Across Europe, hospitals, universities, and public agencies hold vast stores of health and social data with genuine potential to improve lives. Yet that potential largely goes unrealised.
A Finnish genomics researcher seeking access to Norwegian patient records, a Dutch epidemiologist hoping to link clinical trial data across three countries both face months of negotiation, duplicated ethics approvals, and incompatible technical systems. The data exists; the capability to use it securely does not.

This article summarises the key findings of a bachelor’s thesis examining EOSC-ENTRUST the European Open Science Cloud’s initiative to build a federated network of Trusted Research Environments (TREs) across the EU. The thesis proposes practical architectural solutions to the fragmentation problem and introduces an integrated security model that makes cross-border sensitive data research achievable today, not just in theory.

What Is a Trusted Research Environment?
A Trusted Research Environment is a secure, controlled digital workspace where authorised researchers can analyse sensitive data without the data ever leaving its protected environment. Instead of transferring patient records to a researcher’s laptop, the researcher connects to the TRE and brings their analysis to the data. Think of it as a locked room with a window: you can work inside, but nothing walks out without inspection.
Most European countries have built their own TREs Finland’s CSC, Norway’s TSD-SAFE, the Netherlands’ SURF environment but these have developed independently, each with its own identity systems, governance rules, and technical standards. The result is a patchwork of secure islands that cannot easily communicate with each other.

The Six Barriers to Federation
The thesis identifies six specific problems that prevent European TREs from forming a coherent network:
First, there is no shared standard. Even the most widely cited model the UK’s DARE Blueprint requires substantial adaptation for EU legal and institutional diversity.

Second, identity systems are fragmented: Norway uses BankID, Finland uses university credentials,and institutional logins rarely cross borders cleanly.

Third, user certification is inconsistent one TRE may require rigorous background checks and ethics training, another accepts self declared affiliation.

Fourth, governance models differ so widely that coordinating a multi-country data access approval becomes an administrative marathon.

Fifth, metadata about available datasets is held in bespoke local schemas, making cross-border data discovery nearly impossible.

Sixth, and perhaps most fundamentally, federated operations require trust and trust between institutions in different legal jurisdictions does not exist by default.

A Tiered Trust Model for Progressive Adoption
The thesis proposes a three-tier framework that allows TREs to join the federation at the level their current capabilities support, then advance progressively.

At Tier 1 (Basic Compliance), a TRE meets fundamental requirements: multi-factor authentication, encrypted storage, audit logging, and documented data protection policies.
Researchers certified at this level can discover datasets across the federation and access synthetic data for algorithm development. Tier 1 can typically be achieved within six to twelve months, making it a realistic entry point even for smaller institutions.
Tier 2 (Enhanced Federation) enables individual-level pseudonymized data access. TREs at this level implement GA4GH Passport-based authorization, formal output review processes, and have undergone independent security audit. Researchers need project-specific ethics approval and advanced data protection training.
Tier 3 (Validating Authority) is reserved for TREs that serve the federation as auditors, identity hubs, or metadata catalog operators. These institutions validate synthetic data quality, coordinate large multi-country studies, and provide the infrastructure other TREs depend on.
This graduated approach is politically and practically feasible where an all-or-nothing requirement would not be. A country uncertain about the benefits of federation can start at
Tier 1 with limited investment, demonstrate value to stakeholders, and build the case for advancement.

Synthetic Data as the Bridge
One of the most significant contributions of the thesis is the integration of a synthetic data access framework, originally proposed by Prof. Jussi Salmi at Turku UAS, into the federation architecture. Synthetic data statistically realistic datasets generated by AI models trained on real data contains no actual personal information and is therefore not subject to GDPR’s cross-border transfer restrictions. This legal distinction is practically transformative. Federation infrastructure can be built, tested, and exercised using synthetic data before any real sensitive data is ever shared. Researchers can develop and validate their analytical methods. Cross-border workflows can be debugged. Trust between institutions can be established all without any privacy risk. The framework organizes synthetic data access into three levels. Level 1 Researchers access only the final synthetic datasets for algorithm development and training. Level 2 Data
Validators compare synthetic and real data to verify that statistical utility has been preserved and no privacy leaks have been introduced. Level 3 Technical Reviewers audit the AI models themselves, checking for bias, verifying differential privacy guarantees, and ensuring ethical compliance. This hierarchy ensures that synthetic data is not only useful but demonstrably safe.

