⁽¹⁾
The text of the OECD Convention was inserted for delegates use in reviewing the draft versions of the Guidelines. It is not necessary to include this language in the final version.

⁽²⁾
This paragraph ties the Guidelines to the purposes of the OECD Convention in paragraph [1] and answers the question “Why is the OECD working on cryptography policy?”.

⁽³⁾
The examples of specific applications previously mentioned in this paragraph will now appear in the Memorandum to accompany the Guidelines.

⁽⁴⁾
The words “. .to achieve anonymity...” have been removed from this phrase for technical reasons. cryptographic methods are neutral as concerns anonymity. That is, the use of cryptography neither enhances nor limits an individual's ability to achieve anonymity (a message that is not encrypted can be anonymous). In fact, cryptographic methods for authentication enhance the capacity for personal identification.

⁽⁵⁾
This phrase has been changed from "...facilitating unlawful or unauthorised surveillance of individuals and enterprises" to “...facilitating unlawful or unauthorised access to data” for technical reasons: it is utilising cryptographic methods (rather than failing to utilise them) that can facilitate surveillance of transactional data.

⁽⁶⁾
This paragraph is descriptive only. These concepts will be expressed in the accompanying memorandum.

⁽⁷⁾
Note that the definition should try not to capture what the principle expresses. Some delegations suggest that ''"lawful access" access" needs not be defined here, given the scope of paragraph [88].

⁽⁸⁾
Paragraphs [56] and [61], and [57] have been moved from the trust principle to the "recognising" section and the "voluntary choice" principle, respectively.

⁽⁹⁾
This sentence might be better placed in the"standards" principle.