The Danube release of the Gaia-X trust framework provides mechanisms for the automation of compliance and supports interoperability across sectors and geographies to ensure trusted data transactions and service interactions. The Gaia-X Summit 2025 hosted facilitated discussions on AI and data sovereignty, and presented data space solutions that support innovation across Europe and beyond.
Gaia-X is a European initiative that brings together international industrial, academic, and political communities, to develop a federated data and cloud infrastructure through specifications, compliance labels, and open-source software components for data ecosystems and the underlying cloud infrastructure. It is based on European values such as data sovereignty, security, and transparency.
Digital sovereignty is created through trust, openness, and common standards, Ulrich Ahle, CEO of Gaia-X, mentioned. Gaia-X is moving from pilot implementations to operational deployment; data spaces, trust frameworks, and interoperability tools are ready to scale.
Christoph Strnadl, CTO of Gaia-X, and Roland Fadrany, COO of Gaia-X, presented the Gaia-X Trust Framework 3.0 – "Danube" Release. Problems often lie between different ecosystems and regions. The Gaia-X Trust Framework allows applications and systems to operate smoothly in federated environments with different actors. Actors can use different methods and standards for obtaining their digital identity and other digital certificates from trust services providers, Strnadl explained:
Examples are multi-cloud environments, the cloud-to-edge continuum, data spaces and federations of data spaces, and any other form of digital ecosystem like global supply networks needed to provide digital product passports.
To support scalable federated digital ecosystems, the Danube release provides mechanisms that enable automation of compliance and interoperability across sectors and geographies, Strnadl explained:
You can automate governance rules and compliance frameworks in an extensible way, allowing for domain and regional adaptation while maintaining interoperability.
In Gaia-X, this is called "bring your own rules (BYOR)", Fadrany mentioned. Organizations can add their own rules, compliance frameworks, or industry-specific requirements as extensions without sacrificing technical interoperability.
Gaia-X has entered the execution phase, moving from principles to practice, Roland Fadrany mentioned. It aims to give governments and businesses the operational means to build, govern, and grow digital ecosystems with confidence.
Two sectors, aerospace and nuclear, are using the Gaia-X trust framework.
DECADE-X is a digital ecosystem for the aerospace and defence industry. Its mission is to build a global collaborative data-sharing framework that brings together industry stakeholders to enable trustworthy, secure, and standards-based data exchanges, Jérémy Mambrini from Airbus said. DECADE-X includes a trust framework based on Gaia-X with extensions for ecosystem-specific rules and global geographical adoption.
The Data4NuclearX project aims to build a secure and sovereign data exchange space for the nuclear industry, based on Gaia-X. Ensuring the sovereignty of data is one of the main challenges, Martine Gouriet from EDF mentioned. Their approach is to focus on trust, security, regulation, and compliance.
InfoQ interviewed Christoph Strnadl about Gaia-X.
InfoQ: Why should the software industry care about Gaia-X? What can it bring them?
Christoph Strnadl: For software companies, implementing the Gaia-X trust framework means access to new markets, easier integration with customers and partners, and the ability to participate in large cross-industry data ecosystems without being tied to a single platform or vendor.
Gaia-X reduces trust-related integration costs and increases the potential customer base. By following Gaia-X compliance rules, developers can build services that are compliant, portable, and compatible with the emerging European data economy.
InfoQ: What do developers and architects need to know about Gaia-X?
Strnadl: Gaia-X is not a new cloud platform or another service orchestration layer or inter-cloud API. Gaia-X provides the framework and components for implementing a trustworthy method to establish the identities of organisations and human actors participating in data sharing or service interactions. It ensures compliance of services and other ecosystem entities (e.g., IoT devices, AI training data sets) with ecosystem rules.
The Gaia-X Trust Framework consists of an architecture, a set of specifications and standards, and software components implementing them. Software-intensive systems that follow these guidelines will then be interoperable on the trust layer by design. Key concepts include: verifiable credentials, self-description of services verified by suitable conformity assessment bodies (CABs) aka "clearing houses", and the use of credentials for identity and policy enforcement.
For architects, Gaia-X defines how trustworthy digital identifiers can be linked to ecosystem actors, how XaaS services can be described, how compliance of these descriptions is verified by independent parties (the CABs), and how participants authenticate and interact in a federated environment.
For developers, it provides concrete technical components (from registries to credential formats, including cryptographic support functions like did-resolver or a VC-JWT playground) that can be embedded into applications.
InfoQ: What does Gaia-X provide for software projects?
Strnadl: Gaia-X provides technical specifications, which include models and standards for digital identifiers, service descriptions, and compliance definitions and verification. There is also the Gaia-X Lab, where developers can test implementations and see examples of working components.
Software teams can use these specifications and tools to build applications and services that are identifiable, certifiable, and ready for participation in digital ecosystems and data spaces.
Other initiatives exist for data sovereignty, clouds, and data sharing. The International Data Spaces Association (IDSA) is a not-for-profit association that creates standards for sharing data in data spaces that allow participants to have full control over their data.
Eclipse Tractus-X™ is a collaborative, open-source project aimed at driving the digital transformation of various industries; its mission is to enable secure, self-sovereign, and efficient data exchange using open standards. Tractus-X provides software for implementing trusted data transactions.
The EOSC Association implements the European Open Science Cloud (EOSC) to champion research data management and application, to guarantee scientists’ access to data-driven science for creating new knowledge, promoting innovation, and reinforcing public trust in science.