Compliance with MIMs, standards, specifications and certifications

Compliance with MIMs, standards, specifications and certifications


1. Introduction

This document reviews the different types of standards and specifications that might be relevant to the procurement processes and the role of certification in ensuring conformance. It covers the Minimal Interoperability Mechanisms (MIMs) as one type of standards-related specification and shows how they can help support interoperability while still allowing innovation in the offerings of the vendors.

Specifications refers to the set of requirements or attributes needed to describe a product or service. Providing specifications is a key part of any procurement process. When putting together specifications, re-using specifications that have already been developed is often helpful, as this saves time and makes it more likely that all the key issues will be covered.

Standards are sets of specifications, often along with wider guidance documentation, that have a certain amount of authority behind them, either because of the status of the organisation providing them, or because they have become the accepted set of requirements for a product or service followed by industry. Taking sets of specifications from standards not only means that the specifications are likely to have been well designed but also that there will be many products and services that have been designed to comply with them.

MIMs prioritise the most essential specifications contained within standards and offer guidance as to how to support a useful level of interoperability between different sets of standards-based specifications.

Where a formal process has been carried out by the vendor or an independent external auditor, certifications confirm compliance with a standard or prescribed set of criteria. Certifications usually are based on an agreed set of tests developed to show conformance to those specifications. This is an effective way to make sure that the specifications included in any procurement are appropriately addressed by the products and services offered by the vendors.

2. Understanding and identifying relevant standards, specifications and certifications

There are many different sources for standards and specifications and methods to certify them. Here, a brief landscape of standards, specifications, and certifications is provided to make it easier to find those that are appropriate for any procurement.

2.1 Standards

Standards provide sets of specifications that are clear descriptions of agreed best practices. They describe all the essential aspects of a product or service:

  • What it does and to what level of quality 1
  • What input it needs
  • What are the environmental requirements
  • What are the safety requirements
  • And so on…

They also provide a clear description of interfaces to all the other products and services that need to be linked to it to make it easier for end-to-end solutions to be developed.

The value of standards is based both on the quality of the technical specifications – these are developed by groups of acknowledged experts and go through a thorough process of review – and, just as importantly, on the agreement of key stakeholders to conform to those specifications, thus providing the foundation for the development of many products and services complying with those specifications.

There are many types of Standards bodies:

  • Industry consortia – developing open standards that meet industry concerns, Professional member organisations – developing standards that support their members in their work, and Foundations – bringing together experts to tackle common challenges. The standards produced will be followed by the companies and experts who are members of those organisations, and some have achieved wider credibility due to the quality of their work.
  • National standards bodies – recognised by all national stakeholders and with the role to ensure that the standards developed meet industry requirements and support government policies and priorities.
  • Regional and International standards bodies – recognised by all regional and international stakeholders.

Industry or professional bodies

These vary widely in terms of the range, quality and influence of the standards produced. Examples are the Open Geospatial Consortium (OGC) that develops geospatial standards, the Institute of Electrical and Electronics Engineers (IEEE) that develops standards related to a wide range of engineering concerns, and the OASIS Open Foundation that supports the development of standards related to open-source software and related issues.

National, European and International Standards Development Organisations

Almost every country has its own National Standards Development Organisation (SDO) that is set up and partially funded by the respective national government to ensure the development of standards needed to support the economy and the services needed by the citizens.

In many cases, it makes sense for these standards to be developed globally to support global trade and share the costs of standards development. Three international SDOs are recognised by the World Trade Organisation: ISO, IEC, and ITU.

ISO and IEC are two sister organisations governed by the national SDOs and undertake international standardisation in response to the requests of the national SDOs. IEC is the International Electrotechnical Commission and develops standards related to electrotechnology, while ISO undertakes standards pertaining to everything else. ISO and IEC have a Joint Technical Committee called JTC1 that develops ICT-related standards.

Some industry/professional bodies such as OGC and IEEE have unique relationships with ISO and IEC that allow standards they have developed and tested to be brought into the ISO and IEC standards development process to provide them with broader authority.

ITU is a UN-linked organisation that manages global telecommunications standards and agreements. Membership consists of national governments, companies, and academic organisations and standards are developed in response to the requests of its members. Because of the overlap of interests between ITU and ISO/IEC JTC1, a significant number of standards have been developed jointly.

ITU standards (or “recommendations”) are provided at no cost as ITU is fully funded by its members. In contrast, standards from ISO and IEC are typically sold as part of the funding needed to pay the costs of standards development.

