(A.) Policy and legislation

A.1) Policy objectives

Digital technologies are transforming the economy and society, and data is at the centre of this transformation. Data-driven innovation will be essential for the modernisation of Europe and the data economy which has the potential of bringingenormous benefits for citizens, for example in support to medicine, mobility, Green Deal.The key role of data is reflected in many chapters of the rolling plan outlining the respective sector specific aspects. On top of that, and addressed in this chapter, data is of foundational and horizontal relevance.

As stated in the Communication “A European strategy for data”, policy initiatives aim to “create a single European data space – a genuine single market for data, open to data from across the world – where personal as well as non-personal data, including sensitive business data, are secure and businesses also have easy access to an almost infinite amount of high-quality industrial data, boosting growth and creating value, while minimising the human carbon and environmental footprint ... [and]where EU law can be enforced effectively, and where all data-driven products and services comply with the relevant norms of the EU’s single market”.

The right to the protection of personal data is guaranteed by the EU Charter of fundamental rights and, together with the single market, is one of the EU founding principles. The European Commission is committed to ensuring fairness in how the value from using data is shared among businesses, consumers and accountable public bodies.

The GDPR and the new ePrivacy Regulation, expected to replace the ePrivacy Directive, provide the basic legal framework for respecting the European Charter in terms of data protection. The collection and use of personal data in compliance with the rules on the one hand, and the availability of non-personal data on the other hand, are necessary conditions to maximise the benefits from innovation and competition.

The European strategy for data is essential to govern new technologies and create business opportunities, while respecting fairness and the EU fundamental rights. Standards are one of the key elements of the data strategy instruments to support its implementation enabling international competition in a geopolitical context and on the basis of European values and rights.

The following tasks are especially in the focus of policy initiatives and of needs for a thriving data economy:

  • Availability of data
  • Imbalances in market power
  • Data interoperability and quality
  • Data governance
  • Data infrastructures and technologies
  • Data lifecycle: collection, record keeping, archival and long-term preservation of information
(A.2) EC perspectiveand progress report

The main initiatives already adopted to date are:

  • Regulation (EU) 2016/679 (GDPR) andePrivacy Directive 2002/58/EC (to be replaced with ePrivacy Regulation), with regard to the processing of personal data - dealt with in chapter 3.0.3 on e-Privacy
  • Regulation (EU) 2018/1807 on the free flow of non-personal data- dealt with in chapter 3.1.3 on Big Data, Open Data and Public sector information that covers data other than personal data as defined in the GDPR and introduces requirements on Member States not to introduce restrictions on their territory on the processing of non-personal data, with few exceptions;
  • Regulation (EU) 2019/881 on the Cybersecurity Act (CSA)- dealt with in chapter 3.0.2 on Cybersecurity;
  • Directive (EU) 2019/1024 on open data and re-use of public sector information -dealt with in chapter3.1.3 on Big Data, Open Data and Public sector information and in chapter 3.2.4 on eGovernment;

Building on what has already been achieved in recent years, the European Strategy forData aims to achieve a genuine single market for data by providing for the introduction of policy measures and funding.

The four key instruments of the European Strategy for Data

The European Strategy for Data aims to identify rules to balance rights and obligations for online and offline services to respect the rights of the European Charter.

In particular, the European Strategy for Data has four key instruments at its core aiming at creating a fair and trusted environment, regulate market power and drive innovation with data as raw material:

  • The Data Governance Actaims to foster the availability of data for use by increasing trust in data intermediaries and by strengthening data-sharing mechanisms across the EU;
  • the Digital Market Act (DMA)aims to regulate large online platforms that qualify as gatekeepers, i.e. operators who control access to a certain market or platform;
  • The Open Data Directive - this is dealt with in detail in chapter 3.1.3 on Big Data, Open Data and Public sector information
  • The Data Act which is under development and intended to ensure fairness in the allocation of data value among the actors.

These four key instruments are complemented by other legal acts and policies. These include the Digital Services Act which addresses the context of the provision of digital services to citizens and businesses; the proposal aims to balance the responsibilities of users, platforms and public authorities by defining a common European framework that gives greater legal certainty to digital service providers while ensuring respect for European values.

