Guiding Questions

Policy Scope & Governance

Purpose: Define common baseline policies while allowing participants to set stricter rules within their domains.

  1. Which common access and usage policies will the data space enforce platform-wide?

  2. What is the minimum baseline for policy enforcement (security, privacy, sustainability criteria)?

  3. Can participants define stricter policies within their own DUGs?

Policy Information Points (PIPs)

Purpose: Specify shared registries and consent points that integrate with identity and trust services.

  1. Which shared PIPs should the data space maintain (e.g., GDPR consent registry)?

  2. How will PIPs integrate with the Trust Framework and Identity Management?

  3. Should sector-specific consent management be centralised or left to DUGOs?

Policy Lifecycle & Negotiation

Purpose: Enable machine-readable policy agreements, revocations, and checks throughout the data lifecycle.

  1. How will machine-readable agreements be negotiated (ODRL templates, bilateral APIs)?

  2. At what points in the data transaction lifecycle will policy checks occur?

  3. How will policy revocations be propagated across participants?

Enforcement Architecture

Purpose: Design a distributed or centralised enforcement system using standard policy decision and enforcement points.

  1. Will the data space operate a central policy engine or federate enforcement to participants?

  2. How will the PEP/PDP/PIP/PAP architecture be implemented in multi-cloud or hybrid environments?

  3. What contextual data (identity, contract terms, asset metadata) will be required for decisions?

Compliance Tracking & Proof

Purpose: Provide audit trails, retention rules, and real-time alerts to ensure accountable policy enforcement.

  1. How will audit trails be generated, stored, and accessed?

  2. What is the retention period for enforcement proof?

  3. How will the data space support real-time policy breach alerts?

  4. Will conformance evidence (logs, proofs, certificates) be published to support audits and marketplace listing requirements?

Interlinkages & Dependencies

Purpose: Align policies with trust, identity, and legal frameworks to create a coherent enforcement ecosystem.

  1. How will Access & Usage Policies integrate with the Trust Framework?

  2. How will identity attestations influence policy enforcement?

  3. Which parts of the Legal Building Blocks must be mirrored technically here?

  4. How will policy outcomes be reflected in discovery/marketplace visibility (e.g., eligibility, access tiers)?

PreviousAccess & Usage Policies EnforcementNextData Value Creation Enablers

Last updated