In Europe, to promote the European common market and enable the free flow of products and services, three European Standards organisations have been set up to support harmonised standards among the member states. The European Committee for Standardisation (CEN) and the European Committee for Electrotechnical Standardisation (CENELEC) are the European versions of ISO and IEC and work closely with those two international organisations. The European Telecommunications Standards Institute (ETSI) has a similar role to ITU but functions independently of ITU. Like CEN and CENELEC, it usually charges for its standards unless the European Commission subsidises them.

De-facto standards

De-facto standards are sets of commonly used specifications that are not required or officially established. They usually result from a product or method dominating the marketplace. They may not have been through a formal process to gain consensus and may not have publicly available documentation. Some examples include the QWERTY keyboard layout and the Windows and Android operating systems.

De facto standards can gain status for a number of reasons, including: 

  • Being the first to arrive on the market;
  • The existence of a dominating organisation that sets specifications to enable other organisations to build specialist products and services on top of its core specification;
  • The costs involved when attempting to switch to another standard.

Finding relevant standards

Because of the many thousands of different SDOs, finding relevant standards can be very difficult. Clearly, the first place to look is the websites of the National, European and International Standards organisations. Still, even here, because of the multiplicity of specialist technical committees hosted by each SDO, it may not be easy to find the standards needed.

For Smart City-related standards, there is a good map of the leading international standards from the key international SDOs. The map is accessible at this webpage and provides a simple process to search for, and to navigate to, the standards needed.

StandICT, the ICT Standardisation Observatory and Support Facility in Europe has a range of excellent landscape reports on standards related to key topics such as Smart Cities, IoT, Digital Twins, CitiVerse, and ontologies. To read more about this, visit this websitepage. More details on CitiVerse are available also in Guideline on EU support and finance.

2.2 Specifications

In addition to considering the use of specifications provided by formal standards, it can be useful to find out whether any other city or community has procured a similar product or service and to see how far the specifications they have used are relevant to what you aim to achieve.

One challenge is how to find relevant sets of specifications. There is no central repository of information about procurements and the types of specifications. One source may be via Open & Agile Cities and Communities (OASC), a network of cities, communities, and regions. If there is a national digital twin initiative in your country, they may have a database of solutions and technical specifications. Otherwise, it will simply be a matter of using your existing networks.

Another problem is that it is challenging to ensure that the specifications offered are relevant and appropriate to your procurement. Firstly, the quality of the specifications will depend on the skills and expertise of the team that put them together. Secondly, careful investigation will be needed to confirm that the use case that the specifications were developed to address is similar enough to your use case that it will appropriately address all your key requirements.

2.3 Certifications

Formal certifications typically require the existence of an agreed set of tests developed to show conformance to those specifications. Because of this, certifications are usually only offered for the specifications included within official standards, and even there, not all standards have an agreed set of conformance tests.

Where formal tests for compliance exist, there are, broadly speaking, two levels of certification:

  • Self-certification, where the vendor offering the product or service certifies that these comply with the specifications. It is important that these are accompanied by test results to provide evidence that all the tests have been successfully passed, as this will be useful in terms of any disputes
  • Independent certification, where the tests are conducted by an official testing agency that can certify compliance. These have greater authority, but bring in an extra expense, which may deter smaller vendors with a more innovative product.

With regard to the MIMs, a formal set of conformance tests and certification mechanisms are being developed to facilitate the demonstration of MIMs compliance.

Should certification be required in any procurement, Article 43 of the Public Procurement Directive 2 provides a list of requirements for how this should be done, where the certifications can be considered as a type of label.

3. Minimal Interoperability Mechanisms (MIMs)


3.1What are MIMs?

The MIMs are tools to help support interoperability between different data sources. Achieving interoperability is one of the key reasons why standards are developed. However, there are two challenges regarding standards that have led to the need for the development of MIMs:

The first issue is that standards are often complicated, as they are developed to be as comprehensive as possible and cover all possible issues. This can make it quite difficult, costly, and time-consuming to comply entirely with standards. The MIMs aim to identify the most important requirements of standards, those that provide the most significant benefits regarding interoperability, in order to provide a solid and useful start to complete standards conformance.

The second issue is that several competing sets of standards often aim to achieve the same objectives, each with different strengths and weaknesses. Because of this:

  • It can be challenging for cities, communities, and the organisations that serve them to know which set of standards to follow;
  • Cities, communities, and the organisations that serve them may need to integrate data sources that follow different sets of standards.

The MIMs aim to address these two issues by providing a way to compare and contrast different sets of standards focusing on the same objectives and by offering interoperability guidance to help integrate data sources using different sets of standards.

