– Output standards (46, see Annex A):
- TAP approval (10): Details are in Annex A a).
- TAP not approved (0): Details are in Annex A b).
- TAP determined (12): 11 new and 1 revised Recommendations. Details are in Annex A c).
- AAP consented (12): 10 new and 2 revised Recommendations for AAP Last Call. Details are in Annex A d).
- Agreed (12): 1 new Supplement, 1 new erratum, 7 Technical Reports and 3 SG17 documents. Details are in Annex A e).
– New work items (55, see Annex B) were established, one work item was discontinued (see Annex C)
– New OID registration authority for Senegal: {joint-iso-itu-t(2) country(16) sn(686)}
– SG17 Correspondence Groups
- Terminated:
- CG-SECAPA (Correspondence Group on Security Capability and Architecture),
- CG-AISEC-STRAT (Correspondence group on Strategy for AI security in Telecommunication/ICTs).
- Continued:
- CG-COP (Child online protection): continued existing ToR (ref. Annex G of SG17-R1).
- CG-RES-MODERN (Correspondence group to SG17 restructuring and modernization): continued with slightly modified ToR in TD185/P
– Agreement on SG17 Content Week format (see section 3)
– SG17 structure updates (pending TSAG endorsement)
- Creation of new Question 16/17 on AI Security
- Merge of Question 3 and Question 10
- Amendment of Question 7
- Termination of JCA-COP
- Creation of JRG-CQR
– SG17 Modernization (outcome since the last meeting)
- Efficiency: new SG17 plenary format with reinforcement of Working Party roles
- WP openings in parallel,
- Questions closing in sequence within their WP,
- Plenary sessions to process LS/o helped gained nearly 2x4 hours of WP and SG17 closing plenary meetings times
- Quality:
- 55 new work items established out of 65 proposed (85%),
- all WP4 first interim meeting 8 decisions were approved without reopening the texts.
- Coordination:
- CEN/CENELEC, IETF, ETSI, FIRST, OIDF relationships reinforced
- Visibility:
- SG17 workshop for newcomers in demand by 2 member states after first success in the United States
- TSB Communications team engaged
- much improved newcomer's session
- Industry Engagement:
- 37 engaged invited experts vs 9 at the last meeting leading to 5 formal requests for membership and around 10-15 leads in progress
- New type of industries as end-users attended
- especially from finance sector: Statestreet, AXA, JP Morgan
- this is strategic in the long term to help establishing standardization in the field of security
- Net new sector members: Thales, Cognizant, Amazon, Zscaler
- Net new associate members: Metomic, Logically AI, ServiceNow
3 Future SG17 meetings
3.1 WP/SG/workshop events,
| date | Venue | event | Scope |
| 6 Feb 2026 | MyWorkspace | SG17 virtual plenary | TAP approval of common text
X.1058rev | ISO/IEC 29151. See Col 5/17 |
| 30-31 March 2026 | Geneva | SG17 1st content week | workshop Trustable and interoperable digital identities for humans and AI agents |
| 1 April 2026 | Geneva | | RGMs (see 3.2 below) |
| 2 April 2026 | Geneva | | WP1, 2, 3, 4/17 meetings |
| 9 April 2026 | MyWorkspace | SG17 virtual plenary | TAP approval of common text
X.1901 (ex X.aas) | ISO/IEC 27566-1. See Col 6/17 |
