back to article Tech spec experts seek allies to tear down ISO standards paywall

Many of the almost 24,000 technical standards maintained by the International Standards Organization (ISO) are subject to copyright restrictions and are not freely available. Two weeks ago, Jon Sneyers, senior image researcher at Cloudinary and co-chair of the JPEG XL (ISO/IEC 18181) adhoc group, invited fellow technical …

  1. TimMaher Silver badge

    The Management.

    Looks like ISO is being run by the Nominet team.

    1. Warm Braw Silver badge

      Re: The Management.

      ISO's budget comes mostly from the subscriptions paid by the national standards bodies and from the sale of standards so, at least in principal, if you're going to reduce the income from one source you'd have to increase the national subscriptions.

      However, it's probably not unreasonable to question exactly what ISO is doing with its funding. Most of the work is done by committees of "experts" (who usually come from companies with an interest in the outcome, which is not always advantageous) so the exact nature of the ISO added value is not entirely clear.

      People close to the standards process are often developing products as the standard is being written and are using drafts from committee members to guide the development so there is arguably a greater obstacle to potential future competitors: not only were they not involved in influencing the standard, but they also have to pay for the privilege of reading it.

      However, since ISO has 165 national members, it's inevitably going to be heavy on bureaucracy and changing anything about it is likely to be difficult.

      Of course, there are other standards-like bodies (eg the IETF) but there are too many laws and contracts that require conformance with ISO standards (or their national equivalents) for it simply to melt away.

      1. Yes Me Silver badge

        Re: The Management.

        This is a 30-year old battle to my personal knowledge, and it applies equally to ITU-T. And to IEEE standards, by the way.

        As others have said, it's about money, and about not being able to fire the admin staff involved at will. Switching off these paywalls would have immediate effects on quite a lot of people that they feed and clothe.

        IETF standards are free to download, on principle, but they aren't free to create. Remember the silly fuss about selling off the .org registry for a gigabuck? The main beneficiary from that would have been those free IETF standards. The people who objected to that transaction were not prepared to listen to that inconvenient fact.

        1. oiseau Silver badge

          Re: The Management.

          ... immediate effects on quite a lot of people that they feed and clothe.

          Makes me wonder just how much feeding and clothing we're talking about here.

          It would not be the first time we see an internationally financed body with far too many posts that have, through years of laissez-faire from those who they are supposed to work for, managed to secure succulent perks for themselves.

          As a direct consequence, these naturally morphed from feeding and clothing into wining and dining, which have to be paid for.

          And who checks on that aspect of the Central Secretariat* ?


          * Never mind, the name says it all ...

    2. bridgebuilder

      Re: The Management.

      Not quite.

      As has been pointed out, most of the standardisation work is done by experts who are paid by their organisation (often from a standards lobbying budget) but are not paid by ISO. The same applies, incidentally, for the sister organisations IEC and ITU as well as the ISO/IEC JTC1 where a lot of the IT-related standards have their home (AI is subcommittee 42 ... someone read their Hitchhiker's Guide, apparently, but I digress.)

      The budgets of ISO, IEC and ITU are used for administration purposes. A lot of admin work is involved in managing approval processes among the national bodies, creating new committees, managing workspaces etc. I am sure there is waste, just like in any bureaucratic organisation, but the comparison with Nominet is rather unfair.

      The argument for making standards freely available is solid. This means that ISO, IEC and ITU budgets will need to be funded solely by national body contributions, which in turn means that national bodies need to raise additional income (often this is a government grant). Maybe it is indeed time to do just that.

  2. oiseau Silver badge
    Thumb Up

    Short, succint and to the point

    It is very difficult to teach about ISO standards when the students can't access them.

    Ian Graham / Senior Lecturer / University of Edinburgh

    A case of ale for this chap ---- > 8^D


    The ISO did not immediately respond to a request for comment.

    Of course they didn't.

    What could the ISO Central Secretariat possibly say on their behalf?

    They should all be fired and replaced with people who know what to do and how to do it.


    1. elsergiovolador Silver badge

      Re: Short, succint and to the point

      It's even funnier that companies even bother posting that they adhere to ISO this and ISO that.

      What's the point if consumer cannot learn more.

