Trigger: AI must operate across organisations or federated environments.

Dataspace AI Evidence Passport

AI across data spaces
without losing sovereignty.

Federated evidence for AI across shared data spaces — raw assets stay local, Signal Receipts travel, participant sovereignty preserved.

Raw data stays localFederated Signal ReceiptsData sovereignty preservedNo central data aggregation by default

Federated Evidence Passport

Node A

Local Receipt ✓

Node B

Local Receipt ✓

Node C

Local Receipt ✓

Signal Receipts aggregate

Federated Passport

Federated Evidence

raw_data: stays at each node

signal_receipts: travel to Passport

Sensitive context

Why dataspaces require sovereign evidence infrastructure.

Dataspace participants share data access rights — not data itself. AI systems operating across dataspace nodes must produce evidence without centralising raw assets, compromising participant sovereignty, or creating hidden dependencies on single-party trust claims.

Data categories in scope

Cross-organisation transaction and exchange data
Federated model training assets
Participant-specific sensitive datasets
Interoperability metadata and data product schemas
Usage and access logs across nodes

People affected

Dataspace participant organisationsRegulatory bodies overseeing data sharingEnd users whose data underlies the spaceSupply chain and industry partnersPublic institutions in multi-party dataspaces

Risk scenarios

What typically goes wrong.

Specific failure modes seen in this sensitive context — without structured evidence.

A federated learning model aggregates updates without participant evidence of local training scope.

No local Signal Receipts per participant. Central aggregator cannot verify what data each node used. Trust based on claims.

A dataspace AI platform centralises inference to reduce costs.

Raw participant data leaves individual control without evidence of legal basis, DPA, or participant consent to central processing.

A cross-organisation RAG system ingests documents from multiple participants without a document boundary per participant.

One participant's confidential documents accessible via queries from another participant's session. No retrieval boundary. No Retrieval Grounding evidence per node.

A dataspace connector provides AI recommendations without audit trail per participant.

No participant-level evidence. No lineage. Recommendation origin unclear. Participant trust in the space undermined.

Scope

What needs a Passport.

Federated learning models across dataspace participants
Cross-organisation RAG systems and knowledge assistants
Data product AI and analytics layers in dataspaces
Dataspace connectors using AI for matching or recommendation
Multi-party AI workflows and orchestration agents
Interoperability AI for schema translation and data harmonisation

Stakeholder workflow

From trigger to access decision.

1

Trigger

AI system in scope

2

Evidence Request

Passport initiated

3

Review

DPO · CISO · Specialist

4

Decision

Access condition set

5

Monitor

Tide sweeps · Renewal

Dataspace Governance Lead

AI is deployed within or across the dataspace.

Require Passport per AI system. Federated evidence structure must show local Signal Receipts per participant.

Participant DPO / Data Officer

Organisation data products are accessible to AI within the dataspace.

Confirm data boundary, legal basis, and opt-out mechanism are documented in the Passport.

Technical Integration Lead

Local runner must be deployed at each participant node.

Coordinate integration deployment. Evidence cannot be collected without local runner at each relevant node.

Access decisions

Context Visa conditions.

The access decisions that apply in this sensitive context — and the evidence conditions that produce them.

Federated Evidence
  • Local Signal Receipts collected from each participant node
  • Raw assets remain within participant perimeter
  • Aggregated Passport reflects federated evidence only
  • Participant opt-in/opt-out mechanism documented
Local Only
  • AI inference runs within each participant node only
  • No cross-node data transfer — only result aggregation
  • Per-participant data boundary confirmed
Review Needed
  • Participant evidence missing from one or more nodes
  • Document boundary not configured for RAG
  • Data transfer across nodes without confirmed legal basis
Blocked
  • Raw participant data transferred centrally without confirmed legal basis and DPA
  • Single-party aggregation without participant consent to centralisation

Measurement

Evidence families we can structure.

The measurable evidence categories relevant to this context and the evidence signals they produce.

Local Signal Receipts

Per-participant signed Signal Receipts — evidence that assessment ran locally without raw data leaving the participant perimeter.

Lineage & Provenance

Cross-participant data product lineage, federated model provenance, and dataset version evidence per node.

Privacy & Data Sovereignty

Legal basis per participant, data transfer evidence, and access control policy for cross-organisation AI access.

RAG Document Boundary

Per-participant retrieval boundary — evidence that one participant's documents are not accessible in another's session.

Federated Assessment

Where federated learning is used: per-round contribution evidence, aggregation transparency, and participant exclusion options.

Access Control

Policy-as-code governing which AI systems can access which participant data products and under what conditions.

PrivacyRAG GroundingLineage

Honest scope

What remains not assessable.

AffectLog does not overclaim. These items require external expertise, regulatory process, or long-term study.

Participant systems not connected to local runner or integration

Evidence collection requires the local runner deployed within the participant's environment. Without integration, AffectLog cannot generate Signal Receipts for that node.

Instead: Provide local runner deployment support and integration documentation to participant organisations.

Cross-jurisdiction legal compliance for data transfers

Legal adequacy, SCCs, and data transfer compliance require legal analysis per jurisdiction and participant combination.

Instead: Engage legal counsel for cross-border transfer analysis. AffectLog evidence supports the technical component of the review.

Example

Sample Passport for this context.

AI Evidence PassportCleared with Limits

Supply Chain Intelligence Layer

Cross-participant supply chain analytics · Industrial Dataspace

Evidence69%
Expiry31 Mar 2027
Raw data exportoff
ALP-2026-DS-S7C2

Access conditions

Inference runs locally at each participant node
Only aggregated Signal Receipts cross participant boundary
Per-participant DPA confirmed with dataspace operator
Participant opt-out mechanism documented and active
Evidence Lineage Trace active across all nodes
Review at 6-month intervals — federated evidence refresh required

What we will not overclaim

AffectLog does not centralise participant data by default. We collect local Signal Receipts — evidence that assessment ran within each participant's perimeter. We do not verify participant systems we are not integrated with, and we do not provide cross-jurisdiction legal compliance conclusions.

Common questions

Questions this context raises.

Our dataspace already has governance rules — participants have agreed to terms.

Governance terms describe what participants have agreed to in principle. AffectLog structures technical evidence that agreements are enacted: which data is processed, which AI systems have access, and whether raw assets remain sovereign — per participant, per system.

We cannot deploy a local runner at every participant node.

Partial coverage is better than none. Participants with a local runner provide Signal Receipts. Those without are documented as 'evidence not yet collected' in the Passport — making coverage gaps visible rather than hidden.

Get started

Build a dataspace AI evidence layer
without centralising participant data.

Design a federated evidence flow for your dataspace AI portfolio — local Signal Receipts per participant, access conditions per AI system, and a Passport that travels without taking raw data with it.

AffectLog provides technical and operational evidence. Not legal compliance, data transfer adequacy, or cross-jurisdiction legal advice.