Open standard assessment

This section is not part of the standard

The content in this section is only included to help explain the standard, provide examples or make recommendations about use.

It does not contain requirements for complying with the standard and is not governed by the formal standards process.

The information may not have been updated to accurately reflect Government policy.

• Formal specification
• Implementation of the formal specification
• Openness
• Access to the formal specification
• Versatility/flexibility of the proposed standard
• End-user effect of the formal specification
• Maintenance of the formal specification
• Related European standards

This page contains information about the standard in response to 47 questions. The questions are used to assess whether standards are open and should be recognised as official Government standards of the UK.

Formal specification

1: Does it address and aid interoperability between public administrations?

✅ Yes. The data standard is currently used to make tariff policy interoperable between administrations that author it (such as the Department for Business and Trade) and administrations that operationalise it (such as His Majesty’s Revenue and Customs, or Jersey and Guernsey).

The standard specifies an unambiguous way for multiple administrations to collaborate on tariff policy without needing constant communication about intent or configuration.

For example, the Department for Business and Trade can use the standard to encode a new tariff rate for the import of goods which can be consumed by border systems at both HMRC and Jersey and Guernsey and unambiguously applied to future import declarations with no further manual or human input required.

2: Does it address and aid the development of digital services in government?

✅ Yes. The Online Tariff Service run by HMRC is a digital service that consumes data adhering to this standard and provides a search engine and lookup tool for international traders. The standard allows this service to consume a data feed and automatically update its content in response to new data being published.

Furthermore, there are a number of other services in the international trade domain that provide guidance or operational functions such as the Check How to Export Goods service or the Single Trade Window. Understanding the correct rules and fees for international trade is key to the delivery of those services, and data adhering to this standard allows them to do this unambiguously.

3: Are the functional and non-functional requirements for the use and implementation of the specification clearly defined?

✅ Yes. The functional and non-functional requirements are clearly defined by a repository of documentation.

4: Is it possible to implement the specification across different domains?

✅ Yes. Although the standard is used to define information for rules and fees designed to be operationalised at a national border, the domains within that scope are extremely broad and cover all aspects of international trade.

For example, the tariff data contains conditions relating to export of nuclear material, import of animal or plant products, or application of political sanctions.

The data in this format published by Department of Business and Trade is authored by teams in at least 30 different policy areas across 11 public administrations.

5: Is it largely independent from products of single providers, either open source or proprietary?

✅ Yes. The standard is based on and remains compatible with a European Union database with the same purpose that has been in use for a number of decades. Each Member State of the European Union needs a system that is capable of consuming data in this format. As such there are a number of providers with expertise in the standard.

There are specific examples:

• The Department for Business and Trade maintains the Tariff Management Tool as an open-source tool that produces data implementing the standard
• HMRC’s Online Tariff Service is an open-source implementation that can read data in this format
• Jersey and Guernsey’s border systems that consume the standard are currently provided by a UK-based supplier
• There are at least three other United Kingdom-based suppliers who have experience implementing systems to work with this data and several more in the European Union

6: Is it largely independent from specific platforms?

✅ Yes. There are no requirements on platform. Python, Ruby and Java are programming languages that have been used to build systems to manage and consume the data.

7: Has the standard been written so that it can be delivered or used with more than one technology (for example XML and JSON)?

✅ Yes. There is an XML schema and SQLite schema that can be used to encode data to the standard. The Online Tariff Service also provides a JSON API that communicates data in the standard.

8: Has the specification been sufficiently developed and existed long enough to overcome most of its initial problems?

✅ Yes. The specification is based on and remains compatible with TARIC3 which has been used by the European Union for several decades. It is used in the EU on a daily basis to transmit changes in tariff policy.

The UK’s application of the standard predates Brexit as it was used to receive tariff data from the EU when the UK was a member state.

A renewed interest in the standard and some UK-specific modifications coincided with the need for the UK to set an independent trade policy. The standard was successfully used to author and transmit UK-specific data prior to the end of the Implementation Period. This process has been in BAU since January 1st 2021.

9: Are there existing or planned mechanisms to assess its conformity and implementation - for example conformity tests, certifications and plugfests?

✅ Yes. There are a number of data-based test cases included with the validation rules that allow implementors to check their implementation. We don’t believe more formal certification is required or would justify the effort.

10: Does it have sufficient detail, consistency and completeness for the use and development of products?

✅ Yes. There are a number of ‘products’ based on the standard as referenced in question 5, all of which have been successful in using the standard to collect and interpret tariff policy.

Implementation of the formal specification

11: Does it provide current implementation guidelines and documentation for the implementation of products?

✅ Yes. The standard provides guidance to implementors on how to manage updates and data versions, including an example schema in the form of an SQLite database.

12: Does it provide a reference (or open source) implementation?