| 14 May 2026 1300-1800 | Geneva | 5th ITU X.509 Day event | Organize with GSMA, physical + remote |
| June 2026 (during SG17 meeting) | Geneva | Workshop on globally interoperable digital identity | |
| Tue 2 – Thu 11 June 2026 | Geneva | SG17 meeting | SG17 plenary meeting in 2025-2028 Study Period |
| 10 July 2026 (during AI4Good 2026) | Geneva | Agentic AI security workshop | |
7-11 Sept 2026 | Chongqing, China (TBC) | SG17 2nd content week | Workshop, RGMs, and WP meetings. (Planning) |
3.2 Interim RGMs
12 Questions plan to hold the following 18 RGMs in the interregnum period before SG17 June 2026 meeting:
#
| Q
| Date | Place/Host | Subject/objective |
| 1. | 1/17 | 4 March 2026 | MyWorkspace | Discussion on trust and ongoing WIs |
| 2. | 1/17 | 30 March – 1 April 2026 (SG17 content week) | Geneva+remote | Discussion on trust |
| 3. | 2/17 | 30 March – 1 April 2026 (SG17 content week) | Geneva+remote | - prepare texts for action in the next SG17 meeting: XSTR.FMSC-IMT2030, X.ztmc, XSTR.sa-ran, XSTR.sec-int-cpc and XSTR.srsec
- review all work items and identify future topics for Q2/17
|
| 4. | 3/17 | 13:00-14:00 CET 2 February 2026
| MyWorkspace | X.1058rev TAP consultation result |
| 5. | 3/17 | 13:00-14:00 CET 4 February 2026
| MyWorkspace | Discussion on X.cdc-csirt |
| 6. | 4/17 | 30 March – 1 April 2026 (SG17 content week) | Geneva+remote | Discuss ongoing WIs |
| 7. | 6/17 | 30 March – 1 April 2026 (SG17 content week) | Geneva+remote | JCG-IoTSec related issues |
| 8. | 7/17 | 30 March – 1 April 2026 (SG17 content week) | Geneva+remote | Application security including AI security. |
| 9. | 7/17 | May 2026 | MyWorkspace | Progress on AI security strategy |
| 10. | 8/17 | 30 March – 1 April 2026 (SG17 content week) | Geneva+remote | Progress on WIs for action and potential new work items |
| 11. | 10/17 | 30 March – 1 April 2026 (SG17 content week) | Geneva+remote | X.srm-ssc, and all other Q10 work items |
| 12. | 10/17 | May 2026 | MyWorkspace | all Q10 work items |
| 13. | 11/17 | 13-17 April 2026 | Seoul (Republic of Korea) | Joint ISO/IEC/JTC 1/SC 6/WG 10 and ITU-T Q11/17 meeting, see TD 131/1 |
| 14. | 13/17 | 30 March – 1 April 2026 (SG17 content week) | Geneva+remote | - Finalization of X.idse, X.af-sec, X.evpnc-sec, X.fod-sec
- Progress on on-going items - Initial discussion on new work items |
| 15. | 13/17 | 8 - 9 July 2026 | Seoul+remote | - Progress on on-going items - Initial discussion on new work items |
| 16. | 14/17 | 30 March – 1 April 2026 (SG17 content week) | Geneva+remote | Progress on WIs for action and potential new work items |
| 17. | 15/17 | 30 March – 1 April 2026 (SG17 content week) | Geneva+remote | - Review documents for agreement on TR.kdc_qkdn, TR.QKDN-SP - Review potential new WI on XSTR.FMSC-SP |
| 18. | 15/17 | 27-30 April 2026 | Japan/TTC | - Finalize for agreement on TR.kdc_qkdn, TR.QKDN-SP - Progress on going Wis - Other input contributions |
Annex A
Actions taken on Recommendations, and other texts at SG17 closing plenary on 11 December 2025
a) TAP Recommendations approved (WTSA-24 Resolution 1) (10)
b) TAP Recommendations not approved (WTSA-24 Resolution 1)
None.
