1. What is a data space?

We live in a world where many individuals and organisations want to share data based on fair conditions and transparent rules. This requires collaboration, sometimes one-to-one, but in most cases in large groups. Some organisations initiate such collaborations, whereas others just want to participate. This has proven to be an exciting opportunity for technology and service providers, which aim to facilitate such collaborations with tools and technologies. At the same time, we need to establish how to govern these collaborations and technologies, for which (European) regulation and common governance schemes are being developed.

This is the world of data spaces, and it is profoundly impacting many industries and people’s daily lives. The business value of having a data space is that developers of data driven applications don’t need to develop many interfaces that differ per data set (e.g. by standardizing the interfaces or connectors). This saves time and money. It also increases the quality. since all data sets are approached in a similar way. Besides that, data sharing via a data space can be done in a secure and controlled way (e.g. by controlling who gets access to the data under which conditions).

However, we have also encountered potentially negative impacts, such as the breach of trust or business models, which ultimately benefit only a few strong players. Regulations were put in place, such as the EU Data Act and the EU Data Governance Act, aiming to foster the development of the data economy and set rules for fair play. Initiatives started to define their own ‘rulebooks', in which they create the legal, business and technical rules for their initiative. And individual data providers or consumers are increasingly starting to determine their own access and usage policies, indicating who can access which data.

On the technological side, organisations have spotted the need for common technological standards. For example, policies can be different, but the language to express them should be technically interoperable. The same goes for mechanisms for identification or for making data findable. Currently, there is a strong convergence in the standards and specifications for such technological capabilities. Service providers have started to offer generic software and services to implement them.

1.1 What about a definition?

In our glossary, we provide definitions of many key concepts - including the definition of a data space itself, which we adopted from the recently published CEN Workshop Agreement Trusted Data Transactions:

This definition includes several elements. First, there is interoperability. To share data, participants in a data space need to ensure they’re technically, semantically, legally, etc., interoperable. The data space provides common governance principles, standards, practices, and enabling services. As you will see later, these are bundled into what is often called a ‘rulebook’ or ‘governance framework’.

Services are also very relevant. All kinds of services are needed to form these frameworks, such as identification and onboarding participants or making data findable. Each participant also needs services to connect their own data sources, publish them in a data space and vice versa consume data from others.

Finally, the element of trust is crucial. Trust enables participants to make informed decisions about how, when, and with whom to share data.

Note that there currently is no formal/legal definition of a data space; in different contexts the term is defined slightly differently. Standardisation is ongoing within ISO and CEN/CENELEC to come up with a formalised definition. The DSSC contributes to these standardisation activities.

2. Which key concepts should I learn about?

There are many concepts related to data spaces, and you can learn about them in various sections of our blueprint, but let us first explain the most important concepts below: Participants, Data Products, Services, and Governance Frameworks expressed in Rulebooks (Figure 1).

Figure 1. Overview of key concepts

2.1 Participants

We distinguish between various classes of Participants:

• Data Provider: an entity providing data to the ecosystem.

• Data Consumer: an entity consuming data from the ecosystem (sometimes called a Data User or Recipient).

• Data Space Governance Authority: an entity governing the data space.

• Service Provider: an entity providing services to the data space.

Note that these are all roles: depending on the context, actors can have different roles. Either way, a data space will always be an interplay between the various roles.

2.2 Data space offerings

Ultimately, it is all about data in data spaces. Societal, business and technical needs drive use cases, but at the end of the day, some form of data needs to be shared. This can be in the form of an actual transmission of the data from one organisation to another or in the form of more complex scenarios, e.g., using algorithm-to-data or streaming data approaches. Whatever form is chosen, we conceptualise it as a transaction of a ‘data product’.

For each use case, a data space should consider these questions: Which Data Products are involved? What is ‘on the shelf’ for which we need to identify specifications, rules and regulations? And which incurred costs should be covered?

We can attach many specific things to this abstract notion of a Data Product: the data itself, metadata, data usage policies, etc. Ultimately, the exchange (in whatever way or form) of a Data Product can be seen as a transaction between a Data Provider and a Data Consumer.

2.3 Services

Data needs to be stored and processed somewhere. Functionalities are required in order to make it identifiable, findable and usable. To achieve this, services are required.

Figure 2. Services

Within the DSSC, we distinguish three classes of services:

• Participant Agent Services: These are services required for an individual participant to join a data space. For example:

  • storing and exchanging a verifiable credential

  • sharing which data is made available and publishing it in a catalogue

  • specifying and enforcing access and usage policies

  • integrating with actual data sources or data processing services

• Federation Services: These are services that facilitate the interplay of participants for all kinds of data sharing. For example:

  • issuing verifiable credentials to participants of a data space, indicating that they’re a participant in the data space, confirming an identity or complying with a specific policy

  • providing a shared catalogue of available participants and data products in the data space

  • providing policy information that participants can use to assess whether someone can be granted access (e.g. personal consent)

  • providing services for provenance and observability

• Value-Creation Services: These are services operating within the governance framework of a data space that support value creation. For example, an AI service that can analyse data or a supply chain visibility service providing tracking and tracing functionality. Depending on each data space’s use cases and business model, many such services can exist.

