Share

Digital economy

OECD Guidelines for Cryptography Policy

 

Short address for this page: https://oe.cd/crypto

Cryptography is one of the technological means to provide security for data on information and communications systems. It can be used to protect the confidentiality of data, such as financial or personal data, whether that data is in storage or in transit. Cryptography can also be used to verify the integrity of data by revealing whether data has been altered and identifying the person or device that sent it.

The OECD Recommendation concerning Guidelines for Cryptography Policy was adopted to "promote the use of cryptography without unduly jeopardising public safety, law enforcement, and national security". 

 

Read and download

The Guidelines include eight high-level principles: 

  • Trust in cryptographic methods
  • Choice of cryptographic methods
  • Market-driven development of cryptographic methods
  • Standards for cryptographic methods
  • Protection of privacy and personal data
  • Lawful access
  • Liability
  • International co-operation

Adopted in 1997, the Cryptography Policy Guidelines are reviewed at least every five years. Reviews carried out in 2002, 2007, 2012 and 2017 came to the overall conclusion that they are adequate to address the issues and purpose for which they were formulated and that there was no need to revise them. The next review is expected in 2022.

Related 

 

Related Documents