Policy Framework Overview

1. Introduction

The D4Science infrastructure provides a shared digital environment designed to support scientific research and innovation across a wide range of disciplines and communities. Through its Virtual Research Environments (VREs), it enables researchers to access integrated services for data management, computation, collaboration, and dissemination.

Given the complexity and distributed nature of the infrastructure, it is essential to establish a clear and coherent governance framework. The D4Science Policy Framework defines the principles, rules, and responsibilities that guide the use and operation of the infrastructure.

This document provides an overview of the policy framework, explaining how the different policies relate to each other and how they collectively support the secure, reliable, and sustainable operation of D4Science.

2. Purpose of the Policy Framework

The D4Science Policy Framework establishes a common set of rules that ensure the infrastructure is used in a responsible, secure, and legally compliant manner.

Its purpose is to:

• define the conditions for accessing and using infrastructure services
• protect users, data, and system integrity
• support compliance with legal and regulatory requirements
• promote transparency, reproducibility, and collaboration in research

The framework is designed to balance flexibility and governance, enabling diverse scientific communities to operate within a shared infrastructure while maintaining clear rules and responsibilities.

3. Governance of the Infrastructure

The D4Science infrastructure is operated by the Consiglio Nazionale delle Ricerche (CNR) through the Institute of Information Science and Technologies (ISTI) in Pisa, Italy.

Operational activities are carried out by the D4Science Working Group, which is responsible for:

• maintaining infrastructure services
• ensuring security and reliability
• supporting user communities
• evolving the platform in response to scientific and technological needs

Governance is therefore tightly integrated with operations, ensuring that policies are not only defined but also effectively implemented.

4. Structure of the Policy Framework

The D4Science Policy Framework is composed of a set of complementary documents, each addressing a specific aspect of infrastructure governance.

Together, these documents define how the infrastructure is accessed, used, secured, and evolved.

Each of these documents addresses a specific dimension of the infrastructure, but they must be interpreted together as a unified governance framework.

4.1 Terms of Use

The Terms of Use establish the legal foundation of the relationship between users and the D4Science infrastructure.

They define the general conditions under which services are provided, including user responsibilities, limitations of liability, and the principles governing the use of the infrastructure. By accepting the Terms of Use during registration, users formally agree to comply with the entire Policy Framework.

4.2 Access and Acceptable Use Policy

This policy regulates how users access the infrastructure and how services should be used.

It defines authentication mechanisms, user roles, and Virtual Research Environment access models, while also specifying acceptable and prohibited behaviours. Its goal is to ensure that access is managed in a secure, fair, and transparent manner.

4.3 Privacy and Data Protection Policy

The Privacy Policy explains how personal data are processed within the infrastructure.

It clarifies the roles of Data Controller and Data Processor, describes how data are handled in compliance with GDPR, and explains how user rights are protected. This policy ensures that personal data are processed responsibly and transparently.

4.4 Service Policy

The Service Policy provides a detailed description of the infrastructure and its services.

It explains how global services and Virtual Research Environments are organized and how they integrate to provide a unified user experience. It also describes how services evolve over time and how new capabilities are introduced.

4.5 Security and Incident Response Policy

This policy defines how D4Science ensures the security of its infrastructure.

It describes the roles and responsibilities involved in security management, the mechanisms used to monitor and protect systems, and the procedures followed in case of security incidents. It aligns with modern cybersecurity practices and with the principles of the NIS2 Directive.

4.6 Data and Research Artefact Governance and Licensing Policy

This policy governs the management of research artefacts within the infrastructure.

It defines how datasets, models, workflows, and applications can be shared, reused, and published. It promotes FAIR principles and ensures that proper licensing and attribution practices are followed.

4.7 API and Developer Usage Policy

The API Policy defines how programmatic access to the infrastructure is managed.

It explains how developers can securely integrate their applications using OIDC-based authentication and how usage limits are applied to ensure fair and stable operation of services.

4.8 Data Processing Addendum (DPA)

The Data Processing Addendum applies when personal data are processed within the infrastructure on behalf of third parties.

It defines the roles and responsibilities of Data Controllers and Data Processors and supports compliance with GDPR requirements in research contexts involving personal data.

5. Virtual Research Environments and Community Governance

Virtual Research Environments (VREs) are the core operational units of D4Science.

They provide flexible and customizable environments where research communities can collaborate, share resources, and develop scientific solutions. Each VRE operates within a defined governance model while benefiting from shared infrastructure services.

This approach allows D4Science to support a wide range of scientific use cases, from open collaborative environments to restricted project-based platforms.

6. Security and Compliance

The D4Science Policy Framework is designed to ensure that the infrastructure operates in a secure and compliant manner.

In particular:

• personal data processing complies with the GDPR
• security practices align with the principles of the NIS2 Directive
• infrastructure operations follow institutional and national security standards

This ensures that D4Science provides a trustworthy environment for scientific research.

7. Use of the Policy Framework

When registering to the infrastructure, users are required to accept the Terms of Use, which constitute the legally binding agreement.

Other policies are made available for consultation and must be respected as part of the overall governance framework.

Together, these documents define the conditions under which the infrastructure may be used.

8. Evolution of the Framework

The D4Science infrastructure evolves continuously, and its policy framework evolves accordingly.

Policies may be updated to reflect:

• technological developments
• changes in security requirements
• regulatory updates

Users are encouraged to consult the latest versions of the policies.

9. Contact and Support

For questions regarding the policy framework or infrastructure services, users may contact:

https://support.d4science.org

10. Conclusion

The D4Science Policy Framework provides a structured and coherent governance model that supports the operation of a complex and distributed research infrastructure.

By combining legal, technical, and operational policies, it ensures that D4Science remains:

• secure
• reliable
• sustainable
• aligned with the needs of the research community

Explore all policies: View the complete list of policies