Intermediaries and Operators
- 1 1. Summary
- 2 2. Purpose of the building block
- 3 3. Concepts and key elements
- 3.1 3.1. Services and service providers
- 3.2 3.2. Intermediaries and operators
- 3.3 3.3. Considerations for data space governance authorities
- 3.3.1 3.3.1. Data space service model characteristics
- 3.3.2 3.3.2. Governance characteristics
- 3.3.3 3.3.3. Intermediary business and revenue model characteristics
- 3.3.4 3.3.4. Interoperability characteristics
- 3.3.5 3.3.5. Regulatory compliance
- 3.3.6 3.3.6. Risk management
- 3.3.7 3.3.7 Service provider and DSGA responsibilities
- 3.4 3.4. Examples and practice
- 4 4. Co-creation questions
- 5 5. Links to other building blocks
- 6 6. Future topics
- 7 7. Further reading
- 8 8. Glossary
1. Summary
One of the core design topics for a data space is to consider how it uses service providers to provide necessary technical services as well as business and organisational services. While the data space governance authority (DSGA) and data space participants can provide these services by themselves, there are many business and governance reasons why procurement of services provides benefits. This building block elaborates on what kind of business, governance, legal, and contractual topics the DSGA should focus while procuring enabling services from intermediaries or an operator.
Within the ecosystem of service providers, intermediaries and operators form a distinct category characterised by their focus on providing enabling services. Data space can have one (operator) or multiple enabling service providers (usually intermediaries). Whether to design a data space with a single operator or multiple intermediaries is a data space business design question where the risks and benefits of a single provider versus multiple providers must be weighed against each other.
The effectiveness and utility of intermediaries and operators is ultimately at the balance between four different dimensions: (1) by their ability to streamline and make trusted data sharing easier and more economical, (2) to improve data space accessibility and usability for different participants and so (3) contribute to their scalability, and to (4) enable interoperability both within and between data spaces in order to create larger markets for different actors across data spaces and enable network effects to arise. Risks associated with procurement of services are often related to the vendor lock-in, additional costs associated with vendor management, and potential loss of sovereignty depending on the kind of provider selected.
Developing a data space’s organisational form, its governance authority, and governance framework and rulebook are governance design questions. Decisions for application of intermediaries and operators is an essential part of this data space governance design. This building block provides tools for DSGAs to create better governance design for their data spaces with or without service providers.
2. Purpose of the building block
This building block has four key purposes:
After outlining the basics of service provision in data spaces in section 3.1., and the specifics of intermediaries and operators in section 3.2., this building block introduces the core characteristics of service providers that provide enabling services for data spaces in section 3.3. The characteristics help data space governance authorities to evaluate what kind of services they need and what to consider when selecting service providers. Some characteristics are standardised and verified, some are granted and defined by the data space itself, and some are descriptive qualities that provide information.
Further, the building block helps governance authorities and designers of individual data spaces understand what kind of business model issues they should address while using intermediary and operator service providers for some or most of the services that enable trusted data transactions. Sections 3.3.1-4 deal with the design for services, governance, business, and interoperability respectively. This building block provides also guidance to service providers when designing their offering and pricing for data spaces. It’s important to consider this building block in conjunction with the https://dataspacessupportcentre.atlassian.net/wiki/spaces/BVE2/pages/1071252828 building block.
This building block also explores the implications of the regulatory framework that applies to operators and intermediaries in designing data spaces. These topics are discussed in chapter 3.3.5 more specifically. Both the governance of an individual data space and overall applicable legal frameworks in the EU aim to enable efficient and trustworthy data sharing in the single market for data, but aligning these two aspects requires careful attention from data space designers. In some cases, service providers may help achieve regulatory compliance either at the architecture level or by providing services that support in meeting legal obligations. This building block approaches this relationship from the data space governance point of view, whereas the broader regulatory point of view is considered in the https://dataspacessupportcentre.atlassian.net/wiki/spaces/BVE2/pages/1071253931 building block.
