25 November 2021 – Brussels, Belgium – Gaia-X Association, a leading professional organisation, has recently published the results of intensive work aimed at developing a Compliance and Labelling framework, which constitutes a mandatory component of the Gaia-X architecture devoted to the control and governance of Gaia-X services.
Three basic levels have been defined. Each level can be obtained by service offerings based on different standards and expectations for data protection, transparency, security, portability, flexibility, and European control.
- Gaia-X Level 1: represents the Basic level of compliance according to the rules defined by the Association and the European values. This level equally refers to the ENISA standard in its current definition and future evolution.
- Gaia-X Level 2: represents an Intermediate level of compliance, extending and enhancing Level 1 above, with a mandatory option to be located in Europe. This level equally refers to the ENISA standard in its ‘Substantial Compliance’ definition and future evolution.
- Gaia-X Level 3: represents the high level of compliance, extending and enhancing Level 2 above, while adding the principle of immunity to non-European access, but with a mandate for a European location and operationalisation. This level refers to the ENISA ‘High Compliance’ definition.
Concretely, the Gaia-X Compliance and Labelling framework ensures a minimum level of compliance for any service, helping to achieve the desired level of trust between entities and services in the marketplace. Governments, trade associations, industry associations, and agencies alike will be allowed to ultimately create their labels and establish specific rulebooks for each specific domain needs.
Labels under the framework will be issued to service offerings based on their satisfaction of predefined policy and technology requirements, which will eliminate the need to individually inspect service credentials for compliance with Gaia-X principles.
Gaia-X labels reflect the essence of the organisation’s objectives and concepts, integrating various policy rules, technical concepts, and data space principles, and the labels acknowledge different requirements for specific scenarios and consumers in various countries and industries.
At this time, a detailed Labeling criteria matrix is being developed to harmonise the credentials list across the Policy & Rules Committee, Data Space Business Committee and Technical Committee of the Gaia-X Association, to ensure full coverage from a business, regulation, and automation perspective.
“Gaia-X labels reflect the essence of our objectives and concepts,” remarked Francesco Bonfiglio, CEO of Gaia-X. “Labels were introduced by the various Gaia-X committees with approval from the Board of Directors to make it easy to seek, find, and use services that are implicitly compliant with Gaia-X. In fact, labels introduce an innovative concept of regulation positioned as a service” he added.
The Gaia-X Association is thankful to its valuable contributors and supporters who helped to develop the Gaia-X Compliance and Labelling framework.
