Assurability: Assurance Levels
v2026-05-15
Index
- Definitions and overview
- Signalling assurance
- Organisational Assurability
- Dataset Assurability
- Example: Assured Open Data Scheme (energy focus)
Definitions & overview
IB1 Assurability (noun): The degree to which an organisation, dataset, or data flow can be verified as trustworthy, covering its origin, quality, legal basis, and fitness for a given purpose, within the rules of a Scheme and Trust Framework.
Assurability is a property, not a binary state. It is expressed through graduated Assurance Levels applied to both organisations (who is sharing?) and datasets (what is being shared?), ranging from basic legal registration and membership (Level 1) through to fully machine-readable provenance, quality parameters, and 99.9% availability (Level 4).
Assurability differs from assurance in that it describes what can be verified in principle, whereas assurance describes what has been verified in practice. An organisation or dataset that meets the structural conditions for a given level: the governance, documentation, technical standards, and audit trails is assurable at that level. Actual assurance is then conferred through self-declaration, machine testing, or third-party audit, as specified by the relevant Scheme.
Within IB1’s Trust Frameworks, assurability serves three purposes:
- Trust — giving data recipients confidence that data originates from a verified source, is accurately described, and is lawfully shareable
- Scale — enabling automated, machine-readable verification so that trust can operate across thousands of organisations and datasets without bilateral negotiation
- Accountability — creating a clear, auditable basis for redress if data does not meet the stated level
Assurability applies across all data sensitivity classes — open, shared, and closed — and is a foundational requirement for data to be considered assurable smart data: the form of data that can reliably underpin investment decisions, compliance reporting, and net zero innovation.
What assurability enables
Assurability helps improve the quality and transparency of information for decision-makers.
Trust Frameworks (TF’s) codify and make public the technical and non-technical (‘sociotechnical’) rules for data sharing agreed by their member organisations (such rulebooks are called Schemes). One function of a Trust Framework is to provide appropriate levels of verification and assurance of member organisations and the datasets they publish, covering both Open and Shared data publication.
Organisations are responsible for verifying that they and their data meet the assurance level requirements, including ensuring accurate and complete data. This may subsequently be ratified by machine testing and/or third-party audit.
The assurance approach and needs may vary. For example, Open Energy may draw on specific regulatory requirements such as UK Ofgem’s Open Data Best Practice, whereas Perseus may draw on the specific needs to enable data assurance for compliance reporting.
IB1 assurability processes enable members to publish Assured Open Data and signal organisational and dataset trustworthiness within a sector trust ecosystem (and can consume things like ODI Certificates as evidence);
Click here to review and comment on Assurability in this open discussion document
You also contact us at partners@ib1.org with comments or if you can’t access Google Docs
Signalling assurance
Organisational assurance badges
| Badge | Label | Links to |
|---|---|---|
 |
Organizational Assurance Level 1 | https://specification.trust.ib1.org/generic-organizational-assurance-levels/1.0/#organizational-assurance-level-1 |
 |
Organizational Assurance Level 2 | https://specification.trust.ib1.org/generic-organizational-assurance-levels/1.0/#organizational-assurance-level-2 |
|
Organizational Assurance Level 3 | https://specification.trust.ib1.org/generic-organizational-assurance-levels/1.0/#organizational-assurance-level-3 |
 |
Organizational Assurance Level 4 | https://specification.trust.ib1.org/generic-organizational-assurance-levels/1.0/#organizational-assurance-level-4 |
Dataset assurance badges
| Badge | Label | Links to |
|---|---|---|
 |
Dataset Assurance Level 1 | https://specification.trust.ib1.org/generic-dataset-assurance-levels/1.0/#dataset-assurance-level-1 |
 |
Dataset Assurance Level 2 | https://specification.trust.ib1.org/generic-dataset-assurance-levels/1.0/#dataset-assurance-level-2 |
|
Dataset Assurance Level 3 | https://specification.trust.ib1.org/generic-dataset-assurance-levels/1.0/#dataset-assurance-level-3 |
 |
Dataset Assurance Level 4 | https://specification.trust.ib1.org/generic-dataset-assurance-levels/1.0/#dataset-assurance-level-4 |
Organisational Assurability
Level 1
This is the minimum requirement for organisations to join the Trust Framework. At this level, organisations have:
- Signed the IB1 Membership Agreement
- This includes endorsement of the Icebreaker Principles
- Paid their membership fees
- Demonstrated a current entity legal registration (GLEIF or Companies House) that matches their website and their IB1 membership information
- Registered with the Information Commissioner’s Office (ICO) if a UK entity, or international equivalent
- Have named individual(s) within their organisations registered as a “Trust Framework Licence Controller”. This individual has legal authority in the organisation to sign, or provide consent to, Open Data or Data Sharing licences on behalf of the legal entity.
