbonization. While geoengineering technologies (carbon dioxide [CO2] removal and solar-radiation management) have for many years been considered morally unacceptable, they are now gaining more attention as potential solutions of last resort.[6] Ethical concerns here range from distributive justice for future generations or vulnerable populations (negative effects of geoengineering actions could disproportionately some countries or populations e.g. by increasing drought in Africa and Asia), to procedural justice questions (who should decide to use these technologies and how?).

News stories

AI is changing the way we interact with the world around us and this raises important and difficult questions about its impact on society. This is why the concept of responsible AI is crucial for the success …
Artificial intelligence (AI) has the potential to aid progress in everything from the medical sphere to saving our planet, yet as the technology becomes ever more complex, questions of trust arise. Increased …
Ethical decision making isn’t just another form of problem solving. As artificial intelligence (AI) grows in capability and influence, experts are treading uncharted territory to develop the International …
Smart organizations have long relied on data to help make strategic business decisions. But “big data” has its challenges that need to be addressed before it can have real impact. A new study group will …
Technical Committee
ISO/IEC JTC 1
Information technology
  • Published 3501 Standards | Developing 524 Projects
Technical Committee
ISO/IEC JTC 1/SC 42
Artificial intelligence
  • Published 28 Standards | Developing 33 Projects
  • ISO/IEC TS 12791 [Under development]
    Information technology — Artificial intelligence — Treatment of unwanted bias in classification and regression machine learning tasks
  • ISO/IEC AWI TS 22443 [Under development]
    Information technology — Artificial intelligence — Guidance on addressing societal concerns and ethical considerations
  • ISO/IEC 23894:2023
    Information technology — Artificial intelligence — Guidance on risk management
  • ISO/IEC TR 24368:2022
    Information technology — Artificial intelligence — Overview of ethical and societal concerns
Technical Committee
ISO/TC 241
Road traffic safety management systems
  • Published 4 Standards | Developing 1 Projects
  • ISO 39003:2023
    Road traffic safety (RTS) — Guidance on ethical considerations relating to safety for autonomous vehicles
Technical Committee
ISO/CASCO
Committee on conformity assessment
  • Published 38 Standards | Developing 6 Projects
  • ISO/TS 17033:2019
    Ethical claims and supporting information — Principles and requirements
Technical Committee
ISO/IEC JTC 1/SC 29
Coding of audio, picture, multimedia and hypermedia information
  • Published 616 Standards | Developing 105 Projects
  • ISO/IEC DIS 21617-1 [Under development]
    Information technology — JPEG Trust
    Part 1: Core Foundation
  • ISO/IEC AWI 21617-2 [Under development]
    Information technology — JPEG Trust
    Part 2: Trust profiles catalogue

Data privacy

“Trust and accountability are the new litmus tests for businesses in a world where digital is everywhere.”[7]

In the future, will data privacy be a thing of the past? Many sources agree that there is a clear trend towards the progressive loss of privacy that accompanies new developments in technology. According to the UK Ministry of Defence, “In the coming decades, every facet of one’s life is likely to be recorded by the ubiquitous presence of wearable devices, smart sensors and the ‘Internet of Things’”.[3] But at the same time, there is also a trend towards emphasizing privacy, for example, using privacy by design development. Once privacy-respecting technology is available, the market has the choice, and the global success of the European Union’s General Data Protection Regulation (GDPR) principles is an indicator of this trend.[8]

The use of biometric data, such as fingerprints and facial mapping, is increasing in both private (e.g. social media and personal technology products) and public (law enforcement and population surveillance) contexts.[9,10] Consumer trust will be an increasingly important issue as technology becomes increasingly prolific in everyday activities. Already, a majority of consumers are wary of connected devices and fearful of misuse of their personal data.[7,11] Some even suggest there may be a ‘digital bubble’, the bursting of which will be due in part to privacy concerns – “Concerns about data privacy have called into question whether digital technologies will continue to grow at this rate.”.[11] At the same time, companies are adjusting to market conditions and, if the market demands privacy, industry will develop appropriate products.[7] Industry needs to realize that privacy-respecting products are not much more expensive (if well done), but can instead provide a competitive advantage, since trust is a key decision factor for consumers faced with multiple options. Initiatives allowing the creation of ‘digital trust’, such as Yelp and Foursquare, are thus likely to grow in popularity.[12] Once society acknowledges that data has a value and therefore the data owner needs to be paid, a ‘new balance’ will be established. The question is, if and when such an acknowledgement may come…?

