Bridging the gap between citizen science and environmental policy enforcement through interoperable data infrastructure.

ENFORCE* is an EU-funded Horizon Europe initiative empowering citizens to protect the environment by bridging the gap between grassroots citizen science data and the strict requirements needed for legal enforcement. The project introduces a “Data Readiness Level” framework to ensure environmental data is trustworthy and usable across eight European pilot sites. To support this, 52°North leads the technical design and development of the project’s geospatial information infrastructure. We are responsible for implementing the backend of the pan-European “Tools Plaza,” ensuring all data workflows are driven by standard-based OGC APIs. Ultimately, our work will ensure seamless, interoperable data sharing between citizens and public authorities within the broader Green Deal Data Space ecosystem.

The ENFORCE Data Space Compliance Platform serves as a multi-tool suite designed to integrate citizen science data and external data sources. By facilitating data certification and visualization, the platform helps overcome reporting hurdles faced by both the public and regulatory bodies. Its primary goal is to transform community-sourced information into a format that is fully usable for environmental enforcement purposes.

In this blog post, we describe the latest developments within the ENFORCE project regarding the Data Space Compliance Platform. Based on the evaluation of the project’s case studies, three general mechanisms for collecting data were identified.

1. Fetch data from (open) APIs

Citizen-generated data is made available via an Application Programming Interface (API), with both access methods and data formats defined through standardized descriptions. This standardization enables the automated creation of data schemas and clients, which can then be used to gather data and periodically check for updates. However, this method offers only partial control over data and metadata, since the entire workflow relies on the API’s operational status. Furthermore, unanticipated modifications to endpoints or data models may result in retrieval failures.

2. Push data to ENFORCE environment

In this method, data is transferred from case study environments to specific endpoints provided by ENFORCE services. Implementing this approach requires prior evaluation of data schemas and the setup of dedicated reception endpoints. While this enables data ingestion, it results in limited control regarding data and metadata. Furthermore, it creates a significant reliance on the data collector to perform consistent uploads of new or modified data while ensuring strict adherence to established data formats.

3. Collect data using ENFORCE components

The third mechanism involves gathering data via tools supplied by ENFORCE or storing it solely within the ENFORCE ecosystem. Although this strategy demands higher implementation effort for both server and client sides, it grants absolute authority over the data and metadata. While the first and second collection methods are currently active, ENFORCE uses internal storage for all data to facilitate comprehensive, end-to-end provenance.

Data Provenance

The ENFORCE platform maintains data integrity by storing all incoming data as individual files and generating unique hash values for each. This tracking information is logged within the database schema to ensure a robust audit trail. To capture the full lifecycle of information, the platform creates distinct file and hash combinations for every subsequent update or processing event. A specialized Observation Service manages this provenance tracking by continuously monitoring data collection, updates, and processing activities. This oversight extends to manual human interventions, such as when a user updates a case status from open to closed, ensuring that metadata changes are fully documented.

Data Space Compliance

Data space compliance mechanisms establish the rules, technical standards, and governance procedures required to maintain alignment with legal standards and data space policies throughout the complete data lifecycle. These systems are built on several essential pillars: detailed regulatory assessments, the precise mapping of participant roles and responsibilities, and the deployment of rigorous security and privacy protocols. Furthermore, they facilitate the development of trust-based technical and legal environments through the use of machine-readable policies and uniform data usage contracts.

Regulatory Framework Analysis

The analysis of the regulatory framework involves two primary actions:

• Legal Provisions Mapping: Pinpoint and outline all applicable legal requirements, including the Data Governance Act, the Data Act, and the GDPR, that are activated by particular use cases, actors, and data types.
• Core Actor Comprehension: Identify the specific roles and obligations of various entities operating in the data space, such as Data Intermediation Service Providers (DISPs).

Governance and Policies

The fundamental pillars of Governance and Policies within the data space are:

• Defining Roles and Responsibilities: Ensuring all participants have a clear understanding of their specific duties, rights, and legal obligations.
• Governing Authority Establishment: Creating a dedicated body to provide guidance on regulatory compliance, EU values, and the development of internal data policies.
• Standardized Contractual Frameworks: Implementing machine-readable data use agreements, such as Data Processing or Exchange Agreements, that remain consistent with technical requirements.

Technical and Security Measures

The ENFORCE platform relies on several key technical and security mechanisms to ensure a compliant and secure data environment.

• Automated Policy Enforcement: We implement technical mechanisms to automatically apply data usage and access rules, which maintains compliance throughout all data exchanges.
• Robust Cyber Resilience: To safeguard infrastructure and data, we integrate advanced security measures such as encryption and strict access management.
• Dataspace Protocol Standards: By adopting established protocols for cataloging, sharing, and contract negotiation, we guarantee both trust and technical interoperability.

