DRCF insights: Smart Data frameworks

About 

Core focus

The report reviews how jurisdictions worldwide have approached consumer data portability and Smart Data ecosystems, drawing lessons to help the UK implement its cross-sectoral Smart Data ambitions. The DUAA 2025 empowers the Secretary of State to create sector-specific Smart Data schemes via secondary legislation, building on the Open Banking precedent. As of May 2025, one in five UK consumers and small businesses were actively using Open Banking services, up from one in seventeen in March 2021.

Three implementation models

The report categorises global Smart Data approaches into three main models:

1. Regulator-mandated 

Government-led, prescriptive legislation (e.g. Australia’s Consumer Data Right, Brazil’s Open Finance). Provides legal certainty and mandated participation, but risks high compliance costs, regulatory rigidity, and potential for stifling innovation. Australia’s experience is cited as a cautionary tale of disproportionate costs relative to uptake.

2. Market-facilitated  

Industry-driven, with regulators in a facilitative role (e.g. US, Japan, Hong Kong). Fosters innovation and commercial flexibility but suffers from inconsistent standards, fragmentation, slower incumbent adoption, and uncertain liability frameworks. The US is experiencing particular instability following legal challenges to its framework, which has been seen as lacking unambiguous positioning.

3. Public infrastructure-led 

Built on foundational national Digital Public Infrastructure such as digital identity and data exchange layers (e.g. Estonia’s X-Road, Singapore’s SGFinDex via Singpass). These solve interoperability and trust-by-design but require major upfront investment and sustained political commitment. Estonia saves an estimated 820+ years of working time annually through X-Road.

A fourth category, Hybrid and Transitioning, covers jurisdictions like India (Account Aggregator / DEPA framework, with over 100 million consents by 2024) and the UAE (transitioning from market-led to a centrally mandated Open Finance framework).

Key themes from the analysis

Governance

A central coordinating body is consistently identified as critical. Without it, sector-by-sector schemes under the DUAA risk creating new data silos rather than eliminating them.

Standards and interoperability

Cross-sector fragmentation is a recurring failure mode. The risk that different UK government departments managing different Smart Data schemes could produce divergent technical standards is highlighted as a significant concern.

Consumer consent journey

Legal compliance alone is insufficient. The quality of the consent user experience is as important as the legal principle. Brazil’s experience shows how broadly drafted consent forms led to data misuse and loss of public trust. India’s AA framework shows high consent numbers but low conversion due to friction. Singapore’s integration with Singpass is held up as a model of frictionless, trustworthy consent.

International alignment

The report recommends aligning with Gaia-X (the EU’s federated data infrastructure framework) to protect the UK’s data adequacy status (renewed until 2031), maintain access to EU digital markets, and reduce compliance burdens for internationally active businesses.

Anti-competitive risks

The report flags the possibility that Smart Data schemes could inadvertently facilitate tacit collusion if they enable easy monitoring of competitor pricing — a novel risk that warrants safeguards by design.

Considerations for the UK

The report proposes five strategic pillars:

1. A central Smart Data governance body to coordinate all schemes, set baseline standards, and prevent fragmentation.
2. Phased, use-case-driven rollout prioritising energy (for Net Zero), finance, and telecoms, learning iteratively before expanding.
3. Sector-tailored implementation models — acknowledging that some sectors suit market-led approaches while others need regulatory mandates, within a unified strategic framework.
4. Interoperability by design, integrating with the UK’s Digital Verification Services (DVS) trust framework (as envisioned in the DUAA) to create a trusted, unified consent architecture.
5. Clear secondary legislation covering liability frameworks, security standards, transparent cost-benefit processes, and safeguards against anti-competitive conduct.

Relevance to IB1

The DRCF report findings and recommendations are closely aligned with IB1’s existing work and strategic positioning.  

Central governance and Trust Frameworks

The report’s core recommendation, a ‘central’ body setting common baseline standards and ensuring cross-sectoral interoperability, closely mirrors the architecture IB1 has developed through its Trust Framework and Scheme architecture. The DRCF’s concern about fragmented sectoral schemes producing new data silos is precisely the problem IB1’s governance approach is designed to solve, specifically the interoperability between them.

Energy Smart Data and Perseus 

The report explicitly names energy as a priority sector for Smart Data designation, citing its alignment with Net Zero policy objectives. IB1’s Perseus programme, enabling permissioned energy data access for SME carbon reporting and green finance, is an existing example of the kind of sector-specific, use-case-driven scheme the report advocates.

Consent and liability frameworks

IB1 has developed detailed consent and liability standards across energy, water, finance, supply chains, and other sectors. The DRCF’s finding that the quality of the consent journey is as critical as the legal principle, and that clear liability apportionment is essential for industry confidence, directly reinforces the value of this work.

Interoperability across sectors

The report warns that without strong central coordination, different government departments could develop incompatible standards across schemes. IB1’s cross-sector interoperability work, including its engagement between Open Energy, Perseus and Open Banking, addresses this risk directly.

International standards alignment

The report recommends aligning with international frameworks such as Gaia-X. IB1’s engagement with cross-border data governance and its work across multiple jurisdictions is consistent with this direction.

The DRCF report diagnosis and recommendations map closely with the approach IB1 has built, and provides independent external validation of the strategic importance of IB1’s work.