Resources

New articles are published here first, with summaries shared on LinkedIn. Topics span four categories:

EUDI & Digital Identity — Wallet security analysis, eIDAS 2.0 implementation, and access control frameworks
Standards — Guides and commentary on ISO/IEC 27560, CEN standards, and consent management
ISMS & Compliance — Practical guides for ISO 27001 preparation, PDCA best practices, and audit readiness
AI & Technology — Analysis of emerging technologies including AI for security, A2AS frameworks, and threat landscape evolution

Looking for conference talks and research papers? See Selected Publications.

A sign reading Privacy Please — representing the need for structured consent management

ISO/IEC 27560: The Global Standard for Consent Records — What You Need to Know

ISO/IEC 27560 defines how organisations should create, store, and manage consent records. As lead editor of this standard — now freely available — I explain what it covers, why it matters for GDPR compliance and EUDI wallet ecosystems, and how to get started with implementation.

Smartphone displaying EU digital certificate alongside EU passport and QR code documents

prCEN TS 18297: Security Controls for Access Requests in the EUDI Wallet Ecosystem

prCEN TS 18297 defines how relying parties request access to personal data in the EUDI Wallet — and how wallet users stay protected. As co-editor of this technical specification, I explain the five core security controls and why they matter for the everyday person navigating digital identity.

An open padlock on a keyboard — representing the standard being made freely available

ISO/IEC 27560 Is Now Freely Available

ISO/IEC 27560, the global standard for consent records, is now freely available — a significant milestone for privacy and data protection. This means that all organisations, including small businesses, can now implement structured, verifiable consent records without financial barriers. Adoption should be universal — privacy is a right, not a privilege. Making a standard free ISO does not take making standards free lightly, given its business model. But through persistence, the co-editors — myself, Andrew Hughes, and Kelvin Magtalas — together with critical help from Harshvardhan Pandit, managed to secure an exception to promote wider adoption of ISO/IEC 27560 and other privacy-focused ISO standards. ...