The element will be deprecated in Schema 6. Please consider using report_date instead of submission_date. UNODC suggests to use the below regular expression as a minimum level of complexity to enforce a strong password. This expression will enforce a minimum of 8 chars with 1 uppercase, 1 lowercase, 1 number and 1 special character Please note that patterns used in the schema are Javascript regular expressions and may not appear valid in tools like Altova You can test your patterns at https://regex101.com - select Ecmascript from the regex flavour list on the left