未来实验室:2023年中国美容消费十大误区(英文版)(21页).pdf
10 Chinese Beauty Consumer Myths in 2023A Hot Pot China and The Future Laboratory Collaboration4.Preface REPORT INTRODUCTION :Why Chinese beauty consumers?:Research aims and methodology :Who did we speak to?7.Part One ATTITUDES :Chinese youth are rebelling against mainstream beauty standards :Among Chinese women,ageing concerns only start at 40 :Appearing attractive for love interests is all-consuming :Specific product ingredient understanding in China is as low as in the west 21.Part Two MOTIVATIONS :Purpose claims are equally important for buyers in China as in the west :Skin whitening dominates as the issue for Chinese consumers :Male cosmetics is the next opportunity for brands looking at China29.Part Three MARKETING37.Epilogue CLOSING REMARKSContentsContentsCEO:Jonathan Travers-SmithDirector of Creative Strategy:Paul Hickey Director of Strategy:Adam Sandzer Marketing Manager:Adam Doffman Consumer Insights Manager:Chih Yuan-WangDesigner:Purni Gupta Hot Pot China20 Red Lion Street,London WC1R 4PQ Email:Hot Pot China delivers China success through culturally impactful marketing.We work with forward-thinking brands across luxury,fashion,beauty,F&B and fitness to build and deliver succesful strategies in the worlds fastest-moving consumer market.Find out more:Hot Pot China:Contact:For further information or for advice on China strategy,please contact Co-founder:Chris SandersonCo-founder:Martin Raymond CEO:Cliff Bunting Director of strategy and planning:Rachele Simms Director of marketing:Rodrigo Tobal Foresight editor:Fiona Harkin Strategic foresight editor:Adam Steel Deputy creative foresight editor:Olivia Houghton Senior designer:Samuel Davies Marketing manager:Emily KellyThe Future Laboratory6 Orsman Road,London N1 5RA,UK Phone: 44 20 7791 2020 Email:The Future Laboratory is one of the worlds foremost strategic foresight consultancies.Members of our trends intelligence service LS:N Global get exclusive access to the mindsets defining tomorrow and the early adopters driving global change across eight industry sectors.Find out more:LSN.global:Contact:For further information on all our services please contact or call 44 20 7791 2020Cover:Photography by Zhang Kaiyv210 CHINESE BEAUTY CONSUMER MYTHS IN 2023Why chinese Why chinese beauty beauty consumers?consumers?Preface It was the great English playwright William Shakespeare who wrote in Loves Labours Lost that Beauty is bought by judgement of the eye.In other words,beauty,and the standards of what constitutes beauty,are very much in the eye of the beholder.When we reflect on something as subjective as beauty in modern life,we often find ourselves filling our gaps of understanding,particularly if were talking about a region different from our own,with stereotypes and assumptions that lead to myths.China is perhaps the greatest example of a country where beauty standards are nuanced,confusing and evolving,and so it is unsurprising that it is somewhere already greatly misunderstood:there are many myths about attitudes,motivations and how to successfully market brands in the country.This report was created in order to highlight and dispel some of these myths,and to offer a more nuanced,and in some cases dissenting,voice.We are confident that the report will serve decision-makers in the skincare and cosmetics industry with a tilt to Chinese consumers,and will in turn lead to better,deeper connections with this audience for future marketing strategies.This talk of deeper connection and a more nuanced appreciation for the Chinese mindset towards beauty is not in vain according to the latest statistics from research house Euromonitor,in 2021 the total spend value of the beauty industry in China was about Rmb573bn(69.7bn),and this is likely to grow as tough pandemic restrictions in China start to gradually ease up.By introducing,and then dispelling,myths that span both the skincare and colour cosmetics sectors,we hope that brands and partners reading this report will take more nuanced steps to realise some of this value in a growing market.In this report,China strategy and marketing specialist Hot Pot China,in partnership with strategic foresight consultancy The Future Laboratory,will take you on a journey through some of the myths that are dominating the beauty sector at present.Through qualitative and quantitative consumer research,Hot Pot China has gained unparalleled and meaningful insight into the attitudes and behaviours of Chinese beauty consumers.We hope you find our study insightful and we are on hand should you have any questions about applying the findings to your business as you look to win with the opportunity in China,or with Chinese buyers overseas.Photography by Pondsaksit3410 CHINESE BEAUTY CONSUMER MYTHS IN 202310 CHINESE BEAUTY CONSUMER MYTHS IN 2023Research aims and methodologyIn February 2023,Hot Pot Chinas in-house insights team launched research into the beauty consumer in China,with the aim of pushing back against a heavily mythologised and misunderstood market and category.At Hot Pot China we have unique access to a 5,000-person panel based across China,called our Cultural Intel Community(CIC).For the research,which is both quantitative and qualitative/focus-group based,we surveyed both men and women across the skincare and cosmetics sectors across Tier 1 and Tier 2 cities in China.The two core stages combined qualitative and quantitative consumer research:Stage 1 Quantitative:A 500 sample survey (4:1 female to male)of those aged 1830 in Chinese Tier 1 to Tier 3 cities,skincare and/or cosmetics buyers in the past 12 months,with a monthly personal income above Rmb5,000(606).Stage 2 Qualitative:Five smaller online focus groups with above audience types.Total panel was 30,breaking down as 24 female and six male.Rather than focusing exclusively on high-net-worth individuals,a wide range of skincare and cosmetics buyers participated from a range of tiered cities in China,in order to provide full visibility on the range of consumer types and behaviour.Who did we speak to?In order to get a better understanding of as broad a spectrum of the China landscape as possible,we surveyed 1830-year-old consumers,both male(although weighted towards female respondents)and female,living in Tier 1 to Tier 3 Chinese cities,who had purchased skincare and cosmetics products in the past month.In order to keep the report within a realistic premium context,we restricted personal income to above Rmb5,000(606)per month.Half of our respondents were in the younger age group,while the other half were in the older group.It is important to acknowledge the unique economic,social and political context surrounding this report,and more specifically Chinas beauty buyers across skincare and cosmetics.Current conditions,specifically Covid-19,the Russia-Ukraine conflict and an uncertain outlook for the global economy,have in some way affected or accentuated the trends discussed in this report,as well as the future direction of the beauty consumer in China,so it is best to keep this in mind.Photography by Cottonbro StudioPhotography by Victoria Ling for The Future Laboratory10 CHINESE BEAUTY CONSUMER MYTHS IN 20236510 CHINESE BEAUTY CONSUMER MYTHS IN 2023Part one AttitudesThe following are myths and misconceptions that can be grouped together as attitudes.The mainstream Chinese ideals of beauty,including the holy trinity for women of possessing pale,luminescent skin,large eyes and a high-bridged nose,can be partly explained by both a deep-rooted belief that tanned skin is linked to a labour-intensive,non-cosmopolitan lifestyle,and by the influence of a European aesthetic,dialled up by pop culture and technology e.g.beauty filters on smartphones.Many beauty brands lean into these ideals;for example,Liu Yifeis campaign for Shiseidos White Lucent Luminizing Serum,a best-seller in China,can be seen below.When answering questions about these ideals and their relevance today,our focus group research found that these beauty ideals were still very much in place,and were proving extremely resistant to that much change.For all the evidence of Gen Z in China taking a rebellious,counter-cultural approach to new trends in fashion and beauty,the core ideas of what it is to be beautiful are still not in the eye of the beholder as much as the myth suggests.In addition to the facial beauty ideals,there were an increasing number of young Chinese respondents in our focus groups,particularly younger women,who were equally if not more concerned with a slim body shape as they were with whiteness,large eyes and nose structure.Top:Photography by VroniV;above:Photography by PeopleImagesRealityThere is an emerging trend of younger generations in China defining beauty in unorthodox ways,but among young women there are still very high levels of acceptance of core mainstream ideals.Myth 1:Chinese youth are rebelling against mainstream beauty standards 810 CHINESE BEAUTY CONSUMER MYTHS IN 202310 CHINESE BEAUTY CONSUMER MYTHS IN 20237这一两年比较推行白幼瘦,中国女孩都比较推行这种白幼瘦什么的,对我多多少少影响到了,女孩子一定要很白,皮肤要很匀净要那种可爱,那种感觉好像才是最好的 This finding was also supported by our quantitative research,which showed that there is a high level of reported acceptance of the core beauty standards in China,but that equally the feeling of pressure about these ideals is not as high as might be expected.This is often wrongly misconstrued by newcomers to marketing in China as a desire to look Western.In truth,these attitudes around whiteness have roots that go back centuries and stem from class status in Imperial times.Among 2530-year-old women,60%of respondents accepted orthodox social standards of beauty,but in turn did not feel pressure.About 30%of respondents accepted standards but did feel pressure.Whether or not pressure is felt,it is startling to note that acceptance of beauty standards among this group stands at about 90%.While it should be stated that it was an emerging trend that was most notable from our qualitative research,there were mentions of a more natural complexion and athletic,inspired by a growth in self-reported gym attendance and athletic participation.This counter-cultural ideal was particularly true within the subculture of outdoor sports,watersports and athletics.Men18-24 F25-30 F80 %0%Attitudes towards beauty standards in China Accept the social standards of beauty and feel a lot of pressure Accept the social standards of beauty but dont feel a lot of pressure Dont accept the social standards of beauty but feel a lot of pressure Dont accept the social standards of beauty but dont feel a lot of pressure60%Of respondents accepted orthodox social standards of beauty,but in turn did not feel pressure.White,slim,and young have been the mainstream ideas of beauty since two years ago.And it did have an impact on me that I want to look white with good flawless skin,and looking cute.I feel like its the bestLinxin F,20,ChengduThe Future Laboratory Thought-starterIn China,consumers are still content with aspirations and ideals,while around the world,a very different approach to beauty is emerging,one that is more democratic and inclusive.As a result,China may be uncomfortable territory for many Western brands that have spent resources on tackling harmful stereotypes within beauty.It is important to acknowledge that this work should not be undone or hidden for the Chinese audience,but instead,integrated and subtle in your brand communications.10 CHINESE BEAUTY CONSUMER MYTHS IN 202310THE HOT POT TAKEAWAY:There is a misconception that fixed beauty ideals,such as bright,white skin,large eyes and a high nose have been abandoned among the post-1990s generation in China.The reality cuts through the myth while there has been an emergence of a more athletic aesthetic,including slightly darker tones and muscular builds,it is nascent and not mainstream.The resistance to change,and the acceptance of the status quo of these standards,should definitely be noted by brand leaders in the West,especially when it comes to core messaging and positioning themes for these brands.Nowadays in China,it should be noted that there is greater nuance for skin tone desires.There are no longer words for pale skin or bright skin,but a growing lexicon detailed around more specific tones.There is a phrase related to cool tone white skin 冷白皮,for example,which means having white skin and leaning towards the cooler colour tone simultaneously.Photography by Cottonbro StudioIf you are fit,you have muscles,and you have a well-proportioned body shape,you will look beautiful and natural with a light brown wheat-like skin tone Xianrui W,21,Nanchang,Female10 CHINESE BEAUTY CONSUMER MYTHS IN 202310 CHINESE BEAUTY CONSUMER MYTHS IN 20231112THE HOT POT TAKEAWAY:In a 2018 study of the cosmetics and personal care market,global brands like Elizabeth Arden and LOral on Xiaohongshu,or RED,as well as domestic players like KANS and Wei Beauty were correctly identified as already tilting themselves towards anti-ageing preferences in younger consumers,but it appears that skincare brands are still not fully realising the potential of this focus.Myth 2:Among Chinese women,ageing concerns only start at 40 RealityOur data shows that concerns about preventing and eradicating the effects of ageing start much younger in China,with product preferences reflecting this.Beauty brands,particularly skincare brands looking to market their age-prevention claims in Western markets,tend to do so by positioning products,endorsements and messaging around eradication rather than prevention,and target an older demographic of ladies in doing so.An example of this would be Reese Witherspoons central role in the campaign for Elizabeth Ardens core anti-age range,Prevage.Our research found that younger Chinese women,much like their Western counterparts,consistently hold attitudes that are related to existing physical issues like big pores,oily and dry skin or acne skin conditions.Product portfolios and messaging of the major global players in China reflect this;for example,LOrals Revitalift is positioned as an overnight cream that tackles existing skin issues like those mentioned above.But,in China,our data also shows that there is a difference in the age when the first signs of ageing become a significant,and particular concern.Roughly 50%of women between the ages of 25 and 30,a significant figure given the population volume,start using skincare products to deal with the first signs of ageing,and still 40%of women are reporting modifying their skincare routine to deal with the existing effects of ageing.The product portfolios of the Chinese women we surveyed show a noticeable shift towards products that support the above concerns with ageing effects as they enter their mid-20s.Eyecare,serums and night creams are all indicative of a comparatively early concern with ageing in China.MenMenWomen 18-24Women 18-24Women 25-30Women 25-3020Pp%00%Why use skincare products now?Feel more confident Have sense of rituals in life Keep skin condition Worry about skin to start ageing Improve skin condition Feel sense of security Deal with skin aging Make me happy Address the issue of early ageing Have latest skincare products20Pp%00%Skincare products in use now Cleanser Serum Toner Eye care Lotion Rinse-off mask Sunscreen Cream Overnight mask Cream/Lotion with SPF Sheet maskPhotography by Cottonbro Studio131410 CHINESE BEAUTY CONSUMER MYTHS IN 202310 CHINESE BEAUTY CONSUMER MYTHS IN 2023上了大学以后,舍友之间大家都会讨论这个事情,另外一个也是觉得我高考完以后有解放的感觉,我可以自由化妆,感觉自己会变美There is a misconception in the West that,owing to a comparatively low age of first marriage in China(on average 26 in China versus 32 in the UK,for example),there is a strong attitudinal tilt towards cosmetics product usage as a means of finding a marriage partner.While this is,of course,a fairly reductive view,it is an important topic that required some research.Our data found that usage of cosmetics was more likely to be for reasons linked to personal or self-confidence such as looking prettier,younger or more energetic,than to attract a partner.While this does not discount the implied reasoning behind wanting to look pretty,the research is interesting,and is a theme that was supported in our focus group panels.Our findings in focus groups were that young,university-aged women are eager to express individuality through make-up and liberation from high school.And most importantly of all,they want to look pretty and feel confident about themselves.The Future Laboratory Thought-starterAmong the many reasons for cosmetics use,looking healthier and energetic ranked third in Hot Pot Chinas survey.This shift towards aesthetic health described by The Future Laboratory as adapting lifestyles and behaviours to bolster appearance is also evident globally,as consumers demand beauty formulas and tools that have direct health benefits.Consider how the healthifcation of beauty might play out in your domain,from lymphatic skincare to multifunctional facial health devices.Myth 3:Appearing attractive for love interests is all-consuming After entering university,all my flatmates were talking about make-up.And also I felt liberated after entering university.I could put on make-up as much as I want to look beautiful Xiaoyan G,28,Shanghai,FemaleRealityFeelings of self-confidence,and having a younger and healthier look,rank higher than being desired by a potential love interest.Above:Photography by Shiny Diamond Right:PTHE HOT POT TAKEAWAY:Cosmetics brands that want to understand the best ways to cultivate a positioning as well as creative ways to use this trend of self-defined beauty would do well to take note of Macs interactive experience centre in Shanghai,launched before the pandemic and designed with Chinese customers preference for multi-staged cosmetics routines in mind.Whether purposeful or not,messaging steers away from dating or romance and focuses instead on product effects and the impact on personal appearance.1610 CHINESE BEAUTY CONSUMER MYTHS IN 202310 CHINESE BEAUTY CONSUMER MYTHS IN 202315For Western beauty brands,China represents a significant volume and value opportunity,but only for those who understand the consumer better than their competitors to simply translocate domestic assumptions into China has historically failed for beauty brands.One area in which there has been some misconception is in relation to the depth of knowledge around specific ingredients and compositions of these ingredients.Whereas in the West there is(probably correctly)some common wisdom that exact ingredients are discussed and disseminated only by early adopters and a minority of highly frequent and passionate users,in China our data shows that the prevailing attitude is that it is important to be extremely well informed about beauty products.Buyers want an expansive amount of information on product content such as nicotinamide,hyaluronic acid,Bosein and glycerine,and this is actively sought out in about a quarter of cases.Interestingly,this holds true across male and female buyers.Our research also indicated that,with regard to female beauty buyers in China,a majority of buyers(over 80%)make their purchase decisions based on specific ingredient content.We know from our focus group work that behaviour supports these statistics Xiaohongshu,or RED,conventionally nicknamed Little Red Book,is the main platform in China where knowledge and tips on the most granular of beauty product ingredients is shared for all buyers to see.The Future Laboratory Thought-starterChina is setting a precedent for the future of Accredited Beauty a term coined by The Future Laboratory.We are in the age of the expert and brands can no longer breeze through the saturated beauty market.They must build on the pillars of expertise,exploration,evidence and certification to truly satisfy a more educated consumer that is demanding product quality and efficacy.Myth 4:Specific product ingredient understanding in China is as low as in the West RealityDeep knowledge bases and levels of understanding in China about specific ingredients are uniquely high.Women 18-24Women 25-3020Pp%00%Reasons to start using cosmetics Look prettier Make me more confident Look healthier and energetic Look younger Make me happy Conceal imperfections on face Have sense of rituals in life Show my features Try something new and different Attract the attention of opposite sexPhotography by Cottonbro StudioPhotography by Alfi Nuryaman1810 CHINESE BEAUTY CONSUMER MYTHS IN 202310 CHINESE BEAUTY CONSUMER MYTHS IN 202317When choosing a new productI know what Bosein,retinal,and vitamin C can do to my skin.I think most Chinese girls know what ingredients are good for whitening and anti-ageingXue Y,29,Beijing,FemalePhotography by Jonathan JobsTHE HOT POT TAKEAWAY:While clearly the Chinese beauty buyer across skincare and cosmetics can be said to be far more deeply knowledgeable,it is important that brands do not simply discard the need to build an emotional connection with buyers and purely pursue rational ingredient communications.There is,of course,a need for a balance of these two elements.But,when product ingredients and claims are the subject of conversation,it is important to understand that the base knowledge in China is far higher than it is likely to be in your home market.10 CHINESE BEAUTY CONSUMER MYTHS IN 202310 CHINESE BEAUTY CONSUMER MYTHS IN 20231920Part two MotivationsUnderstanding the difference in strongly held attitudes,especially if they are different or more pronounced,is a foundational principle in consumer understanding,and ultimately the secret to winning with China.Myth 5:Purpose claims are equally important for buyers in China and the West A key theme that runs throughout this research is the inability to apply the hierarchy of motivations that a Western audience holds to those of the beauty market in China.A 2020 study commissioned by the New York-based Zeno Group entitled The Strength of Purpose found that respondents from a range of key markets,including those based in China,were four times as likely to buy from a brand if that brand had strong purpose messaging around the environment and people of the global majority,for example.The Future Laboratory Thought-starterMany global mainstream brands still buy into notions of purpose and sustainability and proactive mission statements,but the communication and advertising of these factors is not a priority for consumers.Instead,brands should focus on how these elements are built into the internal infrastructure and foundations of their business,and save marketing communications for maintaining consumer relevance.Attitudes are only one aspect though.To truly paint a complete picture of the young Chinese beauty consumer,we also need to understand the misconceptions around specific buying motivations and behaviours within the sectors.RealityAlthough supporting factors in determining beauty buying habits,sustainability and related diversity and inclusion(D&I)are not the dominant influences when compared to other product-specific and personal benefits.MenWomen 18-24Women 25-3000 %Influencers in beauty products purchase Harmful chemicals free Clean beauty Ingredient list and composition ratios Natural and organic Herbal Environment and sustainability Diversity and inclusion No animal testing10 CHINESE BEAUTY CONSUMER MYTHS IN 20232210 CHINESE BEAUTY CONSUMER MYTHS IN 202321THE HOT POT TAKEAWAY:Although this report does not discount the importance of a strong purpose,for Chinese buyers our data challenges its rank as all-consuming,and places these motivations as lower than ingredient ratios and harmful chemical content.For the Chinese consumer,particularly women buyers,the factors that relate to the personal product effects far outweigh a brands D&I,animal testing and environmental messaging.In the case of younger women buyers,this is even lower down on the agenda of importance.Brands with globally mandated positioning and messaging on purpose should proceed with caution,and take heed of these buying motivations as they relate to both skincare and cosmetics ranges.Photography by Cottonbro Studio10 CHINESE BEAUTY CONSUMER MYTHS IN 202310 CHINESE BEAUTY CONSUMER MYTHS IN 20232324Myth 6:Skin whitening dominates as the issue for Chinese consumers As we have already mentioned in the Attitudes section,there is a persistent set of standards in China,in particular a whiter,cooler skin tone,that are proving resistant to change among the younger generations.Despite this acceptance of these core beauty standards,when it comes to buying criteria,there are other elements that rank higher.In terms of general wellbeing motivations,skin nourishment and hydration rank the highest for younger Chinese women,whereas for men,oil control and water balance(30%)are the most important.With regard to specific skin issues that could be interpreted as non-preventative,pore refinement scores highly(25%)across all the surveyed demographics.Acne removal unsurprisingly takes on a higher importance among a younger group of women,and diminishes in importance as the condition typically tends to be alleviated.RealityA range of preventative and issue-based factors rank as far more important than skin whitening among a younger Chinese audience.00 P%Most needed benefits of skincare productsPhotography by Sunny Ng Nourishing Whitening Acne removal Pore-refining Anti-blockage/blackhead/whitehead removal Remove dark circles Soothing and restorative Improve dullness/brighten skin tone Hydrating Smoothing Oil control/oil and water balanceMenWomen 18-24Women 25-302610 CHINESE BEAUTY CONSUMER MYTHS IN 202310 CHINESE BEAUTY CONSUMER MYTHS IN 202325Myth 7:Male cosmetics is the next opportunity for brands looking at China I think foundation is acceptable for men.Foundation was good for me when I worked overtime or stayed up late,I could use it to conceal dark circles Weifan F,30,Shanghai,MaleRealitySpending and upgrade opportunities for men are sub-categories specific within cosmetics,and the opportunity for brands should still be considered as emerging.Westerners who have been to China in the past few years might have noticed billboards featuring male models promoting cosmetics.Owing to the relative stigma associated with male make-up and cosmetics in the West,it would be fair to conclude that in China the opportunity for mens cosmetics has exploded.While usage is definitely increasing for context,Statista data from 2021 estimated that only about 12%of men in China use colour cosmetics frequently this should definitely not be overstated,as over 75%of men therefore are unlikely to use these products.Within the usage group,though,the product opportunity is surprising,as it lies within lipsticks and foundation rather than mascara.We found that these were product preferences in our focus groups too.Among male cosmetics users,over 30%were primed to upgrade their foundation,while 40%were primed to upgrade their lipstick.This compared to only 5%of men who reported spending more on their mascaras.This shows that,although the opportunity for mens cosmetics in China is emerging,it would be wise for brands looking to use this trend to be product-and sub-category-specific when looking for entry points.The Future Laboratory Thought-starterWhen considering this emerging category,brands have an opportunity to increase adoption by targeting men in sub-categories that they most use.Positioning personal care as a component of maintaining an active urban lifestyle or using cosmetics for increased professionalism are both ways in which these products and routines could appeal to male audiences.Photography by Cottonbros StudioTHE HOT POT TAKEAWAY:The mens cosmetics opportunity in China is a significant and emerging one,especially for premium brands looking to win in niche categories such as mens lipstick and foundation.But the majority of men in China are not primed for cosmetics purchases,so this market is better understood as supplementary alongside a core female focus,unless the brands product portfolio is specifically male only.As an emerging trend,however,mens cosmetics in China is certainly one to keep an eye on.10 CHINESE BEAUTY CONSUMER MYTHS IN 2023282710 CHINESE BEAUTY CONSUMER MYTHS IN 2023Part three MarketingUltimately,the above sections exploring just a few(of the many)young Chinese generations attitudes to beauty,as well as their buying motivations,are only useful to marketing and commercial decision-makers if they are executed in the right channels.Myth 8:KOL live selling ranks as one of the most influential shopper marketing channels in beautyThe next section covers myths related to marketing channels,and can serve as advice for beauty brands looking to win in the right context with the Chinese skincare and cosmetics market.RealityKey Opinion Leader(KOL),powerful Chinese influencers),recommendation ranks further down than other channels.It is conventionally believed that KOL and Key Opinion Consumer-driven(KOC)live commerce is transforming the way that Chinese beauty consumers are trialling and ultimately converting into skincare and cosmetics brand customers.The numbers at the macro-level back this up.According to Statista data,the market size of live selling revenues for consumer brands grew from Rmb120bn(14.5bn)in 2018 to Rmb2.2 trillion(267bn)in 2021.Despite the obvious growth and retained importance of the channel,our data found that for skincare and cosmetics consumers,on the question of whether they are being utilised as main shopping channels,it seems that this is lower than the macrotrends suggest.A brands physical store,its Tmall,JD presence and its owned website all outstrip live commerce as shopping channels within which to have a marketing presence.For 1824-year-old women buying cosmetics,live commerce accounts for just over 20%of their main shopping channels,while this level drops to under 20%for 2530-year-old women.This is in stark contrast to Tmall,JD and physical stores,which all sit well above the 30%mark it stands at 60%in Tmalls case.The same percentage distributions are seen in the skincare sector too,showing that live selling via KOLs,while growing fast in China,should still be seen as a supporting rather than a leading channel for beauty brands.3010 CHINESE BEAUTY CONSUMER MYTHS IN 202310 CHINESE BEAUTY CONSUMER MYTHS IN 202329THE HOT POT TAKEAWAY:As the Attitudes and Motivations sections show,the cosmetics and skincare consumers in China are comparatively sophisticated in their levels of personal knowledge and access to specific ingredient information.We believe that it is this finding that accounts for the surprisingly low reported use of live selling as a main shopping channel.While many cosmetics brands such as Lancme are reporting extremely high returns on Douyin with the help of KOL-driven live selling,our data suggests that it is brand fame and ingredient benefits that are driving this as opposed to the KOL recommendations themselves.To support this,note how strikingly low down Chinese consumers place external KOL recommendations versus aspects that the brands themselves can control via their own messaging and branding.Beauty brands across skincare and cosmetics should take note our conclusion is not to totally discount the role that KOLs play,but to take a more balanced view when assessing KOLs as a live-selling tool versus pure gifting and brand ambassador opportunities.Women 25-3000P %Main purchase factors in cosmetics products Effects on skin Brand fame Recommended by beauty KOLs Exclusive technology Ingredients Natural and organic Recommended by professionals Benefits Price Environment and sustainability Suitable skin types Recommended by friends and colleaguesWomen 18-24MenWomen 25-3000Pp %Main purchase factors in skincare products Effects on skin Brand fame Exclusive technology Environment and sustainability Ingredients Natural and organic Recommended by beauty KOLs Recommended by friends and colleagues Suitable skin types Feel on skin Recommended by professionalsWomen 18-24MenPhotography by Mart Production10 CHINESE BEAUTY CONSUMER MYTHS IN 2023323110 CHINESE BEAUTY CONSUMER MYTHS IN 2023Myth 9:Deep cosmetics knowledge in the market naturally means strong make-up application skills Confidence is an interesting thing,as it can be understood as confidence in theory but not in practice.This is what appears to be occurring in the Chinese cosmetics market,particularly in make-up.While our Attitudes section concludes that knowledge bases about specific ingredients and intended uses among young Chinese beauty consumers(both cosmetics and skincare)are unusually high,our data shows that,in spite of this,many reported skill levels that are only basic and intermediate.The chart below for make-up application exemplifies this point.While young Chinese buyers have the ability to know what they want and for what specific need,there is still a lack of ability when it comes to the best-looking solutions.RealityA sizeable number of Chinese cosmetics buyers lack confidence in actually applying make-up in the best way.Skill level of make-up 18-24 F25-30 F0%Pusic level Beginner level Intermediate level Advanced level Professional levelPhotography by Amy ShamblenBeauty brands across both skincare and cosmetics should take note of the myth and reality,as the applications in positioning,messaging and tactical channel marketing are far-reaching.Brands looking to win with the Chinese beauty consumer need to consider how best to help deliver application confidence to an already relatively knowledgeable customer base.For market-entering cosmetics brands this could mean in-store tutorials which go into far greater depth than foundational application and dial up ingredient profiles within the tutorials,more like advanced training.This could mean greater levels of application sampling in physical outlets,or it could be the means by which specifically curated KOLs or KOCs are utilised.The nuance in a distinction between high confidence in theory but lacking in practice should also be noted within claims too;for example,ease of application and the ability to link to an online tutorial or FAQ location if warranted.THE HOT POT TAKEAWAY:3410 CHINESE BEAUTY CONSUMER MYTHS IN 202310 CHINESE BEAUTY CONSUMER MYTHS IN 202333THE HOT POT TAKEAWAY:Beauty brands looking to enter the China market will invariably be introduced to distributors,also known as TPs,who will most probably initiate market entry by advising cross-border Tmall platforms.While this is absolutely the best-fitting route to get brands off the ground while chasing scale,ultimately for beauty brands if it is available,the domestic platform is a larger addressable opportunity,where most importantly our data suggests there are a larger number of Chinese beauty consumers.Myth 10:Tmall cross-border platform offers the greatest commercial opportunity for Western brandsRealityCross-border is a good start for brands,but the bigger opportunity lies in the domestic Tmall platform.As discussed earlier in the report,Tmalls importance as the top shopping channel for cosmetics and skincare is not in doubt,hovering around the 60%mark for younger Chinese buyers across both categories.Tmalls domestic platform,however,differs from its cross-border offering,and its features enable Chinese buyers to purchase foreign brands not available in China.Cross-border e-commerce ranks far lower than the main Tmall domestic platform,however,and cross-border e-commerce is cited as the main shopping channel for only about 10%of buyers.This highlights a key challenge for foreign brands,as often TPs(distributors)position cross-border e-commerce as the silver bullet.The data supports the reality on the ground that Tmalls domestic revenues often outstrip its cross-border counterpart.Note below from a study into a selection of skincare brands Tmall revenues in China it is evident that the higher volumes come from the platform with the greatest addressable market.BrandStore TypeRMBGBPAntipodesCross-border5,074,000 617,275First Aid BeautyDomestic131,215,00015,962,895DermalogicaCross-Border67,838,0008,252,798JurliqueDomestic42,712,0005,196,107Cross-border6,745,800820,657CaudalieDomestic103,654,00012,609,976Cross-border7,483,300910,377FlorihanaDomestic13,064,4001,589,343PixiCross-border3,669,000446,350Photography by Dragon Images10 CHINESE BEAUTY CONSUMER MYTHS IN 202310 CHINESE BEAUTY CONSUMER MYTHS IN 20233536Epilogue Closing RemarksIn my closing remarks in last years Chinese Male Luxury Consumer report,which we also co-published with The Future Laboratory,I noted that the only constant with China has been change.That was not strictly true.The other constant,particularly as it applies to the fast-paced and innovative beauty industry,is misconception.This constant is especially true as it relates to the younger Chinese brand buyer.These misconceptions and stereotypes have created myths about the attitudes,motivations and channels to market and position with Chinese consumers.They lead to a costly misunderstanding of the Chinese beauty buyer,and can be prohibitive for marketing and commercial decision-makers based outside of China.Suppose,for example,that you followed the conventional wisdom that a live-commerce heavy campaign for your anti-ageing skincare range should be targeted at an older,poorly informed audience segment with little attention paid to the specific ingredients,and a greater focus on brand diversity and sustainability credentials.While this would probably play fine with a marketing department decision-maker based in London or New York,the impact could be much more effective with your most important decision-maker the Chinese customer.The qualitative and quantitative research that feeds into the myth-busting themes of this report are designed to be provocative.As a truly bicultural agency team of native Chinese and Western Mandarin-speakers based in London and Shanghai,we believe wholeheartedly that a deep understanding of the Chinese consumer,even when it goes against the grain,should be the foundation of all marketing work in China or in targeting overseas Chinese.Above all,though,the insights in this report are designed to be applicable in your marketing and commercial strategies.Now lets get to work together.By Jonathan Travers-Smith,Founder and CEO,Hot Pot ChinaTop:Photography by Cottonbro Studio;above:Photography by Ron Lach3810 CHINESE BEAUTY CONSUMER MYTHS IN 202310 CHINESE BEAUTY CONSUMER MYTHS IN 202337Hot Pot China delivers China success through culturally impactful marketing.We work with forward-thinking brands across luxury,fashion,beauty,F&B and fitness to build and deliver successful strategies in the worlds fastest-moving consumer market.If this report has helped you to see under the surface of your target male audiences in China,get in touch with Hot Pot China to discuss a deeper dive and help shape your bespoke strategy for long-term success in the market.Hot Pot China20 Red Lion Street,London WC1R 4PQ Email:The Future Laboratory is one of the worlds foremost strategic foresight consultancies.Members of our trends intelligence service LS:N Global get exclusive access to the mindsets defining tomorrow and the early adopters driving global change across eight industry sectors.Find out more:LSN.global:Contact:For further information on all our services please contact or call 44 20 7791 2020
22人已浏览
2023-03-10 21页
5星级
欧盟网络安全局:数字身份-利用自主身份概念建立信任(英文版)(51页).pdf
0 JANUARY 2022 DIGITAL IDENTITY Leveraging the Self-Sovereign Identity(SSI)Concept to Build Trust DIGITAL IDENTITY January 2022 1 ABOUT ENISA The European Union Agency for Cybersecurity,ENISA,is the Unions agency dedicated to achieving a high common level of cybersecurity across Europe.Established in 2004 and strengthened by the EU Cybersecurity Act,the European Union Agency for Cybersecurity contributes to EU cyber policy,enhances the trustworthiness of ICT products,services and processes with cybersecurity certification schemes,cooperates with Member States and EU bodies,and helps Europe prepare for the cyber challenges of tomorrow.Through knowledge sharing,capacity building and awareness raising,the Agency works together with its key stakeholders to strengthen trust in the connected economy,to boost resilience of the Unions infrastructure,and,ultimately,to keep Europes society and citizens digitally secure.More information about ENISA and its work can be found here:www.enisa.europa.eu CONTACT For contacting the authors,please use eIDenisa.europa.eu.For media enquiries about this paper,please use pressenisa.europa.eu.CONTRIBUTORS Nick Pope,Micha Tabor,Iigo Barreira,Nicholas Dunham,Franziska Granc,Dr.Christoph Thiel,Arno Fiedler EDITORS Evgenia Nikolouzou(ENISA),Viktor Paggio(ENISA),Marnix Dekker(ENISA)ACKNOWLEDGEMENTS ENISA would like to thank the members of the eIDAS Cooperation Network who participated in the survey for their valuable contributions and feedback to the report.LEGAL NOTICE This publication represents the views and interpretations of ENISA,unless stated otherwise.It does not endorse a regulatory obligation of ENISA or of ENISA bodies pursuant to the Regulation(EU)No 2019/881.ENISA has the right to alter,update or remove the publication or any of its contents.It is intended for information purposes only and it must be accessible free of charge.All references to it or its use as a whole or partially must contain ENISA as its source.Third-party sources are quoted as appropriate.ENISA is not responsible or liable for the content of the external sources including external websites referenced in this publication.Neither ENISA nor any person acting on its behalf is responsible for the use that might be made of the information contained in this publication.ENISA maintains its intellectual property rights in relation to this publication.COPYRIGHT NOTICE European Union Agency for Cybersecurity(ENISA),2022 Reproduction is authorised provided the source is acknowledged.For any use or reproduction of photos or other material that is not under the ENISA copyright,permission must be sought directly from the copyright holders.ISBN:978-92-9204-555-5 -DOI:10.2824/8646 -Catalogue Nr.:TP-09-22-024-EN-N DIGITAL IDENTITY January 2022 2 EXECUTIVE SUMMARY The eIDAS Regulation enables the use of electronic identification and trust services by citizens,businesses,and public administrations to access online services or manage electronic transactions.A key objective of this Regulation is to remove existing barriers to the cross-border use of the electronic identification means used in the Member States in public services for,among others,the purpose of authentication.This Regulation does not aim to interfere with electronic identity management systems and related infrastructures established in the Member States.Rather,its goal is to ensure that secure electronic identification and authentication can be used to access cross-border online services offered by Member States.The past nearly two years have proven to be a globally challenging period,in which eIDAS has been under revision and the COVID-19 pandemic has urged the development of new models for social life,business,and administration of government.To address these challenges,this report explores the potential of self-sovereign identity(SSI)technologies to ensure secure electronic identification and authentication to access cross-border online services offered by Member States under the eIDAS Regulation.The maintenance of continuity in social life,businesses and administration has accelerated the reflection on the possibility of a need for such decentralised electronic identity.Over the last few years,a new technology has emerged for identification called self-sovereign identities(SSI).This technology gives identity holders greater control over its identity by adding features which provides a degree of distribution of identity related information.This includes the ability of identity holder to have multiple decentralized identifiers issued for different activities and to separate out the attributes associated with an identifier in verifiable credentials.This gives the holder greater control over how its identity is represented to parties relying on the identity information and,in particular greater control over the personal information that it reveals to other parties.The present study critically assesses the current literature and reports on the current technological landscape of SSI and existing eID solutions,as well as the standards,communities,and pilot projects that are presently developing in support of these solutions.This study takes a wide view of decentralised electronic identity,considers possible architectural elements and mechanisms of governance,and identifies security risks and opportunities presented by SSI in view of cross-border interoperability,mutual recognition,and technology neutrality as required by eIDAS.The following are the main points arising from an analysis of the application of self-sovereign identity standards and implementation as described in this report:SSI technology,as applied in the standards and solutions identified in Section 1 and rationalised into a single architecture in Section 2,provides an effective basis for digital identities which protects the privacy of personal data.In particular:o Decentralised digital identities can be used to support pseudonyms for privacy of identity,o Verifiable credentials enable the separation of potentially private attributes from the digital identity all the user selection of attributes to be revealed to relying parties to ensure privacy of attributes which it is unnecessary to reveal,and o The ability to hold multiple authentication keys in a wallet with separate identity documents from different controllers enables the user to cryptographically separate transactions maintaining privacy by avoiding links between the separate transactions.DIGITAL IDENTITY January 2022 3 For the governance of the elements of the architectural elements of an SSI solution(Section 3),there is a need to consider:o Certification of wallets,o Audit and oversight of DID controllers,o Audit and oversight of VC issuers,o Audit and oversight of DID and VC registries,and o All the above are interdependent and the governance of the DID controller and VC issuer also need to ensure that the other elements of an SSI architecture are also properly governed.When risk of the architecture of SSI is considered,the following key security measures need to be implemented:o Data minimalization for use only necessary data,o Consent and choice in which the user controls the process and data used for identification,and o Accuracy and quality in which all parties can trust identification data stored and provided by the wallet.Lastly,it is recognised that there may be a role for ongoing support for technologies such as X.509 PKI,OpenID Connect,and existing national identity schemes.Thus,if SSI is to be adopted,further consideration should be given to co-existence between existing technologies and SSI.DIGITAL IDENTITY January 2022 4 TABLE OF CONTENTS INTRODUCTION 7 1.CURRENT GLOBAL AND EUROPEAN SSI LANDSCAPE 9 1.1 STANDARDS 9 1.1.1 W3C Specifications 9 1.1.2 Decentralised Identity Foundation(DIF)10 1.1.3 ISO TC 307 and CEN/CLC JTC 19 11 1.1.4 ISO/IEC 23220 and 18013-5 13 1.2 SSI COMMUNITIES 14 1.2.1 Sovrin 14 1.2.2 Hyperledger 15 1.2.3 ESSIF 16 1.2.4 Latin America and Caribbean Chain(LACChain)17 1.3 EXISTING EID INITIATIVES 19 1.3.1 eIDAS 2.0 19 1.3.2 OpenID/OAuth2 20 1.3.3 Horizon 2020 Initiatives 22 1.4 EU NATIONAL SSI AND ELECTRONIC IDENTITY WALLET INITIATIVES 24 1.4.1 Germany 24 1.4.2 Spain 26 1.4.3 Netherlands 27 1.4.4 Poland 29 1.4.5 Survey Results:Current SSI Activities in Selected EU MS 31 2.ARCHITECTURAL ELEMENTS FOR SELF-SOVEREIGN IDENTITY 34 3.GOVERNANCE OF A DIGITAL IDENTITY FRAMEWORK 37 3.1 SSI AND GENERAL GOVERNANCE 37 3.2 GOVERNANCE OF WALLETS 37 3.3 GOVERNANCE OF DID CONTROLLERS 37 3.4 GOVERNANCE OF VC ISSUERS 38 3.5 GOVERNANCE OF DID AND VC REGISTRIES 38 3.6 INTERDEPENDENCE 38 DIGITAL IDENTITY January 2022 5 4.DIGITAL IDENTITY CONSIDERATION OF RISKS 39 4.1 SECURITY MEASURES 39 4.2 ASSET IDENTIFICATION 41 4.2.1 Primary assets(processes)41 4.2.2 Primary assets(data)41 4.3 RISK IDENTIFICATION 41 4.3.1 Process:Obtaining of the wallet 42 4.3.2 Process:Wallet management 42 4.3.3 Process:Wallet control proof 42 4.3.4 Process:Identity attribute proofing 42 4.3.5 Verifiable data issuance 43 4.3.6 Process:Relying party authentication 43 4.3.7 Process:Identified entity presentation and authentication 43 4.3.8 Process:Issuance and revocation of verifiable data to registry 44 4.3.9 Process:Validation of verifiable data 44 4.3.10 DATA:Wallet holder authentication means(e.g.,private keys)44 4.3.11 DATA:Verifiable data(may include private data)44 4.3.12 DATA:Registry data(assumed does not include any private data)45 5.CONCLUSIONS 46 6.REFERENCES 47 A ANNEX:NATIONAL STATUS INFORMATION SURVEY-QUESTIONS 49 DIGITAL IDENTITY January 2022 6 ABBREVIATIONS ABT Advanced blockchain technology AICPA American Institute of Certified Public Accountants API Application program interface CD Committee draft of an international standard CEN/CLC JTC Joint technical committee of CEN and CENELEC DID Decentralised identifier(as specified by W3C)DIF Decentralised Identity Foundation DLT Distributed ledger technology(e.g.blockchain)EC European Commission EBP European Blockchain Partnership EBSI Joint initiative from the EC and the EBP eID Electronic identity eIDAS Regulation(EU)No 910/2014)eIDAS 2.0 Proposed revision to eIDAS in COM/2021/281 final ESSIF European Self-Sovereign Identity Framework of EBSI ETSI European Telecommunications Standards Institute EU European Union FIDO Fast Identity Online(FIDO Alliance)GDPR General Data Protection Regulation(EU)2016/679 HTTP Hypertext transfer protocol(as specified in IETF RFC 2068 and subsequent documents)IoT Internet of things ISO International Standards Organization ISO/IEC Joint international standardization by ISO and the International Electrotechnical Commission ISO TC Technical committee of ISO ISO TR Technical report of ISO JSON JavaScript object notation LoA Level of assurance mDL Mobile Driving Licence MS European Union Member State NGI Next-generation internet OIDF OpenID Foundation PGP Pretty Good Privacy PKI Public key infrastructure QR Code Quick response code SA Secure area SDK Software development kit SHA256 Secure hash algorithm(256 bits)SIOP Self-issued OpenID Connect Provider SME Small-and medium-sized enterprises SSI Self-sovereign identity TL Trusted list TSP Trust service provider URI Uniform resource identifier UUID Universally unique identifier VC Verifiable credential(as specified by W3C)W3C World Wide Web Consortium WG Working group X.509 International Telecommunication Union standard defining the format of public key certificates ZPK Zero-proof knowledge technology DIGITAL IDENTITY January 2022 7 INTRODUCTION Self-Sovereign Identities(SSI)are being seen as the next generation of digital identities across open networks;this is especially true of the Internet.This follows on from decades of experience with digital identities starting with centralised identities based on a hierarchy of authorities,such as X.509 Certification Authorities,moving on to federated identities,in which separate communities with several hierarchies cooperate to share trusted digital identities.The federated approach has further evolved in a more user-centred form of identity,such as developed by OpenID,OAuth and FIDO,but this still generally depends on a form of centralised control over the allocation of identities.Self-sovereign identity technology allows the user to have further control of its identity.The basic concept of SSI,such as that developed by W3C and other communities described in this report and described in the seminal paper The Path to Self-Sovereign Identity,1 is that the user has control of its identity,which can be related to multiple formal identities issued by different authorities for different activities.The binding of the user-centred identity to other identifiers,as issued by recognised authorities,is called a verifiable credential(VC).This approach also allows user attributes,such as age or qualification,to be used instead of a formal identifier to control access to service based not on the full identity but rather on a users specific and relevant attributes.In Europe,under the first eIDAS Regulation(Regulation(EU)No 910/2014),2 a federated approach was taken to identification of European citizens and organisations,with each Member State issuing a formal identifier to their nationals and a system of cross-recognition between nations.This has been found to have had a limited uptake.In recognition of the advantages of a more flexible approach to its citizens,the recent proposed revision to eIDAS(COM/2021/281 final),3 hereafter referred to as eIDAS 2.0,is based upon an EU Digital Identity Wallet,which can be used to hold not only an EU Digital Identity but also known attributes and other independently issued credentials of the identified entity.This report does not directly consider the architectural implications of applying SSI technologies to eIDAS 2.0.This report covers an extensive range of topics related to the emergence of SSI,specifically as the technology has been deployed as a means of electronic identity.The growth of the technology has been as fast as it has been organic,budding several expert-and user-led communities in addition to European Commission-driven initiatives aimed at integrating SSI within the extant fabric of eID solutions and regulatory framework developed in the current and proposed future eIDAS Regulation.This paper describes the present landscape of the SSI ecosystem through an exploration of the standards groundwork which already make contact with the technology;with existing,robust SSI communities;and an examination of current eID strategies in Europe and the projects that are incorporating SSI into these national eID strategies.In particular:Section 1 is a presentation of this background research on the current SSI global landscape of SSI standards,communities,eID initiatives and current EU national SSI and eID initiatives.Within the scope of this study,ENISA has also issued a survey that asked Member States about the status of any activities relating to the use of SSI for 1 http:/ 2 https:/eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2014.257.01.0073.01.ENG 3 https:/eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52021PC0281 1 Please use footnotes for providing additional or explanatory information and/or relevant links.References should be listed in a dedicated section.Use only the function References/Insert Footnote DIGITAL IDENTITY January 2022 8 electronic identities;a summary of the findings can be found in Section 1.4.5,the questions for which are located at the end,in the 6.A Annex.Section 2 describes the necessary architectural underpinnings of the SSI tools.4 Section 3 then explores the mechanisms of governance in place to manage the architectural elements of SSI.Section 4 is a natural follow-up to these prior topics,identifying the major points of security threats to the actors and assets identified in Section 2that may pose a risk to the successful use of SSI technology.Section 5 is a presentation of the conclusions based on the previous sections.4 https:/eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52021PC0281 DIGITAL IDENTITY January 2022 9 1.CURRENT GLOBAL AND EUROPEAN SSI LANDSCAPE 1.1 STANDARDS 1.1.1 W3C Specifications 1.1.1.1 Description and current status The World Wide Web Consortium(W3C)is an international community in which member organisations,a full-time staff,and the public work together to develop web standards.W3Cs primary activity is to develop protocols and guidelines that ensure long-term growth for the web.W3C is one of the main actors in the area of SSI because it has drafted and developed a number of foundational standards and technical implementations.The following represents a non-exhaustive list of these activities,standards and implementations:Decentralized Identifiers(DID)v1.0:This is a specification for SSI.Decentralized identifiers(DIDs)are a new type of identifier that enables verifiable,decentralized digital identity.A DID refers to any subject(e.g.,a person,organization,thing,data model,abstract entity,etc.)as determined by the controller of the DID.5 Verifiable Credentials Data Model 1.0:This is a specification of verifiable identity and attribute assertions.6 Decentralized Identifier(DID)Resolution v0.2:DID resolution is the process of obtaining a DID document containing information(e.g.,public authentication key)associated with a given DID.This is one of four required operations that can be performed on any DID(Read;the other ones being Create,Update,and Deactivate).7 Issuer APIs and Verifier APIs:The VC HTTP API repository contains a standard API specification for constructing and verifying objects that conform to the Verifiable Credential Data Model specification,along with documentation,integration and compatibility tests,as well as related assets for the test and integration process.8 Linked Data Vocabulary:This specification describes a linked data vocabulary for asserting VCs related to residency and citizenship information,such as given name,family name,country of citizenship,birthday,and other attributes used to determine the citizenship status of a citizen.9 Credential Handler API 1.0:Credential Management Level 1 describes an imperative API enabling a website to request a users credentials from a user agent,and to help the user agent to correctly store user credentials for future use.User agents implementing that API prompt the user to select a way to handle a credential request,after which the user agent returns a credential to the originating site.This specification defines capabilities that enable third-party web applications to handle credential requests and storage.10 5 https:/www.w3.org/TR/did-core/6 https:/www.w3.org/TR/vc-data-model/7 https:/w3c-ccg.github.io/did-resolution/8 https:/ 9 https:/w3c-ccg.github.io/citizenship-vocab/10 https:/w3c-ccg.github.io/credential-handler-api/DIGITAL IDENTITY January 2022 10 We now turn our focus on the first two standards:DIDs and the verifiable credential data model.1.1.1.2 Decentralised Identifier DIDsare a component of larger systems,such as the VC ecosystem,and identifies any subject that the controller of the DID decides that it identifies.Essentially,a DID is a uniform resource identifier(URI)that associates a DID subject with a DID document.DID documents can express cryptographic material,verification methods orservices,which provide a set of mechanisms that enable aDID controllerto prove control of theDID.The DID itself is a simple text string consisting of three parts:theDID URI scheme identifier,the identifier for theDID method,and the DID method-specific identifier.1.1.1.3 Verifiable Credentials This specification provides a mechanism to express different sorts of credentials(e.g.,drivers licenses,university degrees,government-issued passports)on the web in a way that is cryptographically secure,privacy-respecting,and machine-verifiable.The verifiable credentials data model enables the expression of different education qualifications,healthcare data,financial account details,and other sorts of third-party verified machine-readable personal information on the web.1.1.1.4 Applicability to eIDAS,SSI and European eID These W3C standards are the core on which SSI implementation is based and could also serve as a basis for alignment with European legislation including future changes to eIDAS as well as GDPR.DIDs are part of the VC ecosystem and can be usedtoidentify any subject(natural or legal persons),a characteristic which could be used under eIDAS as an identification use case andbe used to linkaneIDASelectronic identifier toa DID.1.1.1.5 Security risks and mitigation DIDs and VCs,as specified by the W3C specifications,illuminate some specific security considerations,including the binding of identity,non-repudiation,key and signature expiration,key rotation,revocation,recovery,encrypted data,integrity,and level of assurance,most notable among others.These specifications also have certain privacy considerations.For instance,personal identifying data,such as a government-issued identifier,shipping address,and a users full name,can be easily used to determine,track,and correlate an entity.Combinations of information even information that does not seem personally identifiable such as a birthdate and a postal code,can have very powerful correlation and de-anonymising capabilities.1.1.2 Decentralised Identity Foundation(DIF)1.1.2.1 Description and current status The Decentralized Identity Foundation is an organisation focused on developing the foundational elements necessary to establish an open ecosystem for decentralised identity and ensure interop between all participants.11 While DIF is itself responsible for developing standards and specifications building on those specifications produced by W3C for SSI,it is their members who produce reference implementations.The following are the working groups in DIF:12 Identifiers and Discovery:Covers the range of DID types,including but not limited to W3C DIDs.Authentication:Focuses on formats and protocols for authentication and authorisation using DIDs,DID documents and VCs,taking into account existing authentication 11 https:/identity.foundation 12 https:/identity.foundation/#wgs DIGITAL IDENTITY January 2022 11 protocols such as OAuth2 OpenID,User Managed Access(UAM2.0),WebAuthn,FIDO,and TLS.It does not,however,consider PKI.This work is taken forward in DID_SIOP13 which is adopted as part of the OpenID OATH 2.0 specifications(see Section 1.3.2).Claims and Credentials:Focuses on formats for credentials based on W3C VCs.DID Communications:Focuses on protocol and data exchange formats for authentication message exchange based on DIDs.Sidetree Development and Operating:Focuses on protocols for“sidetrees”,creating scalable DID networks that can run atop any existing decentralised anchoring system(e.g.,Bitcoin,Ethereum,other distributed ledgers,or witness-based approaches)and can be as open,public,and permissionless as the underlying anchoring systems they utilise.Secure Data Storage:This group focuses on data models,APIs,security,and other related topics for secure data storage including that of personal data.This includes a HTTP-based interface comparable with W3C DIDs and VCs in“Identity Hubs”and“Encrypted Data Vaults”,a specification which has been adopted by ESSIF.An analysis of identity management concepts including DID is carried out in ISO TR 2329“Overview of existing DLT systems for identity management”,which is referenced in the following Section 1.1.3.The DIF is a growing body;its members are willing to deliver a complete stack of open-source software for DIDs and VCs,including storage,exchange,communication and registries.A number of these draft specifications are stable and have been implemented by other groups such as Hyperledger(see Section 1.2.2)and ESSIF(see Section 1.2.3).1.1.2.2 Applicability to eIDAS,SSI and European eID DIF specifications are very relevant to the case of SSI interoperability.Its framework document around the use of DIDs should be taken into account in the development of a European electronic identification.The Identity Hub specification provides for a useful shared data store for protecting personal data.The work with OpenID Connect on authentication should also be considered.Additionally,the sidetree protocol could be useful in linking a European electronic identification to a more global framework for SSI.The work of the group is very relevant to the further development of standards building on the use of W3C DIDs and VCs such as may be carried out by the European Telecommunication Standards Institute(ETSI).To this end,a cooperation agreement between DIF and ETSI ESI would also be useful.1.1.2.3 Security risks and mitigation The DID Secure Data Storage specifications consider requirements for secure storage of personal data.1.1.3 ISO TC 307 and CEN/CLC JTC 19 1.1.3.1 Description and current status ISO TC 307 is concerned with standards for blockchain and distributed ledger technologies.The list of working groups established under the TC 307 purview includes the following:WG 1 Foundations This group has published the standard ISO 22739,which provides a common set of vocabulary for blockchain and DLT.14 13 https:/didsiop.org/14 https:/www.iso.org/obp/ui/#iso:std:iso:22739:ed-1:v1:en DIGITAL IDENTITY January 2022 12 WG 3 Smart contracts and their applications This group has produced a working draft of TR 23642,an overview of best practices and issues regarding smart contracts,which is of indirect relevance,but not directly applicable,to SSI.JWG 4 Security,privacy and identity for blockchain and DLT This group is joint with ISO JTC1 SC27(which itself covers information security,cybersecurity and privacy protection).Current activities include:o Final draft TR 23249:Overview of existing DLT systems for identity management.This document is close to being finalised for publication.It includes useful information on a number of DLT systems for identity management.This list includes several systems investigated further in this report.o Working draft TR 23644:Overview of Trust Anchors for DLT-based Identity Management(TADIM).This document considers various existing schemes for trust management such as the PKI trust anchors,federated(bridged)PKI,and EU Trusted Lists,as well as other SSI-based schemes.This work may,in the future,lead to useful input to a governance framework.WG 5 Governance This group is preparing a draft of TS 23635:Blockchain and Distributed Ledger Technologies Guidelines for Governance.This document identifies nine principles for the governance of DLT systems,compares DLT governance with other governance frameworks and identifies some DLT-specific considerations.It also considers the governance of different type of DLT architectures,including both permissioned and permissionless.WG6 Use cases This group has documented use cases for DLT in draft TR 3242 and is starting work on the analysis of data flows.CEN-CLC JTC 19 The scope of CEN-CLC JTC 19 is stated to be:“To prepare,develop and/or adopt standards for Blockchain and Distributed Ledger technologies covering the following aspects:o Organisational frameworks and methodologies,including IT management systems;o Processes and products evaluation schemes;and o Blockchain and distributed ledger guidelines.“This joint technical committee focuses on European requirements,especially in the legislative and policy context,and will proceed with the identification and possible adoption of standards or other relevant documentation already available or under development in other SDOs or regulatory bodies,which could support the EU Digital Single Market and/or EC Directives/Regulations.Special attention will be paid to ISO/TC 307 standards.If required,these standards will be augmented by CEN TRs and TSs.”So far,the group has agreed to one activity,which is to work with ISO/TC 307/JWG4 on use of distributed ledgers for identity management.Whilst a few general documents have been published,much of the work in TC 307 is still immature.However,it is expected that,in the next year or so,some important standards will be produced as a result of this work.1.1.3.2 Applicability to eIDAS,SSI and European eID The work on identity management is still in early stages but could have significance for the future work on European electronic identities.The work on governance,particularly in relation to DLT-based identity management,may,in the longer term,have relevance to a European electronic identity scheme.DIGITAL IDENTITY January 2022 13 1.1.3.3 Applicability to governance The general work of TC 307 on governance in Draft TS 23635 are of note.The work on identity management and trust anchors in working draft TR 23644 may eventually lead to a more globally acceptable basis for governance.1.1.3.4 Security risks and mitigation In working draft TR 23644,there is some early consideration of risk and trust management,which may be of relevance as the document progresses.1.1.4 ISO/IEC 23220 and 18013-5 1.1.4.1 Description and current status ISO/IEC JTC1:SC17,which is concerned with cards and security devices for personal identification,is actively working on a multipart standard for mobile identities,to be ISO 23220.Currently only part 1,about generic architectures,has been published and this is available as a Draft International Standard.Work on technical specifications for the other parts has started,although no working drafts are yet generally available.ISO/IEC 23220,entitled Cards and security devices for personal identification Building blocks for identity management via mobile devices is to consist of the following parts:Part 1:Generic system architectures of mobile eID systems Part 2:Data objects and encoding rules for generic eID systems Part 3:Protocols and services for issuing phase Part 4:Protocols and services for operational phase Part 5:Trust models and confidence level assessment Part 6:Mechanism for use of certification on trustworthiness of secure area The same committee has already published a standard for a mobile driving licence(mDL)application:ISO/IEC 18013-5.This has just been approved following a final ballot and is expected to be published in a few months following minor editorial updates.1.1.4.2 Applicability to eIDAS,SSI and European eID The upcoming standard ISO/IEC 23220 is a strong contender for the basis of wallets on mobile devices,although,as the standard is still immature,its applicability to a European electronic identity is yet to be confirmed.The standard for a mobile driving licence(mDL)ISO/IEC 18013-5,which is expected to be published shortly,could provide a useful indication of the likely direction of ISO/IEC 23220.1.1.4.3 Applicability to governance ISO/IEC 23220 Part 6 may provide the basis for certification of wallets.However,as yet,how this fits in with existing common criteria certification and upcoming EU certification schemes is yet to become clear.1.1.4.4 Security risks and mitigation The architecture specifically addresses concerns over privacy through applying the principles as identified CD 23220-1 clause 5.2,in particular,for minimalization of data released in order to maintain privacy:Partial release of user attributes,thereby enabling the user only to release attributes as required by the relying party,Ensuring that identifiers at the protocol level are used that only cryptographically link to other transactions as considered necessary,DIGITAL IDENTITY January 2022 14 Use of pseudonyms:The use of domain specific identifiers,which avoids the use of the same unique identifier for all transactions,for example,using different identifiers for public and private sectors.1.2 SSI COMMUNITIES This section describes the main commercial groups implementing SSI-based infrastructures.1.2.1 Sovrin 1.2.1.1 Description and current status The Sovrin Foundation is a non-profit organisation established to administer the Governance Framework governing the Sovrin Network(of blockchain nodes),which is a public service utility that enables SSI on the internet.The Sovrin Foundation is an independent organisation that is responsible for ensuring that the Sovrin identity system is public and globally accessible.The Sovrin Network is a permissive network with nodes(called Stewards)required to meet audited requirements for trust services based on general AICPA(American Institute of Certified Public Accountants)requirements.The Sovrin system includes the use of Cloud Agents,which hold wallet information under the control of users.This shares similarities with the CEN EN 419 241-1 based server signing systems and could provide a path forward for providing assured security of wallets without depending on security elements within user devices.The Sovrin network is,at the time of drafting,one of the most mature networks for SSI and is still evolving building on the work of W3C(Section 1.1.1),DIF(Section 1.1.2)and Hyperledger(Section 1.2.2).Further information on Sovrin can be found on their website.15 1.2.1.2 Applicability to eIDAS,SSI and European eID Sovrins global service is open to the public providing SSIs with credentials(called claims).It is self-regulated but has useful experience that should be taken into account for a European electronic identity.The use of Cloud Agents,as adopted by Sovrin,could provide a way forward for assurance of wallets through an adaption of CEN 419 241-1/2 to support European electronic identity wallets.Also,while the general approach to providing SSIs does not specifically address requirements for trusted credentials relating to identity,Sovrins experience has direct relevance.1.2.1.3 Applicability to governance Sovrin has a strong,self-regulated governance scheme in which only nodes(Stewards)are audited against general requirements for security controls based on the AICPA Trust Services Criteria.These criteria have similarities to the ETSI audit scheme and has already been seen as equivalent by the CA/Browser Forum.A comprehensive set of documents about Sovrin governance can be found on their website.16 1.2.1.4 Security risks and mitigation The Sovrin Network has a governance scheme that addresses general security requirements of trust services relating to SSI not specifically aimed at EU(i.e.,non-qualified)regulations.Requirements for privacy and/or GDPR are specifically addressed by Sovrin.15 https:/sovrin.org/library/16 https:/sovrin.org/library/sovrin-governance-framework/DIGITAL IDENTITY January 2022 15 1.2.2 Hyperledger 1.2.2.1 Description and current status Hyperledger is an open-source community hosted by The Linux Foundation developing blockchain frameworks,tools and libraries.Areas of specific relevance to this study include the framework,Hyperledger Indy,library Ursa and the toolkit Hyperledger Aries.Based on code contributed by the Sovrin Foundation(see Section 1.2.1),Indywas Hyperledgers first“identity-focused”blockchain framework,joining Hyperledger in 2017.Indy is a purpose-built distributed ledger for decentralised identity,and includes verifiable credentials based on zero-knowledge proof(ZKP)technology,DIDs,a software development kit(SDK)for building agents and an implementation of a public,permissioned distributed ledger.Ursa is an independent crypto library migrated out of the Hyperledger Indy framework.Its purpose was,for security reasons,to keep crypto code separated and maintained only by a narrow group of experts.Aries is a toolkit focused on the creation,transmission,storage and use of verifiable digital credentials.It allows secure messaging to exchange information using protocols that enable connectivity between peer-to-peer agents controlled by different entities:people,organisations and things.There is no centralised repository in Indy;users use their own endpoints and wallet with individual data to store data.Users access the wallet through the User Agent and private key.A user can also have multiple DIDs on Indy;for each of them,the issuer generates a separate pair of public and private keys.The users can log in using their own private keys on the network to access their wallet.Validator nodes are trusted parties who validate identities and transactions within the distributed network.The validator nodes run on the Plenum protocol,which allows a group of servers run by the validators to come to common agreement about the validity and order of events.Validator nodes store the data in a Merkle tree for each ledger,and ledgers are backed by a Merkle tree where each new transaction is hashed with SHA256 and added as a new leaf to the tree.Indy has a revocation functionality,in which the verifier refers to check the validity of a credential.Observer nodes,which do not participate in consensus building,are optional and could help provide scalability for large numbers of clients.Observers can be standbys from whom clients can read data on a ledger.Further information on Hyperledger can be found on their website.17 1.2.2.2 Applicability to eIDAS,SSI and European eID Indy is the most advanced SSI solution based on blockchain and should be considered as one of technologies for the implementation of a European electronic identity wallet.According to the proposed revision of eIDAS,VCs will be issued by TSPs and named“electronic attestation of attributes”.Those trust services within the Hyperledger framework are the Stewards and trust anchors.The Indy network also provides the revocation functionality,which is required by eIDAS.1.2.2.3 Applicability to governance The first actor in the Indy network is called a Steward.The Steward adds other nodes and actors to the distributed ledger.All the organisations or individuals are initialised by Steward on 17 https:/www.hyperledger.org/DIGITAL IDENTITY January 2022 16 the ledger with the role trust anchor before they can perform all activities.For practical use,Stewards(and Trustees)are important members of a governing body that holds the ultimate responsibility in maintaining the level of trust and credibility of the whole network.Each trust anchor can issue their own independent and unique schemas and credential definitions.For example,an issuer can share some information(e.g.,a certificate)with a user and a user can share the certificate with a verifier.The verifier would then verify that the information in the certificate is indeed issued by an issuer who is a trust anchor in the Indy network.1.2.2.4 Security risks and mitigation For security reasons,changing the value of passwords has long been a standard practice in the industry.A similar best practice for blockchain networks would be to replace an existing encryption key with a newly created one,a process called the“rotation of a key”.In Indy,whenever a new user joins the network,he or she is assigned a new public DID(also known as a Verinym or a Verkey).Later,using this key information on this user can be derived from the ledger.1.2.3 ESSIF 1.2.3.1 Description and current status The European Self-Sovereign Identity Framework(ESSIF)is part of the European blockchain service infrastructure.18 The EBSI is a joint initiative from the European Commission and the European Blockchain Partnership(EBP)19 to deliver EU-wide,cross-border public services using blockchain technology.ESSIF aims to implement a generic SSI capability,allowing users to create and control their own identity across borders without the need to rely on centralised authorities.ESSIF is based on W3C specifications for DIDs and the verifiable credentials data model as well as the DIF specification for an identity hub.A set of specifications issued by ESSIF were revised in Q2 2021,20 building on the earlier first version specifications issued in 2020.One notable use case for ESSIF is a generic and interoperable SSI framework.This framework would define the necessary specifications and build the supporting services and capabilities that would allow citizens to create,control,and use their own digital identity(including identification,authentication,and many other types of identity-related information)without having to rely on a single,centralised authority.Because ESSIF is a part of a broader ecosystem of decentralised identity,it will interact with other systems and platforms of public and private organisations.The ESSIF v2 documentation21 currently references architecture specifications that have already been issued for ESSIF v1,including data models and architectures:Nodes and ledgers for DIDs including endorsement and revocation,Verifiable credentials(including verifiable IDs),Verifiable presentations,and User and enterprise wallets.More information about ESSIF22 and EBSI23 can be found online.1.2.3.2 Applicability to eIDAS,SSI and European eID ESSIF is specifically aimed at alignment with European legislation,including eIDAS and GDPR.It includes features such as an eIDAS signature gateway to facilitate interoperability with 18 https:/ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/ebsi 19 https:/ec.europa.eu/digital-single-market/en/news/european-countries-join-blockchain-partnership 20 https:/ec.europa.eu/cefdigital/wiki/display/EBSIDOC/ESSIF Reference Architecture 21 https:/ec.europa.eu/cefdigital/wiki/display/EBSIDOC/1.3.2.2. Verifiable Credentials ESSIF v2 22 https:/ec.europa.eu/cefdigital/wiki/display/EBSIDOC/Learn 23 https:/ec.europa.eu/cefdigital/wiki/display/EBSIDOC/EBSI Documentation Home DIGITAL IDENTITY January 2022 17 existing eIDAS X.509 certificate-based infrastructures.Additionally,elements of the ESSIF framework can make use of elements of the current eIDAS framework,in particular:ESSIF Verifiable IDs can be obtained using current eIDAS notified eIDs,ESSIF Verifiable IDs can be issued using an advanced electronic signature of the issuer created through an eIDAS Bridge with a qualified certificate.This might be extended to provide a qualified electronic signature,for example using an EN 419 241-1 remote signing system operated by a qualified trust service provider.1.2.3.3 Applicability to governance In EBSI v1,technical governance is implemented with a classical IT centralised model.This means that the major operations of governance,including the creation of the code base,onboarding of nodes,onboarding of use case applications and decisions on management of the node are all managed centrally,either by the European Commissions Directorate-General for Informatic(DIGIT)or the Member State node host,depending on the operation.1.2.3.4 Security risks and mitigation The high-level security measures of EBSI v2 are identified in the security track summary online.24 This includes EBSI_V2_SMID_001 End user identification/authentication based on EU Login and EBSI wallet.1.2.4 Latin America and Caribbean Chain(LACChain)1.2.4.1 Description and current status LACChain is a global alliance integrated by different actors in the blockchain environment and led by the Innovation Laboratory of the Inter-American Development Bank Group(IDB LAB)for the development of the blockchain ecosystem in Latin America and the Caribbean.Their objective is to accelerate the enabling and adoption of blockchain technology,including SSI,in the region to foster innovation as well as for a number of socially and economically oriented goals.Offering an open platform with minimal restrictions,LACChain is organized as a consortium for the management and administration of an infrastructure that is categorized as public-permissioned,following the classification of ISO(ISO/TC 307).This work on infrastructure is classified into the DLT layer,the ID layer,and the“digital money”layer.LACChain ID,the working group behind all the identity developments,details all the concepts related to SSI(DIDs,VCs,digital wallets,and blockchain,among others)addressing technological,regulatory,and framework matters.LACChain has also enabled a full set of open-source tools to enable compatibility between identity services on top of the LACChain Networks.1.2.4.2 Applicability to eIDAS,SSI and European ID LACChain is a global service open to the public,focusing on Latin America and the Caribbean,providing self-sovereign identities with credentials.It has experience,implementation and applicability that may be taken into account as an implementation example for a possible European SSI-based eID.It is also applicable to wallets across several devices(mobile and cloud).The LACChain framework is fully aligned with and mentions eIDAS and GDPR consistently throughout.It also compares the different data protection and electronic signatures regulations from the different Latin American and Caribbean countries.24 https:/ec.europa.eu/cefdigital/wiki/display/EBSIDOC/Security track summary DIGITAL IDENTITY January 2022 18 1.2.4.3 Applicability to governance LACChain has developed its own governance scheme and the structure focuses on:Governance of the decentralised registries and blockchain networks,Governance of the block generation(consensus protocol),Governance of the DID registries,Governance of the trusted lists(TLs),and Governance of the keys and credentials.More information can be found at the Inter-American Development Bank site25 and the LACChain ID framework.26 1.2.4.4 Security Risks and mitigation LACChain is committed to meet and follow GDPR and how to converge with SSI considering the different risks.There are six main areas cited to achieve this:Consent:Solutions that comply with user consent are efficient because(i)it is no longer necessary for third parties to exchange identity subject information and(ii)it is much easier to reach out to and ask the identity subject for consent.Data portability:Data portability is provided by digital wallets,where an individual can store their keys,credentials,and data.Cloud and mobile wallets are presently the most portable options.Data protection by design and by default:All aspects of the SSI model developed by LACChain,including DIDs,VCs,verifiable presentations,identification,authentication and authorisation,digital repositories and wallets,and a decentralised registry,are designed to protect data by default.Pseudonymisation:Pseudonymisation is a direct benefit of SSI.In order to guarantee pseudonymisation,suitable DID registries and DID methods must be used.These will allow an identity holder to manage as many pseudonymous identifiers as desired so that they can interact with various services securely.They can authenticate without revealing more data.Pseudonymity is also one of the main advantages of DID documents and verifiable presentations over the traditional X.509 for electronic identification.Records of processing activities:As data is connected to identifiers,and individuals are responsible for sharing their own credentials,digital wallets should be able to keep a private record of processing activities.Additionally,public and decentralised blockchain registries allows for more pseudonymous traceable data;nobody will be able to correlate identifiers if suitable solutions are developed.Right to erasure(right to be forgotten):The right to erasure is always challenging as it implies that one must(i)know exactly where the data is,(ii)be able to authenticate themselves to those who own their data so they can ask them to erase it,and(iii)not have personal data in immutable and decentralised registries.SSI enables the achievement of the first two goals with much more ease than other digital identity models,but the third goal must be carefully taken care of.Bad implementations of SSI and blockchain could very easily violate data privacy.25 https:/publications.iadb.org/en/self-sovereign-identity-future-identity-self-sovereignity-digital-wallets-and-blockchain 26 https:/lacchain- (LACCChain)DIGITAL IDENTITY January 2022 19 1.3 EXISTING EID INITIATIVES 1.3.1 eIDAS 2.0 Details of eIDAS 2.0 requirements and how SSI can be applied to the requirements are not included in this paper.However,of relevance are the key points of the new proposal in the context of self-sovereign identity,as follow:Title:Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulation(EU)No 910/2014 as regards establishing a framework for a European Digital Identity(Brussels,3.6.2021,COM(2021)281 final,2021/0136(COD)Harmonised conditions for the establishment of a framework for European Digital Identity Wallets to be issued by Member States.Union citizens and other residents as defined by national law will able share securely data related to their identity in a user friendly and convenient way under the sole control of the user.Technologies used to achieve those objectives should be developed aiming towards the highest level of security,user convenience and wide usability.Member States should ensure equal access to digital identification to all their nationals and residents.Service providers should communicate their intent to rely on the European Digital Identity Wallets to Member States.That will allow Member States to protect users from fraud and prevent the unlawful use of identity data and electronic attestations of attributes as well as to ensure that the processing of sensitive data,like health data,can be verified by relying parties in accordance with Union law or national law.European Digital Identity Wallets should allow users to electronically identify and authenticate online and offline across borders for accessing public and private services.Wallets can also serve the institutional needs of public administrations,international organisations and the Unions institutions,bodies,offices and agencies.Offline use would be important in many sectors,including in the health sector where services are often provided through face-to-face interaction and ePrescriptions should be able to rely on QR-codes or similar technologies to verify authenticity.European Digital Identity Wallets should benefit from the potential offered by tamper-proof solutions such as secure elements,to comply with the security requirements under this Regulation.The European Digital Identity Wallets should also allow users to create and use qualified electronic signatures and seals.Member States should issue European Digital Identity Wallets relying on common standards to ensure seamless interoperability and a high level of security.The conformity of European Digital Identity Wallets with those requirements should be certified by accredited public or private sector bodies designated by Member States.European Digital Identity Wallets should ensure the highest level of security for the personal data used for authentication irrespective of whether such data is stored locally or on cloud-based solutions,taking into account the different levels of risk.Use of biometrics to authenticate is one of the identifications methods providing a high level of confidence,in particular when used in combination with other elements of authentication.Any entity that collects,creates and issues attested attributes such as diplomas,licences,certificates of birth should be able to become a provider of electronic attestation of attributes.Relying parties should use the electronic attestations of attributes as equivalent to attestations in paper format.Private relying parties providing services in the areas of transport,energy,banking and financial services,social security,health,drinking water,postal services,digital infrastructure,education or telecommunications should accept the use of European DIGITAL IDENTITY January 2022 20 Digital Identity Wallets for the provision of services where strong user authentication for online identification is required by national or Union law or by contractual obligation.Where very large online platforms require users to authenticate to access online services,those platforms should be mandated to accept the use of European Digital Identity Wallets upon voluntary request of the user.Users should be under no obligation to use the wallet to access private services,but if they wish to do so,large online platforms should accept the European Digital Identity Wallet for this purpose while respecting the principle of data minimisation.Attributes provided by the qualified trust service providers as part of the qualified attestation of attributes should be verified against the authentic sources either directly by the qualified trust service provider or via designated intermediaries recognised at national level in accordance with national or Union law for the purpose of secure exchange of attested attributes between identity or attestation of attributes service providers and relying parties.1.3.2 OpenID/OAuth2 The OpenID Foundation(OIDF)is a non-profit international standardisation organisation of individuals and companies committed to enabling,promoting,and protecting OpenID technologies.Formed in June 2007,the Foundation serves as a public trust organisation representing the open community of developers,vendors,and users.OIDF assists the community by providing needed infrastructure and help in promoting and supporting expanded adoption of OpenID.OIDF has worked with DIF(see Section 1.1.2)to a define an extension to the current specifications for authentication based on decentralised identifiers DID_SIOP.27 Specifications for Self-Issued OpenID Connect Provider(SIOP)28 is a part of OAuth 2.0 and complies OpenID Connect Core 1.0,which are the underlying protocols for all popular social login schemes.This guarantees the dataflows and user journeys remain the same compared to what users are using today.OpenID is an open standard and decentralised authentication protocol.It allows users to be authenticated by cooperating sites(also known as relying parties)using a third-party service,eliminating the need for webmasters to provide their own ad hoc login systems,and allowing users to log into multiple unrelated websites without having to have a separate identity and password for each.Users create accounts by selecting an OpenID identity provider and then use those accounts to sign onto any website that accepts OpenID authentication.According to OIDF,there are more than 50,000 websites that either issue or accept OpenIDs on their websites,with over one billion OpenID enabled user accounts.Published in February 2014 by OIDF,OpenID Connect is the third generation of OpenID technology.It implements an authentication layer on top of the OAuth 2.0 protocol(see below).It allows clients of all types,including web-based,mobile,and JavaScript clients,to verify the identity of the end-user based on the authentication performed by an authorisation server,as well as to request and receive information about authenticated sessions and end-users in an interoperable and REST-like manner.OpenID Connect includes a new authentication request message,a new ID token,which contains claims about the authentication and is represented as a JSON Web Token(JWT),and new request/response messages to get additional user data.OAuth 2.0 Authentication Servers implementing OpenID Connect are also referred to as OpenID Providers(OPs).OAuth 2.0 Clients using OpenID Connect are also referred to as relying parties.27 https:/didsiop.org/28 https:/ DIGITAL IDENTITY January 2022 21 The other work and contribution of the OpenID Foundation is organised by different working groups(WG)focused on a specific problem,technology,or opportunity for which the members will deliver a document or series of documents,after which they may disband or create a revised charter for further work:AB/Connect WG29 The AB/Connect working group is a combined working group of the Artifact Binding Working Group and the Connect Working Group aimed at producing the OAuth 2.0 based“OpenID Connect”specifications.Enhanced Authentication Profile(EAP)WG30 The purpose of this working group is to develop a security and privacy profile of the OpenID Connect specifications that enable users to authenticate to OpenID Providers using strong authentication specifications.The resulting profile will enable use of IETF Token Binding specifications with OpenID Connect and integration with FIDO relying parties and/or other strong authentication technologies.eKYC&IDA WG31 The eKYC and Identity Assurance working group is developing extensions to OpenID Connect that will standardise the communication of assured identity information,(i.e.,verified claims and information about how the verification was done and how the respective claims are maintained.Financial-grade API(FAPI)WG32 The goal of FAPI is to provide JSON data schemas,security and privacy recommendations and protocols to:o Enable applications to utilise the data stored in the financial account,o Enable applications to interact with the financial account,and o Enable users to control the security and privacy settings.FastFed WG33 The purpose of this working group is to develop a meta-data document specification,APIs,and workflow to enable an administrator to federate an identity provider and a hosted application that supports one or more of OpenID Connect,SAML,and SCIM and enable configuration changes to be communicated between the identity provider and hosted application.HEART WG34 The HEART working group intends to harmonise and develop a set of privacy and security specifications that enable an individual to control the authorisation of access to RESTful health-related data sharing APIs,and to facilitate the development of interoperable implementations of these specifications by others International Government Assurance Profile(iGov)WG35 The purpose of this working group is to develop a security and privacy profile of the OpenID Connect specifications that allow users to authenticate and share consented attribute information with public sector services across the globe.The resulting profile will enable standardised integration with public sector relying parties in multiple jurisdictions.The profile will be applicable to,but not exclusively targeted at,identity broker-based implementations.29 https:/ http:/ http:/ https:/ https:/ https:/ https:/ Please use footnotes for providing additional or explanatory information and/or relevant links.References should be listed in a dedicated section.Use only the function References/Insert Footnote DIGITAL IDENTITY January 2022 22 MODRNA WG36 The MODRNA(Mobile Operator Discovery,Registration&autheNticAtion)working group will develop a profile of OpenID Connect intended to be appropriate for use by mobile network operators(MNOs)providing identity services to RPs and for RPs in consuming those services as well as any other party wishing to be interoperable with this profile.Additionally,it will identify and make recommendations for additional standards items.Research&Education(R&E)WG37 The purpose of this working group is to develop a set of profiles for the OpenID Connect specifications to ease the adoption of OpenID Connect in the Research and Education(R&E)sector.The profiles will consider existing practices of federated identity management in the R&E sector,current international standards to represent users that belong to R&E institutions,as well as the existing international trust fabric based on R&E identity federations and multi-lateral trust exchange.The working group will also actively look for the engagement of the R&E international community.Shared Signal&Events WG38 The goal of this working group is to provide data sharing schemas,privacy recommendations and protocols to:o Share information about important security events to thwart attackers from leveraging compromised accounts from one Service Provider to gain access to accounts on other Service Providers(mobile or web application developers and owners).o Enable users and providers to coordinate to securely restore accounts following a compromise.o Internet accounts that use email addresses or phone numbers as the primary identifier for the account will be the initial focus.1.3.3 Horizon 2020 Initiatives Horizon 2020 is a funding program for research and innovation in the EU,initiated by the European Commission in 2014.It aims to strengthen and secure Europes global competitiveness.With a total funding of over 80 million Euros,the program was until then the biggest EU research and innovation program.The program aims at addressing three major challenges,including advancing scientific excellence,fostering competitiveness and market leadership,and resolving large societal challenges.Within the nine different program sections,several projects show a relevance for the development and implementation of self-sovereign identities.The average budget of these projects is 5.5 million Euros.Most of these projects intend to achieve interoperability,usability,and European standardisation,and have underlined the need to create a European solution by creating eIDAS-compliant solutions.In these cases,SSI is seen as a means to enable transnational identification while complying with existing standards and regulations,such as eIDAS or GDPR.The SSI-relevant projects receive funding from at least four different programmes.Most are covered under H2020-EU.2.1.Industrial Leadership,39 which aims at enabling new,36 https:/ https:/ https:/ Other relevant funding programs include:Shift2Rail JU(H2020-EU.3.4.8.);exploring new forms of innovation,with special emphasis on social innovation and creativity,understanding how all forms of innovation are developed,succeed or fail(H2020-EU.3.6.2.2.);strengthening security through border management(H2020-EU.3.7.3.);improving cyber security(H2020-EU.3.7.4.);ensuring privacy and freedom,including on the internet,and enhancing the societal,legal and ethical understanding of all areas of security,risk and management(H2020-EU.3.7.6.);supporting the EUs external security policies including through conflict prevention and peace-building(H2020-EU.3.7.8.).1 Please use footnotes for providing additional or explanatory information and/or relevant links.References should be listed in a dedicated section.Use only the function References/Insert Footnote DIGITAL IDENTITY January 2022 23 sustainable products,processes and services and their competitive deployment,as well as advanced manufacturing and processing to address major societal challenges.40 The identified projects base their technical solutions on distributed ledger technology(ISO 22739:2020)and cover different topics and domain fields in which they implement the technology.Examples of covered domain fields include the digital economy,Next-Generation-Internet(NGI),secure society,eHealth,eGovernment,mobility,and big data.KRAKEN follows a decentralised,user-centred approach for the exchange of personal data.Built on existing Blockchain data infrastructures,KRAKEN is developing a trusted and secure personal data platform with state-of-the-art privacy aware analytics methods to preserve the privacy and self-sovereignty of personal data.The Data platform will consider trust and security levels from national identity schemes and thereby ensuring eIDAS-compliancy.41 The project IMPULSE carries out user-centred and multidisciplinary impact analysis for the integration of blockchain and AI in eID in public services,consideration of existing eID systems and standards,such as GDPR and eIDAS.42 The project MGOV4EU provides a bridge between eIDAS and the Single Digital Gateway to create an open ecosystem and to enable secure and user-friendly mobile government services to be used across Europe.mGov4EU mobilises the existing eIDAS interoperability infrastructure(“eIDAS Layer”)for cross-border eGovernment processes.GDPR-conformity is reached through the usage of hardware-backed secure elements together with integrated convenience elements like biometric sensors.43 The project 5GZorro aims to use Distributed Ledger Technologies(DLT)to implement flexible and efficiently distributed security and trust between the different parties of a 5G end-to-end service chain.44 The project AI4HEALTHSEC promotes the exchange of reliable and trustworthy incident-related information between the ICT systems and units that make up the HCIIs without revealing sensitive company data.45 The project D4FLY offers a simple identity verification for border crossings using a border control kiosk equipped with advanced registration,verification and recognition functions and smartphone applications.Their solution includes a non-stop-on-the-move system for biometric verification.D4Fly investigates“potential advantages of a blockchain technology for identity verification”.46 The EU-funded eSSIF-Lab project is an innovation project aiming to reinforce internet reliability with electronic identities through the development and adoption of SSI technologies.The goal is to advance the broad uptake of SSI as a next-generation open and trusted digital identity solution.47 GLASS creates a blockchain-based distributed Framework“European Common Services Web”.At its core stands a citizen-oriented e-governance model that simplifies big data-exchange and 40 https:/cordis.europa.eu/programme/id/H2020-EU.2.1.1 41 https:/cordis.europa.eu/project/id/871473 42 https:/cordis.europa.eu/project/id/101004459 43 https:/cordis.europa.eu/project/id/959072/de 44 https:/cordis.europa.eu/project/id/871533 45 https:/cordis.europa.eu/project/id/883273/de 46 https:/cordis.europa.eu/project/id/833704 47 https:/cordis.europa.eu/project/id/871932/de 1 Please use footnotes for providing additional or explanatory information and/or relevant links.References should be listed in a dedicated section.Use only the function References/Insert Footnote DIGITAL IDENTITY January 2022 24 common services of public administration across the EU.The Solution includes a distributed file storage system that records every transaction among users;a distributed application ecosystem(dapp)for the provision of mobile services;a WaaS platform(Single Sign-On Wallet as a Service)and a middleware gateway framework for the establishment of secure communication channels between operational stakeholders and the integration of existing e-governance systems.48 NGI Assure aims at creating scalability,interoperability and sustainability through“Advanced Blockchain Technologies”(ABTs),converting cutting-edge research into standards that are accepted in all types of application areas and thereby achieving the objectives of the“Next Generation Internet”initiative.49 1.4 EU NATIONAL SSI AND ELECTRONIC IDENTITY WALLET INITIATIVES 1.4.1 Germany 1.4.1.1 Description and current status The German Federal Ministry of Economic Affairs initiated the Showcase Programme“Secure Digital Identities in 2019,aimed at the development of German eIDAS solutions that are user-friendly,trustworthy,and economical,accessible for the administration,businesses especially SMEs and the population.In total,four projects have been selected to implement and test their solutions throughout Germany in different cities and communities over the next three to four years.The selected projects can be regarded as a wide-ranging test lab for SSI applications,as all act in the field of SSI.The aim is to create new ID ecosystems in which users can digitally identify themselves to service providers or authorities with a mobile device,without media discontinuity and regardless of location.The solutions refer to the identification of people,the identification of things or a combination of both.The use cases of the projects cover 10 fields:Education,health,hospitality,tourism,trade,logistics,mobility,energy,Industry 4.0,IoT,access management,public administration,and the financial sector.The main objectives are:Strengthening the digital sovereignty of the citizens,Demonstrating the everyday benefits of secure digital identities to citizens,Showing wide application possibilities,Simplifying access to digital business and administrative services,and Improving the usability of secure digital identities(e.g.,replacing the username-password paradigm).1.4.1.2 Applicability to eIDAS,SSI and European eID The aim is to build an infrastructure that allows the secure exchange of proofs that is suitable for Europe-wide use and works equally for the identities of people,institutions and things on the basis of SSI.The implemented solutions are smartphone-based,and the verifiable credentials are filed in digital wallets.So far,three of the projects have begun the implementation phase.The first project,IDunion,implements a decentralised public key infrastructure,using the European cooperative Societas Cooperative Europaea S.C.E as a governance authority,which,48 https:/cordis.europa.eu/project/id/959879/de 49 https:/cordis.europa.eu/project/id/957073 DIGITAL IDENTITY January 2022 25 as a legal entity,determines the rules of the network and its implementation.They have developed their own wallets(Lissi and esatus)and agents.The second project,ONCE,develops and implements secure digital identities for administration,transport and the hotel industry.The ID systems used in ONCE are eIDAS-compliant and correspond to the security and trust requirements that the different areas of application demand.The final project presently undergoing implementation,ID-ideal,focuses on the development of a trust framework considering existing SSI standards based on W3C and DIF.Figure 1:ID Union SSI project framework(source:Lissi)These solutions must all be GDPR and eIDAS-compliant and based on available standards.The specific use cases in the field of personal identification should be usable on a mobile device and address the security levels low and substantial described in eIDAS.Application scenarios in business and administration,which require the security level high in eIDAS,should use the eID function of the identity card/electronic residence permit/eID card for EU citizens or another available solution according to eIDAS high.1.4.1.3 Applicability to governance The proposed open ID ecosystem and interoperable ID solutions relies on the development of a trust network,for example,that concerns semantic interoperability,procedures for dealing with different levels of assurance(LOA).One focus of the implementation should be the interaction between different ID solutions or different providers.The solutions should thus build on existing European electronic identity infrastructure and ensure the state remains the origin of the citizens core identity.They should be based on international norms and standards so that the results can easily be transferred to other municipalities,cities or metropolitan regions,including outside of Germany.1.4.1.4 Security risks and mitigation A potential challenge is to achieve interoperability among the different projects and their approaches.Especially with regards to other ongoing projects of the German chancellery or EU initiatives such as GAIA-X.DIGITAL IDENTITY January 2022 26 1.4.2 Spain Spain released its first standard defining a reference framework for the management of identification in 2020.This standard allows individuals and organisations to create and self-manage their own digital identity without the need to resort to a centralised authority.It was produced by Aenor,the Spanish Association for Standards,and has become an UNE(One Spanish Norm)standard,entitled UNE 71307-1.This standard was published on 9/12/2020,and on 11/1/2021 it was published in the BOE(Spain Official Bulletin),a process which officially approved and made it legally binding.The next step is to promote this standard to the CEN/CENELEC to become a European standard.On 11/2/2021,an autonomous community in Spain legislated the Blockchain Digital Identity,though it is waiting for approval at the national level.More information can be found on the UNE website.50 1.4.2.1 Description and current status This standard,entitled“Digital Enabling Technologies.Decentralised Identity Management Model based on Blockchain and other Distributed Ledgers Technologies.Part 1:Reference Framework”,is about DIDs,blockchain and other identity management solutions for a decentralised identity.Standardised decentralised identity information management models ensure that organisations maintain the security of their processes and that individuals protect their privacy and avoid identity theft,in contrast to traditional centralised models.This Spanish norm meets the following conditions.It:Is technologically neutral,Is compatible with other international standards related to digital identity,Meets the requirements of GDPR,Meets eIDAS and the ENS(Spanish National Security schema),Allows the implementation of DID management systems,Takes into consideration the SMB needs,and Is adequate for the use between natural and legal persons.The standard,which has begun the process of becoming a European standard,has been developed as part of UNEs committee covering blockchain and distributed ledger technologies,CTN 71/SC 307,with the participation and consensus of all parties involved.The CTN 71 on digital enabling technologies was established at the behest of the Secretary of State for Digitization and Artificial Intelligence.Technical standards establish a common language,providing security and confidence in new technologies,and are thus a pillar for the success of digital transformation.1.4.2.2 Applicability to eIDAS,SSI and European ID This standard sets a reference framework to manage decentralised identities and takes into consideration the different standards for SSI,for example from the W3C,and those related to the EU electronic identity.This standard is also compliant with the requirements set forth by eIDAS and GDPR.50 https:/www.en.une.org/encuentra-tu-norma/busca-tu-norma/norma?c=N0064986 DIGITAL IDENTITY January 2022 27 1.4.2.3 Applicability to governance This standard indicates some governance protocols related to:DID and credentials lifecycle,DID and credentials requisites,and Requirements for protocol messages.1.4.2.4 Security risks and mitigation Alastria,which is a not-for-profit association of multi-sector entities and is one of the main contributors to the development of this standard,has released a model based on 10 key principles for SSI.51 These 10 principles are grouped by different pillars,which are Security,Controllability and Portability,with specific governance processes for all of them,illustrated in the figure below.Figure 2:Alastrias ID model There is presently an ongoing project named PNE 71307-2:Digital Enabling Technologies Decentralised Identity Management Model based on Blockchain and other Distributed Ledgers Technologies,Part 2:Guidelines.52 1.4.3 Netherlands 1.4.3.1 Description and current status Delft University is a government partner for digital identity.The University is receiving a five-year funding for a research project to develop an open-source,production-ready SSI.Their operational open-source prototype for a digital identity is integrated with the European Commission EBSI infrastructure.Furthermore,they are currently in discussions with the Netherlands,Sweden and Singapore about a live cross-border trail of SSI Euro.Delft University released some specific documents regarding the Netherlands and SSI during the last few years.This section focuses on two of such documents,which were published in 2018 and 2020.51 https:/alastria.io/en/52 https:/www.une.org/encuentra-tu-norma/busca-tu-norma/proyecto/?c=P0054798 DIGITAL IDENTITY January 2022 28 The 2018 study reflects how digital identity largely remains unresolved because,after many years of research,there are still remain concerns over trusted communication over the Internet(e.g.,phishing).One solution for the provision of identity within the context of mutual distrust,this paper presents a blockchain-based digital identity.Without depending upon a single trusted third party,the proposed solution achieves a passport-level legally valid identity.This solution for making identities self-sovereign,builds on a generic provable claim model for which attestations of truth from third parties need to be collected.The claim model is then shown to be both blockchain structure and proof method agnostic.Four different implementations in support of these two claim model properties are shown to offer sub-second performance for claim creation and claim verification.Through the properties of SSI,legally valid status and acceptable performance,this proposed solution is considered to be fit for adoption by the general public.The 2020 study reflects how digital identity is essential to access most online services,and that digital identity is often outsourced to central digital identity providers,introducing a critical dependency.While SSI offers citizens ownership of their own identity,proposed solutions concentrate on data disclosure protocols and are unable to produce identity with legal status.It has been identified how related work attempts to legalize identity by reintroducing centralization and disregards common attacks on peer-to-peer interactions,missing out on the strong privacy guarantees offered by the data disclosure protocols.IPv8 is presented to address this problem,a complete system for passport-grade SSI.This design consists of a hierarchy of middleware layers which are minimally required to establish legal viability.IPv8 comprises a peer-to-peer middleware stack with Sybil attack resilience and strong privacy through onion routing.1.4.3.2 Applicability to eIDAS,SSI and European ID IPv8 was initiated in 2016 and created in tight collaboration with both government and industry.This design complies as much as possible with existing standards for authentication.The IPv8 design choice for security and privacy is that the verifiable claims are stored in encrypted form.Unlocking these encrypted claims requires passport-grade facial recognition.This component in IPv8 is supplied by IDEMIA,the Netherlands paper-based passport supplier.All code of IPv8 is available on GitHub and is provided under the GNU LGPL 3.0 license.53 This approach is also GDPR compliant.1.4.3.3 Applicability to governance The cited documents were created in cooperation with the Dutch National Office for Identity Data(Ministry of the Interior and Kingdom Relations).As such,it was the second digital identity model in the world to be sanctioned by a government after Estonia.1.4.3.4 Security risks and mitigation For a central trusted third-party:the solution is from D-H to PGP and PKI,but this requires identity to be tied to a public key.The variety of solutions and these become honeypots for attacks.For a non-central trusted third-party:the solution is based on SSI.The paradigm trust changes from trusting each other to trusting the user.This can be achieved by the use of blockchain,though risks still remain.One solution would be SSI over blockchain,with no power to the owner,no third-party control of attributes,and therefore it would be a permissionless,open enrolment.An IPv8 application may also be defined and implemented.53 https:/ DIGITAL IDENTITY January 2022 29 1.4.4 Poland 1.4.4.1 Description and current status In 2018,Poland introduced a public mobile application,which is provided by the Ministry of Digital Affairs.The legal basis for the application was established at the same time by law.An application called mObywatel(English:“mCitizen”)allows downloading,storing,and presenting electronic documents,such as an ID card or a drivers license,and transferring these documents between mobile devices or ICT systems.Additionally,the application allows verification of the integrity and authenticity of the electronic document.The mObywatel app is supported by the IT system provided by the Ministry of Digital Affairs.The system allows downloading an electronic document containing the users information from public registers;other information corresponding to the legal situation of the user;containing data used for identification of the user.A downloaded electronic document is an official copy of an official document issued in the form of other than electronic form.Figure 3:Credentials presented by mObywatel (from left to right)ID card,driving license,COVID certificate,ePrescription Functionally,mObywatel is a digital wallet for documents and services.The application presently offers the following functionalities:Download and presentation of identification data from identity card ePrescription data presentation Large family discount card presentation EU vaccination passport Presentation of drivers qualifications Check a drivers penalty points Show and review the details of vehicle document School or student card document presentation Electronic identification to online services Electronic tickets e.g.,train,local transport Application to the enrolment process authenticates to state registers with Trusted Profile a national identification scheme(substantial level of assurance)or electronic national identity card(high level of assurance).Access to the application is secured with a password.It is also possible to turn on the fingerprint or face recognition authentication with an additional PIN confirmation at the users request.The application creates a secure internal environment,encryption based on random data(salt)and data provided for user authentication(password).DIGITAL IDENTITY January 2022 30 User keys and X.509 certificates are generated by the supporting IT system and stored in a secure environment.User certificates are valid for one year,and after that period user is asked to repeat the enrolment process using nationally recognised identification means.After enrolment,a new set of keys and certificates are generated and secured by a password-protected environment;thus,it is impossible to change the password.In cases when a new password is needed,a new enrolment is required.All credentials stored in the app are signed with