c) TAP Recommendations determined (WTSA-24 Resolution 1) (12)
| # | Q/17 | Acronym | Title | New / Revised | Base text | Equivalent e.g., ISO/IEC |
| 1. | Q2/17 | X.1821
(ex X.5Gsec-asra) | Guidelines and Technical Requirements for Analysis of 5G Network Asset Security Risk | New | TD103/2 |
|
| 2. | Q4/17 | X.2105
(ex X.st-ssc) | Security threats of software supply chain | New | TD101/3 | |
| 3. | Q6/17 | X.1350
(ex X.sr-iiot) | Security requirements for the industrial Internet of things based smart manufacturing reference model | New | TD112/2 | |
| 4. | Q7/17 | X.2210
(ex X.ig-dw) | Implementation guidelines for digital watermarking | New | TD171/4 | |
| 5. | Q7/17 | X.1910
(ex X.tc-ifd) | Technical capabilities of interactive deception risk detection | New | TD172/4 | |
| 6. | Q8/17 | X.1607
(ex X.asm-cc) | Requirements of attack surface management for cloud computing | New | TD103/4 | |
| 7. | Q8/17 | X.1651
(ex X.soar-cc) | Framework of security orchestration, automation and response for cloud computing | New | TD105/4 | |
| 8. | Q10/17 | X.1280rev | Framework for out-of-band mutual authentication using mobile devices | Rev | TD114/1 | |
| 9. | Q10/17 | X.1901
(ex X.aas) | Information security, cybersecurity and privacy protection — Age assurance systems — Part 1: Framework | New | TD83R5/1 | ISO/IEC 27566-1 |
| 10. | Q10/17 | X.1286
(ex X.accsadlt) | Access security authentication based on DLT | New | TD115/1 | |
| 11. | Q14/17 | X.1418
(ex X.sg-dcs) | Security guidelines for DLT-based digital collection services | New | TD156/4 | |
| 12. | Q14/17 | X.1417
(ex X.sr-dpts) | Security requirements for DLT data on permissioned DLT-based distributed power trading systems | New | TD155/4 | |
d) AAP Recommendations consented (Recommendation ITU-T A.8) (12)
| # | Q/17 | Acronym | Title | New / Revised | Base text | Equivalent e.g., ISO/IEC |
| 1. | Q3/17 | X.1060rev | Framework for the creation and operation of a cyber defence/security centre | Rev | TD129/3 |
|
| 2. | Q4/17 | X.2014
(ex X.dtns) | Guidelines of using digital twin of network for network security | New | TD94/3 | |
| 3. | Q4/17 | X.1560
(ex X.nspam) | Security framework for network storage protection against malware attacks | New | TD93/3 | |
| 4. | Q8/17 | X.1416
(ex X.mbaas-cs-sec) | Security requirements and framework of collaboration service for multiple blockchain-as-a- service platforms | New | TD146/4 | |
| 5. | Q14/17 | X.1400rev | Terms and definitions for distributed ledger technology | Rev. | TD193/4 | |
| 6. | Q10/17 | X.1096
(ex X.bvm) | Requirements for biometric variability management | New | TD117/1 | |
| 7. | Q10/17 | X.1268
(ex X.oob-pacs) | Framework for out-of-band physical access control systems using beacon-initiated mutual authentication | New | TD123/1 | |
| 8. | Q10/17 | X.2310
(ex X.srdidm) | Security requirements for decentralized identity management systems using distributed ledger technology | New | TD94/1 | |
| 9. | Q10/17 | X.1097
(ex X.tas) | Telebiometric authentication using speaker recognition | New | TD109/1 | |
| 10. | Q10/17 | X.1098
(ex X.tis) | Telebiometric authentication based on information splitting | New | TD147/1 | |
| 11. | Q15/17 | X.1711
(ex X.sec_QKD_profr) | Framework of quantum key distribution (QKD) protocols in QKD network | New | TD86/1 | |
| 12. | Q15/17 | X.1718
(ex X.sec_QKDNi) | Security requirements for Quantum Key Distribution Network interworking (QKDNi) | New | TD87/1 | |
