FAQ

Data sharing, standards, APIs, smart contracts, governance, identity, trust—most building blocks of a data space aren’t new. The concept itself dates to 2005 (academic “dataspaces”) and gained industrial traction through Germany’s Industry 4.0 in the 2010s. What’s new is the scale and mandate: the European Commission has elevated data spaces to a pillar of the Digital Single Market—now the default paradigm for governed data sharing across 20+ sectors and across borders.

Common European Data Spaces are EU-driven sector/domain data space initiatives. The European Commission references 75 projects on its website. Many data space initiatives are not in that list, for instance when they are initiated or co-funded by private organisations and cities or Member States (e.g., EONA-X). Those ‘local’ initiatives are nevertheless often connected to Common European Data Space that they can use as pan-European sectoral/domain hubs. As an example: EONA-X and the German Mobility Data Space (MDS) are both key stakeholders of the European Mobility Data Space that should drive cooperation amongst all mobility data space initiatives across Europe.

Today if we consider both Common European Data Spaces and ‘local’ initiatives, the number of existing data spaces is in the range of 150.

Data lakes centralise data; data spaces federate it. In a data space, data remains at source and interoperation happens through shared governance, identity/trust services, catalogues and machine-readable contracts/policies.

GDPR: applicable since May 2018.
Data Governance Act (DGA): applicable since Sept 2023 and potential future integration to the Data Act following the Omnibus simplification effort..
Data Act:most provisions apply from Sept 2025.
AI Act: entered into force Aug 2024, with phased obligations through 2025–2026.

Initiatives span a huge variety of sectors and domains such as agriculture, energy, mobility/transport, tourism, health, media, public administration, research & innovation, skills and more. The European Commission referenced 14 sectors but there exist data space initiatives in +25 different sectors.

Data spaces combine APIs/standards with: governance (roles, onboarding, rulebooks), trust (identity, attestations, labels), interoperability (semantic + technical), usage control (machine-readable policies & contracts) and collaboration.

The rulebook of a data space codifies in a machine readable format: eligibility, responsibilities, policies for data/products, assurance and dispute processes, plus technical profiles for connectors and catalogues. It’s the basis for onboarding and accountability across the data space lifecycle. All data sharing contracts supporting the use cases in a data space must be compliant with the Rulebook. The Rulebook mechanism aligns participants of a data space and reduces negotiation time.

Through a trust framework (identity, attestations, accepted trust anchors, revocation, labels/certifications) and auditable processes—e.g., the Gaia-X Trust Framework & Labelling.

The Dataspace Protocol (DSP) for contract negotiation and data exchange (implemented by Eclipse Dataspace Components – EDC and many other data spaces stack and solutions) is the most common protocol used in data spaces. Certain other key standards such as DCAT for catalogues and ODRL for policies are also very common. The DSSC listed the most common standards of data spaces. The key data space support organisations and initiatives providing guidance, model, standards, protocols are: DSSC, IDSA, Gaia-X, FIWARE, EDC, Prometheus-X, MyData, Solid, iShare, Pontus-X, Simpl, BDVA, Sitra, Fraunhofer, Digital New Deal.

No. The EU promotes openness and interoperability rather than a single product. Data spaces mix open source and commercial components as long as they conform to the agreed Rulebook and common protocols. There exist many tech stacks (e.g., Simpl, EDC, Prometheus-X, Pontus-X, FIWARE, iShare) and solution or integration providers (e.g., Amadeus, Visions, Sovity, DeltaDAO).

No. Many data spaces rely on web standards, verifiable credentials and policy-based usage control. Distributed ledgers are optional for notarisation or multiparty logs, not mandatory. One of the most used blockchain based technology in data spaces is Pontus-X.

GDPR applies as usual, strengthened by DGA trust mechanisms and the data space’s Rulebook (e.g., intermediation roles, consent/mandates, logging, audit trails). The main legal base for sharing personal data in data spaces is GDPR consent. This process involves personal identity & consent management tools (e.g., MyTravelConnect based on EUDI personal wallets). The Prometheus-X technological stack (including connectors) provides specific personal data sharing protocols (identity, consent, contracts, rulebooks, etc.).

Faster partnerships (shared rulebook & onboarding), lower integration costs (reusable building blocks), new services/revenues, and sovereignty (keep data at source while enforcing policies).

Often a neutral orchestrator (association/consortium) convenes public and private stakeholders; members co-govern via the rulebook and shared trust services provided in line with DSSC guidance.

Adopt open rulebooks and interoperability profiles, use recognised trust frameworks/labels, and base integration on widely-adopted protocols (e.g., DSP). This lets you change components while remaining compliant.

Yes. Keep data where it is and expose data products from your data lake through a connector and machine-readable policies/contracts that conform to the Rulebook and protocol (e.g., DSP/EDC, Prometheus-X). The data lake can be seen as a single data space participant, or it can transition to a data space by equipping all participants with individual connectors.

Yes—Digital Europe and Horizon Europe fund many initiatives. Some EU member states like France, Germany, Spain, Portugal, Luxembourg, the Netherlands, and others, fund data space initiatives. The Data Spaces Support Centre (DSSC) publishes free Blueprints and starter kits covering business, legal/governance, operational and technical aspects.

By aligning trust anchors, onboarding criteria, catalogue federation, identity and semantic profiles—documented in DSSC blueprints—and using compatible protocols (e.g., DSP) to enable end-to-end cross-domain use cases. In practice, most initiatives start with intra–data space interoperability; robust inter–data space federation is emerging and still maturing.

With the AI Act now in force, obligations phase in during 2025–2026, and the growing interest for trustworthy and sovereign AI by many EU public and private organisations, data spaces appear as a potential solution. The topic remains very new, data spaces were focused on data initially. The Gen4Travel (EONA-X) and Gen4Legal (Legal Data Space) that Onecub is contributing to develop are amongst the first AI initiatives natively built on top of a data space.

What is new with data spaces?

What is a “Common European Data Space”, how is it different from a data space?

How many data space initiatives exist today?

How is a data space different from a data lake or platform?

Which EU regulations matter most for data spaces?

Are there data spaces in all sectors?

What makes data spaces unique versus “just APIs/standards”?

What is the “Rulebook” of a data space and why do we need one?

How do participants trust each other?

Which standards and building blocks are common to all data spaces?

Do all data spaces use the same technological stack?

Is blockchain required?

How do data spaces handle personal data (GDPR)?

What benefits do organisations actually see in data spaces?

Who typically initiates a data space?

How do we avoid vendor lock-in?

Can our existing data lake/platform join a data space?

Is there EU funding or guidance to get started?

How do multiple data spaces connect (federation)?

What’s the timeline for AI in data spaces?