Data as a Strategic Resource: Legal and Policy Foundations

For almost a decade, it has been claimed that the world’s most valuable resource is no longer oil, but data. The topic has been widely discussed by policymakers, businesses, and researchers alike. One key difference between the two resources persists, however. While oil is finite, data is renewable — it can be used, reused, and combined endlessly, across sectors and contexts, to generate new value and insight.

The PISTIS project seeks to unlock this potential. Its ambition is to create a data sharing and monetisation platform for the secure, trusted, and controlled exchange of proprietary data. In doing so, PISTIS builds upon the general and unique features of data — namely, its intangibility, replicability, and non-rivalrous nature.

A key enabler for responsible data sharing in Europe is the EU Data Act, which introduces rights for users to access and share data generated by connected devices or services. These provisions underpin initiatives like PISTIS, ensuring that data can be shared securely, fairly, and under clear contractual and regulatory conditions.

The PISTIS project also aligns with the broader Data Union Strategy, which aims to create a single market for data in Europe by to facilitating secure data sharing among organisations while allowing them to maintain control over their data. This strategy encourages cross-sectoral data sharing, interoperable infrastructures, and fair governance models, all of which are central to the design and objectives of PISTIS.

In line with the Data Act, the European Commission is also planning to introduce Model Contract Terms (MCTs) and Standard Contractual Clauses (SCCs) for cloud and other data-related services. These instruments will provide buyers of IT and cloud services with practical tools and reference models to negotiate fairer and more balanced contractual terms with their vendors. At the same time, service providers and technology vendors will need to carefully consider which elements of these new model terms they are prepared to adopt or adapt to their offerings.

Arthur’s Legal, the author of this post, is a member of the European Commission’s Expert Group on B2B Data Sharing and Cloud Computing Contracts and has been directly involved in drafting and refining these clauses. The Commission’s recommendation on the MCTs and SCCs currently expected to be published either alongside the Data Union Strategy or later in Q4 2025, marking an important milestone in creating a fair, predictable, and innovation-friendly contractual framework for data and cloud services in Europe.

With this in mind, this article explores a set of legal and ethical considerations relevant to data sharing, drawing inspiration from the principles underlying the Data Act, the Data Union Strategy, and related policy initiatives. The goal is to provide a concise, practical, and forward-looking overview for organisations and stakeholders engaged in the sharing of data — no matter how complex or domain-specific the context.

Policy Considerations

The increasing attention given to data governance at the European level is reflected in several recent policy frameworks that both shape and complement the objectives of the PISTIS project.

The EU Competitiveness Compass emphasises the need to close the innovation gap and reduce dependencies by ensuring better access to and use of high-quality data. Data availability and interoperability are seen as essential to enhance competitiveness and foster innovation in Europe’s digital economy.

The European Declaration on Digital Rights and Principles reinforces these objectives by promoting a human-centric, inclusive, and sustainable digital transformation. In particular, Chapter VI on Sustainability highlights the role of data in supporting efficiency, circularity, and evidence-based policymaking. When data sharing is conducted under transparent, secure, and ethical frameworks, it directly contributes to these aims.

The Declaration also complements the EU Data Act, anchoring data use within a broader framework of trust, accountability, and fairness. Together, these initiatives seek to ensure that Europe’s data economy operates on the principles of openness and responsibility, where data generated by connected devices and services can be accessed, shared, and used fairly.

Collectively, these policy instruments recognise that high-quality, interoperable data from different domains can boost competitiveness and innovation while supporting sustainable and inclusive economic growth. The same data may be used and reused for a variety of scientific, commercial, or societal purposes — without any loss of quality or quantity.

Legal Aspects

In the context of PISTIS, several key legal aspects must be considered to ensure that data is shared responsibly and in compliance with applicable laws and regulations:

  1. Portability of Non-Personal Data

The Free Flow of Data Regulation ensures that non-personal data can move freely within the EU without unjustified restrictions. This portability is crucial for enabling cloud-based innovation and for ensuring that data holders and users can participate effectively in data ecosystems such as PISTIS.

  1. Access to Data Generated by Connected Products

The Data Act introduces a right for users to access and share data generated by connected devices or related services. This is central to the PISTIS vision, where such data can be shared securely and under clear conditions, promoting fairness and competition in data markets.

  1. Personal Data

The General Data Protection Regulation remains the cornerstone for the protection of personal data. It defines the lawful bases for processing, sharing, and combining personal information, ensuring that any personal data within PISTIS is handled transparently and with respect for individuals’ rights.

  1. Data Sharing Agreements

Contractual mechanisms are critical in defining the scope, purpose, and limits of data sharing. In PISTIS, data sharing agreements provide a legal and operational foundation for trust, clarifying ownership, licensing, liability, and compliance obligations between parties.

  1. Protection of Intellectual Property

Data can sometimes embody or reveal intellectual property, trade secrets, or proprietary know-how. Ensuring that IP rights are recognised and protected within data sharing arrangements is essential to preserve incentives for innovation and prevent misuse or unfair exploitation.

Ethics Considerations

Beyond legal compliance, ethical principles underpin trustworthy and socially beneficial data sharing. PISTIS embeds the following principles into its design and governance, in particular:

  1. Fairness, Justice, and Equality

Data sharing should promote equitable access and outcomes, preventing biases or asymmetries that disadvantage smaller actors or underrepresented groups. Fairness ensures that all participants benefit appropriately from shared value.

  1. No Harm

The “do no harm” principle requires that data use does not negatively impact individuals, communities, or the environment. Ethical design and impact assessments help identify and mitigate potential risks before data is shared or reused.

  1. Accountability

Accountability mechanisms — such as audit trails, governance frameworks, and compliance monitoring — ensure that responsibilities are clearly defined and enforced. This strengthens both trust and legal certainty.

  1. Communication and Transparency

Transparent communication about how data is used, who has access to it, and for what purpose builds confidence among participants. It also aligns with the broader EU goal of fostering a trustworthy digital ecosystem.

  1. Privacy

Privacy remains a fundamental right and an ethical cornerstone. Even beyond legal compliance, data systems like PISTIS are designed to minimise exposure of personal information and to respect users’ control over their data.

Conclusion

The Data Act marks a pivotal step in Europe’s journey towards a more open, fair, and innovative data economy. It seeks to ensure that data generated in the EU — whether personal or non-personal — can be accessed and shared in a way that maximises value creation while protecting rights and interests.

Projects like PISTIS translate these policy ambitions into reality by providing the technical, legal, and ethical infrastructure needed for trusted data sharing and monetisation. By embedding privacy, fairness, and accountability into its design, PISTIS offers a concrete example of how the Data Act’s principles can be operationalised in practice.

Looking forward, as data ecosystems grow and diversify, the ability to share data “the right way” — securely, transparently, and fairly — will become an essential competitive advantage. The PISTIS platform demonstrates how legal compliance and ethical responsibility can coexist with innovation and market growth.

Moreover, the European Commission plans to adopt the European Research Area (ERA) Act in 2026, which would provide a complementary framework, reinforcing Europe’s ambition to strengthen cross-border research, open science, and innovation infrastructures. By aligning initiatives like PISTIS with the ERA Act, Europe can not only facilitate responsible data sharing but also support the mobility of knowledge, collaboration between Member States, and access to research excellence across the EU.

Ultimately, the Data Act will not only enable the right sharing of data but also foster a culture of responsible reuse, where data serves as a truly renewable resource for Europe’s sustainable digital future.