ISO/TS 42501:2022

TECHNICAL ISO/TS
SPECIFICATION 42501
First edition
2022-10
Sharing economy — General
trustworthiness and safety
requirements for digital platforms
Économie du partage — Fiabilité générale et exigences de sécurité
pour les plateformes numériques
Reference number
ISO/TS 42501:2022(E)
© ISO 2022

---------------------- Page: 1 ----------------------
ISO/TS 42501:2022(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2022
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
  © ISO 2022 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/TS 42501:2022(E)
Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 General requirements . 1
4.1 General . 1
4.2 Integrity . 2
4.3 Transparency . 2
4.4 Accountability and authorization . 2
4.5 Accessibility and inclusion . 3
4.6 Respect for other affected interests . 3
4.7 Competence . 3
5 Transaction phases of digital platform . 4
5.1 Overview . 4
5.2 On-boarding . 4
5.3 Information delivery/update . 5
5.4 Connection . 5
5.5 Transaction . 5
5.6 Rating/review . 6
6 Requirements for managing operations . 6
6.1 Overview . 6
6.2 Registration/authentication/verification . 7
6.2.1 General . 7
6.2.2 Communication methods . 7
6.2.3 Authentication of identity and verification of credentials . 7
6.2.4 Safety mechanism for minors . 7
6.3 Terms of use . 8
6.3.1 General . 8
6.3.2 Developing terms of use . 8
6.3.3 Requirements for public order and morality . 8
6.3.4 Summary of terms of use . 8
6.3.5 Actions in response to violation of terms of use . 8
6.3.6 Changes to terms of use . 8
6.3.7 Limiting/Suspending/terminating the use of digital platform . 9
6.4 Complaint handling and dispute resolution . 9
6.4.1 General . 9
6.4.2 Rights, redress and guarantees . 9
6.4.3 Supporting the resolution of issues . 9
6.4.4 Preparing for incidents . 10
6.4.5 Confirmation of provider identification . 10
6.4.6 Response to emergency situations . 10
6.4.7 Report of the status of services to guardians . 10
6.4.8 Report of the results of services to guardians . 10
6.5 Information for providers and users . 10
6.5.1 Information on booking and transaction fees. 10
6.5.2 Information on dynamic pricing . 11
6.5.3 Information on changes in search function and ranking . 11
6.5.4 Information on status of providers. 11
6.5.5 Information on potential infringement . 11
6.5.6 Deletion of false information . 11
6.5.7 Raising awareness on unlawful behaviours . 11
iii
© ISO 2022 – All rights reserved

---------------------- Page: 3 ----------------------
ISO/TS 42501:2022(E)
6.5.8 Improvement support for providers and users . 11
6.5.9 Ensuring life security of provider and user . 11
6.5.10 Ensuring timely distribution of revenues . 11
6.5.11 Ethical marketing practices .12
6.6 Information security . 12
6.6.1 General .12
6.6.2 Procedures for handling of information .12
6.6.3 Information security roles and responsibilities .12
6.6.4 Confirmation of handling of information .12
6.6.5 Response to information leakage .12
6.6.6 Review of information security .12
6.6.7 Awareness training to platform operator employees .13
6.6.8 Access control . 13
6.6.9 Prevention of loss or theft of removable media .13
6.6.10 Deletion of information and disposal of media .13
6.6.11 Control of access to devices . 13
6.6.12 Access to networks and network services .13
6.6.13 Protection against unauthorized access .13
6.6.14 Detection of unauthorized access . 13
6.6.15 Protection of confidentiality . 13
6.6.16 Encryption of communication . 14
6.6.17 Up-to-date security information . 14
6.6.18 Control of outsourced processes . 14
Bibliography .15
iv
  © ISO 2022 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/TS 42501:2022(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 324, Sharing economy.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
v
© ISO 2022 – All rights reserved

