1 1. Summary
2 2. Purpose of the building block
3 3. Elements and their key functions
- 3.1 3.1 Additional distinguishing factors in categorising agreements
- 3.2 3.2 Functional descriptions of the contractual framework
  - 3.2.1 3.2.1 Institutional agreements
  - 3.2.2 3.2.2 Data-sharing agreements
    - 3.2.2.1 3.2.2.1 Data product contract
  - 3.2.3 3.2.3 Data services agreements
4 4. Co-creation questions
5 5. Links to other building blocks
6 6. Future topics
7 7. Further reading
- 7.1 7.1 Documents and guidelines to implement the building blocks
8 8. Glossary

1. Summary

The Contractual Framework building block describes the legally enforceable agreements underlying the operation of a data space by different parties entering into a relationship with the data space.

There are three categories based on the subject matter of the agreement:

Institutional agreements
Data-sharing agreements
Services agreements

These agreements differ in terms of the parties involved, their function, and the elements covered by the agreement.

Institutional agreements implement the governance of a data space and are an essential component of the Rulebook. They not only provide the general terms and conditions for participation in a data space but also underpin its existence and provide a legal basis for its operations. Data-sharing agreements provide the legal basis for the data transactions happening in a data space among data space participants. Services agreements refer to all agreements for the provision of services to data spaces.

These identified categories offer working concepts under which various agreements are placed, such as data product contracts. The present building block provides a selection of the most important agreements. These agreements are described in terms of their functionalities, their main elements are presented, and examples are provided. The building block also lists the most common legal issues to consider regarding the Contractual Framework, pointing to existing resources in the Further Reading section to address some of these issues.

The general structure of the Contractual Framework is provided below in Figure 1.

Figure 1. Structure of Contractual Framework building block

2. Purpose of the building block

This building block supports data space participants and governing authorities by translating legally relevant elements (e.g., responsibilities, liability, rules on onboarding and offboarding, and commitments related to data transactions) into clear, legally valid, and enforceable agreements.
It promotes awareness among data space governing authorities of the need to enable interoperable, automated, and scalable agreements, ensuring consistency across different levels (ecosystem, data space, use case, participant).
It categorises and describes the main agreements in a data space, highlighting their most important elements.
It identifies elements of the contractual framework that are mandatory/non-negotiable (e.g., conditions imposed by regulatory compliance or governance) and negotiable terms (e.g., conditions relating to transactions of data products). This is done in coordination with the Regulatory Compliance building block, which advises participants on issues to consider when drafting contracts.
It provides an overview of the main issues to consider when writing the contractual framework for a data space.

3. Elements and their key functions

The Contractual Framework encompasses all agreements that govern the operation and activities of a data space and its participants. It establishes relationships, contractual rights and duties, implements the data space governance framework, and makes part of its rules legally enforceable among data space participants, members, and enabling service providers. Beyond data space governance, the Contractual Framework also enables data space participants, particularly data providers and, indirectly, data rights holders, to exercise their data sovereignty and add conditions to the baseline governance provided by the data space governing authority. The scope of the Contractual Framework is wide, and conceptual clarity is needed. The agreements can, therefore, be categorised by their subject matter into:

Institutional agreements -

Institutional agreements underlie the creation of data spaces and provide a minimum mandatory governance framework at the data space level (applicable to all participants). These agreements set out rules that regulate the relationship between all data space participants and members, whether directly or indirectly, binding them to a specific governance framework. For this reason, institutional agreements could be described as a tool for implementing the governance framework.

