EN 18235-1:2026

SLOVENSKI STANDARD
01-maj-2026
Zaupanja vredne podatkovne transakcije - 1. del: Terminologija, koncepti in
mehanizmi
Trusted data transactions - Part 1: Terminology, concepts and mechanisms
Einführendes Element - Haupt-Element - Ergänzendes Element
Transactions de données de confiance - Partie 1: Terminologie, concepts et mécanismes
Ta slovenski standard je istoveten z: EN 18235-1:2026
ICS:
01.040.35 Informacijska tehnologija. Information technology
(Slovarji) (Vocabularies)
35.030 Informacijska varnost IT Security
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD EN 18235-1

NORME EUROPÉENNE
EUROPÄISCHE NORM
March 2026
ICS 01.040.35
English version
Trusted data transactions - Part 1: Terminology, concepts
and mechanisms
Transactions de données de confiance - Partie 1: Vertrauenswürdige Datentransaktionen - Teil 1:
Terminologie, concepts et mécanismes Terminologie, Konzepte und Mechanismen
This European Standard was approved by CEN on 23 February 2026.

CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for
giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical
references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to
any CEN and CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC
Management Centre has the same status as the official versions.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and United Kingdom.

CEN-CENELEC Management Centre:
Rue de la Science 23, B-1040 Brussels
© 2026 CEN/CENELEC All rights of exploitation in any form and by any means
Ref. No. EN 18235-1:2026 E
reserved worldwide for CEN national Members and for
CENELEC Members.
Contents Page
European foreword . 3
Introduction . 4
1 Scope . 5
2 Normative references . 5
3 Terms and definitions . 5
4 Objectives, stakeholders and concepts of trusted data transaction . 9
4.1 Objectives . 9
4.2 Stakeholders . 9
4.2.1 General. 9
4.2.2 Data provider, data producer and data user. 9
4.2.3 Data intermediary . 10
4.2.4 Trust service and trust anchors . 10
4.3 Concepts . 10
4.3.1 Data and data product . 10
4.3.2 Data transaction . 10
Bibliography . 13
European foreword
This document (EN 18235-1:2026) has been prepared by Technical Committee CEN/CLC JTC 25 “Data
Management, Dataspaces, Cloud and Edge”, the secretariat of which is held by UNI.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by September 2026, and conflicting national standards shall
be withdrawn at the latest by September 2026.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
Any feedback and questions on this document should be directed to the users’ national standards body.
A complete listing of these bodies can be found on the CEN website.
According to the CEN-CENELEC Internal Regulations, the national standards organisations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia,
Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland,
Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North
Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and the United
Kingdom.
Introduction
Data are now the backbone of the digital economy, enabling economic growth and competitiveness,
fostering innovation, improving public services or advancing scientific research. Seamless and secure
cross-border and cross-industry data flows, within and across data spaces or data ecosystems, have
become crucial for businesses and individuals worldwide. As technologies such as artificial intelligence
(AI) and internet of things (IoT) continue to evolve and spread, the importance of data exchange, data
sharing and data flows will only become more significant.
In its Communication on a European strategy for data of February 29, 2020, the Commission describes
its vision for the data economy, based on European values and fundamental rights and the conviction that
the human being remains at the centre.
Data spaces foster an ecosystem aiming to facilitate cross-border data flow and harmonizing regulations
across sectors within the EU, ensuring adherence to European rules and values such as personal data
protection, consumer protection, and fair competition.
The European strategy for data also seeks to establish clear, practical, and transparent rules for data
access and usage, alongside robust governance mechanisms, while adopting an open yet principled
approach to international data flows.
The legal environment around data exchanges and data transactions plays an essential role in the
development of data ecosystems, fostering a trust framework for all stakeholders. In Europe some of the
key regulations are:
— the Data Governance Act (DGA), which entered in force in the EU in June 2022 and is in application
since September 24, 2023. The DGA is a cross-sectoral instrument that aims to make more data
available by regulating the re-use of certain categories of protected data held by public sector bodies,
by boosting data sharing through the regulation of data intermediaries and by encouraging the