e) Non-normative texts (Technical Report, Supplement, Implementers' Guide, etc) agreed (12)
# | Q/17 | Acronym | Title | New / Revised | Base text |
1. | Q1/17 | Security Compendium | ICT Security Compendium | Rev. | TD97/3 |
2. | Q1/17 | Security standards roadmap | ICT Security standards roadmap | Rev. | TD98/3 |
3. | Q1/17 | SG17 implementation of WTSA Res | SG17 activities and achievements in support of the most recent Resolutions of the WTSA | Rev. | TD141/P |
4. | Q2/17 | XSTR.sd-cnc | Technical report: Security guidelines for data of coordination of networking and computing | New | TD102/2 |
5. | Q2/17 | XSTR.sg-lmcs | Technical report: Security guidelines for DLT-based lifecycle management of computing services | New | TD108/2 |
6. | Q6/17 | XSTR.trust-metaverse | Technical Report: Technical challenges to achieving trustworthy metaverses | New | TD139/2 |
7. | Q7/17 | XSTR.AIsec | Technical Report: Artificial intelligence security standardization strategy | New | TD145/4 |
8. | Q7/17 | XSTR.dpama | Technical Report on "Landscape analysis for data protection of avatars in metaverse applications" | New | TD188/4 |
9. | Q7/17 | XSTR.saAIoT | Technical Report: Security Threat Analysis for Artificial Intelligence of Things on Devices | New | TD180/4 |
10. | Q7/17 | XSTR.se-AI | Technical Report: Security Evaluation on Artificial Intelligence Technology in ICT | New | TD149/4 |
11. | Q10/17 | X.sup-divs (ex TR.divs) | Supplement to X.1403: Rationale and initial approach of decentralized identity verification system (DIVS) based on verifiable dataQ10 | New | TD132/1 |
12. | Q14/17 | X.1408 erratum |
| New
| TD194/4 |
Annex B
New work items
The following new work items were agreed to be added to the SG17 Work Programme:
Q#
(total# of NWIs) | # | WI abbreviation | Title | TD# |
1/17
(6) | 1. | XSTR.diem-assets** incubated | Technical Report: Digital emblems as a key solution in resolving the issue of inappropriately exposed OT assets in the cyber space | TD113/3 |
| | 2. | XSTR.CRAMMS** | Technical Report: SG17 Cyber Security Reference Architectures, Methodologies, Models and Strategies (CRAMMS) Roadmap | TD115/3 |
| | 3. | X.crta* incubated | Framework for Cyber Resilience Testing and Assurance | TD111/3 |
| | 4. | X.PARCEP* Incubated | Interoperable Parental Control Enforcement Policies (PARCEP) for Child Online Protection | TD114/3 |
| | 5. | XSTR.diem** incubated | Technical Report: Digital International Humanitarian Law Emblems | TD112/3 |
| | 6. | X.te-consent* | Framework for Trust Enhancing Consent Management | TD121/3 |
2/17
(4) | 7. | X.fast* | Functional Architecture of Security Testbed for Telecommunication Operators | TD127/2 |
| | 8. | X.5Gsec-CNC* | Security requirements and guidelines for Coordination of networking and computing in IMT-2020 networks and beyond | TD117/2 |
| | 9. | X.cpn-tp-sec* | Security requirements and capabilities of computing power network transaction platform | TD111/2 |
| | 10. | X.cpn-gw-sec* | Security requirements and security-enhanced architecture of the CPN gateway | TD113/2 |
3/17
(1) | 11. | XSTR.AIsmf** | Technical Report: Artificial Intelligence Security Management Framework | TD131/3 |
4/17
(5) | 12. | XSTP.epoch** | Technical Paper: Global Coordination Requirements for 2038-class rollover events (including but not limited to 2036, 2038, 2106) | TD122/3 |
| | 13. | X.SecaaS-Req | Security requirements in the domain of security as a service | TD99/3 |