Institutional agreements may affect different levels of the contractual framework. At a high level, they are a common set of rules that regulate the relationship among data space participants. At a more granular level, they mandate specific terms & conditions to be included in data product contracts. As an example, it could define and specify a limited number of predefined and standardised contractual clauses and/or licenses that data providers should use (regulating the use case/data product level). It could specify the terms and conditions by which all data space participants entering into a data transaction would need to abide, providing common governance to data transactions and ensuring respect for the applicable legislation (regulatory compliance). In other words, Institutional agreements allow the introduction of common elements (e.g., standardised clauses) across the data space, giving legal effect to the organisational and business decisions applicable to the data space as a whole. Institutional agreements can thus be used to establish the common elements of a data space. They may limit the freedom of action that a data space participant (in particular, data provider) has with regard to data-sharing agreements for the benefit of reducing transaction costs and complexity and increasing legal interoperability. For an example of institutional agreements, including terms and conditions, see the ‘'Constitutive agreement’' in SITRA Rulebook 2.0 (to be published in early February 2025).

Data-sharing agreements -

Data-sharing agreements focus on the sharing of data. For ease of explanation, data sharing will be used generally to refer to a heterogeneous category of actions performed on data:

supply of data (i.e., providing data access to another person),
transfer of data (i.e., supply data in such a way that the recipient is in control of the data),
porting (i.e., initiating the transfer of data controlled by another party to oneself or to a designated third party), etc. - for a definition of each category, see ALI-ELI Principles for a Data Economy).

Data-sharing agreements are not binding on all data space participants; instead, they only bind data transaction participants.

While different models are possible, often the terms and conditions under which a data product is made available to the data user will be set by the data provider, thus reflecting the principle of data sovereignty. Other models may exist. For example, a fixed and closed list of clauses may be provided directly by the data space. These clauses would then have to be selected by either the data provider or the data recipient. In other examples, these agreements can be negotiated starting from a data product contract standard template made available by the data space, although this risks reducing legal interoperability and the scalability of the data space. In both scenarios, the tools that the data space makes available to data providers enable their data sovereignty.

A specification of a data-sharing agreement is the data product contract, which refers to the terms and conditions attached to the data product, defined as “data-sharing units, packaging resources (data and/or value creation services), and metadata that describes the resources, the associated license terms, and other information (e.g., delivery method)” (see the Data Space Offering Building Block for more details).

Services agreements -

Service agreements relate to the provision of services. In the context of a data space, these agreements can be further distinguished into two types: agreements for services related to data and agreements related to enabling services.

Services related to data include all services that have data sharing as the subject matter of the agreement. Different types of services can be provided: data processing, data trust, data escrow and data intermediation services (known in the ALI-ELI Principles as data marketplace contracts). The latter category is the most relevant in the context of data spaces. This category includes multiple types of services, defined in Art (2)11 DGA as a “service which aims to establish commercial relationships for the purposes of sharing data between an undetermined number of data subjects and data holders on the one hand and data users on the other, through technical, legal or other means, including for the purpose of exercising the rights of data subjects in relation to personal data”. Based on this definition, examples of these services are data-sharing pools, data marketplaces, personal information management systems (PIMS), data cooperatives, etc - see JRC’s Mapping the landscape of data intermediaries).

Enabling services to data spaces are services for either individual data space participants or the data space as a whole that are aimed at enabling functionalities in the data space. These services are described in the Services for Implementing Technical Building Blocks section and include federation services, participant agent services and value creation services.

General remarks

The term ‘Agreement' should be understood here as the document, whether in physical or digital form, that serves as evidence of a contract: a legally binding agreement between two or more parties with a common interest in mind that creates mutual obligations enforceable by law. In order to avoid ambiguity, the capitalised ‘Agreement' will be used here to refer exclusively to such a document. Different types and categories of Agreements exist, depending on various factors, including the organisational form of a data space (e.g., unincorporated vs incorporated data space - for guidance on how to choose the appropriate organisational form and a description of the options available, see the Organisational Form and Governance Authority Building Block).