In the meantime, to reassure consumers, both government regulation and business leadership are necessary to establish privacy and data management standards that keep pace with emerging needs.[10] Indeed, this will be a growing consumer expectation.[7] Ultimately, it seems inevitably that technology will permeate almost everything we do and lead to enormous improvements in quality of life across society. However, these benefits will need to be carefully balanced with the accompanying risks to privacy and security.[12]

News stories

Cryptography is an important computer security tool that deals with techniques to store and transmit information in ways that prevent unauthorized access or interference.
For everyone concerned about online privacy, ISO/IEC 29184 has just been published.
ISO/IEC 27009, just updated, will enable businesses and organizations from all sectors to coherently address information security, cybersecurity and privacy protection.
Privacy protection is a societal need in a world that’s becoming ever more connected. As requirements for data protection toughen, ISO/IEC 27701 can help business manage its privacy risks with confidence. …
We are more connected than ever, bringing with it the joys, and risks, of our digital world. Cybersecurity is a growing concern, with attacks against business almost doubling over the last few years and …
On the eve of new EU regulations, and in the wake of recent large-scale data privacy breaches, a new ISO committee is leading the way with guidelines that put the consumer back in control.
Technical Committee
ISO/IEC JTC 1/SC 27
Information security, cybersecurity and privacy protection
  • Published 242 Standards | Developing 70 Projects
  • ISO/IEC AWI 5181 [Under development]
    Information technology — Security and privacy — Data provenance
  • ISO/IEC 24745:2022
    Information security, cybersecurity and privacy protection — Biometric information protection
  • ISO/IEC DIS 24760-1 [Under development]
    IT Security and Privacy — A framework for identity management
    Part 1: Terminology and concepts
  • ISO/IEC DIS 24760-3 [Under development]
    IT Security and Privacy — A framework for identity management
    Part 3: Practice
  • ISO/IEC WD 24760-4.3 [Under development]
    IT Security and Privacy — A framework for identity management
    Part 4: Authenticators, Credentials and Authentication
  • ISO/IEC DIS 27706 [Under development]
    Requirements for bodies providing audit and certification of privacy information management systems
  • ISO/IEC WD 27091.2 [Under development]
    Cybersecurity and Privacy — Artificial Intelligence — Privacy protection
  • ISO/IEC 27553-1:2022
    Information security, cybersecurity and privacy protection — Security and privacy requirements for authentication using biometrics on mobile devices
    Part 1: Local modes
  • ISO/IEC DIS 27553-2 [Under development]
    Information security, cybersecurity and privacy protection — Security and privacy requirements for authentication using biometrics on mobile devices
    Part 2: Remote modes
  • ISO/IEC 27556:2022
    Information security, cybersecurity and privacy protection — User-centric privacy preferences management framework
  • ISO/IEC 27557:2022
    Information security, cybersecurity and privacy protection — Application of ISO 31000:2018 for organizational privacy risk management
  • ISO/IEC 27559:2022
    Information security, cybersecurity and privacy protection – Privacy enhancing data de-identification framework
  • ISO/IEC TS 27560:2023
    Privacy technologies — Consent record information structure
  • ISO/IEC 27561:2024
    Information security, cybersecurity and privacy protection — Privacy operationalisation model and method for engineering (POMME)
  • ISO/IEC DIS 27562 [Under development]
    Information technology — Security techniques — Privacy guidelines for fintech services
  • ISO/IEC TR 27563:2023
    Security and privacy in artificial intelligence use cases — Best practices
  • ISO/IEC CD 27565.2 [Under development]
    Guidelines on privacy preservation based on zero knowledge proofs
  • ISO/IEC CD 27566-1 [Under development]
    Information security, cybersecurity and privacy protection — Age assurance systems — Framework
    Part 1: Framework
  • ISO/IEC WD 27566-3 [Under development]
    Age assurance systems
    Part 3: Title missing
  • ISO/IEC DIS 27701 [Under development]
    Information security, cybersecurity and privacy protection — Privacy information management systems — Requirements and guidance
  • ISO/IEC 29100:2024
    Information technology — Security techniques — Privacy framework
  • ISO/IEC 29134:2023
    Information technology — Security techniques — Guidelines for privacy impact assessment
Technical Committee
ISO/IEC JTC 1/SC 32
Data management and interchange
  • Published 109 Standards | Developing 16 Projects
  • ISO/IEC CD 15944-8 [Under development]
    Information technology — Business operational view
    Part 8: Identification of privacy protection requirements as external constraints on business transactions
  • ISO/IEC DIS 15944-12 [Under development]
    Information technology — Business operational view
    Part 12: Privacy protection requirements (PPR) on information life cycle management (ILCM) and EDI of personal information (PI)
  • ISO/IEC 15944-17:2024
    Information technology — Business operational view
    Part 17: Fundamental principles and rules governing Privacy-by-Design (PbD) requirements in an EDI and collaboration space context
Technical Committee
ISO/IEC JTC 1/SC 36
Information technology for learning, education and training
  • Published 56 Standards | Developing 8 Projects
  • ISO/IEC DIS 29187-1 [Under development]
    Information technology — Identification of privacy protection requirements pertaining to learning, education and training (LET)
    Part 1: Framework and reference model
Technical Committee
ISO/TC 260
Human resource management
  • Published 32 Standards | Developing 6 Projects
  • ISO/AWI 30439 [Under development]
    Human Resource Management — Data Privacy Standard
Technical Committee
ISO/PC 317
Consumer protection: privacy by design for consumer goods and services
  • Published 2 Standards
  • ISO 31700-1:2023
    Consumer protection — Privacy by design for consumer goods and services
    Part 1: High-level requirements
  • ISO/TR 31700-2:2023
    Consumer protection — Privacy by design for consumer goods and services
    Part 2: Use cases

