ISO/TS 23635:2022

TECHNICAL ISO/TS
SPECIFICATION 23635
First edition
2022-02
Blockchain and distributed ledger
technologies — Guidelines for
governance
Reference number
ISO/TS 23635:2022(E)
© ISO 2022

---------------------- Page: 1 ----------------------
ISO/TS 23635:2022(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2022
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
  © ISO 2022 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/TS 23635:2022(E)
Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Governance principles for DLT systems . 1
4.1 Overview . 1
4.2 Principles . 2
4.2.1 Principle 1: Define identifiers of entities involved . 2
4.2.2 Principle 2: Enable decentralized decision-making . 2
4.2.3 Principle 3: Ensure explicit accountability . 2
4.2.4 Principle 4: Support transparency and openness . 2
4.2.5 Principle 5: Align incentive mechanisms with system objectives . 2
4.2.6 Principle 6: Provide performance and scalability . 2
4.2.7 Principle 7: Make risk-based decisions and address compliance obligations. 2
4.2.8 Principle 8: Ensure security and privacy . 3
4.2.9 Principle 9: Consider interoperability requirements . 3
5 Governance framework for DLT systems . 3
5.1 Overview . 3
5.2 Comparison with other governance frameworks . 3
5.3 Specific governance considerations for DLT systems . 4
5.4 Decision rights and decision-making . 7
5.5 Accountability . 7
5.6 Incentives and incentive mechanisms . 8
6 Governance of different types of DLT systems . 9
6.1 Types of DLT systems . 9
6.2 Governance in permissioned systems .12
6.3 Governance in permissionless public systems .12
7 Governance throughout a DLT system’s lifecycle and contexts .13
7.1 Governance throughout a DLT system’s lifecycle . 13
7.1.1 General .13
7.1.2 Governance in the Establish stage . 14
7.1.3 Governance in the Operate stage . 14
7.1.4 Governance in the Terminate stage . 15
7.2 Governance in the DLT systems contexts . 15
7.2.1 Overview of the DLT governance contexts . 15
7.2.2 Data context . 15
7.2.3 Protocol context . 16
7.2.4 Application context . 16
7.2.5 Institutional context . 16
8 Roles in the governance framework .16
9 Governance instruments .19
9.1 General . 19
9.2 On-ledger and off-ledger governance instruments . 20
9.2.1 General .20
9.2.2 On-ledger governance instruments . 21
9.2.3 Off-ledger governance instruments . 21
9.3 Considerations in implementing instruments. 21
9.3.1 Adaptability . 21
9.3.2 Risk . 22
9.3.3 Privacy .23
iii
© ISO 2022 – All rights reserved

---------------------- Page: 3 ----------------------
ISO/TS 23635:2022(E)
10 Governance of interoperability .24
Bibliography .26
iv
  © ISO 2022 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/TS 23635:2022(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 307, Blockchain and distributed ledger
technologies.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
v
© ISO 2022 – All rights reserved