Figure N. 1 represents an abstract depiction of the types of Agreements that are part of a data space, defined by the function they serve. In practice, these Agreements may take different forms depending on various factors affecting not only the structure but also the content of the Agreements. These factors can include, for example, the regulatory and business context (for more details, see the Regulatory Compliance building block). The contractual framework may vary depending on the specific business model that the data space adopts (see the Business Model building block for descriptions and examples of different business models) or the relationship between data transaction participants. When direct competition exists in other markets between transaction participants, specific requirements must be met to ensure compliance with competition law rules during the cooperation (the case of Oxelösund serves as an example of a data space initiative involving participants competing in the same markets).

For example, the Founding Agreement may take the specific form of either a statute or articles of association (thus establishing a legal entity) or a consortium agreement (unincorporated collaboration). This will depend on whether the data space itself will be constituted as a separate legal entity or whether the collaboration is purely regulated by contract. The contractual framework building block will inevitably need to continue evolving and responding to developments in operating data spaces.

3.1 Additional distinguishing factors in categorising agreements

Mandatory vs Non-Mandatory Agreements

A further distinction exists between mandatory and non-mandatory Agreements. The specific clauses of Agreements also vary depending on the intentions of the parties involved or the particular duties and rights that need to be governed by the agreement. Rather than being a binary distinction, this should be understood as a spectrum. Data spaces may exercise some discretion in how specific legal obligations are implemented. Establishing the contractual framework first requires an assessment of the regulatory framework (mandatory obligations imposed on data spaces as a whole or on data space participants themselves) to determine which rules need to be respected and addressed in the contractual framework. The Regulatory Compliance Building Block provides an initial mapping of triggers and identifies classes of rules (obligations, liabilities, and conditions). This must then be incorporated into the contractual framework. Once this exercise is completed, the partners initiating the data space as part of the data space initiative are free to define the remaining clauses according to the governance framework they wish to establish. Understanding data types (e.g., personal data - see the taxonomy of data in the Regulatory Compliance Building Block) is still relevant, as these non-mandatory rules do not exist in a vacuum and can only be valid and effective as long as they are consistent with the regulatory framework..

3.2 Functional descriptions of the contractual framework

3.2.1 Institutional agreements

Founding Agreement

The founding agreement establishes the data space and its governance authority. The agreement is entered into by the founding members of the data space initiative (i.e., the initial data space participants). It sets out the purpose for which the data space is created. Different organisational forms are possible, and different specific legal instruments can be used depending on the organisational form, for example:

Articles of Association or Statutes - these are used to establish the data space as a separate legal entity. The statute may allow the onboarding of new members by allowing external parties to sign the statute.
Consortium agreements, joint ventures, strategic cooperation, and other cooperation agreements - the data space is not incorporated, with no new legal entity created for that purpose. Any natural or legal person may become a member of the data space by signing a founding Agreement (e.g., Consortium Agreement).

For further information, see the Organisational Form and Governance Authority building block.

The agreement-specific clauses include (for example):

Background and purpose (why the data space is created)
Identification of the parties (members of the data space initiative)
General responsibilities and liability (in some cases - e.g., in joint ventures)
Reference to the chosen governance models.
The admission policy for data space members—the Founding Agreement identifies the initial data space members, as outlined in the signatories (i.e., the parties of the data space initiative), who will be part of the governing body of the data space. It may also permit additional members to join the governance of the data space in the future, specifying the necessary conditions, qualifications, and requirements. The manner in which this is implemented in practice depends on the specific legal form that a data space assumes. An example of an artefact used to signal the intention to join a data space as a member can be the Accession Agreement (SITRA Rulebook).

General Terms & Conditions

The general terms and conditions are an Agreement that contributes to providing legal enforceability to some elements of the governance framework (e.g., making compliance with a specific process mandatory) and makes it binding on all data space participants. In some cases, it can be part of the founding agreement or at least directly referenced by it.

The general terms and conditions allow data spaces to regulate interactions at the data space level. They create and define the roles and responsibilities of the data space participants: the data space governance authority, data provider, data recipient, and service providers (data-related services, trust framework provider, management of identities, etc.). When a data space is established as a legal entity, the agreement may cover both the liability between the data space participants and the liability between the participant and the legal entity.