Finally, using service providers, such as operators and intermediaries, in data spaces necessarily involves challenges and risks. Most risks are similar to those companies face when acquiring services from external providers, such as vendor lock-in, challenges in switching providers, provider sustainability, and compliance. This building block’s section 3.3.6. explains how to address the common challenges and risks to be addressed and managed when design decisions are made for data spaces.
3. Concepts and key elements
3.1. Services and service providers
Data spaces are built on several technical and business and organisational services that enable trusted data sharing. A data space does not need service providers to implement federation services, but it may choose to do so. For example, all data space participants may be expected to self-host a technical connector, or data space participant may use a service provider and acquire a connector as-a-service.
A service provider is a business entity that provides these services. A DSGA may define whether the providers are also participants of the data space. For example, a catalogue service (SAAS, software-as-a-service) provider will usually be a data space participant, but a provider of simple cloud hosting (IAAS, infrastructure-as-a-service) services will not. Cloud service provider may provide a connector as-a-service (SAAS or PAAS), but a DSGA may require that connector providers are also participants, and because of this cloud service provider needs to make decision do they want to commit to the data space rulebook and become also data space participant.
Services may also be procured by one party to be used by another party. For example, a DSGA may procure (and pay for) vocabulary services from a provider who then provides these services for all data space participants to use (free of charge).
Finally, different kinds of requirements, limitations, and responsibilities for provisioning services in a data space can be set in the data space governance framework (rulebook). For example, service providers may be required to have certain technical or legal certifications, commit to certain business arrangements, or undergo special audits.
3.2. Intermediaries and operators
Within the broader category of service providers in data spaces, intermediaries and operators enable data sharing and trusted data transactions to take place. These can be technical services (federation, participant agent, or occasionally value creation services) or business and organisational services.
When a single service provider provides all or most of the enabling services for a data space, that provider is often called the operator of the data space. When different enabling services are provided by different specialised providers, these providers can be called intermediaries. Collectively, the intermediaries provide the enabling services that the operator provides single-handedly. Intermediary and operator labels are not always mutually exclusive and for this reason we address often both of these concepts.
The most common roles of intermediaries and operators is to provide neutral and trusted federation and participant agent services, but intermediaries and operators may also facilitate growth through increased accessibility to the data space, enable cross-data space interoperability, and offer business and organisational services to the data space.
There might also be cases in which an enabling service provider also provides value creation services or acts as a data source or data provider providers within the data space. Data space governance framework (rulebook) or legal frameworks may limit how enabling services may be bundled with value creation services, and there might be reasons why such bundles are not favourable for the neutral and scalable operations of intermediaries.
3.3. Considerations for data space governance authorities
Intermediaries and operators are a diverse class of service providers that can be clustered and classified using different kinds of descriptions. It is impossible to provide an exhaustive and comprehensive taxonomy of these service providers, so we have adopted the pragmatic approach of providing illustrative examples of service providers' characteristics that can be considered by a DSGA as they design the business model, governance framework, regulatory compliance support, and interoperability aspects of their data space.
3.3.1. Data space service model characteristics
Intermediaries and operators can offer technical federation services, participant agent services, and in some cases, value creation services that enhance the data space's functionality and accessibility, as well as non-technical services. They can provide these services directly to data space participants or the services can be procured by the governance authority for participants.
The governance framework and the data space registry should include information regarding all service providers in the data space describing the following characteristics:
Type of service(s) provided (e.g. federation services, policy information point (PIP) services, participant agent service, value adding service, etc.);
Procurement model, i.e., whether the governance authority or individual participants pay the service provider for the use of the service;
Users: i.e., whether the contractor is also the service user or whether the service is contracted by the governance authority for the use of participants.
DSGA needs to make decision do they want to enforce services providers to commit to the data space rulebook, and write contractual agreements on participating in the data space.
