Standards Development

Scope

This document specifies requirements for using blockchain and distributed ledger technologies (DLT) for creation, management, storage and disposition of authoritative records, records systems and records management. The document focuses on requirements for blockchain and DLT applications that:

• create and receive records that are required to be authoritative;

• can be used as records systems; and

• can be used for records management, including records controls.

Purpose

Blockchain and DLT are now changing the paradigm of data flow and processing because of its irreversible and unmodifiable nature, and is rapidly spreading to various areas where data reliability is required. The reliability of blockchain data is recognized as a breakthrough technology that can replace many businesses that have been performed by third parties into peer-to-peer forms. Efforts to make the blockchain the basis of information processing are rapidly emerging in various industries such as finance, manufacturing, logistics, public service, trade, and medical care, etc. Many companies adopt DLT Systems for several use cases. DLT and blockchain are also being used to protect digital rights, as in cases where blockchain is used to for records access control and permissions for AI model training on open data. As Records management aims for keeping the authenticity, integrity and reliability so authoritativeness over time according to legal and business needs it play crucial role for use of DLT Systems and blockchain

Information systems used for business and governance can create, receive and store records, and DLT solutions are no different. There can be records in these solutions that need to be managed in compliance with existing legal, regulatory, business, societal and other requirements. Also, DLT solutions or their constituent parts have potential to be designed to manage records.

The need for the defining requirements on blockchain and DLT to be used authoritative records, records systems and records management using the specific characteristics of this technology (e.g. distributed and decentralized nature, immutability, use of consensus and use of smart contracts) and some of its modes of application (e.g. including the possibility of there being no designated owner, distributed governance, transborder use, and different trust assumptions) is key for utilization of DLT and blockchain in regulated environments- The specific characteristics of DLT can both facilitate records management (e.g. maintenance of integrity) and result in difficult records management and legal challenges (e.g. possible absence of a designated authoritative copy of a record, difficulties in disclosing records to authorities and courts including e-discovery, difficulties managing retention and disposition, and challenges managing personally identifiable information (PII) protection). The standard is aimed to define the needed requirements for possible solutions and implementations.

The project is based on ISO TR 24332:2025 and will take its content into account. It`s aimed to transfer core content and experiences from the TR into International Standard. DLT Systems are now widely used so that International Standard needed to guide the design, implementation and utilization of DLT Systems for creation and keeping authoritativeness of on-ledger and off-ledger records as well as an appropriate records management according to standardization framework.

The project will focus on following subjects:

• Fundamental requirements on records management with Blockchain and DLT

• Authoritativeness of records using DLT and Blockchain

• DLT and records processes

• Interaction of DLT Systems and records systems

• Business and functional considerations

o Legal and jurisdictional considerations

o Handling PII o Identification and authentication requirements

o Longevity of DLT Systems

o DLT Security and Key Management

o Smart contracts and records management

o Monitoring and evaluation

o Specific use cases related considerations (e.g. Tokenization)

The target audience of this document includes records managers and allied professionals; IT professionals and application developers; legal and compliance professionals; researchers; educators; and other interested parties

Consider the following:

Is there a verified market need for the proposal?

What problem does this document solve?

What value will the document bring to end-users? 

See Annex C of the ISO/IEC Directives part 1 for more information. See the following guidance on justification statements in the brochure ‘Guidance on New work’: https: //www.iso.org/publication/PUB100438.html