ISO/TS 23635:2022

TECHNICAL ISO/TS
SPECIFICATION 23635
First edition
2022-02
Blockchain and distributed ledger
technologies — Guidelines for
governance
Reference number
© ISO 2022
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Governance principles for DLT systems . 1
4.1 Overview . 1
4.2 Principles . 2
4.2.1 Principle 1: Define identifiers of entities involved . 2
4.2.2 Principle 2: Enable decentralized decision-making . 2
4.2.3 Principle 3: Ensure explicit accountability . 2
4.2.4 Principle 4: Support transparency and openness . 2
4.2.5 Principle 5: Align incentive mechanisms with system objectives . 2
4.2.6 Principle 6: Provide performance and scalability . 2
4.2.7 Principle 7: Make risk-based decisions and address compliance obligations. 2
4.2.8 Principle 8: Ensure security and privacy . 3
4.2.9 Principle 9: Consider interoperability requirements . 3
5 Governance framework for DLT systems . 3
5.1 Overview . 3
5.2 Comparison with other governance frameworks . 3
5.3 Specific governance considerations for DLT systems . 4
5.4 Decision rights and decision-making . 7
5.5 Accountability . 7
5.6 Incentives and incentive mechanisms . 8
6 Governance of different types of DLT systems . 9
6.1 Types of DLT systems . 9
6.2 Governance in permissioned systems .12
6.3 Governance in permissionless public systems .12
7 Governance throughout a DLT system’s lifecycle and contexts .13
7.1 Governance throughout a DLT system’s lifecycle . 13
7.1.1 General .13
7.1.2 Governance in the Establish stage . 14
7.1.3 Governance in the Operate stage . 14
7.1.4 Governance in the Terminate stage . 15
7.2 Governance in the DLT systems contexts . 15
7.2.1 Overview of the DLT governance contexts . 15
7.2.2 Data context . 15
7.2.3 Protocol context . 16
7.2.4 Application context . 16
7.2.5 Institutional context . 16
8 Roles in the governance framework .16
9 Governance instruments .19
9.1 General . 19
9.2 On-ledger and off-ledger governance instruments . 20
9.2.1 General .20
9.2.2 On-ledger governance instruments . 21
9.2.3 Off-ledger governance instruments . 21
9.3 Considerations in implementing instruments. 21
9.3.1 Adaptability . 21
9.3.2 Risk . 22
9.3.3 Privacy .23
iii
10 Governance of interoperability .24
Bibliography .26
iv
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 307, Blockchain and distributed ledger
technologies.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
v
Introduction
This document addresses how key governance characteristics such as decision rights, accountabilities,
and incentives operate effectively and efficiently in DLT systems.
Due to the fast-evolving nature of DLT systems and their adoption, this document has been developed
at a level of abstraction to provide guidance and instruction in diverse contexts. “Distributed ledger
technologies” (DLT) includes blockchain technologies. The specific blockchain technology will be
named explicitly only where specific characteristics of blockchain technologies warrant doing so.
DLT systems challenge our existing understanding of governance as these systems are often
decentralized in their governance. In the case of permissionless public distributed ledgers, they can
comprise an unrestricted number of potentially pseudonymous DLT users and nodes. Even permissioned
public blockchains can have hybrid governance structures, comprising elements of centralized as well
as decentralized governance. In the absence of a central governing authority for distributed ledger
systems, several governance questions regarding ownership, decision rights, responsibilities and
accountabilities, and incentive structures emerge that cannot be addressed by applying traditional
governance mechanisms.
Thus, for distributed ledger systems, it is important for participants to establish who they are dealing
with (identity) and who is responsible and accountable for the directing and control of the DLT system
(governance). For organizations and broader industries, it is difficult to engage in the development of
DLT systems in the absence of effective DLT-governance mechanisms.
In general, DLT systems aim for decentralizing decision rights and the technical implementation of
accountability. The locus of achieving consensus is decentralized, meaning that the records that form
the foundation of the DLT systems are not only distributed but also in many instances validated by
multiple DLT users. Moreover, disagreements can be resolved in a decentralized way if users initiate
‘forks’ by copying and branching existing codebases and developing th
...