Skip to main content
Release: CX-Io (preview)

Catena-X: 10 Golden Rules

The Catena-X Data Space ("CX Data Space") is a trustworthy, collaborative, decentralized, open, standardized and secure data ecosystem for the automotive industry. Catena-X Automotive Network e.V. ("Association") is the custodian of the CX Data Space. The following ten principles ("10 Golden Rules") apply to any participant within the CX Data Space ("Participant"):

  • i) Values of Gaia-X and IDSA

    The concepts and values of Gaia-X and the International Data Spaces Association are the guiding principles for the implementation of the CX Data Space and the execution of (decentralized) data exchange transactions in the CX Data Space.

  • ii) Data Sovereignty

    The CX Data Space is designed as a sustainable solution for the digitalization of value chains, including in particular mediumsized and small companies, supporting cooperation and collaboration across enterprise boundaries. All Participants shall be able to participate on equal terms and have sovereign control over their data. They shall ensure that the services they provide or make use of remain open and fair, and are absent of discrimination and undesired lock-in effects.

  • iii) Governance Framework The Association defines and sets out the governance framework in its operating model as required to facilitate (decentralised) data exchange transactions in the CX Data Space ("Governance Framework"). The Association can define technical standards (“Standards”), non-technical requirements (“Non-Technical Requirements”) and other policies for Participants and the products and services they make available within the CX Data Space. The Association can use certifications and other legal instruments to give effect to the Governance Framework.

  • iv) Freedom of Contract

    Participants shall enjoy freedom of contract within the CX Data Space in accordance with the Governance Framework and applicable laws and regulations.

  • v) Registration and Certification

    Each Participant commits to the Governance Framework by registering with the CX Data Space. Participants may need a certification for certain products and services, to be issued by a conformity assessment body permitted to the CX Data Space.

  • vi) Compliance by Conduct

    Each Participant shall comply with all applicable laws and regulations when acting within the CX Data Space at its own responsibility, including in particular competition law, data protection laws (GDPR and others), legislation under the EU Digital Strategy (including in particular the Digital Market Act, Digital Services Act, Data Governance Act, Data Act, AI Regulation) as well as any applicable cyber security legislation ("Compliance by Conduct").

  • vii) Compliance by Design

    As part of the Governance Framework, the Association may determine specific requirements for the design of technology and processes to ensure compliance with applicable laws and regulations. Even where the Association sets such requirements, each Participant continues to be responsible for its Compliance by Conduct.

  • viii) Security

    Each Participant shall manage its access to and use of the CX Data Space, at all times, responsibly and in compliance with all applicable technical security standards once set out in the Governance Framework.

  • ix) Control

    The Association reserves the right to control Participants' compliance (including delegating such control to third party Participants) with these 10 Golden Rules. The Association reserves to enforce (including via third party Participants) the Governance Framework, including by way of withdrawing certifications and/or the registration as a Participant or other measures reasonably required.

  • x) Legal provisions and Disclaimer

    These 10 Golden Rules shall be in effect as part of the Governance Framework, until they are modified or replaced by the Association. They shall be binding for each Participant based on the related registration process. They shall only establish or be part of a contractual relationship with the Association if expressly agreed between the Association and such Participant. The Association is not responsible for data exchange transactions concluded between Participants. Each Participant acts at its own risk and responsibility, in accordance with the terms agreed with other Participants.

These 10 Golden Rules are subject to German substantive law; the exclusive venue for any disputes in relation to the Association is Berlin.