Guiding questions

Which Trust Anchors will the data space recognise (e.g., EU authorities, accredited certification bodies)?

What roles will Trust Service Providers play in the ecosystem?

Will the data space maintain its own accredited trust entities or federate from existing frameworks?

What baseline criteria must a trust entity meet to be recognised in the data space?

How will sector-specific or regulation-driven trust requirements be added to the rulebook?

Will the data space adopt existing cross-sector rules (e.g., Gaia-X trust principles) or develop bespoke ones?

How will conformity with these criteria be evidenced (e.g., ISO/IEC 17000-based attestations, certificates)?

How will claims and attestations be collected, exchanged, and validated?

What technical standards (e.g., W3C VC, ISO CASCO) will the data space require for claims formatting?

How will revocation and suspension of trust entities or credentials be handled?

Will verification support dynamic attributes (e.g., DAT) where applicable to usage control?

What type of registry will store accredited and revoked trust entities?

How will participants and third parties discover and verify trust entities?

Will registry entries be machine-readable for automated compliance checks?

Which existing trust frameworks will the data space leverage (Gaia-X, iSHARE, IDSA, domain-specific)?

How will the data space extend these frameworks for domain-specific needs?

Will stricter trust criteria be applied for high-risk data or sensitive transactions?

How will cross-framework interoperability be proven (conformance testing, cross-certification, or mapped profiles)?