> For the complete documentation index, see [llms.txt](https://frameworks.greendealdata.eu/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://frameworks.greendealdata.eu/regulatory-compliance.md).

# Regulatory Compliance

{% hint style="warning" %}
*This section might be updated based on the latest developments in the SAGE consortium, specifically considering WP4, WP7, including inputs from T4.5 GDDS Legal and T7.4 Legal and Regulatory compliance. Since the project runs till 2028, the final GDDS deliverable is expected to have additional information on these sections.*
{% endhint %}

Regulatory compliance within the Green Deal Data Space (GDDS) ensures that all participants adhere to applicable legal frameworks and sector-specific regulations when engaging in data sharing activities. This component establishes the minimum legal safeguards necessary to operate responsibly, while also providing flexibility to adapt to evolving EU and national legislation. In particular, due regard is paid to recent and forthcoming legislative developments at EU level, including the Digital and Environmental Omnibus proposals, which aim to streamline and clarify regulatory requirements across multiple instruments. It addresses critical areas such as data protection (e.g. GDPR), data governance and data sharing obligations (including DGA and Data Act), as well as other sectoral regulations relevant to sustainability-driven data spaces. By embedding compliance requirements into the governance framework, GDDS fosters trust, protects participants, and ensures that data exchange and value-creation activities remain legally sound and aligned with the European Green Deal objectives.

Beyond formal legal compliance, an additional strategic objective of the GDDS is to ensure that identified compliance measures are coherently aligned with both ethical principles and the technical architecture of the data space. Compliance is therefore not conceived as a purely legal or administrative layer, but as an integrated design principle that informs governance structures, operational procedures and technical implementation choices.

On the one hand, compliance measures must reflect and operationalise core ethical principles, such as openness, transparency, accountability, fairness and sustainability. This ensures that data sharing practices within the GDDS not only meet regulatory thresholds but also embody the broader values underpinning the European Green Deal and the European Data Strategy. [At the same time, these measures must carefully address the question of data ownership, clarifying rights over data. In this context, a delicate balance must be struck between openness and confidentiality: while broad data accessibility is essential to foster innovation and policymaking, legitimate interests related to IP rights and personal data protection must be adequately safeguarded. Hence, the governance framework is effectively defining clear rules on access, use, re-use, and stewardship of data, ensuring that openness does not undermine trust, competitiveness, or fundamental rights.](#user-content-fn-1)[^1]

[On the other hand, compliance requirements must be embedded into the technical architecture of the GDDS (“compliance by design” and “ethics by design”). This includes alignment with data access controls, identity and access management mechanisms, interoperability standards, traceability systems, audit functionalities, and secure data processing environments. By integrating regulatory and ethical requirements directly into the system architecture, the GDDS reduces legal uncertainty, mitigates risks, and enhances trust among participants.](#user-content-fn-2)[^2]

[^1]: same comment as below

[^2]: this is overlapping with the Compliance framework in the GDDS Rulebook part
