A Compliant Data Exchange technology

Providing organizations with a comprehensive set of features to be in compliance with data regulations and data exchange frameworks.

Data regulations such as the European Data Governance Act (DGA), Data Act (DA) and AI Act are often seen as contraints but they are also thought to facilitate and accelerate secure & trusted data exchanges. These EU regulations define the conditions to exchange data in trusted environments, and open a whole new world of possibilities for organizations to develop new & innovative Data Exchange services.

Compliance to data exchange regulations

Data regulations are constantly evolving, Europe being in lead with the General Data Protection Regulation (GDPR) in application since 2018, the DGA since September 2023, and the Data Act which became applicable on September 12, 2025, with certain provisions phased in through 2026 and 2027. Several other data regulations continue to be developed and refined.

These regulations place specific responsibilities on the orchestrators and participants of Data Exchange ecosystems regarding personal data, B2B data, IoT data, altruistic or public sector data.

Regulations may differ between countries, bringing additional complexity to organizations seeking to exchange data products across regions.

Dawex Data Exchange technology enables your organization to be in conformity with the current data regulations, across regions. Dawex technology constantly evolves to prepare and ensure readiness to future data regulations.

Compliance with personal data regulations

The Data Exchange Solution provides full compliance with European GDPR to the orchestrator and the participants. The solution encompasses the required features to adapt to non-European personal data regulations such as the Act on Protection of Personal Information (APPI) in Japan, the Personal Information Protection Act (PIPA) in South Korea, the California Consumer Privacy Act (CCPA), or the Lei Geral de Proteção de Dados (LGPD) in Brazil.

The Dawex Data Exchange Solution provides frameworks and processes to identify data products containing personal data, and treat the data transaction & the licensing accordingly. By providing API access to consent managers, Dawex Data Exchange solution allows data providers and data acquirers to make sure the consent of the data subject is actually given before the data flows to the data acquirer.

compliance-personal-data-regulations

Compliance with the European Data Governance Act and Data Act

Europe is at the forefront of data regulations, and demonstrates once again its leadership position with the Data Governance Act (DGA) and the Data Act (DA). These initiatives also set reference for the rest of the world as GDPR did.

  • The European Data Governance Act, which entered in application in all EU countries on September 24, 2023, aims at facilitating access to data and accelerating data exchange across organizations by establishing trust between data exchange ecosystems participants.
  • The DGA extends its scope to all types of data, particularly to non-personal or industrial data.

  • The DGA defines the new role of “Data Intermediation Services Provider”, whose obligations include, among others, to strictly separate data exchange activities from potentially conflicting activities such as data processing, on a legal and commercial level.

By using the Data Exchange solutions from Dawex, the orchestrator natively complies with key provisions of the DGA. Labeled as “Data Intermediation Service Provider recognized in the Union” by the designated national competent authority, the orchestrator therefore greatly increases the level of trust provided through its data exchange services.

Dawex follows and contributes to the design of new data regulations. Its technology ensures that data providers comply with the EU Data Act, now fully applicable since September 12, 2025. Connected product manufacturers benefit from powerful data distribution and governance capabilities to ensure they can comply with the obligation to share usage data with the connected product users.

Further explore the DGA & DA
EN EU-Recognised Data Intermediary POSITIVE VERTICAL (RGB)
Further explore the DGA & DA

Compliance with the European AI Act

The EU AI Act, which entered into force on August 1, 2024, is being implemented in phases: prohibited AI practices and AI literacy obligations became applicable on February 2, 2025; governance rules and obligations for General Purpose AI (GPAI) models became applicable on August 2, 2025; with full application on August 2, 2026. 

The EU AI Act aims to guarantee the protection and security of people & fundamental rights, as well as non-discrimination, transparency, and respect of democratic values. As such, AI models have to be explainable, transparent, and documented. Using Dawex Data Exchange solutions to source and distribute data for AI models helps tackle these challenges as:

  • Model developers can source quality data, and ensure full traceability to improve the transparency of their models.
  • Content owners can distribute their data with full IP protection, and generate new revenues.

Gaia-X Trust Framework

Dawex is day-1 member of Gaia-X, leading the Data Exchange Services Specification working group. Dawex Data Exchange technology natively complies with the latest Gaia-X Trust Framework, ensuring interoperability with Gaia-X compatible data spaces:

compliance-gaia-x

Data Free Flow with Trust

The Data Free Flow with Trust (DFFT) concept was introduced at the World Economic Forum Annual Meeting in Davos in 2019 as a new model for global data governance

Trust is central to the DFFT concept which aims to reconcile two related and compatible policy objectives:

  • Promoting free data flows across borders to foster economic growth
  • Protecting individual privacy, national security, and IP through trusted regulations. 