The general terms and conditions can serve as the framework for data transactions, namely the interactions (rights, responsibilities, liabilities, and obligations) of the data transaction participants. They do so by introducing common elements (e.g., a limited set of standard clauses or typologies of licences—see further in the data transaction agreements section) to improve legal interoperability and reduce transaction costs, ultimately reducing complexity and the possibility of conflict.

The areas that the general terms and conditions regulate at the data space level are (for example):

Admission policy for data space participants. This describes whether new participants are accepted, the conditions and eligibility criteria that parties must meet to join a data space, the conditions to remain a data space participant, and the procedures for the removal of an existing participant. Data space participants join a data space by accepting the terms and conditions.
Intellectual property policy. At a minimum, this would specify that none of these agreements should be construed as an assignment of IP rights; instead, non-exclusive licenses are granted. If new IP rights may emerge from collaboration (e.g., sui generis rights for databases), then clauses to regulate ownership of IP rights could be included.
Data protection policy. This describes the data protection policy at a data space level, referring to the obligations of the data space as a controller when processing the data of the data space participants. Additionally, this policy may also include references to the potential role of data spaces as processors of personal data to be shared within the data space, identifying the corresponding responsibilities of the parties and the data space as prescribed by law. The data space may provide a technical framework that ensures the processing operations in the data space comply with GDPR by design and adherence to this framework can be made binding. Templates for Data Processing Agreements (e.g., iSHARE) or Data Exchange Agreements (e.g., iSHARE) can also be provided.
Technical standards. These outline and/or enforce specific technical standards for participants in the data space. The general terms and conditions may also restrict the data models and formats to be used in the data space.
Cybersecurity and risk management policies. These describe the rules and procedures for the protection of technology and information assets that need to be protected, along with other identified risks to the data space infrastructure or participants.
Complaints policy and dispute resolution rules. These describe the rules and procedures for filing a complaint. Rules can also be included for resolving disputes between data space participants, including with the data space governing authority.

The areas that the general terms and conditions regulate at the transaction level include (for example):

Common elements in the terms and conditions of a data contract—Data spaces can coordinate and harmonise the terms and conditions of Data-Sharing Agreements and Service Agreements by introducing common elements (e.g., a limited set of data licenses or including only open data licenses) or prohibiting certain clauses (e.g., the inability to charge for the use of data).

Examples of the agreement-specific clauses in the general terms and conditions are listed below. For conceptual clarity, we distinguish between the general terms that relate to the data space level and the data transaction level.

Definitions (defining the roles of data space participants as well as potential third parties)
Role-specific conditions (rights and obligations corresponding to the role),
Responsibilities
Fees and costs
Confidentiality
IP rights
Data protection
Accession policy (whether new data participants can join a data space, what eligibility criteria they need to meet, whether there is a maximum number of participants, etc.)
Technical standards and commitments (technical standards with which a party has to comply to make transactions and activities in the data spaces)
Cybersecurity and risk management policies
Complaints policy and dispute resolution rules

General conditions for data sharing
Standardised licences model for data usage rights – the general terms and conditions may limit the choice of licence or offer data providers a limited set of standardised licences. Standardisation refers to limiting the number or content of clauses. The advantage of including standardised licences is the reduction of transaction costs and increased scalability of the data space. Examples of types of licences may include:
- No limitations (the data product can be used without restrictions)
- Resharing with data space participants/internal use only
- Non-commercial use only
- Data enrichment before resharing
Data can be enriched with the data recipient’s own data
Data can be enriched with data from others
Data can be enriched with the data recipient’s own data before resharing on a non-commercial basis
Data can be enriched with data of others before resharing on a non-commercial basis
Ad hoc-licenses (as determined by the parties)
Standardised terms and conditions for data products - the agreement establishes mandatory terms and conditions to be included in the data product contract. It ensures that transactions between data provider and user take place on the basis of common terms and conditions, reducing transaction costs and increasing legal interoperability between transactions. Any terms and conditions can be the object of standardisation, from clauses on fees to clauses related to the rights of third parties on data.
Mechanisms to calculate fees (if applicable)

Agreements Related to Enabling Services

These agreements are entered into by the data space governance authority to provide the services necessary for the data space to operate. They can be classified as data-related services, agreements for the provision of trust framework services, and agreements for the management of identities.

