Data is at the heart of modern value creation. But in a world where companies collaborate more closely than ever, a critical question arises: How can we drive innovation together while ensuring that each partner retains full control over their data?
This is exactly the challenge faced by the participants of the EuProGigant research project, which is dedicated to enabling more sustainable and efficient production networks through shared data. Together with us, a concept was developed that secures companies' sovereignty over their data — a foundation for trust, growth, and the digital collaboration of the future.
Challenge
The focus was on product sustainability: engineers need precise CO₂ data for their plastic parts.
All participants share highly sensitive information — from future product designs to confidential machine configurations and raw material data. Protecting this data from unwanted access, misuse, or disclosure is business-critical. At the same time, transparency is needed to build trust in digital ecosystems like Gaia-X, which sets legal and technical standards for sovereign data spaces.
Approach
We transferred Policy-as-Code to data flows in industrial ecosystems.
The goal was to develop a policy-as-code concept that allows each company to granularly control and trace what happens to its data — from usage to storage to deletion. The proven policy-as-code approach from the cloud and DevOps space was transferred to the authorisation of data flows in industrial ecosystems.
Implementation
Testbeds
To validate the concept in practice, a test environment was created that maps core functions: creating, reading, updating, and deleting product CO₂ footprints, as well as requesting estimates.
& Rights
Companies independently manage group memberships and access rights of their employees, ensuring that only authorised individuals gain access.
Agent
OPA was integrated at various levels of the stack. This enabled rapid adaptation and extension of policies as well as their efficient evaluation within the application.
Management
Policies are managed partly by service administrators, partly by data providers or consumers. Minimum requirements can be set centrally and individually refined by partners.
Implementation
Various policies were implemented, including Admission Policies that determine who may use a service, Access Policies that govern who can access which data, Content Policies that define structural and content requirements for data, Retention Policies that determine when and whether data may be deleted, and Usage Policies that specify what properties a service must have for employees to use it.
To implement these policies, different access methods were established. Access can be granted based on pre-provisioned customer data, through verifiable digital credentials, or by presenting a valid contract that proves the right of use.
Extension
Through targeted extensions of OPA, Gaia-X standards could be integrated, such as descriptions of organisations, data resources, and services, as well as initial concepts for data contracting.
Results
Granular Control
Companies can granularly control access to their data and its usage.
Flexible Adaptation
Policies can be flexibly adapted to new requirements.
Easy Maintenance
Policies can be maintained in a structured and understandable way, even for non-developers.
Trust & Compliance
In shared data spaces like Gaia-X, trust is established and compliance ensured.
In the next project phase, additional policies will be developed, the policy engine will be extended, and the entire architecture will be optimised for stable production operations. Thanks to the use of modern technologies and mature software components, this step can be achieved with manageable effort.
MORE THAN TECHNOLOGY: A Foundation for Trust
In the end, it's not just about technical excellence, but about trust, transparency, and sovereignty in a connected world. With Policy as Code, we create the foundation for companies to share their data with confidence and drive innovation together — securely, traceably, and in line with their values.
We thank all project partners for their expertise and look forward to the shared journey towards a digital future that unites security and progress.
This project was funded by:
