Finally this is getting some attention. Somewhat related, Healthcare startups are struggling with this because the standards they have to comply with (for developing medical software) cost up to 280 EUR (for a pdf!). [1]
One common workaround is to go to "the Estonian site" which offers the same, English version of standards for a much lower price [2]. Being a bit cynical, I would say that Estonia prioritises open information much more highly than.. other developed countries. I created a price comparison on my website [3].
But: The core problem of standards being openly available is still not solved. Why is this not possible? For me, standards are very comparable to the law: A large number of people should comply with it. For that, they must be openly available to everyone. Everything else doesn't make sense. Is that unreasonable?
Healthcare startups are one place that shouldn't really have a practical problem with this - the cost of standards is a drop in the bucket compared to your overall cost of regulatory/quality implementation, filing, etc. Sure, it stings a bit to hand out a few thousand for pdfs but it isn't going to affect your business plan. If you don't have a plan to pay for all of this this you are already dead in the water.
I'm all for streamlining the implementation but a lot of it is just about implementing solid engineering practices. Note, I'm absolutely not saying you should insist on bloated slow processes, this definitely isn't required.
I also think it would be great if we could fund the ISO a different way and make all the standards freely available. It's just not going to make any real difference to your ability to execute as a healthcare startup.
> Sure, it stings a bit to hand out a few thousand for pdfs but it isn't going to affect your business plan.
How will they even know what their business plan is without knowing what standard they will be providing?
Last time I checked in Australia, compliance with pay-for-access standards was required in many laws. It is outrageous, because it means you don't even know what you are legally required to do without paying some corporation money.
To add humour to the situation, I think that corporation got bought out by the Chinese at some point. Can't swear to that, I forget what is handled by SAI Global v. Standards Austarlia.
Anyhow the whole situation is a black stain on the idea of equal access to the law.
> How will they even know what their business plan is
If you head into something like healthcare without any idea of what you need to do, you are begging for trouble. By the time you are buying any standards, you know which ones you need and how they fit in with everything else. Any real business plan will have researched this enough to get a ballpark. This is table stakes stuff.
You can research it all yourself in a few days and get a reasonable idea. If your team is all inexperienced you should probably spend a few consulting hours on guidance.
If you have anything like a real plan for a company, this is peanuts. If you don't, you do not need any of this stuff yet.
I think that everything a law sets forth should be publicly accessible. No law or reference in law should be paywalled. There might be a small fee involved, but it should only exist to cover administrative costs of distributing the information.
> There might be a small fee involved, but it should only exist to cover administrative costs of distributing the information.
Laws should be freely (as in free beer) available. Laws should not be tucked away behind a paywall or behind "case law" or behind "international standards" that the layperson can't access without a fee. No fees. That's what taxes are for.
> How will they even know what their business plan is without knowing what standard they will be providing?
Are there no drafts available for most standards? For C++ the draft is often as good as the standard, and anybody can access the drafts. Is there nothing similar in other areas?
Well, if you're a single guy WFH with a cool-idea for some medical tech and you want to build a prototype to see if it's worth starting a company, then 200€+ per PDF (per person?) adds up and becomes cost-prohibitive.
You are going to have many iterations after that first prototype. Your looking for proof of concept here and some early user testing, a long way to product yet; basically enough detail to know the right questions to ask.
Yes, the short-term financial implications (cost of standards) are minor compared to cost of employees and consultants (source: I am a consultant). However, non-free standards have a gazillion second-order effects which tend to get overlooked:
- Potential founders (think YC) can't "just quickly browse a standard" to see whether they'd want to build a startup in that area.
- Individuals not affiliated to a company won't purchase them for themselves (too expensive) and therefore are excluded from contributing.
- People can't write blog posts which freely cite passages from a standard --> Less public information on how to actually implement a standard in a company.
- People can't make presentations (slides) with passages from a standard --> A lot of paraphrasing and beating around the bush, making presentations more useless.
Imagine, for a second, the following thought experiment: Open source software on GitHub would be behind a similar paywall, say, 50 EUR per software package. You could make your argument again: Compared to engineering salaries, that's a minor amount. Sure. But the second-order effects are gigantic, essentially killing the open source ecosystem because individuals (like a random person from a third-world country) are entirely cut off and barred from contributing.
Or, like: Would DHH have written rails if access to Ruby would have cost 50 EUR?
I'm just finding the healthcare example among the weakest.
To be a bit US specific (this varies worldwide); the FDA publishes a ton of information on what their expectations are. You absolutely should be reading their guidance documents, filing process, etc. That gets you past the "is this something we should do" phase.
You'll likely get to the point you have a conformance plan for 13485 or similar, at which point you have a real project committed so the small fraction cost thing applies.
The most impactful healthcare standards aren't about "here's how you build a device", they are about "here's how you build an organization capable of building, shipping, and supporting a device".
Once you've got your head around that, you're off and running. On the R&D side of things, there is actually little bureaucracy for it's own sake, mostly it's about implementing good engineering practices in a traceable way.
I guess my response is to your "Healthcare startups are struggling with this" is that I know a lot of healthcare startups, and they struggle with a lot of things, but this typically isn't one of them.
To me ISO-8601 not being freely available is obviously counterproductive. ISO 13485 or 60601 not being freely available is more "well, not optimal but doesn't make much difference"
I'm in biotech and its a very similar situation here. We're a small company and dropping a few grand on regulatory documents would be a non-issue, a negligible part of our operating budget. Having said that, we would rather just pay for consulting/expertise from someone who has experience with the regs rather than interpret them ourselves.
I remember buying my first ISO document (INCITS/ISO/IEC 14882-2003) for $30 in like 2005 or something, back when I was still writing code. I thought I would become a better C++ programmer, armed with the standard, but turns out it didn't help me at all (reading books/writing code helped more). I did become a better standards-lawyer though! :D
- You need to purchase multiple standards (at least 4).
- In theory, you need to purchase a multi-user license if more than one person should be allowed to read the pdf in your company (hint: nobody purchases the multi-user license).
- Every few years, new versions of the standards are released which you have to purchase.
- Sometimes, you just purchase standards to realise that they're not applicable to your company.
- The industry is riddled with shadiness: A German standards web shop offers a "standards flatrate" for a "great price" of e.g. 750 EUR for 10 standards. [1]
- Getting off-topic, but more related shadiness: Your purchased PDFs are watermarked with your company name and full name of purchaser (!) in the footer of each page to prevent sharing.
Even with all of these, the cost of implementing the standard (time for engineering, design, etc.) will likely very quickly dwarf what you are paying for the standard itself. I agree that open would be better, but the fees themselves really do feel nominal compared to overall implementation cost.
The point is that it kills everything that isn't an engineering project with some funding secured. It kills exploratory work by individuals or small companies. It kills education. It kills popularization of standards.
And in case of standards in computing, like ISO 8601 - a lot of them are of interest to open source developers. If they could access them for free, they could make their code compliant. Software companies use a lot of open source, and often whether or not a product follows some standard somewhere is entirely dependent on whether the OSS component it uses follows the standard.
> - In theory, you need to purchase a multi-user license if more than one person should be allowed to read the pdf in your company (hint: nobody purchases the multi-user license).
How does the law treat this differently from a book? You can buy a book and then give or sell it to whomever you wish without any restrictions... how is this different?
When you try to compare digital downloads to physical media that isn't easy to copy, like books, most of the logic falls apart just like that.
Then there's also another side to digital distribution, especially in entertainment — if you bought a (heavily DRM'ed) video game, or a movie, or a book, or something else, online, it's tied to your account. You can't lend whatever it is you bought to a friend like you absolutely could the same exact thing on a physical medium. You can't resell it either. You also rely on the mercy of the seller to not pull your access to the thing. Yet, even though it lacks this basic trait of a physical medium, sellers treat digital and physical as mostly the same thing.
Oh shoot, sorry, I just realized I got confused. I misinterpreted the original comment (about the PDF) to mean that you're supposed to buy multiple physical copies too, and that nobody does that either. If that's not the case then that would explain it. Though then the question would be—is it not worth just buying the physical copy and passing it around?
While A few thousand euros definitely inhibits an amateur from becoming an expert, which is a terrible thing that greatly reduces the labor pool and possibly even some startup ideas, but I'm not sure it would stop many startups.
ICD-10-CM that you need in the US can be obtained from CMS free of charge. CPT is obnoxious, but you can also generally substitute HCPCS from CMS as well at no cost.
Source: work for a medical billing company, have had to deal with this garbage before.
The problem is not just a few hundred EUR if that standard is your core business, it's the 10's-100's that are roughly adjacent that if they were free you would just have on hand and use/adopt if it makes sense, but to have a price gatekeeper means you have to think about every single standard that might make sense to follow.
The problem is that all these standards apply to large and small devices, and to software as well.
I was once tangentially involved with an app that was basically a weight tracker. It was supposed to be a simple, reliable solutions for doctors to prescribe their patients, that allowed doctors to export data, and did not have annoying ads.
Since doctors were supposed to prescribe the app, it had to be certified as a medical device. It was fortunately a self-certification process.
But still the certification process was 10x more expensive than just the app development.
The problem is that not every medical "startup" has multiple full time employees and millions in funding. Some are just a single doctor with a simple idea, and for them a few thousand dollar here and a few thousand dollar there quickly add up. The standards aren't their only expense.
A better model is certification. Make the rules public, and when you want to sell your product, you must pay a standards agency to put their logo on your product.
You have to do that too. Well, you can never use their (the ISO) logo but you can use the logos provided by the certifying company to "prove" that you are certified. People don't abuse those logos because the companies in question have a lot of lawyers and will litigate relentlessly.
This means every single thing must be very carefully rewritten. You can not cite every single sentence in the full document, you would have to mimic Wine and rewrite the entire thing until your lawyers aren't worried about getting sued anymore.
And nobody's doing that.
Most people aren't going to quote much anyway, which means the people who don't know what's referenced can't understand it because they have no context. Which brings us back to square one, you can't meaningfully discuss the content in public.
The main problem here is that people who lack access to the document effectively can't participate in the discussions, if there isn't enough public information about the document accessible by other means.
You can discuss the general requirements, and paragraph numbers, etc, but there's a limit to how much somebody who has the document can quote without legal problems. Somebody else who sees the discussion can not know if the discussions contain complete enough information to "reverse engineer" the standard well enough to meet its requirements.
All those discussions about the ISO date standard involves getting information from somebody who has access to the document and who then shared the information in public. Not all documents has that degree of public commentary.
And if you need to ask about sections which haven't been previously described in sufficient detail for your needs, then you're personally relying on individual people who have access to read it and rewrite the information for you. Which is a lot of work and also legally uncertain.
Fair use standards are not all that consistent. And that's a legal defense you can use in court after already having been sued, not before. Enough for context can vary between one sentence or three pages.
I guess the trick is to pirate a specific localized version of the standard from an ISO member country that doesn't care about IP rights enough to sue you... say... PRC?
In the medical devices field we have standards like ISO 13485 and IEC 62304. They are very broad and high-level standards and require a lot of interpretation. What would REALLY help small companies that are just getting started, is a line by line explanation of what you need to do, why, and what possible solutions there are. I'm not sure, but I believe doing so could violate the copyright. Even the fact that I'm not sure prevents me from doing it.
Yes, and each one will tell you something different ;) I much prefer open discussion where the best ideas stay afloat and bad advice can be publicly shamed.
But getting funding through finances for 'a few hundred EUR' in a largish company could be nearly impossible. It's not a thing that can go into your yearly budget and it's not attached to any project. You'll have to pay out of your own pocket for that.
Your comment reminds me of related thing, with building codes in the US. The Supreme Court recently ruled they could not be copyrighted, for the reasons you say, they are laws that need to be available.
These codes are often produced by a single organization, "International Code Council", a non-profit somewhat analagous to ISO, which I believe sells them to governmental jurisidictions which adopt them as law, sometimes with some customizations or "choose A or B" choices.
One of the parties to the lawsuits involved happens to be a Y Combinator funded company, "UpCodes".
In the US, if there are any cases where an ISO code is mentioned in law as legally binding in some way, it's possible someone could try to challenge the ability to keep from sharing the relevant standard text freely. It's not exactly the same situation, but this supreme court decision provides a possible path anyway.
Same problem with the building standards in Australia.
Same problem in Australia with the AS/NZS standards. I've been having problems with my whiteset plaster, which is like a liquid applied white plaster surface used on almost every home here in Western Australia.
Mine was done incorrectly, I had to purchase two different $250 standards to understand how it was done wrong, how it should behave, how it was tested, in order to file a complaint. It may not surprise you part of the reason it was applied incorrectly is because not every trade has a copy of said standard.
And then even once you purchase it, it's a "one user" watermarked PDF you're supposed to only have 1 copy of and there's lots of harsh warnings about that, so even those that have it and scared to run around with it.
It's a crazy situation. Because this is legislated stuff for building. As a consumer it's very expensive to inform yourself on these things. If you wanted to inform yourself on all aspects of a build it would get expensive fast.
