I’ve written a lot (and even made a video) about the bizarre way ISO makes money: they take the intellectual property of unpaid volunteers, claim it as their own, sell it commercially, and then keep 100% of the profits for themselves. ISO gives nothing back, while claiming to be some sort of altruistic, world charity organization. In truth, they are a commercial publishing company operating one of the biggest “non-profit” scams the planet has ever seen.

So I’ve criticized those who sign up for this agreement, and voluntarily hand their IP to ISO with no hope of a return. In most cases, these are private consultants who then pull all sorts of shenanigans afterward to turn their losses into a profit: they market their participation in ISO in order to sell books, or wind up on decades-long speaking circuits. They build tiny personality cults and claim remarkable professional “expertise” based on their ability to enter into a business arrangement with ISO that reveals their entire lack of business acumen.

But what if some of the authors of ISO standards weren’t savvy as to this lopsided deal? What if they didn’t know what they were getting into? In the world of technical standards, where authors are used to developing standards for non-ISO bodies, this happens more frequently than you’d think.

Meet Rick Jelliffe, a software expert who invented a tool called Schematron, which is used to validate XML scripting. Jeliffe invented Schematron in 1999, and it is largely based on the concepts of open-source code and open standards. It’s intentionally intended to be used as widely as possible, to ensure (among other things) a safe and secure execution of XML. Thus, the standard itself was freely available for many years. Because ISO is a world-spanning tornado that sucks up everything into its ever-hungry eye, eventually Schematron was absorbed as an official ISO/IEC standard. (IEC is ISO’s sister org, the International Electrotechnical Commission, which deals mostly with these sorts of tech standards.)

In a May 2021 blog post, Jeliffe recounts how ISO had previously promised to maintain standards like Schematron as free, but with its recent update ISO “reneged” on that promise, in what Jeliffe characterizes as a “betrayal“:

I note with extreme displeasure that ISO/IEC has recently reneged on its policy of making available free PDFs for standards that were brought into ISO from the outside: they want you to buy it. In the case of the 2020 edition, which is some corrections and additional annexes only to the freely-available 2016 edition, it is ridiculous bastardry on ISO’s part.

This is an important standard used by many financial and government organizations, such as the German XRechnung initiative, but the core library technologies are almost entirely implemented or maintained by private individuals as open source projects (such as David Maus’  SchXslt): these small or not-for-profit developers should not have to abruptly have to fork out  US $175 for the 2020 edition which differs only in a few pages from from freely available 2016 edition.  It is likely we have reached the point where it would be better to move ISO DSDL out of ISO for development, so it meets the requirements of this betrayal.

So my prior blanket criticism of ISO standards authors is unfair. There are likely many, many such accounts of ISO simply stealing standards out from under the control of its authors, or making promises at one point in time, only to renege on them later. This is hardcoded into ISO’s corrupt DNA, and we shouldn’t be surprised as to the depths of what it will do.

Ridiculous Bastardry

As they did with the ISO 9001:2008 version, there’s some shady shit going on with ISO’s versioning, too, all designed to “push paper” through their online store. If you recall, the world voted that ISO should not update the 2000 version of ISO 9001, but ISO wanted to artificially inject some cash into their bank account, so they released the 2008 version not as a “revision,” but as an “amendment.” It was the identical standard with some grammar corrected, but then — through its partnership with the accreditation scheme leader IAF — forced everyone on the planet to throw out their 2000 version and buy a 2008 version. Then — again, with IAF collusion — certification bodies enforced these purchases by writing audit nonconformities against companies found to be clinging to the identical ISO 9001:2000 version.

This was criminal fraud on a global scale, but ISO got away with it.

In the case of the Schematron standard, they pulled the same old rabbit out of the same musty hat. While the prior 2016 version of ISO/IEC 19757-3, it was free; for the 2020 version — which costs a whopping $175 — Jeliffe says ISO added “some corrections and additional annexes only to the freely-available 2016 edition,” a move he characterized as “ridiculous bastardry on ISO’s part.”

