Data space for security and law enforcement

Outcomes and deliverables

The creation of a common data platform, including the national components and a communication infrastructure, with trusted datasets to train, test and validate algorithms aims to create sufficient quantity of data to research, innovate and develop AI technologies, with the objective to gather and analyse automatically big number of various types of information (pictures, reports, video etc.). The data space for security and law enforcement will create a data ecosystem specific for the needs of the security and immigration stakeholders, including national authorities, EU agencies in charge of European security and justice representatives. Private sector representatives may benefit from a dedicated section of the data space for security and law enforcement containing anonymous datasets provided that they are carrying out security research under the European Framework Programmes for Research.

A common data space for security and law enforcement will substantially foster development of AI technologies, which will constitute a very important contribution to combat crime, enhance border security and facilitate legal migration.

It will also improve the European open strategic autonomy by allowing the national and European law enforcement authorities to develop and validate their own digital tools so to (i) eliminate the threat of malicious interference of third countries/parties; (ii) allow for setting quality standards at EU level and (iii) increase the technological capabilities of Member States LEAs. On this basis, foreign controlled entities participating in the action should only perform specific, clearly defined tasks and should not be involved in the design of the technical architecture or the security components of the product.

The objective is to deploy a common European Security data space for innovation allowing research, development, testing, training and validation of algorithms for AI-based systems for security (law enforcement) based on various types of datasets, including operational pseudonymized and anonymized datasets, following the data minimisation principle (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 – GDPR and Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 - LED). Particular attention must be given to reducing potential bias in algorithms to be used by law enforcement.

Technological sovereignty of Member States and the EU in the field of fighting crime and terrorism in the digital age is a fundamental public interest as well as a matter of national security, and can be strengthened by creating high quality and trusted datasets that would enable Member States’ Law Enforcement Agencies (LEAs) to develop and validate their own digital tools.

A dedicated common data space for security and law enforcement will satisfy both principles set in the “A European strategy for data”^[1]: (1) that actions under data spaces for public administrations will also focus on data use for improving law enforcement in the EU in line with EU law, and (2) that data for the public good can serve to ensure more efficient fight against crime.

Namely, this data space would serve the interests of all stakeholders in charge of public or internal security, and in particular, the Member States’ law enforcement authorities, authorities in charge of border security as well as the relevant European Agencies, such as Europol, the European Border and Coast Guard Agency, and eu-LISA (in accordance with the legal bases that apply to them). In such a way, the EU open strategic autonomy in the field of AI applications for law enforcement will be enhanced.

The objective of the data space for security and law enforcement is solely to facilitate innovation, it should not cover data sharing for investigative purposes.

This action will lay the economic, organisational and technical foundations of a federated data infrastructure. Specifically, it is expected that at the end of the project a system and a model of the data governance will be available, thus the project will include the following tasks:

• to develop a reference architecture, to define data standards and to determine criteria for certifications and product quality while addressing ethical concerns and complying with data protection requirements. Standardisation of data should be proposed and the framework may be defined based upon the UMF (uniform message format) project defining data models in a number of areas, such as data on persons, firearms and vehicles;
• to generate, collect, annotate and make interoperable data suitable to test, train and validate algorithms, which should be available for the training, validation and testing of tools using AI technologies, and, when possible, proportional and where provided for by law, shareable for security research purposes. There should be a monitoring process to ensure the quality of the data and the validation of the results. It would focus in particular the technical standard and the content, i.e. that the data is not biased against ethnicity, gender, nationality or other social categories.

The projects will have to deploy trust mechanisms (security and privacy by design), data services which ensure the identity of the source and receiver of data and which ensure the access and usage rights towards the data. Projects are encouraged to perform the study and analysis of alternatives for data collection with maximum efficiency in order to provide interoperability within the domain. Through this concept of a federated data infrastructure, we enable European security stakeholders to develop their potential in a dynamic security ecosystem. Projects under this action should pay specific attention to fundamental rights challenges notably by proposing adequate bias mitigation and non-discrimination mechanisms as well as by providing enhanced data quality. They should also demonstrate strict compliance with the EU legal framework on data processing for police purposes as set out in Directive 2016/680 of the European Parliament and the Council of 27 April 2016 and the GDPR. The projects will ensure appropriate coordination with relevant projects funded under the research Framework Programmes and, when applicable, EU Space programmes operating security services (Copernicus, Galileo).

The projects selected for the deployment of this data space will have to make provisions for gradually becoming fully compliant with the European Data Spaces Technical Framework. They will also have to coordinate and collaborate with other projects participating in the deployment of the data space and the Data Spaces Support Centre in order to build on common standards.

[1] COM(2020) 66 final