Governance: Contracts

In short

  • The contract service allows participants of the data space to automate the generation and verification of data sharing agreements
  • It allows data providers to set data Terms of Use, data users to agree to them as well as for both to define a Data Sharing Agreement and to sign it
  • The Data Sharing Agreement is checked before allowing any consent or data exchange to happen


This video shows how a contract system works, it is here operated by the Visions data intermediary. Through the Prometheus-X philosophy and open source building blocks, any other player can reuse the code and operate a similar service. Through this same approach, organizations can not only contractualize between parties connected to their specific data intermediary but with all parties of the data space (see Architecture).


Start date: T0 + 0 months (T0 = expected: Q1 2023)
End date : T0 + 9 months
Duration (in months): 9

Where we are right now

  • First version of the contract service developed, see code and documentation here and architecture here​
  • First contract template developed on the basis of the Sitra Rulebook, see contract here​
  • Find the full decentralized protocol enabling data sharing between multiple contract services, consent services and personal data intermediaries here​
Want to join the effort? See the working groups!

Objectives and Expected Outcomes

In order to produce a comprehensive European data portability infrastructure, a more precise legal framework is needed with a contractual framework that takes into account sector-specific regulations, ethics charters, codes of conduct and determines the responsibilities and obligations of each party in the transfer of data. This legal model must be supported by a robust legal infrastructure to automate the generation, signing, auditability and traceability of these contracts and governance frameworks. This legal infrastructure must be the collective work of the parties that contribute to and benefit from it.
This contracting building block will provide an API for ecosystem members to use to automatically generate appropriate contracts for data transfers through open machine-readable contract clauses described as objects, published on a common open git, using W3C standards (data privacy and control vocabulary). The building block will use the blockchain to store contracts and ensure verification of their existence and terms through smart contracts directly available on the blockchain.
This building block interacts with the identity system to validate the identity of each stakeholder and with the consent system to enable it to produce a consent that complies with the contract between the parties. It also interacts with the monitoring system to be able to alert in case of suspected fraudulent use of authorizations.
The building block consists of an open source API allowing to:
  • Define and publish data use policies (DUPs): for each dataset, the data provider may specify conditions, obligations, restrictions, pricing, certifications, data security, rights, data protection, liability; relating to the use of the dataset; these provisions and obligations for accessing the dataset define the data policy, are made machine-readable using appropriate standards, and are made available (published) to the members of the data network.
  • Generate and manage Data Sharing Agreements (DSAs): When a service using data agrees to and complies with the data policy, a Data Sharing Agreement (DSA) is generated between the DUS and the DS and DI taking into account the provisions of the data policy. The DSA is generated in a human-readable and machine-readable format, using appropriate standards, and its metadata (parts, dataset, provisions, time) is made available to the parties to the DSA.
  • Prove data sharing agreements: a member of a data network can verify the existence of a data sharing agreement, obtain relevant metadata about the agreement and a token proving the validity of the agreement that can be used to enable data exchanges, each data sharing agreement will be stored with its conditions on the blockchain.
In order to enable this service specific contractual clauses are needed taking into account the modalities and obligations of the sector, so this work also covers the legal work necessary for the elaboration of these clauses and contract models that will also be opened and used by the contractualization service.


- State of the art and identification of model data sharing contracts and specific terms and regulations for education and skills data
- Definition of legal clauses useful for the first cases of use
- Definition of the architecture of the API endpoints in accordance with the technical recommendations of GAIA-X, IDSA and the DSSC
- State of the art of the latest developments in standards for describing contracts in machine-readable format (W3C, IEEE)
- Quantitative inventory of the main contract description standards
- Development of the endpoints necessary for the list of functionalities described above, starting from the available code made available by Visions
- expression of data in JSON-LD format to ensure interoperability with other data spaces
- Integration with the blockchain storage system (task 1.5)
- API testing with use cases provided by Prometheus volunteer partners (see support list)
- Integration with consent, identity, catalog, monitoring and interoperability services (see tasks 1.2, 1.4, 1.5, 1.6)
- Deployment of the service in a managed version in one of the partner cloud providers
- Development of automated service deployment scripts for multi-cloud use (infrastructure as code e.g. Terraform) at partner cloud providers
- Writing of public documentation, publication of the code according to the standards decided by Prometheus, hosting and uploading on the Prometheus platform

Sequence diagram


Documents : Identification and definition of appropriate legal clauses
T0 +3
Documents : Specification, state of the art and quantitative study
T0 + 5
Development of the service and production launch in beta version (v0)
T0 + 6
Test report + interconnection tests with consent, interoperability, catalog and identity services
T0 + 7
Development of final version (v1) of the service + multi-cloud deployment scripts