3.2 MIMs structure

The MIMs are all being built using a standard methodology and structure.

MiMs

The value of the MIMs is that, by identifying the key capabilities needed for data sharing and translating these into requirements, it becomes possible to identify and compare alternative mechanisms to address those requirements. In this way, cities and communities can better assess which mechanisms are most appropriate for their use.

It also becomes easier to identify commonalities in these approaches – they use common, more basic standards, for instance. It is also easier to identify the common interfaces across which open APIs can be used. These are all described in the interoperability guidance that can be used as the basis for good enough interoperability.

In addition, a set of self-assessment tools and certifications are being developed to help check that any implementation conforms to the MIMs, and that products and services offered by vendors comply with the MIMs requirements.

3.3 Types of MIMs

There are two types of interoperability challenges that the MIMs aim to address:

  • Foundational issues
  • Application-specific issues

Foundational MIMs

Foundational MIMs address generic interoperability challenges.

One challenge relates to which overall approach to handling data a city should take, given that several options are open to them. The typical approaches cities use to access and integrate data sources are NGSI (NGSIv.2 or NGSI-LD) and Linked Data Event Streams. As another approach to linking data, some cities consider that, as geographic location is a key aspect of much city-related data, it makes sense to follow a geospatial basis, using standards from the Open Geospatial Consortium (OGC). Each of these approaches works well, though they have different strengths and weaknesses. However, it is not easy to bring interoperability between data sources that follow differing approaches.

When it comes to representing data, there are many different standards regarding data models and ontologies. Another challenge is that sometimes, cities must deal with data from proprietary sources that use data models developed by the software provider. Methods are therefore needed to enable data models used in different data sources to be aligned.

Another foundational challenge is that when different data sets are combined, it is important to identify information related to the same specific objects and other entities within each data set. For instance, to understand the information coming from many air quality sensors in the city, we need to know where each of those sensors is located – next to a busy road, near an industrial estate, next to a hospital or a place where vulnerable people are located. We also need to know other information such as wind direction, season of the year and so on. Only then can the data be used to understand causes, decide responses, and track the effectiveness of solutions.

Security is a big challenge when bringing together data from different sources from different organisations, as these organisations may have different approaches to managing data security. This can result in vulnerabilities when data is shared between them, and there is, therefore, a need to align on a set of common requirements to allow data to be shared safely.

Finally, to enable the setting up and management of effective and trustworthy data-sharing ecosystems, it is important to ensure that data sources provided within the ecosystem:

  • are made ‘accessible’ in line with the terms and conditions set by the data providers and are supplied to agreed service levels,
  • can be easily discovered, with sufficient information available to make decisions about a data exchange.

It is also important to ensure that different data-sharing ecosystems have a basic level of interoperability with each other to enable data sharing between them.

In all these instances, separate MIMs have been developed to ensure that whichever method a city, city department, or agency might use addresses all the key capabilities needed. Each MIM describes how each method addresses the requirements of that MIM, making it easier to compare and contrast them so that a city or community can choose the most appropriate one for its needs. Most importantly, the MIM provides methods to make integrating data from different sources easier by minimising the manual work needed.

The MIMs addressing these issues are best thought of as Foundational MIMs and cover Data Access, Data Representation, Data Interlinking, Data Security and Data Sharing/Collaboration.

Application-specific MIMs

The other kind of MIMs cover interoperability related to specific application areas, such as Personal Data Management, Geospatial Data, and potentially in the future, other domains such as mobility data and health data. Here, the challenge is to enable the interoperability of data within each of these different application areas.

The MIM on Personal Data Management focuses on how to ensure that individual citizens stay in charge of the way that data about themselves is used within the data-sharing ecosystem.

Focus box: More detail on the Personal Data Management MIM

The present focus section provides a description of the Personal Data Management MIM as an illustrative and applied example. This specific MIM has been chosen as it provides a concrete overview of a mature application-specific MIM, including a well-developed solution for interoperability between different specifications for data management.

There are different approaches to managing personal data, and given that a key requirement is that the individual needs to be in charge of which approach they want to use, the challenge is how to set up a data-sharing ecosystem that can handle interoperability between all these different approaches.

To do this, the MIM lists the different capabilities that citizens need to have to ensure they can maintain control of their data within the data-sharing ecosystem. It then uses this to identify the requirements these capabilities place on the data holders and data users in the ecosystem and any personal data intermediary that the individual might wish to use. Having done this, the common mechanisms that can meet those requirements are identified to provide guidance on how interoperability can be achieved between them.

