Trust Framework Roles

Each Member of the Trust Framework must assign two named individuals, with contact details, in the Directory. They are responsible for distinct but complementary legal and technical functions required for participation in the Trust Framework and any associated Schemes.

These roles are:

• Trust Framework Licence Officer (TFLO) – responsible for legal authority over licensing and consent
• Trust Framework Data Officer (TFDO) – responsible for technical assurance and compliance

Assignment of these roles is mandatory for all Members. If a named individual leaves the organisation or can no longer fulfil the role, the Member must update the Directory without delay to maintain compliance.

The responsibilities and required capabilities of these roles are defined below.

Dependencies

A Scheme using this specification must also adopt the following specifications:

• Generic Sensitivity Classes (1.0 or later)

Trust Framework Licence Officer (TFLO)

The Trust Framework Licence Officer has legal authority to make decisions on data sharing, data use, and consent on behalf of the Member organisation. The TFLO is accountable for ensuring that data published or consumed under the Trust Framework complies with relevant licensing terms and consent conditions.

A TFLO:

• Has authority to sign or approve data licences (e.g. Open Data, Shared Data) on behalf of the Member
• Signs off on the use or publication of personal or consumer data where required
• Is accountable for compliance with all data licensing and consent terms, as both data provider and data consumer
• Ensures licences are reviewed, maintained, or revoked as necessary

Responsibilities by Sensitivity Class

Sharing data

When sharing Open Data (IB1-O) the TFLO:

• Authorises the allocation of an appropriate Open Data licence to an Open dataset published within the context of the Trust Framework
• Signs

When sharing Shared Data (IB1-SA) or IB1-SB) the TFLO:

• Confirms the allocation of preemptive Shared Data licence(s) to datasets for use within the context of the Trust Framework and any associated Schemes
• If required, reconfirms or adjusts licences at appropriate intervals (e.g. in the case of time-bound licence allocation)

When sharing Personal or Consumer data (IB1-SP), the TFLO:

• Reviews the terms and conditions, including the legal basis under data protection legislation, for publishing Personal or Consumer data within a Trust Framework and any associated Schemes
• Determines whether the terms and conditions are acceptable to the member organisation
• Ensures that the terms and conditions are met by the organisation before data is shared

Using Data

Within the context of a Trust Framework and its associated Schemes, the TFLO:

• When using Open Data (IB1-O):
• Interprets the Open Data licence on behalf of the member organisation

• Is accountable for their organisation’s compliance with the Open Data licence

• When using Shared Data (IB1-SA) or IB1-SB):

• Interprets the Shared Data licence(s) on behalf of the member organisation

• Is accountable for their organisation’s compliance with the Shared Data licence

• When using Personal or Consumer data (IB1-SP):

• Interprets the terms, conditions, and licence (if applicable) governing the use of Personal or Consumer data
• Is accountable for their organisation’s compliance with the terms of consent/permission and any accompanying data licence

Required Capabilities

The TFLO must:

• Understand relevant data protection regulations, data licensing practices, and consent frameworks
• Be able to interpret and apply licence and consent conditions to use cases
• Have authority to make licensing and consent decisions within the Member organisation
• Hold internal users accountable for legal compliance
• Be named and registered in the Trust Framework Directory

Trust Framework Data Officer (TFDO)

The Trust Framework Data Officer ensures that the Member’s data practices — both publishing and access — comply with the technical, security, and procedural requirements of the Trust Framework and any applicable Schemes.

A TFDO:

1. Assurance Compliance
   Ensures datasets meet the criteria of the claimed assurance level (e.g. provenance, metadata completeness, machine readability, absence of personal data where required).

2. Authentication and Authorisation
   Ensures that secure, scheme-compliant mechanisms are used for verifying identity and enforcing access rules and permissions.

3. Data Protection
   Ensures that organisation systems meet the level of security required by Trust Frameworks and their associated Schemes. Where data processing includes Personal or Consumer data, or data shared or processed on the basis of consent/permission, ensure mechanisms supporting rights under data protection legislation and as well as Scheme requirements are fully implemented.

4. Data Standards
   Enforces use of agreed internal data standards and collaborates with other Members to maintain cross-Scheme data interoperability.

5. Monitoring and Reporting
   Implements and maintains technical processes to meet scheme-defined audit, logging, SLA, and breach-reporting requirements.

Required Capabilities

The TFDO must:

• Understand technical publishing and security protocols, including authentication and authorisation mechanisms
• Implement and oversee assurance-compliant publishing processes
• Have the authority to ensure adoption and enforcement of data and metadata standards within the Member organisation
• Coordinate with both internal teams and external Members to ensure technical alignment
• Be named and registered in the Trust Framework Directory