3.2.2 Data-sharing agreements

Data-sharing agreements encompass all Agreements that bind only the parties involved in a specific data transaction and regulate their mutual obligations and rights. The Blueprint introduces a particular type of data-sharing agreement: the data product contract. However, it should be noted that any agreement concerning the sharing of data should be considered under this category, and the information provided below may, therefore, be relevant when drafting such an agreement. In the following paragraphs, exclusive reference is made to the data product.

3.2.2.1 Data product contract

The data product contract is a legal contract that sets out the terms and conditions under which a data product is made available. In turn, a data product is defined as “a data-sharing unit, bundling resources (data and/or value-creation services) and metadata that describes the license terms, the resources, and other information in a machine-readable way.” (see the Data Space Offering building block).

The Agreement is closely linked to the Data Product building block and the Access & Usage Policies Enforcement building block. In most cases, data providers will make data available subject to specific terms and conditions, or, as an alternative, the data space may include a list of possible data licences in the general terms and conditions from which either the data provider or data recipient can choose. In other instances, a potential data consumer might request access to energy consumption data and specify their preferred predefined licence. Following the request, the data provider can either approve or decline the sharing of the data.

Some clauses it includes are:

Identification of the data
Acceptable purposes (purposes for which the data product can be used)
Restrictions of use for the data product
Usage rights of the data product
Termination of the contract
Terms related to the use of derived material
Fees and monetisation
Data security
Clauses related to third-party rights (data protection, intellectual property rights, confidentiality)

Legal aspects to consider when designing data products:

Lawful source of data/content: when the data represents copyright-protected content, under certain circumstances, the data space may be liable for copyright infringement. Various contractual clauses address the risks associated with this liability: warranties (e.g., the data provider warrants that there are no third-party claims over the data and that all due diligence procedures have been carried out to verify this), allocation of liability, and indemnities. These clauses may be included in the accession agreement when vetting new participants or in the data product contract itself. Regardless of how liability is allocated, uncertainty regarding third-party claims over the data can deter data sharing and reduce trust.
Processing of personal data: (see the Regulatory Compliance building block)
Compulsory B2B data-sharing contracts: if data holders make data available in accordance with an obligation under EU law, the terms and conditions for making this data available must be FRAND (fair, reasonable and non-discriminatory) (Chapter 3 DA). It also regulates other important clauses, such as compensation, dispute settlement provisions and technical protection measures.
Unilateral-imposed B2B (private) data sharing: unilateral terms and conditions regarding data availability (regulating access as well as, inter alia, liability or remedies) are non-binding to the extent that they are deemed unfair (Chapter 4 Data Act). To determine whether a clause is unfair, refer to Art 13.
Applicability of sectoral regulation: (Chapter 2 of the Data Act for IoT data) or the need for compliance with horizontal regulations (e.g., competition law - see Regulatory Compliance).
Jurisdiction and applicable law: There are various rules concerning which law applies to the contract—i.e., choice of law—and which courts have jurisdiction over potential disputes—i.e., choice of forum. Each contract should include clauses that regulate both aspects, and the parties to a contract can generally agree among themselves. These choices can significantly impact how the contract underlying the data transaction is interpreted. However, it is important that there is alignment between, for example, data product contracts and the general terms and conditions of a data space, which are likely to be directly referenced in the data product contract itself. For this reason, it may be desirable to harmonise matters of jurisdiction and applicable law across all agreements within the contractual framework. Divergences, however, are possible. The following considerations should be noted:
- Jurisdiction: there is a free choice of jurisdiction unless the contract is deemed null and void under the law of the selected state, or unless the contract is concluded with a consumer and the commercial party conducts activities in the consumer's domicile. If a contract is deemed null and void, or if the parties fail to specify the jurisdiction, then jurisdiction is determined by law (see Brussels Ibis Regulation).
- Applicable law: the parties are free to determine the law governing their contract. In the case of contracts with consumers, the choice of law will not have the effect of derogating from the mandatory consumer protection provisions in the state where the consumer has their habitual residence. In the absence of a choice, the applicable law will be determined by legislation (see Rome I Regulation).
Smart contracts: Smart contracts can help establish trust in a data space by automatically enforcing legal obligations through technical means. They are particularly useful in enhancing trust among parties involved in a data transaction, mitigating the risks of contractual breaches, increasing efficiency, and reducing costs. The term 'smart contract' can also be misleading. A smart contract does not presuppose the existence of a legally valid and enforceable contract, whether in natural language or otherwise; rather, it enables the technical enforceability of contracts and can be used to formalise legal agreements, contract negotiation, and execution. Smart contracts can also serve as a technical protection measure to prevent unauthorised access to data. When smart contracts are used in the context of executing an agreement to make data accessible, the Data Act now imposes a set of essential requirements that the data provider must comply with (Data Act Art 36 - Regulatory Compliance BB). In some jurisdictions, the deployment of a smart contract may suffice to support the existence of a legal relationship—e.g., the parties can fulfil the requirements of national contract law by relying on the smart contract as evidence of the offer, acceptance, and intention to be legally binding. The prevailing practice in the respective sector may be used as external evidence to support the intention to enter into a legally binding agreement (e.g., some sectors may routinely use smart contracts to exchange data). In any case, it is advisable for the sake of legal certainty to always generate a separate document written in natural, concise and simple language that outlines the main elements of the contract and the mutual obligations that the contract supports. In this regard, it should be noted that smart contracts often only enforce certain obligations of the underlying contract (provided such a contract exists). For this reason, there are additional benefits to relying on contracts to expand access to judicial mechanisms and offer a broader selection of enforcement mechanisms (i.e., courts). If smart contracts are deployed in a data space, they must comply with the essential requirements of Art 33 of the Data Act, aimed at enabling interoperability of tools for automating the execution of data-sharing agreements (see in particular Art 33(1)(d)), as well as Art 36 of the Data Act, which mandates a series of essential requirements for smart contracts (e.g., robustness and access control, safe termination and interruption etc.).

3.2.3 Data services agreements

…. Coming in Version 3.0 ….

4. Co-creation questions

Which participants or actors are directly involved in which use cases, and what roles do they play?
What legal agreements are necessary for governing data sharing, usage rights, and liabilities across different use cases?
What are the data space agreements necessary for the foundation of the data space?
Which legislative frameworks are relevant when drafting contractual clauses?
What are the basic organisational policies that need to be implemented by the governance authority in the Rulebook?

5. Links to other building blocks

The contractual framework is an instrument of the data space governance framework. In practice, this means that the rules, roles, procedures, and organisational structure that constitute the data space governance are legally binding on the data space participants. The contractual framework is determined by the choices made in the Organisational Form and Governance Authority and Participation Management building blocks. The latter is relevant for determining the accession policy.

There is an interlinkage with Regulatory Compliance. Unless the relevant legislation is respected and reflected in the contractual framework, the agreement's enforceability and validity may be undermined.

Finally, the technical building blocks support the contractual framework by enforcing and monitoring compliance with agreements (Provenance and Traceability building block) and verifying the identities of the parties involved in these agreements (Identity and Attestation Management building block). Ad hoc agreements will be created to support the transaction of data products within data spaces (Data Space Offering Building Block).

