Regulatory Compliance

For the Regulatory Compliance Building Block, a generic list of rules and regulations was created and included in the iSHARE Trust Framework. See here for the detailed list.

DSSC Description

This building block aims to guide the data space governance authority in applying legal rules to a data space's design and operation. Specifically, it helps to properly define some participant roles and responsibilities, establish internal policies, and continuously monitor the regulatory compliance of a data space. In addition, it assists data space participants in understanding their rights and obligations under regulatory frameworks that are relevant to their role in a data space or to a specific data transaction. It also provides guidance on relevant legislation to those interested in setting up or joining a data space, including developers, policymakers and others.

Key elements of this building block include:

  • Triggers: Elements, criteria or events (e.g. data type, nature of participant or domain) that have occurred in a particular context of a data space and signals that a specific legal framework must or should be applied.

  • Data space requirements: Regulatory provisions that explicitly refer to data spaces.

  • Additional legal considerations: This element highlights other important legal considerations to be aware of when setting up or operating a data space, e.g. cybersecurity law.

  • Tools enabling regulatory compliance within a data space: Technical tools or techniques designed to address certain legal requirements (such as a secure processing environment, privacy-enhancing technologies, etc.).

  • Regulatory Compliance Flowcharts: A step-by-step guidance helping to assess the applicability of a specific legal framework and to determine the requirements to be addressed by specific entities. The main objective of this element is to operationalise the triggers and structure the interplay of the above-mentioned elements. In the future, these flowcharts will become part of the Legal Compass, which will reflect more in detail on the relationship between decisions taken in the business, technical or governance of a data space and compliance with particular legal requirements.

The complete description is available here.

PreviousParticipation ManagementNextContractual Framework

Last updated