Enforcing participation allows DSGA to govern service provision and enable collaborative business models for the DSGA and service providers. Then again allowing independent service providers to operate in data space may be attractive for some service providers who do not want to be governed, and such service providers may be able to provide software service with competitive terms otherwise. DSGA should evaluate the benefits and downsides of enforcing enabling service providers to commit to the rulebook because this may have impact on the economics, resilience and growth of the data space.
3.3.2. Governance characteristics
The governance framework of a data space is an essential way to manage how intermediaries provide value and how risks are managed. Intermediaries and operators are participants of a data space and as such subject to the governance framework (rulebook) of that data space. This framework may define different kinds of rights and responsibilities for the providers of different services, such as how these services may be bundled and delivered, so that they remain compliant with data space principles of neutrality and scalability.
Governance-related characteristics may include:
Operator / intermediary status, also possibly some intermediary sub-type status such as personal data intermediary;
Exclusivity status, i.e., whether the service provider has exclusive rights to provide a service in the data space or whether there is a competitive market for the service;
Mandatory / optional status, i.e., whether it’s mandatory for participants to use this service provider for a specific service or whether they have multiple approved providers to choose from.
Bundling allowance: e.g., whether the service provider must provide exclusively some specific service in order to maintain its neutrality, or whether it may also bundle other services in its offering in the data space;
Auditing requirement or possibility: e.g. DSGA may have right to audit service providers technical capabilities or business accounts
Business conditions: e.g., whether the provider is subject to fee or revenue-sharing obligations;
Motivation for inclusion: i.e., why is this service included in the data space: does it, e.g., provide critical enabling services, increase data space accessibility to new participants by offering targeted onboarding services, contribute to efficiency gains by offering a commonly needed and commonly outsourced service, does it support intra- and cross-data space interoperability, etc.
3.3.3. Intermediary business and revenue model characteristics
Business model characteristics describe how service providers contribute to the overall economics of the data space, enable business model or enable business viability of the data space. For example, agency intermediaries are directly incentivised to acquire new customers, and while doing this, they are primarily inviting new participants to the data space. In the case of multiple agency intermediaries, they have an incentive to differentiate and develop more value for their customers.
There are multiple options for revenue models that can also coexist with each other:
Fixed participation fees (from participant to intermediary, or from intermediary to data space);
Dynamic fees based on service usage;
Revenue sharing arrangements between the intermediary and the data space;
Transaction-dependent fees (data transaction, trust transaction, financial transaction, etc.)
3.3.4. Interoperability characteristics
Intermediary interoperability and collaboration within a data space is an important design aspect when creating and governing resilient and scalable data spaces. The collaboration between intermediaries and operators can be divided into:
Collaboration between intermediaries providing different enabling services
Collaboration between intermediaries providing the same enabling services
Collaboration between operators to facilitate interoperability between data spaces
Collaboration between intermediaries that provide different enabling services (for example, one providing registry services and another an observability service) requires technical integration planning and governance for this integration. This is a common setup for data spaces and in essence has similar enterprise architectural characteristics as any multi-vendor enterprise architecture. However, following the technical guidelines of blueprint will facilitate integration of multiple service providers to function together.
Collaboration between intermediaries that provide the same services may occur, for example, in the context of having multiple connected registry or catalogue services (e.g., country-specific registries) or multiple credential-issuing services. This collaboration requires that the different intermediaries must be compatible with each other by conforming to the use of the standards and frameworks adopted by the data space in its governance framework. These should include standards and frameworks described in the technical part of this blueprint.
There may of course also be competition between intermediaries that provide the same services. For example, a data space may recognise multiple approved providers of participant agent services and give participants the freedom to choose between these competing service providers. These providers can compete with different aspects of the service offering, but must always be fungible, or interchangeable.
3.3.5. Regulatory compliance
In addition to data space governance, intermediaries and operators are subject to broader legal frameworks. Key regulatory characteristics of service providers might include the applicability of requirements imposed by:
Competition law (e.g., DMA);
Intellectual property law;
Data protection (e.g., GDPR);
Digital services regulations (e.g., DSA, DGA, eIDAS)
Sector-specific regulatory compliance (e.g., EHDS)
Specific national and regional regulatory frameworks.