the digital signature of the Ministry of Digital Affairs which is only one authoritative source for the application.The application allows the presentation of stored credentials by signing them with user keys.mObywatel application and other verification application(mVerifier)use signed credential presentation to validate the presented document on another smartphone.The application keeps track of all validations.The validity of user and validator certificates can be additionally verified online.Figure 4:Electronic identification with mObywatel mObywatel allows electronic identification to external online services.The online service initiates the electronic identification by presenting a QR code and online use of the IT system from the Ministry of Digital Affairs.A mObywatel user then uses their smartphone to confirm private data to be transferred to the online service.To date,mObywatel is neither an official,nor a notified electronic identity scheme.However,mObywatel is presently one of most developed case studies for a solution for the development of a European Digital Identity Wallet.Further information on mCitizen can be found on the Polish government website(Polish only).54 1.4.4.2 Applicability to eIDAS,SSI and European eID mObywatel is the only one official eID application with functionalities of the European Digital Identification Wallet.While mObywatel uses its own PKI X.509 certificates for credential issuance and presentation,it does not follow common structures for verifiable credentials.For example,it is not known if a non-traceability rule is obeyed.mObywatel does not allow the use and storage credentials issued outside of the Ministry of Digital Affairs IT system.The application uses a software protected environment for the storage of keys and data;no internal 54 https:/www.gov.pl/web/mobywatel DIGITAL IDENTITY January 2022 31 nor external secure component is used to store user keys,keys are generated on external HSMs.Based on digital signatures and X.509 certificates for data exchange,credential issuance and credential presentation,mObywatel can be used as an electronic identification scheme for online services.Validity and trust are based on PKI and root certificates.The revocation is checked in every transaction.Additionally,the application allows offline electronic identification based on device-to-device data presentation.The enrolment process also makes use of electronic identification schemes.1.4.4.3 Applicability to governance mObywatel is under internal governance of Ministry of Digital Affairs(Prime Minister Office),and there is no publicly available information about applicable standards.However,all public administration systems in Poland are legally mandated to have an information security management system following standards like ISO 27001.1.4.4.4 Security risks and mitigation The mObywatel secure environment is based on software encryption in tandem with the users random data(salt)and password.Keys and certificates have one-year period of validity,requiring a re-key and recertification every year to complete a full(re-)enrolment process.Data stored in the wallet is from an official state registry and digitally signed by Ministry of Digital Affairs.1.4.5 Survey Results:Current SSI Activities in Selected EU MS To prepare an introductory review of the current situation regarding SSI in each Member State,ENISA issued a preliminary survey to the relevant national bodies about any SSI-related work that is either foreseen or that which is presently being undertaken.This survey was aimed to collect information on:SSI-related work within the respondents organisation/nation,The goals of these activities,The possible timeframe of the SSI-related work,The technology used,The scope of the work,Interoperability requirements for cross-border transactions,and/or Possible security risks and opportunities that SSI presents.Whilst most respondents have stated,at the time of this draft,that it is too early to respond,the results from seven MS offer some insight into experience with the application of SSI in their countries.The following is a summary of key points from answers submitted by Austria,the Czech Republic,Denmark,Luxembourg,Poland,Portugal,and Sweden.1.4.5.1 Description of SSI-related work Most respondents cited involvement with ESSIF and EBSI for example,the Technical or Policy Working Groups focusing on aligning existing eGovernment infrastructures with SSI technology,specifically in the identification of gaps and incompatibilities Other normative activities included working with the new EU Toolbox,Research activities and pilot projects,Training for state employees,implementation of government-issued credentials,DIGITAL IDENTITY January 2022 32 National digital wallet schemes,such as Portugals id.gov.pt application,and the Polish Publiczna Aplikacja Mobilna(Public Mobile Application)55(see also section 1.4.4 of this report).Luxembourg is working on several pilot projects,including a diploma use case for the University of Luxembourg56 as well as a Europass credential for professional certificates and secondary school diplomas,GovTechLab57 research towards“a digital transformation of the public sector”,and the recent Infrachain Hackathon,58 which focused on demonstrable applications of the“Public Sector Blockchain”.1.4.5.2 Goals Contribute to the understanding of SSI and its benefits,Come to an understanding of zero zero-knowledge proof(ZKP)capable SSI implementations,Identify potential benefits of SSI within the public sector and map the barriers for the realization of these benefits,Practical experience in SSI through pilots,research and involvement in EBSI/ESSIF,and Provision of national digital identities based on wallets.1.4.5.3 Possible timeframes The responses varied to the question about milestones of present SSI-related work,between a general statement of continual cooperation with the EBSI/ESSIF working groups,ongoing work on national digital identity projects,and a citation of specific planned projects between six months and two years.1.4.5.4 Implemented technology The list of employed technologies in pilot projects include,for Sweden,Hyperledger Indy,Aries,Ursa,and Besu.For Luxembourg,a private Ethereum blockchain used,for example,for the previously mentioned Public Sector Blockchain,and an open-source enterprise and end-use wallet called walt.id,59 which is based on EBSI/ESSIF.Portugal cited use of the Xamarin(.NET)platform and Java for development.1.4.5.5 Scope All pilot projects thus far are aimed at serving the public sector,including,natural and legal persons.Sweden also included IoT devices and processes,as they are defined by the ISO/TC 307 Identity Working Group.1.4.5.6 Cross-border interoperability The verifiable credential data model can be implemented in several ways.Further work is required,however,to make this interoperable.Relying parties need to support multiple verifiable data registries.The SSI architecture needs to be platform-and technology-neutral and should not rely on a specific technology for how data are stored and retrieved.Rather,interfaces for the exchange of identity data should be standardized.Identifying citizens to national registries must be able to leverage the existing national eID/e-Service infrastructures,ensuring that existing investments in a well-functioning infrastructure are protected.55 More information at https:/id.gov.pt(Portuguese only)56 More information at https:/ebsilux.lu/57 More information at https:/govtechlab.public.lu/en.html#challenges 58 More information at https:/ More information at walt.id DIGITAL IDENTITY January 2022 33 1.4.5.7 Security SSI has the benefit of having no single point of failure.Increasing demand on user associated with user control is worrying.Privacy by demand,with features such as sector-specific identifiers,is crucial.This is hard to achieve in typical SSI(DLT/DID-based)systems,especially when these unique and persistent identifiers are created sector-or service-or MS-specific in the very moment they are requested.It is important that freshness of attributes(e.g.,representation,mandates,professional capacity,custody of minors,etc.)is maintained.This can only be achieved with online/cloud-based wallets.DIGITAL IDENTITY January 2022 34 2.ARCHITECTURAL ELEMENTS FOR SELF-SOVEREIGN IDENTITY The following basic model is a synthesis of the architectural elements of self-sovereign identity schemes derived from the systems described in the documentation referenced in Section 1.This is not intended to be an implementable architecture that represents any real system but is provided to make it possible to analyse the governance and risks of an SSI scheme.It may be possible to combine the functions of the Controller and the use of DID with the functions of VC issuance.Figure 5:Basic architectural elements for SSI The basic architectural elements can be described as follows.The basis of the description is taken from the document identified in the right-hand column.Additional information may be added to further clarify this within the context of this report.DIGITAL IDENTITY January 2022 35 Table 1:Basic architectural elements for SSI Element Description Based on Decentralised Identifier(DID)A type of identifier that enables verifiable,decentralized digital identity.A DID refers to any subject(e.g.,a person,organization,thing,data model,abstract entity,etc.)as determined by the controller of the DID.Within the context of this report,only natural and legal person are considered as subjects.A DID may be considered as a form of pseudonym as used in eIDAS as it is not directly linked to a formal identifier of the natural or legal person.W3C Decentralized Identifiers(DIDs)v1.0 DID Document DID documents contain information associated with a DID.They typically express verification methods,such as cryptographic public keys,and services relevant to interactions with the holder.A DID document may be signed by a DID Controller.W3C Decentralized Identifiers(DIDs)v1.0 DID Controller The controller of a DID is the entity(person,organization,or autonomous software)that has the capability as defined by a DID method to make changes to a DID document.The following secure processes for the DID controller are identified by this report:Proof of possession or control of the holder of its private key Issuance of a unique DID to the holder W3C Decentralized Identifiers(DIDs)v1.0 Verifiable Credential(VC)A set of one or more claims made by an issuer.A verifiable credential is a tamper-evident credential that has authorship that can be cryptographically verified.W3C Verifiable Credentials Implementation Guidelines 1.0 VC Issuer A role an entity can perform by asserting claims about one or more subjects,creating a verifiable credential from these claims,and transmitting the verifiable credential to a holder.The following secure processes are for the DID controller are identified by this report:Authentication of the holder as identified by its DID Proofing that the claimed attributes belong to the holder Revocation of a holders attributes W3C Verifiable Credentials Implementation Guidelines 1.0(Issuer)Presentation Data derived from one or more verifiable credentials,issued by one or more issuers,that is shared with a specific verifier.A verifiable presentation is a tamper-evident presentation encoded in such a way that authorship of the data can be trusted after a process of cryptographic verification.W3C Verifiable Credentials Implementation Guidelines 1.0 Repository A program,such as a storage vault or personal verifiable credential wallet,that stores and protects access to holders verifiable credentials.The use of the repository is restricted to the holder or other authorised parties.W3C Verifiable Credentials Implementation Guidelines 1.0 DIGITAL IDENTITY January 2022 36 Element Description Based on Key Wallet Application used to generate,manage,store or use private and public keys.This may need to be protected by specially protected secure element within the Wallet.The use of the keys is restricted the holder.Wallet In this report,Wallet is used to cover the repository of verifiable data(DID documents,verifiable credentials)and a Key Wallet.A wallet may be considered as a form of Secure Area(SA-Application)as defined DIS 23220-1(see Section 1.1.4)clause 3.33 and 3.35.As described for Sovrin(see section 1.2.1),this may be supported through use of an agent service that is remotely accessed from the users device and controlled through use of multiple authentication factors.This concept is also supported by DIS 23220-1.ISO DIS 23220-1 Generic system architectures of mobile eID systems DID Registry In order to be resolvable to DID documents,DIDs are typically recorded on an underlying system or network of some kind.Regardless of the specific technology used,any such system that supports recording DIDs and returning data necessary to produce DID documents.In this report this is referred to as the DID document registry.The DID registry can be based on a distributed ledger such as blockchain.W3C Decentralized Identifiers(DIDs)v1.0(Verifiable data registries)VC Registry A role a system might perform by mediating the creation and verification of identifiers,keys,and other relevant data,such as verifiable credential schemas,revocation registries,issuer public keys,and so on,which might be required to use verifiable credentials.Some configurations might require correlate identifiers for subjects.Some registries,such as ones for UUIDs and public keys,might just act as namespaces for identifiers.W3C Decentralized Identifiers(DIDs)v1.0(Verifiable data registries)Holder Authentication The protocol exchange to obtain authorized access to a resource.RFC 6749 The OAuth 2.0 Authorization Framework DIGITAL IDENTITY January 2022 37 3.GOVERNANCE OF A DIGITAL IDENTITY FRAMEWORK 3.1 SSI AND GENERAL GOVERNANCE The governance of SSI-based schemes is still undergoing development.Most experience in governing an SSI scheme comes from Sovrin,as described in Section 1.2.1.Sovrin has taken an approach similar to that applied by many PKI services,including eIDAS Trust Services,which is as follows:There is a governing body which oversees the operation of the SSI service providers and sets the rules for assuring the operation of the SSI service providers,Conformity assessment of the provider by an independent assessor against the assurance rules set by the governing body,and A means for relying parties to assess whether are considered trustworthy by the governing body.ISO and CEN(see Section 1.1.3)are in the early stages of developing standards for managing trust based around SSI with working drafts looking at trust anchors.3.2 GOVERNANCE OF WALLETS The user has control over the use of their wallet.The user can decide whether to use any particular wallet,as well as select a particular DID or verifiable credential within a wallet,to authenticate their identity to a relying party.The security of SSI depends on the security of the wallet software and environment,in particular,that the keys and,for privacy,the verifiable data,are under the sole control of the holder and cannot be leaked to other parties.Thus,the security of the wallet will need to be certified against specific criteria to give assurance for the security of wallets.3.3 GOVERNANCE OF DID CONTROLLERS The issuance of DID of documents puts responsibilities on the DID controller issuing the DID document to ensure that:The identifier is unique and cannot be used by an entity other than the holder,The verification means held in the DID document is directly associated with keys a wallet under sole control of the holder,and The DID document is secured such that it the data cannot be modified and if authenticated as coming from a trusted DID controller.This may be assured,for example,through audit by an accredited auditor against criteria for DID controllers.DIGITAL IDENTITY January 2022 38 3.4 GOVERNANCE OF VC ISSUERS The issuance of verifiable credential puts responsibilities on issuer to ensure that:The DID used to identify the subject of the VC belongs to an identifiable entity,The credentials placed within a VC are proven to belong to identified entity,The VC is secured such that it the data cannot be modified and if authenticated as coming from a trusted DID controller,and Any credential that is no longer valid is revoked.This may be assured,for example,through audit by an accredited auditor against criteria for issuers of verifiable credentials.3.5 GOVERNANCE OF DID AND VC REGISTRIES A reliable source of information regarding the issuance and revocation is considered to be necessary which is available,across borders,independent of the wallet.This is thought to be necessary so that relying parties may validate the status of verifiable data(e.g.,certificates or credentials)independent of the wallet holder.Technologies such as distributed ledgers may be employed,governance of registries may need to be considered separately(e.g.,as a qualified trust service).3.6 INTERDEPENDENCE The governance of the different elements of an SSI architecture cannot be considered in isolation.The VC issuer depends on the DID,as issued by the DID controller,being uniquely assigned to entity identified by the DID controller and on the sole control of the authentication means being under the sole control of the document.The DID controller needs to be assured that the authentication means is held securely in a certified wallet.Both the DID controller and the VC issuer depend on the registry to provide relying parties with the latest state of the DID document and verifiable credential.DIGITAL IDENTITY January 2022 39 4.DIGITAL IDENTITY CONSIDERATION OF RISKS The following considers the risks associated with the possible architectures given in Section 2.Article 8 of eIDAS establishes assurance levels for notified electronic identification schemes,which needs to specify assurance levels low,substantial and/or high for electronic identification means issued under that scheme.Commission Implementing Regulation 2015/1502 presents general risk considerations to the main processes of the electronic identification scheme:enrolment,ID means management,authenti
50人已浏览
2023-03-10 51页
5星级
美国科技政策办公室:美国中央银行数字货币系统技术评估报告(2022)(英文版)(58页).pdf
TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 1 TECHNICAL EVALUATION FOR A U.S.CENTRAL BANK DIGITAL CURRENCY SYSTEM SEPTEMBER 2022 TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 2 About this Document Executive Order(EO)14067 directed the Office of Science and Technology Policy to produce a technical evaluation to facilitate and support the introduction of a Central Bank Digital Currency(CBDC)system in the United States(U.S.),should one be proposed.This report lays out the policy objectives for a U.S.CBDC system,and proceeds to analyze technical design choices for a U.S.CBDC system with respect to those policy objectives.This report also estimates the feasibility of building a U.S.CBDC minimum viable product and assesses how a U.S.CBDC system may impact Federal processes.This report makes recommendations on how to prepare the U.S.Government for a U.S.CBDC system,but it does not make an assessment or recommendation about whether a U.S.CBDC system should be pursued.About the Office of Science and Technology Policy The Office of Science and Technology Policy(OSTP)was established by the National Science and Technology Policy,Organization,and Priorities Act of 1976 to provide the President and others within the Executive Office of the President with advice on the scientific,engineering,and technological aspects of the economy,national security,health,foreign relations,the environment,and the technological recovery and use of resources,among other topics.OSTP leads interagency science and technology policy coordination efforts,assists the Office of Management and Budget with an annual review and analysis of Federal research and development in budgets,and serves as a source of scientific and technological analysis and judgment for the President with respect to major policies,plans,and programs of the Federal government.More information is available at http:/www.whitehouse.gov/ostp.About the Interagency Process The creation of this report was coordinated through an interagency process led by the Assistant to the President for National Security Affairs and the Assistant to the President for Economic Policy,as described in Section 3 of EO 14067.A list of departments and agencies involved in this interagency process can be found in Appendix B.Copyright Information This document is a work of the United States Government,and this document is in the public domain(see 17 U.S.C.105).TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 3 Contents Introduction.5 Policy Objectives for a U.S.CBDC System.7 Technical Design Choices for a U.S.CBDC System.11 Participants.12 Transport Layer.12 Interoperability.15 Governance.16 Permissioning.16 Access Tiering.18 Identity Privacy.20 Remediation.22 Security.24 Cryptography.24 Secure Hardware.26 Transactions.27 Signatures.27 Transaction Privacy.29 Offline Transactions.30 Transaction Programmability.32 Data.33 Data Model.33 Ledger History.34 Adjustments.36 Fungibility.36 Holding Limits.38 Adjustments on Transactions.39 Adjustments on Balances.40 Feasibility and Resources for a U.S.CBDC System Minimum Viable Product.41 Brief Survey of Relevant Experimentation.41 Public Sector.41 Private Sector.42 TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 4 Estimating Resources Required Based on Sets of Hypothetical CBDC Design Choices.42 Example Set#1:Minimally Complex.43 Example Set#2:More Complex Focusing on Broader Participation.44 Example Set#3:More Complex Focusing on Programmability,Privacy,and Inclusion.44 Impact of a U.S.CBDC System on Federal Processes.46 Cybersecurity and Privacy.46 Customer Experience.47 Social Safety Net Programs.48 Recommendations on Preparing for a U.S.CBDC System.50 Advance Technical Work Related to Digital Assets.50 Continue Digital Assets Research and Experimentation Within the Federal Reserve.50 Establish a Digital Assets R&D Agenda.50 Scale Up Tech Capacity Across the Federal Government.51 Appendix A:Digital Services Best Practices.53 Open Source.53 Modern Technology Stack.54 Agile Development.54 Team Structure.55 Appendix B:Interagency Process.58 TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 5 Introduction A Central Bank Digital Currency(CBDC)is a digital form of a countrys sovereign currency.1 If the United States issued a CBDC,this new type of central bank money may provide a range of benefits for American consumers,investors,and businesses.For example,a U.S.CBDC might enable transactions that are more efficient and less expensive,particularly for cross-border funds transfers.However,there are also potential risks to consider.A U.S.CBDC might affect everything ranging from the stability of the financial system to the protection of sensitive data.Recognizing these potential upsides and downsides,the Biden-Harris Administration is committed to further exploring the implications of,and options for,issuing a CBDC.On March 9,2022,President Biden signed Executive Order(EO)14067,Ensuring Responsible Development of Digital Assets,placing the highest urgency on research and development efforts into the potential design and deployment options of a U.S.Central Bank Digital Currency(CBDC).2 EO 14067 further directed the Federal government to“prioritize timely assessments of potential benefits and risks under various designs to ensure that the United States remains a leader in the international financial system.”To help advance this directive,Section 5(b)(ii)of EO 14067 ordered the Director of the Office of Science and Technology Policy(OSTP)and the Chief Technology Officer of the United States in consultation with the Secretary of the Treasury,the Chair of the Federal Reserve,and the heads of other relevant agencies to submit to the President a technical evaluation for a U.S.CBDC system,should one be proposed.This report begins by laying out the policy objectives for a U.S.CBDC system,outlined in EO 14067 and developed in further detail through an interagency process led by the National Economic Council and the National Security Council.These policy objectives reflect the Administrations ongoing commitment to develop and use technology in accordance with democratic values.This report then analyzes the technical design choices for a U.S.CBDC system,focusing on how those choices would impact the policy objectives for a U.S.CBDC system.Next,this report estimates the feasibility of building a minimum viable product for a U.S.CBDC system,based on hypothetical combinations of technical design choices.Finally,this report assesses how a U.S.CBDC system may impact Federal processes,focusing on cybersecurity and privacy,customer experience,and social safety net programs.This report concludes by making recommendations on how to prepare the Federal government for a U.S.CBDC system,should one be pursued.It recommends that OSTP help advance technology related to CBDCs as part of the CBDC Working Group outlined in the Department of the Treasurys report on The Future of Money and Payments.It encourages the Federal Reserve to continue its research and experimentation on CBDC systems,while recommending that the National Science Foundation(NSF)and OSTP develop a National Digital Assets Research and Development(R&D)Agenda to help spur innovation that could support the Federal Reserves 1 Other U.S.Government reports explain CBDCs in greater depth.See,e.g.,The Future of Money and Payments.(Sep.2022).Department of the Treasury;and Money and Payments:The US Dollar in the Age of Digital Transformation.(Jan.2022).The Federal Reserve.2 Executive Order 14067:Ensuring Responsible Development of Digital Assets.(Mar.2022).Federal Register.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 6 efforts.Finally,it recommends scaling up relevant technological infrastructure,capacity,and expertise across the Federal government to harness benefits and mitigate risks of digital assets.It is also important to briefly note what this report does not do.This report does not make any assessments or recommendations about whether a U.S.CBDC should be pursued.Additionally,this report does not make any design choices for a U.S.CBDC system,if one were proposed.Instead,it fulfills the mission of EO 14067 by providing a timely assessment of potential benefits and risks for a U.S.CBDC system.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 7 Policy Objectives for a U.S.CBDC System EO 14067 outlines the principal policy objectives of the United States with respect to digital assets and provides additional priorities for a U.S.CBDC.This document provides considerations related to choices and limitations that should inform the design of a U.S.CBDC system,where a“CBDC system”includes the CBDC itself,the public sector and private sector components that are built to interact with it,and the laws and regulations that apply to each of those components.3 Building on the policy objectives described in EO 14067,a U.S.CBDC system should support the following objectives.4 While some of these objectives may be in tension,it is not the aim of this document to reconcile or prioritize the policy objectives listed below.Additionally,the purpose of this document is not to take a position on whether a U.S.CBDC should be pursued,or to make decisions regarding particular design choices for a U.S.CBDC system to achieve the stated objectives.1.Provide benefits and mitigate risks for consumers,investors,and businesses a.Consumers,investors,and businesses should be financially protected.The CBDC system should include appropriate protections for custodial and other arrangements related to customer assets and funds,fraudulent and other illegal transactions,and market failures.It should also provide for appropriate disclosures of risk.b.Consumers,investors,and businesses should be digitally protected.The CBDC system should include consumer protections by design and default.These protections should include mechanisms for human consideration and remedy of harms,and these protections should be accessible,equitable,effective,maintained,accompanied by appropriate operator training,and should not impose an unreasonable burden on the public.2.Promote economic growth and financial stability and mitigate systemic risk a.The CBDC system should support economic activity.The CBDC system should be designed to integrate seamlessly with traditional forms of the U.S.dollar.In addition,the CBDC should be flexible enough to facilitate a range of economic policy objectives,including promoting competition and innovation.To support these objectives,the CBDC system should be both governable and sufficiently adaptable.b.The CBDC system should ensure the resilience of the financial system.The CBDC system should be designed in a way that is consistent with broad financial intermediation and that mitigates concentration risks.The CBDC system should be designed to minimize the occurrence of destabilizing runs and liquidity risks.The CBDC system should not increase systemic risk.3 The term“components”is broadly construed.For example,components might include smart cards,mobile applications,and intermediaries that fulfill various roles in the CBDC system.4 These objectives are also consistent with the G7 Public Policy Principles for Retail CBDCs.(Oct.2021).G7.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 8 c.The CBDC system should be operable in normal circumstances and under stress.The CBDC system should be resilient under a range of adverse circumstances,both at initial deployment and over its lifecycle.When problems are discovered in CBDC functionality,there should be a clear process and adequate support for mitigating and resolving those problems.3.Improve payment systems a.The CBDC system should be functional.The CBDC system should support the smooth functioning of the payment system by ensuring that the CBDC system works,including at initial deployment,over its lifecycle,and when parts of the systems are nonoperational.Furthermore,the CBDC system should function efficiently relative to the costs to operate so that it can also achieve the promised benefits of a CBDC system.To do so,the CBDC system should be designed such that adequate resources and personnel training will exist for developing and maintaining the CBDC systems components.b.The CBDC system should be efficient.The CBDC system should be usable and provide a good customer experience.It should also allow for efficiencies that make investments and domestic and cross-border fund transfers and payments cheaper,faster,and safer,by promoting greater and more cost-efficient access to financial products and services.c.The CBDC system should be secure.The CBDC system should be protected against cybersecurity attacks and failures,and the system should ensure assurance and integrity of the CBDC and the system as a whole.The CBDC system should be designed so that consumers,investors,businesses,and the public can trust it to be secure and resilient to potential attacks,disasters,and failures,as well as cyber,fraud,counterfeiting,and other operational risks.The CBDC system should include appropriate cybersecurity and privacy incident management,contingency plans,and continuity plans to ensure availability of its functionalities,including in the case of natural disasters and foreign attacks.d.The CBDC system should be flexible.The CBDC system should support an ecosystem of innovation from the public and private sectors in order to meet the various goals of the United States.The CBDC system itself should be extensible and upgradeable such that it can be iterated upon quickly to improve and harness new innovation,as well as changing technologies,regulations,and needs.4.Ensure the global financial system has transparency,connectivity,and platform and architecture interoperability or transferability,as appropriate a.The CBDC system should be appropriately interoperable.The CBDC system should,where appropriate and consistent with other policy priorities,facilitate transactions with other currencies and systems,such as physical cash,commercial bank deposits,CBDCs issued by other monetary authorities,and the global financial system.The CBDC system should be designed to avoid risks of harm to the international monetary system and financial system,including broad monetary sovereignty and financial stability.The CBDC system should be designed with TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 9 appropriate considerations for transferability and orderly termination in events such as a change in policy or end of life.5.Advance financial inclusion and equity a.All should be able to use the CBDC system.The CBDC system should enable access for a broad set of potential consumers and uses,with appropriate restrictions to mitigate specific risks(e.g.,destabilizing runs,money laundering).While the CBDC system may initially support fewer potential consumers and uses,it should scale and support a broader range of use cases over time.As it is designed,implemented,and maintained,the CBDC system should take particular notice of EO 13985(Advancing Racial Equity and Support for Underserved Communities Through the Federal Government)and EO 14058(Transforming Federal Customer Experience and Service Delivery to Rebuild Trust in Government).b.The CBDC system should expand equitable access to the financial system.The CBDC system should expand equitable access to deposit and payment products and services,as well as credit provided by banks and other sources.This includes expanding equitable access for people of color,rural communities,individuals without the resources to maintain expensive devices or reliable Internet access,and individuals with cognitive,motor,or sensory impairments or disabilities.The CBDC system should not create new inequities,including through technological barriers to use.Technological advances,educational material,and support should be leveraged to overcome the potential technical and economic barriers to using CBDC that may disproportionately harm some communities.The CBDC system should support payments to and from the public sector and equity-advancing initiatives,such as the administration of social safety net programs.However,use of the CBDC system should not be mandated.Offline capability should be incorporated,and the role of cash should be preserved.6.Protect national security a.The CBDC system should promote compliance with AML/CFT requirements and mitigate illicit finance risks.The CBDC system should be designed to facilitate compliance with anti-money laundering(AML)and combating the financing of terrorism(CFT)requirements,as well as relevant sanctions obligations.The CBDC system should allow for the collection of information necessary to fulfill these requirements,but not more.The system should also enable adequate transaction monitoring to detect and report suspicious activity to the relevant authority.The CBDC system should be designed to include features,or enable intermediaries to include features,to identify and mitigate illicit finance risks(e.g.,fraud,sanctions evasion,money laundering),while providing appropriate protections for privacy,civil and human rights,and cybersecurity.b.The CBDC system should support U.S.leadership in the global financial system,including the global role of the dollar.The CBDC system should be at the forefront of responsible development and design of digital assets and should underpin new forms of payments.The CBDC system should support scalability TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 10 and be capable of maintaining high throughput,speed,resiliency,security,and privacy as it facilitates millions or billions of users and global transactions that are fast,efficient,and convenient(for both domestic and cross-border payments,if deemed appropriate).The fully operational CBDC system should support high user and transaction loads,including during surges in transaction volume.7.Provide ability to exercise human rights a.The CBDC system should respect democratic values and human rights.The CBDC system should be designed and used in accordance with civil and human rights,such as those protected by the U.S.Constitution,as well as those outlined in the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights.The CBDC system should have oversight and accountability mechanisms to ensure compliance with civil and human rights.The CBDC system should be able to incorporate technical protections that prevent the use of CBDC in ways that violate civil or human rights.The CBDC system should also be protected from abuse during periods of high political volatility or deviation from democratic values.8.Align with democratic and environmental values,including privacy protections a.Sensitive financial data should be private.The CBDC system should maintain privacy and protect against arbitrary or unlawful surveillance.The CBDC design,deployment,and maintenance should adhere to privacy engineering and risk management best practices,including privacy by design and disassociability.5 Built-in protections and design choices should ensure that privacy is included by default,including ensuring that data collection conforms to reasonable expectations and only data that is strictly necessary for advancing CBDC system policy objectives is collected.b.The CBDC system should be sustainable.The CBDC system should be compatible with U.S.environmental priorities,including cutting U.S.greenhouse gas pollution by 50-52%from 2005 levels by 2030 and transitioning to a net-zero emissions economy by 2050.The CBDC system should minimize energy use,resource use,greenhouse gas emissions,other pollution,and environmental impacts on local communities.The system should improve environmental performance relative to the traditional financial system.5 Disassociability refers to the processing of data or events without association to individuals or devices beyond the operational requirements of the system.See,e.g.,NIST Privacy Framework.(Jan.2020).National Institute of Standards and Technology,29.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 11 Technical Design Choices for a U.S.CBDC System EO 14067 directed OSTP to submit to the President a report that addresses the technical aspects of the various CBDC designs,including with respect to emerging and future technological developments.This section provides a list of design choices that could inform the technical design of a U.S.CBDC system,as well as an analysis of their benefits and risks.This section focuses on 18 design choices,divided into six categories:Participants,Governance,Security,Transactions,Data,and Adjustments.This section:Does not presuppose that a CBDC system would use any particular technology(e.g.,a distributed ledger technology or a centrally managed database);Does not assume that a CBDC system would maintain identical functionality to cash;Does not take any position on whether establishing a CBDC system would be in the best interest of the United States;Does not prioritize the design choices in order of importance;Does not claim that the list of design choices is complete;Does not assume a particular distribution model,but does,for the sake of analysis,focus on design choices with more applicability for a retail CBDC system;6 Does not assume that all applicable design features need to be incorporated into a CBDC system at initial deployment;Does emphasize that many design choices are linked to other design choices;and Does,for the sake of analysis,focus on the two endpoints for the spectrum of possibilities for a design choice,even though hybrid options are possible,or potentially desired.In order to focus the analysis on the design choices that likely matter to policymakers,this section makes a few starting assumptions about the design of a U.S.CBDC system.While a U.S.CBDC system could,in theory,be mostly“permissionless”7 from a governance standpoint,this design choice introduces a large number of technical complexities and practical limitations that strongly suggest that a permissionless approach does not make sense for a system that has at least one trusted entity(i.e.,the central bank).It is possible that the technology underpinning a permissionless approach will improve significantly over time,which might make it more suitable to be used in a CBDC system.However,given the state of the technology,most of the analysis that follows assumes that there is a central authority and a permissioned CBDC system.6 Many of these design choices are likely also applicable to a wholesale or hybrid CBDC system.7 A CBDC system could either be managed by a set of trusted entities(permissioned)or by a network of system participants(permissionless),or some combination of the two.This is discussed further in the permissioning design choice later in this report.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 12 Deciding whether a CBDC is in the best interest of the United States will depend,in part,on the specific design choices contemplated for the CBDC system under consideration.The aim of this section is to help policymakers understand these technical design choices and their associated tradeoffs,especially with respect to the policy objectives for a U.S.CBDC system outlined in Section 4 of EO 14067 and expanded upon in the Policy Objectives section of this report.U.S.policymakers should read this section in conjunction with the Department of the Treasurys report titled The Future of Money and Payments,in order to get a fuller picture of the design choices important to the decision of whether to issue a CBDC.Participants Transport Layer:Less Intermediated vs.More Intermediated What roles do intermediaries take on,and can people opt to pay each other without intermediaries in certain conditions?Who has access to the payment system technology and at what level?The transport layer of a CBDC system determines whether a third party must facilitate transfers between two parties,and if so,who the third party or parties are.A CBDC system could be less intermediated by allowing some amount of peer-to-peer(P2P)transactions,which are transactions that occur without the direct involvement of a financial intermediary.8 Alternatively,the system could be more intermediated,which would mean that most or all transactions occur with the involvement of a financial intermediary(e.g.,transfers made via a bank or private services).This is not a binary choice;there are many fine-grained design choices embedded in this question,including the option to support both less intermediated and more intermediated transactions under different conditions.Even if a P2P funds transfer could be completed without an intermediary,other functions of the system(e.g.,account creation)could still require intermediation.Furthermore,though it is easy to imagine transactions being settled by current-day private sector intermediaries,such as banks,it is possible for other CBDC system functionalities to be fulfilled by non-traditional public or private intermediaries.9 This design choice is linked to the design choices on transactions,as the transport layer would set the foundation for who can facilitate transactions.This design choice is also linked to the Data design choices,as the transport layer would affect who gets write access to the ledger history,if it exists.This design choice is also linked to the governance design choices,as a less intermediated system would require a vastly different set of governance guidelines and 8 Potential intermediaries for transaction processing include the central bank,commercial banks,and other third-party entities.9 A non-exhaustive list of possible intermediation functionalities includes issuing currency,distributing currency,custody and wallets for currency,validating transactions,settling transactions,provisioning access(e.g.,user accounts,know your customer),providing user interfaces,providing customer service,conducting fraud detection,conducting AML/CFT compliance,and resolving disputes.Some of these functionalities would likely require compliance with banking laws and regulations,as well as other applicable laws,such as Federal securities laws.However,other functionalities(e.g.,provisioning access)could have different eligibility criteria for intermediaries,allowing a broader range of private entities(e.g.,pharmacies,grocery stores)and public entities(e.g.,libraries,post offices)to provide these functionalities.In turn,this could help increase financial inclusion and equity,could bring more relevant expertise to bear on providing specific intermediary functionalities,and may promote more innovation in payments technology.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 13 requirements(e.g.,who conducts transaction-level remediation when there isnt an intermediate party facilitating transactions?).Finally,this design choice intersects with transaction signing,since multiple-signature transactions may make more sense for an intermediated transport layer.Design choice benefits and drawbacks are described below:Less intermediated:Could improve the privacy of sensitive financial data:A key feature of enabling P2P transactions is that it could mimic the cash-like experience in terms of anonymity and functionality.10 P2P transactions may not need to be known or recorded by an intermediary,which may increase the CBDC systems capacity to protect the privacy of sensitive data.The privacy benefits would depend on the specific way the P2P system is set up;for example,if P2P transactions are recorded on a public ledger,then it may be easier to identify and track users than via a well-constructed intermediated system that does not record on a public ledger.Could hamper compliance with AML/CFT requirements:Pure P2P transactions can be designed either where tokens are bearer assets,11 or where there is account creation.A P2P design with a bearer-asset type token could enable transactions without any intermediary and therefore complicate,and potentially circumvent,AML/CFT obligations even where registration and reporting obligations apply.12 Alternatively,should transactions be recorded on a public ledger,investigators may be able to use analytics tools to trace transactions.Could affect the improvement of payment systems:A P2P system may have more limited intermediary13 costs and fees(which would likely be passed on to participants),possibly making it easier to achieve more cost-efficient financial product and services.P2P transactions can also process small-amount retail transactions quickly and cheaply,freeing capacity for an intermediated layer to handle larger transactions.However,a less intermediated system may displace traditional financial intermediaries and their business models,which may have ripple effects some potentially negative throughout the American financial system.More intermediated:May provide traditional financial and digital protections:CBDC intermediaries such as financial institutions or new businesses created for processing CBDC transactions14 could help provide key requirements or benefits for a CBDC system,such as facilitating 10 This could also help with CBDC adoption,and thus,financial inclusion.See,e.g.,How America Banks:Household Use of Banking and Financial Services,2019 FDIC Survey.(Oct.2020).Federal Deposit Insurance Corporation,which notes that one of the top reasons cited by unbanked households for not having a bank account is a concern about privacy.11 Here,“bearer asset”refers to an asset where its value is derived from its own digital representation.12 In the current U.S.framework,Bank Secrecy Act(BSA)obligations are placed on financial intermediaries.13 Even if the CBDC system supports P2P transactions,the complexity needed to facilitate P2P transactions could lead consumers to seek out intermediaries,similar to what has happened in the present crypto-asset ecosystem.14 The Bank of England describes a potential industry of“Payment Interface Providers”(PIPs)for processing the commercial and retail sectors CBDC transactions.See Central Bank Digital Currency:Opportunities,challenges and design.(Mar.2020).Bank of England.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 14 remediation,implementing AML/CFT controls,performing customer service functions,abiding by privacy regulations,and facilitating cross-border exchanges of currencies.15 Could provide additional benefits and mitigate risks for consumers,investors,and businesses:An intermediated system could also promote payments innovation by creating incentives for intermediaries to provide new services that build on top of the CBDC system,thus promoting the improvement of payment systems.For example,intermediated exchange can facilitate additional cybersecurity safeguards to protect CBDC system assets.Enlisting intermediaries existing expertise on this topic would likely benefit the servicing of CBDC system core activities.Furthermore,intermediaries may be better able to bear certain types of transaction risk,because laws and regulations require them to be better capitalized.Could advance financial inclusion and equity:This approach could allow for non-traditional,more accessible entities to fulfill various roles in the CBDC system,which could help expand access to the CBDC system.For example,there are a variety of intermediaries that have identity verification infrastructure,which could help play a role in increasing the accessibility of the CBDC.16 It is also possible,however,that intermediaries could negatively affect financial inclusion(e.g.,with high fees for CBDC-related services,by not providing equitable access to consumers),as has sometimes happened in the corresponding banking context.May reduce security of CBDC system:Intermediaries can be attractive targets for attacks.In an intermediated system,the security of the CBDC system as a whole could be harmed by the compromise of intermediaries with inadequate cybersecurity practices.A CBDC system may also permit people to provision their own intermediary.17 For example,while most people use intermediary services for email provision,it is possible to set up and host ones own email service.If the permissioning of intermediaries was flexible enough to include individuals,then that may reduce some of the downsides of intermediation by introducing more competition.18 Additionally,a CBDC system could also make it easy to switch accounts between intermediaries,similar to how mobile phone users can switch between carriers while still keeping their phone numbers.Aside from intermediation of individual payments,there is also a question of intermediation with the CBDC system itself.A CBDC system could allow retail users(e.g.,consumers,businesses)access to CBDC directly from the CBDC system operator,via layers of intermediaries,19 as a 15 For example,the Monetary Authority of Singapore(MAS)and the Bank of Canada(BOC)explored an intermediated,blockchain-based multi-currency payment system that could facilitate international exchange of currencies.See Jasper-Ubin Design Paper:Enabling Cross-Border High Value Transfer Using Distributed Ledger Technologies.(2019).Bank of Canada and Monetary Authority of Singapore.16 Note that a less intermediated system could be similarly accessible and be marketed by similar entities.17 Self-provisioning would not necessarily sidestep obligations under U.S.laws and regulations.Without a third party,these obligations potentially shift to the user designing,implementing,and/or operating as an intermediary.A full consideration of regulatory treatment of such self-provisioned intermediaries is outside the scope of this paper.18 A CBDC system could either be managed by a set of trusted entities(permissioned)or by a network of system participants(permissionless),or some combination of the two.Here,permissioning refers to the act of designating an intermediary as a trusted entity.19 If this design choice is implemented,a key question concerns the number of layers of intermediaries.In a model where there is only one layer of intermediaries,banking institutions might interface with retail and wholesale TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 15 liability of intermediaries,or not at all.Much has been written about this distinction,often framed as a difference between“retail CBDC”and“wholesale CBDC,”in other fora.20 Interoperability:Less vs.More Technical Interoperability with Other Payment Systems Can CBDC be widely transferred such that private and public payment systems can be interlinked(including international CBDCs)so as not to fragment the payment system?What kind of interfaces should be built to interface with other payment systems?Interoperability refers to whether and how a CBDC system can communicate,execute transactions,or transfer data with other payment systems(e.g.,fiat systems,international payment systems,other CBDC systems,or other digital assets systems,such as stablecoins)while users may have limited knowledge of the unique characteristics(e.g.,data structures)of other payment systems.21 Here,interoperability is not the same as integration,as the former refers to systems that can talk to each other,while the latter refers to more direct access to other systems.A CBDC system could be designed to prevent interoperation with other systems or it could be designed to allow for interoperation where appropriate.With less technical interoperability,it could be harder for a CBDC system to communicate,execute transactions,or transfer data with other payment systems.Alternatively,a CBDC system could have more technical interoperability with other payment systems,having the opposite effect.Design choice benefits and drawbacks are described below:Less interoperability:May provide consumers with better financial protection:By reducing interdependence with systems that increase or introduce new risks of cybersecurity and operational incidents,the CBDC system might better protect consumers from spillover effects of issues with other payment systems.Less interoperability can also protect against counterparty risk.There are also non-technical ways to protect consumers that are also relevant here.For example,a certain degree of centralization is beneficial to ensuring consumers can more easily exercise the financial protections they are accustomed to with the transfer of U.S.dollars,such as protections afforded by Regulation E.Additionally,if a U.S.CBDC system were connected with a foreign CBDC system that required different standards for a range of issues,such as privacy,U.S.consumers could lose protections.May provide a more secure CBDC system:A less technically interoperable CBDC system could provide better resilience during a wide-scale cyberattack.Interoperability customers,as well as the CBDC system operator.In a model with more than one layer of intermediaries between the CBDC system operator and end users,different banking institutions may interact with different types of users;in this model,smaller banking institutions could interact with retail and potentially wholesale customers,and larger banking institutions could perform other activities necessary for the operating of the CBDC system.20 See,e.g.,Auer,R.and Bhme.R.(2020).The technology of retail central bank digital currency.BIS Quarterly Review,March,89.21 This definition of interoperability is derived from the International Organization for Standardization(ISO)definition of interoperability.See ISO/IEC 19763-1:2015(en).TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 16 could expand the attack surface,even if the CBDC is not directly integrated with other payment systems.May provide a more functional CBDC system:Interoperability has a number of challenges that make it relatively challenging to implement with full functionality.For example,in the international context,governance and standards alignment can provide a key roadblock to more interoperability.A less technically interoperable CBDC system may not have to deal with as many obstacles to achieve high functionality as expected.More interoperability:May improve payment systems:A CBDC system designed to be technically interoperable with foreign payment systems including CBDCs could enable cross-border funds transfers and payments that are cheaper and faster.Envisioned international,private sector,and non-government organization CBDC system interlinkages have explored asset swaps through a trusted intermediary,interconnected CBDC ledgers,and holding multiple currencies within a single ledger.These interconnections could be difficult to manage,expand the attack surface,and likely require intermediaries to manage the associated risks.May benefit financial inclusion and equity:With easy interoperability with traditional stores of value,a CBDC system may receive increased uptake from communities and businesses that make limited use of the traditional financial system.Interoperability could also make cross-border payments,such as remittances,cheaper,quicker,more accessible,and more transparent.The possibility of some interconnection would depend on the type of ledger and transaction structure.Interconnections could also depend on intermediaries or P2P options in the transport layer.Decisions regarding interoperability should also consider if and how CBDC can be converted to non-CBDC currency on the spot,such as at a point of sale.This may be an important functionality to enable in order to mitigate certain risks,such as the challenge that holding limits might pose for businesses that hold or exchange large volumes of CBDC at a time.A potential solution to this risk might be to enable quick routing of CBDC to a commercial bank deposit account with ease.Governance Permissioning:Permissioned vs.Permissionless Is the system permissioned(and if so,how)or permissionless?A CBDC system could either be managed by a set of trusted entities(permissioned)or by a network of system participants(permissionless),or some combination of the two.22 This design choice does not assume the use of distributed ledger technology,but rather focuses on the governance structure of the system regardless of the technology used.22 For example,a CBDC system might allow permissionless management for most actions,but require heightened permissions for some actions.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 17 In environments without trusted entities,permissionless systems often trade efficiency or other design features to potentially permit transactions to settle without established counterparty trust relationships or trusted third parties.By contrast,we assume that a U.S.CBDC system will rely on one or more trusted entities,such as the Federal Reserve.Design choice benefits and drawbacks are described below:Permissioned:Often better protects privacy of sensitive financial data:While permissionless systems often build trust and consensus using public ledgers,permissioned systems generally do not require a public ledger.This means that transaction history is generally only viewable by a small number of trusted entities,such as the Federal Reserve,and kept private with respect to others.23 Helps mitigate risks for consumers,investors,and businesses:Permissioned systems can simplify transaction remediation,making it easier to protect consumers,investors,and businesses.They could also make it easier to prohibit migrating CBDC to non-compliant trading venues or other organizations engaged in misconduct or fraud,which can also help protect consumers,investors,and businesses.Permissionless:May have implications for the security of the CBDC system,and thus have effects on the resilience of the financial system:A CBDC system needs to be highly resilient to vulnerabilities(e.g.,insider threats,malicious actors,liquidity risks).A permissionless system invites additional types of malicious behavior,so many other permissionless payment systems have incorporated additional cybersecurity considerations into their design.That design philosophy may make the system more likely to stay operational if several entities go offline or malfunction at any point.It may also mitigate attacks related to trust in one or more trusted entities.However,in practice,vulnerabilities introduced by permissionless systems(e.g.,51%attacks,ambiguity from code forks in the case of a distributed ledger)24 may offset the purported resiliency benefits from permissionless systems.25 May not be sustainable or support economic activity:One of the best-known methods to maintain synchronicity between distributed ledgers the proof-of-work consensus mechanism uses a significant amount of energy.26 Although a permissionless CBDC system would not be required to use proof-of-work,if a U.S.CBDC system did choose to use such a method to synchronize a ledger of transactions,it may not align with the policy objective that a CBDC system should be environmentally sustainable.23 This is true for P2P transactions too.A permissioned CBDC system could be designed to permit accessing after-the-fact transaction-level details of P2P transactions,in accordance with appropriate legal protections.24 For explanations of these terms and a greater discussion of cybersecurity vulnerabilities,see,e.g.,Hasanova,H.,Baek,U.J.,Shin,M.G.,Cho,K.,&Kim,M.S.(2019).A survey on blockchain cybersecurity vulnerabilities and possible countermeasures.International Journal of Network Management,29(2),e2060.25 For a more extensive discussion of vulnerabilities,see researched cited in DARPA-Funded Study Provides Insights into Blockchain Vulnerabilities.(Jun.2022).Defense Advanced Research Projects Agency.26 See Climate and Energy Implications of Crypto-Assets in the United States.(Sep.2022).Office of Science and Technology Policy.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 18 Access Tiering:Tiering by User Account vs.Transaction Amount vs.Counterparty vs.None Are there differences in how transactions or accounts are treated?If so,how are the tiers of accounts or transactions determined(e.g.,user account,transaction amount)and for what purposes?Access tiering refers to the various features that a CBDC system offers that vary based on the attributes of a given transaction.Transactions could be tiered for a variety of purposes,such as privacy,security,financial inclusion,and promoting a risk-based approach to AML/CFT compliance.For example,a CBDC system could provide“lower”tier(s)where users who provided less identity verification information are subject to transaction limits,while providing“higher”tier(s)whereby users who opened an account and are subject to robust customer due diligence standards could transact without limitations.The tier used for a transaction could be based on the user accounts(e.g.,level of customer due diligence)involved in the transaction,the amount being transacted,counterparties involved,or other criteria(e.g.,characteristics of an intermediary).Transactions between two less risky accounts(e.g.,two personal accounts with small balances)could be facilitated on a lower tier.Transactions below a certain amount(e.g.,$3,000,$10,000,or some other dollar amount)could also be facilitated on a lower tier.27 Transactions could be tiered based on counterparties(e.g.,business-to-business payments could be one tier,business-to-consumer and consumer-to-business payments could be another tier,and consumer-to-consumer payments could be yet another tier).Hybrid options are also possible;for example,switching to a higher tier once the total amount transacted between two accounts exceeds a certain amount.Transactions could also not be tiered.A tiered system has implications for the data design choices;a tiered system requires the ability to record different amounts of permanent and temporary history for different tiers.Access tiering might also be linked to offline transactions,where a lower tier may facilitate offline transactions and a higher tier may require online capabilities.Access tiering is linked to the transport layer,where a CBDC system could support P2P transactions for lower tiers but require intermediaries to facilitate higher tiers(though intermediaries could have the choice to only support certain tiers).Governance,along with whether the tiering needs to be universally adopted within the CBDC system,would also need to be addressed.Finally,access tiering may be linked to identity privacy,with lower tiers facilitating a higher level of privacy in transactions than higher tiers.This report does not address specific tiering thresholds or which entity in a CBDC system would be responsible for setting them.Design choice benefits and drawbacks are described below:27 Canada and Sweden are considering tiering systems based on the value of the transaction.See Central Bank Digital Currency(CBDC):Retail Considerations.(2021).Bank of Canada,13.Note that the specific dollar amount does not have to be taken from existing precedent in other types of financial transactions;a new threshold could be set for the CBDC systems access tiers,based on the unique AML/CFT risk profile of the CBDC system.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 19 Tiering based on user account:Has implications for privacy and AML/CFT compliance:Tiering based on user accounts,depending on how customer information is collected and stored,would promote a risk-based approach rather than solely the amount being transacted.28 Has implications for financial inclusion and equity:Tiering based on actors could raise equity questions based on the types of criteria used to determine a customer risk profile.29 For example,such a system might subject immigrants to enhanced due diligence,if they engage in more cross-border transactions to send money home.Alternatively,by allowing for simplified customer due diligence on lower tiers,financial inclusion might be increased by giving access to individuals who may have previously had problems getting access to an intermediary.Tiering based on transaction amount:30 Has implications for privacy:Tiering based on transaction amount allows for users to conduct lower-value transactions while not meeting other requirements to transact on a higher tier(e.g.,providing more identity verification information).Has implications for AML/CFT compliance:Tiering based on amount would provide a unified way to assess risk,but given that some types of illicit finance transactions(e.g.,terrorist financing)could regularly involve lower transaction amounts,this approach might create new vulnerabilities and might be difficult to implement.Tiering based on counterparty:Has implications for AML/CFT compliance:Tiering based on counterparty makes it possible to better assess the nature of a transaction,rather than just the amount or accounts involved.This information can then be used as part of a risk-based approach to due diligence.None:Has implications for AML/CFT compliance:A lack of tiering means that intermediaries would likely develop and implement their own risk-based compliance programs and incorporate simplified or enhanced due diligence in line with customer risk profiles.Easier to make functional:A lack of tiering means that only one transaction method must be developed,which then applies to all transactions.Hybrid approaches are also possible.For example,if a form of self-custodied wallets were to be adopted,they could be limited to the lower tier with temporal restrictions on cumulative transfer amounts.It may be ideal to include these access tiers directly in the CBDC systems protocol,rather than allowing them to be easily adjusted through programmable functionality.This could help increase consumer trust that the CBDC systems rules will not be changed haphazardly,and 28 The regulatory ramifications and scaffolding necessary for this approach are beyond the scope of this report.29 These equity concerns may be exacerbated when automated systems are used to make determinations about customer risk profiles.30 This could also be done as an amount over time.The tier could capture information about the sender and amount,but not retain information about the recipient.This might be facilitated more easily with zero-knowledge proofs.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 20 this could also help protect the CBDC system from being abused during periods of high political volatility.Identity Privacy:Known to Central Bank vs.Intermediary vs.No One What aspects of identity are kept private/confidential,from whom,and under what circumstances?Identity privacy concerns the extent to which individuals can keep various attributes related to their identity confidential from different parties,such as the central bank and intermediaries.Identity-related information within transactions such as payment addresses could be known to the central bank,intermediaries,or no one.Identity privacy is linked to access tiering,as identity privacy could vary between higher and lower tiers,allowing lower tiers to facilitate transactions while keeping more attributes confidential from specific actors.This design choice applies for each piece of sensitive identity-related information.Hence,for each piece of sensitive identity-related information,the following design choice benefits and drawbacks should be considered:Collected by central bank:May harm human rights and democratic values:Identity-related information known to the central bank for all or most transactions would represent a significant expansion of the central banks access to customer information,which would raise significant privacy concerns.This centralized data must therefore not only have extensive cybersecurity protections,but also significant legal protections;for instance,it could be designed to be either legally or technologically(via use of encryption keys)challenging to view this data without judicial approval and oversight.Even if policies exist to prevent this harm at this time(e.g.,law enforcement needing to seek a subpoena to get identity-related information from intermediaries),enabling this capacity could allow a future Administration to use the CBDC system to surveil the population in close detail,and cybersecurity compromise may still occur.Has implications for privacy and AML/CFT compliance:If“collected by central bank”was the design choice chosen for many pieces of sensitive identity-related information,it may place responsibility for AML/CFT compliance on the central bank,greatly increasing its responsibility.This would raise novel concerns about the central bank being subject to supervision for their compliance.This approach may provide users less privacy from the central bank and entities able to get information from it compared to the current system,but if combined with other design choices(e.g.,access tiering),it may be possible to protect sensitive financial data from disclosure to most parties.If“collected by central bank”was the design choice chosen for many pieces of sensitive identity-related information,it may place a large burden on the central bank for AML/CFT Compliance;this may also raise novel concerns,since the central bank may need to be subject to supervision for compliance.May not help expand equitable access to the financial system:Consumer discomfort with central bank collection of identity-related information could discourage adoption and use TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 21 of the CBDC system,which may limit the potential for a CBDC system to expand equitable access to the financial system.Outside of the context of consumer use and adoption,decreased domestic and global use of the U.S.CBDC system may harm U.S.leadership in the global financial system and the global role of the dollar,and may also harm economic growth.May introduce new risks:This approach would be a significant departure from current models in the financial system and may introduce unforeseen risks.Collected by intermediaries:Has implications for privacy and AML/CFT compliance:This approach is more similar to the current AML/CFT regulatory framework,where key reporting and recordkeeping obligations are generally imposed upon intermediaries,providing consistency with that approach.This approach has some key advantages,including many that are inverses of the drawbacks noted above.While this system may limit the amount of new risk introduced,it would also implicitly endorse an imperfect status quo.31 No one:Has implications for privacy and AML/CFT compliance:Keeping some pieces of identity-related information anonymous from the central bank and intermediaries could help enable cash-like privacy for those pieces of information.This may not be possible or sensible for some pieces of sensitive identity-related information.Given that a CBDC is not subject to the same physical limitations as cash,such an approach might make it harder to identify,trace,and disrupt money laundering and the financing of terrorism and for relevant financial institutions to comply with existing AML/CFT obligations.If“no one”was the design choice chosen for many pieces of sensitive identity-related information,it may functionally provide some level of anonymity,which may complicate intermediaries compliance with AML/CFT obligations and may be out of line with global AML/CFT standards.32 A key question is what kind of information would be considered“identity-related information”for the purpose of this design choice.This design choice should be considered for all key pieces of identity-related information,and it is probably better for privacy and civil and human rights purposes for some pieces of information to be collected by intermediaries rather than the central bank.Additionally,not all intermediaries are the same,and criteria may need to be established to determine which types of intermediaries are allowed to collect which types of identity-related information.Pseudonymous payment addresses may provide a privacy-enhancing feature,but they must be designed carefully so as not to be trivially linked back to individuals based on other information(e.g.,transaction history).For example,it may be possible for intermediaries to hold or rotate pseudonymous keys on behalf of individuals such that external parties may not view or use them 31 The United Nations Office on Drugs and Crime estimates that 2-5%of the global Gross Domestic Product is laundered every year,with the International Monetary Fund estimating that$1.6-4 trillion is laundered annually.See,Miller,R.(Apr.2022).Overview of Correspondent Banking and“De-Risking”Issues.Congressional Research Service,1.32 Whether this approach is legally possible in the context of current regulation and other obligations is outside of the scope of this report.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 22 without sufficient authority.However,in general,vulnerabilities in pseudonymous methods could allow for deanonymization,and sufficiently motivated parties can often render pseudonymity ineffective.Still,for certain threat models,pseudonymity may provide a layer of privacy.If identity-related information is known to some party,some entities likely need to verify the identity of an individual seeking to transact CBDC.33 This could be done by intermediaries,establishing their own procedures and systems to verify identity,in line with regulatory obligations.Crucially,it is worth noting that any privacy scheme will likely have some vulnerabilities,so even the“more private”choices will still not guarantee privacy.It is important to take a systems-level view of privacy,and not consider a system“private”just because information is being collected by intermediaries and not the central bank.Following best practices on privacy engineering such as minimizing the amount of extraneous data collected in the first place will likely be vital to minimizing the risk of unauthorized disclosures.Privacy-enhancing technologies could play a key role here,helping to ensure that privacy and AML/CFT objectives can be advanced in tandem.34 Remediation:On-ledger vs.Off-ledger Does remediation(e.g.,chargebacks,liens)get facilitated through core CBDC system functionality,or is it mandated through external governance processes?Who authorizes these actions,and what transparency is provided?Remediation refers to the ability to fix mistakes made with the CBDC system,such as transactions that occurred accidentally or fraudulently.We assume a CBDC system will be required to facilitate remediation,so that persons or entities can conduct activities such as recovering accounts,voiding transactions,ordering restitution,and conducting recovery and resolution activities.These functionalities could be primarily provided on-ledger,such that affordances for remediation are built into the CBDC systems protocol(e.g.,transactions can be reversed until settlement is final,the central bank conducts remediation).Alternatively,these functionalities could be primarily provided off-ledger,so that remediation can be retroactively ordered(e.g.,intermediaries settling disputes and conducting chargebacks equivalent to the incorrectly-transacted amount,courts mandating intermediaries to close accounts,etc.)and reflected by new offsetting transactions.For example,if Alice mistakenly pays Bob$100,an on-ledger remediation approach could simply void that transaction,leaving Alice and Bob the way they were before the transaction.Off-ledger remediation in this example would mean allowing the$100 transaction from Alice to Bob to settle but then,based on that off-ledger action,create a new transaction that pays$100 from Bob to Alice,again attempting to leave Alice and Bob where they were before the original transaction.33 If access tiering is used,this may only need to apply to individuals seeking to transact on higher tiers.34 The governments of the United States and the United Kingdom launched a set of innovation prize challenges in privacy-enhancing technologies to tackle financial crime,working with synthetic global transaction data created by SWIFT,the global provider of secure financial messaging services.See U.S.and U.K.Launch Innovation Prize Challenges in Privacy-Enhancing Technologies to Tackle Financial Crime and Public Health Emergencies.(Jul.2022).Office of Science and Technology Policy.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 23 The key questions here are who has the ability to authorize these actions,and what technical features would enable them to conduct these actions.Remediation would likely be easiest to implement in a permissioned and centralized CBDC system with intermediaries that have visibility onto a ledger and the ability to submit transactions.In this case,the primary challenge will likely lie in establishing the governance mechanism to determine the conditions that allow for remediation.Some of these procedures and principles can likely be drawn from an existing body of property,payment,contract,and banking law that spells out rules for settlement,finality,and liability.Additionally,remediation is also linked to offline transactions;if intermediaries are facilitating remediation in general,then P2P offline transactions may pose additional challenges.Finally,this also relates to access tiering,as higher tiers may want to use more of an on-ledger approach,in order to increase scrutiny for higher risk transactions.Design choice benefits and drawbacks are described below:On-ledger:Provides additional financial protections:Embedding remediation into the CBDC systems core architecture could provide additional guarantees for the ability to conduct remediation.For example,transactions could take a certain amount of time35 to settle with finality,during which period parties may have the ability to seek remediation.While this approach would render some CBDC unusable for a period of time and may be a disincentive toward using the CBDC system,it would also ensure that the CBDC is not fully transferred until the validity of the transaction is verified.May harm the improvement of payment systems:Building remediation directly into the CBDC systems protocol would be challenging,as the central bank is not set up to conduct remediation in the same way private payment services can(e.g.,chargebacks via a credit card company).This would raise governance concerns.Off-ledger:May improve payment systems by making the CBDC system faster to settle:Providing remediation as a new offsetting transaction after the initial transaction has settled would likely allow for more speed for transaction settlement,as transactions could be made“final”more quickly.May have implications for advancing financial inclusion and equity:More off-ledger remediation would likely allow transfers to settle faster,meaning that Americans waiting for a payment would have access to that capital more quickly.This is particularly important for Americans living paycheck to paycheck,who may also be more vulnerable to predatory lending(e.g.,payday loans).On the other hand,if intermediaries are tasked with facilitating remediation,then offline transactions without intermediaries would pose additional challenges for remediation.35 It may be possible to design a CBDC system where this amount of time could be specified per transaction.For example,a CBDC system might enable Alice to send money to her trusted friend Bob with no wait time,but if Alice wants to send money to untrusted merchant Charlie,then she could set a wait time of 3 days.This system would still support instant settlement,which is described as a core attribute of a CBDC system in The Future of Money and Payments.(Sep.2022).Department of the Treasury.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 24 Security Cryptography:Public-Key Cryptography vs.PKC with Zero-Knowledge Proofs vs.Other What cryptographic techniques are used and for what purposes?How would quantum computers affect public-key cryptography systems and how would the system change post-quantum?How can the system be protected against abuses such as fraud and money laundering?Cryptographic design choices are based upon the computationally intractable problems that invert and enable the secure storage,transmission,and usage of the information needed to operate a CBDC system.A CBDC system could use public-key cryptography(PKC),in which users have a public key that represents a payment address to receive funds,and a private key that can authorize future payments to spend once funds are received,using digital signatures.A CBDC system could also use a PKC approach with zero-knowledge proofs(ZKPs)to help facilitate secrecy,where users send proof of knowledge and validity of particular data(e.g.,transaction details such as recipients and amount),rather than sending the data.There are several other cryptographic methods(e.g.,secure multiparty computation,private set intersection,homomorphic encryption)that could also enhance the security of the CBDC system,and these methods should also be considered if developing a CBDC system.Cryptography design choices are vital to security as quantum computing becomes feasible at scale,as discussed below.The cryptography scheme chosen would also impact how privacy,fungibility,and programmability are designed as well.Design choice benefits and drawbacks are described below:PKC:Likely to be more efficient:PKC is an extensively tested and used cryptographic method,and there is familiarity with this approach among developers.It would be relatively easy to roll out a CBDC system with a functional and efficient PKC-based system using longstanding and well-tested code libraries,which would advance the policy objective of improving payment systems.As quantum-resistant cryptography protocols(discussed below)are standardized,libraries are tested and deployed,and adoption across government and industry become the norm,they can be integrated into the CBDC system.PKC with ZKPs:Provides increased privacy for sensitive financial data:ZKPs can be used to provide enhanced privacy safeguards by verifying if attributes of a transaction are valid without revealing anything about the underlying data itself.By not needing to share this underlying data during transactions,it is generally easier to keep that data private.May introduce complexities for AML/CFT compliance:ZKPs may prevent discoverability information and the enforcement of AML/CFT regulations in general,unless combined with a scheme to facilitate compliance.This may increase the complexity of enforcing AML/CFT regulations.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 25 Likely more secure:ZKPs limit the amount of potentially-revealing information sent across networks,reducing potential security vulnerabilities.The use of ZKPs may advance the policy priority of improving payment systems.Furthermore,some ZKP approaches are quantum resistant while others are not,and choosing an approach will depend on the standardization process.Possibly not as sustainable:Executing ZKPs requires more computation than PKC by itself,especially in order to operate approaches that remain viable when cryptanalytically relevant quantum computers are developed.There are methods to improve the performance of ZKPs,so there may be reasonable mitigations of this concern.If this approach is chosen,it will be important that the hardware that generates ZKPs is sufficiently decentralized or protected(including from distributed denial-of-service attacks)in order to not invite targeted attacks.The security of PKC is based on the inefficacy of certain computations using known algorithms;however,quantum computers are theoretically able to perform some of these computations quickly.Thus,many PKC protocols will be insecure when quantum computing becomes feasible at scale.The PKC systems that are resistant to attacks from such future“cryptanalytically-relevant quantum computers”are referred to as“quantum-resistant cryptography.”National Security Memorandum 10(NSM-10)36 prioritizes the transition to quantum-resistant cryptography and sets the policy that agencies should only transition to quantum-resistant cryptography once the first set of NIST standards for quantum-resistant cryptography is complete(expected in 2024)and implemented in commercial products.If a CBDC system were to be launched in the near future,a traditional non-quantum-resistant PKC system could be developed,with the concern that older transactions may be vulnerable to tampering from future cryptanalytically-relevant quantum computers.Alternatively,a longer-term strategy would be to develop a CBDC system with a quantum-resistant PKC system after standardization has been completed.Regardless of the cryptographic approach taken,consistent with NSM-10,the CBDC system should maintain“cryptographic agility in that the system should allow for seamless updates for future cryptographic standards.Given this,further research and analysis should be conducted on possible challenges in upgrading any non-quantum-resistant cryptography protocols to quantum-resistant methods at a later date.There is also policy37 concerning the governments ability to retain and manage encrypted records.A relatively complex change in policies and regulations would take significant effort,and should be careful to align with recent Executive Orders and memoranda38 regarding the Federal governments posture toward cybersecurity.36 National Security Memorandum on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems.(2022).The White House.37 See,e.g.,Bulletin 2007-02,Guidance concerning the use of Enterprise Rights Management(ERM)and other encryption-related software on Federal records.(Apr.2007).National Archives and Records Administration.38 See,e.g.,Executive Order 14028:Improving the Nations Cybersecurity.(May 2021).Federal Register;M-22-09:Moving the U.S.Government Toward Zero Trust Cybersecurity Principles.(Jan.2022).Office of Management and Budget.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 26 Secure Hardware:More Hardware-Based vs.More Software-Based Is there support for secure hardware interfaces?Secure hardware refers to computing equipment(i.e.,hardware)that is designed to protect data and computation,especially from other processes running on that equipment.A CBDC system could base a large part of its security model on secure hardware-based approaches.This could include the use of a separate module(i.e.,physically separated from other hardware)that isolates specific data and/or computations.This could also include the use of a trusted execution environment,where there are limitations placed on the code that can be executed on the equipment.Such a system could connect to a users smartphone,could be made as a specialized part of the users cellphone,or could function as a standalone device.A CBDC system could also run with limited or no secure hardware-based approaches,prioritizing software-based approaches to security.Secure hardware is likely to be important for enabling offline transactions,in order to combat fraud and abuse(e.g.,counterfeiting money)when transacting parties are offline.Design choice benefits and drawbacks are described below:More hardware-based:Likely more secure:This approach can better secure cryptographic keys and certify code performance,helping to provide higher levels of security.May promote AML/CFT compliance and limit concerns with privacy of sensitive financial data:Secure hardware could possibly be the place where encrypted transactions take place,and much of the information necessary for compliance with AML/CFT regulations may reside.This can provide additional mechanisms for limiting illicit activity while minimizing risks to the privacy of individuals,but would put additional pressure on the security of that hardware.May harm the expansion of equitable access to the financial system:Consumers may need to purchase a piece of hardware that would enable them to participate in the network,which would create a barrier to equitable access to the financial system.However,if there was widespread access to secure hardware-based approaches(e.g.,if most cellphones had the appropriate capability),then secure hardware could possibly execute trusted code that ensures CBDC cannot be double-spent even without access to a network;this would help facilitate offline transactions,which may expand equitable access to the financial system.Introduces new risks to security and sensitive financial data:Secure hardware also sometimes still shares hardware with other parts of the system,allowing for data to leak onto insecure hardware.Without adequate protections,secure hardware may also be manipulated by those with physical access to the system.This could be counter to the policy objectives of having a secure CBDC system and keeping sensitive financial data private.Exacerbates systemic risk:It is vital that secure hardware can be trusted to be secure,and appropriate protections can be incorporated.However,secure hardware is only developed by a few key players,and there would be large incentives for those throughout the supply TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 27 chain(including end users)to exploit the system,as the reward could potentially be the ability to mint unlimited CBDC.This would also add another potential vulnerability for the CBDC system by increasing reliance on supply chain security beyond security through software only(which also has risks for supply chain attacks).More software-based:Likely provides more flexibility:Software-based approaches to wallets or other cryptographic primitives allow a variety of platforms and languages to adopt implementations which can improve security,and interoperability of a protocol.Supports expansion of equitable access to the financial system:By providing lower barriers to entry for consumers who do not need secure hardware,it may encourage adoption from consumers not having to acquire hardware-based technologies.If secure hardware is part of a CBDC system design,it should be layered on top of other security measures,and not be used as a standalone guarantor of CBDC system integrity.Transactions Signatures:No-signature vs.Single-signature vs.Multi-signature Signing Do transactions use digital signatures,and if so,are transactions single-signed or multiple-signed?How do you protect threshold keys/signatures?What does signing confer to the transaction?What signing algorithm is the right one?A CBDC system could require zero,one,or multiple digital signatures to execute a valid transaction.The CBDC system could use a no-signature approach,where transactions are not signed with any verification of identity;this would rely on a custodian to provide a user account and facilitate access to funds.The CBDC system could use a single-signature approach,where only the payer is needed to authorize the transaction.In this process,a single individualtypically the payer in possession of a private key to a digital walletcan execute a transfer of funds to another wallet.The CBDC system could also use a multi-signature approach,where multiple signatures are needed in order to execute the transaction.In this approach,multiple private keys possibly held by separate actors39 must be used in a transaction before the CBDC is transferred.These options are not mutually exclusive;all three could be supported by the CBDC system in different circumstances.In a multi-signature approach,there will also be additional design choices concerning who holds the appropriate keys,and whether a threshold approach is to be adopted(i.e.,requiring some subset of possible signatures to be given,rather than requiring all of them).This design choice could be linked to access tiering,where higher tiers use multiple-signature or single-signature approaches,and lower tiers use single-signature or no-signature approaches.This design choice is closely linked to the cryptography and quantum-proofing design choices.This design choice is also linked to transaction privacy;for example,if the recipient is not one of 39 The transaction recipient may want to hold one of these keys.Should a CBDC system grow to interoperate with digital assets from many sources,unsolicited assets might be sent to accounts.This could introduce off-ledger attack vectors(e.g.,compromised privacy,phishing).TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 28 the signers of a transaction,a bad actor might try to send unsolicited assets to a target in order to glean information about them.Design choice benefits and drawbacks are described below:No-signature:Likely less secure than other options:If transactions do not require any direct authentication by the owner,there would be fewer safeguards to prevent the unauthorized transfer of CBDC.May limit improvements to payment systems:This approach may make it harder to introduce transaction programmability into the CBDC system,as signatures are a method to provide proof of ownership.Single-signature:Possibly less secure than multiple-signature approach:This would be more secure than no-signature.However,because transactions only require one private key,there is a single point of failure.If a less intermediated transport layer is used,or if a private key is lost or stolen,that could lead to the loss of CBDC held in the associated wallet;similar to cash,once the asset has been lost or stolen,regaining possession can be difficult.This may not be as much of a problem with a multi-signature threshold approach,because that approach allows for“backup”keys to exist if some keys are lost or stolen.Fraud detection and prevention measures may also mitigate some of these problems.Possibly more functional and efficient:This approach is likely simple to understand and implement.Single-signature(and its analogs)are the default in the retail commerce environment(e.g.,credit and debit card transactions,transferring money from individual bank accounts)and among many private sector-administered digital assets.Multiple-signature:Likely more secure than other options:Multi-signature offers security enhancements over single-signature.In P2P transactions,the payer might hold two private keys on different devices that are needed to execute the transaction,providing additional security(similar to two-factor authentication).A threshold approach allows for,say,two of three possible signatures to be present;for example,the payer and the intermediary can each hold a key,and a third key is stored with a trusted third party in case either of the other keys is compromised.This could advance the policy objective of improving payment systems.Possibly less functional and efficient:Multi-signature requires more steps to complete a transaction,possibly adding roadblocks to easy use of CBDC.For example,if multi-signature is used for low-value transactions,the safety features may not outweigh the poorer customer experience(e.g.,requiring two-factor authentication at every point-of-sale).Multi-signature would also require more effort to implement than single-signature.Additionally,more research will have to be done to determine what offline capabilities can be achieved with a multi-signature approach.Possibly better for ensuring appropriate interoperability:Multi-signature can provide a method to enable cross-border,cross-currency exchanges.In this model,one of the required signatures is from an intermediary that holds the transfer in escrow until all TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 29 transfer conditions are met.The multi-signature serves not only as an additional layer of security,but also as a facilitator of the transaction.Transaction Privacy:More Private vs.More Observable Transactions vs.Layering What level of transaction privacy is supported?What aspects of transactions are private,and from whom?Are amounts,destinations,and smart contracts private from the central bank?Can transactions be chained?Transaction privacy concerns which entities are able to access which characteristics of transactions,including data privacy(e.g.,account balances,location of participants,information about goods)and program privacy(e.g.,source code and inputs used for a smart contract transaction).A CBDC system could be more private,limiting access to sensitive data for legal reasons only(e.g.,for compliance with AML/CFT regulations,to competent authorities for AML/CFT regulation and supervision).A CBDC system could be more observable,such as by maintaining a public record of all transactions associated with pseudonyms(e.g.,the way that many private sector-administered digital assets work).A CBDC system could be a hybrid of these options,providing a public record of some characteristics and only allowing limited discoverability of others.A CBDC system could also support a layering approach,where intermediaries capture information about transactions or accounts that meet some established set of concerning characteristics,and that information could be retained for some fixed period of time during which proper legal authorities could petition to review that information in accordance with legal standards.This design choice could be enabled in a variety of ways that intersect with other design choices.For example,if the cryptography design choice includes ZKPs,it may be possible to use ZKPs to facilitate transactions that require fewer entities to view sensitive data.Or,if the CBDC system has access tiering,design choices could be chosen for the lower tiers that provide greater transaction privacy.Additionally,if the CBDC system has intermediaries,these intermediaries could facilitate a layering approach.Design choice benefits and drawbacks are described below:More private:Better protects the privacy of sensitive financial data:This approach would limit the data and program information that is accessible to transacting parties and third parties.It also may increase public trust and financial inclusion in a CBDC system.Might introduce challenges for promoting compliance with AML/CFT requirements:Some methods for enabling transaction privacy(e.g.,some ZKP-based approaches)have limitations in how much information would be saved for future discoverability.If this approach is chosen,thought should be given to how sufficient transaction information could be preserved and remain accessible only for a limited set of verified use cases(e.g.,competent authorities or financial institutions for AML investigations or to comply with AML/CFT obligations).Limitations on data preservation or access could also have implications for existing recordkeeping obligations of relevant financial institutions.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 30 More observable:Promotes AML/CFT compliance:This approach would increase the amount of information readily available for AML/CFT compliance purposes,albeit in pseudonymous form,to competent authorities and could support relevant financial institutions compliance with existing AML/CFT obligations.Competent authorities and relevant financial institutions would still need to be able to access and share,when appropriate,detailed transaction information to facilitate compliance with AML/CFT obligations.Might reduce privacy of sensitive financial data:Even if pseudonymous identities are used for transactions,vulnerabilities in pseudonymous methods could lead to deanonymization in the future.This could potentially reduce public trust and financial inclusion if deanonymization incurs privacy harms to innocent actors.May help support economic activity:Some public information about characteristics of transactions may be useful for understanding consumer preferences and promoting private sector innovation.Layering:Aims to protect privacy of sensitive financial data and promote AML/CFT compliance,via intermediaries:In this approach,transaction information would be mostly unavailable to the general public,while intermediaries or programmatic rules would get access to transaction information necessary to support compliance with AML/CFT obligations,and data would be available to competent authorities.For example,AML/CFT compliance practices could be standardized at the CBDC system level(e.g.,along the rails),which could increase the efficiency and effectiveness of AML/CFT processes,but may place a large burden on the CBDC system operator to be responsible for a large part of AML/CFT compliance.In addition,a one-size-fits-all AML/CFT program may not be aligned with the risk-based approach promoted by international standards.However,if intermediaries play a role in such a process,care would likely be required to ensure that intermediaries do not sell,transfer,or lose this sensitive financial data in a manner that unreasonably breaches privacy.Possibly less secure:Because intermediaries would need to access transaction information,this approach would have an access point that could be compromised,either directly(e.g.,since the information is being captured somewhere)or indirectly(e.g.,unauthorized access to intermediaries databases).Offline Transactions:Online Only vs.Both Online and Offline How can offline capabilities be provided,such that some transactions can occur without connectivity to the broader CBDC system?Would tokens or debit cards tied to the CBDC operate as a tool to permit a higher level of privacy for some transactions?Offline transactions refer to exchanges of CBDC that occur when the exchanging parties can communicate with each other,but they cannot communicate with the transaction processor.One design choice is to forgo offline transactions,instead requiring some form of connectivity in order to complete a transaction of CBDC.Alternatively,offline transactions could be provided,TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 31 for example,by using trusted execution environments for individuals to verify to each other that they have the CBDC they claim to have,and to facilitate the transaction securely.This option is closely linked to the Secure Hardware design choice,as that might provide the guarantees needed to facilitate some transactions offline without the broader CBDC systems features and safeguards.It is also linked to the governance design choices,as there could be future punishments and remediation for offline transactions that were incorrect or malicious.Finally,the data model and fungibility of CBDC would also have an impact on the privacy implications of offline transactions.Design choice benefits and drawbacks are described below:Online only:Could be more secure:An online-only model would not introduce vulnerabilities from offline capabilities,such as flaws in a trusted execution environment that functionally allows individuals to create CBDC out of thin air.However,there are reasons that offline capability could also boost the CBDC systems security,as discussed below.May harm financial inclusion and equity:The requirement to have connectivity to the CBDC system would disproportionately disadvantage underserved communities that lack access to reliable and high-speed Internet.Additionally,the inability to use CBDC like physical cash may not be enticing to communities that have been particularly disenchanted with the traditional banking and financial systems.Both online and offline:Has implications for security and AML/CFT controls:An offline-capable system would be more resilient if the network or intermediaries were rendered dysfunctional at any point.This resiliency would be important during potential attacks or failures,allowing CBDC to be exchanged while the system comes back online.However,if someone breaks the mechanism(e.g.,secure hardware)that ensures CBDC cannot be spent twice,then it could be possible to counterfeit CBDC.In addition,offline transactions could presumably take place without being subject to real-time transaction monitoring or investigative tracing,which could complicate compliance with AML/CFT obligations.Could be more private:An offline system,based on how it is implemented,could offer more cash-like privacy in offline transactions.For example,if transactions are only recorded when they intersect with intermediaries,then CBDC could be exchanged between many hands offline before being re-tracked in the ledger.There is a spectrum of options between fully online-only and fully offline-compatible.Limitations could also be placed on the amounts,frequency,or types of transactions that could occur offline.For example,third-party network transactions have a reporting requirement for transactions exceeding$600.40 Furthermore,cash transactions in trade and business over$10,000 are required to be reported to the Internal Revenue Service(IRS)under current law;an analogous norm in offline CBDC transfers might mean that more than$10,000 cannot be transferred offline.However,P2P cash transactions not considered in the context of trade or business do not have this reporting requirement.40 Instructions for Form 1099-K.(Jan.2022).Internal Revenue Service.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 32 Transaction Programmability:Supported vs.Not Supported Are transaction-level application programming interfaces(APIs)supported?If so,can they be created in a permission-less manner,only by the CBDC authority,or somewhere in between?Who defines the API?Is there a governance process to determine API requirements?Transaction programmability refers to whether,broadly,third-party developers are able to code rules into a CBDC system,such that those rules are executed when the predefined conditions are met.41 This does not refer to the ability to uniquely identify specific CBDC units and place restrictions on their use;for a discussion of that design choice,refer to the fungibility design choice.Transaction programmability can be supported,such that the CBDC system has smart contract programming capabilities that developers can use to develop programs to run on the CBDC system.Alternatively,transaction programmability could not be supported,so that most or all CBDC cannot be programmed to function in more specific ways.Hybrid options are also possible;for example,programmability could be supported for broad use cases(e.g.,regulatory and monetary policy)and execution of some smart contracts could be extended to intermediaries,but direct programming against a ledger could be unsupported.Programmability could also be allowed for applications that use data from the CBDC system without having direct access to CBDC system infrastructure.Trustworthy programmability is highly entangled with the cryptographic primitives that are chosen to enable security and trust.Because programmability can also have tradeoffs with privacy,the design choices about identity privacy and transaction privacy are also closely linked to programmability.The data model chosen is relevant here;for example,an unspent transaction outputs(UTXO)model,as described below,may make it harder to conduct auctions using smart contracts.42 Finally,questions of governance are also important here if transaction programmability is supported on a centralized system,it will likely be important to ensure that the central authority or authorities are verifiably committed to following and executing the rules.Design choice benefits and drawbacks are described below:Transaction programmability supported:Likely supports payments innovation:Allowing entities or developers to build in their own programs could enable new forms of payment technologies,similar to the ecosystem of innovation seen with smart contracts.This may not be fully realized if programmability is only partly supported(e.g.,if the CBDC system is deployed with programmed rules established,but does not support third parties to build in their own programs).May harm the privacy of sensitive financial data:Programmability is often based on verifying that a certain set of conditions is true,which then initiates the execution of the smart contract.In order to verify that set of conditions,the smart contract needs access to 41 Transaction programmability is often implemented through transaction-level APIs.42 Allen,S.,apkun,S.,Eyal,I.,Fanti,G.,Ford,B.A.,Grimmelmann,J.,.&Zhang,F.(Aug.2020).Design choices for central bank digital currency:Policy and technical considerations(No.w27634).National Bureau of Economic Research,51-2.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 33 certain sets of data.This can lead to privacy risks to sensitive financial data,although various privacy-enhancing approaches(e.g.,ZKPs)could help mitigate these risks.May make the CBDC system less secure:In the private sector use of smart contracts,there have been a number of bugs,mistakes,and hacks that have caused smart contracts to behave in unexpected or malicious ways.While this can be partly mitigated via controlled libraries for smart contract programming languages,upgradable code,and code verification,there will likely still remain key security risks with programmable CBDC.May worsen systemic risk:A network of smart contracts and the potentially high interdependency between them could create unexpected feedback loops,where the whole system triggering rules in parallel could collectively create systemic issues for the financial system.May reduce financial protections for consumers:Programmability might introduce challenges for stopping code execution in response to bankruptcy,recovery and resolution,or other court prescribed activities.The smart code execution is driven by standard external inputs and may have additional challenges for adjusting or accommodating“extraordinary”events such as bankruptcy or receivership,which could lead to violations of laws or regulations.Transaction programmability not supported:The benefits and drawbacks of not implementing transaction programmability are the inverse of implementing it.Data Data Model:Unspent Transaction Outputs vs.Account Balances What model is used to maintain records:Unspent Transaction Outputs(UTXOs)or Account Balances?The data model refers to the method of keeping records about ownership of CBDC.The CBDC system could use the UTXO data model,where the transfer of specific CBDC units is tracked(e.g.,like coins being transferred between individuals).Alternatively,the CBDC system could use the Account Balances model,where it tracks the aggregate amounts of CBDC held in different places.The system could also use a hybrid of these approaches.The data model is closely linked to many other design choices,including those involving the transport layer,identity privacy,transaction privacy,and offline capabilities.Design choice benefits and drawbacks are described below:Unspent Transaction Outputs(UTXOs)May enable more privacy for sensitive financial data:It is a bit easier to do privacy-preserving cryptography with this model.Individual UTXOs can be linked to unique keys,so that they are not all easily tied back to one individuals account.Meanwhile,with the Account Balances model,many people will likely use one account for their TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 34 transactions,which means all transactions could be linked back to a single person more easily.Likely easier to expand access for all Americans:As a CBDC system scales,the UTXO data model is likely to make it easier to facilitate more transactions(e.g.,transactions can happen in parallel without needing to sequence them to avoid double-spending).With the Account Balances model,transactions require editing a global state about account balances,and these edits likely have to happen sequentially so that money isnt double-spent;this might provide a challenge to scaling the CBDC system.Account Balances:May support certain types of payments innovation:The Account Balances model could make it easier to reference outside states via oracles or smart contracts.Global account states would make it easier to incorporate transaction programmability.It is harder for a UTXO data model to reference the full global state of the CBDC system,which is likely a key feature for achieving extensive programmability(e.g.,enabling the checking of other users balances).There is also a spectrum of designs between the UTXO and Account Balances data models.For example,some projects have used a hybrid approach that features a“collection of object states”as its data model.Ledger History:None vs.Centralized vs.Distributed Does the CBDC maintain a history of issuances and transactions,and what information is stored(e.g.,value,issuer)and for how long?If a decentralized system is used,do nodes contain all or part of the transaction history(e.g.,full versus light nodes)or partition the storage workload(e.g.,sharding43)?Ledger history refers to the maintenance of a history of issuances and transactions in a CBDC system.A CBDC system could not store ledger history;for example,a system of smart cards(e.g.,mobile phone SIM cards)may not need a ledger.A CBDC system could store ledger history on a more centralized ledger,with the central bank providing the core infrastructure and with trusted intermediaries operating key features(e.g.,adding transactions to the ledger).Alternatively,a CBDC system could store ledger history in a more decentralized manner,with trusted intermediaries or individuals being able to operate their own nodes to facilitate part of the CBDC system.The specific questions about which information is recorded are addressed in previous sections on identity privacy,transaction privacy,remediation,and data.The choices made in those sections are highly relevant here;because different pieces of historical data could be accessed together,the risks to privacy and AML/CFT controls would be shaped by the specific pieces of information being stored.Additionally,remediation will likely be more challenging if a distributed ledger is chosen such that no trusted entities have unilateral write access to the ledger.43 Sharding refers to taking natural subsets of data in a database,often to help improve performance.See,e.g.,Amiri,M.J.,Agrawal,D.,&El Abbadi,A.(Jul.2019).On sharding permissioned blockchains.2019 IEEE International Conference on Blockchain,282-5.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 35 Design choice benefits and drawbacks are described below:None:May improve security and privacy of sensitive financial data:A key way to protect privacy and security is to not capture information.44 By not maintaining a ledger,there would be fewer places where sensitive financial data could be accessed.May introduce risks for consumers,investors,and businesses:It may be impossible to offer all the features and requirements of a central bank asset without any ledger.A lack of a ledger,even one that only temporarily records transactions,could make it harder to resolve critical failures and conduct remediation.May have implications for expanding equitable access to the financial system:A lack of any historical ledger directly tied into the core CBDC system could foster widespread distrust in the CBDC system,especially during its early adoption phase when there may be doubts as to whether the system works properly.Alternatively,because privacy concerns are one of the most-cited reasons for not having a bank account among unbanked households,45 the lack of a ledger may help increase adoption of a CBDC among the unbanked and underbanked.Centralized ledger:Likely more functional and efficient:A centralized ledger would likely be easier to build and operate,especially at the scale needed for a U.S.CBDC system.May have implications for payments innovation and consumer protection:Since a centralized ledger approach is similar to how electronic money transactions are currently tracked,this approach is more familiar and better tested.However,this familiarity may limit full consideration given to incorporating the latest features in areas like encryption and programmability,possibly limiting innovation,but also possibly better protecting consumers,investors,and businesses.Distributed ledger:May be less functional and efficient:Further research would have to be performed to understand if distributed ledgers can support transaction rates and latency likely required by a U.S.CBDC system.This could build on the considerable energy that has been invested into research on additional technologies to enhance underlyin
3人已浏览
2023-03-10 58页
5星级
金生游乐(GDHG)美股IPO上市招股说明书(223页).pdf
