Guiding questions

Trust Entities & Roles

Purpose: Define the roles and recognition of trust anchors, providers, and accredited entities in the data space.

  1. Which Trust Anchors will the data space recognise (e.g., EU authorities, accredited certification bodies)?

  2. What roles will Trust Service Providers play in the ecosystem?

  3. Will the data space maintain its own accredited trust entities or federate from existing frameworks?

Criteria & Rulebook Alignment

Purpose: Specify baseline and sectoral criteria for trust entities, aligned with the data space rulebook.

  1. What baseline criteria must a trust entity meet to be recognised in the data space?

  2. How will sector-specific or regulation-driven trust requirements be added to the rulebook?

  3. Will the data space adopt existing cross-sector rules (e.g., Gaia-X trust principles) or develop bespoke ones?

  4. How will conformity with these criteria be evidenced (e.g., ISO/IEC 17000-based attestations, certificates)?

Validation & Verification Processes

Purpose: Establish how claims and attestations will be validated, exchanged, and revoked when necessary.

  1. How will claims and attestations be collected, exchanged, and validated?

  2. What technical standards (e.g., W3C VC, ISO CASCO) will the data space require for claims formatting?

  3. How will revocation and suspension of trust entities or credentials be handled?

  4. Will verification support dynamic attributes (e.g., DAT) where applicable to usage control?

Registry & Transparency

Purpose: Create transparent, discoverable registries of trust entities to support verification and compliance.

  1. What type of registry will store accredited and revoked trust entities?

  2. How will participants and third parties discover and verify trust entities?

  3. Will registry entries be machine-readable for automated compliance checks?

Leveraging Existing Frameworks

Purpose: Integrate and adapt existing trust frameworks to meet Green Deal–specific and high-risk requirements.

  1. Which existing trust frameworks will the data space leverage (Gaia-X, iSHARE, IDSA, domain-specific)?

  2. How will the data space extend these frameworks for domain-specific needs?

  3. Will stricter trust criteria be applied for high-risk data or sensitive transactions?

  4. How will cross-framework interoperability be proven (conformance testing, cross-certification, or mapped profiles)?

PreviousTrust FrameworkNextAccess & Usage Policies Enforcement

Last updated