---------------------- Page: 5 ----------------------
ISO/TS 42501:2022(E)
Introduction
A combination of widespread internet use, technological developments, innovation in economic models
and demographic shifts has led to the emergence of a new economic model called the “sharing economy”,
which enables otherwise unconnected individuals and/or organizations to make transactions of
products and assets.
The sharing economy creates opportunities to connect individuals and/or organizations with unused
assets and skill with those who wish to utilize them. It enables services and products to reach a wider
range of consumers, to support entrepreneurship, and to create new business opportunities through
enabling a flexible working style. Through the new model, the possibility of sharing and accessing
assets rather than owning them could better optimize their use. The sharing economy is expected
to create opportunities providing products and assets and thus positively contributes to social and
environmental improvement.
On the other hand, issues such as security, service quality and reliability might not be assured to the
same level as with classic business and (inter)national regulation. These potential shortcomings might
not just harm users but the same fair competition among providers.
This document aims to encourage more acceptable, trustworthy operations of digital platforms by
supporting the management activities of platform operators, both for profit and non-profit.
vi
  © ISO 2022 – All rights reserved

---------------------- Page: 6 ----------------------
TECHNICAL SPECIFICATION ISO/TS 42501:2022(E)
Sharing economy — General trustworthiness and safety
requirements for digital platforms
1 Scope
This document specifies general trustworthiness and safety requirements applicable to operators of
digital platforms within the sharing economy. While this document does not cover system requirements
for digital platforms, the document is still beneficial for system development.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 42500, Sharing economy — General principles
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 42500 and the following apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
authentication
provision of assurance with respect to the claimed identity of any provider or user, based on information
provided by each of them
Note 1 to entry: Authentication is the responsibility of the platform operator.
3.2
verification
confirmation by the platform operator that applicable legal and specified contractual requirements for
registered users and providers have been fulfilled through the provision of objective evidence
4 General requirements
4.1 General
Platform operators shall follow the principles below in accordance with ISO 42500:
a) integrity;
b) transparency;
c) accountability and authorization;
d) accessibility and inclusion;
e) respect for other affected interest;
1
© ISO 2022 – All rights reserved

---------------------- Page: 7 ----------------------
ISO/TS 42501:2022(E)
f) competence.
4.2 Integrity
The platform operator shall put in place and maintain a support mechanism to help providers and users
understand relevant norms, which may include cultural norms in the country/region where they are
operating through use of the digital platform or industry norms for the type of goods or services they
are providing.
The platform operator shall demonstrate their commitment by
— treating all providers and users in an equal, fair and transparent manner,
— respecting legal and ethical obligations, and
— dealing with requests of providers and users in a helpful way.
The platform operator shall build mechanisms that ensure that these maxims are upheld during the
operation and the use of the digital platform.
The platform operator should build mechanisms to promote mutually beneficial relationships between
relevant parties. The purpose of such a mechanism is to promote the respect of the aforementioned
norms by users and providers and enhance the quality of the digital platform and meet user’s and
provider’s expectations.
4.3 Transparency
When attracting providers and users to the digital platform, platform operators shall organize and
present information supplied by providers and users in a way that ensures that it is findable, usable,
relevant and timely and allows providers and users to make informed decisions.
The platform operator shall also make the criteria used to facilitate transactions and how they are
executed between providers and users (such as ranking, pricing, ratings and reviews) findable, usable,
and relevant. The platform operator shall be transparent and give clear, detailed and accessible
information to providers and users on how the business model of the digital platform works.
4.4 Accountability and authorization
The platform operator shall establish processes or mechanisms to address any failures by providers to
deliver products or assets as described to users, as well as to determine liability that could be incurred
by platform participants for any such failure and any corresponding recourse. Responsibility should be
determined based on a confirmed agreement between platform operators and providers or users made
prior to entry into any transaction.
The platform operator should consider that they might need to make records of decisions and activities
and their impacts and opportunities with respect to providers and users available for scrutiny by
governing bodies, legal authorities, and other interested parties.
The platform operator should inform providers that they are responsible for
— ensuring that they do not place products that are clearly unsafe on the market,
— warning users of potential risks associated with the products they supply and their use as well as
any defects, and
— making sure that their products can be traced so that they can be removed in case they turn out
faulty to avoid any risks for users.
2
  © ISO 2022 – All rights reserved