2023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm1/223F-1/A 1 ff12023a3_goldenheaven.htm REGISTRATION STATEMENTAs filed with the U.S.Securities and Exchange Commission on March 7,2023.Registration No.333-268166 UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington,D.C.20549_AMENDMENT NO.3TOFORM F-1 REGISTRATION STATEMENT Under The Securities Act of 1933_GOLDEN HEAVEN GROUP HOLDINGS LTD.(Exact name of Registrant as specified in its charter)_Not Applicable(Translation of Registrants name into English)_Cayman Islands 7990 Not Applicable(State or otherjurisdiction of incorporation ororganization)(Primary StandardIndustrial Classification Code Number)(I.R.S.Employer Identification Number)No.8 Banhouhaichuan Rd Xiqin Town,Yanping District Nanping City,Fujian Province,China 353001 Tel: 86 0599 8508022 (Address,including zip code,and telephone number,including area code,ofRegistrants principal executive offices)_Cogency Global Inc.122 East 42nd Street,18th Floor New York,NY 10168 800-221-0102 (Name,address,including zip code,and telephone number,including area code,ofagent for service)_Copies to:Ying Li,Esq.Lisa Forcht,Esq.Hunter Taubman Fischer&Li LLC 950 Third Avenue,19th Floor New York,NY 10022 212-530-2206 Mark Crone,Esq.Liang Shih,Esq.The Crone Law GroupP.C.420 Lexington Ave,Suite 2446New York,NY 10170646-861-7891_Approximate date of commencement of proposed sale to the public:As soon aspracticable after the effective date of this registration statement.If any of the securities being registered on this Form are to be offered on a delayed or continuousbasis pursuant to Rule 415 under the Securities Act of 1933,or the Securities Act,check thefollowing box.If this Form is filed to register additional securities for an offering pursuant toRule 462(b)under the Securities Act,check the following box and list the Securities Actregistration statement number of the earlier effective registration statement for the sameoffering.If this Form is a post-effective amendment filed pursuant to Rule 462(c)under the Securities Act,check the following box and list the Securities Act registration statement number of the earliereffective registration statement for the same offering.If this Form is a post-effective amendment filed pursuant to Rule 462(d)under the Securities Act,check the following box and list the Securities Act registration statement number of the earliereffective registration statement for the same offering.2023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm2/223Indicate by check mark whether the registrant is an emerging growth company as defined in Rule 405of the Securities Act of 1933.Emerging growth company If an emerging growth company that prepares its financial statements in accordance with U.S.GAAP,indicate by check mark if the registrant has elected not to use the extended transition period forcomplying with any new or revised financial accounting standards provided pursuant to Section 7(a)(2)(B)of the Securities Act._ The term“new or revised financial accounting standard”refers to any update issued by theFinancial Accounting Standards Board to its Accounting Standards Codification after April 5,2012.The Registrant hereby amends this registration statement on such date or dates as maybe necessary to delay its effective date until the Registrant shall file a furtheramendment which specifically states that this registration statement shall thereafterbecome effective in accordance with Section 8(a)of the Securities Act,as amended,or until the registration statement shall become effective on such date as theU.S.Securities and Exchange Commission,acting pursuant to said Section 8(a)maydetermine.2023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm3/223Table of ContentsThe information in this preliminary prospectus is not complete and may be changed.These securities may not be sold until the registration statement filed with theUnited States Securities and Exchange Commission is effective.This preliminaryprospectus is not an offer to sell nor does it seek an offer to buy these securitiesin any jurisdiction where the offer or sale is not permitted.Subject to Completion,dated March 7,2023PRELIMINARY PROSPECTUS2,000,000 Ordinary SharesGolden Heaven Group Holdings Ltd.This is an initial public offering of our ordinary shares.We are offering 2,000,000 ordinaryshares,par value US$0.0001 per share.Prior to this offering,there has been no public market forour ordinary shares.We expect the initial public offering price to be in the range of$4.00 to$5.00 per ordinary share.We have reserved the symbol“GDHG”for purposes of listing our ordinaryshares on the Nasdaq Capital Market.This offering is contingent on the listing of our ordinaryshares on the Nasdaq Capital Market.At this time,the Nasdaq Capital Market has not yet approvedour application to list our ordinary shares.There is no assurance that such application will beapproved,and if our application is not approved by the Nasdaq Capital Market,this offering may notbe completed.Investing in our ordinary shares involves a high degree of risk,including the riskof losing your entire investment.See“Risk Factors”beginning on page 14 to readabout factors you should consider before buying our ordinary shares.We are both an“emerging growth company”and a“foreign private issuer”as defined underapplicable U.S.securities laws and are eligible for reduced public company reporting requirements.Please read the disclosures beginning on page 10 and on page 11 of this prospectus for moreinformation.We are not a Chinese operating company but a Cayman Islands holding company.We haveno material operations of our own and conduct substantially all of the operationsthrough the operating entities in China.Investors in our ordinary shares arepurchasing equity interests in the Cayman Islands holding company,and not in theChinese operating entities.Investors in our ordinary shares may never hold equityinterests in the Chinese operating entities.Our operating structure involves uniquerisks to investors.The Chinese regulatory authorities could disallow our operatingstructure,which would likely result in a material change in our operations and/or amaterial change in the value of our ordinary shares,and could cause the value of ourordinary shares to significantly decline or become worthless.See“Risk Factors RisksRelating to Doing Business in the PRC The Chinese government exerts substantial influence overthe manner in which the operating entities conduct their business activities,may intervene orinfluence such operations at any time,or may exert more control over offerings conducted overseasand/or foreign investment in China-based issuers,which could result in a material change in suchoperations and the value of our ordinary shares,significantly limit or completely hinder ourability to offer or continue to offer securities to investors,and cause the value of our securitiesto significantly decline or be worthless”beginning on page 25 of this prospectus.As used inthis prospectus,terms such as“the Company,”“we,”“us,”“our company,”or“our”refer to Golden Heaven Group Holdings Ltd.,unless the context suggestsotherwise,and when describing Golden Heaven Group Holdings Ltd.s consolidatedfinancial information,also includes the Chinese operating entities.We directly hold100%equity interests in the operating entities in China,and we do not currently usea variable interest entity(“VIE”)structure.See“Corporate History and Structure”beginning on page 51 of this prospectus.As substantially all of our operations are conducted by the operating entities inChina,we are subject to the associated legal and operational risks,including risksrelated to the legal,political and economic policies of the Chinese government,therelations between China and the United States,or Chinese or United Statesregulations,which risks could result in a material change in our operations and/orcause the value of our ordinary shares to significantly decline or become worthless,and affect our ability to offer or continue to offer securities to investors.Recently,the PRC government initiated a series of regulatory actions and made anumber of public statements on the regulation of business operations in China withlittle advance notice,including cracking down on illegal activities in thesecurities market,enhancing supervision over China-based companies listed overseas,and adopting new measures to extend the scope of cybersecurity reviews.As advised byour PRC legal counsel,AllBright Law Offices(Fuzhou),as of the date of thisprospectus,we are not directly subject to these regulatory actions or statements,aswe have not implemented any monopolistic behavior and our business does not involvethe collection of user data,implicate cybersecurity,or involve any other type ofrestricted industry.However,we will be required to file with the China SecuritiesRegulatory Commission(the“CSRC”)if we cannot obtain the approvals from the SECand Nasdaq for this offering and listing before March 31,2023,or if we obtain theapprovals on or before March 31,2023 but fail to complete this offering and listing2023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm4/223on or before September 30,2023.If we are required to file with the CSRC for thisoffering and listing,there is no assurance that we can complete such filing in atimely manner or even at all.Any failure by us to comply with such filingrequirements may result in an order to rectify,warnings and fines against us andcould materially hinder our ability to offer or continue to offer our securities.See“Risk Factors Risks related to Doing Business in the PRC”beginning on page 24 of thisprospectus for a discussion of these legal and operational risks.In addition,our ordinary shares may be delisted from a national exchange orprohibited from being traded over-the-counter under the Holding Foreign CompaniesAccountable Act(the“HFCA Act”)if the Public Company Accounting Oversight Board(the“PCAOB”)is unable to inspect our auditor for two consecutive years.OnDecember 16,2021,the PCAOB issued its determinations that the PCAOB was unable toinspect or investigate completely PCAOB-registered public accounting firmsheadquartered in mainland China and in Hong Kong,because of positions taken by PRCauthorities in those jurisdictions,which determinations were vacated on December 15,2022.Our auditor,B F Borgers CPA PC,has been inspected by the PCAOB on a regularbasis,and it is not subject to the determinations announced by the PCAOB on December16,2021.On August 26,2022,the PCAOB signed a Statement of Protocol Agreement(the“SOP”)with the CSRC and Chinas Ministry of Finance.The SOP,together with twoprotocol agreements governing inspections and investigations(together,the“SOPAgreements”),establish a specific,accountable framework to make possible completeinspections and investigations by the PCAOB of audit firms based in mainland Chinaand Hong Kong,as required under U.S.law.On December 15,2022,the PCAOB Boarddetermined that the PCAOB was able to secure complete access to inspect andinvestigate registered public accounting firms headquartered in mainland China andHong Kong and voted to vacate its previous determinations to the contrary.However,should PRC authorities obstruct or otherwise fail to facilitate the PCAOBs accessin the future,the PCAOB Board will consider the need to issue a new determination.On June 22,2021,the U.S.Senate passed the Accelerating Holding Foreign CompaniesAccountable Act,and on December 29,2022,legislation entitled“ConsolidatedAppropriations Act,2023”(the“Consolidated Appropriations Act”)was signed intolaw by President Biden,which contained,among other things,an identical provisionto the Accelerating Holding Foreign Companies Accountable Act and amended the HFCAAct by requiring the SEC to prohibit an issuers securities from trading on any U.S.stock exchanges if its auditor is not subject to PCAOB inspections for twoconsecutive years instead of three,thus reducing the time period for triggering thedelisting of our Company and the prohibition of trading in our securities if thePCAOB is unable to inspect our accounting firm at such future time.If trading in theordinary shares is prohibited under the HFCA Act in the future because the PCAOBdetermines that it cannot 2023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm5/223Table of Contentsinspect or fully investigate our auditor at such future time,Nasdaq may determine todelist our ordinary shares and trading in our ordinary shares could be prohibited.See“Risk Factors Risks Related to Our Ordinary Shares and This Offering Recent joint statementby the SEC and the PCAOB proposed rule changes submitted by Nasdaq,and the Holding ForeignCompanies Accountable Act passed by the US Senate all call for additional and more stringentcriteria to be applied to emerging market companies upon assessing the qualification of theirauditors,especially the non-U.S.auditors who are not inspected by the PCAOB.These developmentscould add uncertainties to our offering”beginning on page 34 of this prospectus.As of the date of this prospectus,we have not maintained any cash managementpolicies that dictate the purpose,amount and procedure of fund transfers among ourCayman Islands holding company,our subsidiaries,or investors.Rather,the funds canbe transferred in accordance with the applicable laws and regulations.See“ProspectusSummary Cash Transfers and Dividend Distributions.”As of the date of this prospectus,our Cayman Islands holding company has not declared or paid dividends or madedistributions to the Chinese operating entities or to investors in the past,nor wereany dividends or distributions made by a Chinese operating entity to the CaymanIslands holding company.Our board of directors has complete discretion on whether todistribute dividends,subject to applicable laws.We do not have any current plan todeclare or pay any cash dividends on our ordinary shares in the foreseeable futureafter this offering.See“Risk Factors Risks related to Our Ordinary Shares and ThisOffering We currently do not expect to pay dividends in the foreseeable future after thisoffering and you must rely on price appreciation of our ordinary shares for return on yourinvestment”beginning on page 37 of this prospectus.Subject to certain contractual,legaland regulatory restrictions,cash and capital contributions may be transferred amongour Cayman Islands holding company and the Chinese operating entities.If needed,ourCayman Islands holding company can transfer cash to the Chinese operating entitiesthrough loans and/or capital contributions,and the Chinese operating entities cantransfer cash to our Cayman Islands holding company through loans and/or issuingdividends or other distributions.There are limitations on the ability to transfercash between the Cayman Islands holding company,the Chinese operating entities orinvestors.Cash transfers from the Cayman Islands holding company to the Chineseoperating entities are subject to the applicable PRC laws and regulations on loansand direct investment.See“Prospectus Summary Cash Transfers and Dividend Distributions,”“Prospectus Summary Summary of Risk Factors Risks Related to Doing Business in the PRC PRCregulations of loans and direct investment by offshore holding companies to PRC entities may delayor prevent us from using the proceeds of our offshore financing to make loans or additional capitalcontributions to the operating entities,which could materially and adversely affect our liquidityand business,”and“Risk Factors Risks Related to Doing Business in the PRC PRC regulationsof loans and direct investment by offshore holding companies to PRC entities may delay or prevent usfrom using the proceeds of our offshore financing to make loans or additional capital contributionsto the operating entities,which could materially and adversely affect our liquidity and business”beginning on page 29 of this prospectus.If any of the operating entities incurs debt onits own behalf in the future,the instruments governing such debt may restrict theirability to pay dividends to the Cayman Islands holding company.Cash transfers fromthe Chinese operating entities to the Cayman Islands holding company are also subjectto the current PRC regulations,which permit the Chinese operating entities to paydividends to their shareholders only out of their accumulated profits,if any,determined in accordance with PRC accounting standards and regulations.See“RiskFactors Risks Related to Doing Business in the PRC We may rely on dividends and otherdistributions on equity paid by the operating entities to fund any cash and financing requirementswe may have.To the extent funds or assets in the business are in the PRC or a PRC entity,the fundsor assets may not be available to fund operations or for other use outside of the PRC due tointerventions in or the imposition of restrictions and limitations on the ability of our company orthe operating entities by the PRC government to transfer cash or assets”beginning on page 29 ofthis prospectus.Cash transfers from the Cayman Islands holding company to theinvestors are subject to the restrictions on the remittance of Renminbi into and outof China and governmental control of currency conversion.See“Risk Factors RisksRelated to Doing Business in the PRC Restrictions on the remittance of Renminbi into and out ofChina and governmental control of currency conversion may limit our ability to pay dividends andother obligations,and affect the value of your investment”beginning on page 30 of thisprospectus.Additionally,to the extent cash or assets in the business is in China or aChinese operating entity,the funds or assets may not be available to fund operationsor for other use outside of China due to interventions in or the imposition ofrestrictions and limitations on the ability of our company or the operating entitiesby the PRC government to transfer cash or assets.See“Prospectus Summary CashTransfers and Dividend Distributions,”“Prospectus Summary Summary of Risk Factors RisksRelated to Doing Business in the PRC We may rely on dividends and other distributions on equitypaid by the operating entities to fund any cash and financing requirements we may have.To theextent funds or assets in the business are in the PRC or a PRC entity,the funds or assets may notbe available to fund operations or for other use outside of the PRC due to interventions in or theimposition of restrictions and limitations on the ability of our company or the operating entitiesby the PRC government to transfer cash or assets,”and“Risk Factors Risks Related to DoingBusiness in the PRC We may rely on dividends and other distributions on equity paid by theoperating entities to fund any cash and financing requirements we may have.To the extent funds orassets in the business are in the PRC or a PRC entity,the funds or assets may not be available tofund operations or for other use outside of the PRC due to interventions in or the imposition ofrestrictions and limitations on the ability of our company or the operating entities by the PRCgovernment to transfer cash or assets”beginning on page 29 of this prospectus.Per ShareTotal2023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm6/223 Initial public offering price(1)US$4.50 US$9,000,000Underwriting discounts(2)US$0.315 US$630,000Proceeds,before expenses(3)US$4.185 US$8,370,000_(1)Initial public offering price per share is assumed as$4.50 per share,which is the midpointof the range set forth on the cover page of this prospectus.(2)See“Underwriting”beginning on page 135 of this prospectus for more information regardingour arrangements with the underwriters.(3)We expect our total cash expenses for this offering(including cash expenses payable to theunderwriters for its out-of-pocket expenses)to be approximately$225,000,exclusive of theabove discounts.In addition,we will pay additional items of value in connection with thisoffering that are viewed by the Financial Industry Regulatory Authority,or FINRA,asunderwriting compensation.These payments will further reduce proceeds available to us beforeexpenses.See“Underwriting.”This offering is being conducted on a firm commitment basis.The underwriters are obligated to takeand pay for all of the ordinary shares if any such shares are taken.The underwriters expect to deliver the ordinary shares against payment as set forth under“Underwriting,”on or about,2023.Neither the U.S.Securities and Exchange Commission nor any state securitiescommission nor any other regulatory body has approved or disapproved of thesesecurities or determined if this prospectus is truthful or complete.Anyrepresentation to the contrary is a criminal offense.Prospectus dated,2023 2023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm7/223Table of ContentsTABLE OF CONTENTS PagePROSPECTUS SUMMARY 1RISK FACTORS 14SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS 42USE OF PROCEEDS 44DIVIDEND POLICY 45CAPITALIZATION 46DILUTION 47ENFORCEABILITY OF CIVIL LIABILITIES 48CORPORATE HISTORY AND STRUCTURE 51MANAGEMENTS DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OFOPERATIONS 53INDUSTRY OVERVIEW 66BUSINESS 75REGULATIONS 88MANAGEMENT 100PRINCIPAL SHAREHOLDERS 104RELATED PARTY TRANSACTIONS 106DESCRIPTION OF SHARE CAPITAL 108SHARES ELIGIBLE FOR FUTURE SALE 127TAXATION 129UNDERWRITING 135EXPENSES RELATING TO THIS OFFERING 143LEGAL MATTERS 144EXPERTS 144WHERE YOU CAN FIND ADDITIONAL INFORMATION 144INDEX TO CONSOLIDATED FINANCIAL STATEMENTS F-1You should rely on the information contained in this prospectus or in any relatedfree writing prospectus.We have not authorized anyone to provide you withinformation different from that contained in this prospectus or in any related freewriting prospectus.We are offering to sell,and seeking offers to buy the ordinaryshares,only in jurisdictions where offers and sales are permitted.The informationcontained in this prospectus is accurate only as of the date of this prospectus,regardless of the time of delivery of this prospectus or of any sale of the ordinaryshares.Neither we nor the underwriters have taken any action to permit a public offering ofthe ordinary shares outside the United States or to permit the possession ordistribution of this prospectus or any filed free-writing prospectus outside theUnited States.Persons outside the United States who come into possession of thisprospectus or any filed free writing prospectus must inform themselves about andobserve any restrictions relating to the offering of the ordinary shares and thedistribution of this prospectus or any filed free-writing prospectus outside theUnited States.Until,2023(the day after the date of this prospectus),alldealers that buy,sell or trade ordinary shares,whether or notparticipating in this offering,may be required to deliver a prospectus.This is in addition to the dealers obligation to deliver a prospectuswhen acting as underwriters and with respect to their unsold allotments orsubscriptions.i2023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm8/223Table of ContentsPROSPECTUS SUMMARYThis summary highlights certain information contained elsewhere in this prospectus.You should read the entire prospectus carefully,including our financial statementsand related notes and the risks described under“Risk Factors.”Our actual resultsand future events may differ significantly based upon a number of factors.Thereader should not put undue reliance on the forward-looking statements in thisdocument,which speak only as of the date on the cover of this prospectus.OverviewWe are an offshore holding company incorporated in the Cayman Islands.We have nomaterial operations of our own and conduct substantially all of our operationsthrough the Chinese operating entities.Investors in our ordinary shares arepurchasing equity interests in the Cayman Islands holding company,and not in theChinese operating entities.We directly hold 100%equity interests in the Chineseoperating entities and do not currently adopt VIE contractual agreements betweenthe entities that may adversely affect investors or the value of their investment.Through the Chinese operating entities,we manage and operate six propertiesconsisting of amusement parks,water parks and complementary recreationalfacilities.The parks of the operating entities occupy approximately 426,560 squaremeters of land in the aggregate and are located in geographically diverse marketsacross the south of China.Due to the geographical locations of the parks and theease of travel,the parks are easily accessible to an aggregate population ofapproximately 21 million people.The parks offer a broad selection of exhilaratingand recreational experiences,including both thrilling and family-friendly rides,water attractions,gourmet festivals,circus performances,and high-techfacilities.As of the date of this prospectus,the parks collectively contain 139rides and attractions.Our revenue is primarily generated from the Chinese operating entities sellingaccess to rides and attractions,charging fees for special event rentals,andcollecting regular rental payments from commercial tenants.Our revenue and netincome have remained largely stable over the years.In the fiscal years endedSeptember 30,2021 and 2022,our revenue was US$38,517,742 and US$41,788,196,respectively.For the same fiscal years,our net income was US$13,580,375 andUS$14,328,374,respectively,and the number of guest visits at the parks totaledapproximately 2.40 million and 2.41 million,respectively.Our significant expensesare depreciation and amortization,real property rent,repairs and maintenance,utilities,and marketing costs.Our corporate headquarters is in Yanping District,Nanping City,Fujian Province,China.According to government authorities in Fujian Province,Yanping District isknown as“the birthplace of Chinese amusement park industry”and entrepreneursfrom Yanping District have expanded beyond Yanping District and established theirpresence all across China.Through the operating entities,we are a leadingamusement park operator in Yanping District and an active player in developing theChinese amusement park industry.We aim to become the leading regional amusementpark operator in China.To achieve our goal,we will endeavor to enhance guestexperiences,develop appealing recreational products and services,boost ouroperational efficiency,and improve cost controls.Our StrengthsWe believe that the following strengths contribute to our growth and differentiateus from our competitors:easily accessible amusement park locations;continued guest commitment;experienced senior management teams;and the quality and variety of cost-effective entertainment offerings.Our StrategiesWe intend to grow our business using the following key strategies:attracting more guests;raising prices,which will be accompanied by new product introductions,infrastructure improvements,and/or more user-friendly facilities;developing membership programs;broadening service packages;12023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm9/223Table of Contents introducing unique products;and optimizing project management.Our Corporate History and StructureWe are a Cayman Islands holding company and conduct our operations in China throughNanping Golden Heaven Amusement Park Management Co.,Ltd.(“Golden Heaven WFOE”)and its subsidiaries.We hold 100%equity interests in our PRC subsidiaries,and wedo not use a VIE structure.As of the date of this prospectus,Golden Heaven WFOE has acquired 100%equityinterests in the following PRC subsidiaries:(i)Changde Jinsheng AmusementDevelopment Co.,Ltd.(“Change Jinsheng”),(ii)Qujing Jinsheng AmusementInvestment Co.,Ltd.(“Qujing Jinsheng”),(iii)Tongling Jinsheng AmusementInvestment Co.,Ltd.(“Tongling Jinsheng”),(iv)Yuxi Jinsheng AmusementDevelopment Co.,Ltd.(“Yuxi Jinsheng”),(v)Yueyang Jinsheng AmusementDevelopment Co.,Ltd.(“Yueyang Jinsheng”),and(vi)Mangshi Jinsheng AmusementPark Co.,Ltd.(“Mangshi Jinsheng”).In anticipation of this proposed initial public offering,we completed areorganization of our corporate structure.We incorporated Golden Heaven GroupHoldings Ltd.(“Golden Heaven Cayman”)under the laws of the Cayman Islands onJanuary 8,2020.We incorporated Golden Heaven Management Ltd(“Golden HeavenBVI”)under the laws of the British Virgin Islands on February 18,2020,whichbecame a wholly owned subsidiary of Golden Heaven Cayman.We incorporated GoldenHeaven Group Management Limited(“Golden Heaven HK”)in Hong Kong on February 26,2020,which became a wholly owned subsidiary of Golden Heaven BVI.Golden Heaven HKholds all of the outstanding equity of Golden Heaven WFOE.The following diagram illustrates our corporate structure as of the date of thisprospectus and upon completion of our initial public offering based on 2,000,000ordinary shares being offered:_Notes:(1)Represents 10,000,000 ordinary shares held by Xuezheng Chen,the 100%owner of QingyuInvestment Ltd.,as of the date of this prospectus.(2)Represents 15,000,000 ordinary shares held by Qiong Jin,the 100%owner of JinzhengInvestment Co PTE.LTD.,as of the date of this prospectus.22023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm10/223Table of Contents(3)Represents 2,910,000 ordinary shares held by Leung Tan,the 100%owner of Hong Kong GreaterPower Ventures Limited,as of the date of this prospectus.(4)Represents an aggregate of 16,600,000 ordinary shares held by 13 shareholders,each one ofwhich holds less than 5%of our ordinary shares,as of the date of this prospectus.Summary of Risk FactorsOur business is subject to multiple risks and uncertainties,as more thoroughlydescribed in“Risk Factors”starting on page 14 of this prospectus and elsewherein this prospectus.We urge you to read“Risk Factors”and this prospectus infull.Our principal risks may be summarized as follows:Risks Related to Our Business and Industry:The COVID-19 pandemic has disrupted the operating entities business andwill adversely affect our results of operations and various other factorsbeyond our control could adversely affect our financial condition andresults of operations.See“Risk Factors Risks Related to Our Businessand Industry The COVID-19 pandemic has disrupted the operatingentities business and will adversely affect our results of operationsand various other factors beyond our control could adversely affect ourfinancial condition and results of operations”on page 17.The parks managed by the operating entities are located on leasedproperties,and there is no assurance that the operating entities will beable to renew the leases or find suitable alternative premises upon theexpiration of the relevant lease terms.See“Risk Factors RisksRelated to Our Business and Industry The parks managed by the operatingentities are located on leased properties,and there is no assurance thatthe operating entities will be able to renew the leases or find suitablealternative premises upon the expiration of the relevant lease terms”onpage 18.The operating entities may not be able to maintain or increase the cost-effectiveness of their entertainment offerings.See“RiskFactors Risks Related to Our Business and Industry The operatingentities may not be able to maintain or increase the cost-effectiveness oftheir entertainment offerings”on page 18.The high fixed cost structure of park operations can result insignificantly lower margins if revenues decline.See“RiskFactors Risks Related to Our Business and Industry The high fixedcost structure of park operations can result in significantly lowermargins if revenues decline”on page 19.Declines in discretionary guest spending and guest confidence,or changesin guest tastes and preferences,could affect the profitability of theoperating entities business.See“Risk Factors Risks Related to OurBusiness and Industry Declines in discretionary guest spending andguest confidence,or changes in guest tastes and preferences,could affectthe profitability of the operating entities business”on page 19.The operating entities may be unable to contract with third-partysuppliers for rides and attractions,and construction delays may occur andimpact attraction openings.See“Risk Factors Risks Related to OurBusiness and Industry The operating entities may be unable to contractwith third-party suppliers for rides and attractions,and constructiondelays may occur and impact attraction openings”on page 20.Financial distress experienced by business partners and other contractcounterparties could have an adverse impact on the operating entities.See“Risk Factors Risks Related to Our Business and Industry Financialdistress experienced by business partners and other contractcounterparties could have an adverse impact on the operating entities”onpage 20.Incidents or adverse publicity concerning the parks or the amusement parkindustry in general could harm the brand,reputation or profitability ofthe operating entities.See“Risk Factors Risks Related to OurBusiness and Industry Incidents or adverse publicity concerning theparks or the amusement park industry in general could harm the brand,reputation or profitability of the operating entities”on page 22.Bad or extreme weather conditions can reduce park attendance.See“RiskFactors Risks Related to Our Business and Industry Bad or extremeweather conditions can reduce park attendance”on page 22.2023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm11/22332023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm12/223Table of ContentsRisks Related to Doing Business in the PRC:The Chinese government exerts substantial influence over the manner inwhich the operating entities conduct their business activities,mayintervene or influence such operations at any time,or may exert morecontrol over offerings conducted overseas and/or foreign investment inChina-based issuers,which could result in a material change in suchoperations and the value of our ordinary shares,significantly limit orcompletely hinder our ability to offer or continue to offer securities toinvestors,and cause the value of our securities to significantly declineor be worthless.See“Risk Factors Risks Related to Doing Business inthe PRC The Chinese government exerts substantial influence over themanner in which operating entities conduct their business activities,mayintervene or influence such operations at any time,or may exert morecontrol over offerings conducted overseas and/or foreign investment inChina-based issuers,which could result in a material change in suchoperations and the value of our ordinary shares,significantly limit orcompletely hinder our ability to offer or continue to offer securities toinvestors,and cause the value of our securities to significantly declineor be worthless”on page 25.Failing to obtain the approval from provincial counterparts of theNational Development and Reform Commission(the“NDRC”)or other PRCgovernment authorities may have an adverse effect on the operatingentities business activities.See“Risk Factors Risks Related toDoing Business in the PRC Failing to obtain the approval from theNDRCs provincial counterparts or other PRC government authorities mayhave an adverse effect on the operating entities business activities”on page 25.The approval and/or other requirements of the China Securities RegulatoryCommission(the“CSRC”)or other PRC government authorities may berequired in connection with an offering under PRC rules,regulations orpolicies,and,if required,we cannot predict whether or how soon we willbe able to obtain such approval.See“Risk Factors Risks Related toDoing Business in the PRC The approval and/or other requirements of theCSRC or other PRC government authorities may be required in connectionwith an offering under PRC rules,regulations or policies,and,ifrequired,we cannot predict whether or how soon we will be able to obtainsuch approval”on page 25.Recent greater oversight by the Cyberspace Administration of China(the“CAC”)over data security,particularly for companies seeking to list ona foreign exchange,could adversely impact our business and our offering.See“Risk Factors Risks Related to Doing Business in the PRC Recentgreater oversight by the CAC over data security,particularly forcompanies seeking to list on a foreign exchange,could adversely impactour business and our offering”on page 26.PRC regulations relating to the establishment of offshore special purposecompanies by PRC residents may subject the operating entities to liabilityor penalties,limit our ability to inject capital into the operatingentities,limit the operating entities ability to increase theirregistered capital or distribute profits to us,or may otherwise adverselyaffect us.See“Risk Factors Risks Related to Doing Business in thePRC PRC regulations relating to the establishment of offshore specialpurpose companies by PRC residents may subject the operating entities toliability or penalties,limit our ability to inject capital into theoperating entities,limit the operating entities ability to increasetheir registered capital or distribute profits to us,or may otherwiseadversely affect us”on page 28.PRC laws and regulations establish more complex procedures for someacquisitions of PRC companies by foreign investors,which could make itmore difficult for us to pursue growth through acquisitions in China.See“Risk Factors Risks Related to Doing Business in the PRC PRC lawsand regulations establish more complex procedures for some acquisitions ofPRC companies by foreign investors,which could make it more difficult forus to pursue growth through acquisitions in China”on page 28.Cash transfers from the Chinese operating entities to the Cayman Islandsholding company are subject to the current PRC regulations,which permitthe Chinese operating entities to pay dividends to their shareholders onlyout of their accumulated profits,if any,determined in accordance withPRC accounting standards and regulations.We may rely on dividends and2023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm13/223other distributions on equity paid by the operating entities to fund anycash and financing requirements we may have.To the extent funds or assetsin the business are in the PRC or a PRC entity,the funds or assets maynot be available to fund operations or42023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm14/223Table of Contentsfor other use outside of the PRC due to interventions in or the impositionof restrictions and limitations on the ability of our company or theoperating entities by the PRC government to transfer cash or assets.See“Risk Factors Risks Related to Doing Business in the PRC We may relyon dividends and other distributions on equity paid by the operatingentities to fund any cash and financing requirements we may have.To theextent funds or assets in the business are in the PRC or a PRC entity,thefunds or assets may not be available to fund operations or for other useoutside of the PRC due to interventions in or the imposition ofrestrictions and limitations on the ability of our company or theoperating entities by the PRC government to transfer cash or assets”onpage 29.Cash transfers from the Cayman Islands holding company to the Chineseoperating entities are subject to the applicable PRC laws and regulationson loans and direct investment.PRC regulations of loans and directinvestment by offshore holding companies to PRC entities may delay orprevent us from using the proceeds of our offshore financing to make loansor additional capital contributions to the operating entities,which couldmaterially and adversely affect our liquidity and business.See“RiskFactors Risks Related to Doing Business in the PRC PRC regulationsof loans and direct investment by offshore holding companies to PRCentities may delay or prevent us from using the proceeds of our offshorefinancing to make loans or additional capital contributions to theoperating entities,which could materially and adversely affect ourliquidity and business”on page 29.Cash transfers from the Cayman Islands holding company to the investorsare subject to the restrictions on the remittance of Renminbi into and outof China and governmental control of currency conversion.See“RiskFactors Risks Related to Doing Business in the PRC Restrictions onthe remittance of Renminbi into and out of China and governmental controlof currency conversion may limit our ability to pay dividends and otherobligations,and affect the value of your investment.”on page 30.Risks Related to Our Ordinary Shares and This Offering:Recent joint statement by the SEC and the Public Company AccountingOversight Board(the“PCAOB”)proposed rule changes submitted by Nasdaq,and the Holding Foreign Companies Accountable Act passed by the US Senateall call for additional and more stringent criteria to be applied toemerging market companies upon assessing the qualification of theirauditors,especially the non-U.S.auditors who are not inspected by thePCAOB.These developments could add uncertainties to our offering.See“Risk Factors Risks Related to Our Ordinary Shares and ThisOffering Recent joint statement by the SEC and the PCAOB proposed rulechanges submitted by Nasdaq,and the Holding Foreign Companies AccountableAct passed by the US Senate all call for additional and more stringentcriteria to be applied to emerging market companies upon assessing thequalification of their auditors,especially the non-U.S.auditors who arenot inspected by the PCAOB.These developments could add uncertainties toour offering”on page 34.There has been no public market for our ordinary shares prior to thisoffering,and you may not be able to resell our ordinary shares at orabove the price you paid,or at all.See“Risk Factors Risks Relatedto Our Ordinary Shares and This Offering There has been no publicmarket for our ordinary shares prior to this offering,and you may not beable to resell our ordinary shares at or above the price you paid,or atall”on page 35.Substantial future sales or perceived potential sales of our ordinaryshares in the public market could cause the price of our ordinary sharesto decline.See“Risk Factors Risks Related to Our Ordinary Shares andThis Offering Substantial future sales or perceived potential sales ofour ordinary shares in the public market could cause the price of ourordinary shares to decline”on page 37.We currently do not expect to pay dividends in the foreseeable futureafter this offering and you must rely on price appreciation of ourordinary shares for return on your investment.See“Risk Factors RisksRelated to Our Ordinary Shares and This Offering We currently do notexpect to pay dividends in the foreseeable future after this offering andyou must rely on price appreciation of our ordinary shares for return onyour investment”on page 37.2023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm15/22352023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm16/223Table of Contents We have broad discretion in the use of the net proceeds from our initialpublic offering and may not use them effectively.See“RiskFactors Risks Related to Our Ordinary Shares and This Offering Wehave broad discretion in the use of the net proceeds from our initialpublic offering and may not use them effectively”on page 37.For as long as we are an emerging growth company,we will not be requiredto comply with certain reporting requirements,including those relating toaccounting standards and disclosure about our executive compensation,thatapply to other public companies.See“Risk Factors Risks Related toOur Ordinary Shares and This Offering For as long as we are an emerginggrowth company,we will not be required to comply with certain reportingrequirements,including those relating to accounting standards anddisclosure about our executive compensation,that apply to other publiccompanies”on page 39.We are a foreign private issuer within the meaning of the rules under theExchange Act,and as such we are exempt from certain provisions applicableto U.S.domestic public companies.See“Risk Factors Risks Related toOur Ordinary Shares and This Offering We are a foreign private issuerwithin the meaning of the rules under the Exchange Act,and as such we areexempt from certain provisions applicable to U.S.domestic publiccompanies”on page 39.As a company incorporated in the Cayman Islands,we are permitted to adoptcertain home country practices in relation to corporate governance mattersthat differ significantly from the Nasdaq listing standards.Thesepractices may afford less protection to shareholders than they would enjoyif we complied fully with corporate governance listing standards.See“Risk Factors Risks Related to Our Ordinary Shares and ThisOffering As a company incorporated in the Cayman Islands,we arepermitted to adopt certain home country practices in relation to corporategovernance matters that differ significantly from the Nasdaq listingstandards.These practices may afford less protection to shareholders thanthey would enjoy if we complied fully with corporate governance listingstandards”on page 40.Regulatory DevelopmentsRecently,the PRC government initiated a series of regulatory actions and made anumber of public statements on the regulation of business operations in China withlittle advance notice,including cracking down on illegal activities in thesecurities market,enhancing supervision over China-based companies listedoverseas,and adopting new measures to extend the scope of cybersecurity reviews.The Regulations on Mergers and Acquisitions of Domestic Enterprises by ForeignInvestors(the“M&A Rules”)came into effect on September 8,2006 and were amendedon June 22,2009.The M&A Rules,among other things,require that an offshorespecial purpose vehicle(the“SPV”),formed for overseas listing purposes andcontrolled directly or indirectly by PRC companies or individuals,shall obtain theapproval of the China Securities Regulatory Commission(the“CSRC”)prior tolisting such SPVs securities on an overseas stock exchange,especially in theevent that the SPV acquires shares or an equity interest in the PRC companies byoffering the shares of any offshore companies.On July 10,2021,the Cyberspace Administration of China(the“CAC”)issued theMeasures for Cybersecurity Review(Revision Draft for Comments),or the Measures,for public comments,which propose to authorize the relevant government authoritiesto conduct cybersecurity review on a range of activities that affect or may affectnational security,including listings in foreign countries by companies thatpossess the personal data of more than one million users.On December 28,2021,theMeasures for Cybersecurity Review(2021 version)was promulgated and took effect onFebruary 15,2022,which iterates that any online platform operators controllingpersonal information of more than one million users which seeks to list in aforeign stock exchange should also be subject to cybersecurity review.The CAC hassaid that under the proposed rules companies holding data on more than 1,000,000users must now apply for cybersecurity approval when seeking listings in othernations because of the risk that such data and personal information could be“affected,controlled,and maliciously exploited by foreign governments.”Thecybersecurity review will also look into the potential national security risks fromoverseas IPOs.As advised by our PRC legal counsel,AllBright Law Offices(Fuzhou),neither we northe operating entities are subject to cybersecurity review by the CAC,sinceneither we nor the operating entities currently have over one million users2023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm17/223personal information and do not anticipate that we will be collecting over onemillion users personal information in the foreseeable future,which we understandmight otherwise subject us to the Cybersecurity Review Measures.62023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm18/223Table of ContentsOn December 24,2021,the CSRC released the Administrative Provisions of the StateCouncil Regarding the Overseas Issuance and Listing of Securities by DomesticEnterprises(Draft for Comments)(the“Draft Administrative Provisions”)and theMeasures for the Overseas Issuance of Securities and Listing Record-Filings byDomestic Enterprises(Draft for Comments)(the“Draft Filing Measures”,andcollectively with the Draft Administrative Provisions,the“Draft Rules RegardingOverseas Listing”),which stipulate that Chinese-based companies,or the issuer,shall fulfill the filing procedures after the issuer makes an application forinitial public offering and listing in an overseas market,and certain overseasoffering and listing such as those that constitute a threat to or endanger nationalsecurity,as reviewed and determined by competent authorities under the StateCouncil in accordance with law,may be prohibited under the Draft Rules RegardingOverseas Listing.On February 17,2023,with the approval of the State Council,theCSRC released the Trial Administrative Measures of Overseas Securities Offering andListing by Domestic Companies(the“Trial Measures”)and five supportingguidelines,which will come into effect on March 31,2023.According to the TrialMeasures,among other requirements,(1)domestic companies that seek to offer orlist securities overseas,both directly and indirectly,should fulfill the filingprocedures with the CSRC;if a domestic company fails to complete the filingprocedures,such domestic company may be subject to administrative penalties;and(2)where a domestic company seeks to indirectly offer and list securities in anoverseas market,the issuer shall designate a major domestic operating entityresponsible for all filing procedures with the CSRC,and such filings shall besubmitted to the CSRC within three business days after the submission of theoverseas offering and listing application.On the same day,the CSRC also held apress conference for the release of the Trial Measures and issued the Notice onAdministration for the Filing of Overseas Offering and Listing by DomesticCompanies,which clarifies that(1)on or prior to the effective date of the TrialMeasures,domestic companies that have already submitted valid applications foroverseas offering and listing but have not obtained approval from overseasregulatory authorities or stock exchanges may reasonably arrange the timing forsubmitting their filing applications with the CSRC,and must complete the filingbefore the completion of their overseas offering and listing;(2)a six-monthtransition period will be granted to domestic companies which,prior to theeffective date of the Trial Measures,have already obtained the approval fromoverseas regulatory authorities or stock exchanges,but have not completed theindirect overseas listing;if domestic companies fail to complete the overseaslisting within such six-month transition period,they shall file with the CSRCaccording to the requirements;and(3)the CSRC will solicit opinions from relevantregulatory authorities and complete the filing of the overseas listing of companieswith contractual arrangements which duly meet the compliance requirements,andsupport the development and growth of these companies.According to our PRC legal counsel,AllBright Law Offices(Fuzhou),as of the dateof this prospectus,neither we nor any of the PRC subsidiaries have been subject toany investigation,or received any notice,warning,or sanction from the CSRC orother applicable government authorities related to this offering.However,we willbe required to file with the CSRC if we cannot obtain the approvals from the SECand Nasdaq for this offering and listing before March 31,2023,or if we obtain theapprovals on or before March 31,2023 but fail to complete this offering andlisting on or before September 30,2023.If we are required to file with the CSRCfor this offering and listing,there is no assurance that we can complete suchfiling in a timely manner or even at all.Any failure by us to comply with suchfiling requirements may result in an order to rectify,warnings and fines againstus and could materially hinder our ability to offer or continue to offer oursecurities.As further advised by our PRC legal counsel,AllBright Law Offices(Fuzhou),as ofthe date of this prospectus,we and the operating entities have received from PRCgovernment authorities all requisite permits or licenses needed to engage in thebusinesses currently conducted in China.Such permits and licenses include ourBusiness License and Special Equipment Registration for Service and Food BusinessLicense.The following table provides details on the permits and licenses held bythe operating entities.Company Permit/License Issuing authority TermNanping GoldenHeaven AmusementPark ManagementCo.,Ltd.Business License Nanping CityAdministration forMarket Regulation Long termChangde JinshengAmusementDevelopment Co.,Business License Changde CityAdministration forMarket Regulation Long term2023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm19/223Ltd.Special EquipmentRegistrations forService Changde CityAdministration forMarket Regulation Starting fromOctober 10,2018,renewed each year72023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm20/223Table of ContentsCompany Permit/License Issuing authority TermQujing JinshengAmusementInvestment Co.,Ltd.Business License Qujing City QilinDistrictAdministrativeExamination andApproval Bureau Long term Special EquipmentRegistrations forService Qujing City QilinDistrictAdministration forMarket Regulation Starting from aroundFebruary 2015,renewed each yearTongling JinshengAmusementInvestment Co.,Ltd.Business License TonglingAdministration forMarket Regulation Long termSpecial EquipmentRegistrations forService Tongling Qualityand TechnicalSupervision Bureau Starting from aroundOctober 2016,renewed each yearYuxi JinshengAmusementDevelopment Co.,Ltd.Business License Yuxi City HongtaDistrictAdministration forMarket Regulation Long termSpecial EquipmentRegistrations forService Yuxi City HongtaDistrictAdministration forMarket Regulation Starting fromSeptember 11,2017,renewed each yearYueyang JinshengAmusementDevelopment Co.,Ltd.Business License Yuyang City JunshanDistrictAdministration forMarket Regulation Long termSpecial EquipmentRegistrations forService Yueyang Quality andTechnicalSupervision Bureau Starting fromJuly 2,2018,renewed each yearMangshi JinshengAmusement ParkCo.,Ltd.Business License MangshiAdministration forMarket Regulation Long termSpecial EquipmentRegistrations forService MangshiAdministration forMarket Regulation Starting fromOctober 24,2017,renewed each year Food BusinessLicense MangshiAdministration forMarket Regulation June 15,2020 toJune 14,2026In addition,our ordinary shares may be delisted from a national exchange orprohibited from being traded over-the-counter under the Holding Foreign CompaniesAccountable Act(the“HFCA Act”)if the PCAOB is unable to inspect our auditor fortwo consecutive years.On December 16,2021,the PCAOB issued its determinationsthat the PCAOB was unable to inspect or investigate completely PCAOB-registeredpublic accounting firms headquartered in mainland China and in Hong Kong,becauseof positions taken by PRC authorities in those jurisdictions,which determinationswere vacated on December 15,2022.Our auditor,B F Borgers CPA PC,has beeninspected by the PCAOB on a regular basis,and it is not subject to thedeterminations announced by the PCAOB on December 16,2021.On August 26,2022,thePCAOB signed the SOP Agreements with the CSRC and Chinas Ministry of Finance.TheSOP Agreements establish a specific,accountable framework to make possiblecomplete inspections and investigations by the PCAOB of audit firms based inmainland China and Hong Kong,as required under U.S.law.On December 15,2022,thePCAOB Board determined that the PCAOB was able to secure complete access to inspectand investigate registered public accounting firms headquartered in mainland Chinaand Hong Kong and voted to vacate its previous determinations to the contrary.However,should PRC authorities obstruct or otherwise fail to facilitate thePCAOBs access in the future,the PCAOB Board will consider the need to issue anew determination.On June 22,2021,the U.S.Senate passed the AcceleratingHolding Foreign Companies Accountable Act,and on December 29,2022,legislationentitled“Consolidated Appropriations Act,2023”(the“Consolidated2023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm21/223Appropriations Act”)was signed into law by President Biden,which contained,among other things,an identical provision to the Accelerating Holding ForeignCompanies Accountable Act and amended the HFCA Act by requiring the SEC to prohibitan issuers securities from trading on any82023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm22/223Table of ContentsU.S.stock exchanges if its auditor is not subject to PCAOB inspections for twoconsecutive years instead of three,thus reducing the time period for triggeringthe delisting of our Company and the prohibition of trading in our securities ifthe PCAOB is unable to inspect our accounting firm at such future time.If tradingin our ordinary shares is prohibited under the HFCA Act in the future because thePCAOB determines that it cannot inspect or fully investigate our auditor at suchfuture time,Nasdaq may determine to delist our ordinary shares and trading in ourordinary shares could be prohibited.See“Risk Factors Risks Related to OurOrdinary Shares and This Offering Recent joint statement by the SEC and thePCAOB proposed rule changes submitted by Nasdaq,and the Holding Foreign CompaniesAccountable Act passed by the US Senate all call for additional and more stringentcriteria to be applied to emerging market companies upon assessing thequalification of their auditors,especially the non-U.S.auditors who are notinspected by the PCAOB.These developments could add uncertainties to ouroffering”beginning on page 34 of this prospectus.Cash Transfers and Dividend DistributionsAs of the date of this prospectus,our Cayman Islands holding company has notdeclared or paid dividends,made distributions,or transferred assets to itssubsidiaries or to investors in the past,nor have any dividends,distributions orasset transfers been made by any subsidiary to the Cayman Islands holding company.Our board of directors has complete discretion on whether to distribute dividends,subject to applicable laws.We do not have any current plan to declare or pay anycash dividends on our ordinary shares in the foreseeable future after thisoffering.See“Risk Factors Risks related to Our Ordinary Shares and ThisOffering We currently do not expect to pay dividends in the foreseeable futureafter this offering and you must rely on price appreciation of our ordinary sharesfor return on your investment”beginning on page 37 of this prospectus.Subject tocertain contractual,legal and regulatory restrictions,cash and capitalcontributions may be transferred among our Cayman Islands holding company and theChinese operating entities.If needed,our Cayman Islands holding company cantransfer cash to the Chinese operating entities through loans and/or capitalcontributions,and the Chinese operating entities can transfer cash to our CaymanIslands holding company through loans and/or issuing dividends or otherdistributions.There are limitations on the ability to transfer cash between theCayman Islands holding company,the Chinese operating entities or investors.Cashtransfers from the Cayman Islands holding company to the Chinese operating entitiesare subject to the applicable PRC laws and regulations on loans and directinvestment.See“Risk Factors Risks Related to Doing Business in the PRC PRCregulations of loans and direct investment by offshore holding companies to PRCentities may delay or prevent us from using the proceeds of our offshore financingto make loans or additional capital contributions to the operating entities,whichcould materially and adversely affect our liquidity and business”beginning onpage 29 of this prospectus.If any of the operating entities incurs debt on its ownbehalf in the future,the instruments governing such debt may restrict theirability to pay dividends to us.Cash transfers from the Chinese operating entitiesto the Cayman Islands holding company are subject to the current PRC regulations,which permit the Chinese operating entities to pay dividends to their shareholdersonly out of their accumulated profits,if any,determined in accordance with PRCaccounting standards and regulations.See“Risk Factors Risks Related to DoingBusiness in the PRC We may rely on dividends and other distributions on equitypaid by the operating entities to fund any cash and financing requirements we mayhave.To the extent funds or assets in the business are in the PRC or a PRC entity,the funds or assets may not be available to fund operations or for other useoutside of the PRC due to interventions in or the imposition of restrictions andlimitations on the ability of our company or the operating entities by the PRCgovernment to transfer cash or assets”beginning on page 29 of this prospectus.Cash transfers from the Cayman Islands holding company to the investors is subjectto the restrictions on the remittance of Renminbi into and out of China andgovernmental control of currency conversion.See“Risk Factors Risks Related toDoing Business in the PRC Restrictions on the remittance of Renminbi into andout of China and governmental control of currency conversion may limit our abilityto pay dividends and other obligations,and affect the value of your investment”beginning on page 30 of this prospectus.Additionally,to the extent cash or assetsin the business is in China or a Chinese operating entity,the funds or assets maynot be available to fund operations or for other use outside of China due tointerventions in or the imposition of restrictions and limitations on the abilityof our company or the operating entities by the PRC government to transfer cash orassets.See“Risk Factors Risks Related to Doing Business in the PRC We mayrely on dividends and other distributions on equity paid by the operating entitiesto fund any cash and financing requirements we may have.To the extent funds orassets in the business are in the PRC or a PRC entity,the funds or assets may notbe available to fund operations or for other use outside of the PRC due to2023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm23/223interventions in or the imposition of restrictions and limitations on the abilityof our company or the operating entities by the PRC government to transfer cash orassets”beginning on page 29 of this prospectus.As of the date of this prospectus,we have not maintained any cash managementpolicies that dictate the purpose,amount and procedure of fund transfers among ourCayman Islands holding company,our subsidiaries,or investors.Rather,the fundscan be transferred in accordance with the applicable laws and regulations.92023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm24/223Table of ContentsCorporate InformationOur principal executive offices are located at No.8 Banhouhaichuan Rd,Xiqin Town,Yanping District,Nanping City,Fujian Province,China 353001,and our telephonenumber is 86 0599 8508022.Our website is .Information contained on,or available through,our website does not constitute part of,and is not deemedincorporated by reference into,this prospectus.Our registered office in theCayman Islands is located at the office of Harneys Fiduciary(Cayman)Limited,4thFloor,Harbour Place,103 South Church Street,P.O.Box 10240,Grand Cayman KY1-1002,Cayman Islands.Our agent for service of process in the United States isCogency Global Inc.,122 East 42nd Street,18th Floor,New York,NY 10168.Implications of Being an Emerging Growth CompanyAs a company with less than US$1.235 billion in revenue during our last fiscalyear,we qualify as an“emerging growth company”as defined in the Jumpstart OurBusiness Startups Act of 2012,as amended,or the JOBS Act.As long as we remain anemerging growth company,we may rely on exemptions from some of the reportingrequirements applicable to public companies that are not emerging growth companies.In particular,as an emerging growth company,we:may present only two years of audited financial statements and onlytwo years of related Managements Discussion and Analysis of FinancialCondition and Results of Operations,or“MD&A;”are not required to provide a detailed narrative disclosure discussing ourcompensation principles,objectives and elements and analyzing how thoseelements fit with our principles and objectives,which is commonlyreferred to as“compensation discussion and analysis”;are not required to obtain an attestation and report from our auditors onour managements assessment of our internal control over financialreporting pursuant to the Sarbanes-Oxley Act of 2002;are not required to obtain a non-binding advisory vote from ourshareholders on executive compensation or golden parachute arrangements(commonly referred to as the“say-on-pay,”“say-on frequency”and“say-on-golden-parachute”votes);are exempt from certain executive compensation disclosure provisionsrequiring a pay-for-performance graph and chief executive officer payratio disclosure;are eligible to claim longer phase-in periods for the adoption of new orrevised financial accounting standards under 107 of the JOBS Act;and will not be required to conduct an evaluation of our internal control overfinancial reporting until our second annual report on Form 20-F followingthe effectiveness of our initial public offering.We intend to take advantage of all of these reduced reporting requirements andexemptions,including the longer phase-in periods for the adoption of new orrevised financial accounting standards under 107 of the JOBS Act.Our election touse the phase-in periods may make it difficult to compare our financial statementsto those of non-emerging growth companies and other emerging growth companies thathave opted out of the phase-in periods under 107 of the JOBS Act.Under the JOBS Act,we may take advantage of the above-described reduced reportingrequirements and exemptions until we no longer meet the definition of an emerginggrowth company.We will remain an emerging growth company until the earliest of(a)the last day of the fiscal year during which we have total annual grossrevenues of at least US$1.235 billion;(b)the last day of our fiscal yearfollowing the fifth anniversary of the completion of this offering;(c)the date onwhich we have,during the preceding three-year period,issued more thanUS$1.0 billion in non-convertible debt;or(d)the date on which we are deemed tobe a“large accelerated filer”under the United States SecuritiesExchange Act of 1934,as amended,or the Exchange Act,which would occur if themarket value of our ordinary shares that are held by non-affiliates exceedsUS$700 million as of the last business day of our most recently completed secondfiscal quarter.Once we cease to be an emerging growth company,we will not beentitled to the exemptions provided in the JOBS Act discussed above.102023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm25/223Table of ContentsForeign Private Issuer StatusWe are a foreign private issuer within the meaning of the rules under theSecurities Exchange Act of 1934,as amended(the“Exchange Act”).As such,we areexempt from certain provisions applicable to United States domestic publiccompanies.For example:we are not required to provide as many Exchange Act reports,or asfrequently,as a domestic public company;for interim reporting,we are permitted to comply solely with our homecountry requirements,which are less rigorous than the rules that apply todomestic public companies;we are not required to provide the same level of disclosure on certainissues,such as executive compensation;we are exempt from provisions of Regulation FD aimed at preventing issuersfrom making selective disclosures of material information;we are not required to comply with the sections of the Exchange Actregulating the solicitation of proxies,consents,or authorizations inrespect of a security registered under the Exchange Act;and we are not required to comply with Section 16 of the Exchange Actrequiring insiders to file public reports of their share ownership andtrading activities and establishing insider liability for profits realizedfrom any“short-swing”trading transaction.Conventions that Apply to this ProspectusUnless we indicate otherwise,references in this prospectus to:“BVI”are to the British Virgin Islands;“CAC”are to the Cyberspace Administration of China;“China”and the“PRC”are to the Peoples Republic of China,excluding,for the purposes of this prospectus only,Taiwan;“CSRC”are to the China Securities Regulatory Commission;“Exchange Act”are to the Securities Exchange Act of 1934,as amended;“Nasdaq”are to Nasdaq Stock Market LLC;“NDRC”are to the National Development and Reform Commission of the PRC;“operating entities”are to the six subsidiaries that conduct ouroperations in China,consisting of Changde Jinsheng Amusement DevelopmentCo.,Ltd.,Qujing Jinsheng Amusement Investment Co.,Ltd.,TonglingJinsheng Amusement Investment Co.,Ltd.,Yuxi Jinsheng AmusementDevelopment Co.,Ltd.,Yueyang Jinsheng Amusement Development Co.,Ltd.,and Mangshi Jinsheng Amusement Park Co.,Ltd.;“Ordinary Shares”are to the ordinary shares of the Company,par value$0.0001 per share;“RMB”and“Renminbi”are to the legal currency of China;“SEC”are to the United States Securities and Exchange Commission;“Securities Act”are to the Securities Act of 1933,as amended;“U.S.”,“US”or“United States”are to United States of America,itsterritories,its possessions and all areas subject to its jurisdiction;“US$,”“$”and“U.S.dollars”are to the legal currency of theUnited States;and “we,”“the Company,”“us,”“our company,”“our”are to GoldenHeaven Group Holdings Ltd.,our Cayman Islands holding company,unless thecontext suggests otherwise,and also includes its subsidiaries whendescribing the consolidated financial information of Golden Heaven GroupHoldings Ltd.112023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm26/223Table of ContentsOur reporting and functional currency is the Renminbi.Solely for the convenienceof the reader,this prospectus contains translations of some RMB amounts intoU.S.dollars,at specified rates.Except as otherwise stated in this prospectus,all translations from RMB to U.S.dollars are made at RMB6.58 to US$1.00.Norepresentation is made that the RMB amounts referred to in this prospectus couldhave been or could be converted into U.S.dollars at such rate.We have maderounding adjustments to reach some of the figures included in this prospectus.Consequently,numerical figures shown as totals in some tables may not bearithmetic aggregations of the figures that precede them.Our fiscal year end is September 30.References to a particular“fiscal year”areto our fiscal year ended September 30 of that calendar year.Our auditedconsolidated financial statements have been prepared in accordance with thegenerally accepted accounting principles in the United States(the“US GAAP”).This prospectus contains information derived from various public sources andcertain information from an industry report commissioned by us and prepared byiResearch,Inc.,a third-party industry research firm,to provide informationregarding our industry and market position.Such information involves a number ofassumptions and limitations,and you are cautioned not to give undue weight tothese estimates.We have not independently verified the accuracy or completeness ofthe data contained in these industry publications and reports.The industry inwhich we operate is subject to a high degree of uncertainty and risk due to varietyof factors,including those described in the“Risk Factors”section.These andother factors could cause results to differ materially from those expressed inthese publications and reports.We have proprietary rights to trademarks used in this prospectus that are importantto our business,many of which are registered under applicable intellectualproperty laws.Solely for convenience,the trademarks,service marks and tradenames referred to in this prospectus are without the,and other similarsymbols,but such references are not intended to indicate,in any way,that we willnot assert,to the fullest extent under applicable law,our rights or the rights ofthe applicable licensors to these trademarks,service marks and trade names.Thisprospectus contains additional trademarks,service marks and trade names of others.All trademarks,service marks and trade names appearing in this prospectus are,toour knowledge,the property of their respective owners.We do not intend our use ordisplay of other companies trademarks,service marks or trade names to imply arelationship with,or endorsement or sponsorship of us by,any other person.122023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm27/223Table of ContentsThe OfferingOffering Price We currently estimate that the initial publicoffering price will be between US$4.00 andUS$5.00 per ordinary share.Ordinary Shares offered by us 2,000,000 ordinary sharesOrdinary Shares outstanding priorto the completion of thisoffering 50,000,000 ordinary sharesOrdinary Shares outstandingimmediately after this offering 52,000,000 ordinary sharesUse of Proceeds We anticipate using the net proceeds of thisoffering primarily for the purposes of expandingthe market share and improving our financialperformance.See“Use of Proceeds”for moreinformation.Lock-up We have agreed with the underwriters,subject tocertain exceptions,not to sell,transfer orotherwise dispose of any ordinary shares orsimilar securities for a period ending threemonths after the commencement of sales of theoffering.Furthermore,each of our directors,executive officers and shareholders of 5%or moreof our ordinary shares has also entered into asimilar lock-up agreement for a period of sixmonths from the date of this prospectus,subjectto certain exceptions,with respect to ourordinary shares and similar securities.Listing We intend to apply to have our ordinary shareslisted on the Nasdaq Capital Market under thesymbol“GDHG.”This offering is contingent onthe listing of our ordinary shares on the NasdaqCapital Market.At this time,the Nasdaq CapitalMarket has not yet approved our application tolist our ordinary shares.There is no assurancethat such application will be approved,and ifour application is not approved by the NasdaqCapital Market,this offering may not becompleted.Payment and settlement The underwriters expect to deliver ordinaryshares against payment on,2023,through thefacilities of The Depository Trust Company,orDTC.Risk Factors See“Risk Factors”and other informationincluded in this prospectus for a discussion ofrisks you should carefully consider beforeinvesting in our ordinary shares.Capital Structure and VotingRights Our authorized share capital is US$50,000 dividedinto 500,000,000 ordinary shares of par valueUS$0.0001 each.Holders of ordinary shares are entitled to onevote per one Ordinary Share.See“Description ofShare Capital.”132023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm28/223Table of ContentsRISK FACTORSAn investment in our ordinary shares involves a high degree of risk.Before decidingwhether to invest in our ordinary shares,you should consider carefully the risksdescribed below,together with all of the other information set forth in thisprospectus,including the section titled“Managements Discussion and Analysis ofFinancial Condition and Results of Operations”and our consolidated financialstatements and related notes.If any of these risks actually occurs,our business,financial condition,results of operations,or cash flow could be materially andadversely affected,which could cause the trading price of our ordinary shares todecline,resulting in a loss of all or part of your investment.The risks describedbelow and discussed in other parts of this prospectus are not the only ones that weface.Additional risks not presently known to us or that we currently deem immaterialmay also affect our business.You should only consider investing in our ordinaryshares if you can bear the risk of loss of your entire investment.We are providing the following summary of the risk factors contained in thisprospectus to enhance the readability and accessibility of our risk factordisclosures.We encourage you to carefully review the full risk factors contained inthis prospectus in their entirety for additional information regarding the risks thatcould cause our actual results to vary materially from recent results or from ouranticipated future results.Risks Related to Our Business and Industry The COVID-19 pandemic has disrupted the operating entities business andwill adversely affect our results of operations and various other factorsbeyond our control could adversely affect our financial condition andresults of operations.The parks managed by the operating entities are located on leasedproperties,and there is no assurance that the operating entities will beable to renew the leases or find suitable alternative premises upon theexpiration of the relevant lease terms.The operating entities may not be able to maintain or increase the cost-effectiveness of their entertainment offerings.The high fixed cost structure of park operations can result in significantlylower margins if revenues decline.Declines in discretionary guest spending and guest confidence,or changes inguest tastes and preferences,could affect the profitability of theoperating entities business.If the operating entities are unable to conduct marketing activities in acost-effective manner,our results of operations and financial condition maybe materially and adversely affected.The operating entities operate in a competitive industry and their revenues,profits or market share could be harmed if they are unable to competeeffectively.Our historical financial and operating results are not indicative of futureperformance and our financial and operating results may fluctuate.The operating entities may not be able to fund capital investment in futureprojects and may not achieve the desired outcome of their growthinitiatives.The operating entities may not succeed in their cost saving strategies.The operating entities may be unable to contract with third-party suppliersfor rides and attractions,and construction delays may occur and impactattraction openings.Financial distress experienced by business partners and other contractcounterparties could have an adverse impact on the operating entities.Increased labor costs,inability to retain suitable employees,orunfavorable labor relations may adversely affect the business,financialcondition or results of operations.If the operating entities lose key personnel,their business may beadversely affected.142023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm29/223Table of Contents If the operating entities intellectual property rights are infringed on bythird-parties or if the operating entities are alleged or found to haveinfringed on the intellectual property rights of others,it may adverselyaffect the business of the operating entities.The operating entities business depends on the continued success of theirbrand,and if they fail to maintain and enhance the recognition of theirbrand,they may face difficulty expanding their business.Incidents or adverse publicity concerning the parks or the amusement parkindustry in general could harm the brand,reputation or profitability of theoperating entities.Adverse litigation judgments or settlements resulting from legal proceedingscould reduce the profits or negatively affect the business operations of theoperating entities.Bad or extreme weather conditions can reduce park attendance.Significant revenue is generated in Hunan Province,China.Therefore anyrisks affecting that area may materially adversely affect the business ofthe operating entities.The insurance coverage maintained by the operating entities may not beadequate to cover all possible losses and the insurance costs may increase.Interruptions or failures that impair access to information technologysystems could adversely affect the business of the operating entities.Certain data and information in this prospectus were obtained from third-party sources and were not independently verified by us.Risks Related to Doing business in the PRC Adverse changes in economic,political and social conditions of the PRCgovernment could have a material adverse effect on the operating entitiesbusiness.The legal system of the PRC is not fully developed and there are inherentuncertainties that may affect the protection afforded to the operatingentities business and our shareholders.The Chinese government exerts substantial influence over the manner in whichthe operating entities conduct their business activities,may intervene orinfluence such operations at any time,or may exert more control overofferings conducted overseas and/or foreign investment in China-basedissuers,which could result in a material change in such operations and thevalue of our ordinary shares,significantly limit or completely hinder ourability to offer or continue to offer securities to investors,and cause thevalue of our securities to significantly decline or be worthless.Failing to obtain the approval from the NDRCs provincial counterparts orother PRC government authorities may have an adverse effect on the operatingentities business activities.The approval and/or other requirements of the CSRC or other PRC governmentauthorities may be required in connection with an offering under PRC rules,regulations or policies,and,if required,we cannot predict whether or howsoon we will be able to obtain such approval.Recent greater oversight by the CAC over data security,particularly forcompanies seeking to list on a foreign exchange,could adversely impact ourbusiness and our offering.PRC regulations relating to the establishment of offshore special purposecompanies by PRC residents may subject the operating entities to liabilityor penalties,limit our ability to inject capital into the operatingentities,limit the operating entities ability to increase theirregistered capital or distribute profits to us,or may otherwise adverselyaffect us.PRC laws and regulations establish more complex procedures for someacquisitions of PRC companies by foreign investors,which could make it moredifficult for us to pursue growth through acquisitions in China.152023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm30/223Table of Contents We may rely on dividends and other distributions on equity paid by theoperating entities to fund any cash and financing requirements we may have.To the extent funds or assets in the business are in the PRC or a PRCentity,the funds or assets may not be available to fund operations or forother use outside of the PRC due to interventions in or the imposition ofrestrictions and limitations on the ability of our company or the operatingentities by the PRC government to transfer cash or assets.PRC regulations of loans and direct investment by offshore holding companiesto PRC entities may delay or prevent us from using the proceeds of ouroffshore financing to make loans or additional capital contributions to theoperating entities,which could materially and adversely affect ourliquidity and business.We may be exposed to liabilities under the Foreign Corrupt Practices Act andChinese anti-corruption laws.Restrictions on the remittance of Renminbi into and out of China andgovernmental control of currency conversion may limit our ability to paydividends and other obligations,and affect the value of your investment.Fluctuations in exchange rates could result in foreign currency exchangelosses.The enforcement of the PRC Labor Contract Law and other labor-relatedregulations in the PRC may adversely affect the operating entitiesbusiness and results of operations.The custodians or authorized users of our controlling non-tangible assets,including chops and seals,may fail to fulfill their responsibilities,ormisappropriate or misuse these assets.If we are classified as a PRC resident enterprise for PRC income taxpurposes,such classification could result in unfavorable tax consequencesto us and our non-PRC shareholders.Our business may be materially and adversely affected if any of theoperating entities declares bankruptcy or becomes subject to a dissolutionor liquidation proceeding.If the operating entities are not in compliance with the relevant PRC taxlaws and regulations,our financial condition and results of operations maybe negatively affected.If we become directly subject to the recent scrutiny,criticism and negativepublicity involving U.S.-listed Chinese companies,we may have to expendsignificant resources to investigate and resolve the matter which could harmour operations and reputation and could result in a loss of your investmentin our ordinary shares,especially if such matter cannot be addressed andresolved favorably.It may be difficult for overseas regulators to conduct investigation orcollect evidence within China.You may experience difficulties in effecting service of legal process,enforcing foreign judgments or bringing actions in China against us or ourmanagement named in the prospectus based on foreign laws.Risks Related to Our Ordinary Shares and This Offering Recent joint statement by the SEC and the PCAOB proposed rule changessubmitted by Nasdaq,and the Holding Foreign Companies Accountable Actpassed by the US Senate all call for additional and more stringent criteriato be applied to emerging market companies upon assessing the qualificationof their auditors,especially the non-U.S.auditors who are not inspected bythe PCAOB.These developments could add uncertainties to our offering.There has been no public market for our ordinary shares prior to thisoffering,and you may not be able to resell our ordinary shares at or abovethe price you paid,or at all.Because our initial public offering price is substantially higher than ournet tangible book value per share,you will experience immediate andsubstantial dilution.The trading price of our ordinary shares is likely to be volatile,whichcould result in substantial losses to investors.If securities or industry analysts cease to publish research or reportsabout our business,or if they adversely change their recommendations2023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm31/223regarding the ordinary shares,the market price for the ordinary shares andtrading volume could decline.162023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm32/223Table of Contents Substantial future sales or perceived potential sales of our ordinary sharesin the public market could cause the price of our ordinary shares todecline.We currently do not expect to pay dividends in the foreseeable future afterthis offering and you must rely on price appreciation of our ordinary sharesfor return on your investment.We have broad discretion in the use of the net proceeds from our initialpublic offering and may not use them effectively.You may face difficulties in protecting your interests,and your ability toprotect your rights through U.S.courts may be limited,because we areincorporated under Cayman Islands law.Certain judgments obtained against us by our shareholders may not beenforceable.There can be no assurance that we will not be a passive foreign investmentcompany(“PFIC”)for United States federal income tax purposes for anytaxable year,which could subject United States holders of our ordinaryshares to significant adverse United States federal income tax consequences.For as long as we are an emerging growth company,we will not be required tocomply with certain reporting requirements,including those relating toaccounting standards and disclosure about our executive compensation,thatapply to other public companies.We are a foreign private issuer within the meaning of the rules under theExchange Act,and as such we are exempt from certain provisions applicableto U.S.domestic public companies.If we fail to establish and maintain proper internal financial reportingcontrols,our ability to produce accurate financial statements or complywith applicable regulations could be impaired.As a company incorporated in the Cayman Islands,we are permitted to adoptcertain home country practices in relation to corporate governance mattersthat differ significantly from the Nasdaq listing standards.These practicesmay afford less protection to shareholders than they would enjoy if wecomplied fully with corporate governance listing standards.We will incur increased costs as a result of being a public company,particularly after we cease to qualify as an“emerging growth company.”We may lose our foreign private issuer status in the future,which couldresult in significant additional costs and expenses.The obligation to disclose information publicly may put us at a disadvantageto competitors that are private companies.The price of our ordinary shares could be subject to rapid and substantialvolatility.The following risk factors should be read carefully in connection with evaluating usand this prospectus.Certain statements in“Risk Factors”are forward-lookingstatements.See“Special Note Regarding Forward-Looking Statements”elsewhere inthis prospectus.Risks Related to Our Business and IndustryThe COVID-19 pandemic has disrupted the operating entities business andwill adversely affect our results of operations and various other factorsbeyond our control could adversely affect our financial condition andresults of operations.In response to the COVID-19 pandemic,quarantines,travel restrictions,socialdistancing rules,and lockdown measures have been implemented and may be re-implemented pursuant to governmental orders and mandates in China.These actions,inaddition to concerns relating to the public health impacts of the virus,may preventthe operating entities from conducting business activities at full capacity and maylead to temporary cessation of certain business activities.172023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm33/223Table of ContentsFor example,in the fourth quarter of 2021,China experienced severe COVID-19outbreaks and implemented various COVID-19 restrictions.As a result,the operatingentities were adversely affected.Tongling West Lake Amusement World was closed fromMarch 16 to April 10,2022,and the number of guest visits per month at eachamusement park declined by approximately 1,000 to 23,000 from February 2022 toApril 2022.Since the end of 2022,China has eased the COVID-19 restrictions.Despite the ongoing economic recovery,the extent and duration of the impacts of theCOVID-19 pandemic over the long term and the measures implemented in response to theCOVID-19 pandemic remain uncertain.The COVID-19 pandemic could continue to have asignificant adverse impact on the operating entities business,including futurepark closures,disruptions in business activities,restrictions on travel,prohibitions on public gatherings,decrease in park attendance,and reduction inguest spending,any of which events could materially and adversely impact ourfinancial condition,and results of operations.In addition to the COVID-19 pandemic,various other factors beyond our control couldadversely affect the operating entities business,our financial condition,andresults of operations.Such factors include,but are not limited to:natural disasters,such as hurricanes,fires,earthquakes,tsunamis,tornados,floods and volcanic eruptions and man-made disasters,such as oilspills,any of which may deter travelers from scheduling vacations or causethem to cancel travel or vacation plans;outbreaks of pandemic or contagious diseases or guests concerns relatingto potential exposure to travel-related health concerns,such as pandemicsand epidemics such as coronaviruses,Ebola,Zika,Influenza H1N1,avian birdflu,SARS and MERS;changes in the desirability of particular locations or guest travelpatterns;oil prices and travel costs and the financial condition of the airline,automotive and other transportation-related industries,any travel-relateddisruptions or incidents and their impact on travel,particularly to or incities where we have parks;war,terrorist activities or threats and heightened travel security measuresinstituted in response to these events;actions or statements by governmental officials related to travel and theresulting public perception of travel;and interruption of public or private utility services to the parks.Any one or more of these factors could adversely affect attendance,revenue,and percapita spending at the parks,which could adversely affect the operating entitiesbusiness,and,in turn,our financial condition and results of operations.The parks managed by the operating entities are located on leasedproperties,and there is no assurance that the operating entities will beable to renew the leases or find suitable alternative premises upon theexpiration of the relevant lease terms.All of the parks managed by the operating entities are located on properties leasedfrom the local governments in China.Although the operating entities are entitled tothe right of first refusal to renew all of the current leases upon their expirationand have maintained good relationships with the governments,there is no assurancethat the operating entities will be able to renew such leases on commerciallyreasonable terms,or at all.In the event that the operating entities are unable torenew the current leases,they will be forced to relocate and may not be able to findsuitable alternative premises.Even if they are able to find desirable alternativelocations,they may incur extraordinary relocation costs,hefty rental payments andsignificant managerial expenses.If any of these events occurs,the operatingentities business,and,in turn,our financial condition and results of operationsmay be materially and adversely affected.The operating entities may not be able to maintain or increase the cost-effectiveness of their entertainment offerings.The operating entities offer a variety of cost-effective recreational experiences tothe park guests.The current pricing for their entertainment offerings is based,inpart,on the guests spending power and has remained at a relatively low level.Theoperating entities could be compelled to increase the pricing due to various factorsbeyond their control including,but not limited to,any deterioration of generaleconomic or other conditions in the areas where the parks2023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm34/223182023/3/10https:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htmhttps:/www.sec.gov/Archives/edgar/data/1928340/000121390023018043/ff12023a3_goldenheaven.htm35/223Table of Contentsare located,increases in the prices charged by the suppliers,impairment to themajor assets in the parks,increases in repairs and maintenance costs,and changes inmarket trends and competition.If any of these events takes place,the operatingentities may not be able to maintain or increase the cost-effectiveness of theirentertainment offerings.As a result,their business,and our financial condition andresults of operations could be materially and adversely affected.The high fixed cost structure of park operations can result insignificantly lower margins if revenues decline.The operating entities significant expenses are attrib
5人已浏览
2023-03-10 223页
5星级
未来实验室:未来媒体和广播报告(英文版)(20页).pdf
:2:3THE:FUTURE:LABORATORY:P.E NATION:SONY REPORTTHE:FUTURE:LABORATORY:SONY REPORTCo-founder:Chris Sanderson Co-founder:Martin Raymond Managing director:Cliff Bunting Head of foresight:Tim Noakes Head of strategy:Rachele Simms Head of marketing:Rodrigo TobalForesight editor:Kathryn Bishop Senior foresight writer:Holly Friend Foresight writer:Abi Buller Foresight writer:Lavinia FasanoSenior creative researcher:Olivia Houghton Creative researcher:Savannah Scott Creative researcher:Emily Rhodes TFL intern 2021/2022:Isabelle JonesStrategic foresight editor:Adam Steel Senior strategic foresight writer:Darian Nugent Presentations editor:Tilly ThornsStrategy director:Louise French Futures director:Victoria Buchanan Futures analyst:Rachael Stott Senior strategic researcher:Maryam Amjad Strategist:Tamara Hoogeweegen Junior strategist:Sophie Boldog Junior futures analyst:Gursharan PanesarArt director:Britt Berden Designer:Samuel Davies Senior sub-editor:Ian Gill Senior production planner:Madeleine Watts Senior events manager:Philip Franklin-SlatteryBrand and content marketing manager:Louise Lee Marketing assistant:Emily KellyThe Future Laboratory 26 Elder Street,London E1 6BT,UK Phone: 44 20 7791 2020 Email:The Future Laboratory is one of the worlds foremost strategic foresight consultancies.Members of our trends intelligence service LS:N Global get exclusive access to the mindsets defining tomorrow and the early adopters driving global change across eight industry sectors.Find out more:LSN.global: Contact:For further information on all our services please contact or call 44 20 7186 0776ContentsForeword:4Part One:Foresight Overview:6Part Two:A New Landscape:9Part Three:Media&Broadcasting Futures:01 Hybrid&Immersive:13:02 Democratised&Decentralised:20:03 Streamlined&Consolidated:27:04 Sustainable&Collaborative:33Part Four:Conclusion:37:4:5THE:FUTURE:LABORATORY:P.E NATION:SONY REPORTTHE:FUTURE:LABORATORY:SONY REPORTForewordAfter two years of Covid-19 sending disruptive waves around the worlds of politics,industry and civil society,this is a fitting time to take stock of the future of the virtual and other digital technologies that have been our life rafts throughout the pandemic.These technologies have enabled and enhanced every aspect of our lives,from how we work from home,how we keep connected with our families and friends and how we shop and consume,to how we keep ourselves informed,educated and entertained.The media and entertainment industries are at the heart of the pioneering technologies that continue to push the frontiers of what is possible,and as tech forges ahead,industry business models must evolve and adapt to keep pace.To give our partners and communities insight into what is next for these industries,Sony has commissioned The Future Laboratory to produce this MEDIA&BROADCASTING FUTURES report.Integration,collaboration and consolidation are key words that define how the industry is responding across its operations from content creation,production,distribution and consumer engagement to the sustainability of its ways of working.This report provides an in-depth assessment of the development of different business models and new revenue streams for industry players.Media owners need solutions that will enable them to digitise their businesses,as a digital business model allows them to increase the volume of content created while lowering costs.Broadcasters require bespoke solutions that include cloud and distributed platforms to help balance operational effectiveness with flexibility and cost efficiencies.We at Sony have been working as an end-to-end provider in partnership with industry professionals for more than 50 years.With that commitment to collaboration and innovation,we are excited to be supporting the industry in this next phase of its evolution with cloud and distributed platforms technologies such as our HIVE collaboration platform and our Ci suite of cloud solutions.Were proud to be participating in our mission as a future-proof supplier to help broadcasters rewrite the future of our collective industry not as the new normal,but as the new extraordinary.:6:7THE:FUTURE:LABORATORY:P.E NATION:SONY REPORTTHE:FUTURE:LABORATORY:SONY REPORTPart One:Foresight OverviewIntroductionThe media and broadcasting industry has experienced unprecedented turbulence over the past 18 months.The unique challenges posed by a global pandemic have transformed consumer behaviour,accelerated technological developments and impacted how everyone,from large broadcasters to amateur auteurs,creates,produces and distributes content.After a period of uncertainty,the outlook for the industry is increasingly promising.While a degree of turbulence is likely to continue in the years to come,the innovation spurred by the pandemic is now enabling media and broadcasting to thrive once again,with digital transformation,mindset shifts and new behaviours transforming what the industry is capable of,says Martin Raymond,co-founder of The Future Laboratory.In this report,we explore the social,cultural and technological forces that are shaping the future of the media and broadcasting across Europe.We examine:The emergence of hybrid media and broadcasting,where IRL and URL blur to enable truly global,communal and immersive experiencesAn accelerated decentralised future for media fuelled by smaller content creators,with access to content creation tools democratised The streamlining impact of digital transformation on the industry,enabling people to do more with lessThe adoption of new,holistic and collaborative approaches to sustainability Through this examination,we have identified the emerging trends that are shaping media and broadcasting and inspiring all-new capabilities for the industry,enabling the creation of a new extra-ordinary,rather than a new normal.:While a degree of turbulence is likely to continue in the years to come,the innovation spurred by the pandemic is now enabling media and broadcasting to thrive once againMartin Raymond,Co-Founder of the Future Laboratory :8:9THE:FUTURE:LABORATORY:P.E NATION:SONY REPORTTHE:FUTURE:LABORATORY:SONY REPORTANGHAMI LAB CONCEPT IN PARTNERSHIP WITH ADDMIND,SWANAPart Two:A New LandscapeA series of shifts unfolding today is set to determine what the media and broadcasting industry will look like tomorrow.Importantly,opportunities abound,as brands look to harness a new landscape to meet and exceed consumers evolving needs.The pandemic didnt just temporarily alter our way of working but has accelerated a range of developments that have transformed the industry for good,says Teresa Azcona,vice president of Spain Film Commission.Its a landscape thats still emerging,but one that has arrived faster than we could have imagined.:Digital AccelerationAccording to research from McKinsey,society experienced five years of digital transformation in the first eight months of the pandemic alone.In Spain,digital adoption jumped from 84%to 96%,according to McKinsey,while Equinix research reveals that 41%of digital leaders in Germany say they have accelerated digital transformation plans because of the pandemic.For the media and broadcasting industry,restructuring around digital solutions initially provided a means to survive,as lockdowns and stay-at-home orders necessitated remote work.But increased digitisation is now enabling the industry to thrive in new ways too.Cloud-based and software-based solutions have created a newfound agility within the industry and an ability to scale more easily Sbastien Audoux,Head of sports digital content at Canal Cloud is playing a central role,with 57%of companies reporting that more than half of their infrastructure is now in the cloud,and 64%saying they expected to be fully in the public cloud within five years,according to CloudCheckr.As Sbastien Audoux,head of sports digital content at Canal ,states:Cloud-based and software-based solutions have created a newfound agility within the industry and an ability to scale more easily.Production is another case in point,becoming less linear and more fluid as a result of increased digitisation.Digitisation has impacted how we produce,says Teresa Azcona.Visual effects,for example,used to be a post-production afterthought,but now we begin thinking about them from the beginning.:Virtual SafetyResearch from trade publication Pollstar shows that the global live events industry lost over 26.5bn worldwide in 2020 due to restrictions and lockdowns.The global film and television industry is projected to lose a staggering 141bn of growth over the next five years.Transformed consumer mindsets sit at the heart of this economic reckoning,with research from YouGov revealing that globally almost half(43%)of consumers remain uncomfortable about visiting live events such as sports,music concerts,or festivals.But its not all bad news.While some parts of the industry were decimated by the pandemic,others saw an uptick in usage,with streaming services key among them.For example,Netflix added 36m new subscribers in 2020 with almost 16m subscribers in the first three months of 2020 alone.Disney was another big winner,despite having only launched in November 2019.Since then,it has amassed around 116m subscribers worldwide.:10:11THE:FUTURE:LABORATORY:P.E NATION:SONY REPORTTHE:FUTURE:LABORATORY:SONY REPORTThis rapid migration to digital behaviours is now enshrined in the day-to-day lives of consumers across Europe.The new opportunities it presents will help sustain the media and broadcasting over the next few years and beyond,becoming its lifeblood.Changes in customer behaviour,propelled by habits gained in the pandemic,in many cases,look set to continue well beyond it Dan Bunyan,strategic director at PwCThese shifts are playing out almost everywhere in the entertainment and media sector,says Dan Bunyan,strategic director at PwC.Whether its box-office revenues shifting to streaming platforms,rising e-commerce helping to boost digital advertising or brands looking to find potential customers across new entertainment platforms and games,there is one common driver:changes in customer behaviour,propelled by habits gained in the pandemic,in many cases,look set to continue well beyond it.:Creativity RisingAmid the doom and gloom of the global pandemic,the constraints placed on people have served to spark a creativity revolution among consumers,giving them an outlet and pushing us from an information-based society towards a future where value is driven by imagination.According to WeTransfer,more than 61%of people who started new jobs in 2020 say theyre having more creative ideas than ever.In media and broadcasting specifically,this creativity wave promises to deliver a burgeoning generation of creators who could redefine content for good.With a record number of employees quitting or thinking about doing so in the search for balance across all industries putting pressure on sectors like media and broadcasting that traditionally have functioned through long hours or require intensive travel new blood and new ways of working look set to offer a route forward.The pandemic has caused people to take stock,and many people are turning away from production in favour of better work/life balance.New opportunities and digital roles will be required to ensure people dont leave the industry en masse,says Patrick Lenkeit,technical specialist at Bright!studios.:Whole-System ThinkingThe pandemic put a new focus on the worlds supply chains and highlighted just how interconnected we remain in an increasingly globalised world.This appreciation has seen a shift in how consumers understand sustainability,with a more holistic view replacing mindsets once focused specifically on the environment.Responding to the increasingly eco-minded consumer climate,the world of media and broadcasting is now being challenged to follow in the footsteps of industries like fashion,and drive new sustainability standards across the sector.Improving sustainability through increased efficiencies represents a huge part of the future of media and broadcasting,says Sbastien Audoux.It will require a new era of cross-industry collaboration,but its a future that is emerging quickly.Cross-sector guidelines and regulating bodies are emerging to drive sustainable collectivism and set industry standards,illustrating a future where organisations are forced to hold themselves and their industry mates accountable.Improving sustainability through increased efficiencies represents a huge part of the future of media and broadcasting Sbastien Audoux,Head of sports digital content at Canal :12:13THE:FUTURE:LABORATORY:P.E NATION:SONY REPORTTHE:FUTURE:LABORATORY:SONY REPORTDIGITAL TWINS:LOST HORIZON:LOST HORIZON VIRTUAL FESTIVAL,UKLooking ahead,this accelerated change is likely to become exponential,as innovation fuels new opportunities.For Martin Raymond,co-founder of The Future Laboratory,its a watershed moment and an opportunity to build back better and disrupt differently.Weve spent our time fretting about the new normal,when we should be talking about the new extra-ordinary,he says.The pandemic has precipitated scientific advancement,championed innovation and ushered in a new age of collaboration,challenge and change.Through our research,we have identified four themes that represent the future of media and broadcasting.Here,we explore the themes set to define how the industry evolves over the next five years and beyond,and the microtrends they will inspire.01 Hybrid&Immersive As the world begins to adapt to the inter-Covid climate,the virtual spaces which have provided a temporary lifeline for brands are going nowhere.Instead,get ready for a future of hybrid media and broadcasting,where IRL and URL will blur to enable truly global,communal and immersive experiences.Part Three:Media&Broadcasting FuturesAs the rapidly shifting landscape demonstrates,the pace of transformation within the media and broadcasting industry has never been higher.A series of huge shifts is happening all at once,causing the industry to consider things today it didnt have to a few years ago,says Giacomo Margutti,an Italy-based senior content producer.Invigorated by new technologies,captive audiences and the advancement of 5G,the virtual events that were once categorised as sub-standard alternatives are reaching new,and often enhanced,heights.For Marco Giberti,co-author of Reinventing Live,a new era for live events is fast emerging.Events were built to succeed hundreds of years ago but they are built to fail in the 21st century,he says.Post-Covid,virtual events will be unrecognisable.It will be like comparing traditional tv with streaming,print magazines with tablets or music CDs with Spotify.Communities will interact through the combination of virtual and face-to-face experiences in ways that will increase their return on investments and improve efficiencies.These new realities are being embraced by audiences who have had no choice but to adapt and recalibrate their entertainment values and demands.Research from Accenture reveals that over half(58%)of consumers said they would be excited about a connected,end-to-end extended reality experience,with a vast majority(84%)willing to pay for it.This welcomed hybrid future,freed from physical limitations,will lead to the expansion of three trends:the emergence of Digital Twins,the revival of Communal Events and Venues Reimagined.:Digital TwinsDigital twins of physical,real-world spaces are fundamentally transforming how and where people engage with live entertainment pointing to a future where entertainment is unrestricted by geography,physical space or accessibility.Traditionally,digital twins were primarily used to model scenarios and answer what ifs for supply chains and logistics.Now,however,the wealth of new :14:15THE:FUTURE:LABORATORY:P.E NATION:SONY REPORTTHE:FUTURE:LABORATORY:SONY REPORTdigital formats created inter-pandemic has pushed the envelope of the events experience redefining the landscape for attendees and producers alike and transformed digital twins from a purely B2B solution into immersive,virtual and curious spaces where people can explore,meet others and even hang out.By creating a digital platform to experience art and music in a new way,we are at the forefront of defining the next generation of live entertainmentKaye Dunnings,creative director of Lost Horizon.No longer limited to a physical space,and with unrestricted capabilities,digital spaces are solving limitations and uncovering the possibilities beyond IRL.Lost Horizon,the worlds largest music and arts event in virtual reality,is one case in point.Created by the team behind Shangri-La,a section of the famous Glastonbury Festival,the fully interactive,multi-stage event could be experienced via computer,VR or mobile.The Shangri-La x Lost Horizon October 2021 event was streamed live to global viewers.Featuring computer-generated avatars and green-screen hologram performances,the experience included dance floors and hidden venues,mimicking its real-life Shangri-La counterpart.By creating a digital platform to experience art and music in a new way,we are at the forefront of defining the next generation of live entertainment,explains Kaye Dunnings,creative director of Lost Horizon.Other future-facing platforms are stepping up to forge this new future offering event organisers ready-made virtual reality(VR)spaces or personalised digital twins of their own IRL venues.Virtual events platform Touchcast is one leading example.Its Iconic Venue Collection is the worlds most technologically advanced virtual venue portfolio,comprising arenas,theatres,auditoriums and the recently unveiled Touchcast Tower.Each space boasts its own unique set of capabilities,and guarantees immersive virtual experiences with multiple camera views,special effects,instant language translation and the ability to chat with other attendees in real time perks that far exceed the potential of in-person programming.As tv producer Lynsey Martenstyn explains:Digital twins of live events open up a new world of possibilities.It means you can have an audience there physically,and an audience of global fans from all over the world,with geography and accessibility no longer an issue.Event design platform OnePlan is further enabling organisers to unlock these new capabilities.Its latest offering,Venue Twin,provides a fully interactive,centimetre-accurate 3D digital twin of any venue.Boasting huge operational and commercial benefits,Venue Twin enables stadiums and arenas to harness advanced 3D seat view options to boost ticket sales and gain audience traction offering enhanced VIP tiers akin to IRL experiences,and audience-dependent advertising space.Cameras like Sonys BRC-H900 with integrated artificial intelligence(AI)will prove integral to helping this future flourish.BRC-H900 has sensitive 1/2-inch type Exmor 3CMOS image sensors capturing detail packed full HD footage,so images shot on it will benefit from less noise and from enriched information in a 2K or 4K production,meaning the camera is particularly well suited for VR and in-camera VFX setups,delivering an immersive experience and realistic images.As we approach the next decade,AI-powered algorithms will help virtual spaces move one step further,creating deepfake versions of stadiums that replicate physical locations accurately in real time,from harnessing hyper-real haptic technologies to mimic IRL touchpoints,to utilising audio-spatial sound advancements to create ultra-unique sonic landscapes.:Communal EventsHybrid and immersive technologies will enable new social opportunities for media and broadcasting,as the consumption of entertainment at home moves from the personal to the communal.The pandemic forced consumers into a global state of stasis,and many replaced binge-watching with the slow gratification of weekly instalments signalling a return to the traditions of communal watching and commentary.In the UK,the BBC was quick to cater to these new demands.It released youth favourite I May Destroy You in dual instalments on BBC iPlayer weekly,while Normal People was aired weekly on BBC Three,and received record-tripling viewing figures.A return to semi-traditional programming strategies is a quick fix for broadcasting organisations looking to facilitate water-cooler moments of togetherness,but hybrid and immersive technologies will go one step further in aiding truly interactive,communal experiences.Digital twins of live events open up a new world of possibilities.It means you can have an audience there physically,and an audience of global fans from all over the worldLynsey Martenstyn,TV Producer:16:17THE:FUTURE:LABORATORY:P.E NATION:SONY REPORTTHE:FUTURE:LABORATORY:SONY REPORTOMA CINEMAS MODULAR PODS SEAT THE ENTIRE AUDIENCE IN PRIME POSITION,VIETNAM:19THE:FUTURE:LABORATORY:P.E NATION:INNER STRENGTH 2030 REPORT:18THE:FUTURE:LABORATORY:SONY REPORTThis demand is already being verified beyond the hype of a comedy/drama mini-series.Over one third(39%)of live sports viewers are interested in watching sports together virtually,according to a Minerva Networks survey,while research from Hulu indicates that 32%of streamers say that watching tv shows or films with others and having a community of fellow fans is very important to them.Netflix has been quick to cater to these hyper-interactive expectations.Its group feature,Teleparty,allows a group of subscribers with similar viewing preferences to watch a show virtually together,synchronising playback and aiding on-screen chats.The extension is also compatible with Disney,Hulu and HBO streaming services.Outside of broadcasting,events organisers are also recognising the value in these types of virtual interactions.Tobacco Dock Virtual,developed in partnership with VR platform Sansar,presents shows and events at the same time as the physical venues.Drawing on gaming cues,it assigns each guest an avatar that can navigate the dynamic virtual space allowing users to interact with other attendees,listen to live performances and ask questions in real time.:Venues Reimagined As our digital and physical worlds continue to blur,spaces from sports stadiums to music venues and cinemas will be reimagined for the phygital age.VR technologies are helping the media and broadcasting industries realise the full potential of physically optimised spaces,and products,services and equipment must now be designed with this new landscape in mind.As Teresa Azcona,vice president of Spain Film Commission explains:The theatrical experience is already changing.When we go to a cinema,we will need something different from what we get at home,and I think that will involve a different technology and perhaps a completely different experience.Paris-based Oma Cinema is already rethinking the traditions of its physical spaces,unveiling a radical retake on the traditional cinema interior.The design replaces conventional rows of seats with circular booths placed vertically across the rear of the theatre hoping to combine the intimacy of the home with the scale of the cinematic experience.In music,prominent Middle East-and North Africa-focused music streaming company Anghami has announced plans to launch a string of hybrid entertainment venues across the world.The Anghami Labs will be equipped with lounges,stages and studios where creators can experiment with music inspired by both Arabic and international cultures.Anghami is more than just a streaming platform.It has elevated the value of the music industry in the Middle East as a whole Tony Habre,CEO of AddmindThe concept also includes a partnership with hospitality provider Addmind,to offer a fusion of Arabic and international cuisines.Tony Habre,CEO of Addmind,comments:Anghami is more than just a streaming platform.It has elevated the value of the music industry in the Middle East as a whole.Engaging audiences through co-created music and foods that borrow from a variety of cultures,Anghami is expanding its reach beyond the virtual to offer a 360-degree brand experience.Universal Music Group(UMG)is also betting on these new types of wholly immersive,physical experiences.Partnering with entertainment investment group Dakia U-Ventures,the music giant is launching UMusic Hotels,a series of global music-focused experiential hotels.Featuring immersive experiences for fans,guests and musicians,each hotel will complement the local architectural landscape.As Bruce Resnikoff,president and CEO of Universal Music Enterprises,notes:Through musics unique power to inspire and unite especially given UMGs unparalleled roster of artists and labels UMusic Hotels will both highlight these cities rich music heritage and provide new opportunities for artists to reach fans in immersive,innovative and authentic ways.When it comes to streaming these events be they concerts,festivals or corporate events Virtual Production,Sonys cloud native live production switcher,enables multi-camera production without the need for any dedicated infrastructure.It can be used as the user requires,and leverages a pay-as-you-go model for ultimate convenience.What Now?With the event landscape ushering in a new phygital wave,the time is now for brands to reconfigure their offerings,designing future-smart equipment that chimes with the needs and regulations of new venue types and media consumption habits.Think VR architecture,instead of acoustics,and modular design that suits the ephemeral qualities of second-generation venues.:20:21THE:FUTURE:LABORATORY:P.E NATION:SONY REPORTTHE:FUTURE:LABORATORY:SONY REPORTContent and its creators are everywhere.Booming global smartphone usage and the unprecedented popularity of short-form social videos are giving a new understanding of what it means to be a creator.Research from SignalFire indicates that more than 50m people around the world consider themselves content creators,with 93%(46.7m)of this cohort describing their status as amateurs.Their self-categorisation may be modest,but their influence is anything but.Data from WordStream reveals that more online video content is uploaded every 30 days than major television networks in the US have created in the past 30 years,while research from Zenith highlights that in 2021 the average person will spend 100 minutes watching online videos.Emboldened by numbers and popularity,this new dawn of content creation is demanding increasingly professional outlets,functional knowledge and intuitive technologies,making way for brands to give burgeoning creative communities platforms to showcase their work.50m people around the world consider themselves content creatorsSource:SignalFireContent on platforms where people can self-publish is increasingly being picked up by broadcast tv makers daring to be different,says tv producer Lynsey Martenstyn.Its leading us toward a future where we see a broader range of people producing content with high-quality production values,community stories and different viewpoints.This decentralised media future is leading to the expansion of three trends:the support of Creator Communities,the growing inclusion of Sideline Studios and the development of Intuitive Tech.:Creator CommunitiesCreative communities are ushering in a new era of decentralised production,prompting established platforms to learn from,and embrace,Generation Creation.Youth-driven values are fuelling a reformation in the creation and consumption of content.Sceptical of traditional educational formats,and tired of the homogeneous saturation of mainstream media,young creatives are seeking solace in all-inclusive production tools that allow them to tell new stories on their own terms.Grassroots community initiatives are already paving the way for this kind of equitable media future.Minneapolis-based Speak MPLS is a member-based media centre that gives young people access to media labs,studios,equipment,tailored production classes and free airtime for members on its native public-access channel Speak MPLS TV.At the beginning of the pandemic,we saw a wealth of new training initiatives that saw people come together and learn new skills relevant to the tv industry,says tv producer Lynsey Martenstyn.Its helped to create new communities of people looking out for each other in tv production.Pluc.tv is striving to create the technological