In particular, the following relationships are considered especially relevant:

Regulatory Compliance: Generally speaking, regulatory compliance is essential for the Contractual Framework building block; all agreements must comply with the existing legislation to ensure the validity and enforceability of all clauses. However, compliance with the regulatory framework should be an iterative process, as it involves continuously assessing compliance throughout the development stages of all the agreements underpinning the operations of a data space. It also requires consideration of whether new agreements need to be introduced. Thus, the regulatory framework defines which agreements and clauses are mandatory and partially directs the drafting of these clauses. The language of the agreements should balance the accurate incorporation of legal concepts (e.g., data) with intelligibility for the parties involved, which may necessitate using commonly understood terms instead of strictly legal texts.
Provenance and Traceability: This building block facilitates the technical implementation of the Contractual Framework building block. At the same time, when drafting contractual clauses, the available technical possibilities (e.g., the amount and categories of data that can be stored; limitations on access to data exclusive to the parties involved in a transaction) must be taken into account. The most relevant functionalities of the building block will include enabling the observability of the transaction—useful, for instance, for verifying compliance with the terms and conditions—and origin verification—an essential tool to confirm the compatibility of licences when pooling and aggregating datasets for a specific use case.
Identity and Attestation Management: A system for attributing and verifying identity is essential for a functioning contractual framework and is, therefore, a prerequisite. Once mechanisms to verify identities have been established, the contractual framework will specify in the relevant agreement (e.g., accession agreement) that a specific mechanism is to be used, making it legally binding. Parties to agreements need to refer to existing legal or natural persons, and identity and attestation management is instrumental in establishing the connection and ensuring the enforceability of the agreements.
Data Space Offering: The creation of data products is described as the object of the data product contract, highlighting how these building blocks relate closely to one another. Several elements of the Data Space Offering Building Block, particularly the governance rules for data products and possible priority onboarding of specific data products to promote the network effects of related use cases, must be implemented by the contractual framework. As stated, the data product is an object regulated under the contractual framework, and the data product contract is bundled with the data product in a consumable form. Since data products can be combined for a use case, it is essential to maximise legal interoperability and compatibility of licences within the contractual framework.
Organisational Form and Governance Authority: This building block is a prerequisite for the contractual framework. Significant design choices made regarding organisational form will affect the structure of the contractual framework. The data space may, for example, be constituted as a legal entity. Common elements include the founding agreement—under which the data space is constituted—and, indirectly, all the related agreements into which the data space enters (in this building block, referred to generally as the data space agreements).
Participation Management: This building block is a prerequisite for the contractual framework. It defines the conditions and policies for participation in a data space, which must subsequently be incorporated into the accession agreement and general terms and conditions. It also specifies the roles within a data space, methods for resolving disputes, and procedures for offboarding. All these aspects will have to be supported by enforceable legal commitments and requirements.
Access and Usage Policies Enforcement: this building block mainly implements the usage and access policies outlined in the agreements among data space participants, integrating contractual policies with broader policies stemming from Regulatory Compliance (e.g., consent requirements in GDPR) and policies expressed in the data space agreements (e.g., general terms and conditions). It also reinforces the legal enforceability of clauses through technical means: while legally binding agreements constitute promises, the breach of which gives rise to legal claims (e.g., damages), technical enforceability acts more immediately by limiting potential uses and access to data. Thus, it promotes data sharing more effectively.

6. Future topics

Future versions of this building block will build on the conceptual framework developed above based on empirical evidence from emerging data space initiatives. This is especially true as common European data spaces move towards the implementation phase. New agreements and clauses will be added, and the description will be adapted as necessary.

More specifically, the new elements to be introduced in the next versions are:

New conceptualisation of different agreements in data spaces based on the subject matter of contracts
Overview of data contract law rules, looking at conditions, principle of equivalence of printed and digital contracts (UNCITRAL Model Law on Electronic Commerce Art 6-8), eSignature, contract formation (eCommerce Directive 2001), etc.