sharing of data for altruistic purposes. Both personal and non-personal data are in scope of the DGA,
and wherever personal data are concerned, the General Data Protection Regulation (GDPR) applies.
In addition to the GDPR, inbuilt safeguards will increase trust in data sharing and re-use, a
prerequisite to making more data available on the market.
— the Data Act, which entered into force in January 2024 and has been applicable since September
2025. While the Data Governance Act creates the processes and structures to facilitate data sharing,
the Data Act clarifies who can create value from data and under which conditions and provides legal
clarity for businesses as regards the use of data. The Data Act aims to facilitate the development of
new services leveraging Europe’s wealth of data, but also ensures fairness by regulating the rights
and obligations of all the economic actors involved in sharing data, particularly from Internet of
Things (IoT) devices.
Along with reference architectures, trust frameworks and data regulations, the existence of standards-
based solutions recognized by the community represents another key pillar for developing collaborations
around data, across borders and across industries, easily, effectively while facilitating interoperability.
This document focuses on the subject of trusted data transactions.
1 Scope
This document provides terminology, concepts and a description of mechanisms in the field of data
exchange focusing on trusted data transactions.
Those elements can be used in the development of standards in support of trusted data transactions and
constitute a basis to identify key dimensions and criteria that contribute to the trust in a data transaction
between interested parties.
Therefore, those elements constitute a foundational understanding on which trusted data transactions
can be based, independently of any architectural choices or technical implementation.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https://www.iso.org/obp/
— IEC Electropedia: available at https://www.electropedia.org/
3.1
data
re-interpretable representation of information in a formalized manner suitable for communication,
interpretation, or processing
Note 1 to entry: Data can be used for communication, interpretation or processing by humans or automatic means.
Note 2 to entry: Communication, interpretation or processing can include the exchange or sharing of data by one or
more entities.
[SOURCE: ISO/IEC 5207:2024, 3.2]
3.2
data user
party (3.23) authorized to exploit data products (3.5)
3.3
data sharing
data exchange
access to the same data (3.1) by more than one authorized entity
Note 1 to entry: Use of the data (3.1) can be synchronous or asynchronous.
Note 2 to entry: Data (3.1) can be shared, for example, (i) by allowing access to the original data set, or (ii) by giving
a copy of the data (3.1) to the interested entity.
Note 3 to entry: The way in which data (3.1) are shared fundamentally influences the available controls and the
statements needed in a data sharing agreement.
[SOURCE: ISO/IEC 23751:2022, 3.7, modified – “or processing of” deleted, the term “data exchange”
added as a synonym to “data sharing”, and Note 2 to entry modified by removing “, or the execution of
operations over,”]
3.4
data licence terms
terms and conditions of use of a data product (3.5)
Note 1 to entry: Terms and conditions include notions such as, without being limited to, duration, territory, sub-
licensing rights or commercial terms.
Note 2 to entry: Data licence terms are defined by the data rights holder (3.8), or by a data provider (3.7) who has
been authorized to do so.
3.5
data product
data sharing unit, packaging data (3.1) and metadata (3.11), and any associated licence terms
Note 1 to entry: Data product does not necessarily imply commercial aspects.
Note 2 to entry: Data product can be published in a data product catalogue that is searchable by data users (3.2).
Note 3 to entry: In the context of trusted data transactions (3.20), a data product will be associated with data licence
terms (3.4).
3.6
data producer
party (3.23), device or any software that generates data (3.1)
3.7
data provider
party (3.23) that has the right or duty to make data (3.1) available to data users (3.2) through data
products (3.5)
Note 1 to entry: Data provider carries out several activities, i.e.:
—  non-technical, on behalf of a data rights holder (3.8), including the description of the data products (3.5), data
licence terms (3.4), the publishing of data products (3.5) in a data product catalogue, the negotiation with the data
users (3.2), and the conclusion of contracts,
—  technical, with the provision of the data products (3.5) to the data users (3.2).
3.8
data rights holder
party (3.23) that has legal rights or obligations to use, grant access to or share
...