solutions and new self-sufficient communities,that are proving integral in the age of the creator economy.The India-based platform provides guidance and tools at every step of the production journey,allowing users 02 Democratised&Decentralised A creativity revolution is emboldening a new wave of creatives to explore fresh routes to production making way for a media horizon where the future,and the tools needed to get there,is accessible for all.SIDELINE STUDIOS:HIGH STREET RESIDENTIALS LLEWELLYN RESIDENCE,US:22:23THE:FUTURE:LABORATORY:P.E NATION:SONY REPORTTHE:FUTURE:LABORATORY:SONY REPORTAt the beginning of the pandemic,we saw a wealth of new training initiatives that saw people come together and learn new skills relevant to the tv industry.Its helped to create new communities of people looking out for each other in tv production Lynsey Martenstyn,TV Producerto create,market and monetise content.Gen Zs altruistic intentions on themes ranging from pollution to inequality and farming are often at the heart of the videos,with some creating direct policy change in India.For founder and CEO Tamseel Hussain,Pluc.tv helps to balance the gap between top creators those who have stories to tell without the resources to tell them:Were disrupting and re-balancing the current creator ecosystem,by spotlighting and supporting new talent in an arena held hostage by top creators.We enable people who want to do something good but do not have enough influence on the internet.Beyond democratised production,innovative brands are utilising the data behind media consumption to create hyper-localised,reactive content.Wattpad Studios is one pioneering example.It harnesses the power of Gen Z storytellers,real-time insights and fandom to create audience-centric content that celebrates its diverse community.The studio works directly with its storytellers,and their fans,through the entire production process,with audience data and fan comments informing everything from the script to the colour palette to the soundtrack.Boasting 90m monthly users,1bn uploads and one of the worlds largest IP libraries,Wattpads entertainment universe is fundamentally reshaping content production.From providing the tools to facilitating exposure,established brands are increasingly recognising the power of these new creative communities.Sonys latest smartphone,the Xperia PRO-I,is setting a new standard for smartphone photography.It boasts 4K recording capabilities,BIONZ X for noise-free images and Dolby Atmos sound to provide content creators with all-inclusive technologies at their fingertips.Netflix is also paying attention.Along with Adobe famous for its ubiquitous image and video editing software its launching a contest on TikTok where users can submit pitches in the form of a trailer for a Great Untold story.:Sideline StudiosWith the Creator Economy booming,broadcast studios are becoming an essential element of future residential,hospitality and leisure development,transforming the production landscape.Bedroom pop artists and amateur podcasters are getting a studio upgrade.As the hobby economy reaches new heights,brands and developers are tuning into the needs of budding creators.Research from SignalFire reveals that 46.7m of 50m creators consider themselves amateurs illustrating a future where creatives seek accessible spaces to pursue their sideline passions.Los Angeles-based developer High Street Residential is betting on this behaviour with the unveiling of its creator-friendly complex Llewellyn.The 318-unit building includes a soundproof room fit for musicians,video producers and social media creators.Its a multipurpose room,which functions as a recording studio and a space to rehearse or even record yourself,explains Alex Valente,senior vice president of Trammell Crow Company,which owns High Street Residential.Elsewhere,in the Canadian province of Ontario,real estate investment trust RioCan is developing a two-tower residential project with a communal content studio for video and audio production.Featuring a green screen for special effects,production-grade lighting and acoustic panels,the space enables residents to create professional content without leaving their apartment complex.Its a way to expand Cape Verdes cultural impact,create a platform for local musicians,and bring international artists to record and co-create Kunl Adeyemi,Architect and designer of the Floating Music HubOutside of the home,travel and hospitality venues are catering for creators on the go,with recording studios built into tourist destinations.Centred on creating enriching cultural experiences,Ibizas Six Senses hotel offers guests a sense of community through an array of amenities ranging from music and art to sustainable fashion and wellness.As well as facilitating connections through its programme of creative experiences,its Beach Caves music venue hosts emerging artist sessions,live events and a recording studio available for private hire.By empowering guests to explore their creative potential while on holiday,Six Senses is meeting demand for engaging media-tels.In similar vein,the Floating Music Hub off the island of So Vicente,Cape Verde,is tuning into the youth-driven democratisation of music communities.The West African performance venue promotes :25THE:FUTURE:LABORATORY:P.E NATION:INNER STRENGTH 2030 REPORT:24THE:FUTURE:LABORATORY:SONY REPORTa collaborative exchange of creative ideas between local residents and visiting creators.Comprising three floating vessels,the venue includes a multipurpose live performance space,a state-of-the-art recording studio,a bar and caf,and a central triangular floating plaza for gatherings.Kunl Adeyemi,architect and designer of the Floating Music Hub,explains:Its a way to expand Cape Verdes cultural impact,create a platform for local musicians,and bring international artists to record and co-create.As more people self-identify as creators,this career gear change will affect other sectors.Brands with physical assets should find ways to build flexible broadcast studios into their upcoming developments.:Intuitive Tech New technologies are increasing accessibility and democratising creativity allowing people to take part in production without the need for formal education.Savvy tech brands are updating their offerings to do more for less,creating user-friendly solutions that forgo the need for an expansive kit or ultra-specialised knowledge.IPhone cameras are starting to get to the point where you can shoot cinematic videos without an expensive DSLR or cinema cameraJoshua Davies,CEO at FXHomeSonys range of smart software already offers these kinds of intuitive capabilities.Its movie edit add-on is an image editing application for smartphones that supports image stabilisation by creating smooth videos(as if using a gimbal)and enables intelligent framing,while its transfer and tagging add-on has been specifically designed for on-site professional sports and news photographers to speed up the workflow of transferring still images.For Film software company FXHome,the key to accessibility is providing software solutions without the need for hardware upgrades.Its iOS app,CamTrackAR,captures videos and 3D tracking data simultaneously from Apples ARKit mapping out environments real-time to allow seamless capture tracking and anchors.IPhone cameras are starting to get to the point where you can shoot cinematic videos without an expensive DSLR or cinema camera,explains FXHome CEO Joshua Davies.This is bringing a lot of accessibility to filmmakers and content creators who are just starting out on a shoestring budget.We wanted to extend that to VFX,give creators the tools they need to not just shoot cinematic footage but also add realistic effects without the need for expensive software.Intuitive tech solutions are one of the keys to unlocking a new equitable media horizon,and traditional brands must update their offerings to prevent being shut out.As these software solutions are increasingly embraced,hardware too will be designed with accessibility and,crucially,compatibility in mind,ensuring seamless production and creation processes for users regardless of kit size or education.What Now?As media and broadcasting outsiders utilise the egalitarian options afforded by media collectives,instinctive tech and unbridled access,savvy organisations should facilitate multi-beneficial partnerships that embed social accountability and equitable employment models as key business tenets.:26:27THE:FUTURE:LABORATORY:P.E NATION:SONY REPORTTHE:FUTURE:LABORATORY:SONY REPORTCONNECTED AGILITY:FRAME.IO CLOUD-BASED VIDEO REVIEW AND COLLABORATION PLATFORM,USThe impact of global lockdowns and the subsequent safeguarding initiatives brought the media production industry to a halt.While teams were forced to downsize,work remotely or collaborate across continents,digital solutions emerged to re-enable these new production processes and consolidate and streamline methods that were already looking outmoded.But rather than do more with less,this new era is enabling people to do more with more.As Patrick Lenkeit,technical specialist at Bright!studios,explains:These shifts go beyond efficiency to help deliver more creative freedom.Its creating a more adaptable workforce and a more rapidly adaptable workflow,opening up huge new opportunities.Flexible and digital solutions will prove increasingly relevant to the future of media production,leading to the expansion of two key trends for workforces:Connected Agility and Virtual Production.:Connected Agility Media and broadcasting businesses have connected once-fragmented supply chains in the wake of the pandemic,embracing intelligent processes that harness the power of AI,analytics and automation to fuel creative collaboration.Covid-19 has reinforced the value of a flexible supply chain that can be easily altered to accommodate new requirements and limitations with agility,elasticity and responsiveness proving key to functionality.In lots of ways people have been required to accelerate changes more quickly than they were expecting to do due to the circumstances,says Steve Sharman,founder of AI-oriented media consultancy Hackthorn Innovation.Genuine remote production of sport is one obvious example.Continued migration to the cloud and increased use of AI are helping the future to emerge,ensuring that supply chains can contract or expand seamlessly and eventually in real-time.AI is a huge difference maker,says Canal s Sbastien Audoux.In sport,automated clipping,for instance,can lower the cost of production and essentially produce games automatically.It also means we can tailor more content to each market and each demographic a huge challenge that can only be solved with the help of AI.AI is a huge difference maker.In sport,automated clipping,for instance,can lower the cost of production and essentially produce games automaticallySbastien Audoux,Head of sports digital content at Canal While events may have previously relied on physical infrastructure and IRL staff,new formats and live experiences are now utilising the collaborative and scalable perks of the cloud format too unlocking the potential for media companies that could not previously support the investment needed for high-quality live broadcasting.Supported by Sony Innovation Fund(SIF),Kiswes end-to-end video platform is just one example of these new consolidation tools.It utilises cloud infrastructure and browser-based remote production to allow rights holders to create multiple streams and digital experiences.Similarly,utilising these new hybrid processes,production company Filmnova worked with live production platform Graybo to deliver in-depth coverage of the 2021 World Paralympic Triathlon Series for BBC Sport Online.A scaled-back production crew worked collaboratively in the cloud to combine live feeds from four mobile cameras,adding live graphics and video on demand(VoD)assets from around the event.UFC has similarly harnessed Graybos progressive technology,making use of its remote contribution app,Graybo Producer for its Facebook Live show,Quick Hits.Allowing users to contribute audio and visual content to a live broadcast remotely,this new format helped to personalise the broadcast for viewers and hosts alike,and it proved popular,delivering more than 70m views in 2020.03 Streamlined&Consolidated As Covid-19 laid bare the fragile nature of supply chains,media production was forced to embrace digital techniques in order to survive.These tools are now emerging as streamlined solutions rather than lesser alternatives to standard production processes.:29THE:FUTURE:LABORATORY:P.E NATION:INNER STRENGTH 2030 REPORT:28THE:FUTURE:LABORATORY:SONY REPORTA highly fragmented supply chain with many niche solutions is inefficient and difficult to manage.This is likely to lead to industry consolidation with a smaller number of go-to platforms Dan Goman,CEO of OwnzonesThese types of multi-use production tools illustrate the future of streamlined production.As Dan Goman,CEO of Ownzones,explains:A highly fragmented supply chain with many niche solutions is inefficient and difficult to manage.This is likely to lead to industry consolidation with a smaller number of go-to platforms.One such platform is Frame.ios new service Camera to Cloud,which allows multiple people to start working on a shot the second the director films it,greatly reducing the number of people on set and increasing the number who can contribute while maintaining safe social distance.Sony Professionals Media Solutions Toolkit a new suite of cloud-based microservices is providing another holistic solution.Within the Media Solutions Toolkit,businesses can choose and combine a number of cloud-native,specialised services,each addressing a particular function,such as import or workflow management.Because each microservice can work independently of the others,customers can upgrade,add,remove or scale them as needed,with minimal disruption of service.This modular approach will allow Sony to build and design tailored systems quicker than ever before.And media companies will avoid a long-term commitment to a fixed set of technologies,giving them tight control of their spend,better ROI and a lower total cost of ownership.:Virtual Production Progressive production platforms are taking the lead from the world of gaming to enable virtual production beckoning a new era defined by flexibility,fluidity and speed.As with many virtual shifts,the pandemic has helped reframe virtual production as a bona fide alternative to IRL processes,while also illuminating the game-changing benefits of these new realities.Until about a year or so ago,it virtual production was just theoretical,more or less.There werent many productions actually using it.But now several triple-A productions and even smaller ones are starting to use it,says Mark Pilborough-Skinner,virtual production supervisor at Garden Studios in London.These new technologies are ushering in new industry standards and specialisms.Xon Studios is one of South Koreas leading virtual production and extended reality(XR)stage studios offering revolutionary creative solutions across film,broadcast,animation,VFX,motion design,and immersive entertainment.The cutting-edge facility originally made waves by becoming the first studio in Korea to incorporate mixed reality(MR)technology,with the studios creative ideas and execution becoming synonymous with the future of visual entertainment.Gamings powerful capabilities are now being utilised by filmmakers,too.Unreal Engine is a video game creation tool that allows filmmakers complete control over the set and surrounding environment at a moments notice.Artists can create a photo-realistic 3D background that moves strictly with the cameras field of view,known as the frustum causing the camera angle to shift precisely and seamlessly with the background.These methods were put to the test on Disneys The Mandalorian,of which over half was filmed indoors on a virtual set.For Patrick Lenkeit,technical specialist at Bright!studios,virtual sets are able to tackle chronic production concerns.One of the core points about virtual production is that you have a perspective correct render of the scene for one camera,spot on,he says.Its extremely important to have a spot-on tracking solution.Auto-calibration can also work really well,it offers so much more flexibility.It feels like it will solve a lot of problems.For broadcasters already looking at the next step for their set-up,a move to a fully distributed and cloud native infrastructure will ensure yet more safety and savings on resources.Between its Virtual Production Service Hive,XDCAM air,Ci Media Cloud Services and NavigatorX,Sony has a full portfolio of solutions and services for future-proofing production infrastructures in this new virtual landscape.What Now?With intuitive processes and virtual shortcuts reigning supreme,media and broadcasting organisations must ensure ultimate compatibility lies at the heart of new software developments and new working models.As professionals look to multifunctional software to fulfil their needs,ready-made cloud suites and virtual production hubs will be on standby throughout product processes.:30:31THE:FUTURE:LABORATORY:P.E NATION:SONY REPORTTHE:FUTURE:LABORATORY:SONY REPORTVIRTUAL PRODUCTION:XON STUDIOS VIRTUAL PRODUCTION AND XR STAGE SPECIALISTS,SOUTH KOREA:32:33THE:FUTURE:LABORATORY:P.E NATION:SONY REPORTTHE:FUTURE:LABORATORY:SONY REPORTIf we cant assure our customers that we are being considerate with the environment,that we are taking into account our impact,then we are not going to sell Teresa Azcona,vice president of Spain Film CommissionIn light of the latest Intergovernmental Panel on Climate Change report and COP26,new holistic approaches to sustainability will come to replace outmoded promises and virtue signalling forging a future where eco credentials and concerns are built into the core of industry practices.Consumers are increasingly demanding the brands and organisations they interact with match their own sustainable pledges.As Teresa Azcona,vice president of Spain Film Commission,explains:If we cant assure our customers that we are being considerate with the environment,that we are taking into account our impact,then we are not going to sell.As customers,we are being more conscious with our decisions we have to apply the same sentiment to how we produce and create.With this new wave of consciousness driving the industry to rethink(best)practices,two key trends will take hold:a push for Total Transparency and a new era of Climate Collaboration.:Total Transparency The media and broadcasting industry will embrace total transparency around environmental impact,as emissions reductions and net-zero targets are enshrined in companies operations and data on progress is demanded by consumers.The environmental footprint of film and production is vast:large films have a carbon footprint of 1,081 metric tons,while medium films have a similarly substantial carbon footprint of 769 metric tons.As consumers come to understand the weight of their own actions,they are increasingly demanding the same of the products they interact with.Research from the Carbon Trust indicates that 67%of consumers support the idea of a recognisable carbon label to demonstrate that products have been made with a commitment to measuring and reducing their carbon footprint.As we approach the next decade,demonstrating measurable sustainability credentials will become endemic to brands and organisations.Beyond the media and entertainment industry,EY predicts that 17.7 trillion is set to flow into ESG funds over the next two decades,illustrating a future where sustainable business standards make both ethical and financial sense.67%of consumers support the idea of a recognisable carbon label to demonstrate that products have been made with a commitment to measuring and reducing their carbon footprintCarbon Trust The gigs and festival industry has a captive audience to action its sustainable plans.UK act Coldplay has announced its next world tour will have a net zero carbon footprint and released a sustainability plan that includes direct air carbon capture technology by Climeworks.Elsewhere,sustainable pledges in tv production are emerging,with Netflix announcing plans to cut its direct emissions from fuel and electricity by 45%by 2030 against its level in 2019.To reach its net zero goal by 2022,it will compensate for existing emissions by purchasing offsets and funding conservation 04 Sustainable&Collaborative With 2021s global sustainability summits forcing every industry to rethink its place and its purpose amidst the global crisis,the next decade will see the media and broadcasting industry place sustainable action front and centre.:35THE:FUTURE:LABORATORY:P.E NATION:INNER STRENGTH 2030 REPORT:34THE:FUTURE:LABORATORY:SONY REPORTprojects such as grassland restoration.Walt Disney and the BBC are also following suit,with a goal of achieving net zero targets for 2030.Streaming may be facing up to the carbon footprint of production costs,but promoting transparency around the consumption of content is still in early stage,with official figures released by Netflix excluding the emissions from the transmission of its shows to customer devices as well as the electricity used by a particular television or computer.External applications are stepping up to provide answers for sustainable streaming solutions.Dimpact is a pioneering web app that enables the digital media industry to map and manage its carbon impact covering digital video streaming,publishing,advertising services and business intelligence.Gaming and music streaming modules are next on the agenda.The Dimpact tool presents a really clear picture of how our shows get all the way to viewers,and maps out for us the carbon footprint of our content,says Tim Davis,principal architect EA at ITV.While the tool is currently only being used for reporting purposes,future functionalities could see the model used to enable technology teams to reduce overall emissions.:Conscious CollaborationsAs new industry-wide sustainability standards emerge,media and broadcasting companies will look to harness collaboration to tackle issues that require cross-industry action.Brands and organisations are coming together to tackle issues beyond the reach of individual businesses.In Germany,leading broadcasters,film producers and streaming companies have unveiled a new environmental initiative a collective agreement to take a more sustainable approach to the production of films and tv series.Known as the green shooting initiative,this will see producers and commissioners commit to certain minimum ecological standards,such as using LED spotlights on set,switching to vegetarian food in canteens and avoiding short-haul flights to reduce their environmental impact.Elsewhere,industry institutions are providing standardised frameworks for ethical practice.In the UK,a recent landmark report from the BFI gives recommendations and case studies for sustainable practices in four areas of film production:production materials,energy and water,studio building and facilities,and studio sites and locations.Entitled A Screen New Deal A Route Map to Sustainable Film Production,the report has been designed to allow filmmakers to address their ecological impact in a systemic way,ranging from simple to structural changes and from everyday practices to long-term solutions.The Digital Production Partnership(DPP)is another example of how the industry is facilitating ethical standards across the board.Its Committed to Sustainability programme provides organisations with a practical tool to assess their progress against key environmental measures,with each given the option to obtain a sustainability score and the DPP stamp of approval through the completion of a checklist.Members include Sony,Sky and BT.These types of collaborative initiatives are also emerging across music and gig production with US entertainment company Live Nation Entertainment launching its Green Nation Touring initiative to help artists adopt and scale sustainable touring practices.Its Green Nation sustainability charter focuses on everything from planning to production,sourcing and community aspects of touring,illustrating a future where open-source,shared sustainability resources will help to set standards across entire industries.In the future,one centralised production tool in the cloud could produce highlights for everyone,with one individual supervising the AI doing most of the work.It would enable greater efficiency and reduce the need for travel significantlySbastien Audoux,Canal Looking ahead,a new collaborative mindset could also see broadcasters work more closely together day to day in order to improve efficiencies and reduce carbon footprints.In the world of sport,Canal s Sbastien Audoux states:Currently,when it comes to creating highlights for a game,there are many people working on similar tasks but for different platforms.In the future,one centralised production tool in the cloud could produce highlights for everyone,with one individual supervising the AI doing most of the work.It would enable greater efficiency and reduce the need for travel significantly.What Now?With the industry taking steps to empower eco solutions,organisations must be proactive rather than reactive to key issues reconfiguring their own processes to ensure sustainability is endemic to what they do.:36:37THE:FUTURE:LABORATORY:P.E NATION:SONY REPORTTHE:FUTURE:LABORATORY:SONY REPORTXON STUDIOS VIRTUAL PRODUCTION AND XR STAGE SPECIALISTS,SOUTH KOREAPart Four:ConclusionAmid Covid-enforced shutdowns,shifted consumer values and a certified technological boom,the media and broadcasting industry is re-emerging transformed,bringing fresh expectations and recalibrating the ways in which content is created,produced and shared.Agile in its response to unprecedented turbulence caused by the pandemic,organisations and amateurs alike have set out a blueprint for the future of the industry,says The Future Laboratorys Martin Raymond.Its one that looks more equitable,accessible,intuitive and,because of all those things,more sustainable.In the face of change and uncertainty,the industry adapted,and for the better,ushering in technological development from virtual production to seamless software and intuitive tech that promotes a fresh wave of opportunities both in and outside media and broadcasting.As we approach this seismic shift in the structures,processes and apparatus of the industry,organisations must ensure these fresh values are supported,adapting their offerings to meet new demands by:Embracing hybridity as the future,ensuring software and hardware work together seamlessly to enable the smooth running of operations for both producers and consumers Empowering next-gen creatives with the tools needed for success from providing accessible tools to boosting the unique cultures of grassroots organisationsUtilising the unprecedented capabilities of next-wave production,creating streamlined workflows that embrace the fluidity and flexibility of digital Embedding sustainable practices into every aspect of production,collaborating across the industry to ensure impactful pledges are prioritisedOrganisations that innovate to create new products,workflows and practices will become the vital touchpoints of tomorrows media and broadcasting industry,providing the tools and climate needed to usher in a new extra-ordinary era.:
3人已浏览
2023-03-10 20页
5星级
华为:可持续粮食系统的数字化-塑造生产和消费的机遇(英文版)(30页).pdf
Study|May 2022 Digitalisation for a Sustainable Food System:Opportunities for Shaping Production and Consumption A study commissioned by Huawei Technologies Deutschland GmbH Lena Hennes Melanie Speck Christa Liedtke Digitalisation for a Sustainable Food System 2|Wuppertal Institut Publisher:Wuppertal Institute for Climate,Environment and Energy Dppersberg 19 42103 Wuppertal www.wupperinst.org Authors:Lena Hennes E-Mail:lena.henneswupperinst.org Prof.Dr.Melanie Speck Prof.Dr.Christa Liedtke The authors would like to thank Dr.Ren Arnold(Huawei)und Dr.Stephan Ramesohl for the valuable comments and suggestion,Christoph Tochtrop for the contribution“Food Hub im Quartier”,as well as Lea Epke and Jana Duisberg for their cooperation on the report and research work.This study is a result of the“Shaping the Digital Transformation Digital solution systems for the sustainability transition”project commissioned by Huawei Technologies Deutschland GmbH Hansaallee 205 40549 Dsseldorf The authors of this publication are solely responsible for its content.Please quote the report as follows:Hennes,L.,Speck,M.&Liedtke,C.(2022).Digitalisation for A Sustainable Food System:study within the project“Shaping the Digital Transformation”.Wuppertal.This work is licensed under the“Creative Commons Attribution 4.0 International”(CC BY 4.0).The license text is available under https:/creativecommons.org/licenses/by/4.0/Executive Summary Wuppertal Institut|3 Executive Summary Agricultural and food systems are currently facing comprehensive challenges:Avoidable and negative ecological consequences are apparent throughout the entire value chain of food pro-duction,from inputs,cultivation,and product processing and refining,to marketing and con-sumption.Diets have a significant influence on individual health,and an increasingly unbal-anced dietary culture is leading to more diet-related diseases.In addition,as supply chains become more complex and globalized,there is an increasing risk of social problems arising.Responsibility for and control of the transformation of food systems cannot be solely associated with either production or consumption.Instead,it requires techno-economic as well as socio-cultural change throughout the system.This is a task for society to undertake as a whole,in-volving all actors from farm to fork,namely those in agriculture,food processing,trade,and out-of-home catering,as well as private consumers and politics.Digitalisation can support the transformation and changes on three levels:Improve-Convert-Transform.These form the framework of our project Shaping Digital Transformation-Dig-ital solution systems for the sustainability transition,as an integrated approach.Concrete starting points for digitalisation to achieve sustainability goals in the food sector are as follows:Improve Optimise resource use and minimise environmental impacts through digitalisa-tion:Smart farming technologies,such as precision farming,can combat the adverse environ-mental impacts of agriculture by reducing the use of fertilisers and pesticides and optimising yields.Support consumers through digital tools and assistance systems:The utilization of digital tools,like apps,can ensure consumers are given exactly the information they need at the right time in order to simplify sustainable purchasing decisions.Recognise the risks of digitalisation and prevent undesirable developments:Digi-talisation should not be an end in itself and its use should always be critically questioned in order to avoid rebound effects or undesirable side effects(e.g.one-sided structural change).Convert Consistently include sustainability indicators along the value chain,from farm to fork:Collecting data throughout the entire supply chain,ensuring it is consistently stored and used is the basis for sound sustainability assessments and can enable all actors to operate with certainty.Networking of production and consumption processes within the value chain:The horizontal and vertical networking of companies through shared data spaces and platforms opens the way to optimising production processes,developing new business models,and intro-ducing niche innovations into the mainstream.Transform Framework conditions for new product and consumption systems:Digitisation can be a supporting tool for the two core tasks of the transformation-the restructuring of the econ-omy and the creation of value,and the socio-ecological reorientation of society.However,a systemic transformation is also necessary,which must be accompanied by technological,Digitalisation for a Sustainable Food System 4|Wuppertal Institut economic,cultural,and institutional framework.This framework must cover a reorientation of agricultural subsidies,and thus a shift in production incentives for agriculture,as well as the creation of food environments that enable consumers to change their diets.Create conditions for the effective digitalisation of the food system:Successfully re-alising the potential of digitalisation will require the support of incentive systems,regulations,and framework conditions.This includes necessary technical infrastructure,the standardisa-tion of data and interfaces,assistance for companies,especially smaller ones,with high invest-ments to help avoid one-sided structural change,the integration of digitisation within educa-tion and training,and regulations for data protection,sovereignty,and security.The positive effects of digitalisation are already evident to some extent in production and con-sumption at the Improve level.Effective scaling is needed here,for example,to realize the ni-trogen efficiency of fertilization in the agricultural sector.New business models at the Convert level are already part of some approaches,and must now be expanded from niche markets to the mainstream.Legal regulations must make certain framework conditions,such as the inclu-sion of sustainability indicators,mandatory.A comprehensive techno-economic and social transformation must create necessary institu-tional,social,and political framework conditions.Digital opportunities must be embedded in an analogue context,meaning that agricultural,environmental,food,consumer,and health policies must create the environment within which digitalisation can take effect.Contents Wuppertal Institut|5 Contents List of abbreviations 6 Acknowledgements 7 1 Introduction 8 2 Starting position and challenges 10 3 Vision 11 4 Improve Optimize production processes,support consumers 14 4.1 Optimizing resource use and minimizing environmental impact 14 4.2 Supporting consumer decision-making with digital tools and assistance systems 15 4.3 The risks of digitalisation and other undesirable developments 15 5 Convert New Business Models and Framework Conditions 17 5.1 Implementing sustainability indicators from field to plate 17 5.2 Networking production and consumption processes 18 6 Transform Enable a Comprehensive Nutrition Transition 19 6.1 Framework conditions for new production and consumption systems 19 6.2 Creating conditions for effective digitalisation in the food system 21 7 Conclusion 24 8 Bibliography 25 Digitalisation for a Sustainable Food System 6|Wuppertal Institut List of abbreviations API Application Programming Interface CO2e Carbon dioxide equivalent CAP European Common Agricultural Policy DGE German Nutrition Society e.V.GPS Global Positioning System IT Information Technology VAT Value added tax 5G Fifth Generation of mobile communications Acknowledgements Wuppertal Institut|7 Acknowledgements The authors would like to extend their thanks to all those who participated in the Digi-talisation for a more sustainable food system:Potentials for shaping production and con-sumption workshop.Their thoughts and inputs were invaluable to this report.Partici-pants:Alina Elsen(best4bps),Martin Hirt(Landwirtschaftskammer sterreich),Daniela Kirsch(Rebional GmbH),Oliver Kohl(Rebional GmbH),Birgit Metz(best4bps),Prof.Dr.Jrn Lamla(Universitt Kassel),Mirko Lampe(Verband der Digitalwirtschaft Berlin&Brandenburg),Karl Heinz Land,PhD Gerlind Oberbach(best4bps),PhD Peter Pascher(Deutscher Bauernverband),Bettina Re(Universitt Kassel),Andreas Schweikert(Bitcom)und PhD Ren Arnold(Huawei).From the Wuppertal Institute:Prof.PhD.Christa Liedtke,Prof.PhD.Melanie Speck,Lena Hennes,Lea Epke und Jana Duisberg(Department of Sustainable Production and Consumption,Research Area Product and Consumption Systems).The authors of this publication are solely responsible for its content.Digitalisation for a Sustainable Food System 8|Wuppertal Institut 1 Introduction In 2021,greenhouse gas emissions in Germany saw an increase of 4.5 percent,following a significant decrease in 2020 as a result of the COVID-19 pandemic(UBA,2022).Achieving the German governments climate protection goals by 2030 will require more ambition and an increased willingness to realize ecological sustainability.Digitalisation can be a prerequisite for achieving ecological sustainability.Digital technol-ogies and applications make it possible to both improve current procedures,processes and structures(Improve)and reorient existing business models and framework conditions(Convert).Digitalisation must also be effectively applied to shift society towards more ecologically-sustainable lifestyles and contribute to further-reaching transformation of the economy and value creation(Transform)(Figure 1).The Transform level will be decisive for the success of the social-ecological transition,and should therefore be the focus of fu-ture debate.In addition,these three levels are closely interlinked and heavily influence each other,and must be holistically addressed together.Figure 1:Impact levels of digitalisation for sustainability transformation(Source:Own illustra-tion from(Ramesohl et al.,2021).This is where Huawei Technologies Germany believes that the Shaping Digitalisation:En-abling Transformation to Sustainability project can have the biggest impact.Through this project,we aim to highlight and discuss the opportunities that digitalisation can bring to Germany.We will focus on three particular stand-out areas where action is most needed in order to achieve ecological transformation:mobility,the circular economy,and agricul-ture and food(Ramesohl et al.,2021).This report addresses the action field of a sustainable food system,while considering the various challenges involved in the related transition.Within this action field,there is a need to address ecological,social,and individual health challenges.This will require not only the transformation of the agricultural sector,but also a change in the diets and lifestyles of consumers(Grethe et al.2021).To overcome these challenges,every actor along the value chain has a responsibility to contribute to the transformation Introduction Wuppertal Institut|9 of the food system,with neither the production or consumption side holding the majority of the power(ZKL,2021).Achieving a fair,resource-efficient,and climate-neutral food system that provides healthy nutrition for all is a systemic task that must be undertaken by all of society(Grethe et al.,2021;ZKL,2021;WBAE,2020).Using,scaling,and further developing digital technolog-ical innovations offers ways to solve related challenges by optimising existing processes and achieving higher efficiency,supporting consumers through more sustainable con-sumption,and promoting new design of new product and consumption systems.For this purpose,chapter 2 first characterizes the initial situation of our current food system.Chap-ter 3 presents how the above challenges can be addressed.Subsequently,Chapters 4,5 and 6 outline the opportunities that digitalisation can offer.This report does not claim to be exhaustive in terms of the opportunities,challenges,and risks of digitalisation that it presents and does not provide any sort of systemic solution.Rather,various selected impulses and new approaches for a nutritional transition will be presented as examples.These will be classified and evaluated in particular from a systemic perspective along the entire value chain and linking consumption and production.Within this report,the findings of an interdisciplinary workshop(March 2022)on Potentials of digitalisation for a more sustainable food system are incorporated,in which various actors of the food system participated(see Acknowledgements).The workshop discussion the workshop discussion expands on current research findings related to the political,organi-sational,and technical framework conditions for an ecologically-effective and socially-bal-anced food transition.Digitalisation for a Sustainable Food System 10|Wuppertal Institut 2 Starting position and challenges The way food is produced and our eating habits have far-reaching and multidimensional impacts on the environment,society,and our health.Throughout the food production value chain,from inputs(seed and fertilisation produc-tion),cultivation,product processing and refining,to marketing and consumption,there are a multitude of avoidable,negative ecological consequences(UBA,2021c).Agricul-ture is responsible for 13.4%of Germanys total greenhouse gas emissions,and if agricul-ture-related transport,processing,trade,and preparation are also included,this number rises to about 23%(Grethe et al.,2021).In addition to its impact on climate change,food production affects resources that are essential for the conservation of ecosystems:More than two thirds of the forecasted losses of terrestrial species will be caused by the intensi-fication of agriculture(Secretariat of the Convention on Biological Diversity,2014;Wezel et al.,2020).In addition,the excessive amounts of nitrogen used during agricultural ferti-lisation are harmful to biodiversity,air and water quality(BMU,2016;UBA,2014).In par-ticular,the mass production of animal-based food and the associated production of animal feed is responsible for a significant share of the issues(Reisinger&Clark,2018;ZKL,2021).Nutrition significantly impacts individual health status,quality of life,and well-be-ing.In Western dietary culture,an increasingly unbalanced intake of fats,carbohydrates,sugar,and salt is leading to a rise in diet-related diseases,such as obesity,type 2 diabetes,and heart disease,leading to far-reaching risks for the health system and community re-silience(Morze et al.,2020;RKI,2015).Even in an economically prosperous country like Germany,malnutrition and nutritional deficiencies exist.A structural association exists between socioeconomic position and a healthy diet,which is therefore not self-evident or accessible to all population groups(Fekete&Weyers,2016;RKI,2018).Food also fulfils important social functions.Our eating behaviour is firmly ingrained within our culture,shaping a large portion of our social connections,providing us with identity,and manifesting itself in traditions.As a key action field within everyday life,food shapes regular practices and routines(WBAE,2020).In addition to its influence on our personal lives,food production affects the way our immediate living space is distributed.In Germany,over 50%of viable land is used for agriculture,significantly shaping rural areas and creating opportunities for leisure,tourism,and gastronomy(Limmer et al.,2019).In the future,urban farming and vertical farming will have a growing influence over urban environments.The social impact of our food stretches beyond national borders.In-creasingly globalized and complex value chains are being accompanied by risks regarding working conditions,child labour,and market displacement of local smallholders through dumping or land grabs(De Schutter,2017;Heydenreich&Paasch,2020;Reichert,2018).Ultimately,the production and consumption of food is embedded within a global system.Vegetation zones,nutrient supply,economic considerations and,particularly in light of current crises,the security of supply have paved the way for new framework and possible changes in the food system.Therefore,agriculture,and the food system as a whole,must overcome unique and complex challenges in order to achieve related climate and sustain-ability goals.Against this backdrop,despite diverse interests,positions,and starting points,it is becoming clearer which goals must be prioritized.These are outlined in the following chapter.Vision Wuppertal Institut|11 3 Vision The above challenges set a clear task:We need a social-ecologically optimised agriculture and food system that also ensures social justice throughout the value chain and promotes healthy eating patterns(Speck et al.,2021).The starting point for building this system is agricultural production.In addition to the production of animal and plant-based food in accordance with the environment,an objec-tive is to ensure a safe food supply.This includes ensuring all workers within the supply chain,both domestically and internationally,are fairly remunerated under socially just working conditions.Reducing greenhouse gas emissions within the agricultural sector also requires unique strategies.The strategy of simply replacing fossil fuels with renewable en-ergy sources is works in other industries,but in agriculture,especially livestock production and intense use of fertilizer inherently results in high methane and nitrous oxide emis-sions.Agriculture also has other ecological impacts in addition to climate change.The only way to manage these impacts will be to develop new production processes.The cultivation will need to be managed in a way that better utilizes production resources such as fertilisers and pesticides.Better management methods must decrease the burden placed on water and nutrient cycles,reduce negative impacts on biodiversity,and maintain the general functionality of local ecosystems(Grethe et al.,2021;ZKL,2021).The ecological optimisa-tion of agricultural production will also require a continuous reduction in livestock num-bers.The digestive processes of ruminants and the application of manure simply contrib-ute too significantly to methane and nitrous oxide emissions in this sector(Grethe et al.,2021;ZKL,2021).Therefore,the negative externalities of food production cannot be mitigated without changes in consumption.Private consumers dietary patterns also need to change(Poore&Nemecek,2018;Willett et al.,2019).Scientific recommendations for sustainable and healthy diets that recommend increasing of the consumption of plant products such as pulses,fruits,and vegetables and reducing the consumption of animal products such as meat and dairy products will be important(Lukas et al.,2018;Willett et al.,2019).Fur-thermore,in Germany in particular,high food resource consumption is heavily linked with food waste from private consumers,with half of the 10 million tonnes of avoidable food losses that occur in Germany every year caused by private households(Noleppa&Carts-burg,2015).These losses could be mitigated by,among other things,better planning of purchases(Noleppa&Cartsburg,2015;Noleppa&von Witzke,2012).For private consumers to be able to make these changes,however,we will need a nutri-tional environment that actively supports new dietary patterns(WBAE,2020).1 The exist-ing conditions actually favour unsustainable behaviours.For example,the excessive por-trayal of unsustainable and unhealthy products in advertising increases the perception of these products and(WBAE,2020).In addition,meat substitutes are often many times more expensive than meat.It is therefore necessary to include food retailing and out-of-home catering as a link between food production and consumption in the transformation as well(Speck et al.,2021).1 Nutritional environment is understood as all the influences that affect an individuals nutrition.These influences refer not only to the moment of decision,but also to all stages of the behavioural process:exposure(e.g.in advertising and social media,which determine which foods are present in our perception),access(determined by price,availability or social norms),choice(influenced by socio-economic aspects,preferences,habits,etc.),consumption(what,how much,when,where and with whom,etc.)(see WBAE,2020).Digitalisation for a Sustainable Food System 12|Wuppertal Institut Current ecological crisis and related social challenges highlight the need for more resilient value chains(Liedtke et al.,2020).For the food sector,this means-but is not limited to-developing regional economic logistics concepts,strengthening structures in rural areas and regionalizing economic cycles(BMNT,2018).Diversified farming concepts,combined with the additional social services provided by agriculture(e.g.shaping of rural land-scapes,leisure,tourism and catering services),can ensure the diversity of German agricul-tural structures and create a more resilient and sustainable agricultural system(ZKL,2021).Individual stakeholders cannot be made solely responsible for solving these problems.For example,the pressure to economize food production are largely created by increasing na-tional and global competition,where social or environmental concerns can often not be taken into account by agriculture Schneidewind,2018;ZKL,2021).For private consumers,food offers great opportunity for sustainable action,as changes in consumption patterns,in theory,can be changed at any time.Such changes are also typically quite low cost and less dependent on external conditions,such as infrastructure(e.g.connections to public transport in terms of sustainable mobility),than other areas of demand.However,the way one eats is largely based on personal habits that are not always easy to change,especially if a more sustainable option is perceived as time-consuming and more costly(WBAE,2020).Due to the diversity and complexity of the food system and the multitude of environmental,social and health benefits it offers(see Figure 2),it is not conceivable to achieve the nutri-tional transition with a single approach or instrument(ZKL,2021).Simultaneous trans-formation of our technological,economic,cultural and social systems will require multi-layered technical,economic,cultural,and institutional conditions(Schneidewind,2018).This represents a major challenge that must be mastered through a variety of measures.In the following sections,we will present some enablers and approaches to illustrate how dig-italisation can support these solutions.Vision Wuppertal Institut|13 Figure 2:Challenges and vision of a sustainable food system(source:Wuppertal Institute)Digitalisation for a Sustainable Food System 14|Wuppertal Institut 4 Improve Optimize production processes,support consumers Digitalisation is not a new concept within the agricultural and food sector as it is already being used at many stages of the value chain.Today,individual technologies already make it possible to optimize procedures and processes.Below examples are given of how digital technologies are already being used on the production side to make agricultural processes more ecologically friendly as well as on the consumption side where digital applications support consumer decision-making by providing better information.In addition,this sec-tion will highlight possible undesirable side and rebound effects of digitalisation,which must be avoided.4.1 Optimizing resource use and minimizing environmental impact Throughout history,agriculture has been constantly transformed by technological pro-gress.This progress enabled large increases in production and a significant improvement in the food security.Digital solutions as part of this technological progress are now an in-dispensable part of agriculture(DLG,2018;Hertzberg,2021).For example,around 80%of farms surveyed in a representative study carried out in 2020 stated that they used indi-vidual digital technologies such as automatic feeders or GPS-based agricultural technolo-gies(Bitkom,2020).However,farms tend to limit the scope of their application to indi-vidual technologies,meaning that intensive and comprehensive practical applications are not yet in full use(LfL,2017).Obstacles and concerns within the agricultural sector are most frequently related to the high initial inivestments required to implement new tech-nologies,the uncertain economic efficiency of new technologies,incompatibility between different systems,and data sovereignty and data protection.Less relevant are arguments such as technical vulnerability to faults and obstacles relating to complicated operation and a lack of IT expertise(Bitkom,2020).An elementary challenge that agriculture must face in the context of providing basic eco-system services is to optimize the use of inputs.For example,more efficient use of nitro-gen-based fertilizers and the more environmentally compatible use of pesticides will be needed to reduce agricultures greenhouse gas emissions while also maintaining synergies with other goals,such as the preservation of biodiversity and water protection(Grethe et al.,2021;UBA,2019a;ZKL,2021).Various technologies,which can be grouped under the term“smart farming”,pursue this goal One group of smart farming technologies is known as Precision Farming.This allows agricultural land to be farmed in a more targeted and thus more efficient manner.Agricul-tural robotics,like Farmbots,can target weeds more effectively for removal,minimizing pesticide application.Automation through GPS-based guidance systems in combination with precision farming enables better resource utilization,like more precise and need-based applications of fertilizers and pesticides.Using satellite imaging of local vegetation to determine where fertilizer is most needed.Studies show that precision fertilizer appli-cation can reduce nitrogen residue in the soil by 30-50%(Kliem et al.,2022).Targeted pesticide application can reduce pesticides consumption by up to 80%in individual cases(European Parliament,2016).One study even found that more efficient route planning could reduce fuel consumption by agricultural machinery by 17%(Saiz-Rubio&Rovira-Ms,2020).In addition,the use of automated small machines can increase crop diversity through catch cropping or strip cropping,which can improve soil quality through reduced compaction and have a positive impact on biodiversity and the population sizes of insects,birds,and small mammals(UBA,2020a).Improve Optimize production processes,support consumers Wuppertal Institut|15 In addition to these solutions,digital information management,which is also part of smart farming,can optimize the handling of data and decisions.Agricultural decision-making is quite complex as it depends on my uncertain factors such as weather and soil conditions and volatile prices,to name a few.Decision algorithms can reduce these uncer-tainties and formalize actions(Hertzberg,2021).For example,farm management infor-mation systems(FMIS)can improve data management by automatically documenting crop data.Specialized agricultural apps can also support decision-making by providing up-to-date information regarding the weather,market conditions,crop protections,and ma-chinery settings and aligning those resources with site-specific conditions(BMNT,2018).4.2 Supporting consumer decision-making with digital tools and assistance systems Consumers almost always have a choice between various product alternatives.The cutlet from the regional butcher vs.a plastic-wrapped,industrially produced vegan one;an or-ganic tomato from Spain vs.a conventionally produced tomato grown in the region.In some cases it is clear which decision is the more sustainable one,but in many cases it is necessary to weigh up a wide range of product attributes(price,packaging,origin,cultiva-tion method,etc.).The environmental impact of food products is often over-or underesti-mated.For example,the plastic packaging of a product is often considered more relevant than the product itself(Camilleri et al.,2019;F.A.Z.,2019;UBA,2021a).Food itself is often considered a low-involvement product,and consumers are often unable or unwill-ing to invest much time making purchasing decisions(Young et al.,2009).Consumers therefore want simple,clear information and decision-making aids or heuristics that pro-vide immediate support at the moment of purchase(SVRV,2021;Vlaeminck et al.,2014).Digital tools for conveying information can contribute here(Kirchgeorg et al.,n.d.).Smartphones in particular have become an indispensable part of everyday life and are available in almost every situation.Mobile apps can increase transparency in terms of sus-tainability by providing more complete and simplified product information at the point of sale(Schwarzinger et al.,2019).The acquisition of the necessary knowledge is thus made possible in a shorter amount of time and is associated with less effort.Studies show that the provision of information via apps can positively influence consumers to buy more sus-tainable products(Joer et al.,2018;Schwarzinger et al.,2019).There are already established applications on the market that scan a products barcode to display additional product information.For example,the app CodeCheck already has 3.5 million users and has retrieved 100 million pieces of product information(CodeCheck,2020).The information provided by the app is mainly health-related,such as nutritional content or allergens,or related to prices and reviews.Information about sustainability though is becoming increasingly common,such as the CodeCheck“climate score”assigned to many products.Applications like this could facilitate“smart shopping environments”that deliver personalized additional information,which could in turn address asymmetries resulting from information overload or a lack of information(Stieninger et al.,2019;SVRV,2022).4.3 The risks of digitalisation and other undesirable developments Digitalisation offers a variety of opportunities and starting points for a transformation of the food system.At the same time,digital technologies can promote undesirable and even counterproductive developments that would not support the goals of a resource-efficient,GHG-neutral,and fair food system.Therefore,expanding the application of digital Digitalisation for a Sustainable Food System 16|Wuppertal Institut technologies in this field should never be a goal in and of itself.Instead,they should be critically examined in order to detect undesirable developments at an early stage,to take countermeasures and,if possible,to prevent them.(BMNT,2018;WBGU,2019).One field of application that reflects both the opportunities and risks of digitalisation can be found in livestock farming.Sensors are currently being used to record animal-specific parameters,such as body temperature,feed intake,and more.This enables indoor climate management systems,systematic herd management,earlier disease detection,and more targeted veterinary treatments.It is clear these technologies can be used to improve gen-eral conditions for both husbandry and animal welfare(BMNT,2018).Specific examples of how processes can be automated in animal husbandry include milking robots or milking carousels and automatic cleaning and feeding systems.As a result of automation,larger animal populations can be cared for by less labour and time(BMNT,2018).However,rad-ically improving the efficiency of animal husbandry by increasing automation raises ethical questions related to a change in the position of the animal from being an individual to being a system component or means of production(BMNT,2018).These risks apply not only to animal husbandry,but to agriculture in general.Automation technologies can clearly be used to intensify agricultural production.However,these effi-ciency gains could be used to solely increase production rather than to reduce the absolute use of pesticides and fertilisers,resulting in so-called rebound effects(Kliem et al.,2022).The capital-intensive acquisition of digital technologies,which may be more profitable for large farms,also increases the risk of reinforcing a lopsided structural change,with the risk of reinforcing a one-sided structural change to fewer,but increasingly larger and more uniform farms(BMEL,2021).In this example,efficiency gains through economies of scale must be weighed against farm diversification.Digital technologies must therefore be used carefully and their application should not be a goal in and of itself.Application must come hand in hand with requirements to create a resource-light,climate-neutral und fair food system.These conflicting objectives must always be considered.Convert New Business Models and Framework Conditions Wuppertal Institut|17 5 Convert New Business Models and Framework Conditions Selective technical improvements of different elements of the value chain can improve sin-gle structures within the food system.These can be optimizations of production technolo-gies through more efficient use of resources or improved consumer information that can push socio-cultural change.However,many fundamental problems such as overproduc-tion or food waste by households can only be addressed by technological solutions to a limited extent.This next section presents two approaches that use new business models and framework conditions to initiate profound changes in production processes and nu-tritional patterns.5.1 Implementing sustainability indicators from field to plate As in almost all industrial sectors,the food production value chain is becoming increas-ingly complex,competitive,and global(De Schutter,2017;Schneidewind,2018).Trans-parency and traceability along the value chain are key conditions for a sustainable food system.Compared to other sectors,the food sector is already a good example in terms of traceability(Hrtel,2017;Willers,2016).The structures already in place for traceability provide a solid foundation for food sustainability assessments,which will be essential to optimising individual process stages and to enable all actors to act sustainably.Starting with primary agricultural production,various institutions have long called for the implementation of individual farm nutrient balancing(material flow balancing or farm gate balancing(Hoftorbilanzierung)(Lw et al.,2021;UBA,2020b;WBA&WBD,2013).However,the necessary infrastructural framework conditions such as software so-lutions to fully implement this individual farm nutrient balancing are missing(Grethe et al.,2021).Automatic digital recording of nutrient balances would also make it pos-sible to more effectively link public funds to the provision of public services within the framework of the economic incentive system of the European Common Agricultural Policy(CAP).This would ensure farmers are remunerated for providing products and services necessary to the public good and keeping public resources intact.For example,farmers could be compensated for supporting the health of the local nutrient cycle or considering greenhouse gas emissions or biodiversity during their operations.This would help better integrate eco-action models into operating costs.The collection and utilisation of sustain-ability data should not stop at agriculture,but should be consistently implemented along the value chain and made available to all actors(Prause et al.2021).Digital product pass-ports for foodstuffs that automatically record the greenhouse gases generated at every stage of production could be possible with the appropriate digital infrastructure(e.g.digi-tal farm registers at different level of agriculture or their integration into merchandise management systems for the catering industry)and the necessary interfaces(APIs).Clear target values combined with sustainability indicators can also provide guid-ance to actors of downstream stages of the value chain.One example can be found in the public catering.With a large number of hundreds to thousands of menus served per kitchen,they can achieve significant leverage.Even the smallest changes in recipes,such as reducing the meat content of a dish,can generate significant savings potentials(Speck et al.,2020).To this end,responsible actors need defined directions and clear targets,like 600g of CO2 equivalents per lunch set,as suggested by Speck et al.(2021a).The integra-tion of sustainability indicators into a companys own commodity management system makes it feasible to retrieve these indicators in the same standardised way as is already possible with nutritional data,like caloric density,nutrient content,and allergens.This is a prerequisite for taking greenhouse gas emissions into account when developing menus.Digitalisation for a Sustainable Food System 18|Wuppertal Institut Tenders for public sector catering facilities(such as day care and school catering)could even incorporate sustainability criteria if the sustainability of recipes is clearly assessed.At the level of food retailers,more informative labelling can be used as a decision aid for consumers at the point of sale and is already being implemented in for selective products.5.2 Networking production and consumption processes Ecological optimisation across farms can be achieved by using common platforms and data spaces to horizontally link several agricultural enterprises in a region.Better farm networking allows for the implementation of regional nutrient concepts.Farms with higher nutrient outputs(e.g.manure and slurry)can coordinate their activities with farms with a higher demand for fertilisers.Such raw material exchanges can bring together sup-pliers and users of unused secondary resources,like biomass and waste heat.Localizing raw material cycles and shortening transport routes can bring direct social and ecological benefits,and networking local businesses can contribute to regional value creation.Both of these can strengthen rural economies in the long term.(BMNT,2018;UBA,2020a).Similarly,vertical networking of production processes across both upstream and down-stream segments of the value chain can also provide ecological benefits by optimising lo-gistics processes and increasing the reliability of planning(BVE,2020).Digitalisation can significantly simplify the flow of information between different companies along the value chain and increase responsiveness and flexibility(Kersten et al.,2018).This is particularly important for food products,as the logistics chain requires a high degree of responsiveness and flexibility due to the perishable nature of many food products and variable nature of harvest times.In addition,digitisation can make information flows more efficient,reduce costs,and enable new business models to become profitable in the first place.New business models that can be enabled by these kinds of digitalisation can be direct or regional marketing of seasonal and regional products via digital platforms and web-based channels(e.g.marktschwaermer.de,vegetable and cooking boxes or community-supported agriculture)or alternative sales opportunities for agriculture and processing companies(e.g.local bakeries and butchers).At the same time,digitalisation creates more opportunities for niche innovations to be popularized and brought into widespread use.One example of such an innovation is the distribution of food that is no longer needed via platforms like Foodsharing and ToGoodToGo that reduce food waste(UBA,2019b).Transform Enable a Comprehensive Nutrition Transition Wuppertal Institut|19 6 Transform Enable a Comprehensive Nutrition Transition The previous chapters have shown that selective optimisation in production and consump-tion can improve existing systems(Improve)and thus provide solutions to clearly defined problems.Digitalisation also makes more innovative business models possible,which can help reorient the food system(Convert).The overall food system,however,needs a com-plete transformation,which will require more radical and systematic changes.Digital tech-nologies can support and facilitate this process,but specific institutional,social,and polit-ical framework conditions will be essential for any such upheaval to yield the desired re-sults.In this chapter,examples of such framework conditions are presented and discussed how digitalisation can contribute to this process through the measures proposed under Improve and Convert.6.1 Framework conditions for new production and consumption systems Two primary tasks are needed for the transformation of the food system:the restructuring of the economy and value creation,and the socio-ecological reorientation of society(Schneidewind,2018).Digitalisation can be used at many points to support this process(see Figure 4).Figure 3:Approaches to digitalisation in the food system(source:Wuppertal Institute)Basically,a systemic transformation will be necessary,and it must be accompanied by technological,economic,cultural and institutional framework conditions(Schneidewind,2018).This is a responsibility of society as a whole,involving all stages of the value chains and the respective actors as well as regional social and economic structures(ZKL,2021).In production,especially agricultural production,economic production constraints must be reduced to create the space for farmers to take ecological and social aspects more into account during their operations(Schneidewind,2018;ZKL,2021).Under the CAP,agri-culture operates within a clearly defined political framework.German farms derive almost half of their income from subsidies,which partially decouples them from the underlying market logic.As a result,subsidy policies have a substantial impact on agriculture(Federal Digitalisation for a Sustainable Food System 20|Wuppertal Institut Agricultural Information Centre(Bundesinformationszentrum Landwirtschaft),2019).Therefore,agricultural transformation can only be initiated with a targeted reorienting of the CAP to incentivize preserving the social and ecological services of agriculture(ZKL,2021).The amount of subsidies,the level of claims and the minimum requirements for receiving direct payments for the eco-scheme programs planned from 2022 play a key role in previous reform attempts2(Grethe et al.,2021).The main stimulus for the agricultural transition has to result from the redesign of the political framework conditions,while dig-itization can subsequently support the implementation.For example,a digitalised and au-tomated monitoring can be used to map nutrient cycles on individual farms and can align the receipt of direct payments or eco-schemes with the nutrient cycles(see Chapter 5.1).Similarly,a nutrition transition cannot be achieved solely through increased productivity and consistency.It will also require lifestyle shifts towards sufficiency(Speck et al.2021;Lukas et al.,2018;Schneidewind,2018).At the individual level,food choices can be lever-aged to reduce ecological impacts and need to be promoted as such,hence the need for fundamental changes in dietary practices.Nutrition is subject to regularly changing con-ditions and demands on private lifestyles(e.g.the gender division of household in relation to professional employment)(Schlegel-Matthies,2018).It is also closely linked to demand and consumption in other areas.For example,the choice of shopping location is strongly related to mobility(Pfeiffer et al.,2017).The following example of a neighborhood food hub illustrates how digitization can enable new,cross-sector consumption systems.However,in addition to reshaping the way we eat through new digital possibilities for pro-moting sustainable consumption(like apps cf.chapter 4.2 or the presented Food Hub),the basic conditions of the food environment will also have to change.Political support and the creation of a fair food environment for sustainable consumption will be crucial(WBAE,2020).An example of such support would be price incentives through a reduction of VAT rates on plant-based milk,which is currently in Germany taxed at a higher rate than cows milk.Sustainable daycare and school catering(e.g.by implementing the quality standards of the German Nutrition Society e.V.(DGE),in combination with the integration of nu-trition education and education for sustainable development in the curricula,can lay the foundation for sustainable diets and lifestyles.Greater regulation of advertising of un-healthy products to children or promotions that use meat at dumping prices as bait offers can reduce the overrepresentation of these products.In the long term,sustainable and healthy nutrition should become a matter of course and a standard that does not depend on income and educational level or can only be imple-mented by certain population groups,but rather is a general norm for society as a whole(WBAE,2020).2 Within the framework of the CAP,the EU provides financial support to farmers and rural regions.So far,direct payments have played a major role in this.In addition to a basic payment,which is determined by the area of the farm,there are also additional payments for specific environmental services(previously known as greening,from 2022 eco-schemes),such as the preservation of permanent grassland.The distribution of direct payments is linked to the fulfillment of certain conditions(e.g.basic require-ments for farm management and good agricultural and ecological condition).Transform Enable a Comprehensive Nutrition Transition Wuppertal Institut|21 A New Service System:The Neighbourhood Food Hub Throughout the food logistics chain,the so-called“last mile”of the logis-tics route is usually covered by private consumer vehicles.This last mile is responsible in the largest share of transport-related emissions in food logistics(Stelwagen et al.,2021).During the COVID-19 pandemic,food delivery services and meal kits have experienced tremendous growth(BEVH,2022;BVE,2020).Whether these services will continue to de-velop remains to be seen,but inefficient route planning,like if deliveries are to be made in a particularly short time,can also lead to increased emissions(UBA,2021b).To offset both effects,Food Hubs(see Figure 4)can be established in urban areas,similar to parcel stations.These hubs would come equipped with cabinets to store food from delivery services.Food hubs can also be located throughout residential areas and allow for daily delivery and food collection.This would allow for more efficient de-livery service routes and people would be able to walk up and pick up food during their daily commute.Artificial intelligence could also be used to provide solutions that optimize deliveries and pickups based on the users eating behaviour.Figure 4:Food hub(source:Alica Assadi,Christoph Tochtrop,Folkwang University of the Arts)6.2 Creating conditions for effective digitalisation in the food system In order to successfully harness the potential of digitalisation,a system of political incen-tives and regulations will be needed to support both broad and targeted expansion of the technologies and business models presented in the chapters Improve and Convert.Similar support will also be needed for the conditions laid out in this Transform chapter.Ulti-mately,the success of this transformation will depend on the framework conditions that allow all actors to enact desirable developments and prevent undesirable developments.Digitalisation for a Sustainable Food System 22|Wuppertal Institut Solid technical communication infrastructure will be a basic prerequisite for any digital transformation within food systems.As of right now,access to high-performance networks is still insufficient,especially in rural areas.This not only hinders the develop-ment of all economic sectors located there,but specifically hinders the development of Digital Agriculture 4.0(DLG,2018;Nssel,2018;UBA,2018).Therefore,a nationwide expansion of 5G networks is necessary.Of particular importance is the consistency of the systems:The food industry is critical infrastructure,so temporary system failures must be prevented by all means(DLG,2018).So far,this vision of a fully networked value chain is still beyond our reach.In addition to the lack of data infrastructure,there is also a lack of data interoperability.It is not enough to simply collect data;data must also be merged and integrated so that it becomes usable.New possibilities for action can only be opened up through the collaborative use of data(Ramesohl et al.,2022).Barriers that previously restricted data flows must be re-moved and efficient cross-sectoral data use and exploitation must be made possible.This is the only way to connect value chains vertically and horizontally(see chapter 5.2)and to align the use of sustainability indicators(see chapter 5.1)(European Commission,2018).However,our ability to achieve this level of interoperability is not a foregone conclusion.Policymakers will have to work with stakeholders to establish the necessary standards and data infrastructure.Popular debates on data protection,data sovereignty,and data security are closely related to this topic.Producers,whether in agriculture,processing,or trade,cannot be“transparent enterprises”,nor can consumers be“transparent consumers”.Legally bind-ing international framework conditions must allow relevant actors to have data sover-eignty,i.e.“the ability of legal or natural persons to self-determine their data assets throughout the value chain”(Otto&Burmann,2021).According to the German govern-ments data strategy,we need data ecosystems for sustainable food and agriculture to sup-port the interaction of“various stakeholders,services and applications(software)that use and share data for economic or social purpose.In this sense,the data ecosystem is a data-based system with an innovative,technical,organisational and regulatory system”(Federal Government,2021).In addition to these prerequisites for the realisation of a digital food system,further frame-work conditions and guidelines are needed to avoid undesirable developments and to steer digitalisation in the right direction.In particular,the acquisition of digital technologies in agriculture can be associated with very high investments,while at the same time it can be difficult to prove the economic viability and concrete economic benefits to the users.(BMEL,2021).In order to ensure the broader adoption of capital-intensive digital technologies,users must be made aware of their benefits(BMEL,2021;BMNT,2018;LfL,2017).Larger farms often benefit from new technology applications as they are more willing to take risks and innovate.Small businesses often cannot afford these risks and are left behind(BMEL,2021;Schmidt,2018).Offsetting the lopsided structural changes in agriculture will require significant start-up capital and investment funds.Official and public data such as weather infor-mation,cadastral,and soil data(e.g.water holding capacity and road networks)should be made freely available to stakeholders in agriculture(DLG,2018).The collaborative use of technologies on small farms(already common practice through“Maschinenring”,a form of farmers organisation)needs to be scaled up more consistently and the investment pol-icies need to be rethought(Schmidt,2018).Farmers field-specific capabilities cannot be used unchecked as the data base on cloud platforms for third-party business models.But Transform Enable a Comprehensive Nutrition Transition Wuppertal Institut|23 farmers must also be able to economically benefit from making their data available(DLG,2018).Establishing digital technologies in food production and consumption processes as the new status quo necessary for sustainable development will require digital infrastructure that is accessible to,accepted by,and used by the public.The success of these efforts will depend not only on the dynamics of technological development,but also on the new social and societal competencies that will be needed achieve the permanent changes we seek(WBGU,2019).These competencies will be particularly important in nutrition,as change in this area will require action from all generations and social strata.All actors,including companies from processing,trade,out-of-home catering,and(public)institu-tions,must have the ability to collect,process and use data.Digital technologies will there-fore have to become a regular part of education(i.e.through adding programing languages to curriculums)in order to promote learnability and digital literacy(DLG,2018).The benefit of these skills will be seen both in agriculture,but also in other areas within the food system.Digitalisation for a Sustainable Food System 24|Wuppertal Institut 7 Conclusion As described in this report,the impact of food production and consumption on the envi-ronment,social justice,and social health is multifaceted.A systemic transformation will be needed to build a truly sustainable and resilient food system.Digitalisation builds the foundation for selective improvements to existing systems as well as new framework conditions and business models.These improvements can take the form of digital agricultural equipment like agricultural robots for smart farming that make ag-riculture more resource efficient.However,the collection,provision,and use of data flows along the entire value chain can play a greater role in the transformation of food system.Increased transparency and increasing the accuracy of sustainability indicators to reflect the entire supply chains impact on greenhouse gas emissions and biodiversity will drive processing companies,caterers,and consumers to change actions and habits.Networking across process stages and connecting end consumers to original producers can provide new distribution channels or help popularise niche innovations.These solutions all sup-port and facilitate a necessary nutritional transition.In order for all this to happen,there are policy and regulatory frameworks that must exist prior.Infrastructure,standardised data and interfaces,as well as legal requirements for data security and data sovereignty will be essential to effectively applying new digital so-lutions.Heavy investment will be needed to achieving widespread economies of scale while also minimizing the negative side effects of digitalization in this sector,such as lopsided structural changes.The introduction and use of digital technologies should not be a goal in and of itself.It must be a tool we use to build a climate-neutral and resource-efficient food system.Losing sight of this goal risks accelerating contrary and harmful economic patterns(BMNT,2018;WBGU,2019).In addition to all of these economic concerns,we must also look at how digitalisation will fundamentally change our social interactions and the challenges it will raise(DLG,2018;WBGU,2019).Without a doubt,digitalisation will require increased digital literacy among all population groups(SVRV 2021).Institutional,social,and political framework conditions will also play an important role in achieving coherent and comprehensive techno-economic and social-cultural transfor-mation.Digital opportunities must be embedded in an“analogue”context,i.e.agricultural,environmental,food,consumer,and health policies must steer actors in the right direction and identify the dynamics of change that will enable digitalisation to take effect.For agri-culture,this means,reorienting the economic incentive system within the CAP framework to reduce production constraints and better reward social and ecological contributions.If this prerequisite is met,digitalisation can,in turn,support the successful implementation of new incentive systems through improved and automated monitoring.At the same time,the conditions for sustainable consumption must be created for private consumers through appropriate food environments and pricing.This process can be supported by reducing information asymmetries through digital decision aids.The transformation of the food system through the establishment of basic framework con-ditions must receive more attention and be managed in a politically sustainable manner.Only then will the many opportunities offered by digitalisation have a targeted effect.Bibliography Wuppertal Institut|25 8 Bibliography BEVH.(2022).E-Commerce ist normal.https:/www.bevh.org/fileadmin/con-tent/05_presse/Pressemitteilungen_2022/220126_-_Pra_sentation_bevh_Jahres-pressegespra_ch_2022.pdf Bitkom.(2020).Digitalisierung in der Landwirtschaft(S.15).https:/www.bitkom-rese-arch.de/system/files/document/200427_PK_Digitalisierung_der_Landwirtschaft.pdf BMEL.(2021).Digitalisierung in der Landwirtschaft.Chancen nutzen Risiken mini-mieren.32.BMNT.(2018).Digitalisierung in der Landwirtschaft Entwicklung,Herausforderungen und Nutzen der neuen Technologien fr die Landwirtschaft(S.98)Bericht der Plattform Digitalisierung in der Landwirtschaft des Bundesministeriums fr Nachhaltigkeit und Tourismus.Bericht der Plattform Digitalisierung in der Landwirtschaft des Bundesminis-teriums fr Nachhaltigkeit und Tourismus BMU.(2016).Klimaschutzplan 2050Klimaschutzpolitische Grundstze und Ziele der Bundesregierung.https:/www.bmuv.de/fileadmin/Daten_BMU/Download_PDF/Kli-maschutz/klimaschutzplan_2050_bf.pdf Bundesinformationszentrum Landwirtschaft.(2019).Was verdienen Landwirte in Deutschland?https:/www.praxis-agrar.de/betrieb/betriebsfuehrung/was-verdienen-landwirte-in-deutschland Bundesregierung.(2021).Datenstrategie der BundesregierungEine Innovationsstrate-gie fr gesellschaftlichen Fortschritt und nachhaltiges Wachstum Kabinettfassung,27.Januar 2021(S.122).https:/www.bundesregierung.de/re-source/blob/974430/1960032/f073096a398e59573c7526feaadd43c4/2021-08-12-da-tenstrategie-deutsch-data.pdf?download=1 BVE.(2020).Jahresbericht 2019/20.https:/www.bve-online.de/presse/infothek/publi-kationen-jahresbericht/bve-jahresbericht-ernaehrungsindustrie-2020 Camilleri,A.R.,Larrick,R.P.,&Hossain,S.(2019).Consumers underestimate the emis-sions associated with food but are aided by labels.9(1),5358.https:/doi.org/10.1038/s41558-018-0354-z CodeCheck.(2020).Transparenz ist das,was uns bei CodeCheck tglich bewegt“Hinter den Kulissen.https:/www.codecheck.info/news/Transparenz-ist-das-was-uns-bei-CodeCheck-taeglich-bewegt-369325#:text=2019 war ein sehr erfolgrei-ches,Standorten Zrich und Berlin gewachsen De Schutter,O.(2017).The political economy of food systems reform.European Review of Agricultural Economics,44(4),705731.https:/doi.org/10.1093/erae/jbx009 DLG.(2018).Digitale LandwirtschaftEin Positionspapier der DLG(S.12).https:/www.dlg.org/fileadmin/downloads/landwirtschaft/themen/ausschuesse_fachar-beit/DLG_Position_Digitalisierung.pdf Europische Kommission.(2018).Study on emerging issues of data ownership,interop-erability,(re-)usability and access to data,and liability:Final report.Publications Office.https:/data.europa.eu/doi/10.2759/781960 Europisches Parlament.(2016).Przisionslandwirtschaft und die Zukunft der Land-wirtschaft in Europa.Wissenschaftliche Vorschau.Publications Office.https:/data.eu-ropa.eu/doi/10.2861/175493 F.A.Z.(2019).Wie sehr hilft der Verzicht auf Plastik tatschlich?https:/ Digitalisation for a Sustainable Food System 26|Wuppertal Institut Fekete,C.,&Weyers,S.(2016).Soziale Ungleichheit im Ernhrungsverhalten:Befund-lage,Ursachen und Interventionen.Bundesgesundheitsblatt-Gesundheitsforschung-Ge-sundheitsschutz,59(2),197205.https:/doi.org/10.1007/s00103-015-2279-2 Grethe,H.,Martinez,J.,Osterburg,B.,Taube,F.,&Thom,F.(2021).Klimaschutz im Ag-rar-und Ernhrungssystem Deutschlands:Die drei zentralen Handlungsfelder auf dem Weg zur Klimaneutralitt.https:/www.stiftung-klima.de/app/uploads/2021/06/2021-06-01-Klimaneutralitaet_Landwirtschaft.pdf Hrtel,I.(2017).2 Ernhrungswirtschaftsrecht zwischen Steigerung von Komplexi-tt und dem Anspruch wohlgeordneten Rechts.3772.https:/doi.org/10.5771/9783845280875-37 Hertzberg,J.(2021).Kann Knstliche Intelligenz die Landwirtschaft Transformieren?dfki.de.https:/www.dfki.de/web/news/kann-kuenstliche-intelligenz-die-landwirt-schaft-transformieren Heydenreich,C.,&Paasch,A.(2020).Globale Agrarwirtschaft und Menschenrechte:Deutsche Unternehmen und Politik auf dem Prfstand-Bericht 2020(Bd.116).Bischf-liches Hilfswerk MISEREOR e.V;Germanwatch e.V.https:/www.german-watch.org/sites/default/files/Druckversion Bericht 2020 Globale Agrar-wirtschaft und Menschenrechte_0.pdf Joer,T.,Mai,R.,&Akbar,P.(2018).Nachhaltigkeitsinformationen zu Lebensmitteln am Point-of-Sale mittels mobiler Augmented Reality(S.4).Gesellschaft fr Informatik.https:/dl.gi.de/bitstream/handle/20.500.12116/23138/30_131.pdf?sequence=1&isAllo-wed=y Kersten,W.,von See,B.,&Indorf,M.(2018).Digitalisierung als Wegbereiter fr effizien-tere Wertschpfungsnetzwerke.In A.Khare,D.Kessler,&J.Wirsam(Hrsg.),Marktori-entiertes Produkt-und Produktionsmanagement in digitalen Umwelten:Festgabe fr Klaus Bellmann zum 75.Geburtstag(S.101117).Springer Fachmedien.https:/doi.org/10.1007/978-3-658-21637-5_8 Kirchgeorg,M.,Weber,A.,&Jger,A.(o.J.).Frderung nachhaltigen Konsumverhaltens am Point of Decision Optimierung der Gestaltung der Kommunikation im Online-und Offline-Kontext auf Basis psychologischer Erkenntnisse(S.42).DBU;HHL.Abgerufen 7.April 2022,von https:/www.dbu.de/OPAC/ab/DBU-Abschlussbericht-AZ-34764_01-Hauptbericht.pdf Kliem,L.,Wagner,J.,Olk,C.,Kreler,L.,Lange,S.,Krachunova,T.,&Bellingrath-Kimura,S.(2022).Digitalisierung in der LandwirtschaftChancen und Risiken fr den Natur-und Umweltschutz(S.74).Institut fr kologische Wirtschaftsforschung.https:/www.ioew.de/fileadmin/user_upload/BILDER_und_Downloaddateien/Publika-tionen/Schriftenreihen/IOEW_SR_222_Digialisierung_der_Landwirtschaft.pdf LfL.(2017).Ackerbau technische Lsungen fr die Zukunft(S.86).https:/www.lfl.bay-ern.de/mam/cms07/publikationen/daten/schriftenreihe/ackerbau-technische-loesun-gen-zukunft-landtechnische-jahrestagung-2017_lfl-schriftenreihe.pdf Liedtke,C.,Khlert,M.,Wiesen,K.,Stinder,A.K.,Brauer,J.,Beckmann,J.,Fedato,C.,El Mourabit,X.,Bttgen,A.,&Speck,M.(2020).Nachhaltige Lieferketten:Global koopera-tive Regionalwirtschaften fr Wohlstand und Resilienz.https:/epub.wupper-inst.org/frontdoor/deliver/index/docId/7635/file/ZI11_Lieferketten.pdf Limmer,I.,Hemmer,I.,Trappe,M.,Mainka,S.,&Weiger,H.(2019).Einleitung&Kurz-zusammenfassung der Beitrge.In Zukunftsfhige Landwirtschaft:Herausforderungen und Lsungsanstze(S.14).Oekom Verlag.Lw,P.,Osterburg,B.,&Klages,S.(2021).Comparison of regulatory approaches for de-termining application limits for nitrogen fertilizer use in Germany.Environmental Bibliography Wuppertal Institut|27 Research Letters,16(5),055009.https:/doi.org/10.1088/1748-9326/abf3de Lukas,M.,Rohn,H.,&Liedtke,C.(2018).The nutritional footprint:Assessing environ-mental and health impacts of foodstuffs.https:/epub.wupperinst.org/frontdoor/in-dex/index/start/19/rows/10/sortfield/year_sort/sortorder/desc/searchtype/sim-ple/query/Christa Liedtke/doctypefq/bookpart/docId/7135 Morze,J.,Danielewicz,A.,Hoffmann,G.,&Schwingshackl,L.(2020).Diet Quality as As-sessed by the Healthy Eating Index,Alternate Healthy Eating Index,Dietary Approaches to Stop Hypertension Score,and Health Outcomes:A Second Update of a Systematic Re-view and Meta-Analysis of Cohort Studies.Journal of the Academy of Nutrition and Die-tetics,120(12),1998-2031.e15.https:/doi.org/10.1016/j.jand.2020.08.076 Noleppa,S.,&Cartsburg,M.(2015).Das grosse WegschmeissenVom Acker bis zum Ver-braucher:Ausma und Umwelteffekte der Lebensmittelverschwendung in Deutschland.WWF Deutschland.https:/www.wwf.de/fileadmin/fm-wwf/Publikationen-PDF/WWF_Studie_Das_grosse_Wegschmeissen.pdf Noleppa,S.,&von Witzke,H.(2012).Ernhrung,Nahrungsmittelverbrauch,Flchen-verbrauchTonnen fr die Tonnen.WWF Deutschland.https:/www.wwf.de/filead-min/fm-wwf/Publikationen-PDF/studie_tonnen_fuer_die_tonne.pdf Nssel,M.(2018).Landwirtschaft 4.0 die Waffe gegen Hunger und Umweltzerstrung?In C.Br,T.Grdler,&R.Mayr(Hrsg.),Digitalisierung im Spannungsfeld von Politik,Wirtschaft,Wissenschaft und Recht:1.Band:Politik und Wirtschaft(S.343363).Sprin-ger.https:/doi.org/10.1007/978-3-662-55720-4_34 Otto,B.,&Burmann,A.(2021).Europische Dateninfrastrukturen.Informatik Spektrum,44(4),283291.https:/doi.org/10.1007/s00287-021-01386-4 Pfeiffer,C.,Speck,M.,&Strassner,C.(2017).What leads to lunch:How social practices impact(non-)sustainable food consumption/eating habits.https:/epub.wupper-inst.org/frontdoor/index/index/start/8/rows/10/sortfield/year_sort/sortor-der/desc/searchtype/simple/query/Speck/doctypefq/article/docId/6792 Poore,J.,&Nemecek,T.(2018).Reducing foods environmental impacts through produc-ers and consumers.Science,360(6392),987992.https:/doi.org/10.1126/sci-ence.aaq0216 Prause,L.,Hackfort,S.,&Lindgren,M.(2021).Digitalization and the third food regime.Agriculture and Human Values,38(3),641655.https:/doi.org/10.1007/s10460-020-10161-2 Ramesohl,S.,Gunnemann,A.,&Berg,H.(2021).Digitalisierung gestalten-Transforma-tion zur Nachhaltigkeit ermglichen:Eine Studie im Auftrag von Huawei Technologies Deutschland GmbH.https:/doi.org/10.48506/opus-7869 Ramesohl,S.,Sebestyn,J.,&Berg,H.(2022).Datenkosysteme fr die Nachhaltigkeits-transformation:Studie im Rahmen des Projekts Shaping the Digital Transformation“.Wuppertal Institut.https:/wupperinst.org/fa/redaktion/downloads/projects/Shaping-DIT_Data_de.pdf Reichert,T.(2018).Lsungen erkannt aber kaum umgesetzt ber die Afrikapolitik Deutschlands und der EU aus entwicklungs-und handelspolitischer Sicht.In Der kritische Agrarbericht 2018 Schwerpunkt Globalisierung gestalten.(S.4).AgrarBndnis e.V.https:/www.kritischer-agrarbericht.de/fileadmin/Daten-KAB/KAB-2018/KAB_2018_103_106_Reichert.pdf Reisinger,A.,&Clark,H.(2018).How much do direct livestock emissions actually con-tribute to global warming?Global Change Biology,24(4),17491761.https:/doi.org/10.1111/gcb.13975 Digitalisation for a Sustainable Food System 28|Wuppertal Institut RKI.(2015).Gesundheit in Deutschland.Gesundheitsberichterstattung des Bundes.https:/doi.org/10.17886/RKIPUBL-2015-003 RKI.(2018).Gesundheitliche Ungleichheit in Deutschland und im internationalen Ver-gleich:Zeitliche Entwicklungen und Trends.https:/doi.org/10.17886/RKI-GBE-2018-019 Saiz-Rubio,V.,&Rovira-Ms,F.(2020).From Smart Farming towards Agriculture 5.0:A Review on Crop Data Management.Agronomy,10(2),207.https:/doi.org/10.3390/ag-ronomy10020207 Schlegel-Matthies,K.(2018).Konsum,Ernhrung und Gesundheit als zentrale Hand-lungsfelder fr die alltgliche Lebensfhrung.HiBiFo Haushalt in Bildung&Forschung,7(3).https:/budrich-journals.de/index.php/HiBiFo/article/view/32106 Schmidt,C.(2018).Landwirtschaft 4.0 Digitalisierung als Chance fr eine nachhaltige Landwirtschaft.In C.Br,T.Grdler,&R.Mayr(Hrsg.),Digitalisierung im Spannungs-feld von Politik,Wirtschaft,Wissenschaft und Recht:1.Band:Politik und Wirtschaft(S.397407).Springer.https:/doi.org/10.1007/978-3-662-55720-4_38 Schneidewind,U.(2018).Die groe Transformation:Eine Einfhrung in die Kunst ge-sellschaftlichen Wandels(Originalausgabe).Fischer Taschenbuch.Schwarzinger,S.,Kaltenegger,I.,&Bird,D.N.(2019).Smarte“Technologien als Schls-sel zu klimafreundlichem Konsum?In R.Hbner&B.Schmon(Hrsg.),Das transforma-tive Potenzial von Konsum zwischen Nachhaltigkeit und Digitalisierung:Chancen und Risiken(S.5977).Springer Fachmedien.https:/doi.org/10.1007/978-3-658-26040-8_4 Secretariat of the Convention on Biological Diversity.(2014).Global Biodiversity Outlook 4.https:/www.cbd.int/gbo/gbo4/publication/gbo4-en-hr.pdf Speck,M.,Bienge,K.,Wagner,L.,Engelmann,T.,Schuster,S.,Teitscheid,P.,&Langen,N.(2020).Creating Sustainable Meals Supported by the NAHGAST Online ToolAp-proach and Effects on GHG Emissions and Use of Natural Resources.Sustainability,12(3),1136.https:/doi.org/10.3390/su12031136 Speck,M.,Liedtke,C.,Hennes,L.,El Mourabit,X.,&Wagner,L.(2021).Zukunftsfhige Ernhrungssysteme und Konsummuster gestalten:Aktuelle Erkenntnisse aus der For-schung zu nachhaltiger Ernhrung am Wuppertal Institut(Bd.19).Wuppertal Institut fr Klima,Umwelt,Energie.https:/doi.org/10.48506/opus-7834 Stelwagen,R.E.,Slegers,P.M.,de Schutter,L.,&van Leeuwen,E.S.(2021).A bottom-up approach to model the environmental impact of the last-mile in an urban food-system.Sustainable Production and Consumption,26,958970.https:/doi.org/10.1016/j.spc.2020.12.039 Stieninger,M.,Auinger,A.,&Riedl,R.(2019).Digitale Transformation im stationren Einzelhandel.Wirtschaftsinformatik&Management,11(1),4656.https:/doi.org/10.1365/s35764-018-0152-4 SVRV.(2021).Gutachten zur Lage der Verbraucherinnen und Verbraucher 2021.Gut-achten des Sachverstndigenrats fr Verbraucherfragen.B.https:/www.svr-verbrau-cherfragen.de/wp-content/uploads/SVRV_Gutachten_2020.pdf SVRV.(2022).Personalisierte Verbraucherinformation:Ein Werkstattbericht.Doku-mentation einer Veranstaltung des SVRV.Verffentlichungen des Sachverstndigenrats fr Verbraucherfragen.Berlin:Sachverstndigenrat fr Verbrauerfragen.https:/www.svr-verbraucherfragen.de/2022/02/16/dokumentation-der-veranstaltung-personalisierte-verbraucherinformation-ein-werkstattbericht/UBA.(2014).Reaktiver Stickstoff in Deutschland.Ursachen,Wirkungen,Manahmen(S.Bibliography Wuppertal Institut|29 56).www.uba.de/stickstoff-in-deutschland UBA.(2018).Die Zukunft im Blick:Konsum 4.0:Wie Digitalisierung den Konsum vern-dertTrendbericht zur Abschtzung der Umweltwirkungen(S.104).https:/www.um-weltbundesamt.de/sites/default/files/medien/1410/publikationen/fachbroschuere_kon-sum_4.0_barrierefrei_190322.pdf UBA.(2019a).Entwicklungsperspektiven der kologischen Landwirtschaft in Deutsch-land.https:/www.umweltbundesamt.de/sites/default/files/medien/1410/publikatio-nen/2020-03-17_texte_32-2020_oekologische-landwirtschaft.pdf UBA.(2019b).Transformation des Ernhrungssystems:Grundlagen und Perspektiven.https:/www.umweltbundesamt.de/publikationen/transformation-des-ernaehrungssys-tems-grundlagen UBA.(2020a).Digitalisierung kologisch nachhaltig nutzbar machen Entwicklung von Handlungsempfehlungen zu den wichtigsten umweltpolitischen Manahmen in ausge-whlten Trendthemen der Digitalisierung mittels der Durchfhrung von Stakeholderdi-alogen(S.105).https:/www.umweltbundesamt.de/publikationen/digitalisierung-oeko-logisch-nachhaltig-nutzbar UBA.(2020b).Novellierung der Stoffstrombilanzverordnung:Tickstoff-und Phosphor-berschsse nachhaltig begrenzenFachliche Stellungnahme zur Novellierung der Stoff-strombilanzverordnung.https:/www.umweltbundesamt.de/sites/default/files/me-dien/5750/publikationen/2020_11_05_texte_200_2020_papier_novellierung_stoff-bilv.pdf UBA.(2021a).25 Jahre Umweltbewusstseinsforschung im Umweltressort Langfristige Entwicklungen und aktuelle Ergebnisse.Umweltbundesamt.https:/www.umweltbun-desamt.de/sites/default/files/medien/5750/publikationen/2021_hgp_umweltbewusst-seinsstudie_bf.pdf UBA.(2021b).Teilbericht II-Die kologisierung des OnlinehandelsNeue Herausfor-derungen fr die umweltpolitische Frderung eines nachhaltigen Konsums(S.235).https:/www.umweltbundesamt.de/en/publikationen/die-oekologisierung-des-online-handels-0 UBA.(2021c).Von der Welt auf den Teller Kurzstudie zur globalen Umweltinanspruch-nahme unseres Lebensmittelkonsums.https:/www.umweltbundesamt.de/publikatio-nen/von-der-welt-auf-den-teller UBA.(2022,Mrz 15).Gemeinsame Pressemitteilung von Umweltbundesamt und Bun-desministerium fr Wirtschaft und Klimaschutz Treibhausgasemissionen stiegen 2021 um 4,5 Prozent Bundesklimaschutzministerium kndigt umfangreiches Sofortpro-gramm an.https:/www.umweltbundesamt.de/presse/pressemitteilungen/treibhaus-gasemissionen-stiegen-2021-um-45-prozent Vlaeminck,P.,Jiang,T.,&Vranken,L.(2014).Food labeling and eco-friendly consump-tion:Experimental evidence from a Belgian supermarket.Ecological Economics,108,180190.https:/doi.org/10.1016/j.ecolecon.2014.10.019 WBA&WBD.(2013).Kurzstellungnahme Novellierung der Dngeverordnung:Nhr-stoffberschsse wirksam begrenzen.https:/www.bmel.de/SharedDocs/Down-loads/DE/_Ministerium/Beiraete/agrarpolitik/StellungnahmeDuen-geVO.pdf?_blob=publicationFile&v=2 WBAE.(2020).Politik fr eine nachhaltigere Ernhrung:Eine integrierte Ernhrungs-politik entwickeln und faire Ernhrungsumgebungen gestaltenWBAE-Gutachten.https:/www.bmel.de/SharedDocs/Downloads/DE/_Ministerium/Beiraete/agrarpoli-tik/wbae-gutachten-nachhaltige-ernaehrung.html WBGU.(2019).Unsere gemeinsame digitale Zukunft:Zusammenfassung.Digitalisation for a Sustainable Food System 30|Wuppertal Institut Wissenschaftlicher Beirat d.Bundesregierung Globale Umweltvernderungen.Wezel,A.,Herren,B.G.,Kerr,R.B.,Barrios,E.,Gonalves,A.L.R.,&Sinclair,F.(2020).Agroecological principles and elements and their implications for transitioning to sustain-able food systems.A review.Agronomy for Sustainable Development,40(6),40.https:/doi.org/10.1007/s13593-020-00646-z Willers,C.(2016).CSR in der Lebensmittelwirtschaft eine Einleitung.In C.Willers(Hrsg.),CSR und Lebensmittelwirtschaft:Nachhaltiges Wirtschaften entlang der Food Value Chain(S.322).Springer.https:/doi.org/10.1007/978-3-662-47016-9_1 Willett,W.,Rockstrm,J.,Loken,B.,Springmann,M.,Lang,T.,Vermeulen,S.,Garnett,T.,Tilman,D.,DeClerck,F.,Wood,A.,Jonell,M.,Clark,M.,Gordon,L.J.,Fanzo,J.,Hawkes,C.,Zurayk,R.,Rivera,J.A.,De Vries,W.,Majele Sibanda,L.,Murray,C.J.L.(2019).Food in the Anthropocene:The EATLancet Commission on healthy diets from sustainable food systems.The Lancet,393(10170),447492.https:/doi.org/10.1016/S0140-6736(18)31788-4 Young,W.,Hwang,K.,McDonald,S.,&Oates,C.J.(2009).Sustainable consumption:Green consumer behaviour when purchasing products.Sustainable Development,n/a-n/a.https:/doi.org/10.1002/sd.394 ZKL.(2021).Zukunft Landwirtschaft.Eine gesamtgesellschaftliche AufgabeEmpfeh-lung der Zukunftskommission Landwirtschaft(S.160).https:/www.bmel.de/Shared-Docs/Downloads/DE/Broschueren/abschlussbericht-zukunftskommission-landwirt-schaft.pdf?_blob=publicationFile&v=15
2人已浏览
2023-03-10 30页
5星级
欧盟网络安全局:铁路网络安全与风险管理最佳实践(英文版)(57页).pdf
0 RAILWAY CYBERSECURITY Good practices in cyber risk management NOVEMBER 2021 RAILWAY CYBERSECURITY November 2021 1 ABOUT ENISA The European Union Agency for Cybersecurity,ENISA,is the Unions agency dedicated to achieving a high common level of cybersecurity across Europe.Established in 2004 and strengthened by the EU Cybersecurity Act,the European Union Agency for Cybersecurity contributes to EU cyber policy,enhances the trustworthiness of ICT products,services and processes with cybersecurity certification schemes,cooperates with Member States and EU bodies,and helps Europe prepare for the cyber challenges of tomorrow.Through knowledge sharing,capacity building and awareness raising,the Agency works together with its key stakeholders to strengthen trust in the connected economy,to boost resilience of the Unions infrastructure,and,ultimately,to keep Europes society and citizens digitally secure.More information about ENISA and its work can be found here:www.enisa.europa.eu.CONTACT To contact the authors,please use resilienceenisa.europa.eu For media enquiries about this paper,please use pressenisa.europa.eu.AUTHORS Theocharidou Marianthi,Stanic Zoran,ENISA De Mauroy Louise,Lebain Loc,Haddad Jules,Wavestone.ACKNOWLEDGEMENTS We would like to warmly thank all the experts that took part in our workshops and provided comments.Their contributions and inputs were essential for the creation of this report.ENISA would like to thank the European Railway Agency(ERA),the European Railway Information Sharing and Analysis Centre(ER-ISAC)and UNIFEs cybersecurity working group for their support.Andersson Johan A.,Tranfikverket Boff Sacha,Banenor Bos Stoffel,Prorail Boss John,Prorail Brouwer Riemer,Prorail Cabral Pereira Mrio Jorge,Infraestruturas de Portugal Chatelet Thomas,ERA Ciancabilla Attilio,RFI Cosic Jasmin,DB Netz De Visscher Olivier,ER-ISAC Dyrlie Rune,Banenor Fernandez Gonzalez Lola,Knorr-Bremse Fritz Jrme,CFL Garcia Marta,UNIFE Garnier Yseult,SNCF Reseau Gomez Nieto Antonio,Adif Hausman Francois,Alstom group Houbion Catherine,Infrabel Korving Evertjan,Prorail Mager Joseph,NS Magnanini Giulio,RFI Meulders Philippe,CFL Meyer,Andreas,Selectron RAILWAY CYBERSECURITY November 2021 2 Ooms-Geugies Klaasjan,NS Pizzi Giorgio,Ministero Infrastrutture e Trasporti Paulsen Christian,Siemens Pouet Nicolas,SNCF Reseau Remberg Tom,Banenor Rodrigues Susano Ana Beatriz,Infraestruturas de Portugal Thesse Eddy,Alstom group Van den Bossche Peter,Infrabel Van Zantvliet Dimitri,NS LEGAL NOTICE This publication represents the views and interpretations of ENISA,unless stated otherwise.It does not endorse a regulatory obligation of ENISA or of ENISA bodies pursuant to the Regulation(EU)No 2019/881.ENISA has the right to alter,update or remove the publication or any of its contents.It is intended for information purposes only and it must be accessible free of charge.All references to it or its use as a whole or partially must contain ENISA as its source.Third-party sources are quoted as appropriate.ENISA is not responsible or liable for the content of the external sources including external websites referenced in this publication.Neither ENISA nor any person acting on its behalf is responsible for the use that might be made of the information contained in this publication.ENISA maintains its intellectual property rights in relation to this publication.COPYRIGHT NOTICE European Union Agency for Cybersecurity(ENISA),2021 Reproduction is authorised provided the source is acknowledged.For any use or reproduction of photos or other material that is not under the ENISA copyright,permission must be sought directly from the copyright holders.ISBN 978-92-9204-545-6,DOI 10.2824/92259 RAILWAY CYBERSECURITY November 2021 3 TABLE OF CONTENTS 1.INTRODUCTION 6 1.1 OBJECTIVES,SCOPE AND AUDIENCE 6 1.2 METHODOLOGY 7 1.3 STRUCTURE OF THE REPORT 7 2.CYBER RISK MANAGEMENT 8 2.1 RISKS MANAGEMENT STEPS 8 2.2 RISK MANAGEMENT APPROACHES FOR THE RAILWAY SECTOR 9 3.RAILWAY ASSETS AND SERVICES 13 3.1 TAXONOMY 14 4.CYBER-RELATED THREATS 18 4.1 TAXONOMY 18 4.2 CYBER RISK SCENARIOS 20 4.2.1 Scenario 1 Compromising a signalling system or automatic train control system,leading to a train accident 21 4.2.2 Scenario 2 Sabotage of the traffic supervising systems,leading to train traffic stop 22 4.2.3 Scenario 3 Ransomware attack,leading to a disruption of activities 23 4.2.4 Scenario 4 Theft of clients personal data from the booking management system 24 4.2.5 Scenario 5 Leak of sensitive data due to unsecure,exposed database 25 4.2.6 Scenario 6 DDoS attack,blocking travellers from buying tickets 26 4.2.7 Scenario 7 Disastrous event destroying the datacentre,leading to disruption of IT services 27 5.CYBERSECURITY MEASURES 28 5.1 APPLYING CYBERSECURITY MEASURES 30 5.2 CYBERSECURITY MEASURES 30 6.CONCLUSIONS 33 7.BIBLIOGRAPHY 34 A ANNEX:ASSET DESCRIPTIONS 35 B ANNEX:THREATS DESCRIPTION 42 C ANNEX:SECURITY MEASURES 45 RAILWAY CYBERSECURITY November 2021 4 EXECUTIVE SUMMARY European railway undertakings and infrastructure managers systematically address cyber risks as part of their security risk management processes,especially after the Network and Information Security(NIS)Directive came into force in 2016.Addressing cyber risks in the railway sector can raise entirely new challenges for railway companies who often lack the internal expertise,organisational structure,processes or the resources to effectively assess and mitigate them.The nature of railway operations and the interconnectedness of railway undertakings,infrastructure managers,and the supply chain requires all involved parties to achieve and maintain a baseline level of cybersecurity.European RUs and IMs use a combination of good practices,approaches,and standards to perform cyber risk management for their organisations,as they need to assess cyber risks for all functions and for both OT and IT.This report gathers insights on these current practices in a single document and can assist railway undertakings and infrastructure managers in their efforts to apply them.It provides examples of reference material,such as available taxonomies of assets and services,threat taxonomies,seven comprehensive threats scenarios,derived from real incidents,and available cyber risk mitigation measures,derived by guidelines and standards.This report aims to be a reference point for current good practices for cyber risk management approaches that are applicable to the railway sector.It offers a guide for railway undertakings and infrastructure managers to select,combine or adjust cyber risk management methods to the needs of their organisation.It builds upon the 2020 ENISA report on cybersecurity in the railway sector(ENISA,2020),which assessed the level of implementation of cybersecurity measures in the railway sector.This report provides actionable guidelines,lists common challenges associated with the performance of the relevant activities,and outlines good practices that can be readily adopted and tailored by individual organisations.Additionally,a list of useful reference material is available,together with practical examples and applicable standards.RAILWAY CYBERSECURITY November 2021 5 ABBREVIATIONS ATP Automatic train protection CCS Command,Control and Signalling CCTV Closed-Circuit Television CVSS Common Vulnerability Scoring System CIO Chief Information Officer CISO Chief Information Security Officer CTO Chief Technology Officer CSIRT Computer Security Incident Response Team DoS/DDos Denial of Service/Distributed Denial of Services DSP Digital Service Provider EC European Commission ER-ISAC European Railway Information Sharing and Analysis Centre ERTMS European Rail Traffic Management System ETCS European Train Control System EU European Union GDPR General Data Protection Regulation GSM/GSM-R GSM-Railway HR Human Resources HVAC Heating,ventilation,and air conditioning ICS Industrial Control System ICT Information and Communication Technology IEC International Electrotechnical Commission IM Infrastructure Manager ISO International Organisation for Standardization ISP Internet Service Provider ISSP Information System Security Policy IT Information Technology LAN Local Area Network MS Member State NIS Directive Directive on Security of Network and Information Systems NIST National Institute of Standards and Technology OES Operator of Essential Service OT Operational Technology PKI Public Key Infrastructure RU Railway Undertaking SOC Security Operation Centre VLAN Virtual LAN VPN Virtual Private Network RAILWAY CYBERSECURITY November 2021 6 1.INTRODUCTION Directive 2016/1148(NIS Directive)is the first legislative document focusing on cybersecurity in the EU.It identifies Operators of Essential Services(OES)in the railway sector as:Infrastructure managers(IM),as defined in point(2)of Article 3 of Directive 2012/34/EU,include:“any person or firm responsible in particular for establishing,managing and maintaining railway infrastructure,including traffic management and control-command and signalling.The functions of the infrastructure manager on a network or part of a network may be allocated to different bodies or firms”.Railway undertakings(RU),as defined in point(1)of Article 3 of Directive 2012/34/EU,include:“any public or private undertaking licensed according to this Directive,the principal business of which is to provide services for the transport of goods and/or passengers by rail with a requirement that the undertaking ensures traction.This also includes undertakings which provide traction only”.This also includes operators of service facilities as defined in point(12)of Article 3 of Directive 2012/34/EU as“any public or private entity responsible for managing one or more service facilities or supplying one or more services to railway undertakings”.The NIS Directive requires IMs and RUs to conduct risk assessments that“cover all operations including the security and resilience of network and information systems”.According to the NIS Directive,these risk assessments,along with the implementation of appropriate mitigation measures,should promote“a culture of risk management”to be developed through“appropriate regulatory requirements and voluntary industry practices”.This need for cyber risk management in the European railway sector was also identified as a key priority by the participants of the ENISA-ERA conference“Cybersecurity in Railways”,which took place online on 16-17 March 2021 and brought together more than 600 experts from railway organisations,policy,industry,research,standardisation,and certification.While some EU Member States(MS)have issued relevant national guidance to OESs on how to conduct cyber risk assessments,most railway operators choose to adopt one of the different methodologies introduced by industry standards.Indeed,there are currently varying approaches to tackle risk in the railway sector and for now,there is no single approach that covers both information technology(IT)and operational technology(OT)cyber risks.This document offers a guide to these different approaches,enabling railway operators to select,combine or adjust cyber risk management methods to the needs of their organisation.It builds upon the 2020 ENISA report on cybersecurity in the railway sector(ENISA,2020),which assessed the level of implementation of cybersecurity measures in the railway sector.1.1 OBJECTIVES,SCOPE AND AUDIENCE This report aims at providing railway stakeholders with applicable methods and practical examples on how to assess and mitigate cyber risks.These good practices are gathered based on feedback from railway stakeholders and include tools,such as assets and services list,threat scenarios,mapping of security measures.These resources can be used as a base for cyber risk management for railway companies.The study aims at being a reference point to promote collaboration between railway stakeholders across the EU and raise awareness of relevant threats.This report is concerned with the European railway sector,and it covers cyber risk management applicable to both the IT and OT systems of railway organisations.Other railway stakeholders such as rolling stock manufacturers and component vendors are not considered in the scope of this report.The primary target audience of this study includes people responsible for cybersecurity(CISOs,CIOs,CTOs,etc.)within RUs and IM networks.This report aims to provide them with the means to understand their cybersecurity ecosystem,assess the risks to their assets or services and manage them via appropriate cybersecurity measures.In addition,the National Competent Authorities,who may wish to develop guidance for railway operators in conducting cyber risk management,may consult this document to understand the current practices in the sector and potential challenges.RAILWAY CYBERSECURITY November 2021 7 1.2 METHODOLOGY The report was created with cooperation of European IMs and RUs in an iterative process with multiple rounds of validation as follows:Step 1-Definition of the project scope and identification of experts.The first step consisted of defining the scope of the project and selecting subject matter experts whose input and insights could be considered for the development of the report.The experts chosen are mainly RU and IM stakeholders in charge of cybersecurity,as well as members of national and European agencies.Step 2-Desk research.During this step,extensive desk research for relevant documents in the context of the project was conducted.The identified sources served as a reference to develop good practices,a list of assets and threats,threat scenarios,and list of measures.Step 3-Series of workshops with selected subject matter experts.Four workshops were conducted to discuss and validate the key findings of the study,namely the list of assets,list of threats,threats scenarios,and list of measures.Additionally,the workshops were used as an opportunity to collect feedback on the challenges and good practices of risk management in the railway sector.The 20 experts originated from 10 European railway companies from Belgium,Germany,Italy,Luxembourg,Netherlands,Norway,Portugal,Spain,and Sweden.The European Rail Information Sharing and Analysis Centre(ER-ISAC)was also represented in the experts pool.Step 4-Analysis of collected material and report development.The input collected from desk research and the stakeholder workshops were analysed.Based on this analysis,the first draft of this report was developed.Step 5-Review and validation.The report was then validated by 24 experts(primarily RUs and IMs)from Belgium,France,Germany,Italy,Luxembourg,Netherlands,Norway,Portugal,Spain,and Sweden,the ER-ISAC and the UNIFE cybersecurity working group.The experts reviewed the report and provided comments and suggestions for improvement.These were the basis for the final version of this document.1.3 STRUCTURE OF THE REPORT The report is organised in 6 chapters:Chapter 2 describes cyber risk management concepts and the current approaches identified for the railway sector.It can help railway stakeholders to choose a risk management methodology.Chapter 3 contains a list of railway assets and services(definitions and taxonomy),along with guidelines on how to identify those assets and services.Railway stakeholders can use this information to build their own list of assets and services.Chapter 4 focuses on cyber threats,with a list of threats,their definitions and a list of risk scenarios applicable to the railway sector.Stakeholders can use those tools to identify the main risks to their assets and evaluate what should be prioritised for protection.The list of threats would be useful to conduct risk assessments,along with the abovementioned list of assets and services.Chapter 5 examines current cybersecurity measures based on EU guidelines(NIS Directive)and international standards.It can help stakeholders to define a risk management plan.Chapter 6 offers some concluding remarks.RAILWAY CYBERSECURITY November 2021 8 2.CYBER RISK MANAGEMENT The purpose of this chapter is to outline the risk management approaches that were used in the study and are applicable to the railway sector.Many definitions and concepts exist,thus making it difficult to choose one that is most relevant to the individuals case.To ensure a common risk management frame,this document proposes a set of definitions and principles extracted from ISO 31000:2018“Risk management Principles and guidelines”,ISO-IEC 27005:2018“Information security risk management”and the ISO-IEC 62443 series.The information security risk management process is the coordination of activities to direct and control an organisation with regard to risk.It consists of context establishment,risk assessment,risk treatment,risk acceptance,risk communication and risk monitoring and review.The information security risk management process can be iterative for risk assessment and/or risk treatment activities.An iterative approach to conducting risk assessment can increase the depth and detail of the assessment at each iteration.It also provides a good balance between minimising the time and effort spent in identifying controls,while ensuring that strong risks are appropriately assessed.As mentioned in the ISO 31000 principles chapter,risk management is not a stand-alone activity that is separate from the main activities and processes of the organisation.Risk management is part of the responsibilities of management and an integral part of all organisational processes,including strategic planning and all project and change management processes.For terms and definitions,please consult ISO 31000:2018“Risk management Principles and guidelines”,ISO-IEC 27005:2018“Information security risk management.2.1 RISKS MANAGEMENT STEPS ISO 27005:2015 defines a risk management process which integrates all necessary key activities to deploy a risk management methodology.Figure 1:Risk management The first step of launching a risk management process is establishing the context,both external and internal.It involves setting the basic criteria necessary for information security risk management(approach,risk evaluation criteria,impact criteria and risk acceptance criteria),defining the scope and boundaries(ensuring that all relevant RAILWAY CYBERSECURITY November 2021 9 assets are taken into account in the risk assessment),and establishing an appropriate organisation to manage the information security risk management.The second step is launching a risk assessment,i.e.,quantifying or qualitatively describing risks and enabling managers to prioritise them according to their perceived seriousness or other established criteria.The risk assessment consists of three distinct tasks:Risk identification,to determine what could happen to cause a potential loss and to gain insight into how,where,and why the loss could occur.Risk analysis,to understand the nature of the risk and to determine the level of risk.A risk analysis methodology may be qualitative,quantitative,or a combination of both depending on the circumstances.Risk evaluation,to compare the level of risks against risk evaluation criteria and risk acceptance criteria.The purpose is to produce a list of risks prioritised according to risk evaluation criteria in relation to the incident scenarios that lead to those risks.The third step is the risk treatment,which consists of defining a list of controls to reduce,retain,avoid,or share the risks.Then,a risk treatment plan can be defined.The risk treatment plan description will be elaborated in chapter 5 of this present document.The fourth step is risk acceptance,i.e.,the decision to accept the risks and responsibilities for the decision.Finally,a list of accepted risks with justification for those that do not meet the organisations normal risk acceptance criteria is established.The fifth step is the risk communication.Information about risks should be exchanged