Cyber-vulnerability

Increasing reliance on technology and the proliferation of digital devices in daily life will create increasing risks related to ‘Data privacy’, cyberattacks, and consequences of system failure.[3,13] The key factor for prevention is risk awareness and proactive risk mitigation.

New digital technologies present serious challenges for governments and organizations and cybersecurity will remain a priority as critical infrastructure is increasingly connected to online systems and technological dependence on the Internet continues to rise (see ‘Spread of the Internet’). Internationally, countries will have to respond to evolving cyber-threats and prepare for cyberattacks as an instrument of war, counterintelligence, and political interference.[9,13,14] One data breach can impact multiple nations sharing online systems.[15] If they are aware, national leaders may take appropriate steps to protect large-scale systems such as electrical, communications, financial, logistical, and food-production grids.[9] They need to be proactive. Common Criteria for Information Technology Security Evaluation or the EU Cybersecurity Act are two examples of such proactive ventures.

Questions around ‘cyber borders’ may be part of the discussion around ensuring protection from attacks therefore countries and organizations alike must prepare for developments in cyber-crime.[3] As increasing numbers of citizens are connected to, and reliant on, online networks, the potential for terrorist attacks will grow, if the system is not resilient enough and sufficiently protected.[9] For developing countries in particular, preparedness for cyber-threats will need to accompany digitalization programmes and development of connected systems.[16]

Finally, cyber-vulnerability does not exist only at the level of countries and organizations. Looked at from a slightly different perspective, the vulnerability of individuals is also set to increase because of their online exposure. For example, more people will get their information online, leaving them potentially more exposed to misinformation (‘fake news’), which could be used to manipulate individuals or even on a larger scale to influence public opinion.[13]

To effectively mitigate these risks related to cyber-vulnerability, people cannot rely on government action alone – society needs to be the driving force. Society needs to demand that organizations maintain highly sophisticated information security systems to foster consumer trust and remain competitive.[2]