​Trust and Attestation

Establishing trust is achieved through:

• Credential-Based Identity Attestation: Leverage verifiable credentials to validate participant identities and confirm membership status across the data space.
• Certified Trust Anchors: Engage accredited organizations for issuing attestations that validate identity, security, and compliance claims, thereby safeguarding the reliability of data services.

FAIR principles

We introduced the four FAIR principles to improve research data management and reuse.

• Findable: Data are discoverable with unique identifiers, metadata, and search functionalities.
• Accessible: Data can be accessed under clearly defined conditions, including appropriate licenses and authentication.
• Interoperable: Data can be exchanged and reused by different applications and systems through the use of standardized vocabularies and metadata.
• Reusable: Data is well-described, with clear information on its origin and use, allowing for its future use in other research or applications.

Linking Data Spaces with FAIR principles

By establishing the technical infrastructure necessary for cross-organizational information exchange, data spaces facilitate the implementation of FAIR principles. These environments ensure data is both discoverable and accessible while maintaining usage controls. Through secure, federated frameworks, participants can engage in data sharing while retaining sovereignty over their own resources. The ENFORCE environment supports these goals by using open standards for the cataloging and access of both data and metadata.

Technical Aspects of Data Space Compliance 

The architecture of the Data Governance and Processing Layer is shown in the following image.

The Services of the Data Space Compliance Platform are described in detail as follows.

Data Store: This component serves as the repository for either the primary data gathered from various case studies or the corresponding references to that data.

Case Study (CS) API Connector: Responsible for retrieving data from individual case studies, this element will likely be partitioned into several sub-modules to accommodate the diverse range of data-sharing protocols used.

Earth Observation (EO) API Connector: Acting as the interface for Earth Observation data portals, this component manages all necessary external connections.

Data Cleansing: This module handles the preliminary cleansing of data.

EC-Data Readiness Level (DLR) Classification: This component monitors the various phases of classification for Data Readiness Levels for Environmental Compliance (EC). While certain aspects of this process may be managed by internal automated procedures like data cleansing, other elements may rely on evaluations provided by external specialists.

Provenance Service: Tasked with managing the history of information, this element archives provenance records for all data sets originating from the various case studies.

Policy Enforcer: This component is responsible for the implementation and oversight of data access policies.

Data Space Connector: This module facilitates Data Space integration by managing metadata queries, performing authentication, and executing secure data transfers.

Acting as the primary access point for third-party interactions, the Data Space Connector operates as both a Data Provider and a Data Consumer. Its core capabilities include managing contract negotiations, which require registered identities, and processing usage policies. To ensure broader discoverability, catalogs must be integrated into a federated catalog system.

The following figure shows the Eclipse Data Space Connector.

 

(source: https://newsroom.eclipse.org/eclipse-newsletter/2024/june/eclipse-dataspace-protocol-pioneering-interoperability-and)

The architecture depicts a core set of services fundamental to Data Spaces. While these form the baseline, specific implementations of a Data Space may incorporate supplemental elements to meet their unique needs. Examples of such additions include a metadata broker, a vocabulary hub, or the suite of P*P services, e.g., Policy Enforcement Point (PEP) or Policy Administration Point (PAP).

Blueprints for Data Space Components are defined by the Data Spaces Support Centre (DSSC), which facilitates the implementation of shared European data spaces. The technical building blocks established by the DSSC are illustrated in the figure below.

(source: Data Spaces Blueprint v2.0 Technical Pillars (https://blueprint.dssc.eu/?pane=technical, accessed 29.05.2026))

The ENFORCE Data Space Compliance Platform components are categorized into the following foundational pillars:

• Data Interoperability: Within this pillar, the ENFORCE Data Store defines data models and manages secure exchanges, while the ENFORCE Provenance Service ensures comprehensive observability, traceability, and provenance.
• Data Sovereignty and Trust: The ENFORCE Data Space connector manages identity through a trust framework. Additionally, the ENFORCE Policy Enforcer maintains stakeholder-defined policies and regulates data access across the platform.
• Data Value Creation Enablers: Currently, the ENFORCE Provenance Service functions as a catalog, overseeing the description, publication, and discovery of data and services.

Value is further added to gathered data through the ENFORCE Data Cleansing and EC-DRL Classification services. Future development efforts are focused on integrating Earth Observation Data, expanding data collection from case studies, establishing a connection to the Green Deal Dataspace, and refining end-to-end provenance mechanisms.

 

* ENFORCE has received funding from the European Union’s Horizon Europe Research and Innovation Programme under grant agreement 101134447.

** supported by AI