---------------------- Page: 5 ----------------------
ISO/TS 23635:2022(E)
Introduction
This document addresses how key governance characteristics such as decision rights, accountabilities,
and incentives operate effectively and efficiently in DLT systems.
Due to the fast-evolving nature of DLT systems and their adoption, this document has been developed
at a level of abstraction to provide guidance and instruction in diverse contexts. “Distributed ledger
technologies” (DLT) includes blockchain technologies. The specific blockchain technology will be
named explicitly only where specific characteristics of blockchain technologies warrant doing so.
DLT systems challenge our existing understanding of governance as these systems are often
decentralized in their governance. In the case of permissionless public distributed ledgers, they can
comprise an unrestricted number of potentially pseudonymous DLT users and nodes. Even permissioned
public blockchains can have hybrid governance structures, comprising elements of centralized as well
as decentralized governance. In the absence of a central governing authority for distributed ledger
systems, several governance questions regarding ownership, decision rights, responsibilities and
accountabilities, and incentive structures emerge that cannot be addressed by applying traditional
governance mechanisms.
Thus, for distributed ledger systems, it is important for participants to establish who they are dealing
with (identity) and who is responsible and accountable for the directing and control of the DLT system
(governance). For organizations and broader industries, it is difficult to engage in the development of
DLT systems in the absence of effective DLT-governance mechanisms.
In general, DLT systems aim for decentralizing decision rights and the technical implementation of
accountability. The locus of achieving consensus is decentralized, meaning that the records that form
the foundation of the DLT systems are not only distributed but also in many instances validated by
multiple DLT users. Moreover, disagreements can be resolved in a decentralized way if users initiate
‘forks’ by copying and branching existing codebases and developing them further according to differing
goals.
As DLT systems gain importance, incentive alignment becomes increasingly important. While incentives
are at the core of all economic activities, in DLT systems aligning incentives adequately is important
for effective functioning because in many DLT systems incentives provide the means of achieving
consensus. Unless incentives are properly aligned, the nodes of the DLT system will not contribute to
consensus. Improper incentive alignment threatens the integrity of the system and can prevent a DLT
system’s effective functioning.
Smart contracts can allow for decentralized governance mechanisms, but many present-day DLT
systems continue to be characterized by a degree of centralized, often informal, decision-making. In
DLT systems, accountability in principle will increasingly be implemented technically rather than
institutionally through traditional contracts.
Smart contracts allow for specifying and enforcing accountability using codified rules on-ledger.
However, in some cases it is not possible to implement autonomous transaction enforcement completely
on-ledger. In these cases, some form of off-ledger institutional involvement can be necessary for
effective dispute resolution among DLT users. The establishment of ‘off-ledger’ governance instruments
will be beneficial in assuring participants in the integrity of DLT systems.
Standards in these areas will also benefit DLT developers and providers looking to establish new DLT
systems that provide confidence to stakeholders. A key accountability issue concerns identity in DLT
systems, usually granted through the public addresses that are used to conduct transactions in public
DLT systems. Given multiple and pseudonymous identities, this could be a problem. Some users will
wish to identify themselves using traditional institutional means (e.g. driver licenses linked to their
DLT identities). Other technical approaches can seek to address the problem of ensuring confidence
in user identity, for example by linking reputation to public addresses. Overall, the shift toward the
enforcement of accountability through technology has only begun and it is likely that institutions will
continue to play important roles for ensuring accountability in DLT systems for some time to come.
vi
  © ISO 2022 – All rights reserved

---------------------- Page: 6 ----------------------
ISO/TS 23635:2022(E)
This document is organized as follows. Clause 4 presents governance principles for DLT systems.
Clause 5 discusses the governance framework for DLT systems. Clause 6 discusses the governance
of different types of DLT systems. Clause 7 the lifecycle of DLT systems. Clause 8 discusses the roles
involved in the governance of DLT systems. Clause 9 discusses governance instruments for DLT systems.
Clause 10 examines governance considerations of the interoperability of DLT systems.
The audience includes but is not limited to academics, architects, participants, users, developers,
regulators, auditors, and standards development organizations.
vii
© ISO 2022 – All rights reserved

---------------------- Page: 7 ----------------------
TECHNICAL SPECIFICATION ISO/TS 23635:2022(E)
Blockchain and distributed ledger technologies —
Guidelines for governance
1 Scope
This document provides guiding principles and a framework for the governance of DLT systems.
The document also provides guidance on the fulfilment of governance, including risk and regulatory
contexts, that supports the effective, efficient, and acceptable use of DLT systems.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 22739, Blockchain and distributed ledger technologies — Vocabulary
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 22739 and the following apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
distributed ledger technology governance
DLT governance
system for directing and controlling DLT systems including the distribution of on-ledger and off-ledger
decision rights, incentives, responsibilities, and accountabilities
3.2
governing body
entity that is accountable for the performance and conformance of the distributed ledger technology
governance
4 Governance principles for DLT systems
4.1 Overview
This clause sets out nine action-oriented principles for good governance of DLT systems that will be
elaborated in more detail throughout the document. The principles are intended to help stakeholders
evaluate and improve governance mechanisms, structures and activities, with a view to meet
governance objectives, which are: effective, efficient, and acceptable use of DLT systems. This is
primarily achieved by providing stakeholders with the right incentives to perform their roles within a
governance framework.
1
© ISO 2022 – All rights reserved

