The increasing complexity and rapid development of new systems present a real challenge for securing ICT systems.

Today ETSI's standardization activities cover a broad spectrum of security issues, from lawful interception (LI) to algorithms, from electronic signatures to smart cards, and they relate to every aspect of ICT. In addition, ETSI is working towards the establishment of effective telecommunications systems to protect citizens in an emergency and on security issues in Next Generation Networks, Machine to Machine, Intelligent Transport Systems and Quantum Cryptography among others.

A Security White Paper is available free of charge, outlining all of the Security work being carried out by ETSI.

ETSI Security Workshops

Each year ETSI brings together Security Standards experts. The event traditionnally takes place in January.

Speakers are selected from a call for contributions, which is announced at the ETSI website. The 9th edition took place on 15-16 January 2014 in Sophia Antipolis, France. Please visit

In the first 9 editions of the ETSI Security Workshop speakers from ETSI Member companies, as well as the European Commission, ISO, IEC, ITU, ENISA, CEN & CENELEC addressed the workshop (look at the past event section for more details and access to presentations given).

Our Role & Activities

white paper is available free of charge, outlining all of the Security work being carried out by ETSI.


Security has been a major driver for the success of GSM™. Specifications have been developed to prevent terminal equipment theft, to allow encryption and authentication, to control payment for copyright material downloading and to respond to many other security threats. The general description of the security functions can be found in ETSI TS 143 020 (3GPP TS 43.020).


The Third Generation Partnership Project (3GPP) is also responsible for the maintenance and evolution of the specifications for GSM, and for transitional technologies such as GPRS and EDGE.

The UMTS™ security specifications developed in 3GPP build on the mechanisms used in GSM. In addition, they offer numerous security enhancements, including: Authentication, Public Safety, Location services, Cell broadcast services, IP Multimedia Subsystem (IMS) and Selective disabling of user equipment.


ETSI technical committee TCCE is responsible for producing specifications for TErrestrial Trunked RAdio (TETRA), designed for Private Mobile Radio (PMR) and Public Access Mobile Radio (PAMR) markets. ETSI TCCE Working Group 6 is dedicated to Security.


DECT™ (Digital Enhanced Cordless Telecommunications) is a flexible digital radio access standard for cordless communications in residential, corporate and public environments.

Among other achievements for DECT, ETSI has developed the DECT Standard Authentication Algorithm (DSAA) and the DECT Standard Cipher (DSC).

The combination of TDMA/TDD digital radio technology and dynamic channel selection with additional encryption techniques, authentication and identification procedures makes DECT radio transmissions extremely secure against unauthorized radio eavesdropping by third parties.

For an overview of the security features in DECT see ETSI EN 300 175-7 'DECT; Common Interface: Security features'.

Lawful Interception

ETSI technical committee Lawful Interception (LI ) covers the whole spectrum of interception aspects, from a logical overview of the entire architecture and the generic intercepted data flow, to the service-specific details for e-mail and Internet, and the requirements for law enforcement agencies.

Specifications for the handover procedure: TS 101 671 and ES 201 671 illustrate the flow that the intercepted data should follow in telecommunication networks or services.

LI is also addressing Retained Data. European governments are becoming increasingly interested in preserving communications. The European Parliament's civil liberties committee recently voted in favour of new rules, whereby details on telephone calls and Internet use would be kept for six to 12 months. LI is producing documents on Retaining Data for Enforcement Authorities and for the Retained Data Handover Interface.

Electronic Signatures

ETSI standards for electronic signatures are currently being developed in technical committee Electronic Signatures and Infrastructures (ESI).

Cyber Security

Our Cyber Security technical committee (TC CYBER) is developing standards to protect the Internet and the communications and business it carries against cyber-threats.

Next Generation Networks

ETSI technical committee TISPAN collaborated closely with 3GPP™, with the aim of reusing 3GPP™ security mechanisms on IP Multimedia Subsystem (IMS). In particular, TISPAN standardized the security for the fixed network part of NGN and identified gaps and requirements to extend or modify 3GPP™ security specifications for its purpose. 

