In the European Union’s digital strategy, data is not just a resource, rather it is an infrastructure. The EU’s data policy agenda aims to unlock the economic and societal value of data by shaping environments where data can be shared securely, efficiently, and lawfully. At the heart of this agenda are data spaces: structured digital ecosystems where participants exchange data under defined legal, technical, and institutional frameworks. For policy scholars, lawyers, and technologists alike, three concepts repeatedly surface in discussions about data spaces: interoperability, governance, and compliance. Understanding how these pillars interact is essential for recognizing both the potential and the limitations of data-driven innovation in Europe.
Interoperability: More Than a Technical Standard
When most people hear “interoperability,” they think of systems that can talk to one another. In the context of data spaces, however, interoperability is both a technical necessity and a legal challenge. At the foundational level, interoperability ensures that data formats, interfaces, and protocols are harmonized so that systems can exchange information without loss or distortion. The EU’s policy framework encourages this through standards of development and sectoral initiatives, for instance, the European Commission’s work on common data standards for mobility and health. However, true interoperability extends beyond the technical layer:
- Semantic interoperability ensures that data has the same meaning across contexts for example, a “vehicle ID” in a mobility dataset must be identifiable and consistent across all participating systems.
- Organizational interoperability refers to the alignment of business processes, contractual agreements, and institutional practices among actors.
This is where legal analysis matters: interoperability is not simply about engineering specifications. It involves negotiating definitions, liability frameworks, and contractual norms, often across borders and legal traditions. The challenge is clear: harmonizing standards often require voluntary alignment by private entities, even when EU regulations encourage consistency. Without effective coordination, the promise of seamless data flows can be undermined by divergent implementation practices.
Governance: Trust Mechanisms and Power Structures
If interoperability enables data to move between systems, governance determines who is allowed to participate in that exchange, under what conditions, and according to which rules. In this sense, governance provides the institutional and legal framework that turns technical connectivity into trusted cooperation. Within the EU’s data strategy, the Data Governance Act plays a central role. One of its key innovations is the introduction of neutral data intermediaries which are entities designed to facilitate data sharing while remaining independent from the commercial use of that data. The idea is straightforward: actors are more willing to share data when the entity managing the exchange does not directly benefit from exploiting it.
Trust remains one of the main challenges in data spaces. Companies, public institutions, and research organizations are often reluctant to share valuable datasets if they fear losing control over how that data may be used. Governance frameworks therefore aim to create clear, predictable, and enforceable rules that encourage participation while safeguarding legitimate interests. At the same time, governance inevitably shapes power relationships within data spaces. Decisions about who sets the rules, who oversees compliance, and who manages key infrastructures can significantly influence the balance between different actors. For this reason, transparent and balanced governance structures are essential if data spaces are to support both innovation and fair participation.
Compliance: Simplifying Regulation or Creating New Burdens?
Compliance in data spaces refers to how actors align with legal and regulatory frameworks, including the General Data Protection Regulation (GDPR), competition law, cybersecurity rules, and sector-specific obligations. One of the selling points of data spaces is that they can embed compliance mechanisms into digital infrastructure, for instance, through consent management systems, audit logs, and privacy-enhancing techniques like anonymization. By doing so, compliance becomes a structural feature rather than an afterthought. However, it also introduces certain tensions:
- Embedding legal rules into technical systems can freeze legal interpretation, potentially limiting flexibility in edge cases.
- Smaller organizations may find the compliance landscape overwhelming if multiple overlapping rules are encoded in platform infrastructure.
- Sectoral differences in regulation (e.g., healthcare vs mobility) create different compliance expectations, making universal solutions difficult.
Thus, compliance in data spaces both reduces complexity (when properly designed) and creates new governance demands. A simple example illustrates these dynamics. A research institute seeking access to hospital data within a European health data space must first rely on interoperable formats and shared data standards to make the dataset usable across systems. A governance body then evaluates the request and sets conditions for access. Compliance mechanisms subsequently apply purpose limitations, record the access through audit logs, and ensure that the dataset meets GDPR requirements. In practice, however, friction may arise preparing interoperable datasets can be costly, approval procedures may delay access, and disagreements may occur over whether the data is sufficiently anonymized.
EU Policy Framework: From Vision to Implementation
The EU has built an ambitious legal foundation for data spaces through the European Strategy for Data, the Data Governance Act, and the Data Act, complemented by sectoral initiatives such as the European Health Data Space and Mobility Data Space. Together, these instruments aim to enable trusted data sharing while ensuring fairness and legal certainty. Yet regulatory ambition does not automatically translate into practical coherence. Harmonizing interoperability requires not only technical standards but incentives for adoption. Likewise, effective governance depends not just on formal rules, but on institutional capacity and stakeholder commitment. The success of EU data spaces therefore hinges less on legislative design alone and more on sustained implementation efforts.
Conclusion: Data Spaces as Evolving Legal Ecosystems
Interoperability, governance, and compliance form the structural pillars of data spaces, balancing standardization, trust, and legal certainty. These pillars are deeply interdependent: without governance, strong interoperability can scale harm quickly; without interoperable enforcement, governance risks remaining paper-based; and compliance shapes governance by determining who implements rules and who can participate. Data spaces are therefore not merely technical infrastructures, but evolving legal ecosystems where law, technology, and competition intersect, relying on adaptive governance, proportional regulation, and ongoing engagement from both public authorities and private actors.