The Data Governance Act (DGA) requires Data Intermediation Service Providers (DISPs) to act as neutral intermediaries, ensuring secure, transparent, and privacy-compliant data sharing. DISPs must facilitate data sovereignty, maintain accountability, and comply with data protection laws like GDPR. They ensure fair access and control over data usage. DGA is designed as an enabling law that creates a market for trusted service providers that can ensure sovereignty of data exchange.
Not all intermediaries fall under the applicability of the DGA. Some services may not be considered as DISP when, for instance, they do not aim to establish commercial relationships for data sharing, or where they facilitate transactions between determined number of data subjects, data holders, and users. That means that DISPs are a narrower category of intermediaries - any DISP who intends to provide the data intermediation services referred to in Article 10 DGA, shall submit a notification to the competent authority for data intermediation services, and shall be subject to conditions laid down in art. 12 DGA.
For more information on triggers for the applicability of different regulatory mechanisms, see https://dataspacessupportcentre.atlassian.net/wiki/spaces/BVE2/pages/1071253931.
3.3.6. Risk management
A common concern with a single operator data space is that the operator may take too central a role within the data space. A sole operator might become a gatekeeper, contradicting the sovereignty objectives of data rights holders like companies and individuals, but at the same time also reduce the complexity in the management and operations of the data space.
Data space designers can reduce risk of losing sovereignty by establishing good governance, applying and enforcing standards and use of open source technologies, and designing data spaces with multiple operators and intermediaries to distribute vendor dependency risks.
3.3.7 Service provider and DSGA responsibilities
Service providers and DSGA have different kinds of responsibilities to ensure collaboration and functional governance of service provisioning. Fulfilling these responsibilities are also relevant (and potentially more complex) in the context of federation and interoperability between data spaces. These topics are also related to the services management framework, which is covered in the https://dataspacessupportcentre.atlassian.net/wiki/spaces/BVE2/pages/1071257170.
| Data space governance authority responsibility | Service provider responsibility |
Service level agreements and performance metrics | Provide clear mappings between their own service level requirements and common industry standards, and establish mechanisms for recognising compliance certifications from other data spaces to reduce redundant assessments. | Implement monitoring and reporting systems that can track and demonstrate compliance with the most stringent requirements across all relevant frameworks, while maintaining transparency about any variation in service levels between data spaces. |
Security requirements | Maintain detailed crosswalks between their security requirements and major security frameworks, and participate in cross-data space working groups to harmonise security standards where possible. | Implement controls that satisfy the highest common denominator of all applicable requirements, while maintaining clear documentation of how their security measures map to each data space's specific requirements. |
Data privacy and confidentiality | Document how requirements fulfill standards and legal frameworks, and if there are some specific areas where their privacy requirements exceeds common standards. Provide adequate clarification on how all privacy requirements can be fulfilled in practice. | Implement adaptive data handling processes that can automatically apply the appropriate standards based on the origin and destination data spaces of each transaction, while ensuring compliance with all applicable frameworks. |
Incident response and business continuity plans | Establish clear protocols for cross-data space incident coordination, maintain contact networks with other authorities, and provide templates for incident response plans that account for multi-framework obligations. | Develop integrated incident response procedures that account for multi-framework obligations, including coordinated notification processes and recovery procedures that consider the interdependencies between data spaces. |
Audit and monitoring requirements | Define transparency and audit requirements, coordinate audit schedules with other data spaces, accept audit results from recognised third parties to avoid duplicate audits, and provide standardised reporting templates that facilitate efficient compliance demonstration. | Implement comprehensive monitoring systems that can generate framework-specific reports while maintaining an integrated view of their operations across all data spaces, potentially including cross-framework audit capabilities. |
Exit strategies and data portability provisions | Define fungibility requirements, establish clear guidelines for managing exits that impact multiple data spaces, provide standard procedures for data portability, and maintain communication channels with other authorities to coordinate transitions. | Develop coordinated transition plans that ensure continuity of service across all affected data spaces, with clear processes for data portability that respect the varying requirements of each framework. |
3.4. Examples and practice
We have created examples of data space intermediaries to concretise their characteristics and role in the data space design. These examples will illustrate why an operator or intermediaries might be engaged in the data space and how the different characteristics of the enabling service providers described in the earlier section can come in different combinations. While the case examples are fictional there are companies that act in existing data spaces and data sharing ecosystems in aligned roles. Whether these companies are available for providing their services for specific data space depends on each case. These examples can also motivate businesses or entrepreneurs to start intermediary or operator business activities.