Making Identity Work Across Borders
The technical core of the federation is an Identity Federation Service built on OpenID Connect the same protocol behind ’Sign in with Google’ on millions of websites. Each
country’s existing identity provider (university login, BankID, national ID card) connects to a central hub. The hub translates between these systems without requiring any of them to
change. When a Finnish researcher logs into a Norwegian TRE, they authenticate with their university credentials as normal. The hub validates that authentication and issues a
federation-wide identity token the Norwegian system can trust. The process takes seconds and requires no manual certificate management or new accounts.
Authorization what the researcher is allowed to do is handled separately through GA4GH Passports: digitally signed credential collections that carry ethics approvals, training certifications, and data access permissions across borders.

A Finnish ethics committee approval, issued as a verifiable digital visa in the researcher’s passport, can be recognized by a Norwegian TRE without the researcher starting the process again from scratch.
Smart card authentication already widespread in European hospitals and government institutions integrates naturally into this infrastructure, providing the hardware-backed multifactor authentication that high-sensitivity environments require.

The Five Safes, Applied Federally
The Five Safes framework Safe Projects, Safe People, Safe Settings, Safe Data, Safe Outputs is the established standard for responsible data access governance. The thesis demonstrates how each dimension extends to a federated, cross-border context. Safe Projects becomes a mutual recognition problem: when a project has Finnish ethics approval, what additional review is needed for Norwegian data? The ENTRUST approach establishes recognized ethics bodies in each country and a Data Access Request Service that tracks which approvals are in place and which are still needed, routing requests in parallel to avoid sequential delays. Safe People is implemented through the tiered
certification model combined with GA4GH Passports. Safe Settings relies on ISO/IEC 27001-equivalent security baselines verified by independent third-party auditors, whose findings are published in a federation registry data controllers can consult. Safe Data applies layered protection: minimization at source, pseudonymization, purpose-limited access, and
synthetic data as an additional protective proxy. Safe Outputs coordinates review across multiple TREs, with automated disclosure control checks supplemented by trained output
checkers.

What This Means in Practice
For TRE providers, the research offers a concrete implementation pathway with realistic timelines and well-defined requirements at each tier, supported by federation-provided templates, reference implementations, and mentorship from more advanced peers.
For policymakers, it demonstrates that cross-border sensitive data research is achievable without compromising national data sovereignty indeed, the framework is designed to preserve it. National identity systems, ethics frameworks, and governance structures remain under national control; the federation standardizes the interfaces between them, not the implementations behind them.
For researchers, it promises improved access to data that simply cannot be found today, with portable credentials that reduce the administrative burden of multi-country projects. For data subjects patients, survey respondents, citizens it means research that could improve health outcomes and public services, protected by governance structures with genuine teeth.

The Road Ahead
The EOSC-ENTRUST framework is ambitious, and significant work remains. Pilot implementations, empirical evaluation of real-world federation operations, and detailed economic analysis of cost and benefit models are all needed. The social and organizational dimensions change management, institutional trust-building, and incentive alignment are as important as the technical ones. But the core insight of this thesis is that the barriers to European TRE federation are not
insuperable. They are engineering problems, governance problems, and trust problems all of which have solutions that can be implemented progressively, at manageable cost, without waiting for perfect regulatory harmonization that may never come.
Synthetic data provides a practical bridge. The tiered trust model provides a realistic adoption pathway. Federated identity provides the technical plumbing. What remains is the will to build.

About the author
Iuri Dias Gonçalves is a bachelor’s student in Information Communication Technology / Health Technology
at Turku University of Applied Sciences. This article is based on the thesis EOSC-ENTRUST: Federated
Interoperability for Trusted Research Environments in Europe (2026), developed in collaboration with CSC
– IT Center for Science, Finland.
Reference
Gonçalves, I. D. 2026. Connecting Europe’s Research Islands: A Blueprint for Federated Trusted Research
Environments. Talk by Students. Turku: Turku University of Applied Sciences.