> For the complete documentation index, see [llms.txt](https://frameworks.greendealdata.eu/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://frameworks.greendealdata.eu/governnace-frameworks/introduction.md).

# Introduction

{% hint style="warning" %}
*This section might be updated based on the latest developments in the SAGE consortium, specifically considering the WP4 Governance working group. Since the project runs till 2028, the final GDDS deliverable is expected to have additional information on these sections.* &#x20;
{% endhint %}

The Governance Frameworks define how the GDDS is governed, by whom, and under which rules. It also serves as a foundation of the GDDS, including its governance bodies, decision-making processes, and participation lifecycle management mechanisms. Together, these elements provide the structure necessary to ensure accountability, trust, and coordinated collaboration across the data space.

For this reason, the Governance Frameworks comprise:&#x20;

1. The Governance Playbook, which describes the governance model, decision-making bodies, and lines of authority,&#x20;
2. and the Governance / GDDS Rulebook, which operationalises that framework and covers Trust & Participant Governance, the Conformity Framework & Governance Enforcement, Data Sovereignty, and Technical Governance.&#x20;
3. [*Rolebook - TBD - see specific page for this*](#user-content-fn-1)[^1]

{% hint style="info" %}
*The current GDDS Governance Framework has been developed through an iterative co-creation process, drawing on insights from the GREAT project, governance models from other European data spaces, and continuous input from SAGE consortium partners and external stakeholders. Governance is therefore designed as an evolving structure, capable of adapting as the data space matures while maintaining clear responsibilities for strategic direction, operational execution, stakeholder participation, and independent oversight.*
{% endhint %}

{% hint style="warning" %}
Readers seeking to understand participants’ rights and obligations, the governance bodies, and how the rules are maintained and enforced should consult this section.
{% endhint %}

To further orient readers, this section first introduces a layered view of governance – helping readers understand how governance can be structured and what it should enable – before describing the individual components in detail.&#x20;

This layered approach supports the design of an evolving governance model that can adapt as the data space matures, while ensuring clear responsibilities for strategic direction, operational execution, stakeholder participation, and independent oversight. See the expandable tabs below with Layer 1 and Layer 2 detailed descriptions.

<details>

<summary><strong>LAYER 1 - Research-Informed, Governance Design - Principles for the GDDS —  how governance must be designed</strong> </summary>

This section summarises governance principles derived from research and analysis of existing European data space initiatives, governance frameworks, and policy-aligned reference models. It provides design guidance for the GDDS Governance Framework and informs the evolution of governance structures from the project phase (MVP1) to the operational phase (MVP2).&#x20;

These principles do not prescribe a fixed organisational model. Instead, they define foundational requirements and constraints that ensure the GDDS governance remains trustworthy, interoperable, inclusive, and sustainable over time. They align with the overall GDDS core Values and Ethical Principles – Sustainability, Accountability, Transparency, Openness, Non-discrimination and Fairness, Inclusivity and Competition, FAIR principles, integrity and confidentiality, dissemination, privacy and data protection – identified in Deliverable 9.8. &#x20;

### Principle 1 – Governance is Foundational Infrastructure&#x20;

Research across multiple European data spaces consistently shows that governance is the foundational infrastructure of a data space. Governance and following policies define who is allowed to do what, under what conditions data can be shared, trusted, and reused, who decides and who enforces, what is mandatory and what is optional, and lastly enables coordination across legal, technical, organisational, and societal dimensions. This ensures the long-term Sustainability of the GDDS and the Accountability of its participants, as well as providing grounds for Inclusivity of new stakeholders.&#x20;

For the GDDS, governance therefore:&#x20;

* precedes and enables technical implementation,&#x20;
* provides predictability and trust for participants,&#x20;
* balances innovation with accountability,&#x20;
* and ensures alignment with European Green Deal objectives. Governance must be treated as a first-class system component, evolving alongside operational, technical and business capabilities.&#x20;