Network security

NTECH is working on establishing generic security requirements for networks, in particular Security Design Guides.


ETSI Security Algorithms Group of Experts (SAGE) provides the Institute's standards makers with cryptographic algorithms and protocols specific to fraud prevention, unauthorized access to public and private telecommunications networks and user data privacy.

We also act as the custodian (distributing authority) and deal with the licensing of various algorithms, developed ourselves or by other organizations.


ETSI Special Committee on Emergency Communications (EMTEL) is the focal point in ETSI for the co-ordination and collection of requirements for emergency service communication. The committee's scope includes issues related to user needs, network architectures, network resilience, contingency planning, priority communications, priority access technologies and network management, national security and Public Protection and Disaster Relief (PPDR).

Other deliverables published by EMTEL address the European regulations covering communication during emergency situations, suitability of SMS and CBS (Cell Broadcast Service) for Emergency Messaging, and requirements for emergency communications network resiliency.

MESA (now closed)

Project MESA (Mobility for Emergency and Safety Applications) - now closed - was a transatlantic partnership project, established in 2000. Its aimed to define a digital mobile broadband system to revolutionize the efficiency of first responders and rescue squads during an emergency or a disaster. Security requirements as well as advanced [mobile] service requirements, reached far beyond the scope of current established wireless standards.

Project MESA had adopted a 'System of Systems' approach, which involved linking together a variety of existing and foreseen technologies and systems. The key factor was interoperability.

Smart Cards

The main task of ETSI technical committee Card Platform (TC SCP) is to maintain and expand the smart card platform specifications for 2G and 3G mobile communication systems on which other committees and organizations can base their system-specific applications.

Currently the committee is focusing on creating a USB-based High Speed Protocol for the UICC, as well as producing specifications for contactless smart cards.

Radio Frequency Identification (RFID)

Security in RFID technology must prevent illicit tracking and cloning of tags. In addition, RFID tags present a rather low limit of computational resources within the tag, which makes the use of standard cryptographic techniques unfeasible. Lighter encryption algorithms must be created for the RFID tags.

ETSI has recently established a Task Group (ERM TG34) to produce deliverables for future RFID technologies and products. Two specifications have already been published:

ETSI EN 302 208-1 - Radio Frequency Identification Equipment operating in the band 865 MHz to 868 MHz with power levels up to 2 W; Technical requirements and methods of measurement Product Standard for 2 W RFID at UHF

ETSI EN 302 208-2 Radio Frequency Identification Equipment operating in the band 865 MHz to 868 MHz with power levels up to 2 W; Harmonized EN under article 3.2 of the R&TTE Directive Product Standard for 2 W RFID at UHF.

There is also a technical report - TR 102 436 - giving guidelines for the installation and commissioning of RFID equipment at UHF.


Joint Technical Committee Broadcast is defining specific security features.

Some Achievements:

  • DVB Common Scrambling Algorithm - ETSI is the Custodian for the Common Scrambling Algorithm.
  • TV-Anytime is a set of specifications for the controlled delivery of multimedia content to a user's personal device (Personal Video Recorder). ETSI standards for TV-Anytime are being developed in JTC Broadcast, based on proposals from the TV-Anytime Forum. Phase 2 specifications have now also been published by ETSI.
  • Current work involves security issues regarding satellite distribution systems, with the intention of protecting the user identity in terms of location, signalling and data traffic to prevent unauthorized use of the network.


ETSI technical committee Satellite Earth Stations and Systems (SES) has produced specifications on network security for broadband satellite multimedia services.

In addition, the committee's working group on geo-mobile radio interfaces, which is responsible for standards on radio interfaces for geostationary earth orbit satellite access to the core network of GSM, has undertaken work on the security of the interface and the services delivered through it.

