Towards Federated, Certified Infrastructures for Sensitive Data Research in Germany and Europe with the de.NBI Cloud

Secure Processing Environments (SPEs) and Trusted Research Environments (TREs) have emerged as key infrastructural components addressing urgent needs in biomedical research. They combine access control, auditability, and technical safeguards within isolated and use-case-specific computing environments. In the European Union and in Germany, various frameworks have been emerging that will provide broad access to sensitive health data through SPEs, including the European Health Data Space (EHDS), the Gesund-heitsdatennutzungsgesetz (GDNG), and the German Social Code (§64e SGB V), which underpins the genomDE  initiative. These mandates reflect the growing policy consensus around the importance of secure processing and provide a legal framework for national infrastructures like the de.NBI Cloud to act as authorized processing environments.

Beyond the health domain, the need for SPEs extends to other categories of sensitive data, including geospatial, ecological, and socio-economic information. For instance, datasets related to endangered species locations, critical infrastructure, or vulnerable populations raise comparable concerns regarding unauthorized access, leakage of data sets, and other types of misuse. Accordingly, SPEs are increasingly recognized as essential components not only in biomedical research but also in broader areas of data-intensive science and policy evaluation.

In this paper, we present the current processes, architecture, and development roadmap of the de.NBI Cloud SPE infrastructure, a federated private cloud environment for research composed of nodes certified under ISO 27001 and other comparable security compliance standards. The de.NBI Cloud supports the operation of SPEs through General Data Protection Regulation (GDPR) and EHDS-compliant access to sensitive data, allowing to integrate technical, organizational, and regulatory safeguards to ensure secure data analysis across a wide range of research domains. We outline the current infrastructure, its alignment with European initiatives such as EOSC & EOSC-ENTRUST, as well as ELIXIR, and discuss future developments toward a sustainable, scalable, and interoperable national SPE ecosystem.