Forum Standaardisatie

Challenge

Forum Standaardisatie advises the Dutch government on open standards and maintains the “comply or explain” list: the standards that government organisations must either adopt or provide a justified reason for not doing so. Every standard on that list must first pass through a rigorous assessment procedure: is there an organisational problem the standard solves, is there sufficient support, does the governing body meet the criteria, and how does the standard relate to European and international developments? In addition, the Forum periodically commissions larger studies into areas where standardisation is either lacking or becoming critical, such as cloud services and citizen data sovereignty (Regie op Gegevens).

What we built

As senior researcher and advisor at Bureau Forum Standaardisatie, I contributed to ten public recommendations in 2021 and 2022, ranging from MIM to the extension of Digikoppeling with a REST API interface, the evaluation of construction standards (COINS, VISI, NLCS, and IFC), security.txt, and the removal of OWMS. Each recommendation follows the same procedure: draft expert advice, organise consultation, provide the Open Standards Steering Group with a substantiated proposal, and bring the Forum to a decision.

In addition, I carried out two larger studies:

Study on standardisation for cloud services (2023-2024). Together with Jeroen de Ruig (Waal en Berg), I mapped the international landscape of cloud standards on behalf of Forum Standaardisatie: which open standards exist for data portability, interoperability, and security, and where are the gaps the Dutch government encounters? The report was published in April 2024 and identified six key conclusions, including the absence of European standards for complex data portability, the overlap in security standards, and the impact of AI integration on vendor independence. The work received considerable coverage in publications such as Binnenlands Bestuur.

Exploration of standards for Regie op Gegevens (2022-2023). An earlier study commissioned by Bureau Forum Standaardisatie: which standards are needed to give citizens, businesses, and third parties control over their own data in interactions with government? The exploration distinguished generic standards for government-to-government interaction from specific standards for citizen, business, and third-party scenarios, and identified which of those categories were already on the Forum’s radar and which were not.

Key design decisions

• Assessment as a semantic question, not just a technical one. A standard succeeds or fails based on what it makes explicit and what it does not. An advisory report is more than a checklist: it must reveal which problem the standard solves and for whom.
• International context as the starting point for strategic topics. For cloud and Regie op Gegevens, no Dutch solution exists in isolation. The studies therefore begin with the European and international landscape and move from there to Dutch policy space.
• Public transparency. All recommendations and studies are published, including consultation responses and expert reports. This demands rigour and makes the work accessible to everyone affected by the standard.

Results and adoption

The recommendations form the public decision trail of the “comply or explain” list. MIM has been adopted as a recommended standard; Digikoppeling REST API has been admitted; COINS and OWMS were removed after substantiated evaluation. The cloud report is publicly available and is consulted in discussions on digital sovereignty, public cloud dependencies, and vendor lock-in; it has also contributed to the conversation on cloud standardisation at national and European level. The Regie op Gegevens exploration provided direction for the associated working group in 2023.