and/or shared between the decision-maker and other stakeholders.The final step is risk monitoring and review.It consists of the monitoring and reviewing the risks and the various factors(i.e.,value of assets,impacts,threats,vulnerabilities,likelihood of occurrence)that help to identify any changes in the context of the organisation at an early stage,and to maintain an overview of all risks.2.2 RISK MANAGEMENT APPROACHES FOR THE RAILWAY SECTOR Workshops with relevant European railway sector stakeholders were conducted to identify the most common risk management methods currently used by RUs and IMs.During these workshops,stakeholders indicated their chosen methods.They are complemented or combined with other approaches to reach the desired level of sophistication and to cover both IT and OT requirements for risk management.Their approaches are also linked to the overall enterprise risk method used by the organisation and have to offer adequate level of compliance with both EU and national cybersecurity requirements.For RUs and IMs operating in multiple EU Member States(MS),national requirements under the NIS Directive may not be fully harmonised,so these organisations face additional challenges in compliance.For all EU RUs and IMs to meet the cybersecurity requirements of their national competent authorities,support is needed from the railway industry.RUs and IMs rely on their suppliers,both for more accurate threat and vulnerability analyses,but especially for implementing cybersecurity requirements.Indeed,existing approaches are multiple and varying across the railway companies,but they may present different scope and level of detail in terms of analysis.For the risk management of railway IT systems,the most cited approaches were the requirements of NIS Directive at a national level,the ISO 2700 x family of standards,and the NIST cybersecurity framework.For OT systems,the frameworks cited were ISA/IEC 62443,CLC/TS 50701,and the recommendations of the Shift2Rail project X2Rail-3,or the ones from the CYRail Project.Those standards or approaches are often used in a complementary way to adequately address both IT and OT systems.While IT systems are normally evaluated with broader and more generic methods(such as ISO 2700 x or NIS Directive),OT systems need specific methods and frameworks that have been designed for industrial train systems.For instance,the ISA/IEC 62443 standards are the most cited frameworks used for specific OT assets and risk identification,while many contributors to this report stated they intend to use the recently released CLC/TS50701 in the future.RAILWAY CYBERSECURITY November 2021 10 Stakeholders that participated in this study indicated that they use a combination of the abovementioned international and European approaches to tackle risk management,which they then complement with national frameworks and methodologies.Examples include the Dutch A&K analysis1,the German BSI Risk Management Standard 200-32 and the French E-BIOS Risk Manager method3.Moreover,other stakeholders designed their own modified versions of methodologies based on existing frameworks.The difference between standards completeness can also be tackled by building a bridge between the high-level company risk assessment,and the lower application,or asset risk,assessment level.The generic framework and standards can be used at a high level and the more technical or precise ones can be used at the applications and assets level.The risks and measures issued at the end of each process are consolidated in a global risk mapping and risk treatment plan.A multitude of different approaches and methods have been recommended by national and international authorities regarding cyber risk management.This next section analyses a sample of European and international good practices.ISO 27001,27002 and 27005 standards.The ISO 2700 x family are among the most used and cited standards for information security.ISO 27001 is the standard dedicated to establishing,implementing,maintaining and continually improving an information security management system within the context of the organisation.ISO 27001 and 27002 contain a list of requirements to consider when implementing a risk treatment plan and will be studied in more detail in chapter 5 of the present document.ISO 27005 is focused on risk management.It is the one selected in the present document as a reference for defining the risk management principles presented above.According to CLC/TS 50701(see below),ISO27K series can be applied to the business part of railway infrastructure,which primarily includes IT systems.NIS Directive Cooperation Group guidelines.In 2018,the NIS cooperation group4 issued a“reference document”which provides a summary of the Groups main findings on cybersecurity measures for OESs(NIS Cooperation Group,2018).The reference document primarily covers the risk treatment phase of risk management.It does not establish a new standard nor duplicate existing ones(e.g.,ISO)but provides MS with a clear and structured picture of their current and often common approaches to the security measures of OESs.Beyond OESs,this reference document may be considered useful by other public or private actors looking to improve their cybersecurity.As it focuses on security measures,it will be studied in more detail in chapter 5.ISA/IEC 62443 standards.The ISA/IEC 62443 series of standards provides a framework to address and mitigate security vulnerabilities in industrial automation and control systems(IACS).They described both technical and process-related aspects of industrial cybersecurity and provide a risk management approach,especially for OT systems,which can be applied to OT used in the railway sector.In particular,the ISA/IEC 62443-3-2,“Security Risk Assessment,System Partitioning and Security Levels”standard defines a set of engineering measures to guide organisations through the process of assessing the risk of a particular IACS and identifying and applying security countermeasures to reduce that risk to tolerable levels.A key concept is the application of IACS security zones and conduits,which were introduced in ISA/IEC 62443-1-1,Concepts and Models.The standard provides a basis for 1 The method Afhankelijkheids-en Kwetsbaarheidsanalyse(A&K analysis)was developed in draft form by the Dutch public company RCC.The Dutch Ministry of Internal Affairs completed its development in 1996 and published a handbook describing the method.The method has not been updated since that time.The A&K analysis is the unique and preferred method for risk analysis by Dutch government bodies since 1994.In addition to the Dutch government,Dutch companies often use A&K analysis.https:/www.enisa.europa.eu/topics/threat-risk-management/risk-management/current-risk/risk-management-inventory/rm-ra-methods/m_dutch_ak_analysis.html 2 With the BSI Standard 200-3,the BSI provides an easy-to-apply and recognised procedure which allows organisations adequate and targeted control of their information security risks.The procedure is based on the elementary threats described in the IT-Grundschutz Compendium on the basis of which the IT-Grundschutz-modules were drawn up.https:/www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi-standard-2003_en_pdf.html;jsessionid=A26D9630FC3E530CDEECEACC00297837.internet461?nn=128620 3 EBIOS Risk Manager(EBIOS RM)is the method for assessing and treating digital risks,published by National Cybersecurity Agency of France(ANSSI)with the support of Club EBIOS.It provides a toolbox that can be adapted,the use of which varies according to the objective of the project.EBIOS Risk Manager is compatible with the reference standards in effect,in terms of risk management as well as in terms of cybersecurity.https:/www.ssi.gouv.fr/en/guide/ebios-risk-manager-the-method/4 The NIS Cooperation Group is composed of representatives of Member States,the Commission,and ENISA,has been established under the NIS Directive.It facilitates strategic cooperation between the Member States regarding the security of network and information systems.https:/digital-strategy.ec.europa.eu/en/policies/nis-cooperation-group RAILWAY CYBERSECURITY November 2021 11 specifying security countermeasures by aligning the identified target security level with the required security level capabilities set forth in ISA/IEC 6244333,System Security Requirements and Security Levels.CLC/TS 50701.Following this standard,the Technical Specification 50701 was issued(CLC/TS 50701,2021).This European Technical Specification applies ISA/IEC 62443 to the railway sector.It applies to the communications,signalling,processing,rolling stock and fixed installations domains.It provides references to models and concepts from which requirements and recommendations can be derived and which are suitable to ensure that the residual risk from security threats is identified,supervised,and managed to an acceptable level by the railway system duty holder.CLC/TS 50701 can be used to define a list of OT components for the railway sector,and to build a list of OT-specific security measures.Shift2Rail Risk Assessment Methods(projects X2Rail-1 and X2Rail-3).Shift2Rail proposes a risk assessment based on IEC 62443-3-2(X2Rail-1,2019;X2Rail-3,2020).It proposes a common railway framework,which includes:Attacker landscape dedicated to railway Threat landscape dedicated to railway based on(ISO 27005,ENISAs 2016 Threat Taxonomy 2016 and BSI:Threats Catalogue)Impact matrix Approach for high-level risk assessment and estimation of the security level targets based on the STRIDE threat classification Process for detailed risk assessment.Based on this common approach,Shift2Rail performed a risk assessment of a generic railway signalling system compliant with the IEC 62443 and proposed target security levels for the different identified zones.X2Rail-3 proposed a Simplified Risk assessment approach in 2020(X2Rail-3,2020)which consists of the following workflow:1.Description of the zone under assessment 2.Division of the assessment into six STRIDE threat domains5 3.Estimation of likelihood and impact 4.Risk computation 5.Security level mapping to risk level 6.Foundational Requirements6 security level mapping to six STRIDE threat domains security levels CYRail recommendations on cybersecurity of rail signalling and communication systems.The EU-funded project CYRail7 issued a guide published in September 2018(Cyrail,2018).This guide provides an analysis of threats targeting railway infrastructures,in addition to the development of attack detection and alerting techniques,mitigation plans and Protection Profiles for railway control and signalling applications to ensure security by design of new rail infrastructures.It relies on the IEC62443 standard.The security assessment consists of the following 5 steps:Identification of the system under consideration(SUC)Performing a high-level cybersecurity risk assessment to identify the worst-case risks Partition of the SUC into zones and conduits and definition of the vulnerabilities Realisation of detailed risk assessment in each zone and conduit in 10 steps(identify threats,identify vulnerabilities,determine consequence and impact,determine unmitigated likelihood,calculate unmitigated 5 The STRIDE model is a model of threats developed by Microsoft to identify computers security threats,as the first step in a proactive security analysis process.The next steps in the process are identifying the vulnerabilities in the implementation and then taking measures to close security gaps.STRIDE model defines a threat as any potential occurrence,malicious or otherwise,that can have an undesirable effect on the system resources.STRIDE stands for 6 main threats:Spoofing of user identity,Tampering with data,Repudiability,Information disclosure(privacy breach),Denial of Service(DoS)and Elevation of privilege.Vulnerability is an unfortunate characteristic that makes it possible for a threat to occur.An attack is an action taken by a malicious intruder to exploit certain vulnerabilities to enact the threat.It was created to be applied to a specific system or during the development of a product;therefore,it is less relevant at a company level,as it does not encompass the whole risk management process.Nevertheless,it can be used with a more global methodology when defining the threats.https:/ 6 According to IEC62443,security capabilities are organised according to seven Foundational requirements(FR1 Identification and Authentication Control,FR2 Use Control,FR3-System Integrity,FR4 Data Confidentiality,FR5 Restricted Data Flow,FR6 Timely Response to Events,and FR7 Resource Availability.7 https:/cyrail.eu/about-cyrail-project-1 RAILWAY CYBERSECURITY November 2021 12 cyber security risk,determine security level target,identify and evaluate existing countermeasures,revaluate likelihood and impact,calculate residual risk,document and communicate results)Documentation of the process This guide is useful to conduct risk analysis within the railway sector,particularly on control and signalling applications,using the IEC62443 standard.EULYNX,RCA,and OCORA approach.EULYNX is a European initiative led by 13 IMs to standardise interfaces and elements of signalling systems.EULYNX Reference Architecture defines the complete EULYNX system,describing the overall architecture,cross-cutting architectural concepts,and all generic functions of the system.Baseline Set 3 was completed in 20208.RCA stands for Reference Control,Command&Signalling(CCS)Architecture.It is an initiative led by members of the ERTMS Users Group(EUG)and EULYNX to define a harmonised architecture for the future railway CCS,with the main goal of substantially increasing the performance/total cost of ownership(TCO)ratio of CCS.The RCA Baseline Set 0 Release 1 was updated with the Cyber Security guidelines created by OCORA,RCA and EULYNX.It defines a risk assessment process taking IEC 62443 and CLC/TS 50701 as security standards and gives an example on how to apply it to trackside CCS.The following process is defined:Definition of system under consideration Initial zoning concept based on risk assessment Definition of attacker types Evaluation of the attackers,strength,motivation Supplementation of threats Sorting of threats into foundational requirements Definition of the initial security level per threat Entering the foundational requirement value into the vector of the preliminary zone Application of reduction factors to determine the final security level Application of the measures according to IEC62443 The focus of RCA is on the architecture of the CCS trackside.There is a similar initiative,named OCORA,which addresses the architecture of the CCS on-board side9.It is a joint initiative by 5 European railway companies10 which has been set up to define the architecture and interfaces for the next generation of on-board European Train Control System(ETCS)systems.UIC Guidelines for Cyber-Security in Railways.In 2018,the UIC ARGUS WG decided to produce an enforced document to provide specific guidance to the Railway(UIC,2018).This guidance document is designed to support the rail industry in reducing its vulnerability to cyber-attacks and to ensure availability,integrity,confidentiality of railway systems and data at all times.The document has a particular but not exclusive focus on signalling and telecommunication within railway.The document is based on the ISO 27001 and 27002 standards and offers guidance specific to railway.It also describes common risk management steps such as:establishment of the security context,assets identification(primary and supporting),impact analysis(supported by operational impact scenarios),threat identification,selection of applicable threat scenarios,estimation of risk level for each applicable threat scenario based on the likelihood and the impact of those threat scenario,selection of risk treatment options,and selection of a list of additional controls.8 https:/www.eulynx.eu/index.php/documents/published-documents/open-availability/baseline-set-3/257-20200623-eulynx-documentation-plan-eu-doc-11-v3-4-0-a/file 9 https:/ 10 Deutsche Bahn(DB),Socit nationale des chemins de fer franais(SNCF),Nederlandse Spoorwegen(NS),sterreichische Bundesbahnen(BB)and Schweizerische Bundesbahnen(SBB RAILWAY CYBERSECURITY November 2021 13 3.RAILWAY ASSETS AND SERVICES For RUs and IMs to manage cyber risks,it is crucial that they identify their railway assets and services that need to be protected.The railway sector is composed of multiple stakeholders who are responsible for their own infrastructure,assets and services,but they are strongly interconnected and interact with one another to deliver services.These interactions complicate risk assessment,because interdependencies between external stakeholders or suppliers must be considered in the analysis.The list resulting from this identification of assets and services should contain services the stakeholders have to deliver,and assets,such as devices,physical infrastructure,people and data needed to support these services.In addition,stakeholders may develop indicators to assess cyber risk impact on the availability,integrity and confidentiality of these assets and services(e.g.,number of users affected,economic impact,environmental impact,recovery time objectives,etc.).Eight essential high-level railway services have been considered during the 2020 ENISA study(ENISA,2020):Operating traffic on the network Ensuring the safety and security of passengers and/or goods Maintaining railway infrastructure and/or trains Managing invoicing and finance(billing)Planning operations and booking resources Information for passengers and customers about operations Carrying goods and/or passengers Selling and distributing tickets.Railway stakeholders can use various taxonomies as the basis to identify their key cyber-related assets and services and adapt it to their own operational environment.Based on the desk research and information collected during the workshops,the key point is to maintain an asset inventory for cyber-related assets.Assets should be identified and registered in the asset inventory based on the system they relate to,the service they support and the information they handle.As mentioned,interdependencies between systems and third-party hardware and software,vendors,or other stakeholders must be considered.They should be identified in the specifications of technical interface(and/or data exchange)requirements.Finally,the department/division responsible for cybersecurity should be included in procurement contract review and implementation to ensure cybersecurity is addressed.The identification of all interdependencies of the systems can be a real challenge.This is the case for external dependencies,but also for internal dependencies.Specifically,IT and OT interdependencies are complex because their boundaries are increasingly blurring,and OT and IT have different levels of maturity in terms of cybersecurity.Maintaining an exhaustive inventory is complex as systems are evolving fast,and the digitalisation of all processes is adding more and more systems that must be considered.This is exacerbated by the fact that the people responsible for the inventory often are unaware knowledge of all the assets and rely on systems engineers or security experts of the asset owner to maintain the inventory.Third-party-managed systems are also complicated to integrate in internal inventories due to this mix of responsibilities.To support this inventory,automated tools for asset management(identification,logging and monitoring)can be deployed,but the deployment of such tools requires strong interactions with systems that dont always support such interactions.For asset identification,IT/OT asset discovery tools can be deployed,but care needs to be taken during their configuration so as not to affect the performance of systems.RAILWAY CYBERSECURITY November 2021 14 3.1 TAXONOMY To help RUs and IMs choose which assets and services to include in their risk assessment,a comprehensive list has been compiled.It is based on the systems list described in the ENISA Report-Railway Cybersecurity of 202011.It has been constructed from existing literature,validated during interviews with railway stakeholders in 2020,and enriched based on the feedback received during the 2021 workshops.It gives a robust and high-level overview of railway assets,with relevant categories.Other,more detailed taxonomies exist in the sector and have been reviewed in order to complement and align(especially for the names and associated descriptions)this list with approaches on asset taxonomies,such as X2Rail Deliverables12,RCA-OCORA-Eulynx Security Guideline13 and TS50701.Indeed,RCA,OCORA,and Eulynx have created comprehensive asset architecture models specific to OT systems(on-board and trackside systems).They present assets at a more detailed level up to the component level and can be used for the risk assessment of a particular system,where such detail is required.This list has been broken down to 5 areas;the services that stakeholders provide,the devices(technological systems)that support these services,the physical equipment used to provide these services,the people that maintain or use them,and the data used.Fourteen service categories,together with sub-categories,are defined and depicted in Figure 2.For each service listed on(ENISA,2020),assets have been identified.These are based on the list of systems by(ENISA,2020),desk research,CLC/TS50701 and complemented with additions such as supply chain or freight assets.Supply chain assets refer to the assets provided by suppliers;as this present list may not be exhaustive,suppliers threats can be additionally covered by defining a list of suppliers and applying specific measures to them.Freight assets are especially relevant as railways amount for a significant amount of EU freight transport.They can be targeted by specific attacks that are more focused on financial gain rather than disruption or passenger safety.In addition,each asset has been characterised according to the kind of resources the asset uses:IT systems:refers to all components,devices and software used to store and process the information and realise IT operations.OT systems:refers to all components,devices and software used to conduct physical railway operations.Network and communications systems:refers to all components and devices used to physically convey information fluxes.Supply chain:refers to the assets provided by suppliers.Four device categories have been identified,namely:Telecom IT&OT infrastructure Infrastructures and trackside On-board These categories illustrate the systems to which the assets belong to and it is used to define the operation where the asset will be used:passenger comfort,signalling,corporate operations,etc.(see figure 3)Moreover,physical equipment can be found either on infrastructure and trackside(buildings,tracks,etc.),or on-board(trains,wagon,lighting,etc.)(see Figure 4)Finally,the different categories of people that are using these systems(clients or employees)and the different categories of data used by those systems are listed(see Figure 5).These taxonomies can be used for developing an initial ontology-knowledge representation for the railway domain.For detailed descriptions of these five areas of assets,please consult Annex A.11 See https:/www.enisa.europa.eu/publications/railway-cybersecurity 12 See X2R3-T8_3-D-SMD-004-06_-_Deliverable_D8.2-3c_Protection_profile_On-board_components and X2R3-T8_3-D-SMD-009-06_-_Deliverable_D8.2-3b_Protection_Profile_-_Trackside 13 See RCA Gamma published(eulynx.eu)RAILWAY CYBERSECURITY November 2021 15 Figure 2:Railway Service categories RAILWAY CYBERSECURITY November 2021 16 Figure 3:Railway devices RAILWAY CYBERSECURITY November 2021 17 Figure 4:Railway Physical Equipment Figure 5:People and Data RAILWAY CYBERSECURITY November 2021 18 4.CYBER-RELATED THREATS In the railway sector,compromised OT systems can affect passengers safety,cause a train accident,or interrupt traffic.OT systems are usually more vulnerable than IT systems,in part due to a lack of cybersecurity awareness in OT personnel,in part because they were not designed with cybersecurity in mind(long lifecycles of 30 years,presence of legacy systems)and because they are less controlled and decentralised compared to IT systems.While in the past they remained less exposed,often isolated from internet and other IT networks,they are now more and more interconnected with classic IT systems,which makes them even more vulnerable and exposed to cyber threats.RUs and IMs need to identify which cyber threats are applicable to their assets and services.One of the common questions is whether threats,such as disasters,physical attacks,or outages,should be included or considered as not being specific to the“cyber”ecosystem.Most stakeholders include them,as they can affect information security.If they are not included,they should be considered in other risk management or business continuity management processes of the company,and this must be agreed on when the threat taxonomy is being developed.Another challenge faced by the railway sector is assessing the likelihood of a threat scenario.One would need to consider the level of capability required for an attack,the level of exposure of the targeted asset,and the intent of an attacker,all of which are information that RUs and IMs may have difficulty in assessing accurately.Several methods are proposed by the different cyber risk management frameworks.For example,X2Rail-314 proposes to rely on the Common Vulnerability Scoring System(CVSS).They have selected four CVSS Exploitability metrics in CVSS:Attack Vector(System Exposure),Attack Complexity,Privileges Required and User Interaction.Levels for these metrics have been defined,mathematically calculating the resulting likelihood.Other methods are less quantitative,but also simpler to apply,such as ISO27005,which combines the likelihood of occurrence of the threat(low,medium,high),the ease of exposure(low,medium,high)and the value of the asset(from 0 to 4)to calculate the likelihood of an incident scenario15.It is also very difficult to maintain this information because it changes through time as the threat landscape evolves.Finally,the railway sector faces challenges associated with supply chains.Security risks related to suppliers(e.g.,remote access to the railway networks/systems)are less covered because of the heterogeneous and broad nature of the supplier landscape,but also because stakeholders do not have much control over the cybersecurity level of their suppliers and the cyber risks they may introduce.This topic can be reinforced by making an inventory of all the suppliers,categorising them in term of criticality(e.g.,do they have access to a critical system,is there a strong interconnection between systems,do they manipulate sensitive data,etc.)and assessing the cybersecurity maturity of the most critical suppliers as a starting point.4.1 TAXONOMY RUs and IMs should decide on a list of threats to be used to perform their cyber risk analysis.There are several threat taxonomies available,without a consolidated version being available.For a detailed mapping of railway threat taxonomies,one can consult“Appendix to D8.2 Security Assessment:A mapping of threat landscapes”(X2Rail-1,2019).This document maps various approaches to the proposed threat landscape by X2Rail-1 WP 8,which is based upon the ISO 27005 threat landscape with some improvements for railways.The ISO 27005:201116,ENISA Threat Taxonomy17 and BSI Threats Catalogues are mapped to the threats considered under the X2Rail-1 WP 8 Threat landscape.14 See X2Rail-3 Deliverable D8.1 Guidelines for railway cybersecurity 15 See ISO 27005,annex E,E.2 Detailed information security risk assessment 16 See ISO 27005,annex E,E.2 Detailed information security risk assessment 17 https:/www.enisa.europa.eu/topics/threat-risk-management/threats-and-trends/enisa-threat-landscape/threat-taxonomy/view RAILWAY CYBERSECURITY November 2021 19 Figure 6:Threat taxonomy RAILWAY CYBERSECURITY November 2021 20 To assist in this process,this report provides a comprehensive and tailored list of threats based on the 2016 ENISA Threat Taxonomy18,as this is a more extensive list.It can be used as the basis to identify threats that apply in the context of the company and to assess railway cyber threats.It has been simplified to better apply to railways,and to ensure stakeholders can effectively use it.The resulting list of categories was reviewed and validated with experts during dedicated workshops.The main categories are as follows:Disaster(natural,environmental)Unintentional damage/loss of information or IT assets Physical attack(deliberate/intentional)Failures/Malfunction Outages Malicious activity/Abuse Each threat belongs to a category and is applicable to one or more railway assets.This taxonomy has been represented graphically in Figure 6 and the threats are described in more detail in Annex B.For an updated view of the current threat landscape,i.e.the current top threats,readers can consult the latest ENISA Threat landscape report19.For a more detailed analysis of adversary tactics,the MITRE ATT&CK knowledge base20 and the Common Attack Pattern Enumeration and Classification(CAPEC)21 can also be used.4.2 CYBER RISK SCENARIOS This section describes examples of cyber risk scenarios which can assist railway stakeholders when performing a risk analysis.They show how the asset and threat taxonomies can be used together and were based on the known incidents of the sector and the feedback received during the workshops.Each scenario is associated with a list of security measures,detailed later in chapter 28,which will mitigate the risk of this scenario occurring,and are derived from best practices.The following scenarios are described:Scenario 1:Compromising a signalling system or automatic train control system,leading to a train accident Scenario 2:Sabotage of the traffic supervising systems,leading to train traffic stop Scenario 3:Ransomware attack,leading to a disruption of activity Scenario 4:Theft of clients personal data from the booking management system Scenario 5:Leak of sensitive data due to unsecure,exposed database Scenario 6:Distributed Denial of Service(DDoS)attack,blocking travellers from buying tickets Scenario 7:Disastrous event destroying the datacentre facility,leading to disruption of IT services 18 See https:/www.enisa.europa.eu/topics/threat-risk-management/threats-and-trends/enisa-threat-landscape/threat-taxonomy/view 19 https:/www.enisa.europa.eu/topics/threat-risk-management/threats-and-trends 20 https:/attack.mitre.org/21 https:/capec.mitre.org/RAILWAY CYBERSECURITY November 2021 21 4.2.1 Scenario 1 Compromising a signalling system or automatic train control system,leading to a train accident Figure 7:Compromising a signalling system or automatic train control system,leading to a train accident This scenario requires high motivation of the attacker and in-depth knowledge of railway systems and networks.It is considered a low likelihood scenario.It has been included as the potential impact can be very high and this is one of the primary concerns of railway stakeholders when considering cyber risks.A similar incident took place in the city of Lodz,Poland in 2008 when an attacker managed to hack into a tram system.Attack details An attacker gathers information(type of requests,IP address,etc.),o either trespassing on railway undertaking train facilities(e.g.,depos,maintenance centre,etc.),o or from a malicious employee,o or using phishing to steal information from an employee;An attacker builds a device or a software to command-and-control junctions and trains according to gathered information;An attacker uses of the device to control the junctions and the trains;An attacker provides false information to the system,leading to a major disruption or even a train accident.Impacts Stakeholders Assets affected Train casualties Human casualties Disruption of activity Loss of reputation Railway undertaking Infrastructure manager Automatic train control system Interlocking systems Tracks,trains Passengers Security Measures High level security measures Examples of specific measures NIS-PR.10-Physical and environmental security NIS-GV.6 Human resource security NIS-PR.4 Cryptography NIS-PR.8 Access right NIS-DF.3 Logs correlation and analysis NIS-DF.1 Detection NIST-PR.AT Awareness&Trainings(1,2,3,4,5)CLC/TS50701 SR 1.2-Software process and device identification and authentication RAILWAY CYBERSECURITY November 2021 22 4.2.2 Scenario 2 Sabotage of the traffic supervising systems,leading to train traffic stop Figure 8:Sabotage of the traffic supervising systems,leading to train traffic stop This scenario is a targeted attack using a specific Industrial Control System(ICS)malware to disrupt the traffic supervising systems,thus leading to an urgent stop of train traffic.Such an incident has not yet occurred in the railway sector.This scenario could also be applied to freight docking systems,and thus disturb or interrupt freight activity.Attack details An attacker introduces an ICS malware,through phishing emails sent to employee or removable devices used on OT systems;The ICS malware propagates,takes over of the system,and gains remote access;The malware allows the attackers to easily communicate with traffic supervising systems and remotely manipulate the systems memory to inject shellcodes,eventually injecting a payload that disrupts traffic supervising systems;The traffic supervising systems stop,preventing their supervision and leading to an urgent stop of train traffic.Impacts Stakeholders Assets affected Disruption of activity Loss of reputation Railway undertaking Infrastructure manager Remote monitoring Temporary speed restriction Interlocking Train control Automatic train protection Freight docking Security Measures High level security measures Examples of specific measures NIS-GV.6 Human resource security NIS-PR.9 IT security maintenance procedure NIS-GV.5 Security Audit NIS-DF.1 Detection NIS-DF.3 Logs correlation and analysis NIST-PR.AT Awareness&Trainings(1,2,3,4,5)CLC/TS50701-SR 3.2-Malicious code protection CLC/TS50701-SR 3.3-Security functionality verification CLC/TS50701-SR 3.4-Software and information integrity RAILWAY CYBERSECURITY November 2021 23 4.2.3 Scenario 3 Ransomware attack,leading to a disruption of activities Figure 9:Ransomware attack,leading to a disruption of activities In 2021,ransomware attacks are considered the top threat scenario and are targeting the transport sector.In this case,the attacker infiltrates the information system,exploits a vulnerability,and deploys a ransomware on a large amount of assets.A similar incident happened in May 2017 when Germanys Deutsche Bahn rail infrastructure was infected with WannaCry ransomware22,leading to messages appearing on station information screens.Attack details An attacker infiltrates the information system by phishing or stealing credentials;They scan the network for vulnerabilities,to exploit them and gather information;They discover vulnerabilities on systems(e.g.due to inadequate patch management);They deploy a ransomware that encrypts the data on all vulnerable systems;The infected systems and devices cannot be used anymore;They demand a ransom in bitcoins in a limited amount of time in exchange for data to be decrypted.They further extort employees and customers by threatening to expose personal or confidential data.Impacts Stakeholders Assets affected Disruption of activity Loss of data and information Loss of reputation Financial loss Railway undertaking Infrastructure manager IT systems in services and devices Data,information and knowledge Security Measures High level security measures Examples of specific measures NIS-PR.9 IT security maintenance procedure NIS-PR.2 System segregation NIS-PR.3 Traffic filtering NIS-GV.6 Human resource security NIS-DF.1 Detection NIS-DF.3 Logs correlation and analysis CLC/TS50701-SR 3.2 Malicious code protection CLC/TS50701-SR 3.4-Software and information integrity CLC/TS50701-SR 5.2 Zone boundary protection CLC/TS50701-SR 5.1 Network segmentation NIST-PR.AT Awareness&Trainings(1,2,3,4,5)22 See https:/ CYBERSECURITY November 2021 24 4.2.4 Scenario 4 Theft of clients personal data from the booking management system Figure 10:Theft of clients personal data from the booking management system This scenario is a targeted attack,where the attacker steals the identity of an administrator and is therefore able to connect to a cloud-based booking management system and exfiltrate customer data.A similar incident happened in November 2017 with Rail Europe North America(RENA)suffering due to a 3-month long data breach23 and in January 2019 when China Railways official online booking platform suffered a massive data breach,with information later being sold on the dark web24.Attack details Attackers identify and retrieve authentication data(credentials)to get access to useful systems:o by gathering information on railway systems through social engineering;o by identifying the targeted systems used for booking management and fetching the identity of the people using them;o once systems and their operators/users are identified,attackers launch phishing attacks to retrieve credentials to access to those systems;The attacker gets direct access,accesses the system using the administrator credentials;They get unauthorised access to customer data and retrieve it;They leak the data or sell them.Impacts Stakeholders Assets affected Tarnished reputation Regulatory sanction(GDPR)Railway undertaking Booking management Clients personal information Passengers Security Measures High level security measures Examples of specific measures NIS-GV.5 Security Audit NIS-PR.2 System segregation NIS-PR.3 Traffic filtering NIS-PR.7 Authentication and identification NIS-PR.8 Access rights NIST-PR.AT Awareness&Trainings(1,2,3,4,5)CLC/TS50701-SR 1.1 Human user identification and authentication CLC/TS50701 SR 4.1-Information confidentiality CLC/TS50701-SR 5.1 Network segmentation CLC/TS50701-SR 5.2 Zone boundary protection 23 See https:/ See https:/ RAILWAY CYBERSECURITY November 2021 25 4.2.5 Scenario 5 Leak of sensitive data due to unsecure,exposed database Figure 11:Leak of sensitive data due to unsecure,exposed database This scenario is also related to data leakage,but the starting point here is a supplier with a low cybersecurity level.The attacker uses this third-party weakness to exfiltrate sensitive data.A similar incident happened in February 2020 with a database of C3UK25,which offered Wi-Fi services to passengers in train stations.The database contained 146 million records,including personal contact details and dates of birth,and was exposed online without a password26.Attack details A supplier providing services stores sensitive data(e.g.,marketing company that manages a marketing campaign,data from an open Wi-Fi service available at a train station)in an unprotected database,exposed on internet,without password and without encrypting the information;Hackers connect to the database and exfiltrate the information;The database contains personal information,such as email addresses,date of birth,name,reason to travel and travel arrangements;Hackers use the information for extortion attacks targeting employees and customers.Impacts Stakeholders Assets affected Loss of users data Regulatory sanction(GDPR)Tarnished reputation Railway undertaking Data,information and knowledge(sensitive data:personal,email,telephone,commercial and financial,train/traffic,supply chain data,freight data,IT infrastructure with audit/logs,other IT systems data)People(Passengers;employees-executives,drivers and all other)Security Measures High level security measures Examples of specific measures NIS-GV.5 Security Audit NIS-GOV.7 Ecosystem mapping NIS-GOV.8 Ecosystem relations NIST-ID.SC Supply Chain Risk(1,2,3,4,5)ISO27002-A.15 Supplier relationships CLC/TS50701 SR 4.1-Information confidentiality 25 Wi-Fi for transport service provider 26 See https:/ RAILWAY CYBERSECURITY November 2021 26 4.2.6 Scenario 6 DDoS attack,blocking travellers from buying tickets Figure 12:DDoS attack,blocking travellers from buying tickets This scenario is a targeted attack,where the prerequisite for the attacker is to have created a botnet network(a set of compromised devices controlled by a hacker to perform their attacks).The attacker can then use the botnet to flood devices with requests and make them unavailable.Another possibility to consider for a DDoS scenario is a non-targeted attack,where an Internet Service Provider(ISP)is targeted with this type of attack,thus affecting railway services that use this ISP.Attack details An attacker has previously infected a number of computers,creating a botnet(a set of compromised devices controlled by a hacker to perform their attacks);The botnet is used to launch a DDoS attack on the railway networks:the networks and servers exposed to the internet are flooded with requests and connection attempts and thus shut down,unable to sustain the flow;All services and actions that need the internet-exposed devices are now unavailable:ticket-vending machines,sites or applications,and commercial websites.Passengers are unable to book tickets.Impacts Stakeholders Assets affected Tarnished reputation Loss of revenue Disruption of activities Administrative and resource burden Railway undertaking Booking management Automatic fare collection Security Measures High level security measures Examples of specific measures NIS-DF.1 Detection NIS-DF.3 Logs correlation and analysis NIS-RS.1 Business continuity management NIS-RS.2 Disaster recovery management ISO27002-A.17.1 Information security continuity ISO27002-A.17.2 Redundancies CLC/TS50701-SR 7.1 Denial of service protection RAILWAY CYBERSECURITY November 2021 27 4.2.7 Scenario 7 Disastrous event destroying the datacentre,leading to disruption of IT services Figure 13:Disastrous event destroying the datacentre,leading to disruption of IT services This scenario is the consequence of a disastrous event which leads to disruption of activity.The event(natural disaster,fire,etc.),affects the datacentre and destroys part of it,leading to a physical destruction of IT systems and thus a disruption of activities related to these services.Depending on the redundancy strategy of the company(geo-redundancy,cloud,external back-ups,etc.),the disruption can last more or less time.A similar incident happened in March 2021 when OVH27 had a fire in one of its datacentres,making millions of websites unavailable for days28.Attack details A disastrous event affects the datacentres and destroys part of it;it can be either a natural disaster(earthquake,flooding,storm,etc.)or a fire due to a physical malfunction;The railway servers supporting the IT systems are physically destroyed;The main IT systems are unavailable,leading to a disruption of all IT-supported services:corporate and support,sales and customers relations,timetable construction systems,asset management;The back-ups stored in the datacentres are physically destroyed as well;data are thus lost,prolonging the disruption.Impacts Stakeholders Assets affected Loss of information Disruption of activities Loss of revenue Railway undertaking Infrastructure manager IT systems in services and devices Data,information and knowledge Security Measures High level security measures Examples of specific measures NIS-RS.1 Business continuity management NIS-RS.2 Disaster recovery management NIS-PR.10-Physical and environmental security ISO27002-A.17.1 Information security continuity ISO27002-A.17.2 Redundancies NIST-RC.RP Recovery Planning(1)CLC/TS50701-SR 7.3 Control system backup CLC/TS50701-SR 7.4 Control system recovery and reconstitution CLC/TS50701-SR 7.5 Emergency power 27 French Hosting and Cloud company 28 See https:/ RAILWAY CYBERSECURITY November 2021 28 5.CYBERSECURITY MEASURES Once risks have been identified and prioritised according to risk evaluation criteria in relation to the incident scenarios that lead to those risks,they should be treated via a risk treatment plan.Four options are usually proposed regarding risk treatment29:risk modification,risk retention,risk avoidance and risk sharing.Risk modification is modifying the level of risk by introducing,removing,or altering controls so that the residual risk can be reassessed as being acceptable.30 Risk retention is accepting the risk without further action,if the level of risk meets the risks acceptance criteria.31 Risk avoidance is avoiding the activity or condition that increases the particular risk.32 Risk sharing is sharing the risk with another party that can most effectively manage the particular risk.33 As described in the ISO 27005 standard,these options must be selected based on the outcome of the risk assessment,the expected cost for implementing these options and the expected benefits from these options.At the end of the process,no risk exceeding the risk acceptance criteria should be left.In order to reduce the identified risks to acceptable levels,appropriate security measures should be identified and prioritised.Security measures can be defined internally,using best practices and building a remediation plan tailored to the information system.However,a common practice is to use already-defined security measures published in security frameworks.These security frameworks often contain a list of controls or security requirements.NIS Directive cybersecurity measures.The NIS cooperation group issued a list of security measures directed to OESs in a Reference document on security measures for Operators of Essential Services.The purpose of this list is“to provide Member States with a clear and structured picture of Member States current and often common approaches to the security measures of OES”.34 The document examines a high number of domains where cybersecurity measures should be applied.For each domain,it gives a set of broad measures alongside their definitions(Figure 14).These domains and measures could be used as the first basis for the risk treatment plan and complemented with measures from the CLC/TS 50701 regarding the OT cybersecurity and ISO/IEC 27002 security measures for IT cybersecurity.Indeed,during the workshops,it was discovered that RUs and IMs often choose a two-step approach,by selecting a general framework for IT cyber risk treatment and complementing it with a more detailed,industry-driven one for the OT cyber risk treatment.ISA/IEC 62443 and CLC/TS 50701 are among the main references used for OT cybersecurity.For IT risk frameworks,NISD national security requirements,ISO27002 framework and the NIST Cybersecurity framework are among the more commonly used.Other less common frameworks have also been cited,such as the SANS Top 20 Critical Security Controls35,or the Forrester Information Security Model36.29 See for instance ISO 27005,chapter 9 Information security risk treatment 30 See ISO 27005,chapter 9.2 Risk modification 31 See ISO 27005,chapter 9.3 Risk retention 32 See ISO 27005,chapter 9.5 Risk avoidance 33 See ISO 27005,chapter 9.5 Risk sharing 34 Reference document on security measures for Operators of Essential Services,p.5 35 A list of 20 actions for cyber defence,that are close to the NIST 23 categories,and published by the SANS Institute,an organisation that provides information,resources,and training regarding cybersecurity.36 A security model declined in 123 security components(controls)divided into 25 functions and 4 domains has been cited.It is published by the market research company Forrester.RAILWAY CYBERSECURITY November 2021 29 Figure 14:Domains of security measures for OESs(NIS Cooperation Group,2018)The ISO/IEC 27002 standard and Annex A of ISO2001 describe requirements for information security management and a set of security controls37.These controls are organised in 12 categories38:Information security policies Organisation of information security Human resource security Asset management Access control Cryptography Operations security Communications security Supplier relationships Information security incident management Information security aspects of business continuity management Compliance Similar to the NIS Directive security measures,ISO 27002 could be used as a basis for the risk treatment plan,and complemented with additional national security requirements,while OT systems could be complemented with CLC/TS 50701.Some measures from the NIST framework could also be used as they can be described in more detail.The NIST Cybersecurity framework is accompanied by an exhaustive list of requirements.They are classified according to five functions(Identify,Protect,Detect,Respond,Recover)and 23 categories.Each of these categories contain a list of precise security requirements(over 900 in total).Those controls are also mapped against the ISA 62443 series and the ISO/IEC 27001:2013.The framework is quite detailed and focuses primarily on IT security.The NIST cybersecurity framework can be used as is and complemented by CLC/TS 50701 for OT railway systems requirements,or it can be used to complete another generic frameworks or standards,such as the ISO 27001 or the NIS Directive security requirements.CLC/TS 50701 is based on or derived from IEC 62443 series standards.The purpose of the TS“is that,when a railway system is compliant to this TS,it can be demonstrated that this system is at the state of the art in terms of cybersecurity,that it fulfils its targeted Security Level and that its security is maintained during its operation and maintenance.”It is best suited for industrial systems and designed specifically for the railway sector,as it applies to the Communications,Signalling and Processing domain,the Rolling Stock domain and to the Fixed Installations domain.It contains a list of security requirements for the OT components and services of the railway sector and thus 37 https:/www.enisa.europa.eu/topics/threat-risk-management/risk-management/current-risk/risk-management-inventory/rm-ra-methods/m_iso27001.html 38 ISO/IEC 27001 Standard-Information technology-Security techniques-Information security management systems Requirements,p9 RAILWAY CYBERSECURITY November 2021 30 should be completed with a more generic approach,such as the ISO 27001,the NIST Cybersecurity Framework or the NIS Directive.5.1 APPLYING CYBERSECURITY MEASURES To help stakeholders implement the security measures,workshops were conducted with relevant experts and institutions to discuss challenges,priorities,and best practices.The purpose was to gather concrete feedback on the risk treatment plans.Defining the list of measures that will be used was described as the top priority of the attendants of the workshops.To do so,operators draw a list of cybersecurity measures from known references.Assets maturity is assessed against those measures,and measures that are not met are included in the list of security measures that must be applied to these assets.This list of security measures can also be used as a common basis for the manufacturers to implement minimum cybersecurity requirements by design or for security requirements to be included in contract specifications.To define the set of measures that will be used,organisations also assess the level of compliance with national cybersecurity requirements(primarily according to the NIS Directive,but also against other requirements stemming from laws on national security,transport security or critical infrastructure protection).During the workshops,stakeholders highlighted the importance of awareness raising and training sessions(especially against top threats,such as ransomware and phishing)or email security to prevent phishing.On the latter,the protection of endpoints and network segregation is also a top priority to reduce the risk of propagation of such attacks.As for OT security,the emphasis is placed mainly on network segregation and access control for critical systems.Adaptation of legacy systems is also a concern and should be considered as a priority,but it is also a big challenge,considering the complexity of updating systems with long lifecycles.Additionally,particular emphasis is placed on incident response.Finally,applied security measures are often challenged by external audits or penetration testing.Some organisations use third parties to conduct such assessments.The systems tested can belong both on the IT and OT domains.In addition to technical audits,governance audits can also be conducted,such as an ISO-compliance audit.Furthermore,business continuity and recovery and incident response plans can also be tested with crisis exercises.A challenge cited by multiple RUs and IMs is the management of relationships with third parties and ensuring that the products and services supplied meet cybersecurity requirements.Often,compliance with NIS Directive security requirements does not apply to third parties.To engage more with the industry and to encourage the implementation of cybersecurity measures,one solution could be to design a baseline at EU level to make the manufacturers and providers align their systems compliance.Common baseline requirements should be reflected in tenders to allow for competing solutions achieving similar security capabilities across Europe.However,when considering minimum baseline requirements,there are risks involved,such as the minimum baseline not changing while the threat landscape changes,or that these minimum-security requirements do not meet the risks of the organisation.The use of EU certification schemes for IT or OT cybersecurity(should these become available)could be also a way to assess whether such requirements are met by the industry.Another challenge that was identified is continuity,i.e.,ensuring that the security level remains adequate and that the risks are continuously monitored.To do so,regular reviews and compliance assessments are needed.Maintaining an up-to-date threat landscape for the railway sector is equally important.An additional challenge is the separation between IT and OT,as it is often difficult to differentiate what is strictly OT from what is IT.In this case,it is difficult to know which controls to apply.5.2 CYBERSECURITY MEASURES To help stakeholders define cybersecurity measures,a list of controls from the NIS Directive has been mapped against various references(ISO27001,NIST CSF and CLC/TS5070139).It is up to the stakeholders to choose whether they will only select some measures from this list,use it as a basis for building their own list,or use it in entirety.Stakeholders should also remember that they may have to comply with national guidelines and specific 39 The security measures of CLC/CS 50701 are matching the measures described in IEC 62443-3-3:2013.RAILWAY CYBERSECURITY November 2021 31 national sectorial regulations.They should also verify which references apply to them and,if needed,complete the present list with the missing requirements.The mapping was done in two phases:first,the references were reviewed and the most relevant measures were put in front of the NIS Directive measures,keeping these measures as the starting point of the review.Then,the reverse operation was carried out:the measures from the references that had been removed in the first phase were added to the most relevant NIS Directive measures.This ensures that all NIS Directive measures have been covered;and that all the other referenced measures are integrated into the mapping.An example of a security measure is included below.It includes measures under the NIS Directive domain:Protection and the category of“Identity and Access Management”.The two measures of this category“Authentication and identification”,and“Access rights”are described according to the NIS Directive guidelines.They are then associated with relevant measures that can be found in ISO/IEC 27002,the NIST cybersecurity framework and CLC/TS50701.A detailed list of security measures can be found in Annex C.Table 1:Domain:Protection-Category:Identity and Access Management RAILWAY CYBERSECURITY November 2021 32 Measure Description ISO/IEC 27002 NIST CSF CLC/TS50701 NIS-PR.7 Authentication and identification For identification,the operator sets up unique accounts for users or for automated processes that need to access resources of its Critical Information System(CIS).Unused or no-longer-needed accounts should be deactivated.A regular review process should be established.A.9.1 Business requirements of access control A.9.3 User responsibilities A.9.4 System and application access control A.9.4.2 Secure log-on procedures A.9.4.3 Password management system PR.AC Identity Management,Authentication and Access Control(1,4,6,7)PR.DS Data Security(5)SR 1.1-Human user identification and authentication SR 1.2-Software process and device identification and authentication SR 1.3-Account management SR 1.4-Identifier management SR 1.5-Authenticator management SR 1.6-Wireless access management SR 1.7-Strength of password-based authentication SR 1.8-Public key infrastructure(PKI)certificates SR 1.9-Strength of public key authentication SR 1.10-Authenticator feedback SR 1.11-Unsuccessful login attempts SR 1.12-System use notification SR 1.13-Access via untrusted networks SR 2.1-Authorisation enforcement SR 2.2-Wireless use control SR 2.3-Use control for portable and mobile devices SR 2.4-Mobile code SR 2.5-Session lock SR 2.6-Remote session termination SR 2.7-Concurrent session control SR 5.2-Zone boundary protection NIS-PR.8 Access rights Among the rules defined in its systems security policy,the operator grants access rights to a user or an automated process only when that access is strictly necessary for the user to carry out their mission or for the automated process to carry out its technical operations.A.9.1 Business requirements of access control A.9.2 User access management A.9.4.4 Use of privileged utility programs A.9.4.5 Access control to program source code ID.AM Assets management(5,6)PR.AC Identity Management,Authentication and Access Control(1,4,6,7)PR.DS Data Security(5)PR.PT Protective Technology(3)SR 1.1-Human user identification and authentication SR 1.2-Software process and device identification and authentication SR 1.3-Account management SR 1.4-Identifier management SR 1.5-Authenticator management SR 1.6-Wireless access management SR 1.7-Strength of password-based authentication SR 1.8-Public key infrastructure(PKI)certificates SR 1.9-Strength of public key authentication SR 1.10-Authenticator feedback SR 2.1-Authorisation enforcement RAILWAY CYBERSECURITY November 2021 33 6.CONCLUSIONS European RUs and IMs use a combination of good practices,approaches,and standards to perform cyber risk management for their organisations.This report gathers insights on these current practices in a single document and can assist railway undertakings and infrastructure managers in their efforts to apply them.It provides examples of reference material,such as available taxonomies of assets and threats,comprehensive threats scenarios,derived from real incidents and cyber risk mitigation measures,derived by guidelines and standards.The report also highlights the challenges faced when applying such approaches.Most importantly,there is a lack of a single cyber risk management approach for railway organisations to cover both IT and OT in a unified manner.IT vs OT risk management approaches.The differentiation between IT and OT in the railway sector is increasingly difficult and having discrete approaches and taxonomies for cyber risk management makes the issue more challenging.In many cases,it can be a complex process to identify which approach is better suited,whether a device can be considered IT or OT or which security measures and which standard should be applied.Having a more structured and unified approach with respect to cyber risk management would help the sector to harmonise,thus facilitating risk discussions between the different entities of the railway ecosystem.It can also enable more collaboration with the supply industry of the sector.More harmonization and alignment of good practices.Future work could include further alignment of the sector-specific taxonomies and more guidance on the application of good practices.Wherever possible,further standardisation could be pursued,as this is also a request stemming from the railway supply industry,which advocates for more certification schemes at EU level.Significant sectoral challenges remain,including the cyber risk management of supply chains.This could be remedied with a regulatory approach encompassing the entire railway ecosystem under the same cyber risk management requirements.At present,key elements of the railway supply chain,both IT and OT,do not fall under the same European regulatory framework.Keeping railway systems and cyber risk assessments up-to-date.Another significant issue specific to the sector is the plethora of legacy systems which add an additional degree of difficulty when managing cyber risk.At present,it is not possible to provide relevant recommendations to address the cybersecurity of legacy systems in the railway sector.It would be necessary to involve the railway industry in such an exercise.Additionally,even for newly developed systems,there is the need to ensure that the results of risk assessments remain current,that risks are continuously monitored,and that the security level remains adequate.Maintaining an up-to-date threat landscape for the railway sector could be a step towards this direction.Railway organisations lack of a single cyber risk management approach to cover both IT and OT in a unified manner RAILWAY CYBERSECURITY November 2021 34 7.BIBLIOGRAPHY CLC/TS 50701 Railway applications Cybersecurity,2021.https:/www.en-standard.eu/clc/ts-50701-2021-railway-applications-cybersecurity/Cyrail,2018.CYRail Recommendations on cybersecurity of rail signalling and communication systems.September 2018.https:/cyrail.eu/IMG/pdf/final_recommendations_cyrail.pdf ENISA,2016.ENISA Threat Taxonomy v 2016.https:/www.enisa.europa.eu/topics/threat-risk-management/threats-and-trends/enisa-threat-landscape/threat-taxonomy/ENISA,2020.Railway Cybersecurity-Security measures in the Railway Transport Sector.November 2020.https:/www.enisa.europa.eu/publications/railway-cybersecurity ENISA,2021.Minimum Security Measures for Operators of Essentials Services(tool).https:/www.enisa.europa.eu/topics/nis-directive/minimum-security-measures-for-operators-of-essentials-services IEC 62443-2-1:2010,Industrial communication networks-Network and system security-Part 2-1:Establishing an industrial automation and control system security program.IEC 62443-3-3:2013,Industrial communication networks-Network and system security-Part 3-3:System security requirements and security levels.ISO 31000:2018,Risk management Principles and guidelines.ISO/IEC 27001:2013,Information technology-Security techniques-Information security management systems Requirements.ISO/IEC 27002:2013,Information technology-Security techniques-Code of practice for information security controls ISO/IEC 27005:2018,Information technology-Security techniques-Information security risk management.ISO-IEC 62443 series.https:/www.isa.org/intech-home/2018/september-october/departments/new-standard-specifies-security-capabilities-for-c NIS Cooperation Group,2018.Reference document on security measures for Operators of Essential Services.CG Publication 01/2018,February 2018.https:/digital-strategy.ec.europa.eu/en/policies/nis-cooperation-group NIST Cybersecurity Framework,2018.Cybersecurity Framework Version 1.1,April 2018.https:/www.nist.gov/cyberframework RCA OCORA Eulynx CS Guideline,2020.https:/www.eulynx.eu/index.php/documents/rca/251-rca-publications Risk Management:Implementation principles and Inventories for Risk Management/Risk Assessment methods and tools.https:/www.enisa.europa.eu/publications/risk-management-principles-and-inventories-for-risk-management-risk-assessment-methods-and-tools UIC,2018.Guidelines for cyber-security in railway,UIC-ETF,ISBN 978-2-7461-2732-6.https:/www.shop- X2Rail-1 Start-up activities for Advanced Signalling and Automation Systems(2016-2018).https:/projects.shift2rail.org/s2r_ip2_n.aspx?p=X2RAIL-1 X2Rail-1,2019.Deliverable D8.2-Security Assessment,rev.2.https:/projects.shift2rail.org/s2r_ip2_n.aspx?p=X2RAIL-1 X2Rail-3,Advanced Signalling,Automation and Communication System(IP2 and IP5)Prototyping the future by means of capacity increase,autonomy and flexible communication(2018-2020).https:/projects.shift2rail.org/s2r_ip2_n.aspx?p=X2RAIL-3 X2Rail3,2020.Deliverable D8.1-Guidelines for railway cybersecurity part 1 Simplified Risk Assessment.December 2020.https:/projects.shift2rail.org/s2r_ip2_n.aspx?p=X2RAIL-3 RAILWAY CYBERSECURITY November 2021 35 A ANNEX:ASSET DESCRIPTIONS Table 1:Assets per device category Assets Description Attribute Reference40 Telecom Radio transmission network Radio network used for all railway processes:communication with trains,signalling,safety and security operations,logistics management,etc.Network and communication systems ENISA,2020 Wired and wireless transmission network Wired and wireless systems used for network communications in LAN or Internet connection.Network and communication systems ENISA,2020 Operational telephone intercom Telephone-related devices such as loudspeaker systems,walkie-talkies,etc.Network and communication systems ENISA,2020 Mobile telephone devices(GSM)GSM/GSM-R phone devices.Network and communication systems ENISA,2020 IT&OT Infrastructure Computer&server Computers and servers used as support goods by all IT&OT systems.IT systems ENISA,2020 Infrastructures and trackside Automatic ticket distribution and verification infrastructures Devices and equipment to distribute and control the tickets.IT systems-CCTV(video surveillance)Devices used for video surveillance of assets and people at risk.OT systems CLC/TS 50701 Fixed infrastructure detectors Detectors such as track vacancy detectors,hot box detectors,avalanche detectors and fire detectors.OT systems CLC/TS 50701 Wayside equipment Source and destination for information about approaching trains and their crews.OT systems-Station signalling(automatic train protection,interlocking,radio block centre)Equipment for station signalling regarding interlocking(safe setting of routes for trains by controlling signals,points,and the track vacancy),automatic train protection(ATP)or radio block centre(controls the movement authorities for the trains in an ETCS Level 2/3 system).OT systems CLC/TS 50701 Fixed communication tools(GSM-R,MSC/BSC)Fixed devices to communicate with railway personnel and passengers.Network and communication systems CLC/TS 50701 Radio transmission relays Relays antenna for radio communication.Network and communication systems CLC/TS 50701 Wired and wireless transmission internal network infrastructures Equipment to support network communications.Network and communication systems CLC/TS 50701 40 When a reference to a document is not given,the element was added based on the consultation with experts(workshops).RAILWAY CYBERSECURITY November 2021 36 Assets Description Attribute Reference40 Public Wi-Fi and internet accesses Equipment to support public Wi-Fi and internet access.Network and communication systems CLC/TS 50701 On-Board On-board detectors Various on-board detectors such as ATP,fire detectors,alarms,anti-intrusion tools,diagnostics tools and energy metering.OT systems CLC/TS 50701 Driver tools On-board physical infrastructuresrelated to driver tools:traction,braking driver machine interface,train control management tools.Traction is the system responsible for train movement.The driver machine interface includes all the technological objects used to manage communications between the train and the driver(e.g.,screens,buttons,handles,etc.).OT systems CLC/TS 50701 Radio transmission relays On-board equipment that communicates with the networks and allows the train to communicate with corporate IT systems.Network and communication systems CLC/TS 50701 Wired and wireless transmission internal network infrastructures On-board equipment used for wired or wireless transmission on internal network(Mobile Communication Gateway,cab radio).Network and communication systems CLC/TS 50701 Public Wi-Fi and internet accesses On-board equipment giving the users access to internet(through Wi-Fi,for example).Network and communication systems CLC/TS 50701 On-board CCTV Equipment supporting CCTV on the train(cameras,recording systems),used for video surveillance of assets and people at risk.IT systems CLC/TS 50701 Table 2:Assets per service category Assets Description Attribute References41 Timetable construction Commercial offer construction Systems which allow commercial offers to be created for customers,including timetables for each train line(track usage for railway undertakers and commercial offers of train tickets for passengers or freight).IT Systems ENISA,2020 Staff planning Systems which allow the preparation of resource rosters(assets and staff),providing the staff planning for all people working in railway(drivers,controllers,railway worker,station employee,maintenance workers,etc.)IT systems ENISA,2020 Resources booking Systems which allow resource booking(locomotive,wagon,etc.)IT systems ENISA,2020 Sales,distribution,and customers relations Marketing Systems that allow the management of customer relations(e.g.,claims,loyalty cards,marketing campaigns).IT systems ENISA,2020 Booking management Systems enabling customers to buy tickets or book a train seat,including commercial websites and applications.IT systems ENISA,2020 Automatic fare collection Systems enabling the automatic collection of customers fares.IT systems ENISA,2020 41 When a reference to a document is not given,the element was added based on the consultation with experts(workshops).RAILWAY CYBERSECURITY November 2021 37 Assets Description Attribute References41 Network allocation systems Operation planning construction Systems enabling RUs to construct and plan operations and to inform the IMs of any special characteristics of trains or loads(e.g.,dangerous goods,oversize).IT systems ENISA,2020 Operation billing Systems enabling IMs to apply costing policies to the RU for the use of the infrastructure.IT systems ENISA,2020 Corridors booking Systems enabling RUs to book infrastructure(corridors)to operate their trains on the network IT systems ENISA,2020 Assets management Asset inventory Systems enabling RUs and IMs to inventory their assets.IT systems ENISA,2020 Logistics Systems enabling RUs and IMs to manage their asset logistics.IT systems ENISA,2020 Asset procurement Systems enabling RUs and IMs to account for their assets(infrastructure,or trains for example),and to procure new assets.IT systems ENISA,2020 Signalling Remote monitoring Systems used to direct railway traffic and oversee the monitoring of train locations on tracks.OT systems ENISA,2020 Key management Systems used to direct railway traffic and secure communication between trains.OT systems ENISA,2020 Juridical recorder unit Systems used to direct railway traffic and record events on trains complying with the ERTMS/ETCS standard.OT systems ENISA,2020 Temporary speed restriction Systems used to direct railway traffic and reduce the speed of rail traffic to ensure safe passage on unsafe sections of tracks.OT systems ENISA,2020 Interlocking Systems used to direct railway traffic and prevent conflict in signalling movements through an arrangement of tracks.It includes wayside systems that give information on approaching trains and their crews.OT systems ENISA,2020 Automatic train protection Systems which activate emergency brakes if train speed is faster than allowed.OT systems ENISA,2020 Command-Control Train control Master system to control all train elements(speed,doors,etc.).OT systems ENISA,2020 Automatic train control Systemresponsible forspeed control in response to external inputs.OT systems ENISA,2020 Automatic train supervision Systems used to enable movement of trains and manage traffic loads.OT systems ENISA,2020 Energy traction System overseeing the supply of the electrified rail network.OT systems ENISA,2020 Freight docking Systems and services related to freight docking:loading and unloading of goods,cranes,and platforms management.OT systems-Auxiliary Energy System overseeing the management of power delivery.OT systems ENISA,2020 Heating,ventilating and air conditioning(HVAC)System overseeing the management of heating,ventilation,and air conditioning.OT systems ENISA,2020 Lighting System overseeing the management of lighting.OT systems ENISA,2020 Water System overseeing the management of water.OT systems-Escalator and elevator System overseeing the management of escalators and elevators.OT systems-RAILWAY CYBERSECURITY November 2021 38 Assets Description Attribute References41 Development Bidding management systems Bidding systems for the RU or IM to answer invitations to tender for train operations or infrastructure management.IT systems ENISA,2020 Research and engineering systems Centralise and coordinate research and engineering.IT systems ENISA,2020 Passenger services Passenger announcement System overseeing the passenger announcement management.IT systems ENISA,2020 Passenger information System managing the passengers general information about their trip:track number,time of arrival,delay,etc.IT systems ENISA,2020 Passenger entertainment System overseeing the management of passenger entertainment(internet access.).IT systems ENISA,2020 Telecom Operational time distribution system System which synchronises the clocks of the different IT equipment(servers,workstations,etc.).Network and communication systems ENISA,2020 Security Access control System allowing the control of physical access within buildings.OT systems ENISA,2020 CCTV Video-surveillance systems.OT systems ENISA,2020 Network monitoring Network intrusion detection systems to detect abnormal activities.IT systems ENISA,2020 Cybersecurity Devices and software allowing cybersecurity activities:surveillance(SOC),firewalls,Endpoint Detection and Response systems.IT systems ENISA,2020 Safety Fire detection Systems managing fire detection within buildings,stations,or datacentres.OT systems ENISA,2020 Emergency telephony and alerting System managing operational communication and sending alerts in case of emergency.OT systems ENISA,2020 Operations safety Systems that keep operations safe and secure.OT systems ENISA,2020 Maintenance Asset inventory Systems enabling RUs and IMs to create an inventory of their assets related to maintenance(parts,equipment,etc.).IT systems ENISA,2020 Diagnosis System overseeing direct diagnosis or tele-diagnosis with GSM communication from the train.IT systems ENISA,2020 Maintenance scheduling System scheduling and operating maintenance activities on track and trains.IT systems ENISA,2020 Service provisioning Systems enabling the provision of maintenance equipment.IT systems-Corporate&Support IT ticketing systems IT ticketing systems to create and attribute tickets detailing IT users technical or help requests.IT systems ENISA,2020 Resource allocation systems System overseeing the management of allocation of resources used by RUs and IMs to perform usual business.IT systems ENISA,2020 RAILWAY CYBERSECURITY November 2021 39 Assets Description Attribute References41 Documentation systems/Document management System overseeing the management of documents(shared folders,SharePoint,OneDrive,etc.).IT systems ENISA,2020 Alert escalation and crisis management Process and system used in case of crisis,in order to escalate and manage the situation.IT systems ENISA,2020 Administrative telephone systems Administration of the telephone systems used by employees.IT systems ENISA,2020 Administrative time distribution Network Time Protocol(NTP)systems that provide time management for all systems.IT systems ENISA,2020 Finance Manages all financial aspects(accounting,consolidation).IT systems ENISA,2020 HR System for employee management:recruitment,pay,training,evaluation,etc.IT systems ENISA,2020 IT-related(equipment,services)system supply Vendor systemsfor IT services and equipment.Supply chain-Table 3:Assets per physical equipment category(description)Assets Description Reference42 On-Board Doors Sub-system that controls the train doors.CLC/TS 50701 On-board lighting On-board physical infrastructuresrelated to lighting.Includes the electronics dedicated to ensuring correct illumination of railway cars both internally and externally;special case of external lighting are headlights.CLC/TS 50701 Heating,ventilating and air conditioning(HVAC)On-board physical infrastructuresrelated to heating,ventilating and air conditioning.This system provides crew and passengers with ambient comfort conditions.CLC/TS 50701 Train Physical equipment of trains including embedded devices and their software.-Freight locomotives On-board physical infrastructuresrelated to freight locomotives.-Special wagons(Container transport,oil transport,refrigerated)On-board physical infrastructuresrelated to special wagons.-On-board system supply On-board physical infrastructuresrelated to the system supply.-Infrastructure and trackside Energy systems supply Infrastructures that support providing energy to all facilities.-Tracks All physical equipment and infrastructures relatedto tracks.-Catenary Supply of electric energy to trains.-42 When a reference to a document is not given,the element was added based on the consultation with experts(workshops).RAILWAY CYBERSECURITY November 2021 40 Assets Description Reference42 Train assembly facility Facilities where trains are assembled.-Stations-buildings All buildings used for train stations.CLC/TS 50701 Other buildings(Administrative,facilities,)All building used for corporate,IT or OT purposes.-Electrical substations Physical infrastructures that support electrical substations.CLC/TS 50701 Level crossing Physical infrastructures supporting level crossings.Protects the crossing area of rail and road traffic.CLC/TS 50701 Tunnels and bridges Physical infrastructures related to bridges or tunnels.Tunnels includes the electronics installed in railway tunnels to support tunnel specific infrastructure functions(e.g.,ventilation,alarm systems,fire and smoke detectors,fire extinguisher,etc.)Bridges includes the electronics installed in railway bridges to support bridge specific infrastructure functions(e.g.,monitoring systems,lift control,etc.).-Escalators and elevators Physical infrastructures related to escalators or elevators that allow passengers and employees to move in buildings and infrastructures.ENISA,2020 Lighting Physical infrastructures related to lighting.ENISA,2020 Water control Physical infrastructures related to water control(wells,etc.).-Fire management Physical infrastructures related to fire management(fire extinguisher,etc.)-Freight docking platform Physical infrastructures related to freight docking platforms,allowing loading and unloading of goods.-Goods storage facilities Physical infrastructures related to goods storage(such as containers).-Heating,ventilating and air conditioning(HVAC)Heating and ventilating equipment,providing crew and passengers with ambient comfort conditions.CLC/TS 50701 RAILWAY CYBERSECURITY November 2021 41 Table 4:People and data(description)Assets Description Data,Information and Knowledge Email Data used by email systems.Telephone Data used by telephone systems.Clients personal information Name,address,credit card information,usage,etc.Employee personal information Name,a
4人已浏览
2023-03-10 57页
5星级
RMI:虚拟电厂真正的好处(2023)(英文版)(25页).pdf
Virtual Power Plants,Real BenefitsHow aggregating distributed energy resources can benefit communities,society,and the gridReport/January 20232Virtual Power Plants,Real BenefitsAuthors and Acknowledgments Authors Kevin BrehmMark DysonAvery McEvoyConnor UsryAuthors listed alphabetically.All authors from RMI unless otherwise noted.ContactsKevin Brehm,kbrehmrmi.orgMark Dyson,mdysonrmi.org VP3 Information,vp3rmi.orgCopyrights and CitationKevin Brehm,Avery McEvoy,Connor Usry,and Mark Dyson,Virtual Power Plants,Real Benefits,RMI,2023,https:/rmi.org/insight/virtual-power-plants-real-benefits/.RMI values collaboration and aims to accelerate the energy transition through sharing knowledge and insights.We therefore allow interested parties to reference,share,and cite our work through the Creative Commons CC BY-SA 4.0 license.https:/creativecommons.org/licenses/by-sa/4.0/.All images used are from iS unless otherwise noted.3Virtual Power Plants,Real BenefitsAbout VP3 Virtual Power Plant Partnership,or VP3,is a coalition of nonprofit and industry voices that seeks to shift the necessary policies,regulations,and market rules to unlock the market for virtual power plants(VPPs).Our members span hardware and software technology solution providers,distributed energy resources(DER)aggregators,nonprofits,and others.A robust VPP market expands the possibilities for all DERs empowering households,businesses,and communities to play a role in the energy transition alongside technology solution providers.Learn more at vp3.io.About RMIRMI is an independent nonprofit founded in 1982 that transforms global energy systems through market-driven solutions to align with a 1.5C future and secure a clean,prosperous,zero-carbon future for all.We work in the worlds most critical geographies and engage businesses,policymakers,communities,and NGOs to identify and scale energy system interventions that will cut greenhouse gas emissions at least 50 percent by 2030.RMI has offices in Basalt and Boulder,Colorado;New York City;Oakland,California;Washington,D.C.;and Beijing.4Virtual Power Plants,Real BenefitsTable of Contents Executive Summary.5Virtual Power Plants:An Overlooked Resource.6Understanding VPPs.8 What Is a VPP?.8 How Do VPPs Work?.9 How Are VPPs Different than Other Demand-Side Solutions?.12How VPPs Can Address Key Grid Challenges.13 Reliability.13 Affordability.15 Decarbonization.16 Electrification.17 Health,Equity,and Consumer Empowerment.17Unlocking the VPP Opportunity.18 Barriers to Scaling VPPs.18 Interventions to Scale a Vibrant VPP Market.20Appendix.21 Peak Coincident VPP Capacity Methodology.21Endnotes.225Virtual Power Plants,Real BenefitsExecutive SummaryVirtual power plants(VPPs)grid-integrated aggregations of distributed energy resources are providing benefits to households,businesses,and society today.Moreover,they are on the cusp of significant market growth due to recent federal legislation and the ongoing technology-and market-driven transformation of the electricity grid.By 2030,VPPs could reduce peak demand in the United States by 60 gigawatts(GW).That number could grow to more than 200 GW by 2050.By avoiding generation build-out,decreasing wholesale energy costs,and avoiding or deferring transmission and distribution investments,VPPs can help reduce annual power sector expenditure by$17 billion in 2030.VPPs are also a key resource to meet climate goals VPPs can reduce greenhouse gas emissions by decreasing reliance on the most polluting fossil fuelfired power plants,incentivizing build-out of clean generation,and enabling economy-wide electrification.To access the full benefits of VPPs,there remains a need to understand and communicate VPP benefits,advance best practices,and shift policy and regulation to put VPPs on a level playing field with traditional grid investments.The next few years are a critical window for VPP market development.Coordinated and collective action over this time can set the VPP market on a path to delivering long-term benefits.RMIs new coalitionTo accelerate the growth of the VPP market and deliver the reliability,affordability,and climate benefits of VPPs at scale,RMI is launching the Virtual Power Plant Partnership(VP3):a coalition of nonprofit and industry voices dedicated to growing a vibrant VPP market.VP3 will publish technical resources,provide direct support in key venues,convene across stakeholders,and communicate to targeted and mass-market audiences to raise awareness of the VPP opportunity.For more information,please contact vp3rmi.org.6Virtual Power Plants,Real BenefitsVirtual Power Plants:An Overlooked Resource The coming decade will be a period of rapid change for the US electric grid.Policy,climate change,geopolitics,and consumer preferences will push the grid to evolve at unprecedented speeds.Grid planners,regulators,and operators have the challenge of managing these changes while simultaneously advancing power system performance across seven objectives:Reliability:increasing system reliability and resilience even as extreme weather and cybersecurity threats increaseAffordability:driving down household energy burden in the face of rising inflation and global energy supply chain disruptionDecarbonization:reducing greenhouse gas emissions to meet national,state,and corporate climate targetsElectrification:enabling rapid electrification of homes,transportation,and industry to reduce economy-wide emissions and avoid the worst impacts of climate changeHealth:reducing or eliminating early deaths and other health damages resulting from power plant pollutionEquity:addressing inequitable health and community impacts embedded in the current energy systemConsumer empowerment:providing energy consumers choice and a voice in shaping the power system in which they participateVirtual power plants(VPPs)grid-integrated aggregations of distributed energy resources are a resource to help advance performance across each of these objectives in the coming years.Unfortunately,VPPs are often overlooked by policymakers,utilities,and consumers.This brief defines VPPs in the context of emerging challenges and opportunities,discusses their benefits,and provides a set of recommendations for growing the VPP market in ways that help communities and society.14253677Virtual Power Plants,Real BenefitsVPPs are not new.This paper draws on data from a decade of successful VPP pilots and programs to demonstrate how VPPs help the grid meet pressing challenges.This paper also summarizes power system modeling to show VPPs can grow in scale and impact with the potential to offset or provide 14%of US peak electric power demand in 2050.1Although VPPs are not new,they are at an inflection point.Consumer adoption of flexible devices such as heat pumps,electric vehicles(EVs),and battery storage is accelerating just as the Infrastructure Investment and Jobs Act and Inflation Reduction Act will pump billions of dollars into the electric grid.At the same time,regulators and utilities are looking for short-and long-term solutions to reliability and affordability challenges.Over the next decade,VPPs could play a central role in meeting grid and societal needs.However,barriers related to wholesale market value,retail offerings,and consumer awareness must be addressed to unlock the full potential of VPPs.Planning and policy choices over the coming years will set the path for VPP market development over the coming decade.Over the next decade,VPPs could play a central role in meeting grid and societal needs.However,barriers related to wholesale market value,retail offerings,and consumer awareness must be addressed to unlock the full potential of VPPs.8Virtual Power Plants,Real BenefitsUnderstanding VPPs What Is a Virtual Power Plant?We define virtual power plants(VPPs)as grid-integrated aggregations of distributed energy resources.There are three key parts to that definition:Distributed energy resources(DERs):At its core,a VPP is comprised of hundreds or thousands of devices located at or near homes and businesses.Some of these assets(e.g.,behind-the-meter batteries)are readily dispatchable.Other assets(e.g.,solar photovoltaic PV,or passive energy efficiency investments)are less likely to be flexibly dispatched but still can be aggregated and provide value to the grid.Aggregation:A VPP brings these DER assets together into aggregations.In some instances,these aggregations can be collectively and directly controlled by a grid operator.At other times,the aggregation is much looser,with less direct control by a grid operator.Grid-integrated:Finally,VPPs provide value to the grid,and they are compensated for the value they provide.Properly integrated into long-term grid planning and real-time operations processes and/or markets,VPPs can add value alongside other,traditional grid assets like large-scale generating facilities.Exhibit 1(next page)shows possible components of a VPP.VPPs can include EVs and chargers;heat pumps;home appliances;heating,ventilating,and air conditioning(HVAC)equipment;batteries;plug loads;solar PV;or industrial mechanical equipment.Single-family homes,multifamily homes,offices,stores,factories,cars,trucks,and buses can all participate in a VPP.9Virtual Power Plants,Real BenefitsExhibit 1Heat pumpsThermostatsDishwashersWashers&dryersPlug loadsDispatchedcharging of EVsDispatchedvehicle-to-grid chargingMechanicalequipmentGenerationRoofopsolarBatterystorageRoofopsolarBatterystorageHVAC loadsTransmissionVPP AggregatorDistributionResidentialCommercialIndustrialTransportationVPPs Aggregate Distributed,Grid-Interactive Electric DevicesHow Do VPPs Work?There is no standard design for a VPP.Broadly,however,there are two channels through which VPPs can provide value and be compensated:1.Market-participant VPPs provide services to and are compensated by wholesale electricity markets.2.Retail VPPs provide services to and are compensated by utilities.10Virtual Power Plants,Real BenefitsCommitments&CommunicationsVPP ServiceDeliveryWholesale MarketOperator(i.e.,RTO,ISO)VPP AggregatorVPP MembersPaymentMarket operator sends price signal for:Capacity Energy Ancillary servicesAggregator enrolls households and businesses(members).Aggregator dispatches devices or communicates with members to dispatch devices.Market operator pays for services providedAggregator pays members:Sign-up bonuses Annual payments Direct rewardsCustomer-sited devices provide capacity,energy,and ancillary services to marketExhibit 2Market-participant VPPOhmConnect operates a market-participant VPP in Californias wholesale electricity market.OhmConnects VPP is comprised of more than 200,000 members with 250,000 dispatchable smart devices.2During an extreme heat wave that lasted from August 31 to September 8,2022,Californias wholesale market operator,California Independent System Operator(CAISO),called on all available resources to match supply and demand.These resources included VPPs managed by OhmConnect,Tesla,Sunrun,Leap Voltus,AutoGrid,and others.3Over the nine-day heat wave,OhmConnects VPP automatically dispatched member devices 1.3 million times in response to real-time signals from CAISO.CAISO paid OhmConnect for services delivered.OhmConnect in turn paid$2.7 million in rewards to its members.4Exhibit 2 illustrates how a market-participant VPP works.A Market-Participant VPP Calls on Customer-Sited Devices to Provide Services to Wholesale Electricity Markets11Virtual Power Plants,Real BenefitsCommitments&CommunicationsVPP ServiceDeliveryElectric UtilityUtility CustomersPaymentUtility*enrolls customers in VPP programUtility*dispatches devices or communicates with customers to dispatch devicesUtility pays customer for right to manage devices:Sign-up bonuses Annual payments Other paymentsUtility*dispatches VPPs to meet system needs:Resource adequacy Deferral/avoidance of upgrades Reduced fuel use/CO2 emissions*Utility may partner with third-party service providerExhibit 3Retail VPPNational Grids ConnectedSolutions is an example of a retail VPP.In the ConnectedSolutions program,National Grid an electric utility serving customers in New York and Massachusetts pays customers both upfront and annual incentives to enroll their smart thermostats,home batteries,and EVs in the VPP program.National Grid dispatches these devices to balance summer peak demand.In 2020,the VPP helped reduce summer peak demand by 0.9%.5 This helps National Grid avoid costs it would otherwise need to spend on wholesale power costs,transmission and distribution infrastructure upgrades,fuel,and other expenditures.Exhibit 3 illustrates a retail VPP.A Retail VPP Can Help a Utility Meet Demand and Reduce Costs for Both the Utility and Its Ratepayers12Virtual Power Plants,Real BenefitsA specific,but important,category of retail VPP is a VPP in which aggregations of DERs respond,either actively or passively,to rate designs set by power providers usually retail utilities or load-serving entities,but in some cases wholesale market operators.In the examples above,OhmConnect and National Grid actively aggregated households and businesses into VPPs and have technology to directly control devices operations.In contrast,tariffs(rates)paid by electric customers can also induce DER build-out and demand flexibility.These include time-of-use pricing,real-time pricing,critical peak pricing,and participation incentives,which all can achieve some level of demand flexibility but differ in their level of responsiveness and ability to dynamically adjust incentives in real time.How Are VPPs Different than Other Demand-Side Solutions?Our definition of VPPs is intentionally broad.It encompasses a wide range of solutions that harness and compensate DERs to meet the needs of the grid.Demand response,demand flexibility,demand-side management,DER aggregations,bring-your-own-device programs,and grid-interactive efficient buildings are all examples of programs and technologies that can contribute to VPPs.VPPs build on the success of decades of progress in demand-side management programs and participation models for DERs.Given the current landscape of rapidly shifting technology and emergent challenges to reliability,affordability,and other priorities,we use a broad definition of VPPs to characterize how,with renewed attention and targeted interventions,aggregated demand-side resources and programs can address these challenges at a scale rarely contemplated in previous decades.Though our definition is broad,not all programs that shape customer behavior are VPPs.For example,calls for voluntary conservation in a time of crisis do not compensate customers for the benefits they provide to the grid and thus do not transact value in the same way as commercially viable VPPs.13Virtual Power Plants,Real BenefitsHow VPPs Can Address Key Grid ChallengesVPPs are a powerful tool to help regulators,utility planners or operators,and other grid stakeholders address key challenges facing the grid.This section looks backward to see how VPPs have already provided value,as well as forward to project how VPPs can further address grid challenges in the coming years and decades,if policies and markets are structured to enable this.Reliability VPPs are key solutions to enhance grid reliability and resilienceGrid planners and regulators want to know if they can count on VPPs to show up during the days,hours,and minutes when the grid needs them most.VPPs are showing they can be trusted to support grid reliability.14Virtual Power Plants,Real Benefitsi This is the impact of demand flexibility on a modeled peak load day.It corresponds to the high electrification scenario,in which load grows 81%by 2050 compared with 2019.The figure from NREL does not include behind-the-meter storage,distributed solar,or energy efficiency.Exhibit 4Peak Coincident VPP Capacity 2030 17.3 GW 19.8 GW 14.9 GW 9.9 GW61.9 GWSource:See Appendix Electric Vehicles(Light-Duty)Residential Demand Flexibility Commercial Demand Flexibility Behind-the-Meter Battery StorageEach year there are more examples of how VPPs have contributed to grid reliability.A few are described below:Sunruns VPP reduced more than 1.8 gigawatt hours(GWh)of energy demand over the summer in ISO New England.6 Arizona Public Services Cool Rewards Program has enrolled 60,000 thermostats and helped shed nearly 100 megawatts(MW)during the hot summer months in 2022.7 South Australias VPP stabilized the grid in October 2019 when a coal-fired power plant tripped offline and left a supply gap of 748 MW.8 The VPP has also provided critical support during November 2019 and January 2020 grid disruptions between South Australia and Victoria.9 VPPs managed by AutoGrids platform collectively represented 5 GW of capacity and 37 GWh of energy across 15 countries as of summer 2021.These assets were dispatched 1,500 times to meet grid needs in summer 2021.10These examples demonstrate how VPPs are ensuring reliable operation of the bulk power system by reducing demand or injecting power into the system during times of critical demand.VPPs also provide three reliability-related benefits that traditional power plants do not:1.Rapid and flexible deployment:Whereas a fossil fuelpowered thermal energy plant(such as coal or gas)needs on average over four years to be developed and built,11 some VPPs can be developed in as little as months.Furthermore,while traditional power plant investments tie utilities to a single asset for decades,VPPs can be more flexibly reconfigured or scaled back in response to changing grid needs.2.Sited near load:VPPs can bypass transmission or distribution constraints or congestion by providing capacity close to load.3.Community energy resilience:Solar,batteries,and EVs can participate in VPPs when the grid is up or provide resilient power supply to homes and critical facilities when the grid is down.For example,General Motors,Ford,and others are piloting bidirectional charging programs in which EVs become backup home power sources.12Looking forward,VPPs can play a large role in supporting grid reliability in this decade and beyond.RMI analysis(detailed in the Appendix)estimates that VPPs could provide 62 GW of peak coincident dispatchable capacity by 2030.This is comprised of 17 GW flexible EV load,10 GW behind-the-meter battery storage,20 GW flexible residential demand,and 15 GW flexible commercial demand.Analysis from the National Renewable Energy Lab(NREL)found that by 2050,demand flexibility could reduce system-wide peak demand by roughly 200 GW.13,i15Virtual Power Plants,Real BenefitsAffordability VPPs are a cost-effective resource to improve electricity affordabilityThe average price of electricity is projected to increase 7.5%in 2022 compared with 2021.14 This is an inconvenience for many but an acute hardship for the 30.6 million energy-burdened households in the United States households paying more than 6%of their gross annual household income on energy bills.15 VPPs can make electricity more affordable both for customers who participate in VPPs and for homes and businesses that do not.VPPs directly compensate participating households and businesses through bill savings,cash payments,or rewards programs:OhmConnects California VPP,which includes 40%of their consumers qualifying as low income,saves customers on average$250$300 per year.16 In South Australia,customers save$200 per year by participating in the states VPP.17VPPs also help drive down bills for nonparticipating customers by reducing the total cost to operate the electric grid.VPPs do this in a few ways:1.Avoid or defer generation capacity investments by reducing peak demand.2.Avoid or defer distribution and transmission system investments by reducing peak demand.3.Reduce wholesale energy and fuel costs by shifting demand away from high-cost peaking resources and toward low-or no-marginal cost resources.This also provides decarbonization benefits.Looking into the future,NRELs electrification futures study found that demand flexibility could avoid or defer$120 billion(net present value NPV)worth of generation capacity investments through 2050.18,ii Efficient operation could avoid$10 billion in annual bulk system fuel and maintenance costs in 2050.19 Those studies do not include the potential impact of deferred or avoided distribution system upgrades,which further increase the economic value of VPPs.According to Brattle Group analysis,by 2030,demand flexibility could avoid generation capacity worth$9.7 billion,wholesale energy costs worth$4.8 billion,ancillary service charges worth$0.3 billion,and transmission and distribution costs worth$1.9 billion.20ii 201950 NPV of bulk system savings from enhanced flexibility as compared with current flexibility(Murphy et al.2021).16Virtual Power Plants,Real BenefitsDecarbonization VPPs accelerate power sector decarbonizationVPPs can help regulators,policymakers,businesses,and households reduce CO2 pollution.VPPs do this in three ways:1.Decrease dispatch of highly polluting power plants:VPPs can directly impact emissions by shifting demand away from times when the grid relies on the most highly polluting coal-and gas-fired power plants and toward times when carbon-free resources are available.This is the direct and near-term emissions impact of VPPs.2.Drive build-out of carbon-free power supply:VPPs provide flexibility and capacity that will be critically important in a future carbon-free power system.By shifting demand,VPPs can reduce solar and wind curtailment.This enhances the value of solar and wind in a region and can indirectly lead to more solar and wind build-out in the future.VPPs also can help avoid the need to build new fossil fuelfired power plants and help accelerate closure of some existing fossil fuelfired plants.3.Enable economy-wide electrification:VPPs can facilitate economy-wide electrification of other end uses,further reducing economy-wide emissions outside the power sector.This is discussed in the next section on electrification.VPPs have already shown how they can help enable retirement of some fossil fuel peaker plants:Green Mountain Powers VPP attributed part of the retirement of two diesel generators with 4 MW of peaker capacity to the ability to call on its VPP participants residential home battery systems while maintaining system-ramping capabilities and reliability.21 The City of Redondo Beach,California,is working with OhmConnect to develop a community VPP that eliminates reliance on AESs 68-year-old gas peaker plant in Redondo Beach.Over 20,000 people live within 1 mile of the gas peaker plant,which emits harmful nitrogen oxides and particulate matter.22The climate benefits of VPPs will increase over time as the United States deploys more electric devices,brings online more renewable energy,and retires coal generation.iii By 2050,VPPs could avoid 44 million 59 million tons of CO2 in 2050.23,iv This could go a long way toward helping the United States close the gap between current policy and commitments made in the Paris Climate Agreement.iii Multiple studies(including Zhou and Mai 2021)have shown that economic dispatch of demand flexibility could lead to increased utilization of coal generation.This is particularly the case if natural gas prices are high,in which case demand-side flexibility can lead to increased coal dispatch at the expense of natural gasfired generation.This finding points to a potential need to co-optimize VPP dispatch for both economics and emissions.iv Based on analysis in Zhou and Mai(2021).Fifty-nine million tons(Mt)is the annual emissions reduction from flexibility in the high-electrification scenario.Forty-four Mt of emissions are avoided through demand flexibility in the high-electrification,high-renewables scenario.As context,2021 power sector emissions were 1,551 Mt,according to the Energy Information Administration.17Virtual Power Plants,Real BenefitsElectrification VPPs enable economy-wide electrificationOver the coming decades,homes and businesses will increasingly adopt heat pumps,EVs,and other electric devices.The electricity system will need to grow and adapt to accommodate sustained load growth.VPPs enable cost-effective electrification in two ways:1.Avoided bottlenecks:By shifting demand,VPPs can avoid bottlenecks in transmission,distribution,or generation capacity,which could otherwise constrain electrification.2.Provide electrification revenue streams:VPPs provide additional revenue streams for flexibility from electric devices,helping encourage consumers to adopt them over nonelectric alternatives.Demand flexibility significantly eases the challenges associated with sustained load growth from EVs and heat pumps.For example,in a study of electrification strategies for a Colorado utility,24 RMI found that simple managed charging for EVs could reduce peak load growth by 20%relative to unmanaged demand from newly electrified devices.In this way,VPPs can accelerate a transition to a future in which electrified devices can help the grid be more resilient without incurring unneeded costs of infrastructure required to deliver energy to inflexible electric loads.Health,Equity,and Consumer EmpowermentThe examples in the preceding sections show how VPPs can also help advance health,equity,and consumer empowerment objectives.One way VPPs drive positive health outcomes is by decreasing reliance on natural gas-fired peaker plants.The examples in the decarbonization section show how the need for some peaker plants can be avoided through VPPs.These health benefits will disproportionately flow to people of color and low-income communities.Black,low-income populations are 1.2 times more likely than the average person in the United States to die prematurely from exposure to particulate matter from fossil fuel plants.25 Furthermore,as discussed in the affordability section,VPPs can advance equity outcomes by providing revenue-and cost-reduction opportunities for low-income households.Finally,VPPs empower consumers all consumers to play a more active role in shaping the way energy is used and consumed in society and within their homes and businesses.18Virtual Power Plants,Real BenefitsUnlocking the VPP Opportunity Barriers to Scaling VPPsFor VPPs to grow in the long term,more customers need access to attractive VPP offerings.Three core barriers stand in the way of VPP long-term growth:wholesale market rules,retail utility offerings,and consumer and policymaker awareness.26 Once these core barriers are addressed,more VPP businesses will have access to reliable revenue streams from utilities or wholesale markets,and customer-acquisition and grid-integration costs will fall.VPP businesses,in turn,will be able to provide highly compelling offerings to households and businesses.Wholesale market rulesFederal Energy Regulatory Commission(FERC)Order 2222(2020)requires regional transmission organizations(RTOs)and independent system operators(ISOs)to allow DERs to participate alongside traditional resources in the regional organized wholesale markets through aggregations.In theory,this decision allows the two-thirds of US businesses and households served by utilities and retail electricity providers within RTOs and ISOs to participate in VPPs.19Virtual Power Plants,Real BenefitsDER integration into wholesale markets is complex,and FERC is relying on RTOs to make rules that efficiently integrate and fairly compensate DER aggregations.The rules RTOs make in at least six areas will impact whether VPPs are able to thrive in those markets:271.Order 2222 implementation timing2.Limits on eligible aggregations Minimum aggregation size Technologies involved Location of devices3.Metering and telemetry requirements4.Interconnection processes and aggregation reviews5.Dispatch override by electric distribution companies6.Customer data access Retail utility offeringsIn areas not served by wholesale electricity markets,retail programs and retail rates are the only option for customers who want to be compensated for the services their devices can provide.Additionally,in areas served by wholesale markets,retail programs and rates will remain an important channel for VPPs.Unfortunately,in many areas retail programs are not available,or if they are available they are not yet compelling.Utilities may not yet provide compelling offerings for a few reasons:Operators at utilities do not yet trust VPPs to show up and provide services when critically needed.Necessary infrastructure(e.g.,smart meters)and software systems are not yet in place.Utilities are required(by law or regulation)to provide multiple technology-specific programs such as smart thermostat programs,managed charging programs,and battery storage programs instead of integrated multi-technology programs.Through the cost-of-service regulatory model,most utilities are financially incentivized to make capital investments,not to promote demand-side solutions.Legacy planning and resource procurement models and processes fail to consider or adequately consider demand-side resources.28Public utility commissions are responsible for regulating utilities VPP-related efforts.Unfortunately,VPPs cut across several topic areas energy efficiency,demand response,EVs,resource planning,procurement,and so on that have traditionally been handled through separate processes within commissions,making it unclear how to regulate them within existing dockets and proceedings.Furthermore,VPPs touch on complex planning-and cost-recovery issues for which regulatory best practice is still evolving.20Virtual Power Plants,Real BenefitsConsumer and policymaker awarenessAlthough VPPs are not new,awareness of them and their potential remains relatively low among customers and policymakers.As a result,VPP technology and service providers need to spend significant time and resources educating customers about VPP benefits,adding cost to the customer-acquisition process.Similarly,solutions providers and industry organizations need to educate elected officials and energy offices on VPPs.Without high levels of awareness and understanding,these policymakers may not be developing policies that capture the full benefits of VPPs.Interventions to Scale a Vibrant VPP MarketTo enable a vibrant VPP market that can unlock projects at the hundreds of gigawatts scale in the next decade,and the benefits associated with them,there is a need to work on three priorities in the next two to three years:1.Catalog,research,and communicate VPP benefits.This insight brief and the research referenced in this report attempt to describe and quantify the benefits of VPPs,but more work must be done to understand and communicate the full benefits of VPPs.For example,more work is needed to comprehensively characterize the current VPP market and the benefits VPPs are already providing.More research is needed to model mid-term(i.e.,2030)state-specific impacts of VPPs on reliability,affordability,decarbonization,and other key policy objectives.This research must be translated and communicated in ways that are useful to technical audiences(e.g.,utility planners and regulators)as well as less technical audiences(e.g.,elected officials,households,and businesses).2.Develop industry-wide best practices,standards,and roadmaps.Once the potential benefits are better understood,industry stakeholders must work together to develop efficient and effective ways to unlock those benefits.As things stand,the VPP market is characterized by nonstandard regulatory approaches,wholesale market rules,retail program structures,technology interoperability protocols,and finance approaches.To remove friction from the VPP market,service providers,utilities,regulators,and technology providers need to develop and advance a set of best practices,standards,and roadmaps.This work is complex and will not necessarily result in a one-size-fits-all approach to VPPs,but it will help to unlock VPP benefits by showcasing proven approaches to effective market integration and delivery of customer value.3.Inform and shape policy development.The two activities above are critical,but they will not be sufficient to drive market growth.Stakeholders who have an interest in the growth of the VPP market,including consumer advocates,large energy users,technology developers,and service providers,need to ensure that their voice is heard and listened to in federal,state,and RTO policy venues.Through collaboration across a wide variety of interested businesses and other groups,VPP advocates can marshal the resources and organizational force to effect change in policy and regulation that can put VPPs on a level playing field with traditional electricity system investments.21Virtual Power Plants,Real BenefitsAppendix Peak Coincident VPP Capacity Methodology VPP ResourceRMI Capacity Assumption ApproachTotal61.9 GWSee belowElectric Vehicles(Light-Duty Vehicles LDVs)17.3 GW17.3 GW=26.4 million light-duty EVs 0.654 kWh/unit-hour#vehicles hourly energy use assumed per unit during system-wide peak day/hour of the year Number of Vehicles Based on Edison Electric Institute analysis:26.4 million light-duty EVs29Energy Use per Vehicle Representative annual hourly demand for typical LDV based on modeling from RMI Peak hourly demand for June 30 at 5 p.m.(0.654 kWh/unit)30Notes/Conservatisms Based on light-duty EV load shape.Medium-and heavy-duty EV load shapes will be different.Does not account for shift in load shape over time.Peak demand and EV load profile will vary by region.As such,this is approximate only.Behind-the-Meter(BTM)Battery Storage9.9 GW Global projections for BTM storage in 2030:57 GWh31 The United States will have 40%of 2030 BTM storage:22.8 GWh32 Average system can reasonably assume 2.3 watts per watt-hour of capacity.“Typically,residential consumers batteries can reach 5 kW/13.5 kWh,whereas a battery for a commercial or industrial system is typically 2 MW/4 MWh.”33 22.8 GWh/2.3 hours=9.9 GWResidential Demand Flexibility19.8 GWMidpoint between:Mid-adoption:14.2 GW34 High adoption:25.3 GW35 Peak demand reductions are computed as the sum of impacts during each regions coincident peak hour36Commercial Demand Flexibility14.9 GWMidpoint between:Mid-adoption:11.6 GW37 High adoption:18.2 GW38 Peak demand reductions are computed as the sum of impacts during each regions coincident peak hourResidential-,Commercial-,and Community-Scale SolarN/AIgnore“solar”contribution to the capacity and reliability value of VPPs.Energy EfficiencyN/AIgnore“energy efficiency”contribution to the capacity and reliability value of VPPs.22Virtual Power Plants,Real BenefitsEndnotes1 Ella Zhou and Trieu Mai,Electrification Futures Study:Operational Analysis of US Power Systems with Increased Electrification and Demand-Side Flexibility,National Renewable Energy Laboratory,2021,https:/www.nrel.gov/docs/fy21osti/79094.pdf.2 OhmConnect Paid Members$2.7M and Saved 1.5 GWh of Energy During Recent California Heat Wave,”PR Newswire,September 29,2022,https:/ the Tesla Virtual Power Plant:2022 Performance,”Tesla,accessed October 24,2022,https:/ Bay Customers Support Californias Grid During Extreme Heat Wave Through Innovative Program,”Sunrun,September 20,2022,https:/ Delivers Crucial Grid Support during Californias Record-Breaking September Heat Wave,”Leap,September 7,2022,https:/www.leap.energy/blog/leap-delivers-crucial-grid-support-during-california-s-record-breaking-september-heat-wave;and“Voltus Helps Prevent Blackouts During Californias Record-Breaking September Heat Wave,”Voltus,September 13,2022,https:/www.voltus.co/press/voltus-helps-prevent-blackouts-during-californias-record-breaking-september-heat-wave;“Oh California!Californias Grid Flexes but Doesnt Break.Autogrid Flex Dispatches over 100 Events,”AutoGrid,September 10,2022,https:/blog.auto- Paid Members$2.7M and Saved 1.5 GWh of Energy During Recent California Heat Wave,”2022.5 ConnectedSolutions:A Program Assessment for Massachusetts,Applied Economics Clinic on behalf of Clean Energy Group,2021,https:/www.cleanegroup.org/wp-content/uploads/ConnectedSolutions-An-Assessment-for-Massachusetts.pdf.6 Miranda Willson,“Northeast Embraces a First-of-a-Kind Virtual Power Plant,”E&E News,October 12,2022,https:/ Virtual Power Plant Benefits Customers,Smart Grid&Environment,”APS,last modified November 8,2021,https:/ Robert Walton,“Teslas Australian Virtual Power Plant Propped Up during Grid Coal Outage,”Utility Dive,December 11,2019,https:/ Australias Virtual Power Plant,”Government of South Australia,accessed August 2022,https:/www.energymining.sa.gov.au/consumers/solar-and-batteries/south-australias-virtual-power-plant.23Virtual Power Plants,Real Benefits10 Amit Narayan,“AutoGrid Announces$85 Million Funding Round to Accelerate Energy Transition,”AutoGrid,October 15,2021,https:/blog.auto- Power Generation Construction Time(Capacity Weighted),20102018,”International Energy Agency,last modified November 22,2019,https:/www.iea.org/data-and-statistics/charts/average-power-generation-construction-time-capacity-weighted-2010-2018.12 Kavya Balaraman,“PG&E,GM Initiative Will Pilot Use of Electric Vehicles to Power Homes in Northern California,”Utility Dive,March 8,2022,https:/ Zhou and Mai,Electrification Futures Study,2021.14“Short-Term Energy Outlook,”Energy Information Administration,last modified October 12,2022,https:/www.eia.gov/outlooks/steo/report/electricity.php.15 Ariel Drehbol,Lauren Ross,and Roxana Ayala,How High Are Household Energy Burdens?An Assessment of National and Metropolitan Energy Burden across the United States,American Council for an Energy-Efficient Economy,2020,https:/www.aceee.org/sites/default/files/pdfs/u2006.pdf.16 Jeff St.John,“OhmConnect bets$100M That Free Smart Thermostats Can Prevent Summer Blackouts in California,”Canary Media,June 15,2021,https:/ Gabrielle Kuiper,What Is the State of Virtual Power Plants in Australia?From Thin Margins to a Future of VPP-tailers,Institute for Energy Economics and Financial Analysis,2022,https:/ieefa.org/wp-content/uploads/2022/03/What-Is-the-State-of-Virtual-Power-Plants-in-Australia_March-2022_2.pdf.18 Caitlin Murphy et al.,Electrification Futures Study:Scenarios of Power System Evolution and Infrastructure Development for the United States,National Renewable Energy Laboratory,2021,https:/www.nrel.gov/docs/fy21osti/72330.pdf.19 Murphy et al.,Electrification Futures Study,2021.20 Ryan Hledik et al.,The National Potential for Load Flexibility:Value and Market Potential through 2030,The Brattle Group,2019,https:/ Andrew Blok,“Whats a Virtual Power Plant?Should You Join One?”CNET,March 18,2022,https:/ Sammy Roth,“How a Beachfront Gas Plant Explains Californias Energy Problems,”Los Angeles Times,April 1,2021,https:/ Power Plants,Real Benefits23 Zhou and Mai,Electrification Futures Study,2021.24 Managing and Accelerating Electrification in Holy Cross Energy,RMI,February 9,2022,https:/ Maninder P.S.Thind et al.,Fine Particulate Air Pollution from Electricity Generation in the US:Health Impacts by Race,Income,and Geography,Environmental Science&Technology,2019,https:/pubs.acs.org/doi/10.1021/acs.est.9b02527.26 Jigar Shah,“Real Barriers to Virtual Power Plants,”PV Magazine,September 22,2022,https:/pv-magazine- FERC Order 222 Implementation:Preparing the Distribution System for DER Participation in Wholesale Markets,Advanced Energy Economy and Grid Lab,2022,https:/gridlab.org/wp-content/uploads/2022/01/AEE-GridLab-FERC-O.2222-Campaign-Final-Report.pdf.28 Opportunities to Improve Analytical Capabilities towards Comprehensive Electricity System Planning,NARUC-NASEO Task Force on Comprehensive Electricity Planning,2021,https:/pubs.naruc.org/pub/18289C3B-155D-0A36-3110-2FAED4C94618.29 Electric Vehicle Sales and the Charging Infrastructure Required Through 2030,Edison Electric Institute,2022,https:/www.eei.org/-/media/Project/EEI/Documents/Issues-and-Policy/Electric-Transportation/EV-Forecast-Infrastructure-Report.pdf.30 Zhou and Mai,Electrification Futures Study,2021.31“Global Energy Storage Set to Triple in 2021,”Wood Mackenzie,October 7,2021,https:/ Growth and Growth of the Global Energy Storage Market,”Wood Mackenzie,October 7,2021,https:/ Behind-the-Meter Batteries:Innovation Landscape Brief,International Renewable Energy Agency,2019,https:/www.irena.org/-/media/Files/IRENA/Agency/Publication/2019/Sep/IRENA_BTM_Batteries_2019.pdf.34 A National Roadmap for Grid-Interactive Efficient Buildings,Lawrence Berkeley National Laboratory,2021,https:/gebroadmap.lbl.gov/.35 Ibid.36 Ibid.37 Ibid.38 Ibid.Kevin Brehm,Avery McEvoy,Connor Usry,and Mark Dyson,Virtual Power Plants,Real Benefits,RMI,2023,https:/rmi.org/insight/virtual-power-plants-real-benefits/.RMI values collaboration and aims to accelerate the energy transition through sharing knowledge and insights.We therefore allow interested parties to reference,share,and cite our work through the Creative Commons CC BY-SA 4.0 license.https:/creativecommons.org/licenses/by-sa/4.0/.All images used are from iS unless otherwise noted.RMI Innovation Center22830 Two Rivers RoadBasalt,CO 81621www.rmi.org January 2023 RMI.All rights reserved.Rocky Mountain Institute and RMI are registered trademarks.