| | 14. | X.sim-gAI* | Guidelines for security incident management of generative artificial intelligence services | TD103/3 |
| | 15. | XSTR.da-AIcsp** | Technical Report: Development and Analysis of an AI-Based Cybersecurity Simulation Platform | TD119/3 |
| | 16. | XSTR.cfscgap** | Technical Report: Impact of client-facing servers and content delivery networks on centralization | TD125/3 |
6/17
(5) | 17. | X.tdu-mv* | Requirements for components of trusted data use in building a trustworthy metaverse | TD126/2 |
| | 18. | X.sr-ppgs* | Cybersecurity requirements for photovoltaic power generation system | TD110/2 |
| | 19. | XSTR.sec-Dba-eSIM** | Technical Report: Security considerations for DLT-based authentication of IoT devices with eSIM | TD109/2 |
| | 20. | XSTR.MVDTsecRM** | Technical Report: Metaverse and digital twin security standardization roadmap | TD116/2 |
| | 21. | XSTR.IoTsecRM** | Technical Report: IoT security standardization roadmap | TD115/2 |
7/17
(11) | 22. | XSTR.AI-GSB** | Technical Report: Guidelines of security benchmark for foundation models | TD158/4 |
| | 23. | X.LLMCC* | Guidelines for Large Language Model data security based on Confidential Computing | TD165/4 |
| | 24. | XSTR.ltf-AAI** | Technical Report: Landscape of Trust Framework for Agentic AI | TD179/4 |
| | 25. | X.rg-dis* | Requirements for guidelines for Data Interaction Security in Training and Inference Stages of Generative Artificial Intelligence | TD164/4 |
| | 26. | XSTR.sem-AIA** | Technical Report: Security evaluation methods for artificial intelligence agent | TD181/4 |
| | 27. | X.gavd-mas | Guidelines for application vulnerability detection based on multi-agent system | TD183/4 |
| | 28. | X.sr-taimas | Security requirements for terminal-based artificial intelligence multi-agent system | TD182/4 |
| | 29. | X.srg-AIgis | Security requirements and guidelines for artificial intelligence-based image generation system | TD113/4 |
| | 30. | X.sg-eAI | Security requirements and guidelines for embodied artificial intelligence systems | TD114/4 |
| | 31. | X.sreg-ICS | Security Requirements and Evaluation Guidelines for Intelligent Customer Services | TD115/4 |
| | 32. | X.sg-GenAId | Security Guidelines for Generative Artificial Intelligence Data Life Cycle | TD116/4 |
8/17
(3) | 33. | X.sr-aicp* | Security Requirements for Artificial Intelligence Cloud Platform | TD168/4 |
| | 34. | X.sr-AIec* | Security Requirements for AI-Enhanced Collaboration in Cloud Infrastructure | TD177/4 |
| | 35. | X.sgds-bdi* | Security guidelines for data sharing across big data infrastructures | TD185/4 |
10/17
(8) | 36. | XSTR.gidi** | Technical Report: Globally Interoperable Digital Identity (including Humans/Enterprise/Non-Humans i.e. Agentic AI) | TD145/1 |
| | 37. | X.sc-sd* | Security capability for implementing selective disclosure system in the decentralized identity system | TD129/1 |
| | 38. | X.sg-dfivc* | Security guidelines for data format interoperability of verifiable credential in decentralized identity system | TD127/1 |
| | 39. | X.dpidm-aAI* | Terminology and design guidelines for Agentic AI identity management | TD134/1 |
| | 40. | X.remote-qes* | Security and interoperability framework for remote and cloud qualified electronic signatures | TD121/1 |
| | 41. | X.f2am* | FAPI 2.0 Attacker Model | TD140/1 |
| | 42. | X.f2sp* | FAPI 2.0 Security Profile | TD143/1 |
