This document presents the assessment of the safety, security, competition, responsibilities, and data protection risks that can originate from the ISO 20078 series.
In particular, the following risks are outside the scope of this assessment, because they relate to elements that are excluded from the scope of the ISO 20078 series:
— the risks associated with the implementation of the ISO 20078 series;
— the risks associated with the process that the accessing parties or any other parties would later on use to communicate the information they obtained;
— the risks associated with the process used by the resource owner to provide, modify, or revoke their authorization to pass information;
— the risks associated with the mitigation of the risks, should such a mitigation be necessary.