2人已浏览
2023-03-10 25页
5星级
Podsights:2023年第一季度广告基准报告(英文版)(33页).pdf
BenchmarkReportQ1 2023 Podcast advertising is measurable!Podsights empowers brands and agencies with valuable attribution and performance measurement to help validate and scale their podcast advertising.Publishers use Podsights to help grow theiraudience and effectively monetize theirpodcast content.Weareon a mission to growpodcastadvertising byhelping advertisers truly understandandleverage the power of the podcasting medium.010203Podcast Media Buyers Guide Latest Conversion Rate Benchmarks Whatyou can expectto find in this reportOverview&Key Takeaways Overviews&Key Takeaways01Analysis OverviewQ1 2022-Q4 202212BImpressions53%YoY4.3KCampaigns1KBrands15%YoY$757MAd Spend152%YoYPodsights estimates that we measure more than 1 in every 3 dollars spent in the podcast advertising space,given the$2B podcast advertising market.2022 IAB|PWC StudyPodsights Q1 2023 Benchmark Report|51125%YoYAverage CR across industries this period1.32%Average Frequency4.94Fast Figuresconsistent with last quarterFrequency2-5for optimal conversion ratesRemains in the LeadPre-Rollfor optimal conversion ratesPodsights Q1 2023 Benchmark Report|602Podcast Media BuyersGuideImpressionsAverage Conversion RateVisitors0-400,0001.52%2,028400,001-1,000,0001.64%5,4781,000,001-2,000,0001.30%8,6892,000,001-4,000,0001.55 ,6174,000,001-10,000,0001.36E,23410,000,001 1.30R,128Based on the number of impressions run during a campaign,brands can estimate the number of visitors theycan expect In order to make conversion rates more tangible,thistable uses Podsights benchmark data on campaign size,frequency,and conversion rates to illustrate the outcomes you can expect from your podcast advertising campaign at different impression levels.Podsights estimates the number of visitors using impressions and average conversion rate,assuming a recommended frequency of 3.Note:a campaign is defined as a wholistic advertising campaign which may include multiple networksPodsights Q1 2023 Benchmark Report|8Assumes a recommended frequency of 311Visitors=Avg.Conversion Rate xImpression SizeAvg.Frequency()Pre-rollMid-rollAverage Conversion RateThis quarter,pre-roll continues to take the lead and outperforms mid-rollplacements by 9%.0.00%0.50%1.00%1.50%1.29%1.18%Podsights Q1 2023 Benchmark Report|9Pre-roll takes the lead once again03Conversion Rate Benchmarks0.00%0.50%1.00%1.50%Q42021Q12022Q22022Q32022Q420221.42%1.10%1.17%1.31%1.32%AverageConversionRateFrom Site VisitorsAverage conversion rate remains consistent with what we saw in Q3 2022Podsights Q1 2023 Benchmark Report|11The average conversion rate for site visitors is 1.32%in Q4 2022.Conversion rate represents sitevisit events,calculated as:Visitors Household Reach0.00%1.00%2.00%3.00%4.00%5.00%ParentingGamblingRetail(B&M)EducationTravelAutomotiveProf.ServicesRetail DTCArts,Ent.&MediaHomeFashionTelecomOtherRestaurantsFinancial ServicesBeautyB2BHealth/WellnessPharmaCPGBeverage4.46%3.24%2.35%2.15%2.11%1.92%1.84%1.73%1.67%1.56%1.44%1.39%1.29%1.25%1.00%0.95%0.89%0.81%0.79%0.68%0.32%Parenting&Gambling lead again in highest average visitor conversion ratesThe average conversion rate across industrieswas 1.32%.AverageVisitorConversionRateAverage CR=1.32%Other includes non-profit companies,Job-searching sites,Real Estate,etc.Find the full breakdown of all industries in the Appendix.Podsights Q1 2023 Benchmark Report|12Frequency saw a slightincrease this quarterFrequency is the number of times a household was exposed to an ad.The average frequency had a 4%increase this period.Podsights continues to recommend advertisers drop frequency between 2-5 to achieve optimal results.0.002.004.006.008.00Q42021Q12022Q22022Q32022Q420225.696.324.764.754.94AverageFrequencyPodsights Q1 2023 Benchmark Report|130.000%0.020%0.040%0.060%0.080%Q42021Q12022Q22022Q32022Q420220.039%0.045%0.037%0.044%0.044%Average purchase conversion rate remained consistent to previous quarterPodsights Q1 2023 Benchmark Report|14The average purchaseconversion rate this quarter was 0.044%.Purchase conversion rate represents purchaseevents,calculated as:PurchaseCRfrom reach=Purchases ReachAveragePurchaseConversionRateFrom ReachRetail(Brick&Mortar)experienced the highest purchase conversion rate The average purchase conversion rate across industries was 0.044%.0.00%0.02%0.04%0.06%0.08%Retail(B&M)EducationBeautyFashionCPGRetail DTCHealth/WellnessRestaurantsParentingFinancial ServicesAutomotiveArts,Ent.&MediaHomeOtherBeverageTelecomTravelB2BPharmaGambling0.07%0.07%0.07%0.06%0.05%0.05%0.04%0.04%0.04%0.04%0.04%0.04%0.03%0.03%0.03%0.03%0.02%0.02%0.02%0.01%AveragePurchaseConversionRateFrom ReachAverage Purchase CR from reach=0.044%Podsights Q1 2023 Benchmark Report|150.00%2.00%4.00%6.00%8.00%Q42021Q12022Q22022Q32022Q420224.91%5.29%4.64%4.81%5.15%Q4 2022 saw an increase in average purchase conversion rate from attributed visitorsPodsights Q1 2023 Benchmark Report|16The conversion rate from attributed visitors describes the rate ofpurchase from households who are driven to the website as a result of the podcast ad and is calculated as:PurchaseCR from attributed visitors=The average purchase conversion rate increased by7%to 5.15%.Purchases VisitorsAveragePurchaseConversionRateFrom Attributed Visitors0.00%2.50%5.00%7.50.00%PharmaBeautyCPGFashionHealth/WellnessOtherRetail(B&M)Retail DTCFinancial ServicesBeverageRestaurantsArts,Ent.&MediaHomeB2BTelecomEducationTravelAutomotiveGambling8.28%7.61%7.34%6.91%6.07%5.57%5.29%5.25%4.80%4.58%4.32%4.09%4.02%2.97%2.93%2.55%2.46%2.13%0.96%Pharma jumps to the top and experiencesthe highest purchase conversion rate from attributed website visitorsAveragePurchaseConversionRateFrom Attributed VisitorsThe average purchase conversion rate from attributed visitors across industries was 5.15%.Average Purchase CR from attributed visitors=5.15%Podsights Q1 2023 Benchmark Report|17This graph compares the purchase rate based on exposure vs.purchase rate based on total attributed visitors to a brands website AveragePurchaseConversionRateby ReachAverage PurchaseConversion RateFrom Attributed Visitors0.09%0.07%0.04%0.02%0.00%0.00%2.58%5.15%7.73.30%Podsights Q1 2023 Benchmark Report|18This graph compares the visitor rate based on exposure vs.the purchase rate based on exposureAverageVisitorConversionRateby ReachAverage PurchaseConversion RateBy Reach2.65%1.99%1.32%0.66%0.00%0.00%0.02%0.04%0.07%0.09%Podsights Q1 2023 Benchmark Report|190.00%0.03%0.07%0.10%0.13%Q42021Q12022Q22022Q32022Q420220.09%0.08%0.08%0.11%0.10%AverageLeadConversionRateLead conversion rates dipped slightly this quarterPodsights Q1 2023 Benchmark Report|20Lead events are a custom eventsuch as a sign-up or email capture.Lead conversion ratefrom attributed visitors is calculated as:LeadCRfrom Reach=Leads ReachThe lead conversion rate decreased by 8%compared to last period.RetailDTC makes its way to the top,dominating lead conversions in podcast advertising this quarter0.00%0.05%0.10%0.15%0.20%Retail DTCHealth/WellnessFinancial ServicesTelecomEducationRetail(B&M)B2BHomeProf.ServicesTravelPharmaOtherFashionArts,Ent.&MediaAutomotiveRestaurantsBeauty0.18%0.17%0.14%0.14%0.11%0.09%0.08%0.06%0.06%0.06%0.06%0.06%0.05%0.05%0.05%0.03%0.02%AverageLeadConversionFrom ReachPodsights Q1 2023 Benchmark Report|21This quarter,industries likePharma and Automotivesaw a dip in average lead conversion rate.Average Lead CR from Reach=0.11%The lead conversion rate from attributed visitors continues to increasePodsights Q1 2023 Benchmark Report|220.00%5.00.00.00%Q42021Q12022Q22022Q32022Q4202213.58.13%9.96.79.03%AverageLeadConversionRateLead events are a custom eventsuch as a sign-up or email capture.Lead conversion rate from attributed visitorsis calculated as:LeadCRfrom Attributed Visitors=Leads Attributed VisitorsThe lead conversion rate increased by11%this quarter.Pharma rose to the top for lead events0.00.00 .000.00%PharmaHealth/WellnessRetail DTCFinancial ServicesTelecomTravelAutomotiveRestaurantsB2BArts,Ent.&MediaEducationHomeRetail(B&M)FashionOtherProf.ServicesBeauty26.50!.66.41.00.46.15.16.24.09%9.43%8.94%8.21%8.13%6.87%6.77%6.01%4.54%Average Lead CR from Attributed Visitors=13.03%AverageLeadConversionFrom Attributed VisitorsPodsights Q1 2023 Benchmark Report|230.00%0.05%0.10%0.15%0.20%Q42021Q12022Q22022Q32022Q420220.12%0.15%0.14%0.15%0.16%Install conversion ratesshow a steady increase since Q2 2022Podsights Q1 2023 Benchmark Report|24AverageInstallConversionRateThe install conversion rate refers to mobile app installs,and is calculated as:Install CR=Installs ReachThe install conversion rate increased by 3%this quarter to 0.16%.Arts,Entertainment&Media continues to maintain thehighest install conversion rate0.00%0.05%0.10%0.15%0.20%0.25%Arts,Ent.&MediaGamblingFinancial ServicesRetailDTCOtherHealth/WellnessB2BEducation0.24%0.20%0.19%0.17%0.14%0.11%0.09%0.04%AverageInstallConversionRateArts,Ent.&Media includes mobile game apps,and this industry dominates install conversion rates.The average install conversion rate across all industries was 0.16%.Average CR=0.16%Podsights Q1 2023 Benchmark Report|25Note:Podsights excludes industries that have less than 3 brands with relevant dataWantto learn more?For questions about this report,please reach out to Emily MTo learn more about Podsights and our suite of productscheck out our help center!Podsights Q1 2023 Benchmark Report|Podsights Q1 2023 Benchmark Report|27Get started with Podsights!First time advertising on podcasts and not sure where to start?Start with Podsights!You can now easily register for a Podsightsaccount and activate a membership withouthaving to talk to us!Podsights is your place to gain access to world class podcast advertising attribution and insights.Sign up for a free account today AppendixAppendix:MethodologyData Collection:Data for this study was collected and analyzed in aggregate from allPodsights campaigns in the specified period.The aggregated data has been anonymized and does not identify individual listeners,brands or publishers.For moreinformation,checkout our privacypolicy.Attribution Methodology:Podsights defines a conversion rate as the number of attributed households that visited the site divided by the unique households that downloaded an episode.An attributed visitor is someone who downloaded a podcast containing an advertisement,and then visited the brands owned and operated website.Read moreabout our methodology here.Podsights Q1 2023 Benchmark Report|29Appendix B:CampaignsPer Industry(pt 1/2)Industry Categories align with the May 2021 US Podcast Advertising Revenue Study.FashionApparel/Fashion Accessories(Men/Women)444Arts,Ent.&MediaArts,Entertainment&Media(Streaming Services,Movies,Dance,Theater,Concerts,Opera,Amusement Parks,Games,Books-Audio and Bound,Music,Magazines,Newspapers,Websites,Apps,DVDs,Radio and Television Networks/Stations/Programming)464AutomotiveAutomotive/AutomotiveServices89ParentingBaby/Child/Parenting17BeautyBeauty/Cosmetics164BeverageBeverage(Alcohol/Beer/Wine)16B2BBusiness-to-Business(Business conducted between one business and another such as a wholesaler and retailer)634CPGConsumer Packaged Goods(CPG)77EducationEducation125FinancialServicesFinancialServices(Banks,Insurance,Securities,Mortgages,Financial Services Software)539GamblingGambling/SportsBetting67Industry Name(Shortened)Industry Name(Long)Count ofCampaignsPodsights Q1 2023 Benchmark Report|30Appendix B:CampaignsPer Industry(pt 2/2)Industry Name(Shortened)Industry Name(Long)Count ofCampaignsPodsights Q1 2023 Benchmark Report|31HomeHomeImprovement/Furnishings303OtherOther(Primarily includes energy,government/non-profit,and advocacy)238PharmaPharmaceuticals(OTC and DTC)53Prof.ServicesProfessionalServicesfor non-Business Entities28RestaurantsRestaurants/bars72Retail(B&M)Retail(Brick&Mortar/eCommerce)132Retail DTCRetailDirect-to-Consumer(companies whose revenue is attained predominantly through E-commerce)227TelecomTelecommunications(Telephony,Mobile Service Providers,Cable/Satellite TV services,ISPs,Wireless)94TravelTraveland Tourism(Resorts/Hotels/Airlines)66Health/WellnessHealth/Wellness(including Fitness,Diet,Yoga,Meditation,etc.)528Industry Categories align with the May 2021 US Podcast Advertising Revenue Study.Appendix C:BrandsPer Industry Measured by PodsightsPodsights Q1 2023 Benchmark Report|32Industry Categories align with the May 2021 US Podcast Advertising Revenue Study.050100150B2BFinancial ServicesHealth/WellnessArts,Ent.&MediaOtherFashionHomeEducationRetail DTCAutomotiveCPGRetail(B&M)TelecomTravelBeautyRestaurantsPharmaBeverageProf.ServicesGamblingParentingNumberofBrandsQ1 2023Q4 20221461321168775706542393434302928262421121294Thank You!|Benchmark ReportQ1 2023Podsights
9人已浏览
2023-03-10 33页
5星级
科尔尼:打造面向未来的机场商业模式(英文版)(15页).pdf
Building future-ready airport business modelsPhoto by Franz Maybuechen Kearney,DsseldorfWith the pandemic bringing the aviation sector to a standstill,now is the time for service providers to reassess their business models to become more resilient.Transport infrastructurethe backbone of the global economyhas undergone phenomenal improvements over the past few decades.Major projects have helped transform the face of the worlds transport infrastruc-ture,including Californias high-speed rail network in the United States,the BeijingShanghai high-speed railway,massive infrastructure programs in India such as Bharatmala Pariyojana for roads and Sagarmala for ports,Germanys Autobahn-controlled access highway system,and the Beijing Daxing greenfield airport project.The aviation sector in particular has enjoyed tremendous growth.In fact,the number of global city pair connections more than doubled from 10,000 in 1996 to 23,000 in 2019.During the same period,passenger footfall in airports tripled from 1.5 billion to around 4.5 billion.However,COVID-19 has brought the aviation sector to a grinding halt.External disruptions and catastrophes in the past indicate that the sector is particularly prone to being severely hit by such events.Demand has taken a significant downturn,which inevitably impacts the supply-side ecosystem and erodes value for service providers,including airlines and airport developers and operators.As a result,there is an urgent need for these service providers to reassess their business models and explore business diversifica-tion strategies to make themselves more resilient to external shocks.In this paper,we focus on airports,a core element of the aviation value chain.First,we discuss the need to transform the sectors business models,and then,we assess the diversification strategies that airport owners and operators can adopt to mitigate the impact of external disruptions and prepare for the future.There is an urgent need for airport service providers to reassess their business models and diversify to make themselves more resilient to external shocks.1Building future-ready airport business modelsNote:GDP is considered as real GDP at 2010 prices.Sources:Economist Intelligence Unit,Airlines for America;Kearney analysisFigure 1The aviation sector is highly prone to risk from external shocksImpact of past crises on the global civil aviation sectorChangeNumber of passengers(billion)Passengers(billion)GDP change year over yearChange in revenue passenger kilometers year over year4.05%0.501.515%-0.01.02.02.53.03.54.5596199719981999 20002003 2004 2005 2006 2007 2008 2009 2010201120122013201420152016201720182001 20021997 Asian financial crisis9/11 terrorist attack2008 global financial crisisAviation contributes to economic prosperity by connecting people and businesses around the world and creating employment opportunities.Over the past two decades,the sector has grown in close correlation with global economic growth.From 1996 to 2018,global revenue passenger kilometers(RPK)an industry metric indicating the demand for air travelgrew at an average of about 6 percent a year,outpacing global GDP,which grew at about 3 percent.1 The correlation between economic prosperity and aviation can also be seen in the strong correlation between year-on-year growth in global GDP and global RPK growth.Revamping the business model for airportsAssessing the need for a new business model begins by answering two fundamental questions.Compared with other sectors,is aviation more susceptible to external disruptions?And if the answer is yes,how prepared are airport owners and operators to weather such storms?Lets take a closer look at how the sector navigates major disruptions.1 The Economist Intelligence Unit,Airlines for America2Building future-ready airport business modelsThe impact of COVID-19The COVID-19 pandemic is a tremendously disruptive and tragic event that has affected our world in an unprecedented way.In addition to the irreparable loss of life,the pandemic is severely deteriorating the health of businesses across industries and nationsposing a serious threat to the entire aviation ecosys-tem.Even though several areas of the world are cautiously reopening,the aviation sector is expected to remain under considerable stress for the near future.In fact,the number of passengers could drop to 2.25 billion in 2020about half of the passengers in 2019 and equal to what the sector saw in 2006.The sudden evaporation of passenger demand amid travel restrictions across the globe have severely impacted all players in the aviation ecosystem,including airport operators.An assessment of airport operators top line reveals that very few sources of income,such as aircraft parking charges,have been sustained.A large chunk of both aeronautical and passenger-dependent non-aeronautical revenues,such as retail,duty-free shopping,parking,and food and beverages,have nearly been wiped out because of the lack of passenger footfall.The short-term revenue loss,ambiguity about recovery of demand in the post-COVID world,and a tendency to preserve cash has also hurt airport development and renovation plans around the world.The construction of new terminals,runways,and hotel chains has been postponed indefinitely,and development plans have been scaled back.For example,the San Francisco International Airport postponed its$1 billion Terminal 3 West project for at least six months,and New Zealands Auckland Airport has suspended plans for a new terminal and a second runway.While COVID-19 has left airport operators reeling on the revenue side,the fixed nature of costs such as manpower and administration is making matters worse.The sector has also faced additional expenses as a result of new measures to ensure that airport operations follow the operating procedures needed to keep staff and passengers safe.For instance,Los Angeles International Airport is setting up sanitation booths,testing autonomous cleaning robots,and considering using thermal cameras to screen passen-gers.The increase in operating costs to ensure safe travel amid declining revenues is adding pressure on already-stressed cashflows.Constraints in available working capital could lead to higher debt funding,potentially increasing interest payments.The COVID-19 pandemic is just one example of how an external crisis can impact the aviation sector.The global pandemic is exposing existing vulnerabilities in the sectors business models and revealing the dire need for a transformation.Although GDP and RPK growth are correlated,the impact of economic downturns on the aviation sector is particularly magnified.An assessment of three past economic crises show that year-on-year change in RPK is much more volatile than year-on-year GDP growth or contraction(see figure 1).During disruptive events,the demand for air travel is one of the first areas to be impacted because of a general avoidance of travel,consumers reduced capacity for discretion-ary spending,and policy interventions designed to mitigate negative external events,such as travel bans amid a heightened focus on security and safety.Although the effects of a major crisis tend to be short term,they can be extremely intense,and this volatility creates acute financial pressures on airlines and airports,necessitating a slew of measures from scaling down operations to liquidating businesses.Airlines across the world are expected to lose more than$300 billion as a result of the pandemic,and many will go bankrupt.2 For instance,Virgin Australia,Flybe(United Kingdom),and Trans States Airlines(United States)declared bankruptcy over the past few months.A few governments have announced stimulus packages for airlines,including the$59 billion stimulus from the US government to help airlines weather the headwinds from the pandemic in the short term.2 International Air Transport Association 3Building future-ready airport business modelsMilan International Airport in Italy.One of the most important air transportation hubs in Europe,this airport has been focusing on developing its non-avia-tion business over the past few years,covering a wide range of commercial services catering to passengers,visitors,and operators as well as the real estate business.Our assessment of the revenue streams reveals that the airport derives 80 to 90 percent of its revenues from passenger-dependent sources.Indira Gandhi International Airport in India.In this airport,the share of non-aeronautical revenues has grown significantly over the past few years.Growing contribution of non-aeronautical revenues(47 percent)is indeed a step in the right direction,A deeper assessment reveals that airport derives only 15 20%of the total revenues from passenger independent sources while 80 85%of the revenues are still passenger dependent.For other airports managed by the Airport Authority of India,the share of passenger-dependent revenue streams is even higher,in the range of 90 to 95 percent.Dallas/Fort Worth International Airport in the United States.The largest hub of American Airlines,this airport has been working on diversifying its revenue streams by focusing on non-aeronautical sources over the past 15 years.Outside the terminal,the airport operator has expanded into a variety of business segments,including hotels,golf courses,and even natural gas wells.The revenues from non-aeronautical sources at 53 percent of total revenues surpassed the revenues from aeronautical sources in 2019.However,deeper assessment reveals that only 19 percent of overall revenues are passenger independent.Dependence on passenger-driven revenue streamsGiven their susceptibility to external shocks,forward-thinking airports are identifying and assessing their preparedness for navigating disruptions.The revenue streams that are not dependent on passengers are a good indicator of an airports preparedness to handle sudden external shocks.Airport revenues typically come from two sources.Aeronautical sources such as navigation and surveillance to manage air traffic,fuel supply for aircraft,landinghousingparking charges,ground safety services,and ground handling services for passengers and aircraft are almost entirely passenger dependent.Non-aeronautical sources include both passenger-dependent revenue streams,which are entirely dependent on air travel,such as retail,food and beverage,and duty-free sales at airport terminals,as well as passenger-independent revenue streams,such as rent from commercial spaces and service offerings.While most airports have focused on improving their non-aeronautical revenue streams,a significant amount of these revenues are still passenger-depen-dent,including retail,food and beverage,and duty-free sales.A few airports,such as Frankfurt,have diversified their operations to generate considerable revenue from passenger-independent avenues,such as real estate.An assessment of the passenger-independent revenue streams of a few airports across the world indicates various levels of revenue diversification:4Building future-ready airport business modelsFigure 2Many major airports gain most of their revenue from passenger-dependent sourcesMilanPassengers:30 MnShare of non-passenger-dependent revenue12%Notes:Passenger-dependent revenue sources include aeronautical revenue,non-aeronautical revenue,such as retail sales,food and beverages,duty-free sales,advertising and promotions,lounges,and parking zones for passengers and aviation personnel.Non-passenger-dependent revenue sources include rent from commercial outlets and spaces accessible to users other than passengers,such as offices,warehouses,training academies,golf parks,hotels,and commercial parking zones,as well as service line offerings(consulting),international activities(investment in other airports and operations and maintenance services for other airports),and cargo revenue.Passenger numbers are for 2019.Sources:company annual reports,Airports Economic Regulatory Authority,Comptroller and Auditor General reports;Kearney analysis64%2$lhiPassengers:68 MnShare of non-passenger-dependent revenue16%For other Indian airports,this is as low as 5 to 8 percent.53%61llasPassengers:75 MnShare of non-passenger-dependent revenue19G%24%FrankfurtPassengers:70 MnShare of non-passenger-dependent revenue35)%6$ronautical(passenger-dependent)Non-aeronautical(passenger-dependendent)Non-aeronautical(non-passenger-dependendent)Cargo(non-passenger-dependent)Frankfurt am Main Airport in Germany.Widely considered to be one of the most modern airports in the world,this airport had revenues of$4.08 billion and 70.6 million passengers in 2019.3 The airports operator,Fraport Group,derived 35 percent of its revenue from passenger-independent sources with the biggest chunk coming from real estate.External disruptions have a smaller impact on passenger-independent revenue streams than they do on passenger-dependent revenue streams such as aeronautical revenues and revenues from airport retail,food and beverage,and duty-free sales.The differences in airport maturity in revenue diversifica-tion strategies reveals a need for airport operators to have a concerted strategy for diversifying their revenue streams to mitigate the impact of external shocks(see figure 2).External disruptions have a smaller impact on passenger-independent revenue streams than they do on passenger-dependent revenue streams.3 3.71 billion revenue;conversion rate:1=$1.10;Fraport Group annual report for fiscal year 20195Building future-ready airport business modelsSource:Kearney analysisFigure 3Three strategies can help airport operators become more resilient 123Sweating real estate assets to extract the most valueGeographically diversifying core businessesDiversification strategiesfor airportsInitiating“capex light”service oferingsDiversification strategies to be future-ready and resilientThe worlds leading airports,including Frankfurt am Main Airport in Germany,Changi Airport in Singapore,Hong Kong International Airport,Charles de Gaulle Airport in Paris,and Schiphol Airport in Amsterdam,have adopted different strategies and business models to diversify their revenue streams.Next,we look at three types of strategies in greater detail(see figure 3).Sweating real estate assets to extract the most valueMany airport owners and operators have large parcels of land for development,especially around their terminals.Although some parcels,such as those earmarked for airport expansion,are reserved,there is no doubt the real estate is an asset that,if used efficiently and intelligently,can generate significant value.Airport developers and operators will need to identify the optimal real estate product mix,which depends on the following factors:Traffic profile.The profile of passenger and freight traffic,both at the airport and in the catchment driven by an assessment of demand,such as quantity,mix,and demographics Real estate environment.Scale,type,and quality of real estate development(existing and forecasted)around the airport to identify gaps and opportunities Available land area.Size and shape of land parcels available for development Location and connectivity.Location of available land and status of connectivity by intra-city transport modes,such as metro 6Building future-ready airport business modelsSource:Kearney analysisFigure 4The real estate product mix must match each airports unique profileTraffic profile Analyze the quantity and mix of passenger and freight traffic.Consider the airport and the surrounding catchment to assess existing and projected demandAvailable land area Analyze land availability and earnings potential to prioritize options:Real estate products linked to aviation Completely diversified real estate not linked to aviationReal estate environment Analyze existing and projected establishments around the airport to identify a target product mix.Location and connectivity Assess the closeness to large cities and the ease of access for developing diversified products.Completely diversified real estate not linked to aviationReal estate linked to aviation Core airport real estate,excluding terminalsOfficesOfficesfor airlinecompaniesAviationtrainingacademiesIndustrialpremisesHotelsHangarsFreightShoppingcentersIndustrialEntertainmentIndias publicprivate partnership airports have almost exhausted their core real estate.Real estate linked to aviation.This includes offices for airline companies,aviation training academies,and hotels.Case study:Hong Kong International Airport has established an aviation academy in collaboration with the National School of Civil Aviation of France and Hong Kongs Vocation Training Council.The academy focuses on strengthening local manpower for the aviation sector.Case study:Delhi International Airport Limited has leased 1.11 acres at the Terminal District of Indira Gandhi International Airport to Airbus so the aerospace corporation can launch Indias first full-flight simulator.This is expected to address the growing demand locally for trained pilots and aircraft maintenance engineers.Three strategies can help extract the most value from real estate(see figure 4):Core airport real estate,excluding terminals.In addition to terminals,core airport real estate includes hangars and freight infrastructure to service airlines and logistics providers.Case study:Frankfurt Airport is a prime example of developing core airport real estate,having developed a cargo city at the airport with an overall area of 1.49 million square meters,providing ideal facilities for airlines and major logistics companies,enabling it to handle 2.1 million tons of cargo in 2019.4 Airport operators can enhance their value proposition with a higher throughput by establishing an efficient cargo ecosystem.This would also create access to information and management of services in a secure and transparent way for all stakeholdersfrom airport operators,cargo handlers,and logistics operators to customs agents,airlines,and shipping agents.The platform could also support tracking and tracing,such as for the status of goods at customs as well as the sale,acquisition,or reservation of services.4 CargoCity Guide 2017,Frankfurt Airport7Building future-ready airport business modelsInitiating“capex light”service offerings Although developing and sweating real-estate assets can unlock a wealth of value,it is capital-intensive and has a long gestation period.During events such as a pandemic,when capital is scarce and such projects might be difficult to undertake,initiating service offerings can be an excellent way to diversify the business.Service offerings have the advantage of both being“capex light”and creating quick speed to market.Completely diversified real estate not linked to aviation.This includes offices,shopping centers,and industrial premises.Case study:Changi International Airport has developed Jewel,a nature-themed entertainment and retail complex at the heart of the airport.Spread over an area of more than 135,000 square meters,it houses 280 retail and food and beverage outlets,play attractions,accommodation facilities,and Singapores largest indoor garden with 2,000 trees.Case study:The Squaire,developed near the Frankfurt Airport and connected to Terminal 1,is a commercial hub spread over 140,000 square meters.The building houses offices,retail shops,and services such as daycare centers,restaurants,and salons.It is important to note that these complexes,while connected to airport terminals to boost footfall,are not completely dependent on them and can be accessed without visiting the airport,thus boosting the airports passenger-independent non-aeronauti-cal revenue.Because real estate assets require a large amount of capital and typically have long payback periods,selecting the right class of assets to cater to the demand of the catchment near the airport is essen-tial.In addition,unlike airports,which by virtue of being regulated tend to be natural monopolies,real estate development involves setting foot in a fiercely competitive market.Therefore,setting up an inde-pendent and focused business unit to strategize and execute projects such as a real estate firm is crucial for success.Selecting the right class of assets to cater to the demand of the catchment near the airport is essential.8Building future-ready airport business modelsCase study:The Zurich Airport Group has a 100 percent stake in Brazils Floripa Airport,which the group is developing and operating as part of a concession that runs until 2047.6 Outside Switzerland,the Flughafen Zrich AG operates eight airports in Latin America.Along with four airports in Brazil and two in Chile,the company is operating airports in Bogot and Curaao.Flughafen Zrich AG has also had a base in Kuala Lumpur since April 2018 to develop markets in Asia.Case study:The Fraport Group earns 48 percent of its revenue from international activities,including airport management and operational services.The operator has 100 percent ownership in retail conces-sions at six US airports.The scope of Fraport activities includes planning,designing,and leasing commercial areas.Based on concession agreements,Fraport USA subleases terminal concession areas to retail and food and beverage operators at airports in Baltimore,Cleveland,Nashville,New York(JFK Terminal 5),Pittsburgh,and Newark Terminal B.Transforming airports to be experience centers for the community.Airports across the globe are creating homogeneous spaces for consumption and adventure,aligned with their positioning and brand.Top airports achieve this with cultural and art exhibi-tions,movie theaters,wellness and fitness facilities,and family-friendly activities to strengthen their integration with society.Case study:Flughafen Zrich AG,operator of the Zurich Airport,organizes gatherings and children parties at the airport.The operator is involved in end-to-end event management,including arranging food and beverages,organizing interactive games,and offering a bus tour to give children an airport experience.Airport operators can develop new service lines across four primary themes:Techno-commercial consulting services.Based on their areas of expertise,airport operators can offer techno-commercial consulting services in a range of areas,including the following:Airport planning,engineering,and design Hub and route development Operational efficiency enhancement Commercial and retail development Service quality improvement Human capital development Case study:Group AED,the operator of Paris Charles de Gaulle Airport,has an arm named ADP Ingnierie,which is a global leader in airport design and consulting.ADP Ingnieries primary function is advising and supporting airport operators throughout the airports life cycle and can support a project from the initial design to the operational phases,with a 360 approach to the airports life cycle.Some key projects managed by ADP Ingnierie include the following:5 Suvarnabhumi Airport in Bangkok.Design of the third runway and taxiways and related equipment Gimhae International Airport in South Korea.Operating procedure definition for a new runway as part of capacity expansion King Hussein International Airport in Jordan.Design of a baggage handling systemAirport operations management.Operators can also act as concessionaires to provide services related to end-to-end airport operations management.They can also explore providing management services in niche areas that are more suitable to their expertise,such as retail concessions.5 ADP Ingnierie website6 Zurich Airport website9Building future-ready airport business modelsCase study:Flughafen Mnchen GmbH,operator of the Munich Airport,organizes airport tours for individuals and groups,charging 14 for a 90-minute tour of the interior of an Airbus 380.Launching an airport e-commerce platform.Airport operators across the globe have access to various luxury and bridge-to-luxury product segments,which tend to be exclusively retailed at airports,for example,in duty-free shops.Operators can develop an e-commerce business as an alternative channel to sell these exclusive products.Several airports around the world,including in Delhi and Frankfurt,have experimented with an online offering.Consumers use an e-commerce platform to order online and then collect their items when they visit the airport.Operators can extend the value proposition by going deeper into the value chain and collaborat-ing with logistics players to provide delivery services to cater to non-passengers as well.Case study:The Fraport Group,operator of the Frankfurt Airport,has launched an omnichannel e-commerce platform to give travelers access to a wide range of products.The platform expands the time for duty-free shopping,leading to more sales.Using this online platform,travelers can purchase a variety of products,which they can collect from the designated outlets on the day of travel.Geographically diversifying core businessesAlthough the COVID-19 pandemic has affected airports across the globe in unprecedented ways,some external disruptions are limited to certain nations and regions.With this in mind,another potential strategy is for operators to capitalize on their expertise in airport development and geographically diversify their portfolios across international boundaries.This strategy can be executed in two ways:Develop and operate airports in other geographies.Airport operators can diversify geographically by establishing airport development operations for other global airports.The projected economics and short-and long-term policy objectives are among the main considerations for operators to explore.Case study:Royal Schiphol Group,operator of the Amsterdam Airport,has invested in and collaborated with various international airports.For instance,it has been involved in the development,expansion,and operational activities in JFK International Airports Terminal 4.Invest in airports in other geographies.Operators can also act as financial investors in other airports.They can anchor their investment strategies around identifying opportunities in markets that have strong growth prospects,the potential for added value,room for a strategic business transformation,and availability of strong local partnerships.Case study:The Fraport Group has also diversified geographically through significant international activities,with investments across 25 airports across the globe.Some of its investments include a 10 percent stake in Delhi International Airport Private Limited,a 73 percent stake across 14 airports in Greece,an 80 percent stake in Lima Airport Partners S.R.L.,and a 60 percent stake in two airports in Bulgaria.10Building future-ready airport business modelsGeographically diversifying core businesses.Diversifying their businesses in other geographies will require four moves.First,evaluate the global aviation assets to identify opportunities.Then,assess internal capabilities and financials to identify the best opportunities.Identify the right partnership model with local entities,and finally,develop an implementation road map and kick-start the execution.Based on the diversification strategy and business model that an operator selects,it is imperative to set up the right organizational structure,institutionalize processes,and develop relevant capabilities to truly taste success.Building future-ready airport businessesThe COVID pandemic has put a spotlight on the need for airport operators to recalibrate their business strategies to be better prepared for uncertainties and external disruptions.Success will hinge on diversifying their businesses and increasing the share of revenues that are not dependent on passenger traffic.For each diversification strategy,forward-thinking operators will adopt an action plan that identifies the goal within the context of their existing capabilities:Sweating real estate assets to extract the most value.To extract maximum value from their real estate assets,operators will need to follow three steps:undertake an objective assessment of the citys needs,analyze their ability to meet those needs,and identify market segments to venture into with the right mix of partners.Initiating“capex light”service offerings.Identifying the right mix of services will require two moves.First,assess core competencies,and develop a comprehensive plan to design service offerings that are rooted in those competencies.Then,devise a go-to-market strategy that addresses strategic points such as consumer segments,value proposition,pricing,channels,and an implementation road map.Success will hinge on diversifying the businesses and increasing the share of revenues that are not dependent on passenger traffic.11Building future-ready airport business modelsManish MathurPartner,New Delhi Anshuman SinhaPartner,Mumbai Pablo EscutiaPartner,Madrid Sriram AnanthapadmanabhanPrincipal,New Delhi The authors wish to thank Ashish Jain,Soumyadeep Ghosh,and Priya Kumari for their valuable contributions to this paper.Authors12Building future-ready airport business modelsFor more information,permission to reprint or translate this work,and all other correspondence,please email .A.T.Kearney Korea LLC is a separate and independent legal entity operating under the Kearney name in Korea.A.T.Kearney operates in India as A.T.Kearney Limited(Branch Office),a branch office of A.T.Kearney Limited,a company organized under the laws of England and Wales.2020,A.T.Kearney,Inc.All rights reserved.As a global consulting partnership in more than 40 countries,our people make us who we are.Were individuals who take as much joy from those we work with as the work itself.Driven to be the difference between a big idea and making it happen,we help our clients break
2人已浏览
2023-03-10 15页
5星级
科尔尼:十亿欧元的威胁-如何有效变革汽车合规管理(英文版)(14页).pdf
The billion-euro threat:how to effectively transform automotive compliance managementPhoto by Angel Gomez Herreros Kearney,MadridHowever,environmental compliance issues are likely to be only the first wave of what industry executives call a compliance tsunami.For example,electric vehicles and plug-in hybrids are already being scrutinized for non-representative test cycles and CO2 calculation methods.Furthermore,connectivity and autonomous driving are presenting a whole new range of compliance challenges when it comes to data,privacy,security,and safety regulations.Shaken up by incidents such as the automotive emissions fraud,regulators are expanding their efforts and developing new methods to investigate software-related product compliance.An inadequate management of compliance causes severe corporate and personal liabilities and bears considerable reputational risk.But its not just the authorities that are intensifying their scrutiny.Shareholders,the broader public,and customers are also putting pressure on automotive players to ensure compliant products and services,thereby affecting a companys revenue streams.Thats why setting up an effective compliance management system is essential to tackle the billion-euro threat.In an era of more stringent and complex regulations,automotive players need a 360-degree perspective on compliance management.For years now,companies in nearly every industry have been investing significant amounts of money to build systems and structures for managing compliance,typically with board supervision.However,one prominent example reveals that safeguards can have an inherentand costlyweakness:the automotive emissions fraud case.When authorities notified automotive companies that they were in violation of the Clean Air Act,the public learned that the companies engineers had illegally used software to ensure that vehicles could pass emission tests.In addition to heavy implications on the companies share prices,the companies faced billions in penalties,and many employees were indicted.Despite each company having a compliance organization and processes in place,they learned the hard way that their set-ups for product compliance were not effective.An inadequate management of compliance causes severe corporate and personal liabilities and bears considerable reputational risk.1The billion-euro threat:how to effectively transform automotive compliance managementNow more than ever,product compliance is on the executive agendaCompliance is a comprehensive topicranging from commercial compliance,such as anti-trust,corruption,or money laundering,and ESG compliance,such as human rights,to product compliance(see figure 1 on page 3).In the wake of the dieselgate emissions scandal,product compliance has become a matter of major concern in the past few years.Since executives can be held accountable for violations,there is a great deal of C-suite interest in creating full transparency and future-proofing for product compliance.Full coverage typically encompasses five categories(see figure 2 on page 4):Product safety.Active safety,passive safety,on-board diagnostics,and hazard protection Product conformity.Congruence of advertised versus actual functions,consistency of information,and product documentation Product environmental compliance.Emissions,consumption,on-board diagnostics,materials,and a circular economy Product cybersecurity and data privacy.Cybersecurity(software,hardware,and cloud)and data privacy Intellectual property.Copyright,software(including open source),trademarks(including domain rights),patents(including designs and utility models),and know-howIn this paper,we introduce our comprehensive framework for effectively transforming automotive compliance management.Our focus is on preventive product compliance,which has an overall goal of creating structures to prevent incidents from occurring and managing existing incidents effectively.Leading companies achieve 360 coverage by excelling in both areas.There is a great deal of C-suite interest in creating full transparency and future-proofing for product compliance.2The billion-euro threat:how to effectively transform automotive compliance managementNote:PCMS is product compliance management system;ESG is environmental,social,and governance;QMS is quality management system.Source:Kearney analysisFigure 1Comprehensive management of product compliance is crucial to ensure effectivenessKearneys product compliance risk management frameworkCompliance management systemsValue chainPCMSAntitrustBribery,corruption,fraudMoneylaunderingForeigntradeESGData privacy andcybersecurityBusinesspartner riskProduct development processManagement of changeSupplier management processManufacturing processLogisticsMarketing and salesEmbedding(third line of defense)Internal audit Incident investigation Risk management Internal audit organizationEmbedding(second line of defense)QMS Quality processes Maturity level steering(e.g.,quality gates)Quality audit management Quality organizationThird line of defense(monitoring and audit)Second line of defense(management)First line of defense(operational execution)Values and cultureObjectivesTrainingProcessesIT landscapeOrganizationand governanceRisk managementMonitoring andimprovementEmbedding(first line of defense)3The billion-euro threat:how to effectively transform automotive compliance managementNote:OEM is original equipment manufacturer.Source:Kearney analysisFigure 2Full coverage for product compliance typically encompasses five categoriesProductsafety Active safety Passive safety On-board diagnostics Hazard protectionProduct?conformityEnsuring agreed-upon specifications and product promises Advertised and actual functions congruence Product information and documentation consistencyProduct environmental complianceEnsuring that environmental protection requirements are met Emissions Consumption On-board?diagnostics Materials Circular economyProduct cybersecurity and privacyEnsuring integrity,confidentiality,and availability of data Software?cybersecurity Hardware?cybersecurity Cloud cybersecurity Data privacyIntellectual?propertyEnsuring lawful use and prevent risks from infringement of intellectual property Copyright Software(including open source)Trademarks(including domain rights)Patents(including designs and?utility models)Know-howEnsuring that no defective or unsafe products are placed in the marketObjectiveAspectsAlong these dimensions,there are regulatory requirements and specific OEM requirements.How can we ensure that our product compliance measures are effective and do not exist only on paper?How can we ensure product compliance without crippling and delaying our daily operations?Wed be willing to bet you would only sign a compliance guarantee after youve answered all of these questions.Kearneys framework for achieving preventive product compliance provides an effective way to tackle the above-mentioned challenges.The goal is to embed product compliance into your companys culture,process,and IT landscape as well as the organizational and governance structures(see figure 3 on page 5).Is your product compliance set up for the future?Imagine youre an executive at a global automotive company.Would you be willing to personally guarantee that your company has developed a product that is 100 percent compliant with all regulations,laws,and norms?Most likely,you would only do that if you knew there was a flawless set-up for product compliance.But what makes a compliance system effective,efficient,and future-proof?How can you safeguard the work of thousands of engineers and developers to ensure they are meeting every regulatory requirement?Most likely,you would begin by asking yourself the following questions:Who is responsible for ensuring product compliance?How can we translate abstract regulatory requirements into specific technical requirements?How can we ensure product compliance in a complex digital landscape of products and processes?4The billion-euro threat:how to effectively transform automotive compliance managementNote:PCMS is product compliance management system;KPIs are key performance indicators.Source:Kearney analysisPCMS dimensionsPCMS elementsFigure 3Product compliance needs to be embedded into the entire organizationABC1Values and culturePCMS principles and maxims Change programCommunication2ObjectivesPCMS codificationPCMS target statesIntegration in individual targets3TrainingTrainings conceptGeneral product compliance trainingsSpecialist trainings4ProcessesPCMS core processesPCMS requirements for functional and product development processesEffective anchoring of PCMS in functional and product development processes5IT landscapeCentral regulatory databaseEnd-to-end digital workflow and toolchainAutomation6Organization and governancePCMS management(second line of defense)PCMS monitoring(third line of defense)PCMS user(first line of defense)7Risk managementRisk identification,analysis,and evaluationRisk treatmentContinuous risk steering 8Monitoring and improvementMaturity and effectiveness measurement(KPIs)System and process auditContinuous improvement measuresRisk idOperational5The billion-euro threat:how to effectively transform automotive compliance managementSource:Kearney analysisFigure 4Product compliance must be anchored into every relevant process across the entire value chainRegulatory monitoring and interpretationEstablish and maintain the regulatory system along the entire value chain.Product development processDevelop new compliant products.Management of changeMake compliant changes to existing products.Supplier management processManage suppliers compliance risks.Manufacturing processEnsure compliant manufacturing,inhouse or via third-party manufacturers.LogisticsEnsure compliance along storage and transportation of goods.Marketing and salesCommunicate with customers.Review,record,and react to customers regulatory requests.Culture,objectives,and training The core of a compliance transformation is to adapt your companys culture and mindset,raising awareness with every employee by communicating the importance of product compliance.This communication should come from and be emphasized by top management.Product compliance should be at the top of every engineers mind during the development process,just like product safety and quality.In addition,product compliance needs to be integrated in your target system,including the right incentives for management,engineers,and other involved employees.When projects run into conflicting targets,such as the choice between ensuring compliance or finishing on time,the latter of which is typically incentivized,employees may be tempted to take shortcuts on compliance.They must not be afraid to bring up compliance-related issues.Instead,they should be encouraged and enabled to do so.To make product compliance mandatory,every employee should have access to a handbook that codifies the definition,scope,and instruments of the product compliance management system.Face-to-face training will also be needed to spread knowledge about product compliance.Kearney has a ready-to-use set of training sessions available and adjustable to your companies needs,such as trainings on product compliance in the software development process.Process anchoring The elements of product compliance must be anchored into every relevant process across the entire value chainfrom ideation and product development to releasing the product into the market and beyond(see figure 4).Compliance issues can emerge at any stage of the product life cycle and should be eliminated as early as possible.Attention has to be paid to product development processes as well as functional processes,such as marketing and sales,homologation and certification,and supplier management.6The billion-euro threat:how to effectively transform automotive compliance managementRisk managementRisk management is often associated with managing corporate risk for areas such as insolvency,valuation,and credit ratings as well as for developing and introducing new products.However,many companies fail to manage the risks associated with product compliance.Kearneys product compliance risk management framework effectively and continuously manages the risks and their root causes,building on five core components of risk management(see figure 5 on page 8).The first stepdetermination of the risk scope and criteriabuilds a solid foundation for risk management by defining the types of risk and its sources through screening and analyzing drivers that can create risk.Types of risk include operational risks and systemic risks.Operational risks refer to operations along the product life cycle,while systemic risks concern the functioning of the product compliance management system.The sources can be external,such as new regulations,evolving technology,and new markets,or they can be internal,such as historic patterns,employee misbehaviors,and advances into new areas of business.During the next step of risk identification,the potential hazards are analyzed based on hypotheses and root-cause analysis.Following a line of“what can go wrong”questioning,a set of risk hypotheses for the determined risk types is developed that can be tested along the entire product life cycle.The purpose of the third steprisk analysis and evaluationis to comprehend the risk nature and risk characteristics,and to decide accordingly.Validated risks are analyzed according to their severity of impact and the probability of occurrence,facilitated by a predefined set of criteria.Also,correlations and interdependencies among risks need to be analyzed to better understand the potential overall impact.The analyzed risks are then evaluated for an appropriate decision on how to proceed.Different risk treatment options are to be considered and appropriate risk treatment measures need to be aligned.Next,a detailed risk treatment plan that eliminates or reduces the risk to an accepted level needs to be defined and implemented.Finally,along the entire risk management process,risk steering ensures every identified and analyzed risk is continuously documented,monitored,managed,updated,and reported.Suppliers are an essential part of the value chain and maintaining full transparency of your suppliers is an imperative aspect of product compliance.Raw materials or components provided by your suppliers that violate regulatory requirements put your organization at risk for potential incidents.Moreover,authorities and customers increasingly demand transparency along the supply chain.Therefore,concrete measures are mandatory,such as integrating product compliance aspects into supplier trainings,documentations,and contracts,as well as into the supplier selection process through supplier audits and screenings.Product compliance along the value chain can only be assured when all applicable regulatory requirements are identified,managed,monitored,and applied to your products.At the beginning of the development process,a products compliance requirements need to be derived systematically,and testing criteria for validation must be defined.The Kearney regulatory monitoring process provides a comprehensive methodology to identify and monitor the regulatory landscape and translate abstract regulations into specific product requirements that engineers can understand and work with.Automated software checks and peer reviews are effective ways to support product compliance during early development stages.Then,milestone reviews and final release checks can safeguard compliance in later stages.All this should be based on a central database,storing all compliance-relevant information,such as software and dataset versions for all products in development and in the market.An effective regulatory monitoring process includes an end-to-end digital workflow providing those responsible with relevant regulations and facilitating a continuous monitoring of the regulatory landscape.7The billion-euro threat:how to effectively transform automotive compliance managementSource:Kearney analysisFigure 5Kearneys product compliance framework focuses on five components of risk managementRisk scope and criteria Define the risk types and the sources by screening and analyzing drivers that create risk(for example,operational and systemic risks).Risk identification Identify product compliance risks by developing a set of risk hypotheses for the determined risk types.Use risk hypotheses to validate risks across product compliance-relevant processes and in consideration of new potential risks.Continuous risk steering Identified product compliance risk as well as the risk management activities and outcomes are documented,updated,and reported continuously.Continuously monitor and review the risk management process and implementation of risk treatment measure(s).Risk analysis and evaluationRisk analysis Comprehend the risk characteristics and the level of risk.Analyze the risks according to their probability of occurrence and the severity of impact.Assessment of the combination of probability and severity results in risk classes,e.g.,high,medium,or low.Risk evaluation Based on risk analysis,make a decision on how to proceed(e.g.,consideration of risk treatment option,maintaining existing controls,or escalation).Record,communicate,and validate the outcome at appropriate organizational levels.Risk treatment Risk treatment should eliminate or reduce the risk to an acceptable level.Select the risk treatment options.Plan and implement the risk treatment.If risk is not eliminated or reduced to an appropriate level,take further measures.8The billion-euro threat:how to effectively transform automotive compliance managementTypical success factors include the following:Remain an independent and neutral unit within the company.Work closely with the engineering organization.Have a detailed technological understanding of the product,especially its software.Be knowledgeable about regulations,laws,standards,and agency requirements.Report directly to the management board.However,this central organization will not be able to disseminate and safeguard product compliance throughout the entire company all by itself.Product compliance ambassadors from within the engineering organization will be essential.These experts should be the first point of contact for all compliance-related questions.Building and brokering expert knowledge about product compliance requires some supporting elements.This is where the product compliance organization comes into play.These experts must always be up to date on the latest regulatory requirements.In practical terms,these requirements must be continuously collected,interpreted,stored,and provided to engineering and other concerned functions via a central database.The ambassadorsthe product compliance experts in the engineering organizationcan consult on specific technical questions throughout the entire development process and provide guidance on regulatory matters.Ensuring effectivenessIt is crucial to establish an effective product compliance management system,which is fully embedded in a companys culture and in the entire organization.To identify and avoid any potential compliance risks,regular checks need to be conducted,using the four-eyes principlewith at least two people reviewing and approving an action before it is taken.Also,systematic,department-specific,and risk-based reviews need to be conducted,particularly for software and with adequate tool support.Incident and clearing managementWhat if the risk you are monitoring is suddenly not just a risk anymore?Are you prepared to manage product compliance incidents?Inadequate compliance structures have led to major violations of regulations in the past,particularly on the environmental side.Once an issue has surfaced internally or with regulators,companies must analyze and report the details of any potential violation in a timely manner.This is often a challenging task for companies to manage.To manage product compliance issues effectively,dedicated escalation processes must be implemented.For example,to remain in full management control over the issue,a clearing management process allows product compliance issues to be dealt with within your organization through a formal decision-making process.If the non-compliance of your products not only causes internal but can also cause external harm,the incident management process is triggered.Based on the severity of the impact(financially,legally,and with respect to external stakeholders),the incident is routed through different escalation levels with appropriate decision power to decide on appropriate actions and mitigation measures.The incident management thereby ensures a fast reaction to limit the consequences and damages from non-compliances,while the clearing management aims at preventing potential non-compliances from occurring.Organization Product compliance should also be embedded into the entire organization.Beyond the internal need for an adapted organization,there is an external need as well since authorities often request organizational changes,such as separating product certification from the development department.Best practice is to create an independent organization with product compliance experts who serve as go-betweens for the development,legal,and certification departments.This product compliance organization can steer the integration of product compliance,conduct compliance checks,and provide expertise on all aspects of compliance.9The billion-euro threat:how to effectively transform automotive compliance managementThe stakes are high.Effective compliance management is crucial to minimize the risks to management and reduce the costs of non-compliances.To safeguard governing bodiesthe executive and supervisory boardsKearney can help you set up an effective product compliance management system.Thereby,we pave the road for a reliance letter and help governing bodies to fulfill their supervisory duties.Where do you stand?Start with an assessmentLets start with a joint benchmarking workshop to compare your structures and processes for product compliance with best practices within the automotive industry and across other industries.To take it one step farther,our readiness assessment will evaluate the current and future requirements to help you understand your risk profile.Specifically,we will provide you with tailored heat maps that identify the potential gaps in your compliance management system.Based on these heat maps,we then define a detailed action plan with you and get the organization aligned around the target picture and the best way forward.Then,its about working hand in hand to implement and anchor identified improvements,testing them against real-life cases to ensure a lasting impact.Marcus M.WeberPartner,Munich Christine SachsenederPartner,Munich Stephan KrubasikPartner,Munich Florian SchirkConsultant,Dsseldorf Authors10The billion-euro threat:how to effectively transform automotive compliance managementFor more information,permission to reprint or translate this work,and all other correspondence,please email .A.T.Kearney Korea LLC is a separate and independent legal entity operating under the Kearney name in Korea.A.T.Kearney operates in India as A.T.Kearney Limited(Branch Office),a branch office of A.T.Kearney Limited,a company organized under the laws of England and Wales.2023,A.T.Kearney,Inc.All rights reserved.Kearney is a leading global management consulting firm.For nearly 100 years,we have been the trusted advisor to C-suites,government bodies,and nonprofit organizations.Our people make us who we are.Driven to be the difference between a big idea and making it happen,we help our clients break
0人已浏览
2023-03-10 13页
5星级
毕马威:2022毕马威中国金融科技企业双50报告(英文版)(58页).pdf
2022 China Fintech 50 ReportKPMG China information contained herein is the English translation of 2022毕马威中国金融科技企业双50报告.Should there be any inconsistency between Chinese and English version,the Chinese version shall prevail.ContentsOverviewAppendix I:Summary of Fintech-related Laws and RegulationsAppendix II:Profile of the Selection Expert CommitteeAppendix III:KPMG Chinas Fintech TeamKPMG China Fintech Series ReportsAbout KPMG ChinaAbout Us06-21Trends and Prospects22-4748-5354-57Appendix 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.ForewordChairman,KPMG China and Asia PacificHonsonTo2022 was a crucial year that marked the beginning of the Fintech Development Plan(2022-2025),as well as a period in which the country transitioned from strengthening the pillars and framework of fintech towards harnessing the sectors growth momentum.To support the long-term,stable development of the fintech sector,in 2022,financial institutions fully engaged in digital transformation and more effectively applied innovative financial information technologies,and they also played a role in improving the top-level system and developing a system for fintech ethics and prudent regulation.In this critical moment for fintech development,KPMG China is announcing the 2022 China Leading Fintech 50 and Emerging 50 lists,which showcase a range of well-developed and technologically savvy enterprises.2023 marks the seventh consecutive year in which KPMG has published the China Fintech 50,which started in 2016,and we are as excited as ever to be participating in the fintech market and witnessing its phenomenal changes and milestones.We are confident that the fintech sector is becoming more open,innovative and sustainable while keeping risks well under control.Vice Chairman and Senior Partner,Northern Region,KPMG ChinaJacky ZouThe core ABCD technologies(AI,blockchain,cloud computing and big data)are steadily maturing,and emerging technologies such as virtual reality(VR)are booming.These technologies are driving development,empowering financial data centres and computing power centres,and opening up comprehensive financial scenarios.In the midst of their digital transformations,financial institutions are harnessing the power of financial technologies to cover and integrate diversified scenarios and customer groups.Through a model that combines technology,finance and industry,enterprises are fusing the digital economy with the real economy to expand the scale and reach of innovative financial services.In recent years,innovative fintech enterprises that leveraged advanced core technologies have gained an edge,and they are now well-positioned to use their comprehensive technological solutions and fintech capabilities to help traditional financial institutions make breakthroughs in the integration of the digital economy and real economy.2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.Vice Chairman,Head of Financial Services,KPMG ChinaTony CheungAs the digital economy permeates every aspect of our lives,financial sector enterprises are asking themselves how fintech can be used to better serve the real economy and promote digital transformation.Going forward,fintech enterprises will continue to provide clients with all-inclusive support throughout the industrial chain and corporate life cycle,covering all business processes and data dimensions.Recently,we have seen huge leaps in technological progress.Artificial intelligence(AI)algorithms and data intelligence are becoming more accessible;innovative security technologies such as privacy computing have made significant progress;and computing power solutions such as hardware acceleration have continued to unlock gigantic computing power.Against this backdrop,demand is surging across a range of key scenarios,including financial IT innovation,green finance,supply chain finance,financial regulation and e-CNY.The future is bright for the quality development of the financial sector,but it is crucial that this development take place in a secure manner.As the top-level system improves,and technologies and finance become more closely integrated,the fintech sector should focus on both innovation and risk control,as well as institutional regulation and self-discipline,in order to meet the industrys need for both financial development and financial security.Head of Financial Services Assurance,KPMG ChinaThomas ChanAs Chinas fintech sector continues to evolve,it is empowering financial institutions to achieve high-quality digital transformation.In our visits to fintech enterprises,we saw the financial sector serving the real economy in various scenarios,and we found that new trends around business logic,business models and industry ecosystems are deepening the integration of technologies.As a result,fintech is being more precisely positioned,and the roadmap for its implementation is becoming clearer.In the field of green finance,financial institutions face difficulties in capturing green data and identifying,certifying and labelling green assets.In this context,technologies such as big data and blockchain provide the answer by ensuring the traceability and immutability of underlying green data.Meanwhile,demand for supply chain finance services has been growing,and end-to-end data penetration is a major development direction for technologies in this sub-sector.In the paytech field,cross-border payment has opened up new markets as smart contracts and cross-border payments are expected to expand opportunities for the use of e-CNY.Leveraging their technological expertise and insight into the financial sectors transformation,a number of leading fintech enterprises are playing an active role in Chinas financial modernisation.Overview72022 China Fintech 50 Report 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2022 China Leading Fintech 50 and Emerging 50Composition of the Selection CommitteeThe Selection Committee comprises a number of external experts,along with dozens of KPMG representatives from China and the global firm.These individuals are specialists in various fields,including information technology,data,capital markets,venture capital,risk management,finance,macroeconomics and financial services.IntroductionKPMG endeavours to promote the sustainable development of Chinas fintech sector.KPMG launched the first China Leading Fintech 50 list in 2016,which was widely recognised,and since then KPMG has released the China Leading Fintech 50 list and report every year.Core Selection CriteriaThe five core dimensions of the KPMG China Fintech 50 selection process are as follows:Capital Market RecognitionTechnology and DataDevelopment ProspectsPopularisation of Financial ServicesInnovation and TransformationSelection dimensionsKPMG has independently developed the Startup Insights Platform(SIP)Model,which takes into account the above-mentioned core areas to quantitatively evaluate enterprises across multiple dimensions,including collaboration,technology,product,market and financing.Note:The selection of the Leading Fintech 50 and Emerging 50 is designed to draw attention to technologicalinnovation in the financial sector,promote industry exchanges,and advance the development of fintech.It doesnot evaluate the compliance or investability of the participating companies,nor does it interpret any regulatorypolicies.Technology and DataInnovation and TransformationPopularisation of Financial ServicesCapital Market RecognitionIndustry Development Prospects 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2022 China Fintech 50 Report8Segment distribution for the Leading Fintech 50 Integrated Fintech WealthtechInsurtechInclusive Technology Supply Chain TechnologyPaytechRegtechIntegrated technology empowermentBig data&AIBlockchain,privacy computing and security Distributed computing,cloud computing and hardware accelerationPlatform Technology Empowerment92022 China Fintech 50 Report 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.Years in which the enterprise was shortlistedFull name of enterpriseShort name of enterprise2022 China Leading Fintech 50 and Emerging 50 Leading Enterprises List360 DigiTechShanghai Qiyu Information Technology Co.,Ltd.2022/2021/2020/2019Bairong,Inc.Bairong YunchuangTechnology Co.,Ltd.2022/2021/2020/2019/2018/2017/2016AIBANKCITIC AIBank Corporation Limited2022/2021/2020/2019/2018IceKreditIceKredit,Inc.2022/2021/2020/2019/2018/2017/2016Bubi TechnologiesBubi(Beijing)NetworkTechnology Co.,Ltd.2022/2021/2020/2019/2018/2017DataGrandDatagrand Information andTechnology(Shanghai)Co.,Ltd.2022/2021/2020Dashu CreditechShenzhen Dashu Creditech Co.,Ltd.2022/2021/2020HUNDSUNHundsunTechnologies Inc.2022/2021/2020TigeroboTigeroboNetwork Technology(Shanghai)Co.,Ltd.2022/2021/2020/2019/2018ArchForceShenzhen ArchForce Financial Technology Co.,Ltd.2022/202/2020WeLabWeLab Group2022/2021/2020/2019/2018/2017/2016AHI FintechHuian Jinke(Beijing)Technology Co.,Ltd.2022/2020/2019FOFUNDFofund Co.,Ltd.2022/2021/20202022 China Fintech 50 Report 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.102022 China Leading Fintech 50 and Emerging 50 Leading Enterprises ListValue OnlineShenzhen Value Online Information Technology Co.,Ltd.2022/2021/2020/2019JFZShenzhen Golden Axe Network Technology Co.,Ltd.2022/2021/2020/2019/2018/2017/2016OneConnectOneConnect FinancialTechnology Co.,Ltd.2022/2021/2020/2019/2018Kingstar FintechShanghai Kingstar Fintech Co.,Ltd.2022/2020KingdomTechnologyShenzhen Kingdom Sci-tech Co.,Ltd.2022/2021KINGSWAREZhuhai Kingsware Infotech Co.,Ltd.2022/2021/2020KafangShanghai Kayang Information System Co.,Ltd.2022/2020KTM TechKaitaiming Technology(Beijing)Co.,Ltd.2022/2021/2020AirwallexAirwallex2022/2021/2020/2019LinklogisLinklogis Inc.2022/2021/2020/2019IdeaComeIdeacome Technology Co.,Ltd.2022/2021/2020/2016Lufax HoldingShanghai Lujiazui International Financial Asset Exchange Co.,Ltd.2022/2021/2020/2019/2018/2017/2016MSXFMashang Consumer FinanceCo.,Ltd.2022/2021/2020/2019/2018/2017/2016Years in which the enterprise was shortlistedFull name of enterpriseShort name of enterprise112022 China Fintech 50 Report 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2022 China Leading Fintech 50 and Emerging 50 Leading Enterprises ListMioTechMioTech2022/2021/2020/2019/2018NewBankerBeijing Niutoubang Technology&Consulting Co.,Ltd.2022/2021/2020PingAn E-walletPing An e-Wallet e-CommerceCo.,Ltd.2022/2021/2020/2019GLP FinTechGLP Financial Holding(Chongqing)Co.,Ltd.2022/2021/2020Samoyed Cloud Samoyed Cloud Technology Group Holdings Limited2022/2021/2020/2017DCITSDigital China Information Service Company Ltd.2022/2021/2020ShouqianbaShanghai Shouqianba Internet Technology Co.,Ltd.2022/2020ChinaScopeChinaScope(Shanghai)Company2022/2021/2018/2017/2016Sichuan XW BankSichuan XW BankCo.,Ltd.2022/2021/2020/2019Tianchuang CreditTianchuang Credit Co.,Ltd.2022/2018/2017/2016Datayes!Datayes Inc.2022/2021/2020/2019/2018/2017WanxiangBlockchainShanghai Wanxiang BlockchainInc.2022/2021/2020/2019VBAOBeijing Chinavbao Technology Co.,Ltd.2022/2021Years in which the enterprise was shortlistedFull name of enterpriseShort name of enterprise2022 China Fintech 50 Report 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.122022 China Leading Fintech 50 and Emerging 50 Leading Enterprises ListWeBankWeBank Co.,Ltd.2022/2021/2020/2019/2018/2017/2016XWFintechChengdu XW Fintech Co.,Ltd.2022/2021/2020XYSLXYSL2022/2021/2020/2019/2018Nebular DigitalNanjing Nebular Digital Technology Co.,Ltd.2022/2021/2020/2019/2018SUNRATESunrate Solutions Limited2022/2021/2020/2019/2018China UMSChina UnionPay Merchant Services Co.,Ltd.2022/2021/2020Yingmi FundZhuhai Yingmi Fund Service Co.,Ltd.2022/2021/2020/2019CSCCZhongqiyunlian(Beijing)Financial Information Service Co.,Ltd.2022/2021CSCIChina Securities Credit Investment Co.,Ltd.2022/2021/2020/2019ZhongAn Online P&C nsuranceZhongAn Online P&C Insurance Co.,Ltd.2022/2021/2020/2019/2018/2017/2016PeerSafeBeijing PeerSafe TechnologyCo.,Ltd.2022/2021/2020/2019Years in which the enterprise was shortlistedFull name of enterpriseShort name of enterprise132022 China Fintech 50 Report 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2022 China Leading Fintech 50 and Emerging 50 Emerging Enterprises ListBaige OnlineBaigebao(Xiamen)Insurance Brokers2022/2021BangnitouVanguard Investment Advisors(Shanghai)Investment Consultancy Co.,Ltd.2022/2021Bicai GroupBicai Data Technology Group2022/2021Credit-XBeijing Chexiao Technology Co.,Ltd.2022DAOKOU FINTECHBeijing Daokou JinkeTechnology Co.,Ltd.2022/2021/2020Dongan TechnologyZhejiang Dongan Technology Co.,Ltd.2022/2021InsightOneInsightone Tech Co.,Ltd.2022/2021DowsureDowsure Technology 2022Dooffe TECHJiangsu Duofei Network Technology Co.,Ltd.2022FinogeeksShenzhen Fantai Geek Technology Co.,Ltd.2022SecideaShenzhen Secidea Network Security Technology Co.,Ltd.2022JDHJiandanhui Information Technology(Guangzhou)Co.,Ltd.2022SinoVoiceBeijing SinoVoice Technology Co.,Ltd.2022Years in which the enterprise was shortlistedFull name of enterpriseShort name of enterprise2022 China Fintech 50 Report 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.142022 China Leading Fintech 50 and Emerging 50 Emerging Enterprises ListSequoiaDBGuangzhou Sequoia Software Development Co.,Ltd.2022/2021Kaixin TechnologyKaixin Financial Technology Co.,Ltd.2022/2021/2020KEYIKEShenzhen Keyike Information Technology Co.,Ltd.2022QutkeQutke Technology(Beijing)Co.,Ltd.2022LeChain CloudShenzhen Xiaobu RunpaoTechnology Co.,Ltd.2022/2021Lewei SichuanSichuan Lewei Technology Co.,Ltd.2022LICAIMOFANGBeijing Koudai CaifuInformation Technology Ltd.2022/2021/2020FintopiaFintopia Group2022Ling Shu TechNengLian Tech Ltd.2022/2021Magic EngineMagic Engine2022ZechFinShenzhen Qianhai ZejinInternet Financial Services Co.,Ltd.2022Qinjia TechnologyQinjia Network Technology(Beijing)Co.,Ltd.2022HyperchainHangzhou HyperchainTechnology Co.,Ltd.2022/2020Years in which the enterprise was shortlistedFull name of enterpriseShort name of enterprise152022 China Fintech 50 Report 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2022 China Leading Fintech 50 and Emerging 50 Emerging Enterprises ListRxhuiBeijing Ronghui JinxinInformation Technology Co.,Ltd.2022RealAIBeijing RealAI Intelligent Technology Co.,Ltd.2022Sanyue TechnologyBeijing Youpin SanyueTechnology Development Co.,Ltd.2022CoralGlobalHangzhou Mumin Network Technology Co.,Ltd.2022Shenghe TechnologyShanghai Sohertz ZhiyuanTechnology Group Co.,Ltd.2022Shengli TechnologyShengli Anyuan Technology(Hangzhou)Co.,Ltd.2022DC Public ServiceShujin Public Service(Qingdao)Co.,Ltd.2022/2021TDFTTiandao Fintech Co.,Ltd.2022/2021/2020Tianjin KinchengBankKincheng Bank of Tianjin Co.,Ltd.2022TTDSichuan Totodi Technology Co.,Ltd.2022/2021WisewebWise Web Technology Group Co.,Ltd.2022Weiyan TechShenzhen Weiyan TechnologyCo.,Ltd.2022/2021/2020XUNCETECHShenzhen Xunce Technology Limited2022/2021/2020Years in which the enterprise was shortlistedFull name of enterpriseShort name of enterprise2022 China Fintech 50 Report 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.162022 China Leading Fintech 50 and Emerging 50 Emerging Enterprises ListAsiaInfo SecurityAsiaInfo Security Technologies Co.,Ltd.2022EyecoolBeijing Eyecool Technology Co.,Ltd.2022EasyTransferBeijing Easy Transfer Commercial Service Co.,Ltd.2022Yinzhe TechnologyYinzhe Technology(Guangzhou)Co.,Ltd.2022Yuanbao TechnologyBeijing Yuanbao Technology Co.,Ltd.2022/2021SME CREDITZhejiang Zhelixin Credit Investigation Co.,Ltd.2022/2021Knowledge-VisionChengdu Knowledge Vision Technology Co.,Ltd.2022/2021ZIGGURATXian Zhigui Internet Technology Co.,Ltd.2022HashSTACSChengdu HashSTACSTechnology Co.,Ltd.2022/2021Smart Star ChainZhihui Xinglian(Xiamen)Digital Technology Co.,Ltd.2022BOC FINTECHBank of China Financial Technology Co.,Ltd.2022Years in which the enterprise was shortlistedFull name of enterpriseShort name of enterprise172022 China Fintech 50 Report 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.OverviewIn terms of the selected companies expertise areas,Platform Technology Empowerment and Wealthtech enterprises ranked first and second in 2022,which were the same rankings we saw in 2021.They accounted for 31 percent and 16 percent of the selected companies respectively.On the heels of these categories,Inclusive Technology came in third,accounting for 13 percent of the selected companies.Finally,Supply Chain Technology,Insurtech,Paytech,Integrated Fintech and Regtech ranked fourth to eighth respectively.In order to highlight the technology-based nature of fintech development,in 2022,we again divided the Platform Technology Empowerment segment into four sub-segments:Integrated Technology Empowerment;Big Data and AI;Blockchain,Privacy Computing and Security;and Distributed Computing,Cloud Computing and Hardware Acceleration.Within the Platform Technology Empowerment segment,the sub-segments of Big Data and AI;and Blockchain,Privacy Computing and Security ranked first and second,which were the same rankings as in 2021.They accounted for 11 percent and 10 percent of the selected companies respectively.Once again,the rankings continue to highlight the role of big data,AI and blockchain as leading infrastructure technologies.01Distribution of expertise areas:Platform Technology Empowerment,Wealthtechand Inclusive Technology were the top three categories,highlighting the role of big data,AI and blockchain as leading infrastructure technologies4889111316711103RegtechIntegratedFintechPaytechInsurtechSupply ChainTechnologyInclusiveTechnologyWealthtechPlatformTechnologIntegrated technology empowerment31Distribution of expertise areasSource:KPMG analysis 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2022 China Fintech 50 Report18OverviewSimilar to 2021,Beijing,Shanghai and Shenzhen are home to most of the selected companies,accounting for 29 percent,24 percent and 19 percent of the selected companies respectively.Two more companies from Beijing were selected this year compared to last year.In a notable difference from 2021,the selected companies in 2022 were more widely distributed.Enterprises in Xiamen,Zhuhai,Tianjin and Qingdao were also shortlisted,in addition to those from emerging fintech cities like Hangzhou,Chengdu,Nanjing and Guangzhou.This change reflects the transition China is making from reinforcing the pillars and framework of fintech towards harnessing growth momentum across the country.Geographically,almost all enterprises are located in the top five city clusters earmarked for prioritised development in the 14th Five-Year Plan.Overall,89 percent of the selected companies are located in the Yangtze River Delta,Guangdong-Hong Kong-Macau Greater Bay Area,and Beijing-Tianjin-Hebei city clusters.02City and regional distribution:Beijing,Shanghai and Shenzhen remain at the top of the list,with the Yangtze River Delta,Guangdong-Hong Kong-Macao and Beijing-Tianjin-Hebei regions demonstrating a strong clustering effectIndividual CitiesUrban Clusters35302483Yangtze River DeltaBeijing-Tianjin-HebeiGuangdong-Hong Kong-MacaoChengdu-ChongqingOthers292419873322111BeijingShanghaiShenzhenHangzhouChengduGuangzhouNanjingXiamenZhuhaiQingdaoSource:KPMG analysisSource:KPMG analysis192022 China Fintech 50 Report 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.Overview76hA433)%9%8%1%1%0 %The ABCD technologies are still the core financial technologies.In 2022,the percentage of companies that cited knowledge graphs as a core technology rose to 34 percent,overtaking blockchain for the 4th place spot for the first time,followed by both deep learning and blockchain at 33 percent,tied for 5th place.These changes show that while fintech enterprises are still based on the ABCD technologies,they are actively exploring other capabilities in their quest to more deeply integrate technologies and financial scenarios.The potential of the metaverse has been gaining recognition as companies in this space continue to make progress in basic research,technological innovation and scenario development.Meanwhile,fintech enterprises have also begun actively deploying technologies such as VR and edge computing.03Distribution of core technologies:The core ABCD technologies are steadily maturing,and emerging technologies such as VR are boomingDistribution of core technologiesSource:KPMG analysis 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2022 China Fintech 50 Report20OverviewPercentage of technical personnel has become a key indicator for measuring the innovative capability of a fintech enterprise,and the number of selected enterprises that employed more than 60 percent fintech personnel grew in 2022.Specifically,half of the selected enterprises in 2022 had more than 60 percent technical personnel,underlining the trend of technology-driven fintech development.0%4f%5%5b%0 0Pp%Less than 2 years2-3 years3-5 years5-10 yearsMore than 10 years20222021Proportion of technical personnel5$ P%33I%47I%37G%0 0P 2220212020201904Proportion of technical personnel:Half of the selected enterprises had more than 60 percent fintech personnel05Distribution of years since establishment:Over 80 percent of the selected enterprises have been established for more than 5 years,showing that mature enterprises are being rewarded for their years of hard workAfter years of development,many leading fintech enterprises have positioned themselves as intermediaries serving both the financial sector and the real economy.In terms of years since establishment,84 percent of the selected enterprises have been established for more than 5 years,and 18 percent have been established for more than a decade.These figures increased by 11 and 7 percentage points respectively compared with 2021.Distribution of years since establishmentSource:KPMG analysisSource:KPMG analysis 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2022 China Fintech 50 Report21Trends and Prospects232022 China Fintech 50 Report 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2023 Fintech TrendsLaying a solid institutional foundation for the long-term,stable development of the sectorSince the end of 2021,a number of policies have been introduced for the fintech sector,including the Fintech Development Plan(2022-2025)(the“Plan”),the Guiding Opinions on the Digital Transformation of the Banking and Insurance Industries,and the 14th Five-Year Plan for the Technological Development of the Securities and Futures Industries.These policies reflect on the results that have been achieved over the last five years in reinforcing the foundation and framework of fintech,while also serving as a rallying call for the market to embark on a new stage of fintech development.As suggested in the Plan,technology-empowered financial resources should be precisely allocated to key areas and weaker aspects of economic and social development,so that the financial sector can better serve the real economy.Digitalised,fintech-based financial infrastructure is an indispensable part of“new infrastructure”;and the stronger it is,the smoother and more efficient the financial system runs as a whole and the more reasonable financial resources are allocated.The new information technologies,particularly the ABCD technologies,have been proven effective after years of trials and testing.The stable development of mature technologies is empowering financial data centres and computing power centres and opening up comprehensive financial scenarios.In general,technology is causing the financial sector to shift from“model innovation”towards“technological innovation,”while also laying a solid foundation for financial infrastructure.Financial enterprises are becoming more open and responsive as they pursue their digital transformations,but risks in business,technology,data,networks and other areas are emerging alongside these changes.Digitalisation is accelerating the upgrading of financial products and services,but it is also resulting in new financial risks that pose challenges to traditional regulatory policies and tools.In 2022,China introduced a number of high-level financial and data regulations to lay a more robust institutional foundation for the financial system.Specifically,in October,the Peoples Bank of China issued the Guidelines for Science and Technology Ethics in the Financial Sector,which provides policy guidance in response to ethical issues related to the digital divide,technological exclusion,algorithmic discrimination,privacy violations and other challenges.In December,the State Council issued the Opinions on Establishing an Institutional Foundation to Better Maximise the Role of Data Elements(the“20 Data Measures”),which is the first issuance to describe the basic rules for data and specify principles and guidelines for handling data property rights,data circulation,data transactions,data use,data distribution,data governance and data security.Data is widely circulated in the financial sector,and the 20 Data Measures clearly specify how data property rights,data circulation,data transactions,and income distribution should be handled.Institutions are just as important as technology when it comes to forming a solid foundation for the long-term development of the fintech sector,especially in view of the dual role played by institutions as both a motivator and constraint.In recent years,the development of legal frameworks,regulations,industry standards and self-disciplinary rules have accelerated the formation of a multi-layered system of fintech rules and regulations.2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2022 China Fintech 50 Report242023 Fintech Segment TrendsIntegrated Fintech SegmentAs an important tool for fusing the digital economy and real economy,integrated technologies are being used to access diversified scenarios and customer groups and drive digital transformationUsing integrated technologies to target diversified scenarios and customer groupsThe report to the 20th National Congress of the Communist Party of China stresses the development of the digital economy as the key to a modern industrial system and high-quality development.The report envisions a future in which China will“accelerate the development of the digital economy,integrate the digital economy with the real economy,and build internationally competitive digital industry clusters.”Finance is the lifeblood of the economy.Going forward,enterprises need to determine how to develop fintech so that it can be used to integrate the digital economy and the real economy and empower the transformation of traditional industries.After years of rapid fintech development,many technologically innovative financial enterprises are operating in the marketplace.These enterprises know how to leverage their technological advantages and financial expertise to access financial scenarios and target customer groups,and they are lending their fintech capabilities to traditional financial institutions to empower their digital transformations.In this way,they are helping integrate the digital economy and real economy and fulfilling their mission to serve the real economy.In the past,technologies were usually applied in single scenarios or at a single point.Today,fintech enterprises are applying packages of technologies to address complex and diversified scenarios and help financial institutions scale challenges during their digital transformations.After years of trials and testing,core technologies such as big data and AI are stable and mature,and they are serving as the launch point for enterprises to access diversified financial scenarios.Currently,multiple pain points exist in green finance.For example,financial institutions face challenges in capturing front-end green data;identifying,certifying and labelling green assets;exercising risk control over green assets;and disclosing environmental information.Fortunately,fintech provides an effective solution to these challenges.For instance,enterprises can use technologies such as big data to address difficulties in handling data and information,and blockchain technology can be used to ensure that the underlying green data of assets is traceable and immutable.252022 China Fintech 50 Report 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2023 Fintech Segment TrendsLeveraging fintech capabilities to support the digital transformation of industriesIn recent years,opportunities in terms of new customer groups have been emerging from the development of the silver economy and pension fund financing as Chinas population ages.Fintech not only plays a role in empowering the silver economy and pension fund financing,but also in ensuring that“long tail”customers such as the elderly are included in a digitalised community.Mitigating the“digital divide”is an issue that is drawing the attention of both policy makers and market participants.Currently,fintech enterprises are designing elderly-oriented electronics and software,including senior-friendly mobile banking capabilities,in an effort to tap this market.In addition,infrastructure that supports the digital economy,including 5G,AI,and mobile Internet,is being improved in rural areas,and the rural financial service system is being strengthened.As a result,rural financial services are becoming increasingly digitalised,and future-oriented financial institutions are precisely identifying target customers in these areas.For example,farmers in China commonly face issues related to the slow-moving nature of agricultural products because they lack information about the relationship between the market and price fluctuations.To address these challenges,financial institutions can provide market forecasts,agricultural product insurance and small loans to farmers.In this way,financial institutions can serve the“agricultural industry,rural areas and farmers”and add new momentum to rural revitalisation.In recent years,innovative fintech enterprises have leveraged ongoing investment and diversified business scenarios to drive the development of core financial technologies,and they are now well-positioned to use their fintech capabilities to support the digital transformation of the traditional financial sector.Small and medium-sized financial institutions are relatively weak in terms of their technology and risk control capabilities.However,regulators are urging them to fulfil their responsibilities as loan providers and avoid“credit management without substance.”Against this backdrop,they can now engage third-party fintech service providers to establish smart systems to combat money laundering,manage credit and control risks.Innovative fintech enterprises are also lending their technological capabilities to other industries.For example,technologies such as Internet of things(IoT),blockchain,and satellite remote sensing are being used in the agricultural industry to capture and intelligently analyse data.Enterprises are also using the ABCD technologies to empower intelligent education and build“eCampuses.”2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2022 China Fintech 50 Report262023 Fintech Segment TrendsPlatform technology empowerment segmentLed by the power of technology,synergies between technology and finance are modernising the financial sector in ChinaAs technology continues to penetrate into core areas of finance,fintech enterprises are endeavouring to meet the needs of customers while also strengthening their core technical capabilities,intensively exploring different application scenarios,accumulating reusable solutions and rapidly expanding their business.As IT innovation moves into the fast lane,these enterprises are expected to harness their integrated technical capabilities to promote the high-quality development of the financial sector.With the deepening digital transformation of the industry,technology and finance are becoming increasingly inseparable.As more and more financial institutions shift technology from a“supporting”role to an“empowering”one,a handful of highly capable fintech enterprises with top-notch technical capabilities and service quality are expected to emerge in the market.They will focus on the new generation of ABCD technologies as their core competence,while also exploring emerging technologies such as quantum computing,digital twins,virtual reality/augmented reality(VR/AR),virtual humans,network connections and biological probes.These leading companies will no longer be satisfied with only deploying simple tools for their customers in the financial sector instead,they will provide comprehensive support across the entire industry chain and enterprise lifecycle,covering all business processes and data dimensions.The deep integration of technology scenarios is driving financial IT innovationSub-segment 1:Integrated technology empowerment272022 China Fintech 50 Report 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2023 Fintech Segment TrendsThe technology multiplier effect is rapidly expanding the use of scenario-based best practicesWith the development of the digital economy,enterprises are exploring on how to leverage fintech to promote the digital transformation of the financial sector and assist financial institutions in better serving the real economy.As technology suppliers continue to strengthen their core technical capabilities,different digital technologies are becoming more deeply integrated,resulting in a robust multiplier effect.The evolution and integration of infrastructure technologies will ultimately expand applications in upper-layer scenarios.In terms of promoting the digital transformation of financial institutions,the distributed transformation of underlying infrastructure has become a major trend.In this area,technology suppliers are focusing on issues such as smooth data migration,security compliance and compatibility adaptation to ensure that distributed transformation will not affect business continuity.In addition,they are building capability modules that are standardised and componentised to improve the breadth and flexibility of upper-layer applications.From the perspective of empowering financial institutions to serve the real economy,fintech has given way to the emergence of new business models such as“open banking,”whereby financial services are gradually embedded into different aspects of business and real life scenarios.At the same time,fintech capabilities are also being extended across the entire industry chain and ecosystem of the financial sector.As a result,demand in key scenarios such as green finance,smart cities and supply chain finance will continue to grow.To uncover business opportunities,fintech enterprises are actively identifying customers pain points and adopting the development strategy of“focus first,then expand”to cultivate best practices.Under this model,they are focusing on specific scenarios,and then relying on product standardisation to expand their business.Additional cutting-edge technological breakthroughs are neededto lead financial IT innovationThe financial sector has reached a general consensus on promoting financial IT innovation,which has accelerated breakthroughs on the supply side of technologies.The financial sector is the major area for IT innovation,which is closely linked to the security and control of the countrys overall financial system,and it also provides a rich foundation for R&D and the application of cutting-edge technologies.China should increase the use of domestically-made technologies and catch up with international standards,both in terms of basic software and hardware such as operating systems,databases,middleware and hardware acceleration,as well as in emerging technologies such as quantum computing and the metaverse.It is important to note that as IT innovation in the financial sector involves the overall IT architecture,explosive growth is expected to be seen in the demand for items from underlying architecture to cloud computing and data storage services,as well as for the replacement and upgrading of core systems and peripheral products.As many players will work together to build the financial sectors IT innovation ecosystem,integrated technology suppliers that focus on leading infrastructure technology and that possess core scenario application advantages are expected to lead the construction of the ecosystem and actively promote the innovation and exploration of more cutting-edge technologies.2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2022 China Fintech 50 Report282023 Fintech Segment TrendsAt the end of 2022,China issued the 20 Data Measures to emphasise the importance of building a basic system for data that covers data property rights,circulation and transaction of data elements,income distribution and security governance.The 20 Data Measures are designed to promote data compliance and the efficient circulation and usage of data in order to empower the development of the real economy.Based on the massive scale of the countrys data and rich application scenarios,the Measures aim to fully tap the value of data elements and give the entire population access to the benefits brought about by the digital economy.In the financial sector,enterprises are rapidly realising the value of data.The sector has accumulated a large number of full-link data resources,enabling enterprises to become pioneers in exploring and improving the basic system for data,and innovating the technological path and development model.Data lifecycle management should be strengthened to make data more usable and user-friendly.Specifically,in the data collection stage,IoT devices and applications should be widely used to collect data in real time across different terminals in order to effectively break down data silos and accumulate diverse,high-quality data resources.In the data integration stage,the gradual integration of traditional relational databases with data streams and batches,data lakes and warehouses,and overall data governance;the deep integration of AI capabilities;and the transformation of self-service big data analysis and mining architecture are equipping enterprises with centralised control over structured,semi-structured and unstructured data and enabling them to construct a shared,open database.In the data processing stage,the industry and its enterprises are steadily clarifying their internal data standards,and technological advancements are being seen in areas such as data extraction,data cleaning,data verification and data conversion.As a result,enterprises are now better equipped to interpret data.Finally,in the data application stage,employing a data-driven approach has become a“must”across the industry,which is resulting in improvements in the productivity structure of the digital economy as a whole.From the perspective of the overall industry and the development of the digital economy,unlocking the potential of data elements also means that data circulation and transactions will occur across different levels,industries and regions.In this respect,financial institutions and fintech enterprises need to not only strengthen their enterprise-level data management capabilities,but also continue to cultivate ecosystem-level data management capabilities and promote the mining of data value on a larger scale at a higher level.Strengthening data lifecycle management and exploring thepotential of data elementsActivating the value of data elements to make data intelligence accessible to allSub-segment 2:Big data and AI292022 China Fintech 50 Report 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2023 Fintech Segment Trends“Simple,explainable,engineered,secured and trustable”have become the standards for the new generation of AI infrastructureAI algorithms enable data-driven thinking and decision-making,and provide an effective tool for making good use of data and conquering the“last mile”of data value.It is important to note that in an open source environment,risks are arising from the convergence of algorithms,and approaches that simply leverage a handful of data to train deep learning models are unable to meet competitive demands.As a result,enterprises are increasingly focusing on improving their algorithms accuracy and iteration efficiency in an effort to develop explainable,intervenable and simplified AI decision-making platforms.In addition,they have also started to build AI security attack and defencesystems using next-generation AI technologies that are secure,trustworthy and reliable,with the goal of ensuring the stable operation of their algorithms in a confrontational environment.On the one hand,to obtain in-depth insights into the operational processes and pain points of the financial industry,enterprises are fully integrating industry know-how into their algorithmic models to improve the accuracy of their algorithms and data analysis.On the other hand,as data sources improve and data dimensions expand,enterprises are fundamentally improving their algorithms quality and iteration efficiency,seizing first-mover advantages,and lowering the threshold for the use of AI algorithms.In this way,they are establishing end-to-end,explainable,traceable and business-oriented AI services that cover the entire process of“data,models,application,optimisation and governance.”As the quantity,quality and efficiency of AI algorithms improve,the results of intelligent data analysis are expected to shift from mainly supporting business intelligence(BI)scenarios to AI scenarios,giving way to a new generation of AI infrastructure supported by technologies such as deep learning,explainable machine learning,AI security attack and defence,and knowledge graphs.2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2022 China Fintech 50 Report302023 Fintech Segment TrendsImproving employees ability to access the value of data is essential not only for delivering value based on customer needs but also for transmitting data value to the end users of data in the financial sector and establishing a closed-loop system that promotes data value.Currently,financial institutions are facing issues related to low participation of business staff in data processing and application,and significant numbers of IT professionals are required to both perform technical development tasks and obtain an understanding of the underlying business logic,resulting in a potential misallocation of resources.One of the major solutions to address this issue is to continuously promote data intelligence for everyone in the enterprise,and fully ensure that front-line business staff can conveniently access technical products during actual business operations.By taking these steps,enterprises can reduce their reliance on IT staff,optimise their human resource structure and raise overall work efficiency.For example,in respect of business operations intelligence,technologies such as low-code platforms and robotic process automation natural language processing(RPA NLP)can be used to empower business staff with an end-to-end,user-friendly,automated operational experience.Meanwhile,in terms of business process intelligence,enterprises are using knowledge maps,data maps,intelligent text processing,biometrics(such as iris recognition,voiceprint recognition and vein recognition)and multi-modal interactive robots to facilitate collaboration between digital staff and operational staff,thereby improving their work efficiency and providing end users with an efficient,intelligent service experience.Delivering value to customers by adopting data-driven business operations intelligence and business process intelligence312022 China Fintech 50 Report 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2023 Fintech Segment TrendsThe value of data elements is not only reflected in their use value to the enterprise,but also in their exchange value in the marketplace.Therefore,the assetisation of data elements is an inevitable aspect of Chinas effort to build a data elements market.