Generic Assurance Levels: An overview

Why assurance matters

Assurance helps improve the quality and transparency of information for decision-makers by making it clear what published data is, who is responsible for it, and what it can confidently be used for.

Trust Frameworks codify the technical and sociotechnical rules for data sharing agreed by their member organisations (these rulebooks are called Schemes). One core function of a Trust Framework is to provide proportionate verification and assurance of member organisations and the datasets they publish, across both Open and Shared data.

Assurance operates in two paired dimensions:


IB1 Generic Assurance

A great place to start for many schemes

IB1 Generic Assurance is the baseline set of organisational and dataset assurance levels that schemes can adopt directly or extend with use-case-specific signals. The table below summarises what each level adds. Full requirements are maintained as machine-readable specifications, linked further down.

LevelOrganisationDataset
1Identity verification, accountable roles, executed scheme agreementPublicly-available machine-readable metadata, clear licensing, clear data sensitivity classification, no personal data
2Adds cybersecurity requirements, user engagement, and a commitment to publish at Dataset Levels 1 & 2Adds data triage information, richer metadata, commitment to availability and support, basic interoperability
3Adds clear data request processes, involvement in scheme governance, and a commitment to publish at Dataset Levels 2 & 3Adds provenance, higher availability, use of open standards, and openly-published data dictionaries or API specifications
4Adds community building and a commitment to publish at Dataset Levels 3 & 4Adds machine-readable provenance, data descriptions, and licences

Progression is cumulative: each level inherits the requirements of the level below.

Reading the levels

Level 1 establishes the minimum trustworthy entry point. The publishing organisation has been verified, has signed the scheme agreement, and the dataset is openly described, well-licensed, and free of personal data.

Level 2 moves from trustworthy entry point to operationally reliable: cybersecurity, user-facing support, structured metadata, data triage, and committed availability.

Level 3 brings governance and openness into clearer view: provenance, open standards, machine-readable API and data definitions, and active participation in scheme governance.

Level 4 turns the published data into reusable infrastructure: machine-readable licences and provenance, the highest availability targets, and an active publisher role in the surrounding community.

Signalling assurance

Once verified, organisations and datasets are entitled to display the corresponding badges. These provide a clear, human- and machine-readable signal to data users and downstream schemes. 

Organisation assurance badges

BadgeLabelLinks to
Organizational Assurance Level 1https://specification.trust.ib1.org/generic-organization-assurance-levels/1.0/#organization-assurance-level-1
Organizational Assurance Level 2https://specification.trust.ib1.org/generic-organization-assurance-levels/1.0/#organization-assurance-level-2
Organizational Assurance Level 3https://specification.trust.ib1.org/generic-organization-assurance-levels/1.0/#organization-assurance-level-3
Organizational Assurance Level 4https://specification.trust.ib1.org/generic-organization-assurance-levels/1.0/#organization-assurance-level-4

Dataset assurance badges

BadgeLabelLinks to
Dataset Assurance Level 1https://specification.trust.ib1.org/generic-dataset-assurance-levels/1.0/#dataset-assurance-level-1
Dataset Assurance Level 2https://specification.trust.ib1.org/generic-dataset-assurance-levels/1.0/#dataset-assurance-level-2
Dataset Assurance Level 3https://specification.trust.ib1.org/generic-dataset-assurance-levels/1.0/#dataset-assurance-level-3
Dataset Assurance Level 4https://specification.trust.ib1.org/generic-dataset-assurance-levels/1.0/#dataset-assurance-level-4

Detailed requirements

The full machine-readable requirements for each level are maintained as formal specifications:

Schemes may adopt these as-is or extend them with use-case-specific requirements. See the Open Energy Assured Open Data Scheme for a worked example.