Understanding the architecture of a data space

From the European data dilemma to common data spaces

In the first three chapters of Course 1, we learned a lot about the data economy: It all started with Europe’s big data dilemma. We saw that much of the data generated by companies and organisations remains unused. Legal concerns, technical hurdles, and worries about trade secrets often prevent genuine data exchange—a significant driver of innovation is running on empty. The land of poets, thinkers—and data silos!

The rest of Course 1 looked at the crucial consequences of this dilemma for value creation in the digital economy. We examined why platforms and digital ecosystems from the US and China are setting the pace, while European companies with individual IT systems and strict data protection regulations are often left behind. We asked ourselves: How can Europe regain sovereignty and competitiveness without individual companies losing control over their data?

Finally, in chapter 3, we took a first look at the concept of the data ecosystem. We learned that sustainable innovation and flexible cooperation arise when organisations do not just hoard their own data but share it with partners in a targeted and secure manner. However, one question remains: How can this exchange really succeed in a way that benefits everyone involved, ensures that no one loses control over their data, and organises new value creation in a secure and legally sound manner?

Vision becomes reality – the need for new approaches

This is precisely the area that Course 2 covers. In the next step, we will focus establishing the foundations for a genuine European data economy. The vision of a sovereign, flexible, and fair data exchange is becoming a reality – with a new approach: decentralisation.

What does that mean? While central platforms bundle all data in one place, decentralised data spaces create networks that leave data exactly where it originates: in smart companies, organisations, and public authorities. Control remains with the owner; data is only made accessible according to verifiable rules. Sounds abstract? Let’s take a look at how this works in practice. At the centre is AITrainee, a fictional young company with big ambitions.

Imagine you are a decision-maker at AITrainee, a young company that wants to develop AI to analyse mobility data. However, every beginning is difficult: the necessary data is scattered across many organisations, each player speaks its own “data language,” and before any data can flow, numerous contracts must be signed, interfaces programmed, and approvals obtained. It often takes more than a month just to onboard a new data partner.
Many companies are familiar with this experience: access to data usually fails not due to a lack of willingness, but due to technical complexity, legal issues, and a seemingly endless coordination efforts.

What if all these hurdles could be overcome with the help of a trustworthy, flexible infrastructure?

This is precisely the concept behind a data space. The focus is on decentralisation rather than the central platform as the new authority. But how does this work in practice and from a technical perspective?

The dilemma of individual networking and the move into the data space

Imagine that AITrainee had to negotiate separate data usage agreements with every city and every transport company. That would be like having to develop an individual ticket and a new ticket system for every new bus route in a large city – a huge obstacle to innovation.

At this point, AITrainee makes a decision: instead of building individual solutions and silos, the company joins a decentralised data space. The goal is to make sharing and using data as easy as possible through common technical standards and automated rules.

Step by step: AITrainee on its way through the data space

When we look at AITrainee’s journey to the data space, we follow a clearly structured process that reveals the central technical building blocks and processes step by step. Each of these steps is an indispensable piece of the puzzle that together forms the picture of a secure, controlled, yet flexible data exchange in a decentralised environment. From the initial connection to the actual data transfer, trust, security, and automation are at the forefront. These building blocks ensure that AITrainee not only gains access but also retains control over the data flow at all times.

Below, we accompany the company through five key stages: setting up the connector, digital identity verification, searching for and selecting suitable data in the catalogue, automated contract verification through policies, and finally, secure, logged data transfer.

Each step builds on the previous one and opens new doors in the world of sovereign data economy – without unnecessary effort or risk. This makes the complex process clear and understandable.

Getting started with the connector: The multifunctional entry point

Right from the start, AITrainee realises that nothing works without a connector. The connector is a lean, highly secure piece of software that is installed on the company’s own network. It acts as both a digital door opener and a firewall.

There is no universal connector, but rather a variety of different solutions and implementations. Depending on the data space and its requirements – such as security, data formats or governance – different connectors can be used to meet the respective technical and organisational standards.

AITrainee uses the connector not only to communicate with other data space users, but also to negotiate formats, check security requirements, and ensure compliance with defined rules – all automatically. In practice, this means that configuring a connector is much less time-consuming for AITrainee than developing individual interfaces for each partner, as current connectors are based on established and open standards, thus ensuring interoperability and security. This diversity enables the company to connect flexibly to different data spaces – each adapted to industry-specific or project-specific requirements.

The Data Connector Report published by the International Data Spaces Association (IDSA) provides an overview of the wide range of connectors available. This annual overview lists current data space connectors and provides detailed information on the respective data exchange standard, as well as application examples.

