The new documents reflect the Association’s values, openness, transparency, and data protection
25 April 2022 – Brussels, Belgium: Gaia-X, an organisation championing data sovereignty, has announced an update to its policy rules and compliance & labelling criteria to reflect better governance and establish precise controls while further aligning it with the Association’s values of openness, transparency, data protection, security, and portability. The new documents were issued, following a consultation with its members, out of which 75 replied. By the end of 2022, Gaia-X will be releasing its next series.
“The policy rules document essentially defines high-level objectives safeguarding Gaia-X’s ecosystem, whilst the labelling criteria is the step forward in defining specific criteria to be verified to achieve those objectives for better governance and interoperability,” said Francesco Bonfiglio, CEO of Gaia-X. “The recent release of these two new documents has come into effect after the board approval on 11 April 2022. Together these documents contain the main requirements that are being implemented by the trust framework, the technological core of the Gaia-X compliance mechanism” he added.
The policy rules document touches on transparency, controllability, reliability, security, and portability of services, to ensure trustworthy data sharing and infrastructure platforms. Check the latest update of the document here. “The policy rules document has been designed to provide governance and oversight over different areas of business that help further Gaia-X’s vision to scale, digitalise and provide new services at a European level,” said Bert Verdonck, Program Manager Health Data Initiatives and Gaia-X, Philips.
Similarly, the labelling criteria document was put in place to safeguard data protection, transparency, security, portability, and flexibility of the ecosystem. This document introduced further the policy rules document three levels of labelling, a set of principles, standards, self-assessment, and conformity assessment bodies (CAB), among other elements.
The Gaia-X labelling criteria comprise the following categories: contractual governance – applying four legally binding standards; transparency applying 14 criteria; data protection, with 13 criteria; security, with 20 criteria; portability with two, and European control applying six criteria.
The Gaia-X labelling criteria help to define at Gaia-X level what sovereignty means and how it shall be applied in our data market by ensuring controllability of service characteristics, and visibility of their independence from non-European legislation or access from non-European actors. This is one of the important evolutions supporting a more general development toward European sovereignty. European users will require Gaia-X compliant services, and non-European players will be free to adapt to our sovereignty framework to operate in Europe.
Therefore, non-European players will be able to propose services with label 1 and label 2, but the set of criteria implies that the non-European players cannot be the main providers of the service labelled level 3 although they can cooperate with the main provider of the service.
“Regular updates to these documents reflect Gaia-X’s commitment to maintaining the highest standards while remaining focused on its mission to create a transparent and open ecosystem in Europe. The three levels of labels allow all players to join the system while level 3 is only open to actors independent from non- European legislation and operating and processing their data within Europe,” said Martine Gouriet, Directrice des Usages numériques / Director Digital Uses, EDF – DSIG.
Please check the latest update here.
The documents will be regularly updated, and a new version is expected before the end of the year, notably describing the operational process to issue a label.
To contribute to these documents, members can become a part of the relevant working groups and put forth their recommendations.