The European Interoperability Framework (EIF) recommends that a long-term preservation policy is formulated for records and information in electronic form held by public administrations for the purpose of documenting procedures and decisions, to keep their legibility, reliability and integrity for as long as need be accessed.

Data lifecycle, including data collection, record keeping, archival and - when necessary - long term preservation of information, supports society’s demand for trustworthy records and legal certainty associated with Data Strategy key instruments and application of AI algorithms.

The following section A.3 provides all relevant references.

(A.3) References

(B) Requested actions

Action 1 SDOs to identify and inform about standards that are available or under way and that are of relevance in supporting the digital transformation at the level of data-innovation and of the data economy.

Action 2 SDOs to collaborate on developing a programme for addressing standardisation needs around all the data lifecycle, from data collection to record keeping, archiving and long term preservation of information and start the respective standardisation activities.

Action 3 In the context of the MSP, start an analysis on the role of open source software complementing standardisation for the data economy, e.g. with APIs, protocols, service delivery and other platforms.

Action 4 SDOs to identify and inform about standards that are available or under way and that are of relevance in supporting the interoperability of data as well as data sharing services between different sectors and domains.

Action 5 SDOs to develop standards in support of the Data Governance Act, the Digital Services Act and the Digital Markets Act, taking into account the results of ISA2 program.

(C) Activities and additional information

(C.1) Related standardisation activities

CEN/TC 468 ‘Preservation of digital information’

CEN/TC 468 works on standardisation of the functional and technical aspects of the preservation of digital information. It will develop standards aiming at achieving a European harmonization on best digital preservation practices: interoperability, integrity, portability of information during its lifecycle, etc. The development of these standards will follow the principles of Security by Design and Privacy by Design, in order to ensure highest security requirements and privacy protection for European citizens. One of the main objectives for the TC will be to coordinate and share national approaches and knowledge, in order to identify similarities and common views that will help to elaborate, through consensus, a European approach to the subject matter. As such, digital preservation can be part of the eIDAS-ecosystem, relying on a framework for eIDAS-based trust services and for European Digital Identities and preserving evidence.

CEN-CLC/WS DS ‘Digital sovereignty’

This workshop, proposed by AFNOR, VDE/DKE and IEEE, aims at defining the concept of digital sovereignty with its associated terminology and framework. It will allow to identify and anticipate future associated standardisation requirements supporting the implementation of a European approach on Sovereignty, including promoting an open market through the development of interoperability standards.


ETSI TS 119 511 Electronic Signatures and Infrastructures (ESI); Policy and security requirements for trust service providers providing long-term preservation of digital signatures or general data using digital signature techniques

ETSI TS 119 512 Electronic Signatures and Infrastructures (ESI); Protocols for trust service providers providing long-term data preservation services


ISO 14721:2012 Space data and information transfer systems — Open archival information system (OAIS) — Reference model

ISO 20614:2017 Information and documentation — Data exchange protocol for interoperability and preservation

ISO 15489 Information and documentation — Records management (multipart)

ISO 20104:2015 Space data and information transfer systems — Producer-Archive Interface Specification (PAIS)

ISO 20652:2006 Space data and information transfer systems — Producer-archive interface — Methodology abstract standard


ISO/IEC JTC 1/SC 32 Data management and interchange

Standards for data management within and among local and distributed information systems environments

ISO/IEC JTC 1/SC 7 Software and systems engineering

ISO/IEC 25012 “Data quality model” defines a quality model for data in structured format, which can be used to establish requirements, to define measures or to plan and perform data quality assessments.The concept of “data quality” refers to the usefulness of the information derived from data.