The Institutional Arrangement for Partnership (IAP) for DFFT, established in 2023, is now operational and hosted by the OECD. G7 Data Protection and Privacy Authorities continue to advance DFFT operationalization, with their June 2025 Roundtable in Canada reaffirming commitments to identifying commonalities between transfer tools and fostering future interoperability.

Dawex has been actively involved in the DFFT workgroup of the World Economic Forum, co-authored the Briefing Paper “Data Free Flow with Trust: How to overcome barriers in cross-borders data flows” and also contributed to the white paper “From Fragmentation to Coordination: The Case for an Institutional Mechanism for Cross-Border Data Flows” which was released at the World Economic Forum Digital Transformation Summit in April 2023.

Dawex also actively participated in the DFFT workgroup of the Data Society Alliance, a major association in Japan, which issued and presented in Japan a set of 12 recommendations for advancing the operationalization of DFFT.


Compliance with the harmonised European Standard on Trusted Data Transactions

Trust is of paramount importance when it comes to engaging in Data Exchange. As of March 25, 2026, the CEN & CENELEC officially made available the first standard in the harmonised European Standard series on Trusted Data Transactions —EN 18235-1:2026, requested by the European Commission as part of Mandate M/614 - EU Trusted Data Framework.

In 2023, Dawex co-proposed a CEN Workshop Trusted Data Transaction together Fraunhofer ISST and TNO, federating a broad ecosystem including Gaia-X, IDSA, BDVA, FIWARE, Microsoft, EDF, Airbus, and Hub One. The European Commission participated actively as an observer throughout. The Workshop drew on and synthesized existing de facto frameworks and ecosystems — Gaia-X, IDSA, and DSSC — translating their operational experience into the normative foundations of a trusted data transaction.

The aim of the Trusted Data Transaction working group was to identify and define the criteria that contribute to the creation of trust in data transactions, and how to measure it. The CWA Part 1 and Part 2 on Trusted Data Transaction have both been published and are publicly available.

EU Trusted Data Framework

The Workshop produced two voluntary pre-standards:

  • CWA 18125:2024 — Trusted Data Transaction — Part 1: Terminology, Concepts & Mechanisms (July 2024)

  • CWA 18245:2025 — Trusted Data Transaction — Part 2: Trustworthiness Requirements (July 2025)

On July 1, 2025, the European Commission has published in its final form a Standardization Request (Mandate M/614) for a harmonized European Standard on Trusted Data Transactions, under the umbrella of the European Trusted Data Framework, among other standardisation deliverables requests.

The two CWA were transposed into formal European standardisation within CEN/CLC JTC 25 WG2, following M/614 (accepted by CEN/CENELEC on July 1, 2025). The resulting EN 18235 "Trusted Data Transactions" series comprises three parts:

  • EN 18235-1:2026 — Part 1: Terminology, concepts and mechanisms. Published (ratified February 23, 2026, and available since March 25, 2026 ahead of the M/614 deadline of 1 June 2026).

  • EN 18235-2 — Part 2: Trustworthiness requirements. Under public enquiry. M/614 deadline: 1 November 2026.

  • EN 18235-3 — Part 3: Interoperability requirements. Public enquiry phase starting. M/614 deadline: 1 May 2027.

This is the first European initiative to formalise, in a cross-sectoral approach, the normative foundations of a trusted data transaction. The pre-standardisation work anticipated the Commission's formal standardisation request by more than two years, enabling rapid transposition and providing operational foundations to data space participants from the date the Data Act became applicable (12 September 2025). As a technology-agnostic standard, EN 18235 provides the regulation-aligned baseline that allows the diversity of existing technical ecosystems - Gaia-X, IDSA, DSSC and others - to interoperate without imposing a single implementation choice.

As harmonised European Standards developed under M/614, the EN 18235 series is designed to confer a presumption of conformity with the Data Act's interoperability requirements under Article 33, most directly through Part 3 (Interoperability requirements), which builds on the terminology and trustworthiness framework established in Parts 1 and 2.

 

Dive into the details of Trusted Data Transaction

Facilitating compliance with the EU Framework for Financial Data Access (FiDA)

The Financial Data Access (FiDA) Regulation (COM/2023/360), proposed in June 2023, extends open banking principles to the full spectrum of financial services — investments, savings, pensions, mortgages, insurance and credit data. It requires financial institutions to make customer data available to authorized third parties through standardized APIs, governed through Financial Data Sharing Schemes (FDSS), under customer consent. Trilogue negotiations between the Parliament, Council and Commission are ongoing, with expected adoption in 2026, and application phased over several years thereafter.

