Sovereign data ecosystems
Federated tool monitoring across organizations depends on a prior question: who may compute on whose data, and under which conditions? Three building blocks answer it together.
The access question
Federated learning lets several organizations train a shared model without moving raw data. Sharing model updates across organizational boundaries still requires explicit access rules.
Sovereign data ecosystems combine three building blocks: Gaia-X for identity and trust, Ocean Protocol for asset publication and isolated execution, and Pontus-X for the operational network that runs both. Together they let a federated client connect through one network while keeping raw process traces on the shop floor.
Gaia-X
Trust & discovery
Identity, machine-readable self-descriptions and catalogs, but no training runtime.
Ocean Protocol
Assets & execution
Publishes data and algorithms as assets and runs Compute-to-Data jobs next to the data.
Pontus-X
Operational network
A Gaia-X-aligned, Ocean-based network where both are deployed and settled.
Gaia-X: a trust framework
What Gaia-X provides
- Participant identity via verifiable credentials and trust anchors.
- Machine-readable self-descriptions for participants, resources and offerings.
- Compliance rules checked at onboarding (signatures, attribute consistency).
- Catalogs for discovering datasets and services, but no training runtime.
Gaia-X is a Franco-German initiative whose purpose is to keep European industrial data inside infrastructure that European law can reach. It is published as an architecture and a trust framework rather than as a running platform; the association behind it acts as a standards body.
Its technical core is the self-description: a machine-readable, linked-data document carrying verifiable credentials with claims about a participant, a resource or a service offering. Cryptographic signatures from recognized trust anchors raise the trust level of each claim, and the legal identity behind a signature can be anchored through a decentralized identifier.
Providers publish service offerings in catalogs and consumers search them, but Gaia-X does not intermediate the later contract. It settles trust and discovery; the execution layer has to be supplied separately.
Ocean Protocol: assets and Compute-to-Data
Compute-to-Data, concretely
C2D- The job runs as a Kubernetes-orchestrated container next to the data.
- Inputs are mounted read-only at /data/inputs and asset descriptions at /data/ddos.
- Results are written to /data/outputs; network access can be disabled.
- Job volumes are cleaned up after execution; only permitted files are returned.
Ocean Protocol supplies the asset and execution primitives that Gaia-X does not define. Datasets and algorithms are published as on-chain assets identified by did:op, with each interaction mediated by smart contracts so that authorization, payment and audit share one transaction flow.
The relevant execution mechanism for federated learning is Compute-to-Data (C2D): instead of moving the dataset to the algorithm, the algorithm is sent to the dataset. A C2D job runs as a sandboxed container that the data owner has permitted ahead of time, and the consumer receives only the result files and logs.
This matches a local training step in a federated round: each client publishes its data as an asset, the model owner publishes the training algorithm, and a round is the coordinated launch of one C2D job per participating client.
Pontus-X: an operational network
What Pontus-X provides
- A running network where Gaia-X trust services and Ocean components are deployed.
- Native Compute-to-Data execution inherited from Ocean Protocol.
- Service catalogs and contracting aligned with Gaia-X.
- EUROe-based settlement inside a European regulatory perimeter.
Pontus-X provides a running, Gaia-X-aligned network for trust services and Ocean Protocol components. It is described as a community-driven Pan-European network connected to the Gaia-X Digital Clearing Houses, the Compliance Service and the Registry, and it reuses open-source Ocean components for catalog, contracting and orchestration.
Because Ocean's Compute-to-Data is a native feature of the Pontus-X stack, the operational network bundles trust, assets and a sandboxed execution layer together. Settlement can use EUROe, a euro-denominated token, so payments stay inside a European regulatory perimeter. A custom REST connector based on the Pontus-X tooling is the integration point for an external orchestrator.
A federated round on the stack
Each layer takes a specific role; a federated client connects through the operational layer while using the trust and execution services behind it.
- Discover: find a candidate dataset in the catalog and verify its credentials (Gaia-X).
- Authorize: order compute access to the dataset asset via smart contract (Ocean Protocol).
- Train: launch a Compute-to-Data job that trains a local model next to the data (Ocean / Pontus-X).
- Return: retrieve only the permitted result, the trained local model, through the dataspace.
- Aggregate and publish: combine local models and publish the global model as a described service offering.
Limits of the sovereign ecosystem
Three limits that any ideal federated tool-monitoring architecture must still address.
Semantic interoperability
Self-descriptions say who owns a dataset and how it may be used, but not that two datasets measure the same physical quantity at the same rate. Shared vocabularies such as the Asset Administration Shell or OPC UA companion specifications sit outside the Gaia-X baseline.
Model protection
Compute-to-Data protects the dataset boundary, but the aggregated global model is the very artifact the round is meant to release. The operator hosting the aggregation can in principle inspect it; secure aggregation and differential privacy must be added on top.
Economic incentives
Smart contracts and EUROe settlement can pay for data and compute, but they do not answer whether contributing to a federated round pays off for the data owner: the recurring obstacle to dataspace adoption.
In this demonstrator
This demonstrator does not operate a live Pontus-X deployment. It uses a fixed training set and precomputed model, prediction, metric and cost artifacts to make the federated tool-wear workflow demonstrable and evaluable.
The sovereign part defines the artifact boundary and the service-offering metadata: raw Stiehl process data are never exported, while local model files, prediction artifacts, metrics, costs and checksums are described as the offering. Raw-data locality remains the architectural principle; live dataspace publication stays an infrastructure task for a production deployment.