| | 43. | X.sup-dsa** | Supplement to X.1286: Implementation guidelines for DLT-based secure authentication (DSA) in digital financial services | TD120/1 |
11/17
(6) | 44. | XSTR.qrbp** | Technical Report: Quantum Readiness, Best Practices and Guidelines" | TD152/1 |
| | 45. | X.migrate |
(ISO/IEC 9594-x) | Information Technology - Open systems Interconnection - The Directory - Generic methods for migration of cryptographic algorithms | TD153/1 |
| | 46. | X.510rev | 3rd edition of Rec. ITU-T X.510 | ISO/IEC 9594-11: The Directory - Protocol specifications for secure operations | TD154/1 |
| | 47. | X.pmi
(ISO/IEC 9594-x) | Information Technology - Open systems Interconnection - The Directory - Framework for privilege management infrastructure | TD155/1 |
| | 48. | X.509rev | 10th edition of Rec. ITU-T X.509 | ISO/|IEC 9594-8: The Directory: Public-key and attribute certificate frameworks | TD156/1 |
| | 49. | X.508rev | New work item proposal for 2nd edition of Rec. ITU-T X.508 | ISO/IEC 9594-12 | TD157/1 |
13/17
(2) | 50. | X.abt-sec* | Security guidelines for accounting-based ticketing in intelligent transport systems | TD133/2 |
| | 51. | X.1375rev* | Guidelines for an intrusion detection system for in-vehicle networks | TD134/2 |
14/17
(1) | 52. | XSTR.SR4DLTsec** | Technical Report: Standardization roadmap for DLT security | TD150/4 |
15/17
(3) | 53. | X.sec_QKDNi_ccm | Security requirements and measures for QKDN interworking - Concatenated model | TD136/1 |
| | 54. | XSTR.QKDN-nq-ZTA** | Technical Report: Technical implications of applying zero trust architecture into QKDN | TD138/1 |
| | 55. | X.sec-QKDN-un-req | Security requirements and measures for the integration of QKDN and user network | TD150/1 |
Note: * marked items are for approval by TAP; ** marked items are for approval by agreement; Items without any mark are for approval by AAP.
Annex C
Work items discontinued
| Question | Acronym | Title |
| Q1/17 | CRAMM Roadmap | SG17 Cyber Security Reference Architectures, Models and Methodologies Strategy and Roadmap |
Annex D
SG17 meeting Statistics
408/54 Participants/Countries (TD96/P)
- new record (previous: 374/57, (last study period 302/47**, 292/55, 292/52, 276/39))
Note ** 1-week meeting - Provisional list of participants
195 sessions (i.e.,1.5-hour slot) in this 7-days SG17 meeting (vs 191 sessions in last 8-days SG17 meeting in April 2025)
| | Participants | #of Countries | # of Member States | # of Sector Members | # of SG17 Associates | # of Academia | # Invited Experts |
| Final | 408 | 54 | 42 | 47 | 2 | 7 | 37 |
Meeting input and organization
Table of SG17 statistics of this meeting
| C | LS/i | LS/o | TD | | | | | |
221
| 166 | 67 | GEN | PLEN | WP1 | WP2 | WP3 | WP4 |
| | | | 233 | 92 | 91 | 75 | 59 | 76 |
Contributions
221 – new record (past meetings: 189, 187, 153, 119, 104, 101). DDP: 99%
o APT 184 (83%) (= China 84.5 + Korea 75.5 + India 12 + Japan 8.5 + Singapore 1 + Malaysia 2.5)
o EUR 17.5 (8%) (= UK 9 + Denmark 5 + Switzerland 2 + France 1.5)
o Americas 6.5 (3%) (= Canada 2.5 + US 4)
o AFR 7 (3%) (= Congo 3 + Mali 1 + Rwanda 1 + South Africa 1 + Nigeria 1)
o ARAB 4 (= Oman 1 + UAE 1 + Palestine 2)
o RCC 2 (= Russia 2)
o LAM (0)
LS/i/o (matrix in TD106/P)
· 166/70 (past meetings: 104/54, 187/28, 89/41 60/25 61/22, 55/21, 72/21)
TDs (632)
| TD | | | | | |
| GEN | PLEN | WP1 | WP2 | WP3 | WP4 |
239
| 92 | 91 | 75 | 59 | 76 |