### Principle 2 – Multi-Layer Governance is Essential&#x20;

All mature data space initiatives adopt a multi-layer governance approach, recognising that no single governance level can address all needs. This is aligned with the principle of Transparency and ultimately contributes to fostering the Accountability of the GDDS and its participants.&#x20;

The GDDS governance framework is therefore expected to operate across clearly distinguished layers, including:&#x20;

* an ecosystem or cross-data-space layer,&#x20;
* a GDDS-wide governance layer,&#x20;
* domain or use-case-specific governance, to maintain FAIR principles across participants&#x20;
* and participant-level rules and obligations, to preserve Accountability.&#x20;

Each layer has a distinct purpose and scope, and governance decisions must be taken at the appropriate layer to avoid over-centralisation or fragmentation.&#x20;

### Principle 3 – Subsidiarity by Design&#x20;

Subsidiarity is a core governance principle in European data spaces. Decisions should be taken at the lowest competent level, closest to where data is used and value is created.&#x20;

For the GDDS, this implies:&#x20;

* domain- or use-case-specific decisions are handled at domain level,&#x20;
* Data space -level governance intervenes only when cross-cutting impacts exist,&#x20;
* Escalation paths are explicit and predictable.&#x20;

Subsidiarity supports scalability, respects data sovereignty, and prevents governance bottlenecks.&#x20;

### Principle 4 – Governance Authority Must Be Clearly Scoped&#x20;

Research highlights the importance of distinguishing between:&#x20;

* legal existence (legal entity),&#x20;
* decision authority (governance authority),&#x20;
* and operational execution (operating entity).&#x20;

In the GDDS:&#x20;

* governance authority is defined by mandates and rules, not by legal form alone, to maintain Accountability,&#x20;
* multiple governance authorities may coexist with delegated scopes,&#x20;
* operational entities execute decisions but do not define governance.&#x20;

Clear scoping of authority prevents overlap, conflicts of interest, and ambiguity for participants.&#x20;

### Principle 5 – Separation of Governance and Operations&#x20;

A consistent best practice across data spaces is the separation of governance from operations.&#x20;

Governance bodies:&#x20;

* define rules, roles, and decision rights, &#x20;
* oversee compliance and evolution,&#x20;
* safeguard trust and Accountability.&#x20;

Operating entity:&#x20;

* runs technical infrastructure, bearing in mind Privacy and Data protection,&#x20;
* supports onboarding by promoting Inclusivity, and service delivery,&#x20;
* implements governance decisions.&#x20;

This separation enables professionalisation of operations, avoids concentration of power, and supports long-term Sustainability.&#x20;

### Principle 6 – Trust Frameworks Are Non-Negotiable&#x20;

Trust is a prerequisite for data sharing at scale. Research confirms that trust must be addressed through both technical mechanisms and governance processes.&#x20;

A data space governance framework must define:&#x20;

* roles and responsibilities related to trust, to maintain Accountability) &#x20;
* criteria for participant eligibility, in a Fair and Inclusive way,&#x20;
* mechanisms for identity, credentials, and verification,&#x20;
* compliance monitoring (in particular, in the area of Privacy and Data Protection) and enforcement procedures (to maintain Accountability)&#x20;

### Principle 7 – Rulebooks Are the Core Governance Instrument&#x20;

Across European data spaces, the Rulebook emerges as the key governance artefact.&#x20;

A Rulebook:&#x20;

* consolidates legal, organisational, and technical rules, components,&#x20;
* defines mandatory versus optional requirements,&#x20;
* assigns rights, obligations, and decision powers,&#x20;
* evolves through formal, transparent change processes&#x20;

Effective Rulebooks are modular, versioned, and designed to accommodate future evolution without undermining trust.&#x20;

### Principle 8 – Inclusivity and Legitimacy Are Governance Requirements&#x20;

Research and the SAGE principles emphasize that governance must ensure:&#x20;

* Inclusivity of diverse participant types (public, private, SMEs, research),&#x20;
* Fair and balanced representation to avoid dominance by single actors,&#x20;
* Transparency in decision-making,&#x20;
* Accountability toward broader societal objectives.&#x20;

Governance legitimacy is as important as governance efficiency, especially for public-interest data spaces such as GDDS.&#x20;

### Principle 9 – Governance Must Be Evolutionary&#x20;

Governance is not static. To ensure long-term Sustainability, Data spaces evolve from:&#x20;

* formation and experimentation,&#x20;
* to operation and scaling,&#x20;
* to long-term sustainability and federation.&#x20;

Research warns against over-engineering governance too early or locking structures prematurely. Instead, governance frameworks should explicitly support:&#x20;

* iterative refinement,&#x20;
* periodic review,&#x20;
* structured transition between lifecycle phases.&#x20;

### Implications for the GDDS Governance Framework&#x20;

Based on research, the GDDS Governance Framework should:&#x20;

* adopt a multi-layer, subsidiarity-based model,&#x20;
* clearly distinguish governance authority from operations,&#x20;
* embed trust as both a technical and governance concern,&#x20;
* rely on a modular, evolving Rulebook,&#x20;
* ensure inclusive and legitimate decision-making, explicitly support governance evolution over time&#x20;

These principles provide a research-validated foundation for the GDDS governance model and guide its implementation and evolution.&#x20;

{% hint style="warning" %}
Editor’s note: This section synthesises governance principles derived from analysis of existing European data space initiatives and reference frameworks. It informs the design of the GDDS Governance Framework but does not prescribe a fixed organisational structure.&#x20;
{% endhint %}

</details>

<details>

<summary><strong>LAYER 2 – Governance Capabilities defined in GDDS — what governance should enable</strong></summary>

The GDDS governance framework must enable a defined set of capabilities across its ecosystem. These capabilities reflect the consolidated requirements of the GDDS Use Cases (WP6), GDDS Process Requirements and suggestions from the SIMPL Feasibility study [(See here](#user-content-fn-2)[^2]). They establish what governance must make possible in practice, spanning authority, participation, roles, trust, data sovereignty, and compliance.&#x20;

### Organisational Form and Governance Authority&#x20;

Governance must enable the GDDS to operate under a formally constituted authority with the mandate and capability to:&#x20;

* Enforce the GDDS Rulebook and configure identity and trust infrastructure.&#x20;
* Manage the full credential lifecycle for participants (issuance, renewal, revocation, suspension).&#x20;
* Review onboarding requests and verify participant conformity to GDDS standards.&#x20;
* Maintain control over accepted data models and vocabularies.&#x20;
* Support interoperability with external data ecosystems (e.g. EOSC, Copernicus, Gaia-X, etc).&#x20;
* Accommodate facilitator and use-case orchestrator roles within the governance structure.&#x20;
* Define and oversee monetisation models, including centralised payment and settlement mechanisms.&#x20;

[*See: Organisational Form and Governance Authority (p. XX)* ](#user-content-fn-3)[^3]

### Participation Management, Onboarding and Admission&#x20;

Governance must enable a structured, trustworthy participation lifecycle, including the ability to:&#x20;

* Require candidates to attest to compliance with the rules of participation at onboarding.&#x20;
* Allow candidates to request membership in one or more Data Sharing Groups.&#x20;
* Notify participants upon acceptance and issue the necessary credentials.&#x20;
* Issue participant identities enabling selective data browsing prior to transactions.&#x20;
* Onboard holders of specialised or sensitive datasets under appropriate governance safeguards.&#x20;

[*See: Participation Management, Onboarding and Admission (p. XX)* ](#user-content-fn-3)[^3]

### GDDS Roles, Rights and Responsibilities&#x20;

Governance must establish a clear and enforceable taxonomy of roles and associated rights, enabling the GDDS to:&#x20;

* Allow participants to control the visibility of their own presence in the data space.&#x20;
* Enable data providers to notify consumers of resource updates and revocations.&#x20;
* Support consumer access to data processing services via intermediaries.&#x20;
* Allow data providers to create and maintain hierarchical dataset structures.&#x20;
* Ensure controlled and timely data access for consumers based on agreed data sharing policies.&#x20;
* Support event-based notifications from providers upon relevant operational events.&#x20;
* Require providers to expose data access via standard, governed interfaces (e.g. APIs).&#x20;

[*See: GDDS Roles, Rights and Responsibilities (p. XX)* ](#user-content-fn-3)[^3]

### Participation, Roles and Trust Framework / Authentication and Authorisation&#x20;

Governance must establish the conditions under which participants are authenticated, authorised, and trusted, enabling the GDDS to:&#x20;

* Enforce secure authentication and role-based access control (RBAC) across participant types.&#x20;
* Enable data providers to retain control over access and usage rights for their data products.&#x20;
* Authenticate EU-wide public organisations through the standard onboarding process.&#x20;
* Provide governed access to restricted and confidential data for authorised institutions.&#x20;
* Facilitate access by financial institutions to ecosystem service and natural capital evaluations (UC9 specific).&#x20;
* Enforce trust conditions established at onboarding throughout the participation lifecycle.&#x20;

[*See: Participation, Roles and Trust Framework / Authentication and Authorisation (p. XX)* ](#user-content-fn-3)[^3]

### Data Sovereignty and Technical Governance&#x20;

Governance must align technical mechanisms with governance rules, ensuring the GDDS can:&#x20;

* Apply access policy filters to discovery queries based on consumer attributes.&#x20;
* Maintain full, auditable logs of data publication, access, and transaction events.&#x20;
* Support multiple licensing models (open, research-use, commercial) with enforcement.&#x20;
* Provide GDDS-level licence templates and a reference library for data holders.&#x20;
* Enable selective sharing and delegation of access and usage rights by data owners.&#x20;
* Support granular, tiered access control (RBAC/ABAC) at the data-asset level.&#x20;
* Enforce encrypted access control and data segmentation at the technical layer.&#x20;
* Track data usage by participant and, where applicable, by declared purpose.&#x20;
* Ensure licensing and usage rights are clearly defined, accessible, and consistently applied.&#x20;
* Govern data refresh frequency, latency expectations, and upload protocol standards.&#x20;
* Enable custom access policies where standard policies are insufficient, including geofence-based rules. &#x20;

[*See: Data Sovereignty and Technical Governance (p. XX)* ](#user-content-fn-3)[^3]

### Certification and Conformity Framework&#x20;

Governance must define and oversee a conformity regime ensuring all participants and data products meet applicable legal, technical, and ethical standards, enabling the GDDS to:&#x20;

* Ensure compliance with EU data governance regulations (DGA, Data Act, GDPR, INSPIRE, Open Data Directive).&#x20;
* Support validation of data products against ESG and CSRD reporting standards (UC9, UC4 specific).&#x20;
* Enforce GDPR compliance for internal data flows, including those involving personal data.&#x20;
* Apply personal data protection requirements to health-sensitive data (GDPR, EHDS).&#x20;

[*See: Certification and Conformity Framework (p. XX)* ](#user-content-fn-3)[^3]

</details>

### Alignment with the overall GDDS Mission, Vision, and Values&#x20;

The GDDS Governance Framework operates in alignment with the overarching GDDS mission, vision, and values, which define the purpose, ambition, and societal objectives of the Green Deal Data Space as a whole. See more [here ](/01-introduction-to-the-green-deal-data-space-gdds.md#gdds-mission-vision-values)on this topic.&#x20;

While the definition and evolution of the GDDS mission and vision are addressed at the data space level through cross-work-package collaboration (including business, ethical, social and sustainability perspectives), the Governance Framework ensures that governance structures, decision-making processes, and operational practices remain consistent with these shared objectives.&#x20;

[The Governance Authority is responsible for monitoring alignment between governance decisions and the GDDS mission and vision, and for triggering formal review processes when external policy developments (e.g. changes in European Green Deal priorities) require reassessment. ](#user-content-fn-4)[^4]

[^1]: TBC

[^2]: attach referance or link

[^3]: add link

[^4]: Is it the DSGA in collaboration with the Ethics Committee?&#x20;