      1. Def Silver badge

        Re: Short, succint and to the point

        I guess that's more about legal requirements to do so than anything else.

      2. Michael Wojcik Silver badge

        Re: Short, succint and to the point

        Many consumers don't care, at least for organizational purchases. Someone in the C-suite reads an article about, say, ISO 27001, and sends out a memo: "Our vendors should comply with ISO 27001!". Then it becomes a checkbox when someone needs to complete a purchasing request or RFP.

        They may well never have seen the 27001 specification, or even know anything about it. That's irrelevant.

  3. The man with a spanner
    Thumb Up

    The cost of everything and the value of nothing.

    Why not charge £1 per electronic copy to defray some costs with gold, silver and bronze support from intersted companies and supportive government.

    Keep it simple, keep it cheap for all.

    1. dajames

      Re: The cost of everything and the value of nothing.

      ... gold, silver and bronze support from intersted companies ...

      The companies that help to create the standards are generally the companies that stand to profit from products that rely on those standards. Having an inside track gives them an opportunity to shape the standards, and so is certainly an advantage. Asking those companies to support the standards body/ies and the standards process seems only fair.

      For everyone else, there should be no more than a nominal charge for a download or a charge to cover the cost of printing for a hard copy.

    2. _wb_

      Re: The cost of everything and the value of nothing.

      Even a very low fee would be an obstacle, because it means the text of the standards does not get indexed in search engines, making it a lot harder to find what you're looking for if you don't already know the ISO standard number. It's also a bit of a hassle to have to enter payment details. And if the fee gets reduced by two orders of magnitude, the income ISO and NBs get from it also diminishes by 99% so it's not really going to make a difference to them to just go all the way and just make it free.

  4. mechgru2

    Indian Standards

    In India a high court ruling means that Indian Standards are free - it's known as the 'Disclosure to Promote the Right To Information' clause. It's only meant to be free for educational purposes, but the practical effect is that all standards are free to all. If you know the Indian equivalent to the ISO, then they are also free.

    1. bpfh Silver badge

      Re: Indian Standards

      Aha, so this is how I found a draft for ISO-3103 on an Indian government website and not really anywhere else!!

      1. Dan 55 Silver badge

        Re: Indian Standards

        I found it somewhere else but I can't work out if it's supposed to be serious or not.

        1. Stumpy

          Re: Indian Standards

          According to Wikipedia (yeah, I know) ... it is, indeed, a serious standard.

          1. Wellyboot Silver badge

            Re: Indian Standards

            Tea tasters need to use a repeatable method of brewing the test subject. What surprises me is that this standard wasn't created until 1980!

  5. fnusnu

    See also: Standard of Good Practice for Information Security 2020 (SOGP 2020)

    Was free. No longer is.

  6. Dwarf

    A good initiative

    Its hard to comply with a standard if you can't see it and read it.

    I've hit this a number of times over the year "blah, blah, defined by ISO standard xxxxx", spend a bit of time looking for it, hit ISO site, get to the paywall. wonder how much it costs, find out the eye watering numbers, then walk away as it wasn't *that* important.

  7. graeme leggett

    Scope of desire for change

    is this drive for free access to standards also present in other areas of industry?

    eg in food industry example BS ISO 3103:2019

    Tea. Preparation of liquor for use in sensory tests £67 (discounted price for members)

    or ISO/IEC 17025:2017

    General requirements for the competence of testing and calibration laboratories.138 Swiss francs

    1. Sam not the Viking

      Re: Scope of desire for change

      BS Standards used to be cheap, useful and informative. Since then they seem to get 'updated' involving a trivial change but requiring an up-issue, rendering the previous version out-of-date. Or it is broken down into sub-sections, possibly for understandable reasons, but no reduction in price (As if....). They are not cheap.

      Then there are BS EN standards..

      Then there are BS EN ISO standards......

      Perhaps we need another 'standard' standard.... cue obligatory xkcd:

      The main thing in favour ISO standards is that they appear to be more difficult too change.

      If you want the world to use your standards, make them free, or very cheap.

      1. nematoad Silver badge

        Re: Scope of desire for change

        "BS Standards used to be cheap, useful and informative."

        Well, I'll go along with you in that certain BSI publications are useful and informative but I disagree with you on the cheap part.

