9 December 2021 – Brussels, Belgium – Gaia-X Association, a leading professional organisation, has published its initial results in developing a Compliance and Labelling Framework.
The new labelling framework is a major step for Gaia-X’s goal to develop a trusted, sovereign digital infrastructure for Europe.
Gaia-X labels will enable users to make informed choices, through reliable information, on the cloud services available in the EU – a mandatory component of the Gaia-X architecture and as this is related to the control and governance of its services.
Three basic levels have been defined. Each level can be obtained by service offerings based on different standards and expectations for data protection, transparency, security, portability, flexibility, and European control, fully aligning with EU regulations.
- Gaia-X Level 1: represents the Basic level of compliance according to the rules defined by the Association and European values. This level will align with the ENISA standard in its current future target definition.
- Gaia-X Level 2: represents an Intermediate level of compliance, extending and enhancing Level 1 above, with a mandatory option to be located in Europe. This level will align with the ENISA target standard in its ‘Substantial Compliance’ definition.
- Gaia-X Level 3: represents the Highest level of compliance, extending and enhancing Level 2 above, while adding the principle of immunity to non-European access, with a mandate for a European location and operationalisation. This level will align with the ENISA target standard in its ‘High Compliance’ definition.
Under the framework, labels will be issued by Gaia-X to service offerings based on their satisfaction of predefined policy and technology standard requirements released by the Policy Rules Committee, the Technical Committee, and the Data Space Business Committee of Gaia-X.
Gaia-X labels reflect the essence of the organisation’s objectives and concepts, integrating various policy rules, technical concepts, and data space principles. and The labels acknowledge different requirements for specific scenarios and consumers in various countries and industries.
Governments, trade associations, industry associations, and agencies alike will be allowed to ultimately create their labels and establish specific rulebooks per domain specificity.
At this time, a detailed labelling criteria matrix is being developed to harmonise the credentials list across the Policy & Rules Committee, Data Space Business Committee and Technical Committee of the Gaia-X Association, hence ensuring full coverage from a business, regulation, and automation perspective.
“Gaia-X labels reflect the essence of our objectives and concepts,” remarked Francesco Bonfiglio, CEO of Gaia-X. “Labels were introduced by the various Gaia-X committees following the Board of Directors’ approval to make it easy to seek, find, and use services in compliance with Gaia-X. In fact, labels introduce an innovative concept of regulation positioned as a service and represent the cornerstone that will fulfil Gaia-X ‘s ambition to operationalise European values in the cloud ecosystem” he added.
The Gaia-X Association is thankful to its valuable contributors and supporters that helped to develop the Gaia-X Compliance and Labelling framework.