Data Spaces for the Al Act – Analysis of the Standardization Request Regarding the European Al Act in the Context of Data Spaces

The European Union is deciding on new regulation concerning Artificial Intelligence, also called the EU AI Act. It is a binding legislative act, which must be applied in its entirety across the EU. Standards will provide the base for the implementation of the AI Act.

CEN/CENELEC has received a request from the EU to draw up and adopt European standards or European standardization deliverables in support of the AI Regulation. This so called “standardization request“ contains a for data spaces relevant requirement being “standardization deliverable(s) on governance and quality of datasets used to build AI systems”. In this part the following needs to be standardized:

• Specifications for adequate data governance and data management procedures to be implemented by providers of AI systems (with specific focus on data generation and collection, data preparation operations, design choices, procedures for detecting and addressing biases or any other relevant shortcomings in data).
• Specifications on quality aspects of datasets used to train, validate, and test AI systems (including representativeness, relevance, completeness, and correctness).

While AI heavily depends on data and as described above on data governance, data management and quality of data, the concept of data spaces addresses this need and can be considered a foundational aspect to AI solutions, to fulfil several requirements of the upcoming AI act. Data spaces provide a governance scheme for data ecosystems including various sets of policies for participants, as well as the provisioning, access, and usage of data in a data space. The technical components of a data space, i.e., data space connectors as participant agents that act on behalf of an organization and data ecosystem services, implement those aspects including the management and validation of participant’s claims. The management of trust between participants is a core function of data spaces and is specified in an extensible manner. AI related data management processes can be realized and validated, including proofs or claims. Trusted data sharing contracts in a data space enable the management of such proofs, which also include provenance tracking, and traceability of data assets, also providing observability of data transactions, if required.

Data spaces are already part of the international European standardization process and are being considered a reference and foundation for standardization activities of the AI Act. Furthermore, as AI models and the interaction between users and the models are also data, they may be considered as data assets of a data space which can be shared through data spaces. With this regard such models may be managed with access and usage control mechanisms, as well as quality metrics like the source data as described in this document.

In particular, this paper describes how the requirements of the standardization request can be realized with the support of data space concepts, potential gaps, and further work.

The purpose of this IDSA Position Paper is to highlight the importance of data space technology in the fulfilment of the requirements of the EU and the standardization request for the AI Act. In this document an outline of the standardization request of the AI Act and the core concepts of data spaces are discussed.