It's also difficult for me to publish and discuss this information in the public domain to help other consumers having the same problem, as the limits of how much text I can "copy" appears technically set at 0 even though it's standard to "reference" it. But it's very easy to mis-interpret the standard if you don't read things in context.
If the standards are effectively government legislated they either need to be government funded (this makes total sense to me) or the price needs to be much more token, 10 dollars, with much less draconian access. But at that price the government may as well fund it anyway.
It's not so surprising in Australia - protectionism is the norm here, where legally you have to hire an electrician to change a plug on an appliance. Making the standards expensive tends to force the average consumer to pay for the (overpriced) services of a professional.
> These codes are often produced by a single organization, "International Code Council"
Somewhat off-topic, but I've never quite understood the American tendency to call something the "International X" when the US is only the country of any significance involved in it.
(It may be technically true that a handful of small countries have adopted the US building code – such as Bermuda or Western Samoa. But that doesn't change its status as an essentially American code. The US is the only major economy to use it, and non-US entities have very minimal, if any, input on its contents. And a few small countries might have adopted the US building code even if it was called "US" rather than "International".)
I wouldn't call this an American tendency. Generally the word "international" is used for things which are expected or aspire to be truly international.
If anything the American tendency is to restrict interest to the US.
Can you name some examples? In Europe it's so easy and normal to organize a multi-national conference that it'd seem weird to start something that aspired to be international without inviting participation from multiple countries.
I hadn’t heard of the ICC before, but their “About” page claims chapters in 38 countries and their “Find a Chapter” page (https://www.iccsafe.org/membership/chapters/icc-chapters-and...) has links for Canada, Australia, and Mexico. I think it’s probably ok to consider that international in that context.
Australia doesn't use America's building codes. Australia has its own. And their "Australian chapter" is the Australian Institute of Building Surveyors (AIBS) – which it is worth noting is not the Australian body which develops Australian building codes – that's the Australian Building Codes' Board (ABCB). The AIBS is the professional body for building surveyors, and as such while its members have some role in enforcing those codes, it doesn't develop them itself–although they are able to provide input to the ABCB's public consultations (same as any other organisation is.)
I don't know what the actual point of having the AIBS as a chapter of the ICC is. Probably an excuse for some overseas business trips.
Good to know, but that’s probably moving the goal posts a bit. This looks like a private industry group set up to proactively influence adopted standards (ie: a lobby) and does so internationally.
At least in the US it’s fairly common for lobbies to offer prewritten codes in the hopes that the adopted codes are (at least pretty close) to the ones they want.
You could argue whether such a practices are how private industry and governmental regulations should interact, but it doesn’t seem like the term “international” is particularly problematic in the name. The “World Series” (of baseball) on the other hand...
> This looks like a private industry group set up to proactively influence adopted standards (ie: a lobby) and does so internationally.
Who are you saying is lobbying who here? Are you saying AIBS is lobbying the ICC? Or that the ICC is lobbying the AIBS?
I don't see why the AIBS would engage in lobbying about the contents of US building codes. What difference does it make to building surveyors in Australia what building codes in the US say?
You seem like you have a more detailed picture of the ground truth here, but that part you’ve basically said yourself (and I agree with, under the disclaimer that I found an “About” page and that’s the end of my knowledge):
AIBS appears to be a member of the ICC. The ICC appears to be an international lobby. In that context, AIBS (probably) lobbies the ABCB with some help from the ICC as do other chapter members their own respective government representatives or regulatory bodies. Or maybe they just enjoy the ICC newsletter emails. I was only pointing out that international here is not an really a presumptuous “the US is the world” misnomer.
We call our baseball thing the “World Series” because sometimes Canada plays.
Realistically it’s more probable that the group started out with a goal of world-wide adoption of the standards they produced and failed to get traction outside the USA sphere of influence.
If anyone is interested, below is a relevant portion of the court's analysis from the Up.Codes case in the original document linked to at the end of the Techcrunch article above. They lay out criteria by which a copyrighted work is considered "the law", giving the public free access to it:
"the principles that guide the Court’s analysis seem relatively clear. The law is in the public domain, and the public must be afforded free access to it. SeePRO, 140 S.Ct. at1507. That a law references a privately-authored, copyrighted work does not necessarily make that work “the law,” such that the public needs free access to the work. CCC, 44 F.3d at 74. However, a privately-authored work may “become the law” upon substantial government adoption in limited circumstances, based on considerations including (1) whether the private author intended or encouraged the work’s adoption into law; (2) whether the work comprehensively governs public conduct, such that it resembles a “law of general applicability”; (3) whether the work expressly regulates a broad area of private endeavor;(4) whether the work provides penalties or sanctions for violation of its contents; and (5) whether the alleged infringer has published and identified the work as part of the law, rather than the copyrighted material underlying the law."