        I wanted a copy of BS381C for my modelling hobby. If you take a look at the BSI shop you will be amazed at the prices asked. Yes I know that making a standard colour chart is expensive but to charge £246 for a booklet with 16 pages is taking the mickey.

        I have other colour standards for other air forces and they didn't cost a third as much to buy so it can be done although without the authority of an official standard. Which is probably one of the reasons these organisation feel free to charge as much as they do.

        Oh, I did in the end buy BS381C, as I needed it for a particular colour reference and very nicely presented it is. But so it should be at that price.

  8. redpawn

    Sales fluff

    Out of curiosity I tried to access the ISO standard printed on my bicycle trailer. After much searching all I could find related to some published tests done on one trailer. What must my trailer be capable of doing? How strong must it be? No way of knowing.

    I must conclude that seeing that products meet a standard that can not be accessed makes the standard meaningless. I am not reassured of safety or efficacy. It just becomes sales fluff to put on a sticker.

  9. a_yank_lurker


    To often standards (and technical papers) are behind an extortionate paywall because the owners of the standards (or journals) can do so. The problem is their business model is idiotic and based on selling paper copies. For a comparison, the ferals over here publish the 'Code of Federal Regulations' both in paper (costs money) and online (free at One can actually print the e-version, get a pdf of the paper version, etc. If an government that is not terribly competent can figure out how to make an e-copies readily accessible the standards owners (and journals) have absolutely no excuse.

  10. Binraider Silver badge

    YES! The pricing of standards means it's a ballache for any independent engineer to access what they need to operate. Standards costs favour large corps that can absorb the cost.

    1. Paddy


      I was about to google the meaning of the french-sounding bal-a-ché but then I got it :-)

      1. FIA Silver badge

        Re: French?!

        ...and had to have a bit of a sit down instead???

    2. Anonymous Coward
      Anonymous Coward

      in my case, fortunately operating to single standard, the cost of the copy of the standard is a trivial amount compared to costs of being accredited to the standard.

  11. elsergiovolador Silver badge


    What if they were forced to publish these "standards" and it turned out most companies exceed them without knowing?

    That would be funny to see.

    1. aks

      Re: Scam?


  12. tapanit

    I'd like to push for an EU regulation to the effect that no law or official publication of any kind may refer to any standard that's not freely available.

    Yeah, not going to happen. We can dream though.

    1. Gene Cash Silver badge

      On this side of the pond, that's apparently the case: see

      "In the United States, statutory law cannot be copyrighted and is freely accessible and copyable by anyone.[8] When a standards organization develops a new coding model and it is not yet accepted by any jurisdiction as law, it is still the private property of the standards organization and the reader may be restricted from downloading or printing the text for offline viewing. For that privilege, the coding model must still be purchased as either printed media or electronic format (e.g. PDF.) Once the coding model has been accepted as law, it loses copyright protection and may be freely obtained at no cost."

      1. Sam not the Viking

        ASME Standards

        My experience of ASME standards is that they are anything but free, and one standard leads to another.... Good standards though.

      2. Antron Argaiv Silver badge
        Thumb Up

        That hasn't stopped Georgia from trying...

        As to the NEC, it's not a law, it's a standard, developed by a private organization, and the various jurisdictions adopt it in whole or partially. You still have to pay for a copy, and it's revised frequently, so you have to keep paying. I have never found a free or accessible copy of the current version online

  13. Eclectic Man Silver badge

    BSI 7799

    The British Standards Institute created the original standard for information management systems, which evolved into the international standard ISO 27001. (I remember commenting on the first drafts.) The BSI used to get most of its income from selling copies of 7799 /27001.

    It would be interesting to see their accounts and just how much they rely on sales of standards and subscriptions to function.

    I was also a member of a UK ISO panel (supporting the UK expert to BSI and the ISO concerning cryptographic algorithms and protocols). All unpaid work. They seem to treat it like academic publishing - get the authors to work for free, get the reviewers to work for free, then try to make a profit from the sales.

    I must admit that I do feel that if you want people to comply with standards, they should be freely available. Many are the 'amateur' DES* implementations in software where there are fewer than 16 rounds of encryption. Oh well, lets hope some sort of pragmatic approach prevails.

    *Strictly speaking DES - Data Encryption Standard - is an implementation of the Data Encryption Algorithm (DEA) on a silicon chip.