In an interview with The Register, Jeliffe revealed:

“… This was an an open source project from the beginning, the assumption I came in on was that the standard would be available to the public, and indeed ISO made the PDFs available for free individual downloads, which was plenty good enough. The most recent revision to the standard merely adds a few pages and makes some minor corrections, it does not change the basic technology or text. As no major or breaking changes have been made, it is not reasonable to stick a new version number and deem it to be suddenly a new thing that different rules should apply to.”

It may also have been illegal. Jeliffe quoted another industry professional, John Dziurłaj, who pointed out that Schematron is used in the development of US voting machines. Under US law, “any standard incorporated into the Voluntary Voting Systems Guidelines must be freely available.” This forces companies to use the older version, which risks quality later should a significant version of ISO/IEC 19757-3 be made in the future and only sold with a price on the cover.

This also means that ISO’s greed could literally impact the integrity of free elections.

ISO, based in Switzerland, is not held to US laws, however. And the US has no legal mechanism to force ISO to offer its standards for free. All the US can do is “buy” the standards from ISO and hand them out within its borders, a technical nightmare that the US isn’t about to do. Worse, the US’ equivalent body, ANSI, follows the same funding model as ISO, and acts as a non-profit publishing company obsessed with its own sales revenue. It has no motivation to offer ANSI standards for free, either.

I’m sure there are another million use cases for Schematron which raise similar problems.

Blame the Bureaucrats

If your bile wasn’t already risen to behind your eyeballs, put on a hat, because it’s about to burst out your skullcap. Here’s ISO’s standard response, finding a way to cite bland bureaucracy while entirely denying any responsibility on their part:

This standard is an ISO/IEC standard and it is unfair to say that ISO and IEC, since this is a joint management and decision, has reneged of the freely available status. We are not reneging the freely available status. It’s simply not requested by the committee.

To be very, very clear: this is a complete lie. 

Technical committees have no role in establishing pricing of standards; this is a power reserved for the ISO Executive. The document “ISO/IEC Directives, Part 1” defines the full role and duties of both Technical Committees and Joint Technical Committees, and those procedures — which are verbose documents reaching almost 200 pages of detail — say nothing at all about allowing them to set final pricing. If such rights were granted to a TC or JTC, that is where it would be written. It’s not.

Instead, ISO maintains a “Pricing Policy” document which defines typical prices for standards, based on page count. Final determination of price is made by an executive committee, unrelated to the TC or JTC which created the standard. In their reply to The Register, ISO is making the ludicrous claim that it had to charge $175 for the standard because the authors never asked them not to.

Which is patently absurd on its face.

The ISO FAQ page is equally dishonest:

Why is there a charge for standards?

Developing, publishing and maintaining ISO standards incurs a cost, and revenues from selling them helps ISO and its members to cover an important part of these costs. Charging for standards allows us to ensure that they are developed in an impartial environment and therefore meet the needs of all stakeholders for which the standard is relevant. This is essential if standards are to remain effective in the real world.

Photo of Sergio Mujica

ISO Secretary-General Sergio Mujica

As I described in my video, as indicated by ISO’s own published financial statements, it spends $0 per year on standards development. Instead, its expenditures are largely “operating costs” (salaries for executives and staff, and building costs) with some minor pennies sent on “projects for developing countries” and “promotion.” Instead, ISO’s model is to force member bodies to pay their own costs for organizing standards development activities and hosting committee meetings, of which ISO pays nothing. Meaning none of ISO’s listed “expenditures” went to anything related to the Schematron standard, and their response to The Register was a complete and total lie.

But no one holds ISO accountable, though.

The Schematron scandal is both outrageous and sad. It’s unfair that people like Jeliffe signed up to provide the world free IP, only to have ISO abscond with it and keep the money for itself. It may literally be a crime that this move then denies public and free access to the standards used in critical applications like voting systems.

ISO must be regulated. It remains one of the biggest threats to both intellectual property and international standardization, as it prioritizes the salaries of its executives and sales of its books over the world’s safety and trade. Just who would regulate a superlegal entity like ISO, however, remains the question.

About Christopher Paris

Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001 and Surviving AS9100. He reviews wines for the irreverent wine blog, Winepisser.


ISO 45001 Implementation