The Supreme Court ruled in Georgia vs public.resource.org, which was very much not about building codes. P.R.Org actually does have another ongoing lawsuit that is similar to UpCode's: American Society for Testing and Materials et al. v. Public.Resource.Org
The UpCode ruling was at the district court level, and merely cited the ruling from Georgia vs public.resource.org.
Until we get at least appellate level decisions on the copyrightability of enacted codes, I'm unlikely to feel satisfied.
Hm, thanks for correction. I'm definitely not an expert. I just vaguely remembered that it was something that was at one point being legally challenged, so looked it up and found those articles, with headlines including:
"Supreme Court rules that building codes cannot be copyrighted"
"Construction code purveyor calls Supreme Court's ruling that annotated code can't be copyrighted 'monumental'"
If I read the TechCrunch article properly the UpCodes case was decided at the district level by judge Victor Marrero. The judge cited the recent victory by PRO Inc. in the Supreme Court
> The Supreme Court recently ruled they could not be copyrighted, for the reasons you say, they are laws that need to be available.
No, it didn't. It ruled that the State of Georgia couldn't claim copyright on officially-annotated legal codes. Your sources note this and speculate about how it might impact a different ongoing dispute about privately-copyrighted building codes owned by the ICC that are often referenced in, and thereby given force of, law (and the TC one of discusses it having an effect on a non-terminal ruling in the case (a motion to dismiss which was denied, allowing the case to move forward but not resolving it.)
> but is a few hundred EUR really an obstacle for any kind of serious medical startup?
No, it really isn't if they are serious, or even if they plan on being serious in the future.
If you are shipping anything classified as a device, regulatory & QA work will typically involve multiple full time hires and/or equivalent consulting help by the time you file. Things are a bit leaner in SAAS only world, but still significant.
It's incredible to learn from the responses in this thread how widespread and systemic this problem is, not just in software but seemingly every industry. Thank you for these examples.
This is not new. It has happened to inter-networking. Well that is why we call FTAM F...
It was a shock for people doing internet (which in 1990s based on us gov std will be obsoleted and all moved to iso/osi). Or in my job doing EDI. It is just crazy. We want to do us gov standard and world standard. But can’t.
Let us temporarily use this lousy Ethernet, to be obsolete internet ... can’t use sna we all know and decnet (iso ?) is too buggy.
At least this ftp, email, telnet seems work. It needs at least 2 working sample before the standard is a ietf paper. And you can at least download the paper to learn what is it.
Good luck we are in 1990s. We never did a migration from the temporary internetworking thing call internet to the grand great hall of iso/osi. Just hope health care do not repeat the same mistake. Only open available standard could work if you have more than 1 parties.
Sometimes they literally are the law, for example where paywalled standards are “incorporated by reference” into regulations. There are official workarounds [1] — sometimes — but the situation of a law that isn’t freely available is disturbing.
ISO standards commonly refer to other standards for more details. Then you also need technical reports which are also pay walled to get a sense of practical application. It very quickly adds up and there is no way to "explore" which documents are really applicable to your company and products.
And to top it off most of these licenses under which you buy them only allow for a single digital copy (one person).
As mentioned above, if it few $524 per document, and you don't know how many documents you will need to consult in order to comply with the standards and at the end you need to buy the relevant document ... It's tricky. Standards are like laws. The law shouldn't be pay-walled.
For one or two standards? There's just the headache of getting approval to spend the money.
But when it gets to dozens/hundreds, plus requiring vendors to have their own copies, it quickly multiplies into a massive burden. And that's not even getting into the open source issues.
Not to mention the fact that you might not know if you NEED the ISO until after you've already bought it.
One common workaround is to go to "the Estonian site" which offers the same, English version of standards for a much lower price [2]. Being a bit cynical, I would say that Estonia prioritises open information much more highly than.. other developed countries. I created a price comparison on my website [3].
But: The core problem of standards being openly available is still not solved. Why is this not possible? For me, standards are very comparable to the law: A large number of people should comply with it. For that, they must be openly available to everyone. Everything else doesn't make sense. Is that unreasonable?
[1] https://www.iso.org/standard/38421.html [2] https://www.evs.ee/en/ [3] https://openregulatory.com/accessing-standards/