Services are provided by a service provider. With the emerging market for data spaces in many different sectors, many IT providers have indicated plans to develop generic market propositions. Our technical building blocks provide a more detailed overview of the services mentioned above.

2.4 Rulebooks and data space governance frameworks

By nature, a data space gives its participants a lot of responsibility, supporting their autonomy and agency. Some people relate this to the notion of ‘data sovereignty’: being able to make your own decisions on who to share data with. However, in a data space, some common rules apply. Which semantics do we use to understand each other? What business and financial rules are in place to cover the costs incurred by the different participants? Which contracts need to be signed before being able to share data? How is decision-making on any of these topics arranged?

A Data Space Governance Framework is needed to define and manage these rules. The outcomes are collected in a ‘rulebook’ for each data space. Each participant should adhere to the rules in their data space’s rulebook.

There are two things one should keep in mind:

• First, participants can join multiple data spaces and, in that case, should adhere to multiple rulebooks. Rulebooks might also be connected to each other. Generic rules can be specified for a Common European Data Space or by a European Digital Infrastructure Consortium, with more specific regulations for underlying country or domain-specific initiatives.

• The rulebook can also specify which services you can or should use. This allows for flexibility in the operating model of a Data Space. Maybe the Data Space Governance Authority has contracted a specific Service you should use. Or perhaps you can choose any certified service from any service provider, in which case you should have a specific agreement with your chosen service provider. In this way, the Rulebook can also impact the operation and business model of services.

Overall, the Data Space Governance Authority is responsible for managing the Rulebook according to its governance rules, which participants must comply with. And the Data Space Governance Authority should also consider the clarity and transparancy of the Data Space Governance Framework for the creation and management of rules.

3. How is this reflected in the DSSC Blueprint?

Now that you know more about the fundamental concepts of a Data Space, let us introduce the Blueprint we are developing.

3.1 Glossary

Our glossary provides definitions for the various terms and concepts used in the context of data spaces.

3.2 Building Blocks, the capabilities you need & specifications you can use

The DSSC blueprint arranges the things you need into BB’s. There are two main categories:

We have identified specifications you can reuse for your initiative for each building block, and we encourage you to do so. By reusing the DSSC specifications, you can give yourself a head start, avoid re-inventing the wheel, and build on the experience gathered in many existing data space initiatives.

Our aim is that this can ultimately facilitate achieving interoperability amongst data space initiatives, making it easier for participants to join multiple data spaces.

For business and organisational building blocks, these specifications come in the form of templates, decision trees and best practices. For technical building blocks, we refer to specific open standards, which we consider the basis for all data space initiatives.

Our motto is ‘comply or explain & contribute’. We encourage you to reuse the standards and specifications in our blueprint. But we also understand that sometimes there can be reasons to deviate. In this case, we would like to learn from you for future versions of the blueprint.

3.3 Our Co-creation method to guide you

As part of the blueprint, we have developed the co-creation method. This method will efficiently guide you through the various building blocks and assist you in making informed decisions when developing and operating your data space.

3.4 Creating synergies with other data spaces

There are many aspects to consider when setting up your data space. You might be particularly interested in interoperability, which enables synergies with other data spaces. Interoperability, which is addressed in Article 33 of the Data Act, is a multi-faceted concept addressing both intra-data space and cross-data space interoperability. While ensuring intra-data space interoperability is challenging enough, it is important that you also consider how to build your data space in such a way that it will be interoperable with other data spaces. Ultimately, your goal is to have a sustainable and effective data space!

The DSSC Blueprint considers data interoperability and intra-data space interoperability in its building blocks. The Data Interoperability pillar consists of three technical building blocks that address technical and semantic interoperability through capabilities to define and use shared semantics in a data space (Data Models), capabilities related to the actual exchange and sharing of data (Data Exchange) and capabilities for tracking the data sharing process (Provenance and Traceability). Further, all other building blocks are developed with intra-data space interoperability in mind. We also recommend the Data Interoperability Report published by the High-Level Forum on European Standardisation.

DSSC fosters cross-data space interoperability by developing common terminology, models, and practices via the DSSC assets (e.g., blueprint, glossary, co-creation method) and through continuous interactions with its communities (Community of Practice, Strategic Stakeholders Forum, and Liaisons and Collaborations). You can leverage the common specifications identified by the DSSC and make domain-specific choices for your specific initiative.