M/289 - IT: Data protection & privacy

Standardization Mandate addressed to CEN, CENELEC and ETSI in the field of Information Society, in support of the European Directive on the protection of individuals with regard to the processing of personal data and the free movement of such data (Directive 95/46/EC of the European Parliament and of the Council of 14 October 1995)

English

Mandate M/289 requests European Standardization Organizations CEN, CENELEC, and ETSI to develop standards supporting the implementation of Directive 95/46/EC regarding personal data protection and privacy. These standards aim to facilitate compliance with the Directive's requirements on the processing and free movement of personal data within the Information Society, enhancing individuals' rights and data security across EU member states. The mandate promotes harmonized technical specifications to ensure data protection and privacy in information technologies.

Purpose

The mandate M/289 aims to support the implementation of Directive 95/46/EC, which concerns the protection of individuals regarding the processing of personal data and the free movement of such data. Its primary purpose is to foster the development of European standards in the field of data protection and privacy within the Information Society.

Standardisation request

The standardisation request is addressed to the three European standards organizations: CEN (European Committee for Standardization), CENELEC (European Committee for Electrotechnical Standardization), and ETSI (European Telecommunications Standards Institute). The mandate requests these bodies to develop and adopt standards that will facilitate compliance with the Directive 95/46/EC across the European Union, particularly in relation to information technologies and the processing of personal data.

Expected deliverables

Expected deliverables include European standards and related technical specifications that provide practical means for organizations to implement the data protection requirements of Directive 95/46/EC. These standards should cover various aspects of data security, privacy controls, and mechanisms to ensure lawful data processing and free movement of personal data. The deliverables are intended to enhance trust and interoperability in the digital single market by harmonizing technical approaches to data protection.

Context

Directive 95/46/EC was a foundational legal instrument in the EU that regulated personal data protection before being replaced by the General Data Protection Regulation (GDPR) in 2018. This mandate falls within ongoing European efforts to develop technical standards that align with data protection laws, thereby supporting both the protection of individuals' privacy rights and the functioning of the internal market for data-driven services and products. The involvement of CEN, CENELEC, and ETSI ensures comprehensive coverage across general, electrotechnical, and telecommunications sectors.

The mandate covers standardisation in the Information Society sector focused on data protection and privacy. It supports the European Directive 95/46/EC on the protection of individuals regarding the processing of personal data and the free movement of such data. The standardisation work relates to mechanisms, tools, and methodologies ensuring data protection and privacy in information systems and related products and services.

General Information

Organization

CEN - CEN European Committee for Standardization

Status

Confirmed

Search Term

Standardization Organization

ICS

Technical Committee

Technical Committee Code

Directive

Project Code

Project Reference

Project Title

Project Scope

	Apr 2026
29	30	31	1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	1	2
3	4	5	6	7	8	9

	May 2026
26	27	28	29	30	1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31	1	2	3	4	5	6

Publication Date

	Apr 2026
29	30	31	1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	1	2
3	4	5	6	7	8	9

	May 2026
26	27	28	29	30	1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31	1	2	3	4	5	6

Withdrawal Date

	Apr 2026
29	30	31	1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	1	2
3	4	5	6	7	8	9

	May 2026
26	27	28	29	30	1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31	1	2	3	4	5	6

Public Enquiry End Date

Page Size:

There are no results that match your search criteria

Page Size:

Frequently Asked Questions

What is a European Standardization Mandate?

A European Standardization Mandate is a formal request from the European Commission to the European Standardization Organizations (CEN, CENELEC, and ETSI) to develop European standards (ENs) in support of EU legislation and policies. Mandates are issued under Regulation (EU) No 1025/2012 and help ensure that products and services meet the essential requirements set out in EU directives and regulations.

What does M/289 cover?

M/289 is a European Standardization Mandate titled "Standardization Mandate addressed to CEN, CENELEC and ETSI in the field of Information Society, in support of the European Directive on the protection of individuals with regard to the processing of personal data and the free movement of such data (Directive 95/46/EC of the European Parliament and of the Council of 14 October 1995)". Standardization Mandate addressed to CEN, CENELEC and ETSI in the field of Information Society, in support of the European Directive on the protection of individuals with regard to the processing of personal data and the free movement of such data (Directive 95/46/EC of the European Parliament and of the Council of 14 October 1995) There are 0 standards developed under this mandate.

How do mandates relate to harmonized standards?

Standards developed in response to a mandate and cited in the Official Journal of the European Union become "harmonized standards". Products manufactured in compliance with harmonized standards benefit from a presumption of conformity with the essential requirements of the corresponding EU directive or regulation, facilitating CE marking and market access across the European Economic Area.