Regulatory Compliance

Legal certainty is essential for building trust in any data space. According to the DSSC Blueprint 2.0, the Regulatory Compliance building block helps define which laws and obligations apply to the design, operation, and participation within a data space. It provides practical guidance on how to apply legal frameworks, assign responsibilities, and remain compliant over time.

Each data space should establish clear procedures for:

• Recognising regulatory triggers, such as the types of data processed or participant roles involved; Assigning responsibilities, ensuring that each participant understands their legal duties;

• Embedding compliance mechanisms in operational and technical layers (e.g., through identity assurance, consent management, and traceable authorisation);

• Maintaining adaptability, allowing the governance body to update rules as regulations evolve.

While compliance starts with awareness, it must be embedded into both governance and technology. The iSHARE Framework supports these activities through predefined legal provisions and trust-based mechanisms that help participants meet requirements such as GDPR, eIDAS, and sector-specific rules, without duplicating compliance work across the ecosystem. See more details here on the Legal Context.

Data spaces may still need to customise legal interpretation for their domain.

The guiding questions can help in the co-creation process and in defining this building block, so please see the next section.