News stories

Distrust pushes us into self-limiting stigmas, but International Standards can help us be confidently vulnerable and resilient.  
In an increasingly digital age, and one marked by misinformation and fake news, the big challenge is establishing trust in technology itself.  
Cyber-attacks are costly, disruptive and a growing threat to business, governments and society alike. Here’s how to protect your assets. 
Cyber-attacks are costly, disruptive and a growing threat to business, governments and society alike. Happily, an arsenal of standards helps stay ahead of the game. 
New standard just published to help keep the hackers at bay.
Why education is our best weapon against cybercrime.
New guidance on cybersecurity frameworks just published.
As the world gets more connected, so do our cars. But greater connectivity equates to more data that could get into the wrong hands. Cybersecurity in automotive engineering is an industry with the wind …
In our hyper-connected world, IT security covers not just our data but virtually everything that moves.
Industry experts estimate that annual losses from cybercrime could rise to USD 2 trillion by next year. With countless new targets added every day, especially mobile devices and connected “things”, a joined-up …
With technology becoming ever more sophisticated and offering both enhanced opportunities and new vulnerabilities and threats, there is a danger that organizations of every different type leave themselves …
Suppose a criminal were using your nanny cam to keep an eye on your house. Or your refrigerator sent out spam e-mails on your behalf to people you don’t even know. Now imagine someone hacked into your …
Technical Committee
ISO/IEC JTC 1/SC 27
Information security, cybersecurity and privacy protection
  • Published 242 Standards | Developing 70 Projects
  • ISO/IEC TR 5895:2022
    Cybersecurity — Multi-party coordinated vulnerability disclosure and handling
  • ISO/IEC TR 6114:2023
    Cybersecurity — Security considerations throughout the product life cycle
  • ISO/IEC WD 15408-1 [Under development]
    Information security, cybersecurity and privacy protection — Evaluation criteria for IT security
    Part 1: Introduction and general model
  • ISO/IEC WD 15408-2 [Under development]
    Information security, cybersecurity and privacy protection — Evaluation criteria for IT security
    Part 2: Security functional components
  • ISO/IEC WD 15408-3 [Under development]
    Information security, cybersecurity and privacy protection — Evaluation criteria for IT security
    Part 3: Security assurance components
  • ISO/IEC WD 15408-4 [Under development]
    Information security, cybersecurity and privacy protection — Evaluation criteria for IT security
    Part 4: Framework for the specification of evaluation methods and activities
  • ISO/IEC WD 15408-5 [Under development]
    Information security, cybersecurity and privacy protection — Evaluation criteria for IT security
    Part 5: Pre-defined packages of security requirements
  • ISO/IEC WD 18045 [Under development]
    Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Methodology for IT security evaluation
  • ISO/IEC 24392:2023
    Cybersecurity — Security reference model for industrial internet platform (SRM- IIP)
  • ISO/IEC FDIS 27031 [Under development]
    Cybersecurity — Information and communication technology readiness for business continuity
  • ISO/IEC 27032:2023
    Cybersecurity — Guidelines for Internet security
  • ISO/IEC 27036-2:2022
    Cybersecurity — Supplier relationships
    Part 2: Requirements
  • ISO/IEC 27036-3:2023
    Cybersecurity — Supplier relationships
    Part 3: Guidelines for hardware, software, and services supply chain security
  • ISO/IEC 27071:2023
    Cybersecurity — Security recommendations for establishing trusted connections between devices and services
  • ISO/IEC CD 27090 [Under development]
    Cybersecurity — Artificial Intelligence — Guidance for addressing security threats and failures in artificial intelligence systems
  • ISO/IEC WD TR 27103 [Under development]
    Information technology — Security techniques — Cybersecurity and ISO and IEC Standards
  • ISO/IEC AWI TR 27109 [Under development]
    Cybersecurity education and training
  • ISO/IEC WD TS 27115 [Under development]
    Cybersecurity evaluation of complex systems — Introduction and framework overview
  • ISO/IEC 27400:2022
    Cybersecurity — IoT security and privacy — Guidelines
  • ISO/IEC 27402:2023
    Cybersecurity — IoT security and privacy — Device baseline requirements
  • ISO/IEC FDIS 27403 [Under development]
    Cybersecurity – IoT security and privacy – Guidelines for IoT-domotics
  • ISO/IEC CD 27404 [Under development]
    Cybersecurity — IoT security and privacy — Cybersecurity labelling framework for consumer IoT
  • ISO/IEC 29147:2018
    Information technology — Security techniques — Vulnerability disclosure
  • ISO/IEC 30111:2019
    Information technology — Security techniques — Vulnerability handling processes
Technical Committee
ISO/TC 8
Ships and marine technology
  • Published 433 Standards | Developing 75 Projects
  • ISO 23799:2024
    Ships and marine technology — Assessment of onboard cyber safety
  • ISO 23806:2022
    Ships and marine technology — Cyber safety
Technical Committee
ISO/TC 22/SC 32
Electrical and electronic components and general system aspects
  • Published 161 Standards | Developing 35 Projects
  • ISO/PAS 5112:2022
    Road vehicles — Guidelines for auditing cybersecurity engineering
  • ISO/SAE CD PAS 8475 [Under development]
    Road vehicles — Cybersecurity Assurance Levels (CAL) and Targeted Attack Feasibility (TAF)
  • ISO/SAE AWI TR 8477 [Under development]
    Road vehicles — Cybersecurity verification and validation
  • ISO/SAE 21434:2021
    Road vehicles — Cybersecurity engineering
Technical Committee
ISO/TC 121
Anaesthetic and respiratory equipment
  • Published 111 Standards | Developing 39 Projects
  • ISO/CD TS 23543 [Under development]
    Guidance for developing cybersecurity requirements in anaesthetic and respiratory equipment standards
Technical Committee
ISO/TC 178
Lifts, escalators and moving walks
  • Published 43 Standards | Developing 15 Projects
  • ISO 8102-20:2022
    Electrical requirements for lifts, escalators and moving walks
    Part 20: Cybersecurity
Technical Committee
ISO/TC 215
Health informatics
  • Published 236 Standards | Developing 67 Projects
  • ISO/CD TS 6268-1 [Under development]
    Health informatics — Cybersecurity framework for telehealth environments
    Part 1: Overview and Concepts
  • ISO/WD TS 6268-2 [Under development]
    Health informatics — Cybersecurity framework for telehealth environments
    Part 2: Cybersecurity reference models of telehealth
  • ISO/IEEE 11073-40101:2022
    Health informatics — Device interoperability
    Part 40101: Foundational — Cybersecurity — Processes for vulnerability assessment
  • ISO/IEEE 11073-40102:2022
    Health informatics — Device interoperability
    Part 40102: Foundational — Cybersecurity — Capabilities for mitigation