---------------------- Page: 8 ----------------------
ISO/TS 42501:2022(E)
The platform operator shall
a) treat personal information in a confidential manner, respecting the privacy of the providers and
users in particular with particular regards to the collection, use, storage and disclosure of personal
information, and
b) remove products and services from the digital platform that are obviously unsafe or illegal.
The platform operator may outsource its operations. The platform operator should ensure that parties
to whom it delegates any of the roles and responsibilities meet the requirements to which it is subject.
4.5 Accessibility and inclusion
The digital platform and the relevant information provided by the digital platform about itself should
be easy to find, understand and use. The digital platform should be planned, designed, developed,
implemented, maintained, and improved to address the needs of different users, including those who
may be at greater risk of detriment due to consumer vulnerability, and those with special accessibility
requirements.
Platform operators should establish mechanisms to investigate instances of unfair discriminatory
behaviour by providers and users that are raised to them through any complaint or dispute resolution
mechanisms.
Platform operators should establish a means of tracking the number of such instances by geography, of
determining the impact of discriminatory conduct on platform operation, and of limiting providers and
users whose conduct is found to be unfairly discriminatory after investigation from participating on
the digital platform.
4.6 Respect for other affected interests
The platform operator shall be aware of interests of third parties that are not immediate partners of
the digital platform such as providers and users but affected by the operation of the digital platform
and the products or assets handled by the digital platform and the way they are produced, delivered, or
transported.
This refers to such issues as the protection of
— fair competition,
— environment,
— health,
— safety of workforce, and
— public safety.
Providers, users, products, or assets that might infringe these societal interests shall be subject to
check in cooperation with competent authorities or organisations.
4.7 Competence
In adhering to the principles of the sharing economy, platform operators should seek to encourage
providers to offer products and assets on their digital platforms in a manner that allows users to make
informed decisions.
The platform operator shall ensure that their personnel can deal with the requests of providers and
users in an adequate manner. This refers to their qualification in technical and social skills, their
number and availability to manage requests without substantial delay.
3
© ISO 2022 – All rights reserved

---------------------- Page: 9 ----------------------
ISO/TS 42501:2022(E)
Some parts of support can be dealt with in an automatized way or with FAQs but there shall be personnel
available to personally respond to requests in an adequate time frame.
At least part of the personnel shall be competent to deal with the issues described in 4.2 to 4.6 which go
beyond the technical aspect of a transaction.
To the extent practical considering the relationship of the platform operator to the providers under
applicable labour laws governing the digital platform’s activities, platform operators should provide
providers and users with the opportunity to acquire knowledge and skills about participation in the
sharing economy.
5 Transaction phases of digital platform
5.1 Overview
In the sharing economy, an exchange between providers and users typically goes through the following
five distinct phases, see Figure 1:
— on-boarding;
— information delivery/update;
— connection;
— transaction;
— rating/review.
NOTE Providers and users move through different phases in the process along the arrows shown in
the chart.
Figure 1 — Transaction phases and managing operations for digital platform
5.2 On-boarding
The onboarding phase is where platform operators undertake authentication and verification of
providers and users.
4
  © ISO 2022 – All rights reserved

---------------------- Page: 10 ----------------------
ISO/TS 42501:2022(E)
The platform operator shall make sure the identification of providers and users occurs in accordance
with 6.2.
NOTE ISO/TS 42502 provides guidance on provider verification.
5.3 Information delivery/update
The information delivery/update phase is where
— providers and users deliver or update the information about themselves on the digital platform, and
— providers deliver and update information on their products and assets provided by them.
The platform operator shall ensure that relevant information is easily accessible and well-organized to
allow users to make informed decisions and to reduce misunderstanding about the quality of products
or assets offered by providers. If a ranking of products, assets, providers, or users is provided by the
platform operator, the platform operator shall ensure that information on the criteria for the ranking is
available on the digital platform and easily accessible. If a ranking is based on a combination of multiple
criteria, the platform operator shall make information available on the digital platform and easily
accessible that it is aware of on what each criterion is, how much weight is placed on each criterion in
percentage terms, and whether the ranking was determined using machine-learning. If a product, asset,
provider, or user is given an elevated ranking or listing as a result of a payment to the platform operator,
the platform operator shall clearly display the ranking or listing as “advertisement” or “promoted.”
NOTE This requirement can be fulfilled by requiring input of certain information or providing answers to
frequently asked questions.
The platform operator shall put in place a mechanism that allows both the users and providers to input
and update information on the products and assets offered on the digital platform. The information
shall be reflected promptly on the digital platform. For requirements on changes of information about
providers and users themselves, see 6.2.
When products and assets provided by providers are added or changed, the platform operator shall
ensure that the information on the products and assets are verified according to 6.2.
The platform operator shall provide a list of required information to be made available by the provider
about their product or asset. The platform operator should provide a list of addi
...