---------------------- Page: 8 ----------------------
ISO/TS 23635:2022(E)
The governance of DLT systems should include commitments to address sustainability issues in their
establishment, operation, and termination.
NOTE Useful sources of information on sustainability issues are ISO 26000 and UN Sustainable Development
[15]
Goals (SDGs) .
The governance principles provide the foundation for implementing mechanisms, structures, and
activities in DLT systems. The statement of each principle refers to why it is important and what should
happen, but does not prescribe how, when or by whom the actions must be implemented, as these
aspects are dependent on the nature of the DLT systems.
4.2 Principles
4.2.1 Principle 1: Define identifiers of entities involved
DLT systems can vary in terms of the identifiers of the actors of the systems. Some DLT systems use
pseudonyms as on-ledger identifiers while others use off-ledger identifiers to provide confidence. The
definition of identifiers appropriate for the DLT system is the foundation for all governance functions.
4.2.2 Principle 2: Enable decentralized decision-making
Decentralization of decision-making is a key characteristic of many DLT systems. Decision-making
in DLT systems can either be embedded on-ledger or off-ledger. Decentralized systems foster
participation in collective decision-making, thereby enhancing overall trust. DLT systems should enable
decentralized, on-ledger decision-making processes. When decisions are made off-ledger, they should
be made in an explicit and formal manner.
4.2.3 Principle 3: Ensure explicit accountability
Over the lifecycle of DLT systems, ownership and decision-making rights can change and thus, so
does accountability. Due to the decentralized nature of most DLT systems, explicit accountability
mechanisms are needed to enforce rules. Accountability mechanisms should be enforced on-ledger
where appropriate but can be enforced or complemented by off-ledger mechanisms.
4.2.4 Principle 4: Support transparency and openness
During a DLT system’s lifecycle, the actions, decisions, and operation of the system should be
transparent to DLT stakeholders to enhance trust. DLT systems should comprise mechanisms that
allow stakeholders to observe and audit system dynamics.
4.2.5 Principle 5: Align incentive mechanisms with system objectives
Incentives in DLT systems drive the achievement of consensus among decision makers, the resolution
of conflicts and decisions on the ongoing governance, design, and operation of systems. Incentive
mechanisms in DLT systems play a key role in driving desirable behaviour across DLT users and other
stakeholder groups. Incentive mechanisms should be explicitly designed to support system objectives.
4.2.6 Principle 6: Provide performance and scalability
If performance is not provided, the agility and maintainability of the system is affected. DLT systems
should provide mechanisms to meet performance and scalability needs over the lifecycle of the
respective DLT system. The use of DLT systems should be effective, efficient, and scalable while
achieving system performance.
4.2.7 Principle 7: Make risk-based decisions and address compliance obligations
The lifecycle of a DLT system can pose specific risks, including jurisdictional challenges. Challenges
should be assessed and treated appropriately in decision-making processes. DLT systems should seek
2
  © ISO 2022 – All rights reserved

