Selecteer een stuk tekst om voor te lezen   Click to listen highlighted text! Selecteer een stuk tekst om voor te lezen


Authorization Register

  • Holds authorization policies for one or more data owners on access to data
  • Also known as AR-DM, Authorization Register Data Management

BDI Association

  • Legal entity that serves as an operational anchor for both federated trust/authentication and local onboarding
  • A BDI Association is the ‘root association’ for its members

BDI Association Administrator

  • Functionary responsible for operating the services of a BDI Association

BDI Association Register

  • Register of onboarded members

BDI Authentication Processor

  • Standard software to make APIs BDI compliant
  • Processing of part of protocol: client assertion to token

Business Partners

  • Members of other BDI Associations than the root BDI Association

Business Partner Reputation model

  • Register within BDI Association, holding
    • Reputation scores of business partners
    • Preferred partners

Data Consumer

  • Requests access to data and/or Representation Register and/or Professional Qualification Register of the data owner
  • Controls discovery and endpoints
  • Requests subscription to data owner’s Event Pub/Sub Service, receives and evaluates events

Data Licenses

  • Descriptions of the terms and conditions for using data
  • Either in free form text or in ODRL

Data Owner

  • Has control over data and access to data,
  • Controls decisions on Data Sovereignty and Trust Sovereignty
  • Controls authorization policies, representation rules, professional qualification verification of staff and contactors
  • Controls subscription to the Event Pub/Sub Service and publishing of events to subscribers
  • Controls discovery and endpoints
  • Controls roles assumed by entity

Data Service Provider

  • A service provider that acts under the supervision and on behalf of the data owner

Edge agreements

  • Standards on interacting with entities and/or persons that have IT systems that are less mature or not BDI-compliant.
  • Processes, technology, terms and conditions, liabilities

Event Pub/Sub Service

  • Accepts subscription to the data owner’s Event Pub/Sub Service
  • Publishes events to subscribers of topics
  • Holds proof of the (standard) roles the legal entity assumes


  • Legal entity as member of a root BDI Association


  • Member of a BDI Association other than the root


  • XACML definitions of access policies to data elements

Preferred Business Partners

  • Outsiders
  • Those who have agreed to the specific terms and conditions of the local BDI Association, which maintains its own Business Partner Reputation Model

Professional Qualifications Register

  • Holds proof of the professional (verifiable) credentials of natural persons in relation to them acting as a representative of a legal entity

Representation Register

  • Holds proof of the mandate of natural persons acting as a representative of a specific legal entity
  • Holds proof of the mandate of organizations acting as a representative of a specific legal entity


  • Outsider with a better reputation score than a set minimum




Data Governance Act

The Data Governance Act defines specific roles. The match with BDI roles is defined.


Data holder

‘Data holder’ means a legal entity, including public sector bodies and international organizations, or a natural person who is not a data subject with respect to the specific data in question, which, in accordance with applicable Union or national law, has the right to grant access to or to share certain personal data or non-personal data. BDI uses the term data owner for this role.

Data user

‘Data user’ means a natural or legal person who has lawful access to certain personal or non-personal data and has the right, including under Regulation (EU) 2016/679 in the case of personal data, to use that data for commercial or non- commercial purposes. BDI uses the term data consumer for this role.

Data intermediation service

‘Data intermediation service’ means a service which aims to establish commercial relationships for the purposes of data sharing between an undetermined number of data subjects and data holders on the one hand and data users on the other, through technical, legal or other means, including for the purpose of exercising the rights of data subjects in relation to personal data, excluding at least the following:

  • services that obtain data from data holders and aggregate, enrich or transform the data for the purpose of adding substantial value to it and license the use of the resulting data to data users, without establishing a commercial relationship between data holders and data users;
  • services that focus on the intermediation of copyright-protected content;
  • services that are exclusively used by one data holder in order to enable the use of the data held by that data holder, or that are used by multiple legal persons in a closed group, including supplier or customer relationships or collaborations established by contract, in particular those that have as a main objective to ensure the functionalities of objects and devices connected to the Internet of Things;
  • data sharing services offered by public sector bodies that do not aim to establish commercial relationships;

Clause 3 c shows that the roles of Data Service Provider, Authorization Register, Association Register are not a data intermediation service as defined by the DGA.

Public sector body

‘Public sector body means’ the state, regional, or local authorities, bodies governed by public law, or associations formed by one or more such authorities, or one or more such bodies governed by public law;

Bodies governed by public law

‘Bodies governed by public law’ means bodies that have the following characteristics:

  • they are established for the specific purpose of meeting needs in the general interest and do not have an industrial or commercial character;
  • they have legal personality;
  • they are financed, for the most part, by the state, regional, or local authorities, or other bodies governed by public law, are subject to management supervision by those authorities or bodies, or have an administrative, managerial, or supervisory board, more than half of whose members are appointed by the state, regional, or local authorities, or by other bodies governed by public law;
Click to listen highlighted text!