4. Co-creation questions
Which functionalities of the data space could or should be provided by dedicated intermediary service providers?
Which parties will offer what services?
5. Links to other building blocks
Some of the services that intermediaries could provide are described in the technical building blocks. These services enable data transactions for the transaction participants and data space operations for the governance authority. Deciding which of these data space-enabling services an intermediary provides and how is an important design choice.
The following building blocks are important to consider when looking at the intermediary:
Participation Management: Participation Management has technical and governance elements that relate to the intermediaries; the participation of intermediaries must be managed, and intermediaries may play a significant role in producing services for participant management, including enrolment and participant attraction.
Use Case Development: Intermediaries may contribute significantly to defining and developing a data space use case and act as an orchestrator of the data space.
Business Model Development: Intermediaries may provide services in multiple data spaces. Working with many data spaces can provide them with more business opportunities and support easier interoperability. Depending on the data space design, various intermediaries may also substitute for each other and compete. Together, data spaces can be perceived as a market for intermediaries.
Regulatory Compliance: Intermediaries may be subject to the Data Governance Act (DGA). This topic is also elaborated on in the regulatory compliance building block.
The building block actively refers to the concepts of federation services and participant agent services, which are explained in Services for Implementing Technical Building Blocks.
6. Future topics
The building block will be further developed with more examples and concrete guidelines, particularly in the following areas:
Elaboration on business models for the intermediaries.
Further consideration of the governance elements of designing data spaces with intermediaries.
7. Further reading
Bobev, Tervel et al. 2023. “White Paper on the Definition of Data Intermediation Services.” doi:10.2139/ssrn.4589987.
“Data Intermediaries and the DGA: Understanding and Complying with the DISP Label.” European Big Data Value Forum. https://european-big-data-value-forum.eu/session/data-intermediaries-and-the-dga-understanding-and-complying-with-the-disp-label/.
“European Data Governance Act | Shaping Europe’s Digital Future.” 2024. https://digital-strategy.ec.europa.eu/en/policies/data-governance-act.
Gras, Nora. 2023. “IDSA Position Paper Explores Data Governance Act and Data Intermediaries.” International Data Spaces. https://internationaldataspaces.org/idsa-position-paper-explores-data-governance-act-and-data-intermediaries/.
Langford, J., Poikola, A., Janssen, W., Lähteenoja, V., & Rikken, M. (2020). Understanding MyData Operators. MyData Global.
Micheli, Marina et al. 2023. “Mapping the Landscape of Data Intermediaries.” JRC Publications Repository. doi:10.2760/261724.
“Peppol Interoperability Framework.” OpenPeppol. https://peppol.org/learn-more/peppol-interoperability-framework/.
8. Glossary
Term | Definition |
Operator | Service provider that provides most of the enabling services that are common to all participants of the data space. In common usage interchangeable with ‘intermediary’. Explanatory text: We use the term ‘operator’ when a single actor has more or less direct control over the data space they manage and when it is responsible for the operation of the data space, ensuring functionality and reliability. |
Intermediary | Service provider who provides an enabling service or services in a data space. In common usage interchangeable with ‘operator'. |
Enabling services | Enabling service refers mutually to federated services and participant agent services, hence services that are needed to enable trusted data transaction in data spaces. |