Nov. 30, 2021


🎤Legal Focus : Compliance Ex Ante, in 📅Toward Automated Compliance in the Data Economy

by Marie-Anne Frison-Roche

â–ş Full Reference: Frison-Roche, M.-A., Legal Focus: Compliance Ex Ante, in GAIA-X, Toward Automated Compliance in the Data Economy , November 30,  2021, online



Read the program.

Listen to the intervention.


Intervention Summary: Compliance Law has two senses and GAIA-X is a perfect illustration. Firstly, to respect rules and show in Ex Ante permanently this respect (procedural definition) ; secondly, to pretend certain specific "Monumental Goals" (substantial definition).

In this second sens, Compliance Law is very different from Competition Law: it required in Ex Ante collaboration, transparency, stability to reach these Monumental Goals around the respect and protection of Humans, while Competition Law is based on fighting,  mobility and trade without obligation Ex Ante, just sanction Ex Post if a prohibitive behavior occurs. 

GAIA-X is based on Compliance Law, established for the purpose of a European Data Industry, a Monumental Goal linked to the Sovereignty and people's protection: it must structurally oblige its members to collabore for this goals, notably through its policy rules (first sens). 

It is also a part and subject of the European Union Law. In the sense, its members must obey European Regulatory system (second sens).

The both are narrowly linked because the European legal system has the same purpose of sovereignty, internalization of goals in enterprises and individuals' protection: GDPR, Cybersecurity, Digital Services Regulation, etc. : members must show permanently they do it actively.

Because the purposes of GAIA-X and the purpose of the European Union Law are now the same in the Compliance Law the respect of letter's Law but also the respect of spirit's Law matters.

Both are Ex Ante. Therefore, Compliance by design, which is also Ex Ante, is adequate.


Automated Compliance (and automated Certification) are tools to obey and reach the Monumental Goal.

GDPR has specific dispositions (articles 24 and 42) about them, but more generally the efficiency these tools are validated by Regulatory Body, and Courts notably through the design of Smart Contrats. 

It could be prudent to put in adition some human Compliance control because, by definition, an Automated Compliance is just the technological transposition (second level) of legal norme (first level) and cannot create new normes. 

This is why the more important in this conception in Ex Ante of Compliance by this marriage between Law and Technology is to keep in mind not only the letters put in the algorithms but only the spirit of Compliance Law.



Go back to the previous intervention about Compliance Law as an adequate branch of Law for GAIA-X (November 2020)

comments are disabled for this article