> For the complete documentation index, see [llms.txt](https://frameworks.greendealdata.eu/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://frameworks.greendealdata.eu/governnace-frameworks/gdds-rulebook/trust-and-participation-governance.md).

# Trust & Participation Governance

## Purpose and scope of this section&#x20;

Trust & Participation Governance defines how organisations and individuals become participants in the Green Deal Data Space (GDDS), and how their roles, rights, and access privileges are governed across the whole of their participation. It is the part of the Rulebook that a prospective or active participant turns to first: it sets out who may join, on what basis they operate, and the terms on which their participation may change or end.&#x20;

Participation in the GDDS is open to organisations and individuals that commit to this Rulebook and meet the eligibility and trust requirements established by the data space. The framework ensures that every actor operating within the GDDS is properly identified, verified, and authorised to perform its role in a secure, transparent, and accountable manner, so that data exchange takes place in an environment where responsibilities, permissions, and accountability are clearly defined.&#x20;

## The participation lifecycle&#x20;

Participation is governed as a single, continuous lifecycle with five stages:&#x20;

1. Identification — establishing who the participant is, and at what level of assurance.&#x20;
2. Eligibility assessment and admission — verifying that the participant meets the rules of participation and admitting it to the data space.&#x20;
3. Onboarding and the assignment of roles and access rights — bringing the admitted participant into operation and granting the rights attached to its roles.&#x20;
4. Compliance monitoring — confirming that the participant continues to meet its obligations throughout its participation.&#x20;
5. Suspension, revocation, or voluntary withdrawal — managing the controlled end of participation, whether as the outcome of enforcement or at the participant's own initiative.&#x20;

The first three stages are set out in full in this section. Stages 4 and 5 are equally part of the lifecycle, but the mechanisms they depend upon — conformity assessment, compliance monitoring, the enforcement ladder, and the suspension and withdrawal procedures themselves- are defined under Conformity Framework & Governance Enforcement. To avoid duplication, those stages are introduced here as part of the lifecycle and cross-referenced rather than restated. This reflects the deliberate division of the Rulebook: Trust & Participation Governance holds the lifecycle narrative, while Conformity & Governance Enforcement holds the mechanisms that the lifecycle invokes.&#x20;

Each stage in the next pages follows the same structure, so the governance logic is consistent throughout: the rule or criteria that apply, the procedure that applies them, and the body responsible.&#x20;

## Participants and roles&#x20;

### Participants&#x20;

Participants are entities that have formally joined the GDDS and committed to the governance framework defined in this Rulebook. They hold rights and obligations within the data space and are authorised to engage in data exchange and service provision in accordance with its rules and policies.&#x20;

Participants shall comply with the GDDS governance, legal, and technical requirements, and shall align their internal data governance processes, including data rights management, quality assurance, and compliance mechanisms, with the GDDS framework. A participant may hold one or more of the roles defined below, depending on the context of its activities.&#x20;

The GDDS recognises two participant types, which determine the applicable onboarding path:&#x20;

* Institutional Participants — organisations, public bodies, academic institutions, NGOs, and research labs that participate as a legal entity. A designated representative acts on behalf of the institution, which then serves as an umbrella for any individual users it authorises internally.&#x20;
* Individual Participants — natural persons (such as freelancers, private consultants, and independent researchers) who participate in their own capacity, not as representatives of a legal entity. Individual Participants have more restricted access privileges than Institutional Participants.&#x20;

The distinction is structural: Institutional onboarding establishes a legal entity as the primary trust actor, which then governs its own internal users; Individual onboarding establishes a natural person directly, with no organisational umbrella.&#x20;

### Roles, rights, and responsibilities&#x20;

Participants operate under clearly defined roles that determine their rights and obligations. Roles are context-dependent: a single organisation may hold several roles depending on the data transaction or service concerned.&#x20;

The primary participant roles are:&#x20;

* Data Providers — supply data to the data space by publishing datasets or data services accessible to other participants.&#x20;
* Data Recipients / Consumers — consume data for purposes such as analytics, decision-making, or the development of data-driven services.&#x20;
* Data Rights Holders — hold legal rights over specific data assets and determine the conditions under which those assets may be shared or reused.&#x20;
* [Intermediaries — facilitate data exchange by providing services such as connectors, interoperability infrastructure, registries, trust services.  ](#user-content-fn-1)[^1]
* Service Providers — The legal entity with whom the Customer has entered into a contractual relationship regarding the provision of Data Processing Services and other Services by the Provider under the Agreement, and from which the customer now intends to change to another provider;&#x20;

{% hint style="warning" %}
*Note: this section will be further developed based on inputs from Wp6, Wp4.* &#x20;
{% endhint %}

## How roles and trust conditions apply across the lifecycle&#x20;

A role is not a static label; it determines what a participant must satisfy at each stage of the lifecycle. The trust conditions established at identification and admission persist throughout participation and are tested again at monitoring. In particular:&#x20;

* Identity assurance scales with the role. Roles that publish or control data, or that operate shared infrastructure, require higher levels of identity assurance than roles that only consume open data. The minimum assurance per role is set out at the identification and eligibility stages.&#x20;
* Certain infrastructure roles are certified roles. Intermediaries and Service Providers occupying trust-critical functions (such as the Participant Registry, Authorisation Registry, or Identity Provider) must pass conformity assessment before admission and maintain valid certification thereafter. The certification mechanism is defined under Conformity Framework & Governance Enforcement (see [here](/governnace-frameworks/gdds-rulebook/conformity-framework-and-governance-enforcement.md)).&#x20;
* Trust conditions are continuous obligations. The conditions accepted at onboarding, adherence to the Rulebook, the signed agreements, and any role-specific requirements, remain binding for the duration of participation, and their breach is what the monitoring and enforcement stages act upon.&#x20;

This mapping is what makes the lifecycle a single narrative rather than a set of disconnected steps: the same role-based trust conditions are established, exercised, and tested at successive stages.&#x20;

[^1]: or the ones who provide data intermediation services --> 'A service which aims to establish relationships of an economic character for the purposes of data sharing between an undetermined number of data subjects or data holders and data users, through technical, legal or other means, including for the purpose of exercising the rights of data subjects in relation to personal data, and which :

    (1) do not have as their main purpose the intermediation of copyright-protected content;

    (2) are not jointly procured by several legal persons for exclusive use among them.'?