---------------------- Page: 9 ----------------------
ISO/TS 23635:2022(E)
to set rules that ultimately induce self-compliance in order to reduce the risk of non-compliance with
regulation.
4.2.8 Principle 8: Ensure security and privacy
Security serves the purpose of keeping confidentiality, integrity, and availability of the DLT system.
The DLT system should provide appropriate security mechanisms. The safeguarding of privacy in DLT
systems should be ensured. Privacy impacts should be considered. Depending on the task or process
operated on a DLT system, related requirements should be addressed accordingly.
4.2.9 Principle 9: Consider interoperability requirements
Where DLT systems will need to work together with other systems, interoperability should be
considered in the whole lifecycle of the system, especially at the design stage. A DLT system architecture
should provide mechanisms to interoperate with other DLT and non-DLT systems with similar or
different governance mechanisms in place.
5 Governance framework for DLT systems
5.1 Overview
This clause describes the governance framework for DLT systems. The framework for governance
encompasses the decision rights, accountabilities and incentives associated with the governance of DLT
systems. The differences between the governance of IT systems in general and the governance of DLT
systems are discussed.
5.2 Comparison with other governance frameworks
Traditional approaches to governance of IT, for example as described in ISO/IEC 38500 and
ISO/IEC/TR 38502, assume centralized governance. Such governance typically encompasses the
effective, efficient and acceptable use of IT within the organization and is responsible for evaluating
plans and proposals, directing policies and strategies and monitoring performance and conformance
related to IT. An organization is not necessarily a company, enterprise, or government agency, but
is assumed to be well-defined and be upheld by a clear source of authority. Boundaries on the scope
and authority of a governing body are normally documented, for example, in a constitution, charter,
or legislation. The implications of organizationally bound IT governance flow through elements and
assumptions of these existing governance frameworks. These are commonly reflected in the role of
conventional IT governance frameworks in defining and ensuring the implementation of IT strategy and
business plans, the accountabilities of organizational management and boards, and the management of
organizational risks including their relevant control treatments.
DLT systems differ from IT systems in general in that they involve distributed computing and are
decentralized systems, where different nodes of the system are typically controlled by different
organizations or individuals. In the context of governance, only organizations and individuals are
considered as accountable entities. DLT systems can span organizational and jurisdictional boundaries.
As a result, governance can span multiple organizations or individuals and therefore goes beyond the
governance approaches of International Standards such as ISO/IEC 38500 and ISO/IEC/TR 38502. The
relationship between the organizations and individuals involved with the DLT system is key and the
governance framework for the system needs to address a series of critical questions such as:
a) What are the different types of DLT systems and how do they affect the establishment and execution
of governance rules?
b) How do changes of the governing body over the lifecycle of DLT systems affect different DLT
governance contexts?
c) Which stakeholder roles exist and how do they affect DLT systems governance?
3
© ISO 2022 – All rights reserved

---------------------- Page: 10 ----------------------
ISO/TS 23635:2022(E)
d) How can risk, accountability, and compliance considerations be embedded in different types of DLT
systems?
e) How can interoperability between DLT systems as well as between DLT systems and non-DLT
systems be achieved and what are the governance implications?
To achieve effective governance of decision rights, accountabilities, and incentives, DLT systems
governance should accommodate for multi-stakeholder, distributed governance, reflecting the
decentralization typical of DLT systems.
5.3 Specific governance considerations for DLT systems
Governance of IT is defined by ISO/IEC 38500 as ‘a system by which the current and future use of IT
is directed and controlled’. ISO/IEC 38500 covers many of the aspects of governance that also apply to
DLT systems.
There are certain characteristics and dependencies of DLT systems that require a different approach
to governance of IT as described in ISO/IEC 38500. While the governance of IT systems of a centralized
organization is a relatively mature field, the governance of decentralized systems such as DLT systems
is less well understood. This document addresses the unique aspects of governing DLT systems that
warrant the adoption of specific governance functions and characteristics.
Governance of IT as defined in ISO/IEC 38500 addresses responsibilities and accountability. Another
definition for governance of IT is given in Reference [17]: ‘IT governance represents the framework for
decision rights and accountabilities to encourage desirable behavior in the use of IT’. This definition
encompasses three key dimensions of governance of IT: decision rights, accountability, and incentives.
These dimensions are useful when considering decentralized systems that span across multiple
organizations.
The essence of a decentralized system such as a DLT system is that the system is typically decentralized
among a group of organizations or individuals. The governance of such decentralized systems is closely
connected to the nature of the group and the means by which the group is bound together.
There are three types of DLT systems with different governance structures and associated processes
according to their degree of decentralization. While permissionless public DLT systems are considered
to be completely decentralized, DLT systems that are permissioned public or permissio
...