“New infrastructure”is the strategic cornerstone and driving force behind the digital economy,and blockchain is an important part of“new infrastructure.”Its core value lies in its ability to enable distributed trust,which can effectively solve information asymmetry issues between different parties in a financial system,and therefore it enjoys broad application prospects.As China continues to promote the construction of blockchain infrastructure,national projects such as“Xinghuo Space”and the Blockchain-based Service Network(BSN)are paving the way for blockchain technology to be applied across many financial scenarios,which will result in significant advances in the openness,sharing and trading of financial data.One major path for the adoption of blockchain in the financial sector is for relevant platforms to be established.In this context,the government should direct blockchain construction and standardise its development to enhance consensus among all parties and enable low-cost trust.These conditions will then lead to the emergence of a number of new business models in areas such as green finance,supply chain finance,financial supervision,and digital RMB business.Strengthening blockchain infrastructure,and using blockchain platforms to enable low-cost trustWith the issuance of privacy protection laws and regulations such as the Network Security Law,the Data Security Law,and the Personal Information Protection Law,as well as heightening scrutiny from financial regulators,privacy computing has become a“must have”in the financial sector due to it ability to balance data security and data application.In general,privacy computing is still at a single-point application stage covering two scenarios:risk control and marketing.To allow for large-scale application,enterprises need to improve their privacy computing capabilities,promote the integration and innovation of software and hardware,and strengthen the scalability and supervision of technical architecture.Going forward,privacy computing is expected to continue to promote the security and circulation of data elements in the financial sector and boost the integration of data ecosystems across departments,industries and regions,ultimately becoming another major fintech infrastructure technology that facilitates the development of the financial sector.In the face of stringent supervision,privacy computing provides the foundation for technical capabilities Promoting assetisation of data elements and building a comprehensive line of defenceSub-segment 3:Blockchain,privacy computing and security 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2022 China Fintech 50 Report322023 Fintech Segment TrendsFocusing on the risks of cutting-edge technologies amid prominent security challengesAt present,financial information systems with large-scale infrastructure and a large number of data nodes are increasingly being developed.The security challenges they are facing are becoming more complex,and mainly come in two types:cyber attacks and technology application risks.In respect of cyber attacks,strengthening risk prevention in the financial system has become a common focus across the sector,and financial information security in particular has become important for the high-quality development of the financial sector,pushing enterprises to introduce technical concepts such as chaos engineering and zero trust architecture,and strengthen multi-dimensional security governance capabilities in areas such as information,data and networks.On the other hand,technology application risks are more subtle and uncontrollable,and may include problems such as deficiencies in the cross-chain mutual trust mechanism for blockchain,weaknesses in the performance and accuracy of privacy computing platforms,and inadequacies in the interpretability of AI models and AI attack-defence technologies.As the financial industry and its regulators direct more attention to the risks of cutting-edge technologies,we expect to see these risks driving more technological innovation in the coming years.332022 China Fintech 50 Report 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2023 Fintech Segment TrendsComputing power is one of the core productive forces driving the development of the digital economy.As the leading industry in digital transformation,the financial sector needs computing power that“continuously evolves.”As advancements in hardware accelerate innovation and breakthroughs in technical solutions,distributed technology and financial cloud computing,efficient,flexible and intelligent computing services are emerging that meet the requirements of different scenarios and enable businesses to reduce costs and increase efficiency.Transaction volumes,data volumes and peak value per second are growing exponentially across financial business scenarios,and the demand for edge computing has exploded while also becoming more complex and diverse.Against this backdrop,computing services for the financial sector have entered a critical period of innovation.Traditional computing solutions that use a central processing unit(CPU)as a general-purpose server cannot fully meet the financial sectors needs,and dedicated chips are required to obtain the necessary flexible computing power in certain scenarios.Innovation in the industry is currently trending in the direction of heterogeneous computing,and this technology is mainly being applied in the financial industry to develop hardware acceleration solutions that use field programmable gate array(FPGA)chips.These chips optimise computing performance,and offer outstanding advantages in processing real-time requests from users and in computing in small quantities and large batches.FPGA chips have been piloted in specific scenarios,such as in the high-speed brokerage market quotation system and brokerage order system,to improve the efficiency of trading business.With the support of technologies such as high-performance computing and edge computing,the computing power of the financial sector is steadily evolving and growing more diverse.However,the industry still needs to develop more widely-recognised integrated solutions that meet the needs of enterprises across different scenarios in order to fully tap the value of computing innovation.Edge computing is complex and diverse,and hardware acceleration solutions are breaking performance bottlenecksAdvances in computing power are enabling digital acceleration enginesSub-segment 4:Distributed computing,cloud computing and hardware acceleration 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2022 China Fintech 50 Report342023 Fintech Segment TrendsCross-level integration of IT infrastructure with hybrid cloud computing is gradually becoming mainstreamOne major way to implement distributed architecture is to move to the cloud.Essentially,cloud computing virtualises resources and breaks down barriers to resource access that were previously posed by time and space.The cloud efficiently integrates resources at the“cloud,network and terminal”levels in order to meet the need for low latency,high performance and large bandwidth computing.Currently,financial service cloud computing is evolving from private cloud computing to a hybrid model that is formed by“public cloud private cloud industry cloud.”Private cloud computing meets the security needs of financial institutions,which must adhere to the principle that“data should not be moved out of the local region,”but its economies of scale are limited.On the other hand,the public cloud and industry cloud are built on a more open ecosystem.They can help financial institutions to flexibly allocate internal and external resources and speed up cloud migration.Hybrid cloud strikes an optimal balance between the three elements of security,cost,and efficiency.Relatedly,“cloud native”has become an important trend in the industry.This concept stresses the development of loosely coupled systems that use containers,microservices and other cloud-native technologies to enable seamless connectivity between the private cloud,public cloud and industry cloud,with the aim of supporting more agile and flexible application development.Distributed architecture stresses multi-node deployment and aligns resources based on actual demand,which greatly optimises the allocation of IT resources.At the national level,the“Eastern Data,Western Computing”(东数西算)initiative,which is now in the construction phase,will promote computing power connectivity,remote computing and collaborative networks,and provide crucial support for the implementation of distributed computing in many key sectors of the national economy,including the financial sector.Under centralised architecture,single point of failure risk can affect business continuity.Distributed architecture possesses a single-point“self-healing”function and can flexibly allocate resources,which helps ensure the financial systems ability to provide continuous and stable services.Going forward,the financial sectors IT architecture will gradually evolve towards an organic integration of the centralised model and distributed model.It is important to note that as computing nodes increase and become more decentralised,the risk of system exposure will also increase,and the industry will need to focus on distributed security protection solutions.Optimising IT resources by moving from centralised architecture to converged distributed architecture352022 China Fintech 50 Report 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2023 Fintech Segment Trends1 Development Research Centre of the State Council,Consumption-led Efforts to Expand and Meet Domestic Demand,September 2022.WealthtechsegmentFintech companies are providing integrated services and helping financial institutions build open and innovative wealth management platformsThe incomes of Chinese residents are still growing fast,providing fertile ground for the development of the wealth management industry.According to a report released by the Development Research Centre of the State Council,middle-income groups as a share of Chinas total population will rise from 30 percent in 2021 to 50 percent in 2030,making them an important part of the wealth management sector and providing huge room for the industry to develop1.Fintech companies are expanding from offering underlying technologies to providing integrated service packages to asset management institutionsAs the digital transformation of asset management institutions progresses,fintech enterprises will focus on providing comprehensive services for the entire asset management process.At present,fintech companies are using AI,big data,cloud computing and other technologies to provide integrated servicesfrom data production and information extraction to intelligent modelling and investment decision-making assistance.In this way,they are providing one-stop digital intelligence products and services to professional institutions such as fund companies,brokerages,banks and trusts.Some companies have even formed complete product and service suites powered by self-developed technology engines to offer support that covers underlying technologies,middle platforms and applications.On the underlying technology platforms,algorithmic trading execution,advanced algorithmic models and new technologies such as machine learning are used to provide intelligent algorithmic trading services and quantitative trading solutions for wealth management institutions.At the middle platform level,data,algorithm and knowledge platforms are deployed to realise whole-process modeling of“data fusion,data development,knowledge fusion,and knowledge computing,”so as to improve the governance and use of corporate data and knowledge.At the application level,based on the complete technical architecture underpinning the data middle platform,wealth management firms are able to access one-stop platforms that flexibly combine multiple business modules,allowing them to engage in self-defined data value mining and build intelligent applications to more effectively apply corporate data.2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2022 China Fintech 50 Report362023 Fintech Segment TrendsThe opening up of the wealth management industry is accelerating,resulting in a more open and innovative ecosystemBuilding an open ecosystem can help wealth management institutions expand their online operations,service channels,and product and service systems,and improve their user experience.More and more wealth management firms have shifted from the previous“product sales”mindset to a wealth planning service model that covers the entire life cycle of their clients.Under this model,wealth management firms take into account their clients goals and provide richer experiences and services,including inheritance planning,retirement planning,medical planning,and integrated investment and financing.In order to meet the diversified financial needs of clients,wealth management institutions have started to integrate internal and external resources to create open,innovative wealth management platforms.Some financial institutions that possess multiple licences have begun to deepen intra-group synergies,for example by breaking down barriers to client information within the group and establishing intra-group client referral mechanisms and other tools.Other firms are taking measures to complement their resources,including in terms of clients,products,technical support and data,to enhance their clients investment experience and increase their asset management scale.Meanwhile,some financial institutions have opted to integrate their internal group resources and then open up their wealth management platforms to external parties.In this way,they can interact with other institutions in an open ecosystem to improve their operations.372022 China Fintech 50 Report 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2023 Fintech Segment Trends2KPMG and NIFA,2022 Insights Reporton Fintech Leaders,September2022.Supply chain technology segmentTechnology is empowering digital supply chain finance Recently,the State Council released the Outline of Strategic Planning for Expanding Domestic Demand(2022-2035)(the“Plan”),which proposes“steadily expanding domestic demand and creating new engines for domestic demand growth,”and“focusing on improving the efficiency of factor allocation and promoting the innovative development of supply chain finance,information and data,human resources and other services.”Going forward,the growing domestic market will spur demand for supply chain finance services,while technologies including AI,blockchain,IoT and big data will be used to empower the supply chain.These developments will open up greater room for the growth of supply chain finance.Digital intelligence is empowering the supply chain,and supply chain technology is promoting data penetration The Plan proposes to“speed up the promotion of digital industrialisation and industrial digitisation,encourage the inclusive use of clouds and digital intelligence,steadily improve digital governance,and strengthen the digital capabilities of small and medium-sized enterprises,especially those in the manufacturing industry.”Industrial digitisation provides the basis for the digital upgrading of supply chain finance and will drive the digitisation of modern logistics systems and supply chains.By adopting technology,traditional supply chain finance can move faster towards digitisation and intelligence,and this opportunity presents huge room for the growth of digital supply chain finance.According to the 2022 Insights Report on Fintech Leaders jointly released by KPMG and the National Internet Finance Association of China(NIFA),fintech companies are most optimistic about the future of digital supply chain finance,with 53 percent of the respondents selecting this field as a promising one and 23 percent making it their first choice2.2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2022 China Fintech 50 Report382023 Fintech Segment TrendsHowever,the digital transformation of supply chain finance still faces challenges around insufficient fintech integration.Research conducted by the China Federation of Logistics and Purchasing shows that enterprises have self-developed over 38 percent of their digital technologies,with only 11.54 percent of enterprises relying on upstream and downstream support3.The sectors digitalisation process is uncoordinated,and upstream and downstream enterprises do not cooperate well.For this reason,core enterprises and upstream and downstream enterprises urgently need to strengthen collaboration,so that they can jointly build data platforms,promote data penetration across the whole supply chain,solve the problems of data silos and information asymmetry,and enable core enterprises credit guarantees to cover first-tier,second-tier and even third-tier suppliers.Going forward,enterprises can harness AI,blockchain,IoT and other digital intelligence technologies to open up the supply chain links of research,procurement,production,sales and services;integrate the supply chains commercial flows,product flows,capital flows and information flows;reinforce cooperation between core enterprises and upstream and downstream enterprises;and improve the efficiency of fund usage in the supply chain.These efforts will help cultivate an open ecosystem that promotes the development of all enterprises.3 China Federation of Logistics and Purchasing,China Logistics and Supply Chain Finance Digital Development Report 2022,June 2022.With the help of technology,supply chain finance services are shifting from traditional loan services to integrated financial servicesThe 20th National Congress of the Communist Party of China proposed“enhancing the resilience and security of industrial and supply chains”and“unswervingly maintaining the security of key industrial and supply chains.”The development of industrial chains requires enterprises to strengthen and expand the chains,which will result in the introduction of more supply chain finance services.Some supply chain enterprises have already started to expand their business from traditional loan services to integrated financial services.Using AI,blockchain,IoT and big data,these enterprises are offering innovative online solutions that are scenario-based and data-driven.For example,technologies such as AI and NLP are being used to mine and analysemassive amounts of data,and generate information about opportunities and risks in pre-lending,in-process and post-lending scenarios to help business partners explore opportunities,analyse risk,track information and raise management efficiency for existing or target customers.Technological systems are also being used to provide professional consulting services,including operational services,marketing and promotional services,and product and IT consulting services.In addition,innovative enterprises are using RPA,AI and other technologies to develop applications that address the needs of enterprises in various supply chain scenarios,including collection,payment,investment,financing and management.These applications are laying the foundation for the digital transformation of corporate management.392022 China Fintech 50 Report 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2023 Fintech Segment TrendsInclusive technology segmentTechnology is driving the construction of long-term mechanisms for the provision of financial services to SMBs and individual customersInclusive technology companies have been deepening and changing their technological methods.They not only focus on pursuing mechanism innovation and product innovation to offer inclusive financial services that meet the personal financial needs of long-tail customers,but also develop long-term mechanisms to provide financial services to small and micro businesses(SMBs).In recent years,financial institutions have been widely adopting inclusive technology in order to increase the accessibility and sustainability of their financial services and improve the affordability of credit costs,with the goal of engaging in inclusive finance.These technologies have improved the quality and efficiency of inclusive finance and are driving its high-quality development.Developing a long-term mechanism for loan services for SMBsIn May 2022,the Peoples Bank of China issued the Notice on Promoting the Establishment of a Long-term Mechanism for Boosting the Financial Sectors Confidence,Willingness,Capability,and Expertise in Lending to Micro and Small Businesses(the“Notice”),which proposes 20 initiatives,including the promotion of technological empowerment and product innovation.The role of fintech is mentioned several times in the Notice,and“strengthening the use of fintech”is specifically mentioned in Part XV.The Notice proposes embedding fintech throughout the entire financial service process for SMBs,and it also states that fintech should play a fundamental role in supporting the financial sectors“confidence,willingness,capability,and expertise in lending,”so as to support the construction of a long-term mechanism for lending to SMBs.Financial services for SMBs represent a global issue.Policy studies and fintech development in different countries over the years have shown that the key to improving financial services for SMBs and developing inclusive finance depends not on policy subsidies,but on mechanism innovation and model innovation.With the support of financial technologies,financial institutions are integrating technology,scenarios and finance in order to create new customer acquisition,risk control and profitability models for financial services for SMBs;and this is causing the strategies,organisational systems and credit culture of banks to change.The functional relationship between“size,cost and risk”in SMB lending is changing fast,and the capabilities of the credit supply chain are improving rapidly.2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2022 China Fintech 50 Report402023 Fintech Segment TrendsThe integrated development of compliance technology,green finance,and sci-tech innovation financeFinancial institutions tend to not grant loans to SMBs due to the higher risk that the loans will become non-performing,and also due to concerns about rapid changes in SMB operations,which complicate post-loan management.However,by integrating compliance technology and inclusive finance,enterprises can develop due diligence exemption systems for such credit services in order to apply exemption provisions related to the submission,review,confirmation and reconsideration of due diligence materials.In addition,technologies such as blockchain can be used to prevent data tampering and tracing,thus reducing malpractice and other forms of non-compliance.At the 24th meeting of the Central Commission for Comprehensively Deepening Reform in February 2022,policymakers called for promoting the integration of inclusive finance with green finance and sci-tech innovation finance.In respect of agriculture,rural revitalisation,precise poverty alleviation and SMBs,the service targets of inclusive finance and green finance overlap significantly.However,since green finance currently focuses on supporting energy production and supply,transportation and infrastructure construction,SMBs have little access to green finance as their participation in these fields is limited.In fact,agricultural producers and SMBs generate significant amounts of pollution due to their unsophisticated production methods and low technology,and for this reason they should represent key targets of pollution control.In this context,financial institutions should integrate inclusive finance and green finance in order to grant agricultural producers and SMBs access to green financing.412022 China Fintech 50 Report 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2023 Fintech Segment TrendsPaytechsegmentCross-border payment sees new growth markets,with smart contracts and cross-border payment expected to expand the use of e-CNY As the payments market matures and regulatory policies are refined,the payment sector is gradually moving from unruly growth to high-quality development.The application of AI,big data,blockchain,and privacy computing,among other technologies,by enterprises in the payment sector is enhancing payment efficiency,promoting data multiplication and generating more value from payment data elements.Cross-border payment expands,and concerns around digital payment security grow amid geopolitical conflictsPolicy support for the expansion of cross-border e-commerce pilot schemes and cross-border payment business has presented new opportunities to cross-border payment business.In February 2022,the State Council agreed to set up integrated cross-border e-commerce pilot zones in 27 cities and regions,including Ordos,in order to expand the cross-border e-commerce pilot programme.In June 2022,the central bank issued the Notice on Supporting Cross-border RMB Settlement for New Forms of Foreign Trade,extending the payment scope of payment institutions from products and services to items in the current account.This policy has widened the scope of cross-border payment business and opened up a new market for the industry.Cross-border payment systems that incorporate technologies such as AI,blockchain and big data can reduce manual processing,shorten settlement times and improve payment efficiency.Notably,the security of cross-border payments has come to the fore amidst geopolitical conflicts,and as a result countries are focusing on the autonomy,security and independence of their cross-border finance flows.In addition,some countries and regions are building diversified regional cross-border payment infrastructure.Against this backdrop,cross-border payment institutions should pay attention to security issues when conducting offshore business and prepare contingency plans for any problems that may arise.2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2022 China Fintech 50 Report422023 Fintech Segment TrendsThe payment industry is deepening interconnectivity and generating more value from data elementsThe 14th Five-Year Plan for the Development of the Digital Economy,which was released in early 2022,states,“The digital economy will start to fully expand in 2025,at which time its core industries should account for 10 percent of gross domestic production(GDP).”Amid the rapid development of the digital economy and with the support of policies that promote interconnectivity,the closed payment ecosystem is opening up to accommodate external payment methods,such as Alipay,WeChat Pay,and Cloud Flash Pay.Interconnectivity between leading payment institutions will gradually eliminate payment barriers,end monopolies in the payment industry and improve payment efficiency.As payment data is now a“factor of production,”payment giants are leveraging the multiplier effect of data and fully tapping the value of payment data elements in an effort to promote interconnectivity and adapt to the digital economy.As the e-CNY pilot programme expands,smart contracts and cross-border payments are expected to enrich the use of the e-CNY The e-CNY plan has been launched,and regulators are actively promoting the e-CNY,resulting in an expanded e-CNY pilot scheme and richer application scenarios.The e-CNY can now be used in consumer scenarios covering peoples livelihood,clothing,shelter and transportation;in business scenarios covering bill discounting,green credit and supply chain finance;and in government-related scenarios covering provident fund payment,government subsidies and taxation.At this point,the stability of the e-CNY system and the scenarios in which the e-CNY can be used have been effectively verified.Going forward,efforts will focus on expanding scenarios and constructing the e-CNY system.Enterprises can use smart contract technologies that promote consistency,observability and self-compliance to broaden use cases for the e-CNY.As the e-CNY is programmable and scalable,it can be linked to smart contracts for the purposes of conditional payments.Since 2022,e-CNY linked with smart contracts have been used to make prepayments for educational institutions,gyms,etc.to address pain points in these consumer scenarios.The e-CNY is also being used to make cross-border payments in international trade.The multi-CBDC(mBridge)project,which is being jointly developed by the Bank of International Settlements Innovation Hub Hong Kong Centre,the Hong Kong Monetary Authority(HKMA),the Central Bank of Thailand,the Digital Currency Institute of the Peoples Bank of China and the Central Bank of the United Arab Emirates,recently completed the first real-value pilot transactions using the digital currencies of four central banks.In this way,the mBridge platform allows commercial banks to complete cross-border remittances and foreign exchange operations for their customers.The pilot programme validates the feasibility of using the e-CNY to make cross-border payments for international trade settlement purposes.With richer application scenarios,a refined ecosystem and more advanced technologies,coupled with its low transaction costs and high security,the e-CNY will become more accessible and cover more transactions.In the future,it is expected to become a substitute for third-party payment methods to some extent and weaken their influence.432022 China Fintech 50 Report 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2023 Fintech Segment TrendsInsurtech segmentInsurtech is trending toward omni-scenario integration and vertical segmentsInsurtech companies are pursuing integration and innovation to penetrate the entire chain of the insurance sector,and they are making breakthroughs in scenarios in an effort to steadily optimise the traditional insurance business model.In this way,they are driving innovation in the insurance industry and pushing insurers to adapt to digitalisation trends.Meanwhile,regulators have issued a number of policies,such as the Guiding Opinions of the China Banking and Insurance Regulatory Commission on Promoting the Quality Development of the Banking and Insurance Industries,the Guiding Opinions on Promoting the Online Development of Property Insurance Business and The General Office of the China Banking and Insurance Regulatory Commission on Issuing the Three Parallel Programmes for Promoting the Quality Development of the Property Insurance Industry,to encourage insurers to steadily improve their digital transformations,online services and intelligent operations.The development of insurtech is moving from technological reform to omni-scenario integrationThe development of fintech has gradually changed the core elements of competition from assets and outlets to technology and data.In recent years,significant breakthroughs in underlying technologies have laid the foundation for insurtech innovation,which is resulting in insurers adopting new technologies and developing new business models that enable transformation.Over time,we have learned that technological innovations require the support of application scenarios and data resources.To be fully embraced,insurtechshould be consumer-centric,and insurtech companies should understand that the development of the insurance industry relies on risk transfer and loss sharing,which are the industrys core values.Technology should be integrated with insurance business model innovation.Furthermore,insurtech enterprises should consider how they can help insurers provide simpler,automated interaction processes and more personalised services for different customer groups.To this end,they should focus on capturing more value from data and designing innovative products based on user needs.By following this approach,insurtech enterprises can build an insurance ecosystem,empower insurers and create more value for the industry.2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2022 China Fintech 50 Report442023 Fintech Segment Trends4 A New Journey in Insurtech Integration:Building a Four-dimensional Closed-loop Ecosystem Combining Internet,Medicine,Pharmaceuticals and Insurance,20 December 2022,https:/ companies should explore the new logic of“insurance services”and develop vertical segmentsGoing forward,insurtech companies should also focus on vertical insurance scenarios and make breakthroughs in sub-segments.For example,in the post-pandemic era,given heightened public awareness around medical services and health,more domestic insurtech platforms are working to build closed-loop ecosystems that combine the Internet,medicines,pharmaceuticals,and insurance.Unlike in Europe and the US where effective closed-loop ecosystems have been formed between medical resources and insurance payments,domestic insurers have traditionally faced difficulties in improving the payment chain for medical treatment so as to reduce patients financial burden,and in pushing hospitals to provide more targeted treatment through payment incentives.Using big data analysis and AI,third-party insurtech companies are capturing the demands of different stakeholders in the ecosystem,and by leveraging the latest technologies,they can build a win-win business model for all parties.For instance,pharmaceutical companies have a demand for using volume to compensate for price,”i.e.they are willing to moderately lower drug prices to drive sales growth,creating room for win-win situations for both patients and pharmaceutical companies.Meanwhile,insurers face high marketing channel costs.If third-party insurtech companies can provide accurate services to reduce insurers channel costs,insurers can spend more of their premiums on medical claims while reducing costs and increasing efficiency,thus achieving a win-win situation for both patients and insurers.Moreover,from a consumer perspective,many patients are not highly compliant in taking their medication;common problems include irregular medication,unauthorised discontinuation of medication and inadequate dosage.To address this issue,third-party insurtech platforms can promote business growth for pharmaceutical companies by guiding users through their service experience and encouraging them to take their medication as prescribed,especially for chronic illnesses4.452022 China Fintech 50 Report 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2023 Fintech Segment TrendsRegtechsegmentRegulators are expected to use market-based mechanisms to improve regulatory efficiency,and enterprises are proactively enhancing compliance management The Fintech Development Plan(2022-2025)proposes to“accelerate the comprehensive application of regtech and strengthen the development of digital regulation capabilities.”At present,regtech is being harnessed by regulators(the government)in supervisory processes as well as by regulated entities(enterprises)in their effort to ensure compliance.On the regulatory front,regtech helps financial regulators improve regulatory processes and enhance regulatory efficiency;meanwhile,financial institutions can use regtech to automate reporting and conduct data analytics,easing compliance pressure.In the future,regtech will enable regulators to use market-based mechanisms to improve regulatory efficiency,and financial consumer protection will be an important application areaRefined regulation is becoming the norm amid increasingly stringent regulation,and in light of this trend,regulators need comprehensive data to promptly and accurately grasp the dynamics of the entities they are regulating.However,as a result of rapid financial innovation and the integrated operations of regulated entities,financial risks are increasingly concealed and complex,rendering traditional regulatory techniques inadequate.Recently,the Peoples Bank of China proposed to“strengthen regtech,and actively use big data,AI,cloud computing and other technologies to enrich regulatory tools and enhance regulators ability to identify,prevent and resolve cross-sectoral and cross-market financial risks5.”However,instead of relying on regulatory agencies to upgrade regtech,the process should be market-driven.For example,the development of regtech can be outsourced to technologically advanced third-party regtech companies that provide services to regulators.At present,despite the increasing number of such companies in the regtech ecosystem,the types and number of participating entities are limited,and there is still room to enhance cooperation and communication in the ecosystem.Third-party regtech companies help enhance regulatory efficiency,and more regtechcompanies will enter the market in the future.Going forward,we expect to see stronger coordination and cooperation among regulators,regulated entities,and third-party regtech companies,which will enhance regulatory data sharing and boost regulatory efficiency.5 Zhou Xiaochuan:Actively Using Big Data,AI and Other Technologies to Enrich Financial Regulatory Tools,C,10 September 2021,https:/ 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2022 China Fintech 50 Report462023 Fintech Segment TrendsRegulated entities are enhancing their compliance management capabilities as technology enables the development of platform-based regtechStrengthened oversight and the frequent release of regulatory policies that emphasise“effective supervision,strict accountability and zero tolerance”are driving regulated entities to actively explore the use of technology in compliance.The evolution of regtech is causing regulated entities to move from a passive response posture to one that focuses on proactive and inclusive response.Enterprises are using regtech to actively enhance their financial compliance management capabilities and ensure safe and sound operations.In this way,their approach is shifting from“passively responding to compliance requirements”to“compliance-driven business development.”At present,regtech is mainly being applied in the fields of anti-money laundering(AML),related-party transaction management and regulatory data reporting.While specific needs in these three compliance scenarios may vary,they require common core technical elements,such as data platforms,intelligent rule databases,subject identification and assessment capabilities,and whole-process risk monitoring capabilities.Hence,compared to top-down investment in regtech,construction from the bottom is more agile and extensible.With this structure,enterprises can flexibly respond to future regulatory requirements in other areas while also meeting their needs in respect of AML,related-party transactions and regulatory data reporting6.Under this scenario-based construction trend,regtech enterprises are using big data,blockchain,optical character recognition(OCR),NLP and knowledge graphs,among other technologies,to steer regtech applications towards professional regulatory compliance,with the goal of empowering human-computer interaction and digital intelligence and meeting the regulatory needs of various parties.6 Tencent and KPMG,Technology for Good:A White Paper on Regulatory Technology,June 2022.The rapid development of fintech has provided financial consumers with more innovative products and convenient services.At the same time,risks around personal information leaks and transaction fraud have been growing more insidious,increasing the complexity of efforts to protect financial consumers rights and interests.Regulatory requirements for consumer protection are also becoming increasingly stringent,and regulators are focusing on using technology to achieve efficient oversight.Going forward,regtech will be used to develop a consumer protection system that covers the entire consumption process.Technology will be applied at all steps of the process,from information access to the final use of financial services.Throughout the entire process of information acquisition,customer access,product purchase and after-sales service,organisations will deploy data security,firewall and host security tools,among other basic security measures,to protect personal data from leakage and unauthorised access and ensure the security of personal data.2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.2022 China Fintech 50 Report47Appendix492022 China Fintech 50 Report 2023 KPMG Huazhen LLP,a Peoples Republic of China partnership,KPMG Advisory(China)Limited,a limited liability company in Chinese Mainland,KPMG,a Macau(SAR)partnership,and KPMG,a Hong Kong(SAR)partnership,are member firms of the KPMG global organisation of independent member firms affiliated with KPMG International Limited,a private English company limited by guarantee.All rights reserved.Appendix ISummary of Fintech-related Laws and RegulationsDatePolicyIssued byOfficial link2022JanGuiding Opinions of the General Office of the China Banking and Insurance Regulatory Commission on the Digital Transformation of the Banking and Insurance SectorsChina Banking and Insurance Regulatory Commissionhttp:/ Development Plan(2022-2025)Peoples Bank of Chinahttp:/www.china- on Strengthening Financial Services for New CitizensChina Banking and Insurance Regulatory Commission,et al.http:/ Fintech Committee of the Peoples Bank of China Holds a Meeting to Discuss and Plan Key Tasks for 2022Peoples Bank of Chinahttp:/ Report on the Digital Transformation of Chinas Banking SectorSina Financial Research Institutehttps:/ on Strengthening Credit Information Sharing to Promote the Construction of a Financing Credit Service Platform NetworkGeneral Office of the National Development and Reform Commission and General Office of
3人已浏览
2023-03-10 58页
5星级
Specops Software:2023年弱密码研究报告(英文版)(8页).pdf
Weak password report2023Specops 2023 Weak Password R1.Executive Summary 32.The Case for Password Protection 42.1 Password Length and Complexity Alone Is Not the Answer 43.Weak and Compromised Passwords in Action:How they are used in cyberattacks 53.1 Brute Force and Password Construction 53.2 Real-life example:Nvidia 54.Compromised Passwords:Themes and Patterns 74.1 Football is a universal(password)language 75.Take action:Protect your organization with Specops 8Passwords are easy to attack because people use easy-to-guess passwords.These passwords are guessable because people reuse passwords and follow common patterns and themes.These passwords then end up on breached lists and can be attacked via brute force and password spraying.Understanding common password patterns and user behaviors is the first step in securing passwords and the critical business data they protect.ABOUT SPECOPSSpecops Software,an Outpost24 Group company,is the leading provider of password management and authentication solutions.Specops protects your business data by blocking weak passwords and securing user authentication.Every day thousands of organizations use Specops Software to protect business data.For more information,please visit .Specops 2023 Weak Password R1.Executive Summary Poor password practices are putting businesses at risk.Data breaches continue to be a threat to all types of organizations across the globe,underscoring the importance of greater password security,as a means to protect our business data,as well as our digital eco-system.This years Weak Password Report highlights why passwords are still the weakest link in an organizations network,and how stronger password policy enforcement can be your best defense.The research in this report has been compiled through various methods,including:Our analysis of 800 million breached passwords,a subset of the more than 3 billion unique compromised passwords within the Specops Breached Password Protection list.Our analysis of passwords found in live attacks on our teams honeypot network,another source for compromised passwords blocked by the Specops Breached Password Protection list.The highlights from this years report include:83%of compromised passwords satisfy the password length and complexity requirements of regulatory password standards.88%of passwords used to attack RDP ports in live attacks are 12 characters or less.The most common base term found in passwords used to attack networks across multiple ports is still password.The data in this report should bring awareness to this all-too-common problem.The next step is to act,which means blocking weak and compromised passwords,enforcing password length requirements,and auditing the enterprise environment to highlight password-related vulnerabilities.For this reason,Specops Password Auditor was developed to help organizations identify multiple vulnerabilities,exportable in report format,all in a matter of minutes.Specops 2023 Weak Password R2.The Case for Password Protection Poor password practices or policies can make your organization vulnerable to cyber-attacks.The unfortunate truth is that most people dont follow password best practices.According to a recent Password Manager Report,41%of Americans rely on memory alone to track their digital passwords,suggesting the use of simple and repeatable passwords to make them easier to remember.Additionally,of those that choose to use an online password manager to store their information,nearly half store both personal and work passwords together.Even with end-user training,password reuse and other risky practices are all too common,both for personal and business use.To pro-tect corporate data,additional enforcement measures are required.For most business,this starts with protecting Active Directory,the universal authentication solution for Windows domain networks.Third-party password security software can strengthen Active Direc-tory accounts.A secure password policy,preferably one that can block the use of compromised passwords,is most critical.2.1 Password Length and Complexity Alone Is Not the Answer There are several compliance regulations that set the standards for cybersecurity,including organizational password policies.Tradition-ally,these regulations have mainly endorsed length and complexity requirements in the password policy design.But,given the growing sophistication of password attacks,todays requirements now include checking credentials against a breached password list.The Specops Software research team analyzed over 800 million compromised passwords and tested them against five different reg-ulatory standards to see if they met the requirements set by each of these standards.Our analysis found that 83%of compromised passwords would satisfy the password complexity and length requirements of compliance standards.The regulatory standards we investigated were:NIST HITRUST for HIPAA PCI ICO for GDPR Cyber Essentials for NCSCWhether you are following a regulatory standard or not,this data tells us that a compromised password check is critical for all organizations.Recommended actions to prevent the use of compromised passwordsICO/GDPR:Block the use of common and weak passwords.Screen passwords against a password list of the most com-monly used passwords,leaked passwords from breaches,and guessable passwords related to the organization.Up-date the leaked password list regularly,and explain to users why their passwords have been rejected.Specops 2023 Weak Password R3.Weak and Compromised Passwords in Action:How they are used in cyberattacksOne common way that cyber criminals are gaining access to organizations sensitive data and networks is through brute force attacks.These attacks consist of using a list of common,probable,and even breached passwords to systematically run them against a users email to gain access to a given account.This section will provide a breakdown of how passwords can be an entry point to your organizations network and what you can do for protection.3.1 Brute Force and Password Construction In October 2022,our research team took a look at passwords being used to attack RDP ports in live attacks and analyzed a subset of over 4.6 million passwords collected over the span of several weeks.We identified patterns in recent attacks and uncovered that more than 88%of passwords used in attacks were 12 characters or less.The most common password length found in this attack data was 8 characters at almost 24%.Another key finding in password construction was the use of special characters.Passwords containing only lowercase letters were the most common character combination found,making up 18.82%of the set.1.password2.admin3.welcome4.pssw0rd5.qaz2wsx6.homelesspa7.pssword8.qwertyuiop9.q2w3e4r5t10.q2w3e4rThe most common base term used to attack networks across multiple ports in October 2022These are common terms people use over and over again across different accounts,both professional and personal.Attackers are still finding success in attacking ports with weak,common,and leetspeak powered wordlists.Even if more sophisticated attacks are on an organizations radar,its just as important to protect against the most basic tactics targeting the weakest link.Most interesting about this dataset might be the inclusion of“homelesspa”a password base term found in the 2016 MySpace leak,giving us insight into the lists used by attackers to attack networks.We also see this term in the NCSC Top 100k list published in 2019.This base term indicates that even if a wordlist or breach is“old,”it is still worth protecting against as attackers are still using them to compile their attack lists.Organizations looking to prevent the use of passwords like these must make use of password construction rules such as implementing the use of passphrases,and length-based password aging to encourage memorable long passwords.Those requirements,paired with a custom dictionary or compromised password screening,would be the best defense against passwords that could help threat actors gain access to your organizations network.3.2 Real-life example:NvidiaIn February of 2022,GPU manufacturer Nvidia was the victim of a massive data breach conducted by the ransomware group LAPSUS$.The threat actor breached their network to steal employee passwords,as well as proprietary company information,and proceeded to leak the data online for ransom.Specops 2023 Weak Password RDuring the breach,thousands of employee passwords were leaked.Specops Software obtained 30,000 of these leaked passwords and added them to our database of compromised passwords.Nvidia later shared that all employees were required to change their passwords.Now that these passwords are no longer in use,we can look at a few examples to pinpoint the factors that led to their compromise.1.nvidia 2.nvidia3d 3.mellanox 4.ready2wrk 5.welcome 6.password 7.mynvidia3d 8.nvda 9.qwerty10.septemberTop 10 Base Words in Leaked Nvidia PasswordsFinding“nvidia”in this list indicates the organization wasnt making use of a custom dictionary in its password protections.A custom dictionary list is set up to reject common and predictable passwords during the password creation process.These can include pass-words relevant to your organization,including name,locations,services,any relevant acronyms,and even months of the year,as per the“September”example above.The cyberattack on Americas largest microchip company understandably sparked concern for data security.But it comes as no sur-prise when you consider that commercial and business-related companies are the most affected by ransomware attacks,according to Outpost24s 2023 Ransomware Report.Their data suggests that threat actors primarily target organizations that may have a higher capacity to pay a ransom.Specops 2023 Weak Password R4.Compromised Passwords:Themes and PatternsIn our analysis of the more than 800 million compromised passwords weve collected,there are several themes and patterns that emerge.When it comes to password creation,there is a strong tendency to get inspired by world or cultural events.Many people look to their surroundings when creating their passwords and use their interests or cultural trends to influence the phrases they end up using for their passwords.Hackers are aware of this tendency and use it as an opportunity to tap into commonly known terms or phrases to target unsuspecting victims.4.1 Football is a universal(password)language It is often said that football(soccer)is a universal language.Our research found this to be true within passwords.As the FIFA 2022 World Cup kicked off in Qatar,our research team uncovered numerous World Cup-related terms in the compromised password database,many of which are mentioned frequently.“Soccer”tops the related terms list with over 140,000 inclusions,with“Football”coming in second place.Englands international stadium Wembley also makes it into the top 10,appearing over 1,600 times in passwords.When it comes to players,both current and former,a few stand out in the mentions.Grzegorz Lato,a former player from Polands golden generation,topped the list appearing over 174,000 times.Another frequent appearance was Pele,arguably the greatest player ever,who landed just outside the top 10 with over 70,000 mentions.Current football players Messi and Ronaldo also made appearances on the mentions list,which comes as no surprise given the large fan bases each of these players currently has.1.Lato2.Carlos3.Kane4.Didi5.Villa6.Henry7.Hagi8.Milla9.Xavi10.Rossi11.Pele12.Santos13.Moore14.Messi15.Vava16.Walter17.Kopa18.Ronaldo19.Monti20.ZicoWorld Cup legend rankings(in passwords)While there is no guarantee the more common terms contained within passwords will be attributed to a player every time,it is common for users to choose well-know terms and names,and highly likely there is intent when less common surnames appear.Specops 2023 Weak Password R5.Take action:Protect your organization with SpecopsFrom ransomware to password guessing and brute force attacks,as long as threat actors continue to evolve their tactics,organizations must be proactive with their password protections to defend their overall network security.Test your resilience against credential-based attacks with the free Specops Password Auditor.The read-only tool scans your Active Directory for password-related vulnerabilities,including which accounts are using compromised passwords.For better password security,Specops Password Policy encourages strong and unique passwords,that are harder to predict and crack.With the Breached Password Protection feature you can even block more than 3 billion unique compromised passwords collected by Specops Software.Request a demo or a free trial and see how we can help secure your weakest link.
2人已浏览
2023-03-10 8页
5星级
Smartkarma:亚洲能源行业深度洞察报告(英文版)(280页).pdf
Research ReinventedSmartkarma unites Independent Research Providers,Investors,and Investor Relations in one network.At Smartkarma,We Do Things DifferentlyWelcome to another Smartkarma eBook-a showcase of selected Insights from the Smartkarma network.These eBooks are meant to be an illustration of the depth and breadth of research found on our platform-a snapshot of what you can expect to see as a Smartkarma subscriber.All research on Smartkarmas platform is produced by independent Insight Providers.Almost half of the research coverage on Smartkarma is on small-and mid-cap firms,demonstrating a differentiated view of the market,which generally tends to skew large-cap.Research on our platform spans 15 core content verticals,including Equity Capital Markets,Event-Driven,Macro,Forensic Accounting,Credit,and more.The unprecedented upheaval of 2020 has reaffirmed our conviction that there is true value in building and nurturing thriving networks that empower the distribution and exchange of insight.Thats why we leverage the online economy,applying this innovative mindset to capital markets.For a single subscription,Smartkarma users can consume all the research they need,just like Netflix enables viewers to watch unlimited hours of content.Our model ensures that research on our platform is objective and unbiased,independent and free from conflicts of interest.The platform determines appropriate pricing according to the quality and value of each research piece.This helps independent Insight Providers monetise their research and incentivises them to produce truly high-quality,differentiated work that stands out from the rest of the market.In the following pages,you will be able to see for yourself a sample of the efforts of Smartkarma and the Insight Providers publishing on our platform.If you want more such Insights delivered to you in real time on your desktop or mobile,visit .Cover Photo by Christian Dubovan on UnsplashTable of Contents1.Asian Solar Energy Sector:Powered by Subsidies 4 and Moving Downstream By Aqila Ali2.Asian Wind Energy:Efficiency and Cost Reduction in Focus 109 as Players Eye a Post FiT Future By Mio Kato3.Asian Nuclear Energy Industry:The Value Chain 192 By David Blennerhassett4.Carbon Markets Original:An In-Depth Analysis into the Evolution 232 of Carbon Markets By Mio KatoThematic(Sector/Industry)Asian Solar EnergySector:Powered bySubsidies and MovingDownstreamBy Aqila Ali|30 Sep 2020EXECUTIVE SUMMARYWhats Original?This insight is an in-depth research on the Asian solar energyindustry,covering the value chain and related companies in each keystage of the value chain.Our research includes the following:Industry Background:This includes an in-depth analysis onthe solar energy sector,which includes an overview on the keytypes of solar technologies(Photovoltaic-PV,ConcentratedSolar Power-CSP and Solar Heating and Cooling-SHC),and theleading Asian countries(India,Japan and China)in the sector.We provide our thoughts on which solar technology lookspromising and compare the technology used across the leadingAsian countries.Value Chain Analysis:We detail the value chain for PV,highlighting the critical stages of the value chain(systemintegration assembly and installation,and manufacturing ofcells,modules,polysilicon ingot,and wafer)and the leadingplayers in those stages(includes listed and unlisted companies).Background Analysis on Key Players-This includesresearching the key Asian listed/unlisted solar energycompanies and analysing the key contributing factor/product toeach of them in the sector.Investment opportunities and risk We compare andcontrast the investment opportunities for each of the keyplayers in the sector,to understand if the companies follow asimilar strategy or otherwise.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali4Aqila AliEquity Analyst|LightStream ResearchAqila Ali has over five years of experience in investment research covering multiple industries including auto components,MLCCs,telecommunications,and CASE trends.Areas of Expertise Primary Asset Class:Equities Geography:Asia Pacific Countries:Japan Sectors:GeneralistContent Verticals Equity Bottom-Up,Thematic(Sector/Industry)Analysis on the key revenue and margin drivers Wecompare and contrast the key revenue growth and profitabilitydrivers for the listed companies.We have also provided a shortinvestment thesis on the key listed players and looked at theirvaluation.The Insight is structured as follows:A.Solar Energy Industry BackgroundB.A Deep Dive into the Three Key Solar TechnologiesC.A Look at the Leading Asian Countries in the Solar Market:China,Japan,and IndiaD.Value Chain AnalysisE.A Look at the Key Asian Solar PlayersDETAILA.Solar Energy IndustryBackgroundSolar energy has been one of the fastest growing renewable energy sourcesover the last few decades(the solar energy market size grew at a CAGR of49.0%globally over the past decade,while renewable energy power capacitygrew at a CAGR of 8.3%).According to the International Energy Agency(IEA),solar power generation increased by 22%( 131 TWh)in 2019,representing the second largest absolute generation growth of all renewabletechnologies,second to wind generation.Using solar power instead of fossilfuels allows a reduction in carbon footprint and helps combat climatechange,and is a comparatively more efficient power system than producingenergy from coal and oil.In 2019,a total of 720TWh was generated.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali5Source:IEABloomberg New Energy Finance expects solar technology to represent morethan 40%of global electricity capacity by 2050,which would be a significantincrease from its current penetration of c.5%of global capacity.Energymarkets usually consider three main factors when deciding on powersources:cost of energy,ancillary services,and ability to dispatch power ondemand.Given that solar energy satisfies all three of these factors,consensus estimates are for the sector to grow at a CAGR of 20.5%globallythrough 2019-2026.Three main technologies have now emerged as the frontrunners in the solarenergy field:photovoltaic cells(PV),concentrated solar power(CSP),andsolar heating and cooling(SHC),which we will discuss in detail below.B.A Deep Dive into the Three KeySolar TechnologiesSummary:Currently,while PV is largely used for residential and industrialpurposes and is commercially developed,SHC is also widely used but forsmaller scale purposes.SHC usage is not reflected in the number of jobscreated,due to requiring a lower number of people to operate solarheating and cooling technologies.CSP is currently the least usedtechnology due to the costs and challenges in building the systeminvolved.When considering the above three technologies,we have observed thatthe three technologies are suitable for distinct purposes.Whileconcentrated solar power and photovoltaics are most suitable for largerscale projects,solar heating and cooling can best be used for smallerscale applications such as residential homes and small businesses.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali6Although plants with thermal storage(such as CPS)have greateroperational and capacity value,they are more costly and take a longertime to build,as opposed to photovoltaic systems.When choosing which of the technologies to use,consideration must bepaid to the energy requirement,the cost that investors are willing toincur,and the scale of the project.While this is a general rule forselecting a technology,having looked at the three technologies,we feelthat CSP technology is yet to develop completely and appears to havepotential for growth in the sector,while PVs will continue to be themainline technology.Photovoltaic(PV)A photovoltaic cell is commonly called a solar cell,and is a nonmechanicaldevice which converts sunlight directly into electricity.Some PV cells alsohave the ability to convert artificial light into electricity.A PV cell is made ofsemiconductor material so that once photons(particles of solar energy insunlight)strike a PV cell,they may pass through the cell,reflect off the cell,or be absorbed by the semiconductor material.The absorbed photons wouldthen release electrons.These free electrons can then be captured to producean electric current,which can be used to produce electricity.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali7PV cells were first developed by Bell Telephone researchers in 1954,and wereused to power US space satellites beginning in the late 1950s.PV panelswere then used to provide electricity in remote or off-grid locations towardsthe late 1970s,and since 2004,the use of PV cells has greatly expandedowing to technological advances,lower costs for PV systems,and variousfinancial incentives and government policies.An individual PV cell can only produce 1 or 2 Watts,which allows onlysufficient electricity for small tasks such as powering calculators orwristwatches.However,these cells can be electrically connected to generatehigher amounts of electricity,wherein they can be used for much largertasks such as to power communications equipment and to supply electricityfor a single home or business.Although the efficiency at which PV cellsconvert sunlight to electricity varies based on the type of semiconductormaterial and PV cell technology,the efficiency now approaches c.20%forstate-of-the art modules.However,nearly 50ficiency has been achievedfor experimental PV cells and PV cells for niche markets such as spacesatellites.Solar PV is highly subsidised by governments worldwide,and the chart belowshows the types of market incentives and enablers provided for solar PVworldwide in 2018.Source:StatistaAsian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali8Concentrated Solar Power(CSP)CSP is based on the principle that a temperature of around 550C can begenerated using a parabolic mirror that concentrates the suns rays on asingle point called the“fire”point.A pipe is run through at the fire point,through which a fluid with the ability to store heat flows,before passingthrough an exchanger.This fluid can then be used to generate industrialsteam or to run a turbine and produce electricity.The CSPs can be used togenerate electricity during cloudy periods or for the hours after sunset orbefore sunrise,hence making it a more flexible source of solar energy.TheCSP plants can use fossil foil to supplement the solar output during periodsof low solar radiation,and can also be integrated into existing thermal-firedpower plants.There are four types of CSP technologies.Parabolic Trough Systems concentrate the suns energy usingparabolically curved,trough-shaped reflectors onto a receiver pipe(theheat absorber tube which runs along about a meter above the curvedsurface of the mirrors).Heat energy,which is generated when thetemperature of the heat transfer fluid(usually thermal oil)increases,isthen used in the thermal power block to generate electricity in aconventional steam generator.As of 2018,90%of the CPS plants incommercial operation were troughs.Power tower systems use sun-tracking mirrors(heliostats)to focussunlight onto a receiver at the top of the tower.Electricity is thengenerated using a conventional turbine-generator,which is powered bysteam generated when the heat transfer fluid in the receiver is heatedto c.600C.Although the earliest power towers used steam as the heattransfer fluid,companies are now operating with water,molten salts,and other heat transfer materials in order to improve efficiency andreduce costs.Linear Fresnel Systems use the same principles of the trough system,butconsist of a large number of collectors in parallel rows,and mirrors arelaid flat on the ground to reflect the sunlight to the pipe above.Parabolic Dish Systems have mirrors distributed over a parabolic dishsurface to concentrate sunlight on a receiver fixed at the focal point.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali9Source:SolarPACESSolar Heating and Cooling(SHC)Systems which change sunshine into usable thermal energy are referred toas solar heating and cooling(SHC)technologies.According to the SolarEnergy Industries Association(SEIA),a single-family home with a solarwater heating system installed will reduce its CO footprint by an average of28%.Solar heating and cooling technologies include solar heat collectors,solar air heating,solar cooling,solar water heating,and solar pool heating.The following are some examples of solar heating and cooling technologies.Solar Heat CollectorsA solar heat collector requires c.60sqft of roof space,and the energy neededto heat water for the average American home can be achieved with only oneor two solar heat collectors.Types of solar collectors include flat plate,evacuated tube,Integral Collector Storage(ICS),thermosiphon andconcentrating collectors,where flat plate collectors are the most commontype of collector in the US.Type of SolarCollectorDescriptionFlat platecollectorsHave copper plates attached to an absorber plate contained in an insulated box that iscovered with a tempered glass or polymer cover plate.EvacuatedtubecollectorsConsist of rows of parallel,transparent glass tubes that have been“evacuated”of air,creating a highly efficient heat insulator for the fluid that runs inside the length of the tube.Generally used when higher temperatures or higher volumes of water are needed,as wellas for process heating and solar air conditioning systems.SimpleunglazedcollectorsUsually used to heat pool water or preheat large volumes of industrial process water inwarm climates.ConcentratingcollectorsUseful in industrial and manufacturing processes due to their ability to produce heat inexcess of 300F-400FAsian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali10Source:Solar LoveSource:Solar LoveSolar Air HeatingSolar heating systems have been found to produce a number of heat unitsequivalent to c.80%of the available solar energy,hitting the surface of thecollector where it can produce 45,000-102,000 kWhth(kilowatthoursthermal)per square foot of installed collector area per year.These systemsusually transfer heat from the solar collector using a non-toxic liquid,water,or air.Solar CoolingAbsorption chiller systems and desiccant systems are two types of solarcooling systems,with absorption chiller systems being the most commontype.Absorption chiller systems generate air-conditioning using solar waterheating collectors and a thermal-chemical absorption process.In a desiccantsystem,the air is cooled by passing it over a common desiccant such as silicagel,which draws out the humidity in the air.Solar Water HeatingActive solar water heating systems rely on an electric pump to circulate thewater while passive solar water heating systems use thermodynamics tomove the water.These solar water heaters consist of three main elements:the solar collector,insulated piping and a hot water storage tank,and whensolar radiation hits the solar collector,it absorbs the heat and transfers it topotable water in the system.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali11Source:Solar LoveThe Round-Up:The Three Technologies ServeDistinct PurposesMeasurePhotovoltaicConcentrated Solar Power(CSP)Solar Heating&CoolingTechnologies Uses sunlight through thephotovoltaic effect to generatedirect electric current(DC)in adirect electricity productionprocess.This DC then has to beconverted to alternative current(AC)with the use of inverters to bedistributed on the power network.Concentrates solar radiation to heat aliquid substance which is then used todrive a heat engine and an electricgenerator.Generates AC,which can beeasily distributed through powernetworks.Uses the sunsthermalenergy tochange thetemperatureof air andwater.Energystorage andefficiencyDo not produce or store thermalenergy as they directly generateelectricity which cannot be easilystored especially at large powerlevels.Capable of storing energy usingThermal Energy Storage technologies(TES)and using it at times of no or lowsunlight,hence increasing thepenetration of solar thermaltechnology in the power generationindustry,as it helps overcomeproblems such as environmentalfluctuations.Has a highlevel ofefficiency,butsupplementalenergysources orstoragerequired forlong sunlessstretches.CostCan be built at a lower costcompared to CSP plants.Requires higher investment andinvolves greater risk(challenges withthermal storage,cooling).Lower costinvolved.Ease inbuildingEasier to build compared to CSPplants.Comparatively difficult to build.Easiest tobuild andadoptespecially onsmaller scale.Direct andIndirect JobsWorldwide(000 jobs)3,60534801Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali12Source:Helioscsp,International Renewable Energy Agency(IRENA)s 2019 reportC.A Look at the Leading AsianCountries in the Solar Market:China,Japan and IndiaSummary:China leads the solar market globally.India,we believe has highpotential for growth.However,uncertainty in government policies andlack of investment has restricted growth thus far.Japan,with itsinnovation has been continuously developing its renewable energymarket,but is yet to make its mark.However,the countrys lack ofsunlight and mountain terrain makes it difficult to erect large solarplants,when compared to India and China and other emerging marketsin Asia.In terms of technology used,China targets towards 20 CSP plants,webelieve that China currently has a larger focus on CSP.In India,we feelthat policies and subsidy provisions are provided to develop all threetechnologies equivalently,and no specific technology is targeted.Japansproposals for its long-term emission reduction are focused more on thetransport sector and zero-emission buildings.Thus,the country is likelyto resort to PVs and its R&D in CSP to achieve its aim.Until recently,the US and Europe led the renewable and solar energymarkets.However,this situation has largely changed in the past decade andaccording to data from Statista and Equal Ocean,in 2019,China was thelargest solar market,having a cumulative solar power capacity of 185 GW.This was followed by the US and Japan,while India was fifth in terms ofsolar power capacity.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali13Source:EqualOceanFurthermore,according to a new report by EY,seven Asian countries rankamong the worlds most attractive markets for renewable energy sourcesincluding wind power,hydropower,and solar energy.According to the EYsRenewable Energy Country Attractiveness Index ranking,China has been inthe top position for years,although the country was ranked second to the USthis year.India holds the seventh place this year,compared to its previousthird position,which is now held by France.Japan holds the tenth place,twoslots down from its previous eighth place,with Denmark now holding theeighth place.Currently,a large number of new projects and investments arein emerging economies.The Round-UpChinaIndiaJapanSolar powercapacity-2019(Gigawatts)1853864Ranking inEYsRenewableEnergyCountryAttractivenessIndex-20192710ExpectedTargetIncrease shareof renewable-based powergeneration to28.2%in 2020.Produce 175GW ofrenewable energyby 2022 of which100GW is to befrom solar.Have renewable resourcesaccount for 22-24%ofnational electricity generationby 2030,nuclear power20-22%,and fossil fuels 56%.Cut its GHG emissions by26%compared to 2013levels.StrategyGovernmentinvestment and policysupport,Attract foreign investors tothe country.Policy supportCurrentlyfocusedtechnologyCSPAll three technologies.SHCAsian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali14Opportunities in the three tech typesPVOutperformancein the nationalsolar PV target.Increase inChinas solar PVshare of totalelectricitygeneration fromgrid-connectedsources.Emergence ofnew futuregrowth areasfor solar PVwhere feed-in-tariffs(FiTs)arenow offered forPV combinedwith electricalenergy storagein Jiangsu.The creation of26 power-trading centresspecifically fordistributedgeneration isdriving demandand theemergence ofnew businessmodels for solarPV in thecountry.Anunderpenetratedsolar market.High growth forrooftop solarinstallation whichare deemedcleaner andcheaper energysolution forcustomers.World Banksupport financially.Subsidy to promote thedevelopment of rooftop solarPV installations.Attempt to lower solar pricescould boost demand.Demand from beyondresidential use(self-consumption,electricvehicles(EVs)or batteries,retrofitting storage,sale ofsurplus electricity via one-on-one contracts with utilities orpower producers andsuppliers(PPSs).Support from Japan ElectricPower Exchange(JEPX)toissue tenders for non-fossil-fuel certificates and is alsoplanning to introduce futurecontracts.For the non-residential sector,the Japanese Ministry ofEconomy,Trade and Industry(METI)has set a three-yeardeadline for the completionof projects over 10kW in size.CSPVarious projectsto expandcapacity are inplace.India was the onlyother country inAsia to have CSPcapacity underconstruction by theend of 2018.Early hands ontechnologicaldevelopment and isranked fourth interms of number ofSolar Heat forIndustrialProcesses(SHIP)additions in 2019.Subsidyprogramme forconcentrating onsolar thermalsystems.Japan has made plans to useCSP plants in the worldssunny regions such asAustralia in order to generatefuel which can then beshipped back to the country.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali15SHCChina is one ofthe key marketsfor SHC with aninstallation ratestronger thanthe US.In 2019,Chinaled the rankingfor newinstallations ofglazed andunglazedcollectors,accounting forc.73%of thetotal.Rural areademand stillexists.Positivegovernmentspolicies.Governmentsupport andsubsidies drivespopularity of solarwater heaters inthe country.Limited growth potentialgiven a currently decliningmarket.Threats in the three tech typesPVPolicyUncertaintyEconomicslowdown,tariffcaps,paymentdelays andchallenges relatedto land acquisitionand access to gridconnections led toa slowdown in2018.Expectedslowdown in 2020as well,though arebound isexpected in 2021with capacityadditionsexceeding 2019levels.Grid constraints,lack ofavailable land and low-costfinancial resourcesHigh labour costs and highprices of solar generation,where Japans prices aresome of the worlds highest.CSPHigher price perkilowatt incomparison tophotovoltaicpowerLack offinancingmeans.The links in theCSP industrialchain remainweak and no on-grid power priceof CSP projectshas yet beendetermined,slowing downthe progress ofCSP.India lags peersdue to low investorconfidence,unreliable solardata,lowavailability ofskilled labour,and ahigh cost for CSPcompared to PV.Countrys rocky terrain makesit difficult to erect CSP plantswithin the country.SHC-Declining subsidies for solarenergy.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali16Our ThoughtsThe country has beenlargely focusing on PVsand is the global leaderof the PV market.The countrys PV andSHC markets arealready well developed,which we believe to bethe driver behind recentprojects being moreCSP-focused(piloted20 CSP projects to becompleted).We feel that policies andsubsidy provisions areprovided to develop allthree technologiesequivalently and nospecific technology istargeted still.Rooftop solarenergy solutions is atargeted produced acrossthe three types oftechnology.Japans proposals for its long-termemission reduction are focused moreon the transport sector and zero-emission buildings.Given the declinein subsidies for SHC,whilecontinuously investing R&D for PVand CSP,we believe Japan might belooking to use the latter twotechnologies to achieve its renewableenergy aims.In DetailChina:The Current Leader GloballyFrom less than 10%solar and wind in the overall power mix in 2018,Chinasgovernment aims to increase the total share to c.30%by 2030.The Belt andRoad infrastructure initiative provides businesses opportunities to exportclean-energy technology and take on large-scale electricity projects inemerging countries,helping to power Chinas renewables sector.Since 2008,China has been the worlds largest manufacturer of solar panel technology,and accounts for the production of over 60%of the worlds solar panels,according to IEA.Strategy to Achieve Renewable Energy AimsIn order to increase the countrys share of renewable-based powergeneration,nine provinces and regions have been ordered to generate morethan 15%of power from non-hydro sources,and 10 provinces and regionsshould generate at least 30%of power from renewable sources.Furthermore,the country has pledged to invest CNY2.5trn in renewablepower generation over 2017-2020.Below,we shall discuss whether any of thethree technologies are specifically being targeted towards achieving thesegoals.Photovoltaic(PV):Dominant PositionChina is the single largest market for solar PV and dominates the globalsolar PV market,and accounted for c.26%of capacity additions in 2019.Thecountry has the largest solar PV employment in the world,with c.2,194,000direct and indirect jobs,and accounts for c.54%of renewable energy jobs inChina.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali17However,Chinas annual solar PV market(newly installed capacity)declinedby nearly 32%YoY in 2019 despite the countrys year-end rally,with morethan 12 GW brought online in December.This was largely due to policyuncertainty,as China was restructuring its renewable energy market leadingto a decrease in energy feed-in-tariffs(fixed electricity prices which are paidto renewable energy producers for each unit of energy produced and injectedinto the electricity grid).Another contributing factor to the decline was thecontinuous addition of coal-fired power capacity.However,towards the end of 2019,Chinas cumulative grid-connectedcapacity was c.2x the national solar PV target,which was established in2016,of achieving 105 GW by 2020.However,reduced curtailment andincreased capacity led to Chinas solar PV share of total electricitygeneration from grid-connected sources increasing to 3%in 2019 comparedto 2.6%in 2018.Source:evwindChina has also seen the emergence of new future growth areas for solar PVsuch as the combination of EVs,residential solar and storage.A recentreport from the US-based Institute for Energy Economics and FinancialAnalysis(IEEFA)argues that batteries and EVs can improve the economics ofhousehold solar due to their ability to allow households to use more of thesolar power they generate,hence leading to electricity bill savings.Chinahas recognised the effectiveness of these combinations and feed-in-tariffs.(FiTs)are now offered for PV combined with electrical energy storage inJiangsu.Furthermore,the creation of 26 power-trading centres specificallyfor distributed generation is driving demand and the emergence of newbusiness models for solar PV in the country.Chinas 14thFive-Year Plan(2021-2025)by the National EnergyAdministration(NEA)outlines the development of wind and solar PV grid-parity projects over the period,and action has been recommended for thecountry to aim for 300 GW of new solar PV power generation capacity.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali18Concentrated Solar Power(CSP):IncreasingFocusAs of January 2020,China had eight large-scale concentrated solar powerprojects with total capacity of 500MW in operation across China.Five of theseven projects use the power tower system,two use the parabolic troughsystem,while the other uses the linear Fresnel system with molten salt asboth heat transfer and thermal storage fluid.The power tower system isgenerally favoured over the trough system due to its higher temperatureoperation,which allows for greater efficiency.Source:CSP FocusIn September 2016,the National Energy Administration issued the firstbatch of CSP pilot project allocations.The CSNP Royal Tech Urat 100MWParabolic Trough CSP Project was one of the first batches of 20 pilot CSPprojects,and is the countrys largest parabolic trough CSP plant.The plant isexpected to generate c.350GWh of electricity annually.The status of thepilot projects as of January 2020 is as follows.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali19Source:CSP FocusIn May 2020,the Supcon Solar Delingha 50MW Molten Salt Tower reportedthat it had exceeded six-month output targets and recorded average outputfulfilment rates above 100%since January 2020.The plant has come up withinnovative measures,combining equipment learnings with AI technology toreduce weather risks and improve performance.Furthermore,the DunhuangDacheng 50MW Molten Salt Linear Fresnel Project is the first molten saltthermal power generation project in the world,which uses molten salt as theheat transfer fluid and thermal storage medium.However,Chinas CSP market faces a few key development problems.Thehigher price per kilowatt in comparison to photovoltaic power generationrestricts the development of Chinas CSP industry and Chinas CSP projectslack financing means.The links in the CPS industrial chain remain weak andno on-grid power price of CSP projects has yet been determined,slowingdown the progress of CSP.Solar Heating and Cooling(SHC):Policy toSupport Strong Growth RatesChina is one of the key markets for SHC and towards 2013,the country wasinstalling SHC systems at a rate of c.10 x that of the US.In that year,c.50-60m households in the country used solar water heating.According toIRENA,China employs 670,000 people(16%of renewable energy jobs inChina)in solar heating and cooling.Towards the end of December 2017,there was 35.4m sqm of solar thermal products installed in China.In 2019,China led the ranking for new installations of glazed and unglazedcollectors,accounting for c.73%of the total.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali20Source:IEA-SHC;Solar Heat Worldwide 2019Given that solar water heaters can save the conventional fuel fee in ruralareas without natural gas and centralised heating systems,the convenienceand cost of solar water heaters acts as the main market driver.Furthermore,the Chinese governments policies towards increasing the proportion ofrenewable energy has led to the promotion of solar heating and cooling inurban markets.China also contains solar energy buildings known as the“passive house”which contain large southern windows and the possibilityfor attached sunspace.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali21India:Needs Continuous Supportfrom the GovernmentIn May 2019,India was named the lowest cost producer of solar powerglobally.The country has traditionally relied on coal-fired power plants,which generated 72%of the countrys electricity in 2018-19.According tothe PV magazine India,the countrys total solar energy potential isestimated at c.750 GW.The country has a target of achieving 100GW ofsolar power by 2022,but had only installed a total of 36.6GW at the end of1Q2020.India prioritises the expansion of solar over other renewabletechnologies,and the government has launched a reverse auction system forsolar capacity,increased the availability of funding to the renewables sector,and allocated concentrated zones of development for solar power facilities,hence driving down the implementation time and cost of projects.India hasthe fourth-largest number of renewable energy jobs globally,and employed719,000 people directly and indirectly in the sector.According to the UnitedAsian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali22Nations Sustainable Development Goals partnerships platform,India plansto produce 175GW of renewable energy by 2022,of which 100GW is to besolar.Strategy to Achieve Renewable Energy AimsA key part of Indias strategy in achieving its renewable energy aims was toattract investors to the country,for which it had taken numerous measuresincluding the following:The introduction of the Power Purchase Obligation(PPO)under whichstate power-distribution companies and certain other private firms arerequired to procure part of their power requirement from renewablesources.A revision of the tariff policy,which includes penalties for unscheduledpower cuts and removing custom barriers to provide incentives to solarand wind energy manufacturing equipment.Awarding power purchase agreements using reverse bidding.Alsoknown as a reverse auction,this allows sellers who meet certainminimum criteria to submit non-negotiable price bids.The buyer thenselects winning sellers based on the lowest priced bids first and signsnon-negotiable standard contracts with the winning sellers.Inrenewable energy projects,an auction is held where developers ofsystem-side renewable distributed generation projects bid the lowestprices which they would be willing to accept to develop renewableenergy projects.Providing many direct and indirect subsidies.In FY19,the majorsubsidies provided for solar were:Support for solar parks and large solar power:INR2,778 croreSolar rooftop and other applications:INR1,667 croreViability Gap Funding Scheme under the Jawaharlal NehruNational Solar Mission(JNNSM)Phase II:INR1,335 crore.TheJNNSM,launched by the Indian Prime Minister in January 2010,aims to install 20,000 of grid-connected solar power by 2022.Accelerated depreciation for wind and solar:INR 2,778 crore.Thisis a tax benefit which allows companies to write off c.80%ofinvested capital in the first year.The government,in September 2019,also reduced the general corporate taxfrom 30%to 22%for Indian companies,adjusting the rate to thoseapplicable in other South Asian countries,making the country morewelcoming for investors.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali23However,Indias installed capacity for all energy sources towards the end ofJanuary 2020 was c.369GW,of which renewables accounted for c.86.3GW.Although Indias solar capacity has increased from less than 1GW in 2010 toc.36.6GWFS5 GB6 of solar power currently,we believe it would bedifficult for India to meet its 2022 target.According to Buckley,a director ofEnergy Finance Studies for South Asia at IEEFA,the country also struggleswith state-centre conflicts and national policy objective contraventions,which makes it more difficult for it to achieve these goals.An examplewhich was cited was Indias goal to“accelerate low cost renewable energyinstallations”,“whilst at the same time raising costs by the imposition ofimport duties in order to underpin the Make in India manufacturingstrategy.”Photovoltaic(PV):Untapped Market OpportunityOver 200m people in India do not have access to electricity and theinstallation of solar PV units on rooftops is expected to be a cleaner andcheaper energy solution for customers.Rooftop solar has been the fastestgrowing renewable energy sub-sector in India,with a CAGR of c.116%over2012-2018.To achieve the 100GW target of the Indian government,theWorld Bank provided US$625m in financial support for a grid connectedrooftop solar project,and the project is expected to finance the installationsof at least 400 MW of grid connected solar photovoltaic units across India.Indias rooftop solar PV costs are among the lowest in the world.Source:Mordor IntelligenceFollowing these trends,Indias solar PV sector became its second-largestrenewable energy employer,where it supported c.115,000 direct andindirect jobs.However,the countrys installations declined in 2019compared to 2018 due to economic slowdown,tariff caps,payment delaysand challenges related to land acquisition and access to grid connections.According to a report by the International Energy Agency,Indias solar PVdeployment is set to decrease by 23%in 2020 compared to 2019,but arebound is expected in 2021 with capacity additions exceeding 2019 levels.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali24Concentrated Solar Power(CSP):Cost Factorand Low Investor Confidence Limits GrowthIndia was the only other country in Asia to have CSP capacity underconstruction by the end of 2018.The 25 MW Gujarat Solar One facility(9hours TES)was expected to enter operation in late 2019,and the 14 MWDadri Integrated Solar Combined-Cycle plant was also under construction.The total installed CSP capacity in India is c.228.5 MW with a majority ofupcoming CSP plants in India being PTC based and being expected to add275 MW of capacity.Source:CurrentscienceFurthermore,in May 2020,researchers at the Indian Institute ofTechnology-Madras(IIT-M)developed a low-cost Solar PTC system forconcentrating solar energy in areas such as desalination,space heating,andspace cooling.India also ranked fourth in terms of number of Solar Heat forIndustrial Processes(SHIP)additions in 2019.Source:Solar PaybackIndia had an investment subsidy programme for concentrating solar thermalsystems until March 2020.In 2018 and 2019,the subsidy amount remainedat 30%of the benchmark or actual investment cost,whichever is lower.However,India lags behind other global leaders such as Spain and theUnited States.Challenges which slow down the growth of CSP in Indiainclude low investor confidence,unreliable solar data,low availability ofskilled labour,and a high cost compared to PV.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali25Solar Heating and Cooling(SHC):GovernmentPolicy Drive PopularityDue to government support and subsidies,solar water heaters are nowbecoming quite popular and are affordable.A 100-litre per day water heatercan save yearly electricity units in various parts of the country as follows.Source:Bijli Bachao!A subsidy is provided for the installation of a solar water heater,and theamount and procedure of subsidy varies from state to state.Where somestates provide a subsidy of 30%up to 200 LPD(litres per day)capacity,others provide a Rs.100/month subsidy in the energy bill.Japan:Government Yet toCompletely Support Sectors GrowthJapan started embracing new power generation technologies particularlyafter the earthquake and nuclear disaster in Fukushima in 2011,where theshutdown of the countrys nuclear fleet resulted in higher electricity prices.In 2019,renewables accounted for c.19%of Japans power generation,whichincluded c.8%wind and solar.The annual increase in figures for renewableenergy has reached almost double-digit units until 2017,after which a morestable growth rate was witnessed.Japan announced in 2019 that its originalFITs initiated in 2009 would be coming to an end,and the country plans toreduce its greenhouse emissions by 26%compared to 2013 levels,whilstdoubling its renewable energy production by 2030.The Japanese government aims to have renewable resources account for22-24%of national electricity generation by 2030,nuclear power 20-22%,and fossil fuels 56%.Strategy to Achieve Renewable Energy AimsIn 2017,Japan introduced new legislation aimed at increasing the countryspercentage of renewable resources.Furthermore,analysts at energyconsultancy Wood Mackenzie have stated that they estimate over US$100bnof solar and wind power investments in Japan between 2020 and 2030,alongside a decline of c.30%in wind and solar generation costs.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali26Source:Long Term Emission Reduction ProposalJapans proposals for its long-term emission reduction are focused more onthe transport sector and zero-emission buildings.Japan is also one of thefirst countries to announce a hydrogen strategy and is currently the sixthlargest hydrogen market.Hence,the country would also focus on hydrogenalongside solar and wind to achieve its renewable energy goals.Photovoltaic(PV):Government Policies UpliftGrowthFollowing the Great East Japan Earthquake of 2011,Japan initiallyintroduced a high FiT of 40/kWh in 2013,to kick-start the solar PV market.Solar PV Generation is now becoming competitive with grid electricity in2019,solar PV accounted for c.7.4%of Japans total electricity generationcompared to 6.5%in 2018.Japan has set a solar installation target of 64GW by 2030,and despite thecountrys progressive decline in PV installation,since peaking in 2015,consensus believes that the country would be able to achieve its target in2020,10 years ahead of schedule.The following measures are expected to drive solar rooftop installation inJapan over the next few years.Residential consumers are now looking atoptions beyond self-consumption,in combination with electric vehicles(EVs)or batteries,retrofitting storage,sale of surplus electricity via one-on-one contracts with utilities or power producers and suppliers(PPSs),and anewly formed power distribution business under Japans electricity marketreform.Additionally,in 2018,the Japan Electric Power Exchange(JEPX)issued tenders for non-fossil-fuel certificates,and is also planning tointroduce futures contracts.For the non-residential sector,the JapaneseMinistry of Economy,Trade and Industry(METI)has set a three-yeardeadline for the completion of projects over 10kW in size which had signedcontracts with a utility(an organisation supplying the community withelectricity,gas,water or sewerage)after 1stAugust 2016.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali27Source:PV MagazineHowever,Japans PV market continues to suffer from grid constraints,lack ofavailable land,high labour costs and high prices of solar generation,whereJapans prices are some of the worlds highest.In 2017,a tender program wasintroduced to reduce the high solar power price in Japan.Furthermore,withthe spread of the adoption of renewables,problems have emerged with theFiT.These include increasing surcharges on the renewables and difficultieswith receiving power generated by renewables on the grid side.The METIreduced the FiT by 22%YoY in 2019 for installations between 10kW and500kW and a decision has been made to overhaul the FiT by the end ofFY2020 to allow renewables to become an economically self-sustaining coreelement of the power generation mix.Japan hopes to integrate large solarpower generation and wind power generation to the electric power marketthrough making them more competitive sources.Concentrated Solar Power(CSP):ContinuousR&D in Attempt to Broadly Commercialises theTechnologyJapan began to research CSP in the 1970s,and Japanese companies havelong since claimed many patents in the field of CSP.However,the countryspoor Direct Normal Radiance(amount of solar radiation received per unit bya surface that is always held perpendicular to the rays that come in a straightline from the direction of the sun at its current position in the sky)and littlespace makes it difficult to erect CSP plants within the country,but Japan hasmade plans to use CSP plants in the worlds sunny regions such as Australiain order to generate energy FS7 GB8 which can then be shipped back tothe country.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali28Source:MDPI;showing main CSP patent applicantsThe Japanese company Chiyoda Corporation is among the key players in theglobal-concentrating solar power market,and the company is promoting anew Molten Salt Parabolic Trough CSP(MSPT-CSP)technology,whichcurrently has a demo plant in Italy which was built in 2013.The MSPT-CSPtechnology has the ability to operate at temperatures of up to 550C bychanging only the heat transfer fluid from hot-oil to molten salt.In August 2014,a pilot CSP plant based on parabolic trough solar collectors,binary power generation unit and biomass boilers started its operations inAugust 2014.The main specifications of the plant included a power outputof 70kW and an output ratio of 1:1 between solar and biomass.Source:SciencedirectAsian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali29Solar Heating and Cooling(SHC):CurrentlyDeclining on the Back of Reduced SubsidiesTowards the end of 2011,Japan was among the 12 countries in the worldwith significant capacity of solar water heating systems in operation.UnderJapans“Sunshine Project”,solar heating and cooling technology and solarthermal power generation have been promoted since 1974.However,thenumber of solar heating systems installed in Japan has decreased over2015-2018,alongside declining subsidies for solar energy.Source:StatistaD.Value Chain AnalysisSummary:Of the three technologies we have discussed above,the most elaboratevalue chain is that of solar photovoltaic(PV)cells.Hence,we will discussthe stages of the PV value chain below.We will also discuss thesignificant market conditions affecting the overall PV industry along withkey players at each stage of the value chain(where such information isavailable).Our key points are:-Of the different types of solar PV cells,only wafer-based crystalline PVcells and thin film cells have been commercialised on a large scale.-The solar PV value chain involves silicon purification,which areconverted into ingots,and are then cut into wafers.The solar cells arethen produced,assembled into a solar panel and installed.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali30-Silicon purification,ingots and wafer manufacturing form theupstream,while cell production,module assembly for solar panels arethe mid-stream in the value chain.Installation and electricity generationform the downstream.-Downstream players enjoy a relatively high margin.-Chinese players dominate the solar market at each stage of the valuechain.Types of Solar PV CellsWe mentioned earlier that PV cells were first developed by Bell TelephoneResearchers in 1954.After many years of development,the currently existingPV cell types can be categorised into four main types.Wafer-based crystalline PV cells,which are produced using solar waferswith a thickness of 160-190m(micrometers),are further divided intomonocrystalline PV cells(PV cells produced using a single crystalgrowth method)and multi-crystalline PV cells(a cast solidificationprocess which produces multiple,smaller crystals).Thin film cells are produced by depositing very thin layers of semi-conductive PV material onto cheaper backing materials such as glass,plastic,or stainless steel.High efficiency cells are made of gallium arsenide and were firstdeveloped for space applications.The efficiency of the cells is increasedusing either one PV cell(single p-n junction)or two types of PV cells(multi-junction)to capture a greater range of wavelengths of light.PV cells(made of organic materials).Of the above four types,only wafer-based crystalline PV cells and thin filmcells have been commercialised on a large scale.To provide an overview ofthe general uses of PV cells,below are some categories of PV market typesalongside possible applications.CategoriesApplicationsGrid-connectedSize of PV systemGrid-connectedOff-gridUtility DistributedGrid-connected,utility-scalegenerationPower generators,industrial usersXXGrid-connected,distributedenergyResidential&commercial buildingsXXOff-grid,utility-scalegenerationIndustrial users;remote communitiesXXOff-grid,distributedenergyResidential&commercial buildings,including withremote communities;remote,niche applications(ranging from small calculators,to offshore oil rigs,tospace applicationsXXAsian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali31Source:World Intellectual Property Organisation:Economic Research WorkingPaper No.40The Solar PV Value ChainThe solar PV value chain involves many chemical processes andmicroelectronic techniques.Starting off with purifying the silicon found inquartz(a hard,crystalline mineral composed of silicon and oxygen atoms),the value chain ends once the solar PV cells have been installed andelectricity is generated using it.Source:World Intellectual Property Organisation:Economic Research WorkingPaper No.40The following image provides a basic overview of the PV solar value chain.Although the writing is illegible,we will discuss each of the stages in detailbelow;the diagram has only been included to provide a clear picture on howthe entire value chain functions.Source:Total Solar ExpertAsian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali32Stage 1:Silicon PurificationPolysilicon wafers are a major PV cost component and account for c.40-50%of the finished modules cost.Producing solar-grade polysilicon is complexand capital-intensive,as the minimum purity required is 99.999999%andusing lower quality polysilicon can decrease PV efficiency.Any cost savingswhich can be gained from using polysilicon of a lower quality can be offsetby even a small decrease in PV efficiency resulting from using lower qualitypolysilicon.Silica found in quartz sand needs to be purified alongside a mixture of coaland wood in a high temperature furnace to create metallurgical gradesilicon,which is c.99%pure(trichlorosilane).However,further purificationis needed for the solar PV industry,which is done by cracking thetrichlorosilane at high temperatures in a reactor to form purified nuggetscalled“chunks”that are called polysilicon.Polysilicon is also used for the semiconductor industry,but is highlydemanded for crystalline PV,and in 2016,the PV industry accounted for c.90%of the polysilicon demand.Large investments in the expansion of solarcapacity have led to unprecedented growth in the polysilicon market.Stage 2:Conversion of Ingots to WafersAn ingot is a cylinder or brick of silicon which is grown from pure silicon andcan be in the form of a single crystal(monocrystalline silicon/monosilicon)or multiple silicon crystals,which are smaller.The following steps are thenundergone to convert the ingot into a wafer.Crystallisation of the silicon in ingots:Monocrystalline is obtainedthrough growth or pulling of a cylindrical ingot from a monocrystalthrough the Czochralski process,and the melting point is reached at1414C.Tailing,cylindrical grinding and cutting of the ingots:the extremes of theingot and external surface corrugations are eliminated.Shaping of the monocrystalline ingots:the ingot is shaped into a square,which allows optimisation of the space when creating the module.Stage 3:Wafer ManufacturingA wafer is a thin slice of semiconductor such as crystalline silicon which isused to fabricate integrated circuits and manufacture solar PV cells andaccounts for up to 40-50%of crystalline module cost.The ingots are sliced into wafers using wire saws using high precisioncutting,given that the wafers are no more than 0.18mm thick and can crackeasily.The wafers are then treated in different ways to clean the debris fromprevious processes,and a first selection is made to remove defective wafers.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali33Stage 4:Cell ProductionWafers texturing:the wafers are placed in a bath to remove the surfacedamaged by sawing and to texture the surface,which enhances theabsorption of sunlight.Doping by diffusion:in order to obtain semiconductor diffusion,in afurnace heated to 800C,the wafers are doped in surface withphosphorous or boron by thermal diffusion.Anti-reflection coating ensures more effective photon absorption andsurface passivation.Cells are also given their blue colour at this stageusing a vapor deposition process.Metallisation:an electric circuit is screen-printed onto the front or rearsurface of the wafer to carry the collected current.Connecting cells:the cells are assembled and welded together to formmulti-cell strings.Stage 5:Module AssemblyCell encapsulation:The cells are interconnected with a sheet of glass,two foils for EVA resin and an impermeable film.The module is thencooked in a laminating machine.Source:Total Solar ExpertFinishing and mounting the modules:the PV solar module is framed andequipped with a junction box for power connection.Testing:Modules are tested in calibrated artificial light to measure theirelectrical characteristics.Stage 5:Formation of Solar Panel SystemsTo deliver electricity to the loads(electricity consumption devices or to theelectricity grid),the modules are combined with complementary equipment(such as batteries or inverters).Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali34Stage 6:InstallationThis final stage of the overall manufacturing process contains two aspects:A mechanical integration of the solar module into its chosen arraystructure andThe electrical integration of the solar module with the rest of thesystem,matching the equipment to the electrical load required by thecustomer.Segregation of the Solar PV ManufacturingProcess:Significant Disparities BetweenUpstream and DownstreamThe above processes have been segregated into upstream,midstream anddownstream as follows.UpstreamSilicon purificationIngot&wafer manufacturingMidstreamCell productionModule assemblySystemsDownstreamInstallationElectricity generationSource:World Intellectual Property Organisation:Economic Research WorkingPaper No.40Although the solar industry was initially upstream focused,solar PVmanufacturers have increasingly started to move to the downstream parts ofthe value chain,with the reduction of the cost of solar panels,which pushedmanufacturing costs towards near equivalence with installation costs.Thisshift to the downstream parts of the value chain has been noticeable sincethe financial crisis of 2008/2009,where there was cancellation of orders,owing to the inability of solar PV project developers to obtain financing frombanks.Higher Margins for Downstream Companies?Solar manufacturing is generally considered a low-margin business.Upstream companies are usually chosen by customers on the basis of brandand involve a higher running cost,thereby limiting the margins.Downstream product services,in contrast,allow manufacturers to retainhigher margins.A recent trend that can be observed is that PVmanufacturers across the value chain,especially those players in the mid-stream are increasingly involving themselves with downstream services.Having said that,we also note that,there are significant barriers of entry tothe downstream market,due to requirements such as financing and otherpermits,inspections,suppliers of inverters,and parts and crew labour.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali35We have compared the margins of Vivint Solar,a company specificallycatering to the downstream of the solar PV value chain,with those of twoupstream and midstream companies,JA Solar and JinkoSolar.AlthoughVivint Solar made losses over 2013-2016,over the last few quarters,despitethe large fluctuations,Vivint Solars margins have remained higher thanthose of the other two companies.Source:CapIQChinas Dominance of the Solar PV Value ChainThe reported production of solar cells globally ranged between 110-120GWin 2018 and is estimated to be between 120-140GW in 2019.Since 2000,theproduction of solar PV devices has grown at a CAGR of c.40%,driven by arapid increase in annual production in China and Taiwan in 2006 and atrend towards increasing production capacities in Asian countries includingIndia,Malaysia,Thailand and Vietnam since 2014.Source:European Commission PV Status Report 2019Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali36Although,initially most of the demand and supply was located in developedeconomies,particularly the U.S.,Japan and Germany,by c.2010,China wasdominating the global solar PV value chain,driven mainly by subsidies andincentives provided by the Chinese government.However,though China has the competitive advantage on scale,America hasthe advantage in innovation.With China lowering corporate taxes,providingtax breaks and incentives,and streamlining approval processes,local solarmanufacturing was encouraged.However,downside risks also exist frombadly targeted government incentives.Although sector-specific policyincentives can be beneficial,the Chinese governments encouragement hasled to overcapacity and global spill over effects.As was evident during thefinancial crisis,the access to large amounts of credit against smalldifferences in interest rates allows companies to grow and scale productionwhen their competitors are unable to do so.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali37Key PV Manufacturers in ChinaSince China accounts for the largest proportion of solar PV production,wewill be discussing the top component manufacturers/wholesalers in China.CompanyDescriptionWebsiteDMEGC SolarSpecialises in developing,manufacturing and marketingboth monocrystalline and polycrystalline silicon wafers,cells,and modules.As of August 2019,the company hadan annual production capacity of 6,000 MTA(polysilicon),500 MW (wafer),1.6 GW(solar cell),and 900 MW (modules).http:/ SolarHoldingsA manufacturer of high-performance photovoltaicproducts,such as silicon,batteries,components,andphotovoltaic power plants.http:/ GroupProvides polysilicon,silicon wafers,solar cells,and othersolar components alongside other products catering tothe electrical and rail transportation fields.http:/ EmeiSemiconductorMaterialsProvides semiconductor materials for many industrialsectors and research fields including electronicinformation,energy,transportation,machinery,andelectricity.http:/ SolarOne of the largest and most innovative solar modulemanufacturers both in China and all over the world.As ofMarch 2019,Jinko Solar has an integrated annualcapacity of 10.5 GW for silicon wafers,7 GW for solarcells,and 11 GW for solar modules.https:/ NewEnergyTechnologyA manufacturing company that has been in the industryof photovoltaic technology for more than ten years now.http:/ LuanPhotovoltaicsTechnologyProduces silicon wafers,cells,modules and PV powerplants and as of May 2020,the company had anintegrated PV production capacity of 7.5GW.This wascategorized as 5GW for high-efficiency PERC cellproduction,1GW double-glass bifacial half-cell moduleproduction,500MW dense grid conventional moduleproduction,500MW chip production and 500MW crystalingot production capacity.MJ1 GB2http:/ high-tech enterprise that aims to provide siliconmaterials for scientific research,the information industry,and the new energy industry.As of August 2019,the company could produce 1.12m5-inch circuit-grade silicon polishing wafers and 3.6m6-inch circuit-grade silicon polishing wafers.Additionally,it can develop and produce 50,000 8-inch siliconpolishing wafers per month.http:/www.ly- EnergyScience andTechnologyMainly engages in R&D,production,and sales of solarenergy batteries and components and has a completeindustrial chain of the production of polycrystalline siliconwafers,solar energy batteries,and components,as wellas the investment and construction of photovoltaicstations.http:/ GroupEngaged in the manufacturing of solar photovoltaicwafers and has two manufacturing bases and six-corecompanies.As of right now,its wafer manufacturingscale is 10 GW:6 GW for single crystal,3 GW forpolycrystalline,and 1 GW for cast single crystal.http:/www.ht- FeedsHowever,global leading manufacturers differ slightly,as just six of the 10companies in the top 10 PV manufacturers listed by shipments(2019)areChinese.As of 2019,Tongwei(China),LONGi(China),Jinko(China),Canadian Solar(Canada),and Aiko Solar(China)are the top 5 leadingplayers in the market.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali38Over 2010-2019,shipments from the top 10 PV manufacturers grew from11GW to 78GW-a CAGR of 24.3%.Only four companies from the top 10 listin 2010 remained in 2019s top 10 list.These included First Solar,Trina Solarand JA Solar,which moved to the bottom half of the top-ten list,with newcompanies moving to the top spots.Despite new companies moving into themarket,China continues to dominate the PV manufacturing industry,givenits already-established market presence.Global leading PV manufacturers,by shipments:Source:NREL 4Q2019/1Q2020 Solar Industry UpdateLeading Companies in Each of the Stages of theSolar PV Value Chain and Their MarketConditionsSilicon PurificationThe polysilicon industry underwent numerous changes in the past few years.Back in 2004,China accounted for a fraction of the global polysilicon output.However,with the country introducing duties on polysilicon imports in2013,by 2018,the countrys output contributed 54%of the total output,andreached 63%in 2019.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali39Source:Bernreuter ResearchHowever,it is not only the country-wise distribution which changed.Until2005,only seven companies ruled the polysilicon market:HemlockSemiconductor Corp,Wacker Chemie AG(XTRA:WCH),REC Silicon ASA(OB:REC),Tokuyama Corporation(TSE:4043),MEMC Electronic Materials,Mitsubishi Materials Corporation(TSE:5711),and OSAKA Titaniumtechnologies Co.Ltd.(TSE:5726).However,in 2013,with China introducingduties on polysilicon imports,the countrys polysilicon productionexpanded,alongside which four companies moved to the forefront of theglobal polysilicon industry.Xinte Energy Co.,Ltd.(SEHK:1799),Daqo NewEnergy Corp.(NYSE:DQ),Tongwei Co.,Ltd(SHSE:600438)and East HopeNew Energy.GCL-Poly Energy Holdings Limited(SEHK:3800),along with thepreviously mentioned four companies,is now among the leading companiesin the polysilicon market.OCI Company Ltd.(KOSE:A010060),although thethird-largest polysilicon manufacturer in 2018 and the second in 2019,shutdown its Korean factory in February 2020,succumbing to the price pressurefrom low-cost Chinese plants.We also note that,the polysilicon industry hashigh barriers to entry in the form of the high capital expenditure required toestablish a polysilicon production plant.Polysilicon capacities of the Big Six in 2020:No.ManufacturerCapacity(MT)1Tongwei96,0002GCL-Poly90,0003Wacker84,0004Daqo New Energy80,0005Xinte Energy80,0006East Hope80,000Total510,000Source:Bernreuter ResearchAsian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali40Ingots and Wafer ManufacturingThe most commonly used bulk material for solar cells is crystalline silicon,the market for which is expected to grow at a CAGR of 7%over 2020-2027,according to Data Bridge Market Research.Based on various searches,thebelow companies can be considered some of the leading players in the ingotmanufacturing market.Company NameRegionMaterial TypesPanasonic Corporation(Sanyo)JapanPolycrystalline ingotSharpJapanMonocrystalline ingotJA SolarChinaPolycrystalline ingotLDK SolarChinaMonocrystalline ingot,polycrystalline ingotDaqo GroupChinaPolycrystalline ingotJinko SolarChinaMonocrystalline ingot,polycrystalline ingotSUMCOJapanMonocrystalline ingotHT-SAAChinaPolycrystalline ingotTopray SolarChinaMonocrystalline ingot,polycrystalline ingotRietechChinaMonocrystalline ingot,polycrystalline ingotSornid Hi-TechChinaMonocrystalline ingot,polycrystalline ingotOCI CompanyKoreaPolycrystalline ingotSource:ENF SolarThe wafers are produced similarly for both semiconductors and solar PVcells,as solar PV cells are also a type of semiconductor device.However,thelevel of quality control and cleanliness required by the solar PV cells is lessthan that required for semiconductors.The market share of wafer producersworldwide in 2017 and 2018 was as follows.Source:StatistaAsian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali41CompanyLocationDescriptionSK SiltronSouthKoreaManufactures and sells semiconductors and provides polished wafers,whichare used to make semiconductor devices.Silronic(XTRA:WAF)Germany Manufactures and sells silicon wafers with diameters of up to 300mm.GlobalWafers(GTSM:6488)TaiwanManufactures and sells semiconductor ingots and wafers.Sumco(TSE:3436)JapanManufactures and sells silicon wafers and monocrystalline ingots.Shin EtsuJapanProvides polyvinyl chloride(PVC)and semiconductor silicone products.Source:CapIQHeavy investment is required to enter the wafer market;hence,there arehigh barriers to entry,with the market being controlled by the five strongplayers mentioned above,leading to limited competition in the market.We have mentioned above that the prices of ingots and wafers fell partiallydue to process improvements.For ingots and wafers,the productionequipment installed in factories has been improved.For ingots,this wasdone by growing larger sized crystals and improving the seed crystals neededto improve process time and increase yield.Cutting ingots into thinnerwafers,reducing loss of unused ingot material,and increasing recyclingrates are other production equipment improvements which enabled costsaving.Other process innovations include finding ways to reduce theamount of metallisation pastes/inks containing silver and aluminium.Cell ProductionThe top-10 cell producers by volume in 2018 were the following companies.RankingCell Producer1JA Solar2Tongwei3Trina Solar4Hanwha Q-CELLS5JinkoSolar6LONGi7Shunfeng(incl.Wuxi Suntech)8Canadian Solar9Aiko Solar10First SolarSource:PV-TechJA Solar,Trina Solar,JinkoSolar and Canadian Solar can be viewed asglobally recognised integrated cell/module producers who produce multi-GW levels of cells in-house while using domestic Chinese third-party cellsupplies from companies such as Tongwei and Aiko.LONGi solar is the onlycompany which covers the full solar PV value chain.The industry containslow entry barriers and is therefore highly competitive.