The situation is complicated in terms of Personal Data Management because, as of yet, there are no mature standards relating to these different mechanisms. One way of achieving interoperability between these different mechanisms is to identify common APIs for approved Personal Data Management applications to access and use data relating to a particular individual when they can show that they have been authorised to do so by that individual. Such an API has been developed, along with detailed governance rules to manage its use and this has been shown to be sufficient to enable minimal, but sufficient interoperability between a range of different mechanisms.

Other ways to help align different personal data management mechanisms by identifying commonalities between them are being investigated as part of the ongoing work on that MIM.

The MIM on geospatial data covers how general data management approaches such as NGSI-LD and Linked Data Event streams can address the complexities of data sharing where there is a need to include data describing detailed geospatial aspects and/or data describing the built environment, specifically using standards from the Open Geospatial Consortium and Building Smart International.

Here, the base requirements are that the data source complies with the appropriate standard. Then, a series of potential methods to align the different data sets are outlined, and any additional requirements for each type of data to enable those methods to work are identified.

3.4 State of play

OASC manages the (global) MIMs development, and the European version of the MIMs, the MIMs Plus, is developed and managed by OASC in partnership with the Living-in.EU movement. MIMs were initially developed at a time when cities were beginning to experiment with using IoT data to develop applications such as smart parking. The challenge was to identify a common way for cities to collect and manage the data to enable applications developed for one city to be easily ported to another and data coming from one application in a city to be used in other applications in that city.

The scope of the MIMs has changed with the increasing sophistication of data use by cities and communities – but the aim is still to support data sharing within and between communities.

Because of these changes, the different MIMs are being reviewed and updated, and the requirements for new MIMs have been identified. Work is being undertaken at speed by working groups made up mainly of city experts. Several of the MIMs are already at a stage where they can be used by cities and communities. The latest stable version of each of the MIMs Plus can be found on the Living-in.EU website or on the OASC website.

3.5 The role of the MIMs in the technical specifications

One of the challenges of developing technical specifications for any procurement process is avoiding the two extremes of making these too detailed – or not detailed enough. If the technical specifications are too detailed, this can create unnecessary constraints for the vendors, which may stop them from offering innovative solutions that will meet the city's needs while providing added value. On the other hand, if the technical specifications are too loose or vague, solutions may be offered that are, for instance, not interoperable with other systems within the city. Here, the MIMs can help by focusing on the requirements needed to meet city objectives and allowing some flexibility in the way those requirements are met.

4. Customising standards and certifications in the procurement templates

Where appropriate, the procurement templates refer to relevant standards and to the MIMs. This is because standards and MIMs are carefully developed descriptions of good practice that comprehensively address the key issues. This helps to ensure that no key issue is accidentally missed in the requirements specified in the procurement process.

Standards and MIMs also provide requirements that are widely adopted in the market. This makes it easier for suppliers as they do not have to address many minor variations in the requirements specified in different procurements. This allows them to develop common products and services that many cities and communities will use, resulting in cost-effective products and the opportunity for products to be tested in many environments and continually improved.

If you want more details on how to tailor the procurement templates considering MIMs, please refer to Guideline on Technical specifications interpretation and tailoring. Concerning the procurement of specific tolls of Artificial Intelligence/Machine Learning and their relationship with MIMs, please refer to Guideline on AI/ML.

EC logo

These services are provided as part of the Local Digital Twins toolbox procurement - Advancing initial stages for the transformation of Smart Communities - Lot 1 and Lot 2, as described in the Digital Europe programme, and funded by the European Union.

© 2024. European Union. All rights reserved. Certain parts are licensed under conditions to the EU

The Commission’s reuse policy is implemented by Commission Decision 2011/833/EU of 12 December 2011 on the reuse of Commission documents (OJ L 330, 14.12.2011, p. 39 – https://eur-lex.europa.eu/eli/dec/2011/833/oj,). Unless otherwise noted (e.g. in individual copyright notices), content owned by the EU on this website is licensed under the Creative Commons Attribution 4.0 International (CC BY 4.0) licence. This means that reuse is allowed, provided appropriate credit is given and any changes are indicated. You may be required to clear additional rights if a specific content depicts identifiable private individuals or includes third-party works. To use or reproduce content that is not owned by the EU, you may need to seek permission directly from the rightholders. Software or documents covered by industrial property rights, such as patents, trade marks, registered designs, logos and names, are excluded from the Commission's reuse policy and are not licensed to you.