9 December 2021 β Brussels, BelgiumΒ β Gaia-X Association, a leadingΒ professional organisation, hasΒ publishedΒ its initial results in developing a Compliance and Labelling Framework.
The new labelling framework is a major step for Gaia-Xβs goal to develop a trusted, sovereign digital infrastructure for Europe.
Gaia-X labels will enable users to make informed choices, through reliable information, on the cloud services available in the EU – a mandatory component of the Gaia-X architecture and as this is related to the control and governance of its services.
Three basic levels have been defined. Each level can be obtained by service offerings based on different standards and expectations for data protection, transparency, security, portability, flexibility, and European control, fully aligning with EU regulations.
- Gaia-X Level 1:Β represents theΒ Basic levelΒ of compliance according to the rules defined by the Association and European values. This level will align with the ENISA standard in itsΒ current future target definition.
- Gaia-X Level 2:Β represents anΒ Intermediate levelΒ of compliance, extending and enhancingΒ Level 1Β above, with a mandatory option to be located in Europe. This level will align with the ENISA target standard in itsΒ βSubstantial ComplianceβΒ definition.
- Gaia-X Level 3:Β represents theΒ Highest levelΒ of compliance, extending and enhancingΒ Level 2Β above, while adding the principle of immunity to non-European access, with a mandate for a European location and operationalisation. This level will align with the ENISA target standard in itsΒ βHigh ComplianceβΒ definition.
Under the framework, labels will be issued by Gaia-X to service offerings based on their satisfaction of predefined policy and technology standard requirements released by the Policy Rules Committee, the Technical Committee, and the Data Space Business Committee of Gaia-X.
Gaia-X labels reflect the essence of the organisationβs objectives and concepts, integrating various policy rules, technical concepts, and data space principles. Β and The labels acknowledge different requirements for specific scenarios and consumers in various countries and industries.
Governments, trade associations, industry associations, and agencies alike will be allowed to ultimately create their labels and establish specific rulebooks per domain specificity.
At this time, a detailed labelling criteria matrix is being developed to harmonise the credentials list across the Policy & Rules Committee, Data Space Business Committee and Technical Committee of the Gaia-X Association, hence ensuring full coverage from a business, regulation, and automation perspective.
βGaia-X labels reflect the essence of our objectives and concepts,β remarkedΒ Francesco Bonfiglio, CEO of Gaia-X. βLabels were introduced by the various Gaia-X committees following the Β Board of Directorsβ approval to make it easy to seek, find, and use services in compliance with Gaia-X. In fact, labels introduce an innovative concept of regulation positioned as a service and represent the cornerstone that will fulfil Gaia-X βs ambition to operationalise European values in the cloud ecosystemβ he added.
The Gaia-X Association is thankful to its valuable contributors and supporters that helped to develop the Gaia-X Compliance and Labelling framework.