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali42Module ProductionBased on own-brand shipped module MWp-dc volumes in 2017 and 2018,the top 10 module suppliers were as follows,with Jinko Solar continuing tohave a clear lead in the market.There were clear changes in the competitiveposition of many of the companies in 2018.JA Solar was placed second inthe market,while Canadian Solar lost its third place to Trina Solar.RankingSolar Module Manufacturer201720181Jinko SolarJinko Solar2Trina SolarJA Solar3Canadian SolarTrina Solar4JA SolarLONGi Solar5Hanwha Q-CellsCanadian Solar6GCL System Integration TechnologyHanwha Q-Cells7LONGi SolarRisen Energy8Risen EnergyGCL System Integration Technology9Shufeng Photovoltaic InternationalTalesun10Yingli GreenFirst SolarSource:PV-TechSimilar to the solar cell production industry,the solar module industry alsohas low barriers to entry,hence is highly competitive.Distribution and InstallationThese are the downstream activities of the value chain,with a large numberof wholesalers,many of whom do not operate globally.While some of thewholesalers have exclusive rights to distribute a specific module,there arevery limited distinguishing features.While small installations for residentialrooftop applications can be directly done by local installers and electricians,larger projects need to undergo various stages of development beforeconstruction can even begin.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali43A few examples of companies who carry out solar PV projects include thefollowing.Cyprus Creek Renewables is involved in the development,financing,andoperating of utility-scaled and distributed power plants across the US.The company has developed more than 8GW of solar and has more than2.5GW under management,making it one of the countrys leading solarand storage companies.GreenYellow Thailand is an energy management company with morethan 1,000 energy efficient projects commissioned and more than 150solar plants under operation worldwide,constituting more than250MWp.AMP Clean Energy is a distributed energy company funding anddeveloping low carbon heat and power solutions including solar PV andflexible energy plants.E.A Look at the Key Asian SolarPlayers:Survival Depends onSubsidiesAs discussed in the section above,a recap of the top few globally leadingplayers in the solar PV industry and across the value chain is as follows:Solar Module ManufacturersSolar CellManufacturersIngot ManufacturersPV ManufacturersJinkoSolar Holding(JKS US)(China)JA Solar(China)Panasonic Corp(6752 JP)ViaSanyo Electric(Japan)Tongwei(China)Ja Solar Holdings Co.,Ltd.(Ads)(JASO US)(China)Tongwei(China)Sharp Corp(6753 JP)(Japan)LONGi(China)Trina Solar(TSL US)(China)Trina Solar(China)JA Solar(China)Jinko Solar(China)LONGi Green EnergyTechnology(601012 CH)(China)LONGi(China)Canadian Solar Inc(CSIQ US)(Canada)Suntech(China)Source:Various SourcesHaving considered these leading players and conducting research on theleading companies in China,Japan,and India specifically,we shortlisted afew Asian solar energy players that we think are important players in theindustry.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali44Our ShortListed Asian Solar PlayersSolar ModulesSolar CellsIngotManufacturersPV ManufacturersCSP FocusedManufacturersJinko Solar(China)JA Solar(China)Sharp(Japan)Sanyo Electric(Japan)Tongwei(unlisted inChina)Chiyoda(Japan)Trina Solar(China)Suntech(China)LONGi(listed inChina)CGN New Energy Holdings(China)Kyocera(Japan)Yingli Green Energy(China)Vikram Solar Private Ltd(unlistedin India)Adani(unlisted-India)Having looked at these players quite closely,we take you through ourconclusions first about the similarities and differences across these players,followed by summarised company profiles.Key conclusions about Asian players in the industryIncreasing downstream presenceMost of the leading solar energy players on our list are starting tofocus increasingly on the downstream rather than the upstream.Ingot and wafer manufacturers are exceptional as they are part of theupstream,but are attempting to increase downstream presence.Theupstream players witness lower profitability than the downstream(asdiscussed in the section above).The reason for this could be thatdownstream players benefit more from subsides than the upstream,alongside the fact that the upstream has more exposure to supply-demand volatility,which in turn impacts profitability.This explainsplayers increasing focus on an integrated supply chain model.However,there are certain exceptions like Tongwei.Apart from this,the other leading players on our list are trying to increasedownstream presence,especially via the Engineering,Procurementand Construction(EPC)model.ASEAN and developing market focusedThese Chinese,Japanese and Indian players aim to capture thepotential demand in developing countries,especially in ASEAN.Webelieve that this is a key long-term driver for the players,given thepotential for growth in the developing countries when compared tocountries like China and Japan,where demand growth has slowed.We also highlight the need for governmental policy support in thesedeveloping countries to make it easy for solar energy players tomaintain their pricing and profitability.Similar basic technology:mono and multi-crystalline;some have a competitive edge by adopting slightlydifferentiated technology such as HJT and Shingled Moduletechnology.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali45Crystalline technology is widely used across these Asian players.Certain players like JA Solar,Suntech,Vikram Solar,Tongwei andLONGi also adopt a varied type of these crystalline technologies,likehalf-cut modules,Shingled Module,Mono Passivated Emitter andRear Cell,and Heterojunction technology(these technologies arediscussed below)for incremental increases in energy efficiency.Itappears that the Heterojunction technology(HJT)and shingledmodule types allow the highest potential for increase in efficiency.These technologies will lead to an incremental increase in efficiency,though not a completely revolutionary change in the solar energyproduct.Companies like Suntech and Tongwei on our list have aslight competitive edge over the other players,given their head startin these technologies.We believe that as these players capitalise onthe HJT and Shingled technologies,the other Chinese and Indianplayers might quickly follow.On the other hand,thin-filmtechnology,which is mainly used for small-scale purposes,isadopted by Japanese companies like Sharp and Sanyo.This alsoexplains why Japan lags behind India and China in the solar energyrace.The key differences in operational performances amongstthe Asian players:The Chinese players generate relatively low profitability orare making losses despite their leading position globally.Moreover,the Chinese leading players are mostly listed companies,except for Tongwei,Suntech,and Yingli.We note that Suntech and Yingli were also listed,but have bothbecome unlisted now,due to increased debt burdens.The Indian players,however,are mostly private companiesand generate attractive profitability(according to availableinformation).The reason for this appears to be theattractive government policies in the country.With regard to the Japanese players,we note that theseplayers do not solely focus on solar energy products likethe Chinese and Indian players,but instead operate solarenergy as a business segment for which they expect long-term growth prospects.The Japanese players are alsorelatively less profitable when compared to the Indianplayers,and they aim to price higher and increase producttypes in order to maintain profits.Provision of subsidies is key for players to operateIt should be noted that provision of subsidies is a key factor thatinfluences the profitability of these leading players across Asia.TheChinese players enjoyed good profitability in the past,but haverecently been struggling with their financial performance,mainlydue to the governments decision to reduce subsidies for solar energyAsian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali46products.As of now,the Indian players appear to be the mostattractive in terms of financial performance.So,the question is,would the Indian players also find themselves in a situation similarto that of the Chinese players when subsidies are removed?Firstly,we note that India is unlikely to remove its solar energy subsidiesuntil at least the medium term,given that the industry is still at theearly stages of development.As such,the Indian players are likely tobenefit for some time.However,over the long term,subsidies couldbe removed and could impact the Indian companies in a similar wayto the Chinese players.We feel that the Indian companies are lookingto move towards other developing markets,and as such,could caterto other markets where subsidies are available as the market in Indiamatures.We also feel that since most of these Indian solarcompanies are part of large conglomerates,they are unlikely to gopublic until they become much larger,thereby not giving rise tomuch of an investment opportunity.Regardless,we feel that theIndian companies in their domestic market alone have high potentialfor growth when compared to certain other leading players.Althoughthe Japanese players are ranked amongst the top ten,they haventyet entirely focused on capturing growth in the solar market.Theirstrategy appears to be to operate via a more diversified business.Moreover,the less encouraging subsidy policy in Japan could also bea reason for this relatively low focus on solar energy.Our thoughts on the Chinese listed players:Our main aim here is to compare the listed pure solar players in which it ispossible to invest,which appears to be all Chinese companies.Indian playersare mostly still private companies,while the Japanese listed leading playersare not pure solar energy players.However,we have provided a briefoverview of these companies and their strategies in the solar business.Mostimportantly,we have provided an investment thesis for each of the leadinglisted Chinese players.We have summarised the investment positives andnegatives in the table below.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali47CompanyInvestment PositivesInvestment NegativesFinancialNumbersI.RevenueCAGRII.OP CAGRIII.OPMIV.PEMultipleJinkoM&A for growth and expansion offacilitiesContinuous expansion of plantskey for growthTrade wars and increasingsolar production affectpricing(upstream effect)I.25.0%(5-year)II.16.2%(5-year)III.5.5%IV.6.2x(NTM)TrinaSolarAn EPC model to capture growthin the smart energy marketEmerging market focus could be along-term driverReliance on subsidiesMounting competitionI.-5.5%(3-year)II.-18.3%(3-year)III.5%(3-year)IV.40.9x(LTM)JA SolarAcquisitions boost profit and allowthe exploration of new marketsCapacity expansion and productinnovation key for growthTrade wars and subsidyremovalI.8.8%(3-year)II.12.9%(3-year)III.8.6%IV.21.3x(NTM)LONGiSolarVertically integrated module makerincreasing presence in thedownstreamAcquisitions and collaborationswith key rivalsAggressive capacity expansionand strong demand for bi-facial PVmodulesSubsidy removalI.55%(5-year,overallbusiness)II.76.3%(5-year,overallbusiness)III.19.1%IV.30.3x(NTM)CGNTargets high quality parity projectsto build revenue focus on CSPdifferentiates the companyExpanding and strengtheningcompetitive position throughacquisitionsReliant on governmentpoliciesI.53%(5-year)II.54%(5-year)III.49.6%IV.6.1x(NTM)Source:LSRAsian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali48Source:CapIQAsian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali49Based on our analysis,we feel that:While LONGi has been trading at a premium to its peers,in ouropinion,LONGis premium appears justified given its strong revenuegrowth rates alongside its differentiated strategy of collaborating withrivals to explore new markets.Moreover,despite the reduction insubsidies in the country,the company has still been able to maintain itsprofitability,which we see as favourable for LONGi.Recently,JA Solar has been trading at multiples slightly below LONGi.We believe that JA Solar should continue to trade below LONGi,giventhe latters better earnings profile and strategies for growth.We note that JA Solars growth strategies are similar to that of Jinkos.However,given JA Solars increasing focus on downstream,it has beenable to generate higher profits than Jinko.This also explains Jinkosrelatively low multiple,which we feel is reasonable.Trinas Forward multiples are not available for the time period.However,looking at the companys PE based on LTM EPS,which isaround 40 x,we feel that Trina looks quite expensive.We like Trinasability to maintain a diversified product base and target developingmarkets.However,it is possible that the companys profitability mightstruggle if subsidies do not exist.Thus,with an already lower EBITmargin when compared to peers,the downside risks are quite high forthe company.As such,the multiples make the company look quiteovervalued.CGN New Energy appears to be trading at a discount.The company isquite different to the other players,in the sense that it focuses solelyon CSP projects.Moreover,the company appears to be running ongovernment support.Thus,we feel that though profitability is high,itdoes not look as sustainable.In our opinion,the discount appearsjustified for CGN.Overall,we are more favourably inclined towards LONGi and JA Solarfor their attractive fundamentals and ability to capture opportunities inthe market.These players all face the risk of subsidy removal.However,as long as they can mitigate the effect by moving to developingcountries in time,the negative impact could be minimised.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali50Our thoughts on the unlisted playersFor the unlisted players in our list,we have looked at the strategies theyfollow,their key opportunities,and risks in the market.We have summarisedthese in the table below.CompanyKey Product and TechnologyKey Strategies&OpportunitiesRisksTongweiTechnology:Mono-crystalline(PERC),poly-crystallineA shingled module typeTargets:China&international marketsNot a vertically integratedproducerCaptures growth via differentmodule technologiesContinued growth in PV marketand demand for shingled moduletypesLimiteddownstream focusSubsidy riskSuntechTechnology:Crystalline technologyHeterojunction technology(HJT)Targets:China&international markets,mainly EuropeInvestment in upstream,productsfocusing on downstreamCost-cutting and continuouscapacity expansionPremium as well as low-pricedproductsContinued growth in the PV marketPossibly targets the APAC regionCredit default riskYingliTechnology:Polysilicon andmonocrystalline technologyTargets:ChinaUSJapanVertically integratedmanufacturingDifferent strategies for each of itsfocus countriesGrowth in the integrated PVmarketCompany has filedfor insolvencyVikramSolarTechnology:Mono Passivated Emitter andRear Cell(PERC)technology.Targets:IndiaAustraliaUSTaps markets beyond IndiaRuns an EPC modelFocuses on rooftop solar businessin IndiaRecovery in Indias PV industryGrowth expected for Mono PERCsDependent ongovernmentpoliciesSource:LSRAsian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali51Key points we highlight for these companies are:The Indian companies that are private are doing relatively well.The keystrategy for the Indian players like Vikram Solar is the demand forrooftop solar in the country.However,these players generate strongrevenue and profit with the help of government support.Thus,ifgovernment support reduces,these companies could also follow thepath of Suntech and Yingli.Suntech and Yingli,though leading the solar market,are strugglingfinancially.Suntech was delisted due to a bond default,while Yingli lastyear filed for insolvency.The reasons for this were their focus on theupstream while being dependent on subsidies.We consider Tongwei to be a rather attractive private company for itsbusiness model of purchasing wafers and slicing them to form solarpanels,and thus focusing on just part of the value chain.Moreover,thecompanys shingled module technology is likely to see growth in thefuture.Subsidy removal or reduction in China is a risk for Tongwei,butwe believe that with the strong profitability position now and presencein over 20 countries,the company should be able to eliminate suchrisks.We like both Vikram and Tongwei,the former for its stronggrowth potential,and the latter for its business model and shingledmodule technology.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali52Summary of Listed Players that Are Not EntirelySolar-FocusedCompany Key Technology&Key Target MarketsKey Strategies&Growth DriversI.RevenueCAGRII.OPCAGRIII.OPMKyocera(Japan)Technology:Silicon ribbon crystal andmulticrystalline silicon PV cellsusing casting technologyTargets:China&International marketsContinuous improvement intechnology alongside MLCCexpertiseTargets wider customer baseand broad product rangeFully-fledged distributionchannelContinued PV market growthand possible need to downsizePV modulesI.-13.2%(5-year)II.Loss-makingSharp(Japan)Technology:Mono-crystalline,poly-crystallineand thin film technologyTargets:JapanEuropeASEANIncreasing downstreampresencePremium pricing strategy tosustain marginsIncreasing focus on ASEANContinued growth in PVmarket,especially indeveloping countriesI.-5.6%II. 26.3%III.5.0%SanyoElectric(Japan)Technology:HIT solar cell technology based onmono-crystalline wafers,and thin film PV technologiesTargets:Japan&International marketsPanasonics support andstrong expertiseUse of renewable energy forvarious aspects of its otherbusinessesA restructuring plan placingimportance on differentiatingits productsContinued growth in the PVmarketN/AChiyoda(Japan)Technology:CSP plant via Molten Salt ParabolicTrough CSP(MSPT-CSP)technologyTargets:Japan&International marketsEPC modelBuilding demonstrationprojects in new markets(initially)Support from subsidiaries andaffiliates overseas to targetinternational marketsPotential demand for CSPI.2.1%(5-year)II.N/AIII.N/AAdaniTechnology:Polycrystalline and thin-filmtechnologiesTargets:IndiaLong-term contracts withsecure counterpartiesEPC modelStrong assets allow rapidimplementation of projectsUntapped demand in IndiaN/ASource:LSRAsian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali53In Detail:Listed Pure Solar Players:ChinesePlayersJinko SolarCompany BackgroundJinko Solar commenced operations in June 2006 and is one of the largestsolar module manufacturers in the world.While a majority(95.8%in 2019)of Jinkos operations focus on solar modules,the company also produces andsells silicon wafers and solar cells.Product&TechnologyJinko Solar adopts the basic monocrystalline technology for its products.Together with this the company adopts three advanced technologies whichare used to produce its product types:Half-cell module technology-halves the amount of electrical currentflowing in each busbar so the amount of internal losses in a half-cutmodule is of a full-sized cell module.The half-cell allows thegeneration of c.3%more power than a full cell.Bifacial module has longer generation times compared to the standardmodule and features a transparent back sheet technology which allowsup to 20%power gain depending on albedo and PV system design.Thiscan be used in various applications including in a sunroom,in desert-covered circumstances,in a highway,carport or on a sun-trackingmount.Tiling Ribbon,which is unique to the company is used to eliminate thecell gap in order to significantly increase module efficiency.Investment ThesisM&A for Growth and Expansion of FacilitiesJinko plans to grow through acquisitions,joint ventures or other strategicalliances with suppliers or other companies in China and overseas along thesolar power industry value chain.Given the continued growth in the PVindustry,Jinko expects strategic alliances and long-term purchaseagreement to secure growth for it.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali54Continuous Expansion of plants is considered key for growthAs of 31stDecember 2019,Jinko had agreed contracts of RMB1.73bn for thepurchase of additional manufacturing equipment and the expansion of itsproduction capacities.In order to retain its leading position,it is necessaryfor the company to continue its expansion,which the company appears keenin doing.Trade Wars and Increasing Solar Production are Possible Deterrents ofCompanys GrowthDue to the trade war between China and the US,certain additional dutieshave been imposed on CSVP cells and modules.Jinko besides China is alsoexposed to Mexico and US markets.However,as a mitigation,the companyopened Ta manufacturing facility in the US and hence is expected to avoidthe majority of tariffs.Having said that,the company could still be exposedto tariff risks which could potentially hinder the companys margins.Apartfrom this,the company is also directly affected by the oversupply in themarket,which results in price reduction and in turn profits.Jinko is exposedto upstream risks to a great extent still.Financial Analysis:A Growing Solar PV Market isThe Key Driver of Jinkos RevenuesJinko grew its revenues at a CAGR of 17.8%over 2015-2019,with the keydrivers of the companys revenues being the volumes of solar modules soldand the average selling price of these modules.Jinkos sales volumes ofsilicon wafers,solar cells and solar modules grew by a CAGR of 111.9%,29.0%and 35.6%respectively,over 2015-2019 which enabled revenuegrowth despite declines in the average selling price of the modules due tooversupply of solar power products in the solar PV market.The companys gross profits grew at a CAGR of 16.7%over 2015-2019 whileGross Profit Margins declined by 70bp over the period.After experiencingdeclining margins in 2017/2018,margins improved in 2019 due to continuedreduction in production costs by using Jinkos integrated cost structure(positioned as Top 3 producer in terms of competitive cost structure)and anincrease in self-produced production volume due to a shift towards mono-based production.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali55Furthermore,while OP grew at a CAGR of 11.4%over the period,and OPMon average was c.4.6%.However,similar to GPM,OP margins also declinedby 140bp over 2015-2019.However,margins improved in 2019 owing todeclined investments in R&D in 2019 as a large amount had already beeninvested in 2018.The large decline in margins in 2017 was largely due toincreased shipping costs and warranty costs.Source:Company disclosuresTrina SolarCompany BackgroundTrina Solar was founded in 1997 in China.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali56Some of the key milestones achieved by Trina Solar in the recent pastinclude:Trina Solar launched TrinaPro and Trinahome in 2018 while working onseveral high-profile projects in the commercial,industrial,and utilityscale sectors.Trinahome,which is recognised as the ideal solar energy system forresidential and SME usage,was launched in India,Australia,Malaysia,SriLanka and the Philippines,giving customers the option to install safe,reliable,and cost-effective solar systems on rooftops.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali57TrinaPro refers to the first smart PV solution that is a combination of TrinaSolars industry leading solar modules,solar tracker systems,and inverters.In 2018,Trina Solar built Indonesias first utility scale solar system.Last year,Trina Solars Photovoltaic Science and Technology(PVST)seta new record of 25.04%total area efficiency for a large area mono-crystalline silicon solar cell type.Rolex Rings,an Indian automotive parts manufacturer,installed arooftop solar array in Gujarat using 2,079 Trina Solar Tallmax modules.Foursun Solar,an EPC company,worked together with Trina Solar todevelop a solution for connecting the modules to a power optimizer inorder to overcome environmental challenges with energy and carbonsavings.A major breakthrough and milestone for Trina Solar was when TrinaSolars Vertex 600 W/550 W series ultra-high-power modules passedthe comprehensive reliability test conducted by TUV Rheinland.Thisconfirmed the reliability of Trina Solars products.In the beginning of 2020,Trina Solar announced that Trina Solars StateKey Laboratory(SKL)of PVST made a Passivated Emitter and Rear Cell(PERC)technology cell with 23.39ficiency(generally PERCs areproduced with 20.3ficiency).In July 2020,Trina Solar became the first Chinese PV product,PVsystem and smart energy company to trade on the Shanghai StockExchange Science and Technology Board,also known as the STARmarket.In September 2020,Trina Solar acquired Nclave Renewable S.L to makeNclave a wholly owned subsidiary of Trina solar.Key Product and TechnologyTrina Solars range of products are used for utility,commercial,andresidential applications.The companys modules(TallMax,AllMax,DuoMax)for each of these applications are based on the multicrystalline(i.e.made of polycrystalline silicon which is relatively low efficiency andpriced low)and monocrystalline(premium priced solar panels with higherefficiencies)PV technologies.PERC technology the company adopts isdifferent to standard solar cell technology.The former enables improvementin light capture near the rear surface and optimization of electron capture;in other words,it helps achieve higher efficiency.The gain in efficiencyenables cost decrease.The challenge with this technology is to be able toscale up the technology while controlling the process.These technologiesare used to produce both bi-facial(transforms sunlight into electrical energyon both its top and bottom sides)and mono-facial types of products.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali58Source:Company DisclosuresAsian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali59Investment ThesisAdopting an EPC Model to Capture Growth in the Smart Energy marketThe company operates a vertically integrated business model,beingthoroughly involved in both the upstream and downstream.Through its EPCmodel,and innovation in multi and mono crystalline technology,Trina hasstrengthened its position in the market.The company has developed itssmart energy business via its EPC model during the last few years andexpects the growing trend for IoT will drive future growth of this segment.Trina is currently focusing on development of products in this areaprimarily,given the increasing global demand for energy IoT product-suchas smart solar/energy solutions.The global Smart Energy market is expectedto grow at a CAGR of 15%over 2018-2025.In our opinion,with Trina beingamongst the top three for solar cells and modules,the company is likelycapture most of the expected growth in the market.Emerging Market Focus Could be a Long-Term DriverThe companys Trinahome product was built mainly focusing the ASEANmarkets and developing countries like Sri Lanka.Thus,Trinas recent focusof appears to be to moving into emerging countries like the Maldives as well,where the solar panel is likely to see strong demand.Trina Solar proposed acustomised PV Power Energy Storage Diesel Power micro gridintegrated solution based on the electricity demands of 14 islands in theMaldives.Thus,Trina,while having a solid market share in China,could becapable of growing strongly over the long term if it becomes successful inother developing markets where potential for growth is high.Reliance on Subsidies is a Concern Alongside Mounting CompetitionTo begin with,we note that mounting competition in the solar industry is athreat for all players.With new players joining the market especially in thedownstream of the supply chain,pricing has become very competitive.Thus,growing competition and its possible effect on margins,is a common threatto all the players in the industry,especially the Asian players who dominatea majority of the solar market.In addition to this,our key concern for Trinais that the companys growth appears to be dependent on Chinas subsidypolicy for solar energy.Since 2018,the companys revenue and profitdeclined as a result of chinas subsidy removal.There is also recent newsabout China continuing to cut solar subsidies by 50%in 2020.This to anextent explains Trinas intent to target developing markets,and utilise itsmodule expertise for new areas like smart energy products.Financial Analysis:QoQ Recovery is a Good SignSales declined during 2017-2019 at a CARC of-5.5%and OP decline at a CARof-18.3%during the same period.Th companys OPM during the three-yearperiod on average was around 5%.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali60Source:Company disclosuresThe company operates three segments:PV Modules(81%of FY12/19revenue),PV System Products(5%of FY12/19 revenue),and Smart EnergySystems(3%of FY12/19 revenue).The PV Modules segments includes theupstream of the value chain,involving wafer and ingots and cell modulemanufacturing.The PV System segment includes the companys one-stopsmart PV solution like TrinaPro and also the companys PV power plantbusiness.The Smart Energy segment involves Trinas energy cloud-platformbusiness,which continued to advance with a number of practical applicationscenarios and projects in industrial IoT,commercial IoT,and energy IoTsectors.Sales across PV and Smart Energy system segments declined during the lastthree years.PV segment revenue declined at a CARC of-7.9%,while SmartEnergy Systems segmental revenue declined at-17.8RC.Chinas abruptremoval of solar subsidies during 2018 was the key reason for the decline inrevenue since 2017.The PV System Products segment,however,grew at aCAGR of 13.1%during the same period with the support of TrinaPro,whichthe company introduced in 2018.Source:Company disclosuresAsian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali61During 2020,the company states that it actively responded to marketchanges involving the PV Module business,which saw the crystalline siliconindustry trending upwards.The company also took the lead and rapidlydeployed 210mm silicon wafer large-size cell and increased moduleproduction capacity in Suqian,Yiwu,and Yancheng manufacturing bases inChina.The company plans to reach a total cell production capacity of about26GW by the end of 2021,of which the production capacity of the 210mmcell will account around 70%by the end of 2021.During the first half of2020,the companys module shipments reached 5,840MW during thereporting period,increasing 37%over the same period in 2019.Thecompany sells a majority of its products overseas,which has a higher grossmargin and thus supported net profit growth during the period.Sales and OPgrew QoQ during 2Q FY2020,which we believe is a good sign for thecompany.Source:Company disclosuresAsian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali62JA SolarFounded in 2005,JA Solar is a manufacturer of PV products including siliconwafers,cells,modules and PV power stations.The company has catered tomany global solar PV projects in Asia,Europe,North America,LatinAmerica,Africa and Oceania.Product&TechnologyJA Solar also produces large-scale ground-mounted power plants,commercial and industrial rooftop PV systems and residential rooftop PVsystems.Similar to certain other leading peers,JA Solar also sells half-cell modules,Multi Busbar(MBB-are assembled with multi-busbar PERC(PassivatedEmitter and Rear Cell)cells and offers higher power output,bettertemperature-dependant performance)half-cell modules and bifacial monoPERC double glass modules(i.e.a frameless solar module).Investment ThesisIncrease in Production Capacity and Innovative Products Drive GrowthJA Solar plans to promote the companys new high-efficiency battery andmodule projects whilst expanding its vertically integrated productioncapacity.The company would also continue to invest in R&D,especially tooptimise its PERC monocrystalline battery technology process and improveits conversion efficiency.Acquisitions and Partnership to explore new markets and boost growthJA Solar has entered into a partnership with Excel Solar,a leading distributorof PV products in Mexico,where the company now has the ability to grow inthe Mexican market.Moreover,in 2018,the company Tianye Tonglian HeavyIndustry Co,which allowed JA solar to increase PV module shipments andreport strong profits in 2019.It appears that JA solar looks forward to domore acquisitions this way and increase profitability while minimizing thedownside risks via expansion on scale.Trade War Impact and Subsidy RemovalSimilar to Jinko,JA Solar could also be adversely impacted by the trade warsbetween China and the US and the trade sanctions imposed therein.Thecompany also provides to North America.Moreover,subsidies reduction isaffecting most of the Chinese solar energy company in terms of pricing andin turn profitability.Though the acquisition boosted JA Solars profits during2019,we feel that the company is still exposed to risks of subsidy removalunless it becomes successful with the Mexican marketsAsian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali63Financial AnalysisAlthough JA Solar has been in operation since 2005,we will only be usingthe financial data of the companys recent years due to the inability to verifya majority of the information.Over 2016-2019,the companys revenues andOP grew at a CAGR of 8.8%and 12.9%respectively driven by market growthand overseas expansions.JA Solars OPM was c.8.6%on average during thesame period and improved by 120bp to 10.9%in 2019.The companyimproved its margins during 2019,mainly due to the acquisition it madeduring 2018 alongside improving product efficiency using new technologiesand a series of restructuring projects.Source:CapIQJA Solar classifies its revenues into two key product segments.Asian Solar Energy Sector:Powered by Subsidies and Moving DownstreamAqila Ali64LONGiCompany BackgroundLONGi group is a formation of two key companies-LONGi Green EnergyTechnology(formerly Xian LONGi Silicon Materials Co),which looked intoingot and silicon manufacturing a
9人已浏览
2023-03-10 280页
5星级
埃森哲:升级电动汽车供应链迫在眉睫(英文版)(12页).pdf
Its Time to Power-Up the Electric Vehicle(EV)Supply Chain2Its time to power-up the EV supply chainIntroductionThe electric vehicle(EV)space is rapidly expanding,with production of EVs having gained considerable momentum in the past few years and poised to make huge leaps in the next few.Two types of companies are locked in a fierce battle for EV market share.In one corner are the established car manufacturersthe“giants”.Theyre trying to pivot to EVs and create an entirely new business,while continuing to support their core business of traditional internal combustion engine(ICE)vehicles.Its not an easy change to make,as these companies are finding out.In the other corner are the startups,trying to be“disruptors”to the giants by creating technology companies that moonlight as car companies.These newer entrants are discovering that while having great technology and innovation at their core is essential to breaking into this market,their staying power rests in being able to executeactually manufacturing the vehicles people want to buy.Both the giants and disruptors,as well as their suppliers,are at a critical juncture in this industry.And one of the biggest keys to their success will be learning how to quickly build or adjust their supply chains to create a business that can profitably capitalize on the growing preference for EVs over ICE-powered vehicles.Supply chain challenges across process/structure,organization,and technology must be addressed.The challenges are similar and different for giants and disrupters,however the companies who address these challenges quickly put themselves in position for long-term success.Thats the real battleground for EV dominance.According to BloombergNEF,EVs will account for about 30%of all vehicle sales by 2030.1Its time to power-up the EV supply chain3The electric vehicle markets rapid growthAs illustrated in Figure 1,and highlighted in Accentures latest thought leadership,the EV market is projected to skyrocket in the next 10 to 15 years,with significant momentum really beginning to build within five years.Whats driving this growth isnt really a secret:Consumers around the world have become more aware of and interested in sustainability and climate change,while governments in numerous countries are pursuing ambitious environmental agendas,including heightened restrictions on fossil fuels and their associated emissions.Californias governor,for example,made news recently with his executive order directing the state to require all new cars and passenger trucks sold in California by 2035 to have zero emissions.2 Another accelerant is technologyspecifically ongoing advancements in battery technology to improve the driving range on a single charge and reduce costs.In fact,in the past ten years the cost per KW/H has dropped from$1,110 down to$137,and analysts predict it should fall below$100 in the next few years,3 making EVs more affordable to many more people.Figure 1:Worldwide plug-in vehicle populationOEMs have to move fast now to win the early majority of the marketSource:The EV Charging Market:Internal Knowledge Repository-Accenture20351002003004002034203320322031203020292028Corridor depending on data source(MarkLines,EV Volumes,IEA,Bloomberg)Global plug-in electric vehicles on the road(in millions)2027202620252024202320222021202020192018Early majority20122013Innovators20142015201620170.190.400.721.262.033.23 227% 109% 79% 75% 61% 59rly adopterIts time to power-up the EV supply chain4Giants,disruptors and suppliers:Strengths,weaknesses,and challengesHowever,rapid industry growth and changing market dynamics are stressing EV supply chains,in turn creating both common and specific challenges for giants and disruptors(Figure 2).How these companies act in the next few years will largely determine who become leaders in the EV manufacturing,battery,and charging markets.GiantsGiants,of course,have long-established,sophisticated operations in vehicle production,supply chain,and supplier management.In other words,they know how to build cars and have the supply chain to do it.But now they need to balance the simultaneous production of ICE-powered vehicles and EVs.This requires developing EV battery and powertrain partners while continuing to foster relationships with current powertrain suppliers.DisruptorsDisruptors face an even more daunting task.They have the technology thats essential to EVs and a culture of innovation that enables them to continually push their thinking.However,they need to build an entirely new supply chain and supply base from scratchsomething thats taken the giants decades to doand put the structure in place to manage suppliers and their performance.Figure 2:Two different OEMs,each with unique challengesOperation CostsManufacturing CapabilityGiants151812685DisruptorsSupply Chain Maturity5Its time to power-up the EV supply chainSuppliersTrying to keep pace with both the giants and disruptors are the industrys suppliers.If they want to stay in business for the long term,traditional ICE powertrain suppliers will have to evolve to support both current and future development and production needs across ICE-and EV-related products.One way to do that is to split their business in two,with one part serving the traditional ICE market and the other focusing on the rapidly emerging EV/CASE(Connected,Autonomous,Shared,Electric)sector.Several leading suppliers have already taken steps in that direction.4 Adding to the disruption is the entry of companies that traditionally havent been considered automotive supplierssuch as LG,Panasonic,and Samsungthat have found an opening in the industry via batteries and battery technology.5 Even traditional energy companies such as Shell and BP have entered the market as early leaders in building out the EV charging infrastructure that will be a key factor in vehicle adoption.6Traditional ICE powertrain suppliers will have to evolve to support both current and future development and production needs across ICE-and EV-related products.6Its time to power-up the EV supply chainDigging Deeper on EV Supply Chain Challenges Its clear that there are plenty of supply chain challenges to go around across giants,disruptors,and suppliers.Some of these are common across the three groups,while others are more specific.Lets take a closer look at where these groups are feeling the pressure in supply chain process and structure,organization,and technology.Process and StructureThe macroeconomic challenges facing the EV industry are well documented.Many of these challenges have to do with consumer adoption,charging times,and EV charging infrastructure.However,EV supply chains for both Giants and Disruptors have specific process and structure challenges as well.Given uncertainty of supply,Giants and Disruptors both must place bets on how to best secure continued supply to build their products.This could include several strategies to consider such as producing batteries through vertical integration:development/production partnerships,joint ventures,and/or buying directly through suppliers.Understanding the end-to-end supply chain is critical to creating value for the enterprise.How do companies make the transition from prototype manufacturing to full-scale production?Here are some of the keys,all of which have ramifications for all three groups:Identify the new suppliers to partner with.Certain suppliers will remain relevant as the transition from ICE to EV begins,although new suppliers will also emerge.This is especially true as traditional ICE vehicle systems such as body/frame,drive train,and electrical will be displaced to accommodate EV requirements.OEMs need a process in place to effectively vet these new companies and technologies before placing the first order to ensure they can deliver.Make vs buy decisions.There are many big decisions that both the giants and disruptors will face as they transition into the EV marketplace.Disruptors making the transition from prototypes to production vehicles must decide whether to build manufacturing capabilities or buy them using a contract manufacturer,as they work to build a customer base and control operating costs.7 Giants face similar decisions on whether they should be converting existing ICE production lines to EV production.It seems most are considering hybrid options where existing ICE production lines are being converted and partnerships are being explored to increase and accelerate production capacity.There are many big decisions that both the giants and disruptors will face as they transition into the EV marketplace.Its time to power-up the EV supply chain7Reimagine metrics for supplier management and risk.Giants already have well-established supplier performance programs in place,but these may be foreign to disruptors.As they think about creating a supplier performance program,disruptors should resist the temptation to do a“copy and paste”from legacy OEMs.This is an opportunity to think creatively and change the conversation with strategic suppliers and how OEMs manage them.Giants,for their part,could also take a page from that book and think about new ways to partner with suppliers that are more relevant to the EV supply chain.Develop a localization strategy for battery pack assembly and other key components.EV battery manufacturing is segmented into three main areas:battery cells,modules,and battery packs.Cell manufacturing mostly occurs in Asia,primarily because of reduced production costs(which is significant,given cell production accounts for 75%of the overall EV battery cost),8 but because the largest markets for EVs are in Asia.Pack manufacturing,on the other hand,tends to happen closer to OEM assembly facilities because the packs final assembly weight and hazardous materials composition make it expensive and potentially dangerous to ship packs long distances.In an ideal world,cell through to pack production would be as close as possible to the OEM assembly plant.But thats unlikely to change,at least in the near term,so both giants and disruptors need to figure out the most cost-effective way to source,ship,and assemble batteries.Secure supply for critical materials.This would include materials with supply challenges such as conflict minerals(for example,cobalt)which are not widely available and can have important ethical procurement considerations.9 Blockchain applications can help bring transparency to the proper sourcing of such materials,while new or creative sourcing strategies such as“take or pay”arrangements can help ensure continuity of supply for materials OEMs cant do without.These agreements are often used when market demand greatly outpaces supply(think frac sand during the most recent oil boom).These agreements essentially involve buyers taking on risk by agreeing to buy a set volume of the materials at a discounted price over a given time period.If the buyer doesnt keep its commitment,the supplier simply invoices the buyer for the full amount contractually allowed.These agreements obviously have a high risk/reward structure,but they highlight the fact that in a new market companies need to consider new strategies to maintain supply chain continuity.Its time to power-up the EV supply chain8The natural components of the lithium ion battery are only found in certain parts of the world.With the demand for EVs only seen as increasing so will demand for these rare materials.This presents challenges to both Giants and Disruptors in terms of supply,cost,and long-term availability.Similar to the argument against fossil fuels,mining and extracting the components for lithium ion batteries not only harms the earth but also raises the real concern over replenishment or completely wiping out our supply.An additional component to consider is the inherent location of these materials.There is not wide-spread access to these materials,they are largely located in Africa and China where geo-political instability will likely cause supply disruption or extremely high entry/acquisition costs levied by these countries.A trending toward Giants and Disruptors looking at near-shoring opportunities to reduce risk due to supply chain distance and help manage transportation costs.This all points to the fact the lithium ion battery is not the long-term solution for the electric vehicle market.Giants and Disruptors need to have both long-and short-term strategies in place to manage these critical components.The short-term solution will be anchored on the fact that lithium ion batteries will be the primary power source for these vehicles.How each company plans to acquire these materials,ship,assemble,and retire the batteries need to defined and operationalized.The long-term strategies need to be a cohesive effort between supply chain and engineering to source,design,and acquire their future state power source.Whether its developing a solid-state battery or an alternative,both groups will need to work together to ensure their solution is both performance neutral and cost effective to the lithium ion batteries in use today.The strategies deployed by these companies will be a key component into their long-term viability in this market.Environmental Factors(Sustainability).The other challenge both Giants and Disruptors are facing with lithium-ion batteries is dealing with them as they come to the end of life.EV enthusiasts love them because of their minimal pollution and use of fossil fuels,however,EVs could create a new environmental issue if the batteries are not consistently and safely recycled or disposed of.Today,auto manufacturers are taking steps in that direction by dedicating space within their own factories to recycle batteries,they are also developing partnerships with third parties to support the effort.The challenge here isnt just about making recycling/disposing a priority,its mainly about the process itself.Today,much of this process is manual and time intensive.As more and more EVs hit the road,the need for automation will be key in scaling up this capability and keeping it cost effective.Both Giants and Disruptors need to see this as a priority moving forward.A choice to ignore this problem will likely affect the publics perception of how“green”a company is and could impact the overall markets impression of electric vehicles.Its time to power-up the EV supply chain9OrganizationSwitching from building prototype vehicles to full production has created massive hiring swings and made companies question which skillsets are relevant in an EV manufacturer that may not be in legacy automotive companies.Disruptors and giants have some concerns unique to their own operations and a few that are common to both.Disruptors need to:Shape and build an effective procurement organization.Logic would say disruptors could benefit from hiring procurement people from legacy ICE OEMs or suppliers.While this may be true in some areas,looking outside the automotive industry could be a way to inject new life and different perspectives into the industry.Having a procurement talent strategy that thinks outside the box could pay dividends as the EV industry grows.Prioritize which functions to build.Disruptors typically begin with engineers and designers,but quickly shift to creating important business functions to support their growth.As they do,disruptors need to think carefully about where they start and question whether functions and practices in the legacy automotive industry are still necessary in the EV industry.Giants need to:Determine how to modify their existing supply chain to support EV production.This is one of the most important things giants need to get right to be successful in EV.Most have already begun developing transition strategies for EV production,but the extent to which these are well developed varies.As part of the transition,giants need to understand whats necessary to retrain their people and where they can find the relevant learning paths and talent strategies to successfully reskill their workforce.Both groups should:Determine the unique skill sets valued in the EV supply chain.Certain skills and backgrounds are table stakes as giants and disruptors build an EV supply chain organization.However,opportunities also exist for companies to differentiate,such as reducing the need for some skills by automating parts of back-office functions;identifying the category management expertise thats most critical;and looking to other industries,whose logistics models mirror whats evolving in the EV space,for guidance on the most important skills.Develop a formal plan for transitioning legacy ICE suppliers to new critical parts for EVs.The procurement and supply chain teams will have to shift their focus to a supply chain dynamic in the early phases of producing and shipping new technologies.Procurement and supply chain teams will need to have an improved command of vehicle module-based Just-in-Time(JIT)execution,hazardous material management,and global and local supplier management practices.Switching from building prototype vehicles to full production has created massive hiring swings and made companies question which skillsets are relevant.10Its time to power-up the EV supply chainTechnologyTechnology is a key element of the EV strategy and should play a central role in the design of new EV supply chainsespecially for disruptors.Disruptors should:Explore how to apply process automation to back-office functions.Companies automating the back office have dramatically driven greater efficiencies and fostered scalability through the organization.With significant flexibility in developing their organization,essentially from scratch,disruptors should think about how they can use automation and whether it should be central to their story from day one.Create a comprehensive vision of their procurement and supply chain technology stack.Data and data management are at the heart of the EV industry and central to its development.Similarly,supply chain data is just as valuable to disruptors operations.Building a supply chain technology ecosystem that marries upstream and downstream activities and includes advanced analytics for operational transparency and decision making,should be a priority.All three groups need to:Consider how blockchain can improve supplier Tier visibility.Integrating supply chains has been a challenge for legacy OEMs for years.By working closely with Tier 1,2,3 and beyond suppliers to introduce blockchain concepts into new EV supply chains,giants and disruptors can create full visibility and transparency of supplier quality,cost,and delivery performance.Blockchain can also enable OEMs to keep tabs on suppliers ESG practicessuch as ensuring materials are sourced as sustainably and ethicallywhich stakeholders of all kinds increasingly expect.10Certainly,many other challenges compete for OEMs and suppliers attention.But the ones discussed are arguably the most critical supply chain issues that companies need to address as the EV market gains steam.ConclusionMoving aheadquicklyTheres no doubt the EV industry is in extreme growth mode.In fact,the eye-popping growth projections weve highlighted may be conservative,as momentum for EVs continues to build and new developments accelerate broader adoption.Thats why the companies with aspirations to be major players in the EV market need to pick up the pace in building a supply chain that can help them achieve their goals.Giants need to quickly determine which of their legacy ICE suppliers can make the transition to EV suppliers and find replacements for those that cant,while determining which of their traditional supply chain practices arent necessarily relevant to EVs.Disruptors need to put in place all the supply chain capabilities necessary to create order from the chaos in which theyre operating todayworking from a clean sheet to define the mix of traditional and innovative practices,and internal and third-party resources,they need to go from website hype to scalable production.And both legacy suppliers and newcomers must figure out what their role is in the expanding EV market a challenge thats magnified for legacy suppliers that also need to continue to support their ICE-focused business.The fact is,challenges abound in the EV market,but so are the opportunities.The companies that move swiftly to address the former and capitalize on the latter are the ones that will have staying power and grow in concert with an incredibly dynamic market.11Its time to power-up the EV supply chainAbout AccentureAccenture is a leading global professional services company,providing a broad range of services in strategy and consulting,interactive,technology and operations,with digital capabilities across all of these services.We combine unmatched experience and specialized capabilities across more than 40 industriespowered by the worlds largest network of Advanced Technology and Intelligent Operations centers.With 569,000 people serving clients in more than 120 countries,Accenture brings continuous innovation to help clients improve their performance and create lasting value across their enterprises.Visit us at This document is intended for general informational purposes only and does not take into account the readers specific circumstances and may not reflect the most current developments.Accenture disclaims,to the fullest extent permitted by applicable law,any and all liability for the accuracy and completeness of the information in this presentation and for any acts or omissions made based on such information.Accenture does not provide legal,regulatory,audit,or tax advice.Readers are responsible for obtaining such advice from their own legal counsel or other licensed professionals.This document may contain descriptive references to trademarks that may be owned by others.The use of such trademarks herein is not an assertion of ownership of such trademarks by Accenture and is not intended to represent or imply the existence of an association between Accenture and the lawful owners of such trademarks.Copyright 2021 Accenture.All rights reserved.Accenture and its logo are trademarks of Accenture.This content is provided for general information purposes and is not intended to be used in place of consultation with our professional advisors.210092Contact the authorsAdam M.Robbins Strategy Supply Chain&Operations Principal Director Paul Sullivan Strategy Supply Chain&Operations Senior Manager References1“A Behind the Scenes Take on Lithium-ion Battery Prices,”Logan Goldie-Scot,BloombergNEF,March 5,2019.2“Governor Newsom Announces California Will Phase Out Gasoline-Powered Cars&Drastically Reduce Demand for Fossil Fuel in Californias Fight Against Climate Change,”State of California,Office of the Governor,September 23,2020.3“EV battery prices plunge 89%in ten years”January 2,2021.4“Suppliers:Dividing to Conquer,”Peter Sigal,Automotive News,April 9,2018.5“A Look At The Top 5 Lithium-Ion Battery Manufacturers In 2019,”Matt Bohlsen,Seeking Alpha,September 4,2019.6 https:/ Group Shifts,Rides Wave of Rising eCommerce,”Dustin Walsh,Crains Detroit Business,November 1,2020.8“The Supply Chain for Electric Vehicle Batteries,”David Coffin and Jeff Horowitz,Journal of International Commerce and Economics,United States International trade Commission,December 2018.9“Manufacturers Are Struggling To Supply Electric Vehicles With Batteries,”Ariel Cohen,Forbes,March 25,2020.10“Volvo Turns to Blockchain to Check EV Batteries Are Responsibly Sourced,”Sean Szymkowski,Road Show,November 6,2019.11“G.M.Accelerates Its Ambitions for Electric Vehicles,”Neal E.Boudette,The New York Times,November 19,2020,Updated November 23,2020.
3人已浏览
2023-03-10 12页
5星级
埃森哲:全面的企业重塑(英文版)(62页).pdf
Total Enterprise ReinventionThe strategy that leads to a new performance frontierWEF 2023Mike MooreSenior Principal,Accenture ResearchAuthorsJulie SweetChair and Chief Executive Officer of AccentureJack Azagury Group Chief Executive Strategy&ConsultingBhaskar GhoshChief Strategy OfficerTrevor GruzinGrowth MarketsGrowth&Strategy LeadOliver WrightSenior Managing Director Consumer Goods&Services,Global Lead2Total Enterprise Reinvention|The strategy that leads to a new performance frontierTable of contentsExecutive summary4The new imperative 13Diving deeper into the six characteristics of Total Enterprise Reinvention25Charting a path to become a Reinventor55Total Enterprise Reinvention outcomes49About the research563Total Enterprise Reinvention|The strategy that leads to a new performance frontierExecutive summary4Total Enterprise Reinvention|The strategy that leads to a new performance frontierThe pandemic and unprecedented challenges of the past three years have tested CEOs and their leadership teams.Post-pandemic,most leadership teams of large companies are rising to the occasion,transforming more than ever before,faster than ever beforewhich we call“compressed transformation”and accepting that all strategies lead to more technology.We call these companies the“Transformers.”This is vital work,different than pre-pandemic,and should feel good.Dont stop.Yet dont be satisfied.Theres a new imperative being driven by a handful of companies that are quietly and systematically changing the game and their industries.These are the“Reinventors,building on their experience as Transformers to embrace what we call“Total Enterprise Reinvention.”Their goal:to reinvent over time every part of their companies,centered around a digital core and new ways of working that establish a culture and capability for continuous reinvention.In doing so,theyll set a new performance frontier for their companiesimproved financials,the ability to achieve perpetual breakthrough innovation,increased resilience in the face of any disruption,and an enhanced ability to create value for all stakeholders.While this reinvention strategy begins with building a strong digital core,it is much moretechnology plus.Defining what the top quartile will be in your industry.We predict in about three years,the full impact of the courageous companies that adopt Total Enterprise Reinvention will be felt.This report is about what is coming,not what is already here at scale.It lays out the opportunity to be the leader in this fast-emerging business environment.Read on to understand what you can do to become a Reinventor.Are you a Reinventor,a Transformer or an Optimizer?Will you define the top quartile for your industry or simply be in it?5Total Enterprise Reinvention|The strategy that leads to a new performance frontierOur 738,000 people serve more than 9,000 clients globally across more than 40 industriesincluding 89 of the Fortune 100 and 60%of the the worlds 2,000 largest companies,as well as major governments.We are the leading partner of most of the worlds largest technology companies.Our people are privileged to help the worlds leading companies and governments transform today,while being in a position to anticipate what theyll need tomorrow.In 2022,we predicted that to thrive over the next decade,companies will need to harness five key forces of change:1.Embracing and executing a Total Enterprise Reinvention strategy2.Being the winner in accessing,creating and unlocking talent3.Leading in sustainability in how they operate and what they sell4.Capturing the power of the metaverse5.Continuously leveraging the on-going technology revolution.The following report is based on our research and on Accentures depth of understanding working globally with clients and partners to deliver outsized results.6Total Enterprise Reinvention|The strategy that leads to a new performance frontierThese key forces of change are overlapping and interdependent.For example,you cannot fully harness forces 3,4 and 5 without succeeding in the first two.And yet they also are distinctive and called out as such because underlying each are profound shifts across the business,even the past three years.From technology to the needs of employees,consumers,business customers and partners,businesses are being called on to dramatically change the ways they work,engage and transact,as well as leadership mindsets and skills from the C-suite to the newest hires.The basis for these five key forces begins with technology.We have been at the center of a profound decade of technology change.In 2013,our Technology Vision report had foreseen that“every business is a digital business.”Pre-pandemic,many companies remained skeptical of the true impact of technology on their strategy and competitive advantage.And in part,this was because while technology change had been exponential,key parts of the business were still relatively untouched by technology advancementsfor example,manufacturing and the supply chain,which we call the next digital frontier.Even now,the merging of information and operational technology is still very early days,with new technologies like digital twins emerging at scale only in the last couple of years.In 2019,our landmark research on enterprise technology strategies and their impact on performance showed Leaders in tech adoption and innovation were growing revenues at 2x the speed of Laggards.1 Then,of course,the pandemic changed everything,jolting the world online and exposing which companies were Leaders or Laggards.Just 12 months after the pandemic,updated research showed the gap between Leaders and Laggards had grown to 5x revenue growth from 2x,with Leaders doubling down on investments faster than ever before.2In studying this evolution,we identified an entirely new group,one we named the“Leapfroggers,”those who compressed their digital transformations to convert the pandemics challenges into new opportunities.In doing so,they leapfrogged their peers and are catching up to the Leaders.Leaders and Leapfroggers shared three characteristicsmoving to the cloud and embracing new technologies like AI,flipping their IT budgets to innovation over maintenance and focusing on creating broader value;touching twice as many processes and focusing on areas like training.Helping companies execute compressed transformations has driven our business since the pandemic,with the number of companies becoming Transformers growing significantly in each of the last three years.Companies that have done US$100 million in bookings in a single quarter,which we use as a proxy for compressed transformations,have jumped from 53 in fiscal year 2020 to 72 in 20213 to 100 in 2022.47Total Enterprise Reinvention|The strategy that leads to a new performance frontierThe Macro A macro environment with an unprecedented level of volatility has created both serious pressure and the need to find new opportunities.Our Global Disruption Indexa composite measure that covers economic,social,geopolitical,climate,consumer and technology disruptionestimates macroeconomic volatility has increased 200%since 2017 as compared to only 4%from 2011 to 2016.TechnologyAdvancements now make technology a critical enabler of reinvention across virtually every aspect of the enterprise,with an expectation that these advancements will continue.In other words,all strategies lead to more technology,and all strategies require an understanding that technology will continue to change what is possible.Post-Pandemic TransformationLeadership teams across industries should feel proud.Not only did most large companies navigate the shock of the pandemic well;they also rapidly adapted,changing their approach to technology and transformation.The boldness of Reinventors is rooted in the successful experience over the past three years of companies that made significant strides in replatforming to the cloud,taking on technology-enabled compressed transformations,and either transforming multiple parts of their organization at once instead of sequentially,or doing large-scale transformations faster than ever beforeand often both.Our experience with the worlds leading companies and governments and our latest research demonstrate the time to embrace Total Enterprise Reinvention is now.And in doing so,weve shifted from measuring digital leadership and innovationLeaders,Leapfroggers and Laggardsto evaluating companies as Reinventors,Transformers and Optimizers.The convergence of three factors has inspired a small but growing number of companies to become Reinventors.The new imperativeThe more companies have transformed,the more theyve recognized the opportunities to connect transformations and work across functions to fundamentally change every part of their business.It is a when,not an if.And theyve also seen the challenges.Research we conducted in 2022 found that seven out of 10 enterprise transformation efforts fail to fully meet business leaders expectations.5 8Total Enterprise Reinvention|The strategy that leads to a new performance frontierOur research shows only 8%of companies are moving to adopt a strategy of Total Enterprise Reinvention.Most companies86%are Transformers.They focus on transforming parts of their business rather than the whole and tend to treat transformation as a finite program rather than a continuous process.Many,though,are beginning to recognize the importance of establishing a new performance frontierjust under half of Transformers(43%).In fact,this group says they aspire to set a new level of performance in their industry through their transformation programs.These“Aspirational Transformers”are best primed to become Reinventors.Six percent of companies are what we call Optimizers,focused on functional transformations limited in scope and ambition.Technology is not a significant enabler of their transformations.The time is now9Total Enterprise Reinvention|The strategy that leads to a new performance frontierDefining Total Enterprise ReinventionTotal Enterprise Reinvention is a deliberate strategy that aims to set a new performance frontier for companies and in most cases,the industries in which they operate.Centered around a strong digital core,it helps drive growth and optimize operations.Total Enterprise Reinvention isnt a to do;its a to be.It requires continuous,dynamic reinvention.It becomes a unifying force,across the C-suite and every function and business area,because,by definition,all are involved and accountable for its success.It demands an outside-in perspective that connects whats happening at the company with whats happening in the world.And it requires new skills and an increased depth of understanding of technology,change management,communication and how to leverage partners to achieve results faster.1.Reinvention is the strategy.It is no longer an execution lever.2.The digital core becomes a primary source of competitive advantage.It leverages the power of cloud,data and AI through an interoperable set of systems across the enterprise that allows for rapid development of new capabilities.3.Reinvention goes beyond benchmarks,embracing the art of the possible.Technology and new ways of working create a new performance frontier.4.Talent strategy and people impact are central to reinvention,not an afterthought.These companies consider change management a core competency.5.Reinvention is boundaryless and breaks down organizational silos.It tackles capabilities end-to-end.6.Reinvention is continuous.It is no longer a time-defined one-off,but a capability continuously tapped by the organization.10Total Enterprise Reinvention|The strategy that leads to a new performance frontierFinancial impact:Reinventors report generating 10%higher incremental revenue growth,13%higher cost-reduction improvements and 17%higher balance-sheet improvements compared with Transformers.Those numbers are significantly higher when compared with Optimizers at 22%,21%and 20%respectively.Technology speed to results:Reinventors report delivering 1.3x more financial value in the first six months than Transformers(1.6x more than Optimizers)a reflection of the speed at which such companies execute and deliver increased value.Indeed,66%of Reinventors say the delivery of their reinvention strategy is happening significantly faster relative to past transformations.By comparison,only 27%of Transformers and 10%of Optimizers say the same.Setting a new performance frontier 360 value:Reinventors more actively generate what we call“360 value,”looking beyond financials to long-term,sustainable value for all stakeholders.Seventy-six percent of companies that pursue Total Enterprise Reinvention say setting non-financial targets is very important,compared with 32%for Transformers and 10%for Optimizers.Compared with industry peers,Reinventors perform 32tter on sustainability and 31tter on experiencefor customers,suppliers and employees.They also score 11%higher on innovation,11%higher on“net better off”outcomes for talent,and 7%higher on inclusion and diversity.By embracing Total Enterprise Reinvention,companies will establish a new performance frontier,outperforming peers in financial,technology and 360 value dimensions.Our research shows Total Enterprise Reinvention drives clear and significant outcomes for Reinventors.11Total Enterprise Reinvention|The strategy that leads to a new performance frontierCharting a path to become a ReinventorWe believe all companies will need to adopt Total Enterprise Reinvention as a strategy in the coming years.Here are four categories of questions to help shape a path forward.Transformation initiatives currently underway Are the leaders of your current transformational initiatives able to articulate the changes that will occur across the enterprise,and are they using metrics that take a cross-functional view?Can your leaders articulate the partnership strategy for each transformation program,how that strategy is enabling them to deliver outcomes faster and increase certainty of outcomes as well as how the partner fits into your talent strategy?Ambition and strategy Where are you today:are you a Reinventor,Transformer or Optimizer?Have you defined the performance frontier for your company,and how does it measure against the best in your industry and the best in other relevant industries?Are you matching the leaders or setting the new benchmark?Is your entire C-suite held accountable,as a primary metric,for the success of your current transformation programs,or is the business or function lead primarily accountable?Talent Do leaders have sufficient technology acumen to understand the art of the possible and what it can do to drive reinvention?Do you have existing change management capabilities to support your continuous transformation journey,or are you standing these up for each transformation project?Do you use data to measure your transformation,and is the same form of measurement used for all programs?Digital Core How would you assess your digital core?What is its level of maturity and what are its known gaps?Is the ability to use technology investments to achieve sustainability and other 360 value objectives and any negative impacts formally included in technology investment decisions?12Total Enterprise Reinvention|The strategy that leads to a new performance frontierThe new imperative 13Total Enterprise Reinvention|The strategy that leads to a new performance frontierThe MacroDisruption,disruption,disruptionTodays executives are navigating a complex and dynamic business environment few have ever seen.Our Global Disruption Indexa composite measure that covers economic,social,geopolitical,climate,consumer and technology disruptionshows that levels of disruption increased by 200%from 2017 to 2022(see Figure 1 and“About the research”for further details).In comparison,the Index rose by only 4%from 2011 to 2016.As such,companies now face a permanent state of change at a pace never seen before.Technology,consumer preferences and climate change in particular are driving massive structural shifts in how the world operates.14Total Enterprise Reinvention|The strategy that leads to a new performance frontierA convergence of forces is increasing disruptionFigure 1:Accenture Global Disruption IndexSee About the research for a more detailed description of the method.2017 2022Overall level of disruptionGeopoliticalEconomicClimateSocialConsumerTechnological 20002017 20222017 20222017 20222017 20222017 20222017 20223089Overall measure of disruption based on average of six sub-components,each of which is based on indexed scores of a set of indicators.15Total Enterprise Reinvention|The strategy that leads to a new performance frontierConsumer mindsets have evolvedFaced with the pressure of all these external forces at once,consumers are becoming increasingly unpredictable in their choices.Trying to balance their needs with these pressures,they are demanding more,better and faster from the companies they interact with.In a separate survey of 1,700 global C-suite executives(conducted in two waves)we found more than 95%of both B2B and B2C executives believe their customers are changing faster than their businesses.Thats up from 88%of executives just a few months prior.6Addressing climate change will unlock new opportunitiesSoon to be published research shows more than US$3 trillion could be unlocked by 2030 by transitioning to decarbonized and sustainable products and services in eight markets alone:mobility,home energy,food,fashion,air travel,shipping,construction and communication.In fact,this value is already being unlocked.Sustainable products and practices are rapidly gaining market share and opening new industry-convergent ecosystems,necessary for meeting human needs in a world where the trust cost of carbon is increasingly accounted for.Companies agree on the need to transform more than ever These extraordinary times call for an unprecedented response and a reinvention of the enterprise.Thats the view of the 1,516 executives we surveyed,who say that a range of external forcesbut particularly the pace of technology innovation,shifting consumer preferences and climate changehas accelerated their reinvention strategies.In fact,even in the face of a recession in 2023,75%of executives say that the pace of their organizations reinvention would accelerate(see Figure 2).16Total Enterprise Reinvention|The strategy that leads to a new performance frontierCompanies are accelerating their reinvention in response to external forces%of respondents saying the force has accelerated their reinvention strategy(n=1,516)Pace of technology innovationClimate change/regulationInflationary pressuresSupply chain disruptionEurope(n=402)Shifting consumer preferencesHigh energy pricesGeopolitical tensionGlobal(n=1,516)Talent shortagesNorth America(n=797)Economic slowdownAsia Pacific(n=317)79usdgFB99864%Source:Accenture Total Enterprise Reinvention CxO Survey fielded in November 2022.Asia Pacific includes respondents from Australia,China,India and Japan.To what extent have the following external forces accelerated your organizations reinvention strategy?”If there is a recession in your main markets in 2023,will your organization accelerate its reinvention strategy?”%of respondents saying they will accelerate their reinvention strategyFigure 2:17Total Enterprise Reinvention|The strategy that leads to a new performance frontierIt may seem counterintuitive to focus on the long-term promise of reinvention amid adverse economic conditions today,yet increased competitive volatility during downturns creates greater opportunities for companies effective at reinvention.7 Perhaps thats why Doug Leone,a former managing partner of Sequoia Capital,quoted the Formula 1 racing legend Ayrton Senna at a May 2022 meeting with start-up founders about markets turning,saying:“You cannot overtake 15 cars in sunny weather but you can when its raining.”8Take American Express.The payments company faced the threats of rising default rates and falling consumer demand during the 2008 financial crisis.After cutting costs and divesting non-core businesses,American Express refocused on new partnerships and embraced digital technology.The company remained profitable through the crisis,grew its revenues and enhanced its capital position,all while investing in key capabilities.The firms stock price rose more than 700%in the decade that followed.9This level of disruption demands all businesses transform.In the next decade,every business will get to Total Enterprise Reinvention to succeed,or they wont succeed.“You cannot overtake 15 cars in sunny weather but you can when its raining.”Ayrton Senna18Total Enterprise Reinvention|The strategy that leads to a new performance frontierBuilding a digital core is not a one-time project.It must be continuous to incorporate new technologies and business capabilities.Reinventors invest in their digital core ahead of their peers,increasing their capabilities in foundational technologies,as well as integrating emerging technologies.For example,while 61%of Reinventors plan to increase their investments in cloud services over the next year,49%of Transformers and 45%of Optimizers plan to do so.And while 65%of Reinventors are watching and screening next-gen computation technologies,52%of Transformers and 48%of Optimizers are doing so(see Figure 3).1.An infrastructure and security layer:A modern,cloud-based IT foundation that is automated,agile and secure by design.3.An applications and platforms layer:Where new experiences and ways of operating come alivethrough modernized and new,custom applications and platforms or replatforming on SaaS.2.A data and AI layer:Where enterprise data becomes accessible at scale,with domain-specific,AI-enabled applications and platforms generating insights for decision-making.This connects and elevates trapped data,helping enterprises to ask new questions and find new answers that drive decision-making and the development of new products.TechnologyThe digital core,the potential of reinvention and breakthrough innovationA strong digital core is fundamental to all other strategic needs of an enterprise.Amplifying the role of technology in reinvention means shifting from a technology landscape of static,standalone parts to interoperable pieces intentionally integrated and leveraging the cloud.The digital core consists of three layers:An important feature of a modern digital core is Interoperability”across all of these layers,connecting technologies,data,and applications across silos and enabling Reinvention.Companies with high interoperability grew revenue 6x faster than their peers with low interoperability and unlocked an additional five percentage points in annual revenue growth.1019Total Enterprise Reinvention|The strategy that leads to a new performance frontierReinventors continuously invest in their digital core“Do you plan to increase your investment in the following technologies over the next year?”“Which of the following emerging technologies are you currently monitoring and screening?”AI and automationNext-gen computationCloud servicesNext-gen intelligenceNetwork/connectivityMetaverse and Web 3.059eHQHREIGQBH1716ad%Figure 3:%of respondents%of respondentsTotal Enterprise ReinventorsTransformersOptimizersTotal Enterprise ReinventorsTransformersOptimizersSource:Accenture Total Enterprise Reinvention CxO Survey fielded in November 2022.Sample size:Total,1,516;Total Enterprise Reinventors,119;Transformers,1,303;Optimizers,94.20Total Enterprise Reinvention|The strategy that leads to a new performance frontierpotential,as reflected by the 71%increase in mentions of cloud,AI and other emerging technologies in earnings calls over the past five years.12The new performance frontier can include breakthrough innovationWith a digital core in place,every company can aspire to create breakthrough innovations in their industry and adjacent marketsa territory that was formerly the domain of digital-native companies.What is breakthrough innovation?Breakthrough innovation sits at the intersection of understanding the potential of next generation technologies and applying them in novel ways to shape and capture white space opportunities and address acute needs in their business or industry.The potential for reinvention is immenseWe estimate,on average,that 76%of a US workers tasks could be reinvented by combining new technologies and new ways of working,by automating repetitive activities while augmenting high-value activities(see Figure 4 and“About the research”for further details).These actions will,in turn,enhance productivity and allow people to focus more on their unique capabilities.Indeed,such progress could hypothetically allow the average US worker to shift to a four-day work week and produce more than they do in a five-day work week.Combining the power of technology and human ingenuity will enable enterprises to reinvent how they go to market,how they operate,how they partner and how they create value,thereby unlocking a new performance frontier.For example,our research shows that companies that plan to adopt next-generation AI and advanced computational methodswhile tapping ecosystem partners and networksare 2.6x more likely to increase revenue by 10%or more than companies not pushing toward the leading edge in these areas.11 Organizations are acutely aware of this 21Total Enterprise Reinvention|The strategy that leads to a new performance frontierShare of US workers tasks that could be reinvented by technology augmentation or automation,by industryAugmentAutomateNo impactSource:Accenture Research analysis based on BLS and O*Net.O*Net tasks were classified into the four categories.This classification was performed based on a list of 2,000 detailed examples for 300 tasks.US average corresponds to the weighted average based on occupation shares across industries.Due to rounding,not all figures add up to 100%.Share of worked hours,2021Increasing potential for augmentation based on the combination of new technologies and new ways of workingUS averageBankingSoftware&PlatformsCapital MarketsInsuranceHealthCommunications&MediaPublic ServiceAerospace&DefenseUtilitiesIndustrialLife SciencesHigh TechChemicalsEnergyTravelNatural ResourcesRetailConsumer GoodsAutomotive337)A3(C4)01(C4(8)&C9T6HV68R7QPI3EG2PUS$# ( #$!%0 !%Most of the tasks of an average US worker could be reinventedFigure 4:22Total Enterprise Reinvention|The strategy that leads to a new performance frontierPost-Pandemic TransformationThe successes and the challengesMany executives are already working to reinvent processes in their enterprise with new technologies and new ways of working.Of the 11 functional areas we assessed,executives said their organizations had already reinvented,on average,processes in six functions.The most common function for reinvention was customer service(63%of respondents)and the least common were Research&Development(R&D)and Human Resources(HR)(48%of respondents).Within two years,executives expect to have reinvented processes in nine functions within their enterprise(see Figure 5).While many companies are transforming multiple parts of their enterprise,in our experience,they are failing to realize the true business value of these efforts because of siloed approaches.Other common challenges are cost,lack of efficiency across programs,failure to understand and address interdependencies,insufficient technology acumen and failed change management.A Total Enterprise Reinvention strategy addresses these challenges by taking an integrated,holistic approach based on technology with talent at the center.23Total Enterprise Reinvention|The strategy that leads to a new performance frontierMost processes in functional areas are being reinventedFigure 5:Cumulative number of areas being reinvented by an organization,on average,out of a possible 11Past two yearsNext two years69 3“In which of the following functions are you fundamentally reinventing processes by applying new technologies and new ways of working?”Customer ServiceFinanceStrategy and M&AInformation TechnologyMarketingCore OperationsSalesManufacturingResearch&DevelopmentSupply ChainHuman Resources 27 30 30 32 31 33 28 30 36 29 3540 45 50 55 60 65 70 75 80 85 90 95 100%of respondents,n=1,516Percentage pointdifferencePast 2 years Next 2 yearsSource:Accenture Total Enterprise Reinvention CxO Survey fielded in November 2022.24Total Enterprise Reinvention|The strategy that leads to a new performance frontierDiving deeper into the six characteristics of Total Enterprise ReinventionWe briefly listed the key qualities companies must embrace to succeed at reinvention.In this section,well dive deeper.25Total Enterprise Reinvention|The strategy that leads to a new performance frontier1.Reinvention is the strategy26Total Enterprise Reinvention|The strategy that leads to a new performance frontierPeople,Culture and PurposeAccelerate GrowthOptimize OperationsThink of all the functions of your company on a connected wheel(see Figure 6).Accept the premise that today,in every function,technology plus new ways of working,could create new value,and that the advancements in technology are likely to make that value constantly evolving.Think about the way you decide which technology to invest in,and which part of the company to transform.Are the business cases co-created across the C-suite in recognition that no function exists alone?Are the technology investments tested cross-functionally or primarily best-in-class for the functional leader who is leading the analysis?What is the depth of understanding of the leaders as to what is possible today,and what is coming?Is your C-suite able to articulate for every technology investment,what will change in how you work,or engage,or go to market?When someone talks about the need for cultural change or new skillshow precise is it,and do you understand the plan to achieve?And when you set your ambition,how are benchmarks usedare they the ambition to achieve,or the standard to beat?In other words,is your ambition to set a new performance frontier for your company and/or your industry?Source:Accenture.FinanceHuman ResourcesLegalInformation TechnologySourcing&ProcurementSupply ChainEngineering&ManufacturingSustainability Industry-specific FunctionsResearch&DevelopmentCorporate StrategyMergers&AcquisitionsNew Business ModelBusiness UnitsSalesMarketingServiceBuild Digital CoreAI SecurityData Platforms CloudTotal Enterprise Reinvention is a deliberate strategy that aims to set a new performance frontier for companies and in most cases,the industries in which they operate.Centered around a strong digital core,it helps drive growth and optimize operations.It starts with the premise that every part of every business needs to be reinvented and that benchmarks today do not reflect what is possible if,as a company,you have a tech-enabled mindset.It recognizes that technology advancements will mean that this is a continuous and dynamic need.The focus shifts from,one and done programs,or“is this too much change”to a company that is proudly“all about change.”One that has honed the business and technology acumen to set the right priorities,built the culture and resilience for change,and the laser focus on the future and external developments.This cultural point is criticalAccenture has lived it.Accentures capabilities and culture have dramatically changed over the last decadeat one point,we were“fast followers”and now we are“innovation led.”The part of our culture that has existed for decades is that“we are all about change”which has allowed us to set bold ambitions and to reinvent ourselvesa process that is ongoing.Total Enterprise ReinventionFigure 6:27Total Enterprise Reinvention|The strategy that leads to a new performance frontierBecause we know that many companies are already changing a lotTotal Enterprise Reinvention is not about the scope and speed per se.It is about establishing that a core strategy of the company is the ability to continuously reinvent and systematically move across the enterprise to set a new performance frontier.It is not a reaction to the macro,but a recognition of the opportunity that has become clear in the last three years of the true power of tech-enabled transformation.Compressed transformations were triggered at the beginning of the pandemic,as companies experienced rapid changes in their operating environment which exposed the gaps in their digital core.For example,because of the move online at the onslaught of the pandemic,many consumer goods companies accelerated their ability to digitally connect directly with end consumersonly to find that the failure to have a modern,cloud-based ERP and infrastructure prevented them from rapidly being able to make changes in payments,connect supply chains and fulfill purchases in areas like social commerce.As a result,we have seen many consumer goods companies take on accelerated moves of their ERP to the cloud,crossing multiple functions.Adopting Total Enterprise Reinvention as a core strategy is a natural next step for companies which today are Transformers,and is the blueprint for the companies which are Optimizers and now want to leapfrog to Reinventor.28Total Enterprise Reinvention|The strategy that leads to a new performance frontierIn following the six key characteristics of Reinventors,companies will also address many of the lessons learned in these past three years of compressed transformations.The ambition and decision to accelerate transformation is what most CEOs talked about early in the pandemic as being most proud of.The capabilities to efficiently transform at scalefrom how you make technology decisions,to the way to approach change management,to the depth of technology understanding leaders need,to the persistent silos that are often reinforced by metrics and compensation regardless of a strategy of“one”have emerged as gaps that have challenged the full realization of the potential of techenabled transformation,and limited the ability of companies to be more ambitious about the outcomes.For example,change management,skills and cultural change are often cited as barriers or weaknesses,and yet few companies have moved to centralized,clear and measurable change management capabilitiesoften using multiple techniques depending on their partner.A Total Enterprise Reinvention strategy flips change management to a core capability that is connected and has consistent approaches,like measurement tools,regardless of function and partner.Another example is that many companies continue to struggle with thinking about technology platforms across the company,providing more cost efficiency,more resilience and faster innovation as more parts of the company can access the capabilities.And so,you will see companies that have rapidly moved to the cloud struggling with cost,the ability to use cloud services and truly changing how they operate because the move to the cloud was done business unit by business unit,or function by function rapidly,and producing early results,but not realizing the full potential of the technology.Every industry has specific challenges.Lets take healthcare,in which significant investment by many leaders has gone into creating an intelligent front door to care that creates a personalized,consumer-like experience for patients.At the same time,depending on where they are in the healthcare value chain,those same companies are looking to digitize to find efficiencies in an industry that has lagged other industries in digital transformation and is now facing significant shortages of clinical talent that impact access to care.Often,we see initiatives to personalize experience and create efficiencies and capacity scoped too narrowly,missing the opportunity to connect to drive more value.Total Enterprise Reinvention also will unlock the power of external learningsfrom other industry players and,equally important,from other industries.While many CEOs talk about their own industry not being the benchmark,putting this view into concrete action has been difficult.Indeed,it requires new muscles from their leadership,and often,the industry benchmarks still become the de facto goals and measurement of performance.Reinvention,by definition,cannot be done only with internal thought leadership.Setting a new performance frontier also requires,at a minimum,looking at the rest of the industry.We spend a lot of time looking across industries to inform the solutions that we bring to our clients.We believe that if companies execute on the six characteristics of Reinvention,the use of industry and cross-industry learnings will finally become part of how leaders do business.29Total Enterprise Reinvention|The strategy that leads to a new performance frontier2.The digital core becomes a primary source of competitive advantage30Total Enterprise Reinvention|The strategy that leads to a new performance frontierTechnology used to be the disrupter.Now its the enabler,a certainty in turbulent times.Once you accept that every business is a digital business,technology is a primary source of competitive advantage that enables companies to build exceptional experiences and achieve breakthrough innovations.It can open new possibilities for accelerating growth and optimizing operations.To thrive in this world,companies need a strong digital core that will serve as the foundation for reinvention.Ninety-seven percent of executives we surveyed agree technology in general now plays,and will continue to play,a critical role in both their reinvention strategy and in transformation programs for their organization.In fact,on average 40%of executives across the three groups,also agree the role of technology has increased to become the top priority in transformation programs overall during the past two years(see Figure 7).Technology is foundational“Do you agree that technology in general plays a critical role in all current and future reinvention strategies,as well as in transformation programs,for your organization?”Figure 7:“Has the role of tech increased in transformation programs overall in the past two years?”Score from 1-5,where:51%All respondentsStrongly agreeAgree Neither agree nor disagreeDisagreeStrongly disagree46%1%1%1D9UXW%2%3%1%Total Enterprise ReinventorsTransformersOptimizersIncreased to top priorityNo increase5 4 3 2 1Source:Accenture Total Enterprise Reinvention CxO Survey fielded in November 2022.Sample size:Total,1,516;Total Enterprise Reinventors,119;Transformers,1,303;Optimizers,94.31Total Enterprise Reinvention|The strategy that leads to a new performance frontierRestructured into a new entity,SCBx,the firm intends to leverage its customer base across platforms to expand its reach to 200 million people.15 The company is investing in new technologies,including blockchain,metaverse and Web 3.0.16Reinventors capitalize on their investments in the digital core While many executives acknowledge that technology plays a critical role in reinvention,the ability to use technology as an execution enabler is a differentiating characteristic of Reinventors.Our survey found 39%of Reinventors say technology is a significant enabler in executing their reinvention,compared with just 21%of Transformers and 3%of Optimizers(see Figure 8).Consider Siam Commercial Bank(SCB).The SCB Transformation Program focused on developing the companys technology infrastructure and capabilities to create the foundation for SCB to become a digital bank.The company replaced legacy applications and migrated to a new cloud-based data lake.13 A digital factory was set up to develop the banks app and new digital stack.This enabled the bank to grow its digital app user base to more than 13 million users in 2022,up from 2.5 million prior to the transformation program.14 The next stage in SCBs journey to reinvention is to become a“fintech business group”a technology company that provides customer-centric services,including banking.32Total Enterprise Reinvention|The strategy that leads to a new performance frontier“Did/does your organizations current technology hinder or help in the execution of your transformation program?”HinderSomewhat enableEnableSignificantly enable42YI%8 2%69!%3%Total Enterprise ReinventorsTransformersOptimizers13xReinventors capitalize on their investments in the digital coreFigure 8:Source:Accenture Total Enterprise Reinvention CxO Survey fielded in November 2022.Sample size:Total,1,516;Total Enterprise Reinventors,119;Transformers,1,303;Optimizers,94.Case in point:bp.The firms strategy to reinvent itself from an international oil company focused on producing resources to an international energy company focused on delivering solutions.17 The company aims to deliver earnings of US$9-10 billion from five“transition growth engines”bioenergy,convenience,electric vehicle charging,hydrogen and renewablesby 2030.18Digital innovation is one of three sources of differentiation that underpin bps reinvention strategy.19 bps digital capabilities now sit alongside its science and engineering capabilities in an integrated,“innovation and engineering”team.bp takes a customer-centric approach to developing digital products and benchmarks its digital capabilities against leaders in the technology sector(instead of against direct competitors).2033Total Enterprise Reinvention|The strategy that leads to a new performance frontier3.Reinvention goes beyond benchmarks,embracing the art of the possible34Total Enterprise Reinvention|The strategy that leads to a new performance frontierIn the past,many companies determined the full potential of their transformation by benchmarking their performance against that of peers,as well as targeting current industry best practices.If youre behind,these metrics can help create a case for change.However,they also can limit the ambition of leaders because they dont reflect the art of the possible as it relates to technology and new ways of working.In other words,benchmarks become a barrier to achieving the possible.Given the rate at which technology and customer habits are evolving,what is best-in-class today will be lagging before tomorrow arrives.Indeed,strong performance increasingly does not endure.Our analysis finds that between 2011 and 2022,the gap between top-and median-performing companies on total shareholder returns declined by 15 percentage points,on average,across industries.21Mentions of the phrase“best practice”in earnings calls among the worlds 2,000 largest publicly traded companies by revenue have declined by 24%since Q1 2020.Nevertheless,more than half(55%)of the executives we surveyed are still focused on matching existing best practice in their industry and see that goal as the full potential they can hope to achieve(see Figure 9).35Total Enterprise Reinvention|The strategy that leads to a new performance frontierBest practice is falling out of favorbut not for allMentions of“best practice”per 1,000 earnings calls for the worlds 2,000 largest publicly traded companies by revenue“Which of the following statements best describes the level of performance you are aiming to reach through your reinvention strategy?”%of respondents,n=1,516Source:Natural language processing of the quarterly earnings calls of the worlds 2,000 largest companies by revenue from Q1 2020 to Q3 2022.Accenture Total Enterprise Reinvention CxO Survey fielded in November 2022.A major step change that sets a new level of performance in our industryA major step change that matches the current performance level of the#1 competitor in our industryTop quartile or incremental45H%7%Figure 9:2020 Q11501005002022Q3-246Total Enterprise Reinvention|The strategy that leads to a new performance frontier4.Talent strategy and people impact are central to ReinventionMany human factors can compromise reinvention strategies and transformation programs that look good on paper.Barriers can include a lack of cultural readiness to change,leadership capabilities and alignment,and functional silos(see Figure 10).The more that people are engaged in reinvention,however,the more likely such hurdles can be overcome.37Total Enterprise Reinvention|The strategy that leads to a new performance frontierFigure 10:Human factors pose some of the biggest barriers to delivering reinvention strategies“What barriers have you faced in delivering your reinvention strategy?”%of respondents,n=1,516Source:Accenture Total Enterprise Reinvention CxO Survey fielded in November 2022.Selected as the#1 barrier Selected as a top 3 barrierCultureLack of cultural readiness/capacity to changeTechnologyLack of technical infrastructureAlignmentMisalignment across the executive teamCapitalInsufficient availability of capitalLeadershipLack of skills/capabilities in the executive teamSilosFunctional/departmental silosPartnersWeak partner ecosystem30 %0)%(%8Total Enterprise Reinvention|The strategy that leads to a new performance frontierCommunication of change,empowering people and skilling at all levels are important to delivery“Which of the following practices were most important to the successful delivery of your reinvention strategy?”Source:Accenture Total Enterprise Reinvention CxO Survey fielded in November 2022.Sample size:Total,1,516;Total Enterprise Reinventors,119;Transformers,1,303;Optimizers,94.Dedicating the right amount of time and effort to change management&commsSenior leaders communication of a compelling change storyAssigning the highest performers to the highest value initiativesEmpowering,recognizing,and rewarding new ways of workingUpskilling and reskilling employees with the tools and capabilities needed to speed up executionHaving the relevant skills/capabilities in the executive team to deliver the program505166494654434458443848384154294144 32% 24% 21% 70% 11% 23%Total Enterprise ReinventorsTransformersOptimizersFigure 11:%of respondentsExecutives must be the voice of change Any successful reinvention begins with the executive team creating conviction in an organizations people to drive change.The CEO must champion the Total Enterprise Reinvention strategy,with the whole C-suite in lockstep.After adopting such a strategy,the CEO and executive team must be actively engaged,communicating and owning a clear message and rationale for the reinvention to bring other employees along.Many organizations underestimate the importance of communicating the“why”of a reinvention.Engagement with people needs to have a vision and a call to action that resonates with each person,helping connect individual purpose with the overall goal of the change.Reinventors distinguish themselves in this area.As Figure 11 shows,Reinventors are more likely to dedicate ample time and effort to change management and communicationsincluding senior leaders communication of a compelling change story.39Total Enterprise Reinvention|The strategy that leads to a new performance frontierBuilding companywide Technology Quotient(TQ)From the C-suite to the front line,employees at all levels will need to develop a TQ to drive successful reinvention.The TQ is how we build and demonstrate our understanding of transformative technologies and how they deliver on the promise of technology and human ingenuity.At Accenture,we invest in continuous training across the enterprise,with each employeeincluding the C-suitereceiving an individual TQ score.Accentures TQ learning series is a simple and effective way to ensure every member of the team learns about technology,how its applied,why it matters and how it works with other technologies.Every employee at Accenture takes the TQ courses,no matter what their area of expertise.Roche is reinventing itself to become more agile and digital.Part of the foundation for this effort has been a global leadership initiative designed to help senior executives develop the mindsets they need in both personal and organizational reinvention.The leadership model has moved from one designed for command and control to one built on empowerment to encourage collaboration and creativity.2240Total Enterprise Reinvention|The strategy that leads to a new performance frontierAchieving the comprehensive scale of Total Enterprise Reinvention requires companies to connect people,processes and data across the enterprise and beyond,creating a boundaryless organization.Organizations are becoming more interconnected.Ninety-nine percent of executives expect this focus on interconnectedness across their organization will increase over the next two years.Creating capabilities at the performance frontier requires an enterprise-wide approach that cuts across business units and functions,rather than a single function-or business-driven approach.Take the value-chain business planning and intelligent manufacturing and fulfillment capabilities critical to retailers and consumer goods companies.Building these capabilities requires an end-to-end approach that impacts virtually the entire organization in some way(see Figure 12).5.Reinvention is boundaryless and breaks down organizational silos4141Total Enterprise Reinvention|The strategy that leads to a new performance frontierBuilding full value chain business planning and intelligent manufacturing and fulfillment capabilities at the performance frontier requires an end-to-end approach Interventions across the value chainFigure 12:Degree of business impactIdentify Consumer DemandPrescribe Customer OrderManufacture to DemandPackage with ResponsibilityFulfill by Real-time Optimal Flow PathsEngage for Circular(re)FulfillmentAccelerate GrowthOptimize OperationsDegree of ImpactHighMediumLowN/ABuild Digital CoreAI SecurityData Platforms CloudSource:Accenture analysis.FinanceHuman ResourcesLegalInformation TechnologySourcing&ProcurementSupply ChainEngineering&ManufacturingSustainability Industry-specific FunctionsResearch&DevelopmentCorporate StrategyMergers&AcquisitionsNew Business ModelBusiness UnitsSalesMarketingService42Total Enterprise Reinvention|The strategy that leads to a new performance frontierChanges to the operating model are also accompanied by significant changes in how people work.Adopting agile principles across the business(not just in IT)empowers employees and enables cross-functional ways of working.The move to empowered,multidisciplinary teams allows people to take on more complex roles that combine tasks once performed by two or more individuals in traditional roles.Evidence is seen in recruitment trends,with our analysis showing the average number of skills required for jobs posted during 2020-22 increased by 18%.23The integrated operating model and new ways of working are underpinned by an integrated,enterprise-wide technology and data platform that democratizes data across the enterprise.The flow of data provides connections between teams across the networked organization,enabling the sharing of ideas and insights.The European automotive ecosystem,for example,is working to create a secure,standardized data exchange,the“Catena-X Automotive Network”the first open-data ecosystem in the sector.24 By sharing data and other resources,Catena-X aims to improve transparency and efficiency,as well as reduce carbon emissions throughout the supply chain.25 Boundaryless doesnt mean a lack of controls.Those adopting reinvention recognize the need for a dedicated Transformation Office.The office coordinates,setting the schedule and tracking progress,developing a fully integrated plan with financial projections,clear operational performance indicators and targets for each workstream that acts as a single source of truth for the entire organization(see Figure 13).Reinventors strengthen connections across their organizations43Total Enterprise Reinvention|The strategy that leads to a new performance frontierFigure 13:Effective program governance is seen as the most important factor for successful delivery“Which of the following factors were most important to the delivery of your reinvention strategy?”“Which of the following practices were most important to the successful delivery of your reinvention strategy?”Source:Accenture Total Enterprise Reinvention CxO Survey fielded in November 2022.Sample size:Total,1,516;Total Enterprise Reinventors,119;Transformers,1,303;Optimizers,94.%of Total Enterprise Reinventors,n=119%of respondentsEffective program governancePeople and cultureThe right partnersLeadership engagement and alignmentA compelling business case56TRPH%Creating a detailed plan of initiatives for all workstreamsEstablishing a dedicated transformation office to oversee the programTotal Enterprise ReinventorsTransformersOptimizers 40% 16575754434944Total Enterprise Reinvention|The strategy that leads to a new performance frontier6.Reinvention is continuous45Total Enterprise Reinvention|The strategy that leads to a new performance frontierContinuous reinvention is supported by core planning processes“Which of the following practices have you adopted in support of your philosophy of continuous reinvention?”%of Total Enterprise Reinventors,n=119Figure 14:Source:Accenture Total Enterprise Reinvention CxO Survey fielded in November 2022.Reprioritize existing initiatives and add new initiatives to the reinvention strategy,as part of core planning processesWork with business partners to continuously drive innovationLeverage an innovation methodology to generate new ideasEngage with others that have reinvented themselves to learn from their experienceLeverage employee crowdsourcing to generate new ideas58P98%Transformation typically has been sequential and time-bound.Reinvention,however,is as dynamic as the changing technological and market landscape.It requires both speed of execution and an approach toward continuous change that seeks progress over perfection.The earlier value is released,the quicker it can be invested in new initiatives that further extend the performance frontier.Its therefore critical for companies to focus on initiatives that drive the most impact.As such,companies must be ready to reprioritize initiatives on an ongoing basis,stopping non-value-adding initiatives at the right time,while regularly restocking their pipeline with new initiatives.Fifty-eight percent of Reinventors say that both reprioritizing existing initiatives and adding new initiatives to the reinvention strategy during core planning processes supports a philosophy of continuous reinvention(see Figure 14).UBS,for example,introduced“dynamic investment reprioritization”to optimize results through quarterly budget reviews,helping ensure that the banks digital deliverables are aligned with customers needs.2646Total Enterprise Reinvention|The strategy that leads to a new performance frontierPartners bring resourcesassets,ideas,skillsthat can accelerate progress at scale,in support of compressed transformation.Partners can also support the investment required to deliver reinvention through gain-sharing agreements.And partners can help build a capability to deliver continuous reinvention:69%of companies that are moving to adopt a strategy of Total Enterprise Reinvention say that having a business partner that helps select and build solutions and platforms is important to the successful delivery of their strategy(see Figure 15).Verizon,for example,has systematically built an ecosystem to support the development of the 5G economy,by forming strong partnerships across its value chain.Device manufacturers help ensure that Verizons network can support all devices.Reinventors draw on the power of their ecosystem partnersCloud providers and system integrators have partnered to develop Verizons mobile edge compute(MEC)ecosystem.Customers test new use cases.Partners are helping Verizon,too.Verizon and Meta are working together to leverage complementary capabilities to build the foundations of the metaverse,with a focus on the MEC infrastructure for extended reality experiences.27 47Total Enterprise Reinvention|The strategy that leads to a new performance frontierBusiness partners are at the center of delivering reinvention strategies“Which of the following practices were most important to the successful delivery of your reinvention strategy?”%of respondentsSelecting a business partner at the center of the strategy and working with them to select and build solutions and platformsHaving a cloud services partner at the center of the strategy and building teams and other external providers around this single partnerFigure 15:5853 30iTotal Enterprise ReinventorsTransformersOptimizers6360 7dTotal Enterprise ReinventorsTransformersOptimizersSource:Accenture Total Enterprise Reinvention CxO Survey fielded in November 2022.Sample size:Total,1,516;Total Enterprise Reinventors,119;Transformers,1,303;Optimizers,94.48Total Enterprise Reinvention|The str