  14. AndyFl

    Wiring regs

    Part P of the UK wiring regulations, AKA "Approved documents" effectively mandates that all installations have to meet BS 7671. Almost uniquely this BS is not free to download and has to be purchased from the IET at about 100 quid a copy.

    In other words the legally mandated UK requirements for any electrical installation are owned/published and maintained by a private organisation (IET) who restrict access to either their members or the public only on paying a lot of money for a frequently changing document.

    Don't get me started on the Part P mafia (NICEIC and NAPIT) who act as gatekeepers to the electrical industry.

    What was that comment about Regulatory Capture?


  15. Spamfast

    I loathe the way the whole philosophy of the ISO has gone.

    The IETF approach is akin to open source - publish everything so it can be peer reviewed and tested. The ISO model is closer to closed-source - keep it private except to those who pay you enough so it's tightly controlled and flaws can be kept on the down-low.

    IETF standards are generally minimalist, robust, future-proof and easy to understand. ISO ones are usually over-complicated, poorly thought out, require frequent revision and are difficult to comprehend even after you've paid to read them.

    One of my two favourite ISO cluster f..ks is OSI - useless as anything other than a diagram and even that doesn't map very well onto the most common real world systems such as TCP/IP & SS#7.

    The other is the self-perpetuating monster ISO9000 et al. Originally supposed to bring the benefits of Far Eastern continuous improvement quality systems to Europe & the US it has had the exact opposite effect. Provided you have documentation that you've followed your 'process' you get - for a fat fee to a B-ark consultant - a certificate that you're compliant. It doesn't matter how good or bad your process is or how inappropriate for your business provided it's documented & followed. The bureaucratic cost of changing your process means improvements are positively discouraged.

    Toyota for example gave up on ISO9000 back in 2000. Unfortunately smaller companies in supply chains have to continue to pay for the farce because their idiot downstream customers do and they insist on sharing the blame.

    1. Fred Goldstein

      OSI was not meant to be descriptive of other people's work, like TCP/IP, it was meant to be a common network protocol suite that all vendors could use. The Reference Model was simply a way to organize the subcommittees, and got misunderstood to be much more than that. And its errors (the existence of layers 5 and 6 outside of the application layer where the functions ended up in practice) are taken as gospel that you're supposed to accept, because they must have been smarter than you (they weren't).

      But in that mess came IS 8648, Internal Organization of the Network Layer, which explains the difference between networks and internetworks, and is really useful educational material. But it's very hard to find, paywalled and downright obscure as a result. That's the kind of thing that gets lost when paywalls go up.

      1. martinusher Silver badge

        I've some contact with a long defunct company that tried to pin its products to the OSI model, implementing the standards. This is where I learned that they just do not work. No ifs, ands and buts. They do not work. This is why IETF standards took over -- it wasn't just some theoretical wish list from a large scale organization rooted in telephony practice, it was the product of people who had practical problems to solve.

        However, like a cancer OSI still lurks in standards bodies, spreading its poison to new standards. It turns up in IEEE standards with its bitwise back to front addresses and OSI type 2 hacks to host Ethernet packets on their protocols (WiFi, for example -- that sequence starting with 0xAA, 0xAA before the Ethertype is pure, and pointless, OSI) or whenever you find the term 'profile' being used to describe end point to end point transfer of specialized data. Its all there because the non-IETF standards bodies are so detached from real life that they're unable to let go of what was once the 'one true networking'.

    2. BOFH in Training Silver badge

      And don't forget the very infamous ISO/IEC 29500:2008.

      Lost all respect for any ISO standard after this.

      1. Claverhouse Silver badge

        Exactly this.

  16. knarf

    It's a racket

    Move org to Switzerland because its neutral

    Swiss rub their grubby mitts and milk it for every penny.

    Just look at all the corrupt sporting bodies.

  17. Jamie Jones Silver badge

    Eye opener

    Wow! I didn't know this. Crazy!

    My initial reaction and questions were then covered in the rest of the article, and the comments, both of which were full of further interesting information and clarification.

    Cheers, and beers to everyone who posted.