Although it may sound technical, it offers many advantages in everyday business life: Connectors are often designed to be easy to use, even for non-IT professionals, but offer all the security features that a modern company expects on the IT side.

The digital ID card: authentication & identity in the data space

However, the connector alone is not enough. The data space also requires a digital “business card presentation”. This is exactly what identity providers do.
AITrainee must prove that it is a trustworthy company and that it meets certain requirements, for example regarding data protection or industry-specific standards. We can find such a concrete list of requirements in the Gaia-X compliance criteria for cloud services, for example. Proof of compliance must be provided for each of the various cybersecurity criteria.

This evidence is no longer emailed as PDF but provided digitally as verifiable credentials (VCs) – these are digital, machine-readable certificates that can be issued by trusted entities, known as Clearing Houses, and can get automatically verified. Digital Clearing Houses are usually operated by external service providers. You can read about their role and how they work in detail in our blog series on Gaia-X Digital Clearing Houses.

Once identity has been successfully verified, AITrainee gains access to further services and offers in the data space. This step establishes the groundwork: only legitimate and verified actors are granted access to sensitive data and valuable services. This foundation also establishes trust between unknown actors, thereby encouraging exchange between them.

The catalogue – the marketplace for data and services

Once the first two steps have been completed, AITrainee can now browse the central data space catalogue, which functions like an intelligent industry directory. This shows which data sets and services are currently available: from real-time traffic data and environmental information to specialised processing services such as anonymisation. Thanks to detailed filter functions, the company can search very precisely for the characteristics its AI needs for training – for example, “anonymised data, collected in Europe, updated within the last six months.”

The same catalogue can also be used to book an anonymisation service for a dataset that has not yet been anonymised, for example – everything is integrated and transparent.

Usage policies and contract conclusion: clear, digital, traceable

Now it’s getting specific: AITrainee has decided to use the datasets in the data space and describes its own requirements in so-called consumer policies:

• The data must originate in Europe.
• AI training is permitted with the data.

Providers, in turn, are free to define their own usage rules – such as “data access only from the EU” or “processing exclusively in certified data centres.” The system automatically checks whether supply and demand match and creates a digital contract (“smart contract”) that is legally binding and machine-readable.

Key takeaway: The entire process, which would previously have taken weeks, is now automated, fast, and secure. With just a few clicks, AITrainee can compile multiple matching datasets for AI training without having to renegotiate with each provider individually.

Secure data transfer: When bits and bytes travel confidently

Once all checks and agreements have been completed quickly and automatically, the most important step follows: the actual data exchange.
Here, the connector once again ensures transparent and secure data traffic. Every transfer is encrypted, and every access is logged, so the provider can always see when, where, how, and by whom the data was accessed.

AITrainee no longer need to worry about manual security checks or technical integration efforts. Time that used to be spent on maintaining dozens of individual solutions can now be devoted to actual innovation work.

Architecture with a principle: control plane and data plane

What appears to be a uniform process follows a sophisticated architectural principle behind the scenes: the separation into a control plane and a data plane.

Let’s imagine a modern airport:

• In the control plane, all flights are registered, passengers and luggage are checked, and takeoff and landing times are coordinated. No one flies without everything being checked.
• In the data plane, the aircraft takes off from the runway and transports people and cargo exactly where they need to go.

Applied to the data space, this means:

• Control plane: All processes related to registration, identity verification, catalogue search, contract formation, and rule monitoring take place here. It ensures clarity, control, and transparency without storing any data itself.
• Data plane: This is where the actual data exchange takes place. Selected information and services are transferred in an encrypted and controlled manner between data owners, who retain full control at all times.

Looking beyond the horizon: Additional functions for special requirements

For most companies, the process described here is perfectly adequate. However, depending on the use case and regulatory requirements, additional modules may be useful – such as the integration of consent management for personal data or the creation of a participant register in very large data spaces. For AITrainee, the basic model is sufficient for working directly and securely with the relevant partners.

Reflection & outlook: what have we learned?

Thanks to the intelligent combination of connector, identity verification, catalogue, policy management, and secure data transfer, AITrainee not only gains access to urgently needed training data for its own AI—the company also retains control at all times and knows the rules, and who it is working with.

And what about you? How would your company benefit if all the formalities involved in data exchange were minimised? What data or services could you provide within such a framework?

In the next section, we will take a closer look at these questions:
Who are the stakeholders in the data space? How do governance and collaborative rules emerge? And which models enable not only data but also value and responsibility to be shared?