7. Further reading

Sitra, ‘Rulebook for a fair data economy Part 1 & 2’ (2022) Rulebook for a fair data economy - Sitra.
Steinbuss et al., ‘IDSA Rule Book’ (2020) International Data Spaces Association https://doi.org/10.5281/zenodo.5658294.
ELI, ‘ALI-ELI Principles for a Data Economy - Data Transactions and Data Rights' (2017) ELI Final Council Draft
Support Center for Data Sharing, 'B.1 - Report on collected model contract terms' (2019) SMART 2018/1009.
Data Sharing Coalition, 'Data Sharing Canvas - a stepping stone towards cross-domain data sharing at scale' data-sharing-canvas.pdf (coe-dsc.nl).
United Nations Commission on International Trade Law, ‘Default rules for data provision contracts’ (2023) Working Group IV https://documents.un.org/doc/undoc/gen/v24/066/85/pdf/v2406685.pdf.
United Nations Commission on International Trade Law, ‘UNCITRAL Model Law on Automated Contracting finalized by the UN Commission on International Trade Law’ (2024) (adopted but still to be published) - temporary link UNCITRAL Model Law on Automated Contracting finalized by the UN Commission on International Trade Law

7.1 Documents and guidelines to implement the building blocks

Model contractual terms and standard contractual clauses for B2B data-sharing contracts (to be developed by the Commission before 12 September 2025).
Data Standard Licences
- Open Data -
  - Creative Commons (assuming data contains subject matter protected by copyright)
  - Open Data Commons - licences include Open Data Commons Open Database License (ODbL), Open Data Commons Attribution License (ODC-By), Open Data Commons Public Domain Dedication and License (PDDL)
  - Community Data Licence (CDLA) - a data licence based on the copyleft principles
- Model Contractual Terms
  - for contracts for voluntary sharing of data between Data Sharers and Data recipients (to be published by the EU Commission in late 2025)
  - for contracts on data access and use between data holders and users of connected products and related services (to be published by the EU Commission in late 2025)
Data licences taxonomy
- The Montreal Data Licence - the licence is focused on Machine Learning and AI. The licence tool is currently not accessible. However, the underlying taxonomy of this licence can be adopted to develop new licences (Towards Standardization of Data Licenses: The Montreal Data License)
- Default rules for data provisions contracts (including a glossary of terms) - the work of UNCITRAL Working Group develops a harmonised taxonomy for data contracts and contractual clauses referring to data contracts. This item is a work in progress (see summaries of the latest sessions here: Working Group IV: Electronic Commerce | United Nations Commission On International Trade Law).
- Open Data Product Specification - a definition of the objects and attributes as well as the structure of digital data products.
Data contract automation tools
- For data contract generation - Prometheus-X (Contract)
Data license selection tool
- ELRA License Wizard - ELRA license Wizard
- Licence Selector License Selector (ufal.github.io)

8. Glossary

Term	Definition

Term	Definition
Contract	A formal, legally binding agreement between two or more parties with a common interest in mind that creates mutual rights and obligations enforceable by law.
Contractual framework	The set of legally binding agreements that regulates the relationship between data space participants and the data space (institutional agreements), transactions between data space participants (data-sharing agreements) and the provision of services (service agreements) within the context of a single data space.
Data product contract	A legal contract that specifies a set of rights and duties for the respective parties that will perform the roles of the data product provider and data product consumer.
Data space agreement	A contract that states the rights and duties (obligations) of parties that have committed to (signed) it in the context of a particular data space. These rights and duties pertain to the data space and/or other such parties.
General terms and conditions	An agreement defining the roles, relationships, rights and obligations of data space participants.
Smart contract	A computer program used for the automated execution of an agreement or part thereof, using a sequence of electronic data records and ensuring their integrity and the accuracy of their chronological ordering (Art 2(39) Data Act)