SES is working on new specifications on network security in the area of broadband satellite multimedia services.


ETSI has set standards defining the protocols and functional requirements for Internet Protocol Cable Communications (IP Cablecom) - including a security specification for the technology:

ETSI TS 101 909-11 'Digital Broadband Cable Access to the Public Telecommunications Network; IP Multimedia Time Critical Services; Part 11: Security', covering security for IPCablecom, identifying security risks and specifying mechanisms to secure the architecture.

Proofing Products Against Crime

Proofing products against crime describes the act of integrating or embedding protective features into products in order to reduce their potential to become targets of criminal activity or preventing their use as instruments of crime.

ETSI is reacting to the European Commission Mandate M/355 'Programming mandate addressed to the ESOs for the elaboration of European Standards to identify and reduce crime risk in products and services', which requests concrete action from the European Standards Organizations (ESOs) on Proofing Products Against Crime.

A White Paper on Proofing Products Against Crime, giving guidance to Standards Groups working in Telecommunications and IT has been published and is available free of charge.

A White Paper is available free of charge, outlining all of the Security work being carried out by ETSI, and including a list of Security related standards.


The following is a list of recently published and frequently downloaded standards. Please use the ETSI standards search to find further related standards in the public domain or to subscribe for alerts on updates of ETSI standards. As an example, by selecting the Technical Committees of interest (in the left menu filter), e.g. ESI, LI, etc. and then by clicking on "Filter Standards", the list of requested standards will be provided. The usage of other options would enhance or refine your search.
For work in progress see the ETSI Work Programme on the Portal

Standard No. Standard title.
TS 102 232-1 Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 1: Handover specification for IP delivery
TS 101 671 Lawful Interception (LI); Handover interface for the lawful interception of telecommunications traffic
GS ISI 005 Information Security Indicators (ISI); Guidelines for security event detection testing and assessment of detection effectiveness
TR 103 306 CYBER; Global Cyber Security Ecosystem
GS ISI 002 Information Security Indicators (ISI); Event Model A security event classification model and taxonomy
TR 103 380 Smart Cards; Technical Report to improve test equipment integrity (Release Independent)
TR 102 503 Lawful Interception (LI); ASN.1 Object Identifiers in Lawful Interception and Retained data handling Specifications
TS 102 241 Smart Cards; UICC Application Programming Interface (UICC API) for Java Card (TM) (Release 13)
TS 102 230-2 Smart Cards; UICC-Terminal interface; Physical, electrical and logical test specification; Part 2: UICC features (Release 9)
TS 102 232-5 Lawful Interception (LI); Handover Interface and Service-Specific Details (SSD) for IP delivery; Part 5: Service-specific details for IP Multimedia Services
TS 103 383 Smart Cards; Embedded UICC; Requirements Specification (Release 13)
TS 102 221 Smart Cards; UICC-Terminal interface; Physical and logical characteristics (Release 12)
TR 119 000 Electronic Signatures and Infrastructures (ESI); The framework for standardization of signatures: overview
TS 103 280 Lawful Interception (LI); Dictionary for common parameters
EN 319 403 Electronic Signatures and Infrastructures (ESI); Trust Service Provider Conformity Assessment - Requirements for conformity assessment bodies assessing Trust Service Providers
TS 102 384 Smart Cards; UICC-Terminal interface; Card Application Toolkit (CAT) conformance specification (Release 10)
TS 119 403 Electronic Signatures and Infrastructures (ESI); Trust Service Provider Conformity Assessment - Requirements for conformity assessment bodies assessing Trust Service Providers
TS 119 162-1 Electronic Signatures and Infrastructures (ESI); Associated Signature Containers (ASiC); Part 1: Building blocks and ASiC baseline containers
TS 119 162-2 Electronic Signatures and Infrastructures (ESI); Associated Signature Containers (ASiC); Part 2: Additional ASiC containers
TR 103 309 CYBER; Secure by Default - platform security technology