✅ Yes. The products mentioned in question 5 include open source implementations of both data creation and data consumption systems.

In particular, the Tariff Management Tool maintained by the Department for Business and Trade is intended as the reference implementation of validation logic.

13: Does it address backwards compatibility with previous versions?

✅ Yes. Places where the UK standard differs from TARIC3 as defined by the EU (mostly in areas where the UK requires stricter conformance or is no longer using the full expressivity of the EU model) have been clearly documented.

Historical data continues to be allowed to ensure backwards compatibility. Where validation rules have been added which historical data would fail, the rules have been explicitly scoped to only take effect from a certain date.

14:. Are the underlying technologies for implementing it proven, stable and clearly defined?

✅ Yes. The standard is a data standard and as such is mainly concerned with semantic meaning and data formats that can be implemented in a number of technologies.

However, the canonical encodings of the data include XML and SQLite, both of which are widely recognised technologies, have support in all major programming systems and number billions of implementing devices worldwide.

Openness

15: Is information on the terms and policies for the establishment and operation of the standardisation organisation publicly available?

✅ Yes. The terms of reference and governance arrangements are documented as part of the documentation repository and on the repository’s Github page.

16: Is participation in the creation process of the formal specification open to all relevant stakeholders (such as organisations, companies or individuals)?

✅ Yes. The creation process is handled using an asynchronous mechanism on Github Discussions which is used as an open discussion forum. There are also ad-hoc synchronous discussions held via a suitable video conferencing platform. Both media are open to any interested party.

There is a core stakeholder group which includes Government data architects and external system implementors. Changes to the standard requires unanimous approval of this group. Other relevant stakeholders not on this group are able and encouraged to engage with discussion on the open forum or as part of video discussion.

17: Is information on the standardisation process publicly available?

✅ Yes. The full standards process is carried out in the open as above.

18: Is information on the decision-making process for approving formal specifications is publicly available?

✅ Yes. The full standards process is carried out in the open as above.

19: Are the formal specifications approved in a decision-making process which aims at reaching consensus?

✅ Yes. The full standards process requires unanimous support of a stakeholder group, which is used as a proxy for consensus amongst the user base.

20: Are the formal specifications reviewed using a formal review process with all relevant external stakeholders (such as public consultation)?

✅ Yes. Proposals are made in the open and all relevant external stakeholders are encouraged to take part in this discussion process.

21: Can all relevant stakeholders formally appeal or raise objections to the development and approval of formal specifications?

✅ Yes. All relevant stakeholders are encouraged to raise their objections to any proposals.

22: Is relevant documentation of the development and approval process of formal specifications publicly available (such as preliminary results and committee meeting notes)?

✅ Yes. The full standards process is carried out in the open as above.

Access to the formal specification

23:. Is the documentation publicly available for implementation and use at zero or low cost?

✅ Yes. All documentation for the standard is publicly available for zero cost in an open repository of documentation.

24: Is the documentation of the intellectual property rights publicly available (is there a clear and complete set of licence terms)?

✅ Yes. All documentation is available under the Open Government Licence v3.

25: Is it licensed on a royalty-free basis?

✅ Yes. All documentation is available under the Open Government Licence v3.

Versatility/flexibility of the proposed standard

26: Has the formal specification been used for different implementations by different vendors/suppliers?

✅ Yes. As discussed in question 5, there are a number of different implementations from different organisations that implement the specification.

27:. Has the formal specification been used in different industries, business sectors or functions?

✅ Yes. The projects discussed in question 5 include data management functions, border operations functions, and information and guidance functions. Within the private sector, some vendors provide re-sale functions by combining data implementing the specification with data from other national tariffs.

28: Has interoperability been demonstrated across different implementations by different vendors/suppliers?

✅ Yes. The UK Border is currently implemented using several interoperable data systems all provided by different vendors.

These include:

• The Tariff Management Tool (TaMaTo), implemented by the Department for Business and Trade.
• Customs Declaration System (CDS), implemented by European Dynamics and HMRC.
• IPAFFS, implemented by the Department for Environment, Food and Rural Affairs.
• The Online Tariff Service, implemented by Engine and HMRC.

End-user effect of the formal specification

29: Do the products that implement it have a significant market share of adoption?

✅ Yes. Within the UK and EU tariff and border control process, the vast majority of systems correctly implement the standard.

30:. Do the products that implement it target a broad spectrum of end-uses?

✅ Yes. For the products mentioned in question 28:

• The Tariff Management Tool targets data managers and policy experts
• Customs Declaration System (CDS) targets traders lodging customs declarations and larger traders with dedicated data functions
• IPAFFS targets traders importing or exporting plant or animal products
• The Online Tariff Service targets smaller, independent traders without systems integrations or access to data feeds

31: Does it have strong support from different interest groups?