ISO/IEC JTC 1/SC 40 IT Service Management and IT Governance

Published standards:

ISO/IEC 38500:2015 Information technology - Governance of IT for the Organization

ISO/IEC TS 38501:2015 Information technology - Governance of IT - Implementation Guide

ISO/IEC TR 38502:2017 Information technology - Governance of IT - Framework and Model

ISO/IEC TR 38504:2016Governance of information technology — Guidance for principles-based standards in the governance of information technology

ISO/IEC 38505-1:2017 Information technology — Governance of data — Part 1: Application of ISO/IEC 38500 to the governance of data

ISO/IEC 38505-2:2018 Information technology — Governance of data — Part 2: Implications of ISO/IEC 38505-1 for data management

Standards under development:

ISO/IEC FDIS 38503 Information technology — Governance of IT — Assessment of the governance of IT

ISO/IEC PRF TS 38505-3 Information technology — Governance of data — Part 3: Guidelines for data classification

ISO/IEC WD TS 38508 Information technology— Governance of IT— Governance implications of the Use of Shared Digital Service Platform among Ecosystem Organizations

ISO/IEC JTC 1 SC 27 WG 5 Identity management and privacy technologies: Please see the chapter on cybersecurity

Relevant standards for data security and privacy are developed. Please see the respective chapters on “Cybersecurityand on “Privacy” in this Foundational Drivers section.


The OASIS Open Data Protocol (Odata) standards support querying and sharing and re-use of data across disparate applications and multiple stakeholders. OASIS OData standards have been approved as ISO/IEC 20802-1:2016 and ISO/IEC 20802-2:2016.

The OASIS ebXML RegRep standards define service interfaces, protocols and information model for an integrated registry and repository. The repository stores digital content while the registry stores metadata that describes the content in the repository.


Selected List:

The Web of Things (WoT)

Data Catalog Vocabulary (DCAT) - Version 2 (2020-02-04) Recommendation and Working Draft on DCAT Version 3

JSON-LD 1.1 (2020-07-16)

Open Digital Rights Language (ODRL) Version 2.2.(2018-02-15)

Shapes Constraint Language (SHACL)(2017-07-20)

Web Annotation Data Model (2017-02-23)

Data on the Web Best Practices (2017-01-31)

Provenance (Overview with links to standards of the provenance familiy 2013-04-30)

Data Privacy Vocabularies and Controls CG

RDF-DEV CG developing RDFstarextends RDF with a compact way of annotating triples (and creates interoperability with property graphs)

See Data Activity Page for an overview.

(C.2) Other activities related to standardisation

The European Interoperability Framework (EIF)

The European Interoperability Framework (EIF) adopted on 23 March 2017 provides specific guidance on how to set up interoperable digital public services. EIF is undertaken in the context of the Commission priority to create a Digital Single Market in Europe. It offers public administrations 47 concrete recommendations on how to improve governance of their interoperability activities, establish cross-organisational relationships, streamline processes supporting end-to-end digital services, and ensure that both existing and new legislation do not compromise interoperability efforts.

A related on going framework is under development i.e. the Smart Cities and Communities European Interoperability Framework (EIF4SCC). EIF4SCC aims to support local administrations and other actors with challenges that relate to providing interoperability services to citizens and businesses. The Framework intends to support primarily local administrations and, in particular, local policy makers. This work in progress is jointly managed by DG DIGIT as part of the ISA² Programme (2016-2020), and by DG CONNECT in the framework of the movement.

CEF e-Archiving

Important information should be kept accessible and reusable for years to come, regardless of the system used to store it. eArchiving provides core specifications, software, training and knowledge to help people preserve and reuse information over the long-term.


The Digital Information LifeCycle Interoperability Standards Board (DILCIS Board) develops, publishes and supports standards which provide practicalinteroperability in digital archiving. SIARD (Software Independent Archiving of Relational Databases) v2.2, August 31, 2021)

E-ARK Project (European Archival Records and Knowledge Preservation)

E-ARK was a multinational big data research project that improved the methods and technologies of digital archiving, in order to achieve consistency on a Europe-wide scale.


SWIPO (Switching Cloud Providers and Porting Data), is a multi-stakeholder association facilitated by the European Commission, in order to develop voluntary Codes of Conduct for the proper application of the EU Free Flow of Non-Personal Data Regulation / Article 6 “Porting of Data”. See


Gaia-X is the European Association for Data and Cloud AISBL founded with the goal to develop technical solutions and regulatory frameworks and ensure that necessary central facilities as well key federation services to guarantee the envisaged data infrastructure are made available. See

The official portal for European data