Policy Framework Overview

The D4Science Policy Framework defines the rules governing access to and use of the infrastructure, including legal terms, data protection, security, services, and research artefact management. It provides a coherent governance model ensuring secure, transparent, and sustainable support to scientific communities.

This is the final version 1.1 of the framework, which entered into force on 1 April 2026.

Introduction

The D4Science infrastructure provides a shared digital environment designed to support scientific research and innovation across a wide range of disciplines and communities. Through its Virtual Research Environments (VREs), it enables researchers to access integrated services for data management, computation, collaboration, and dissemination.

Given the complexity and distributed nature of the infrastructure, it is essential to establish a clear and coherent governance framework. The D4Science Policy Framework defines the principles, rules, and responsibilities that guide the use and operation of the infrastructure.

This document provides an overview of the policy framework, explaining how the different policies relate to each other and how they collectively support the secure, reliable, and sustainable operation of D4Science.

Purpose of the Policy Framework

The D4Science Policy Framework establishes a common set of rules that ensure the infrastructure is used in a responsible, secure, and legally compliant manner. Its purpose is to:

  • Define the conditions for accessing and using infrastructure services
  • Protect users, data, and system integrity
  • Support compliance with legal and regulatory requirements
  • Promote transparency, reproducibility, and collaboration in research

The framework is designed to balance flexibility and governance, enabling diverse scientific communities to operate within a shared infrastructure while maintaining clear rules and responsibilities.

Governance of the Infrastructure

The D4Science infrastructure is operated by the Consiglio Nazionale delle Ricerche (CNR) through the Institute of Information Science and Technologies “A. Faedo” (ISTI) in Pisa, Italy.

Operational activities are carried out by the D4Science Working Group, which is responsible for:

  • Maintaining and evolving the infrastructure services
  • Ensuring the security and reliability of the platform
  • Supporting user communities in their research activities
  • Defining and enforcing the policy framework

This governance model ensures that the infrastructure remains aligned with the needs of the research community while complying with institutional and regulatory standards.

Structure of the Policy Framework

The D4Science Policy Framework is composed of a set of complementary documents. Together, they define how the infrastructure is accessed, used, secured, and evolved.

Terms of Use

The main legal agreement between the user and the infrastructure operator.

Read policy →

Access and Acceptable Use

Defines the rules for accessing services and the responsibilities of users.

Read policy →

Privacy & Data Protection

Explains how personal data are processed in compliance with the GDPR.

Read policy →

Service Policy

Describes the organization and delivery of infrastructure services.

Read policy →

Security & Incident Response

Defines the approach to cybersecurity and incident handling.

Read policy →

Data Governance & Licensing

Governs the management and sharing of research artefacts.

Read policy →

API & Developer Usage

Defines the conditions for programmatic access to the infrastructure.

Read policy →

Data Processing Addendum

Defines the roles when D4Science processes data for third parties.

Read policy →

Virtual Research Environments and Community Governance

Virtual Research Environments (VREs) are the core operational units of D4Science. They provide flexible environments where research communities can collaborate, share resources, and develop scientific solutions.

While the D4Science Policy Framework provides the overarching rules, individual VREs may implement specific governance models to meet the needs of their communities. However, all VRE-specific rules must remain consistent with the overall D4Science framework.

Security and Compliance

The D4Science Policy Framework ensures that the infrastructure operates in a secure and compliant manner. In particular:

  • Personal data processing complies with the GDPR
  • Security practices align with the principles of the NIS2 Directive
  • Infrastructure operations follow institutional and national security standards

This ensures that D4Science provides a trustworthy environment for scientific research.

Use of the Policy Framework

When registering to the infrastructure, users are required to accept the Terms of Use, which constitute the legally binding agreement. Other policies are made available for consultation and must be respected as part of the overall governance framework. Together, these documents define the conditions under which the infrastructure may be used.

Evolution of the Framework

The D4Science infrastructure evolves continuously, and its policy framework evolves accordingly. Policies may be updated to reflect:

  • Technological developments
  • Changes in security requirements
  • Regulatory updates

Users are encouraged to consult the latest versions of the policies.

Conclusion

The D4Science Policy Framework provides a structured and coherent governance model that supports the operation of a complex and distributed research infrastructure. By combining legal, technical, and operational policies, it ensures that D4Science remains secure, reliable, sustainable, and aligned with the needs of the research community.

Contact and Support

For questions regarding the policy framework or infrastructure services, please visit our support portal:

https://support.d4science.org

© D4Science Infrastructure - ISTI-CNR, Pisa.