✅ Yes. All of the above groups mentioned in question 30 are taking part in the evolution of the data standard.

32: Is there evidence that the adoption of it supports improving efficiency and effectiveness of organisational process?

✅ Yes. The UK’s legacy customs system CHIEF previously required a large data entry team to manually update European Union and UK trade policy. Since the retirement of CHIEF and the switchover to CDS, this team has largely been redeployed on higher value functions such as policy support and quality assurance.

33: Is there evidence that the adoption of it makes it easier to migrate between different solutions from different providers?

✅ Yes. DBT’s Tariff Management Tool was created to provide a UK equivalent for a data authoring system used by the EU to manage its own tariff. The standard allowed this new iteration to successfully send compatible data to HMRC with almost zero contact between the new implementation team and the supplier of the EU system.

34: Is there evidence that the adoption of it positively impacts the environment?

⚪️ Not applicable. Beyond the self-evident reduction in carbon through more streamlined communication, there is little impact that is possible for a standard of this kind in this domain.

35: Is there evidence that the adoption of it positively impacts financial costs?

✅ Yes, as discussed in question 32.

36: Is there evidence that the adoption of it positively impacts security?

✅ Yes. The standard includes a number of security protections that make it more difficult to perform temporary, invisible attacks against systems:

• The standard includes a transmission protocol which communicates changes to the data in an append-only log. This means that all changes to the data are permanently recorded and any malicious action designed to temporarily modify the data will remain visible even if the action is reversed. This significantly increases the ability to detect and undo malicious actions.
• The transmission protocol numbers data updates in a global sequence and requires that new data has a higher sequence number than old data. This means that an attacker attempting to insert data into the sequence will also need to rewrite all subsequent transactions to avoid validation errors. This means that any data insertion requires a permanent attack and if the attack ends the mismatch in sequence numbers will be made visible.

37: Is there evidence that the adoption of it can be implemented alongside enterprise security technologies?

✅ Yes. The implementing systems discussed in 5 make use of enterprise security technologies as part of their cloud deployments.

38: Is there evidence that the adoption of it positively impacts privacy?

⚪️ Not applicable. There is no personal data included in the data governed by the standard.

Where the data governed by the standard is mixed with personal data, it is up to downstream consumers of the standard to perform a privacy impact assessment for that usage.

39: Is it largely compatible with related (not alternative) formal specifications in the same area of application?

✅ Yes. This data standard remains compatible with the closed EU specification from which it is derived. A system designed to consume data to the EU specification can also consume data encoded to this standard.

40: Is there evidence that the adoption of it positively impacts accessibility and inclusion?

✅ Yes. The canonical source for data encoded in this standard is tariff legislation encoded as PDF. Using this standard to provide a more granular and structured representation should contribute positively to accessibility because services like the Online Tariff Service can provided more accessible views of the data.

Maintenance of the formal specification

41: Does it have a defined maintenance organisation?

✅ Yes. The Secretariat is provided by the Department for Business and Trade and is responsible for maintenance of the standard.

42: Does the maintenance organisation provide sufficient finance and resource to control short-to-medium-term threats?

✅ Yes. Tariff management remains a business function with budgetary approval for DBT with no plans for this to change.

43: Does the maintenance organisation have a public statement on intention to transfer responsibility for maintenance of it, if the organisation were no longer able to continue?

✅ Yes. We have defined that stewardship of the standard is always the responsibility of the unit that leads on enacting trade policy legislation. Today this is DBT, but if in the future this function moves to another Department, the responsibility and incentive for maintenance of the standard would move to that Department too.

If that Department no longer sees value in maintaining a standard, then it would be up to that Department to find a new home for it, potentially by establishing a separate body to take over governance.

44: Does it have a defined maintenance and support process?

✅ Yes. DBT maintains the open discussion forum and email inbox to provide support for standards users. There are already examples of this support being provided.

45: Does it have a defined policy for version management?

✅ Yes. A standards changelog is maintained as part of the documentation repository.

Related European standards

46: Is this an existing European standard or an identified technical specification in Europe? (Note: CEN, CENELEC or ETSI are the European standards bodies. Technical specifications provided by organisations other than CEN, CENELEC or ETSI can be under consideration to become a European standard or an identified technical specification in Europe.)

❌ No. Whilst this standard is based on a long-standing EU database (TARIC) it is not standardised by the EU for public use at any of the above bodies.

47: Does this specification or standard cover an area different from those already identified or currently under consideration as an identified European standard or specification?

✅ Yes. Whilst this standard is based on an EU database (TARIC), the UK’s use of the standard has diverged from the EU. Whilst there remains compatibility on a technical level (such that any system that can consume EU data can also consume UK data), there are some important semantic differences. Further, this standard is now governed by a UK group who will assess the relevance of upstream EU changes.