    1. John Brown (no body) Silver badge

      Re: Eye opener

      Same here, except I learned that ISO so-called standards are not free to access from a previous Reg article a little while ago. I'm still finding it pretty gobsmacking though. As many have commented, how are people supposed to understand "standards" if they can;t get reasonable access to them? How are small companies and start-ups supposed to compete if they have this paywall hurdle to get over?

      1. Michael Wojcik Silver badge

        Re: Eye opener

        It used to be the case that some national standards bodies published standards "aligned with", and essentially identical to, various ISO standards, for much less money. Other posters have mentioned that BSI used to do this in the UK. In the US, for another example, you could by the ANSI 1990 C standard for (IIRC) $18, which was much cheaper than ISO 9899:1990 at the time (about an order of magnitude more expensive, I think), but they had the same content.1

        So in many places, many of the more-popular ISO standards were ignored because you'd just refer to the corresponding national standard instead. Even things like section numbers were the same, so you could cite the ISO standard without actually consulting it.

        Alas, that is no longer the case, at least as far as ANSI is concerned. I get the impression it's not true of BSI either.

        1Of course, the C90 standard was a special case, because of the existence of Schildt's book The Annotated ANSI C Standard, which reproduced the entire standard and cost less at the time than the actual standard did from ANSI. The predominant opinion on comp.std.c was that the price difference reflected the value of Schildt's annotations, but you were free to ignore those.

  18. Pascal Monett Silver badge

    If it's supposed to be standard, it has to be public

    A standard that is not freely available is not a standard.


  19. rag2

    Europe does it better

    For many of the reasons outlined above, ETSI (the European Telecommunications Standards Institute), quite some time ago decided no longer to charge for ETSI standards. Since the participants had already, in effect, paid their people to generate the standards, why should anyone have to pay again? Much the same applies to 3GPP, which goes way beyond 3G, and to whom ETSI in effect donated the GSM standards as a get-you-started. The cost of standards themselves simply becomes an overhead on development, whose cost is ultimately paid for by customers, whether network operators or retail (and business) end users.

    Not only that, but ultimately high cost items—standards, patent fees—fail in the market place.

    1. Richard 12 Silver badge

      Re: Europe does it better

      There is a publishing overhead, so perhaps a fee should be payable to cover the cost of distribution etc.

      Of around 10 cents, which still gives them a very healthy profit.

  20. FuzzyTheBear

    Make sense.

    Standards must be accesible freely period.

  21. Dafyd Colquhoun

    NZ building standards are free

    I love the free ITU-R, ITU-T and ETSI standards. It's pretty f-ing rude for ISO to start pressuring ITU-T to stop releasing standards. IEEE standards are not too bad as they are mostly self-contained. The "choose your own adventure" journey through ISO and IEC standards is bonkers.

    The New Zealand government made a good step in this area. Many (maybe most) NZ Standards that are required by legislation are available for free.

    <blockquote>"The Ministry of Business Innovation and Employment (Building System Performance) has funded the following building standards, used for Building Code compliance, for free download. This initiative fits within Standards New Zealand’s strategy of working with regulators and industry to get more standards pre-funded, as well as enabling better access to standards that make a difference to the wellbeing of New Zealanders. This, in turn, helps grow New Zealand for all." </blockquote>

    It helps that Standards New Zealand is a part of MBIE.

    Standards Australia is an independent organisation and so we get to pay stupid amounts of money to figure out how we should build pool fences etc. Queensland has duplicated some of the standards which is good.

  22. Neil Barnes Silver badge

    What is the point of a standard you can't see?

    Almost every previous poster has made the same point: if you can't see it, it's pointless.

    In my naivety, forty years ago, I assumed that the idea of a standard was to permit interoperability while maintaining safety standards; thus, the way to get a standard used was to publish it and let people freely access it. In my old age I realise of course the purpose of a standard is to make the publisher of the standard - not the authors or reviewers of it - rich.

    World-wide society has developed a fetish of data hiding.

  23. haiku

    Amen to that. brother


    The other is the self-perpetuating monster ISO9000 et al. Originally supposed to bring the benefits of Far Eastern continuous improvement quality systems to Europe & the US it has had the exact opposite effect. Provided you have documentation that you've followed your 'process' you get - for a fat fee to a B-ark consultant - a certificate that you're compliant. It doesn't matter how good or bad your process is or how inappropriate for your business provided it's documented & followed. The bureaucratic cost of changing your process means improvements are positively discouraged.