- Have named individual member(s) as “Trust Framework Data Controller”. This individual is responsible for the technical security and integrity of data sharing (including consent-based access controls where relevant).
Level 2
The organisation meets all the requirements of Level 1, plus they have:
- For Shared Data, publishers or consumers
- Agreed the Operational Guidelines addendum to the IB1 Membership Agreement
- Published a data strategy that commits to meeting IB1 Dataset Assurance Level 2 for all published data
- Agreed corporate communications to be used for the promotion of the data being shared
- Have commercially reasonable cyber security standards for processing data.
Level 3
The organisation meets all the requirements of Level 2, plus they have:
- Provided 3rd party documentation (e.g. an auditor) to externally confirm/assure ownership and company control.
- Published a data strategy that commits to meeting IB1 Dataset Assurance Level 3 for all published data
- Provided a forum or mailing list for data users (e.g. via an IB1 or 3rd party operated forum)
Level 4
The organisation meets all the requirements of Level 3, plus they have:
- Published a data strategy that commits to meeting IB1 Dataset Assurance Level 4 for all published data
- A dedicated team-building user community
Dataset Assurability
Each dataset published by a member of a Trust Framework is assessed against the following assurance levels:
Level 1
Assurance that:
- The metadata is available publicly on the web in a location recorded in the organisation’s IB1 Registry entry
- Both metadata and underlying data use a machine-readable format
- The dataset contains no personal data and is not subject to GDPR
- For Open Data
- The dataset is published on the web with a licence that is compatible with Open Data
- The metadata specifies IB1-O for the Data Sensitivity Class
- For Shared Data
- The metadata specifies the access conditions for the data
- The metadata specifies IB1-SA or IB1-SB for the Data Sensitivity Class
Level 2
The dataset meets all the requirements of Level 1, plus assurance that:
- Legal
- Metadata includes definitions of usage rights for derived data (e.g. a URL to the conditions for derived data)
- Metadata includes commercially reasonable citations and/or provenance
- Metadata includes definitions of potential risks (e.g. a URL to such a definition)
- Where relevant or required, ensure privacy issues addressed within the published data and the data publication mechanism(s)
- Practical
- Metadata includes dates of creation and publication
- Where a dataset covers a temporal range, this is defined in the metadata
- That the dataset will be maintained and available for a minimum of one calendar year
- Technical
- Data is published in content-appropriate formats that enable data to be used in an interoperable manner by machine-based systems
- For Shared Data, the dataset is immediately available via a FAPI endpoint to any IB1 Trust Framework-registered application that meets the terms of that Trust Framework implementation.
- Social
- Data is documented on publicly available URLs
- A mechanism is available for people to provide feedback and ask questions (e.g. human technical support)
Level 3
The dataset meets all the requirements of Level 2, plus assurance that:
- Practical
- A schedule is published at a public URL documenting the process of maintaining the data’s availability
- Commercially reasonable backups are in place
- A document is published at a public URL detailing the process or data collection, curation, quality assurance and publishing
- Technical
- Inclusion in the metadata of citation(s) to, the underlying open standard(s) used in publishing content-appropriate data is published in machine-readable format(s)
- Publication of a single consistent URL, or clear rules for how URLs are constructed, are made to access the dataset
- machine-readable metadata describing the contents of the dataset is provided (e.g. JSON-LD, CSVW)
- where data is provided by an API, the API has a machine-readable definition (e.g. OpenAPI)
- Assurance that the dataset has availability of at least 99.5%.
Level 4
The dataset meets all the requirements of Level 3, plus assurance that:
- Legal
- The licence terms themselves are machine-readable and available at a persistent URL in a consistent manner
- Practical
- Quality parameters and processes shall be published in a machine-readable format at a persistent URL in a consistent manner
- Technical
- Provenance shall be published in a machine-readable format at a persistent URL in a consistent manner
- URIs shall be used as identifiers within data
- The dataset has availability of at least 99.9%