The organizations at the heart of FiDA - FDSS operators, open finance platform providers and financial data intermediaries - need robust technology infrastructure to orchestrate compliant, multi-party financial data ecosystems

Dawex Data Exchange Solution enables these operators to govern data exchanges under the scheme governance structure FiDA mandates, onboarding data holders and data users and managing access rights and consent frameworks.

Facilitating compliance with the European Health Data Space (EHDS)

The European Health Data Space Regulation (Regulation (EU) 2025/327), in force since March 26, 2025, establishes the EU’s first sector-specific data space. It creates a framework for primary use enabling individuals to access and share their health data across borders for care, and secondary use enabling researchers, companies and policymakers to reuse electronic health data for innovation, AI development and public health purposes. Key obligations for health data holders apply progressively from March 2027, with most secondary use provisions from March 2029.

Health data holders, platform operators and organizations building HDAB-adjacent services need technology capable of governing complex, multi-stakeholder health data flows under strict consent, purpose limitation and traceability requirements

Dawex Data Exchange technology enables these operators to structure health data product catalogues, enforce role-based data access control across primary and secondary use categories, while ensuring end-to-end auditability, ultimately supporting both EHDS data permit conditions and AI Act transparency obligations.

Facilitating compliance with the Construction Products Regulation and Digital Product Passport obligations

The revised Construction Products Regulation (Regulation (EU) 2024/3110), in force since January 2025, introduces a mandatory Digital Product Passport (DPP) for construction products - structured digital records covering material composition, environmental performance, lifecycle data and compliance documentation. DPPs for construction products are expected to become mandatory approximately 18 months after the EU digital infrastructure is established, currently anticipated around 2028–2029.

Meeting these obligations requires manufacturers, importers and construction industry platform operators to govern and distribute product related data across complex multi-party value chains. 

Dawex Data Exchange Solution enables construction stakeholders to manage DPP data products, control data access rights for different players such as regulators, buyers, recyclers,  and federate data exchanges across organizations while preserving each participant’s data sovereignty.

Facilitating compliance with the Digital Product Passport framework under ESPR

The Ecodesign for Sustainable Products Regulation (ESPR, Regulation (EU) 2024/1781), in force since July 2024, introduces Digital Product Passports across virtually all product categories placed on the EU market. The battery passport is the first confirmed mandatory DPP, required from 18 February 2027 under the EU Battery Regulation (Regulation (EU) 2023/1542). For other product categories such as textiles, furniture, electronics, steel and aluminium, specific requirements and compliance dates will be set through delegated acts progressively adopted from 2026 onwards; no binding dates beyond batteries have been confirmed to date.

The DPP is fundamentally a data exchange and governance challenge as manufacturers, importers, distributors and recyclers across global supply chains must share structured product lifecycle data under role-based access control, with persistent identifiers and full audit trails.

The Dawex Data Exchange Solution is the infrastructure that DPP digital service providers and industry data space operators need to orchestrate these multi-party flows, governing tiered access to services designed for public, B2B-restricted and confidential supply chain data, without bespoke implementations for each product category.

Alignment with Japan's Smart City Reference Architecture — City OS

The City OS is Japan's Smart City Reference Architecture, published in March 2020 by the Cabinet Office under the Society 5.0 framework. It defines the data exchange infrastructure that connects smart city services, assets and other systems across regions and sectors. City OS is built on three core characteristics: interoperability (service federation across cities via common APIs), data exchange (brokering of heterogeneous data across organizational and sectoral silos), and scalability (loosely coupled, building-block architecture), that reflect the same architectural principles underpinning European data space design and the Gaia-X Trust Framework.

City OS explicitly references the European Interoperability Framework (EIF) and the Open & Agile Smart Cities (OASC) Minimal Interoperability Mechanisms (MIMs) as architectural foundations — including the Ecosystem Transactions MIM, which covers catalogue management, ordering, license management and revenue management for data exchanges. The architectural principles of City OS - interoperability, data exchange and scalability - echo those underlying European data space design, making Dawex Data Exchange Solution a natural fit for organizations building data exchange services within City OS-aligned smart city ecosystems.

Security, a constant priority

Security and confidentiality are of paramount importance at Dawex. Technology, procedures and processes are regularly reviewed and constantly monitored & audited to deliver maximum security to our customers.

 

Product

Solutions

Why Data Exchange

About us

drapeau

GDPR compliant

Data Act ready

Data Governance Act ready

SOC-SizedLogo

SOC 2 & SOC 3 Security

and Availability Certifications

Awarded “Tech Pioneer” by the World Economic Forum

©2026 Dawex Systems. All rights reserved.