Why

Data sovereignty

Data spaces

International standards

We

Become a member

Members

Donate

Board

Head Office

IDSA ambassadors

Contact

Make

Working groups

Task forces

Hubs & competence centers

Open source

Projects

Communities

Offers

Reference Architecture

Dataspace Protocol

IDSA Rulebook

Certification

Data Space Connector Report

Use

Data Space User Group

Data Spaces Radar

Professional qualifications

Training catalog

Knowledge Base

Publications

Most important documents

Papers

Magazine

Legacy

Events

Upcoming events

Calendar

Archive

Event support

News

Blog

Newsroom

Infohub

Newsletter

July 16, 2026

Data spaces provide the governance layer AI needs

An AI system that consumes data from multiple organizations raises questions that a single organization cannot answer on its own. Where did the data come from? Who authorized its use? What conditions apply? Can those conditions be verified, not just stated? These questions make the difference between AI that is auditable and AI that is not.
Anil Turkmayali

IDSA’s position paper Data Spaces and AI: Trustworthy Agentic Participation in Data Spaces sets out how data space infrastructure addresses each of these questions, and why this matters for the regulatory requirements now taking effect across multiple jurisdictions.

Trust as a verifiable property

The paper frames trust as a precondition, not an outcome. An organization will allow an external agent to act on its data only if it can verify, before any action, that the agent, the data and the services involved are what they claim to be.

In a data space this verification is automated. Verifiable Credentials carry fitness attestations, accreditation proofs and conformity certificates alongside the assets they describe. A participant can check them at the point of use without retrieving documents manually and without gaps in the audit chain. The trust hierarchy that organizes these credentials means each check can be verified locally without re-involving whoever issued it.

This makes two distinct things verifiable. The first is the AI system itself: the quality and conformity of a model become transparent through data space credentials, and a bill of data, a bill of software and a bill of licences can document what went into its training. The second is data access: participants have full transparency over what data may be used for what purpose, which directly supports both intellectual property protection and compliance with data governance rules.

Data quality and what it means for AI

One of the most persistent challenges for AI is not a lack of algorithms but a lack of reliable, well-described and legally usable data. AI systems depend on data that is accurate, representative, timely and sufficiently complete for the purpose. Across organizational boundaries, this challenge is sharper: the relevant data often sits with competitors, public authorities, suppliers or research institutions, and even where it exists it may be withheld for reasons of confidentiality, commercial sensitivity or privacy.

A data space addresses this by creating a governed environment for trusted sharing without centralizing the data. Each dataset carries its provenance, collection method, update frequency, quality indicators, semantics, usage constraints and licensing — the context a developer needs to judge whether it is fit for a given purpose. Treated this way, a dataset becomes what the paper calls a data product: not raw signals, but information refined for reuse, carrying the content, quality, context and machine-readable format that a model or application can consume directly.

Observability and regulatory compliance

The paper covers the regulatory landscape in depth. Across the EU, Japan, China, South Korea, Brazil, India and the United States, the approaches to AI governance differ — from binding horizontal regulation under the EU AI Act (Regulation 2024/1689) to promotion-oriented soft law and sector-specific rules. The common thread is that whatever the regulatory style, data spaces supply the operational mechanisms that turn governance expectations into verifiable practice: identity, usage policies, provenance and audit logs.

For EU-based organizations, the alignment is direct. The EU AI Act’s requirements around data governance, documentation and traceability can be demonstrated in practice rather than only asserted, because data space infrastructure records what was exchanged, under which policies, by whom and for what purpose. GDPR compliance is supported in the same way. The European Health Data Space Regulation already mandates compute-to-data approaches for secondary use of health data, and data spaces such as genome.de and sphin-X are implementing these approaches in practice.

Observability and traceability — the ability to reconstruct where data came from, how it was modified, who accessed it and whether it was used according to agreed conditions — are core operational capabilities of a trustworthy data-sharing environment, as defined in ISO/IEC 20151-1. The paper is specific about what this enables: AI governance shifts from a static documentation exercise to an operational capability.

The limits of data space guarantees

The paper is careful about the limits of what data spaces can provide. A data space cannot make a model fair or a dataset unbiased. It can make the provenance, quality, permitted uses and accountability of the data verifiable to everyone who relies on it. That turns several of the EU High-Level Expert Group’s trustworthy AI requirements from stated commitments into properties that can be checked.

Where synthetic data is shared in a data space, its synthetic nature can be explicitly declared through metadata, provenance information, usage policies and quality indicators. Consumers can then assess suitability without assuming equivalence with the original data. That transparency is the contribution — not a guarantee of fitness, but a basis for informed judgment.

The third post in this series covers agentic participation: how AI agents can act inside data spaces under delegated identity, and what governance structures make this safe at scale.

Author: Anil Turkmayali
Anil Turkmayali is the editor of the IDSA position paper Data Spaces and AI: Trustworthy Agentic Participation in Data Spaces and a lead contributor to IDSA's AI and data spaces task force.

Stay updated with us