New European standard aims to support trusted cross-border data sharing
CEN and CENELEC have published a new standard defining terminology and mechanisms for trusted data transactions across European data-sharing systems.
CEN and CENELEC have published EN 18235-1:2026, a new standard intended to establish common foundations for trusted data sharing across organisations and sectors in Europe.
The document was developed by the joint technical committee on data management, data spaces, cloud, and edge technologies. It is the committee’s first published deliverable and focuses on terminology, concepts, and operational mechanisms for trusted data transactions.
The standard addresses a practical problem in data governance: organisations often avoid sharing data because rights, obligations, ownership conditions, or permitted uses are unclear. Another challenge is discoverability, where potentially useful datasets cannot easily be located or reused across systems.
EN 18235-1:2026 introduces common concepts for “data products”, described as shareable units combining datasets with metadata, semantic information, and usage rights linked to data rights holders.
The framework is intended to support interoperability and accountability between multiple actors involved in data sharing, including providers, users, intermediaries, and rights holders.
The standard is also linked to the EU’s Common European Data Spaces initiative, which aims to create sector-specific environments for data exchange across areas such as health, industry, energy, mobility, agriculture, and public administration.
One practical example highlighted by the standards bodies concerns agricultural data. The framework could support interoperable sharing of information related to weather conditions, soil quality, fertiliser use, pollution, machinery, and animal health between farmers, public authorities, researchers, and private companies.
The issue is not only technical interoperability but governance interoperability. Data-sharing systems often fail because participants use incompatible rules for permissions, metadata, access conditions, or accountability structures, even when technical connectivity exists.