    I was a developer at a company that decided that ISO 9000 certification was worthwhile.

    My take, at the end of the process (during which we were successfully certified) was that as long a the SNAFU's were documented, you would be certified.

    Not that there was any need to do anything about said SNAFU's ...

    And, as for the certifying consultants - academics all - the less said the better !

    1. Irongut

      Re: Amen to that. brother

      You don't even need to follow the process, provided you document it and tell the inspector you follow it any old process will do.

    2. Twanky Silver badge

      Re: Amen to that. brother

      In my experience setting ISO 9000 and its bastards as a goal (rather than using it as a tool) has resulted in staff being reprimanded for taking the initiative to fix SNAFUs.

  24. dajames

    There's a terrific draft in here ...

    The ISO bodies that write the standards often publish their working papers on the web for all to see, but aren't allowed to publish the standard once approved without ISO taking its 0.454kg of flesh.

    However, the final committee draft, if you can nail down a copy, is often so close to the published standard as makes no odds.

    Cheers, guys!

  25. tonique

    I hate hate hate hate hate hate hate hate hate hate hate <three pages removed> hate hate hate hate hate hate hate hate hate standards bodies. The current method of accessing standards (read: as expensive as possible, as inconvenient as conceivable) makes my and other people's work just too fucking complicated.

  26. Anonymous Coward
    Anonymous Coward

    You mistunderstand. ISO is a BUSINESS. They aren't about the standards, they're about SELLING the standards.

    People are just fool enough to buy into the scheme.

    1. John Brown (no body) Silver badge

      "People are just fool enough to buy into the scheme."

      By "people", you mean governments too I hope, baring in mind that some ISO standards are legally mandated in many jurisdictions, so the businesses are forced to spend that money to access the standards.

    2. _wb_

      They are a non-profit, just one with a broken financial model. They depend on national standardization bodies, which are usually government agencies, not businesses. There ought to be no profit motive playing here. Just bureaucracy and bad management decisions.

  27. Anonymous Coward
    Anonymous Coward

    I see the "everything I want should be free" crowd is up in arms today.

    1. John Brown (no body) Silver badge

      So, how much do YOU pay for your subscription ro El Reg?

      I assume you never use an ad blocker either.

    2. FIA Silver badge

      You think people should be forced to play by rules they can't see??

    3. _wb_

      Do you react the same way when people argue laws and regulations should be available publicly?

  28. Erik Beall

    Premature standardization is the root of all evil

    Scattered here and there are errors that, in some standards, are actively harmful. Temperature checks in the name of infection prevention rely on two standards, both of which have holes you could drive a truck though, with the consequence that possibly not a single product for non contact human thermometry works. The standards were implemented before either thermal imaging or those forehead scanners were figured out and now no one has bothered to stop selling and "figure it out", because they just have to say "we certify to 80601-2-59/56 and that's how you know it works". Because of this, there are two small manufacturers who did figure it out, but they're soon to be gone, because who can compete if the standards are flat out wrong.

    1. Binraider Silver badge

      Re: Premature standardization is the root of all evil

      We recently had a team working for us, a real expert on infrared systems - the sort that worked on things he could possibly not confirm or deny he had worked on before. I had these guys do an evaluation of the uncertainty in measurement taken by (expensive) infrared cameras widely used, in line with how we use them in the field.

      The uncertainty budget was about +- 30 degrees C with 95% confidence. On measurements that rarely indicate anything outside of 30 to 60 degrees C.

      It does not take a genius to realise that this means the process used for "safety assessment" is completely useless. It is, at best, a fig leaf, and at worst, puts people in the line of danger.

      Still, we've bought the cameras at significant expense, and it makes some managers happy that they are being used for "safety checks" before commencing work. Suffice to say I'm NOT one of the happy managers.

      Ignorance is bliss it seems.

  29. tiggity Silver badge

    Needed doing for years, wont happen

    Had experience of that when trying to do some code work based on ISO standards (some image processing as inbuilt image processing in C# (requirement for the project) was dismal & range of supported file types was a joke). The fees asked or all required specs were ludicrous, so we integrated some third party image processing software rather than looking at creating our own

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like