Which Rules of Participation for EOSC?

If Services in the EOSC marketplace provide usage/access data and statistics (when appropriate, and in scope with the particular service provision), they should do so according to open and transparent standards, such that those data can contribute to the development of metrics and indicators (and of course, incentives and rewards) that foster the uptake of open science practices.

Service Providers should ensure openness and transparency in their data policies and means and mechanisms to menage content. Such means and mechanisms are essential to support a research ecosystem that fosters replication and reproducibility, all characteristics of the research lifecycle that are at the core of Open Science.

To promote transparency and drive the adoption of generic standard, it is important that services include machine readable metadata and are identifiable by means of a common and persistent identification. This will allow users to assess operational and functional Service Providers elements such as quality indicators, FAIR indicators, licences, etc.

Service Providers should be transparent about the data management mechanisms they use to store-process-publish content. It is therefore important that they:

• must publicly disclose details on what data about users is collected and how the user statistics is tracked, managed and used for service improvement.
• must publicly indicate if they offer the mechanisms to apply data protection rules according to the General Data Protection Regulation, especially in terms of Data Protection by Design and Data Protection by default, using relevant shields and information.

EOSC will build on services provided by many organisations. Users must be able to make informed choices based on quality, performance and capacity. It is therefore extremely important to build trust with users.

Service providers should adhere to the quality guidelines that are being developed within EOSC.

Services that provide “Excellence-based access” should operate with transparent expert peer-review.

Data that will be distributed via the EOSC will have different levels of access control depending on Intellectual Property (IP) issues, embargoes prior to publication and personal data protection considerations. In addition, certain types of research may have National Security implications that require additional levels of access control. The only model viable in such an environment is one whereby data security, or more accurately, access control remains with the entity that is ultimately legally responsible for ensuring that the data is properly restricted.

Data quality is likely to be the most difficult element to standardize in any given set of rules of participation, considering that the usual standard of “fit for purpose” varies so much from use case to use case. There are two mechanisms to ensure appropriate data quality. The first derives from FAIR principles, as interoperable and reusable data implies that the data set has a given minimum amount of metadata.

Given the dispersed nature of scientific research and the variety of tools and processes required by scientists in different fields and locations, a federated environment requires a similarly decentralized business model to support the technical environment that will be developed. The development of novel capabilities, long-term storage/maintenance of data resources and fixed cost capabilities are likely to be provided using direct payments to organisations setting up nodes in the EOSC.

Private sector users should be considered stakeholders in the EOSC as well as participants from the start. By participating, private sector may want to invest in the long-term development and sustainability of the EOSC, along with the public sector and not just serve to exploit public data for free. Considerations such as access for non-scientific actors as well as non-EU/associated countries researchers should be addressed as well

Rules and requirements around Application Programming Interface (API) access and information assurance, particularly liability for data breach, might restrict the participation of a certain type of entity in the EOSC due to the costs associated with API development, identity and access management or security audit. One option is to phase-in certain parts of the eligibility criteria, to enable changes to take place as part of a normal system development life cycle, or to provide funding for conversion of certain high value assets to more scalable infrastructures.