References

  1. Digital megatrends. A perspective on the coming decade of digital disruption (Commonwealth Scientific and Industrial Research Organisation, 2019)
  2. The global risks report 2021 (World Economic Forum, 2021)
  3. Global strategic trends. The future starts today (UK Ministry of Defence, 2018)
  4. Global trends. Paradox of Progress (US National Intelligence Council, 2017)
  5. Global trends 2040. A more contested world (US National Intelligence Council, 2021)
  6. Ethics of geoengineering (Viterbi Conversations in Ethics, 2021)
  7. Technology vision 2020. We, the post-digital people (Accenture, 2020)
  8. Two years of GDPR. questions and answers (European Commission, 2020)
  9. Global trends and the future of Latin America. Why and how Latin America should think about the future (Inter-American Development Bank, Inter-American Dialogue, 2016)
  10. 20 New technology trends we will see in the 2020s (BBC Science Focus Magazine, 2020)
  11. Beyond the noise. The megatrends of tomorrow's world (Deloitte, 2017)
  12. Future outlook. 100 Global trends for 2050 (UAE Ministry of Cabinet Affairs and the Future, 2017)
  13. Global trends to 2030. Challenges and choices for Europe (European Strategy and Policy Analysis System, 2019)
  14. Global risks 2035 update. Decline or new renaissance? (Atlantic Council, 2019)
  15. Asia pacific megatrends 2040 (Commonwealth Scientific and Industrial Research Organisation, 2019)
  16. Foresight Africa. Top priorities for the continent 2020-2030 (Brookings Institution, 2020)