← Back to all briefings
Data Strategy 5 min read Published Updated Credibility 86/100

Data Strategy Briefing — May 20, 2023

G7 leaders adopted the Hiroshima DFFT roadmap, launching an institutional partnership, pilots, and shared standards to enable trusted cross-border data flows.

Zeph Tech Research Lead

Research lead, Zeph Tech

Timeline plotting source publication cadence sized by credibility.
5 publication timestamps supporting this briefing. Source data (JSON)

Executive briefing: G7 leaders endorsed the Hiroshima Roadmap for Data Free Flow with Trust (DFFT) on 20 May 2023, launching a multi-year plan to operationalise cross-border data governance through shared principles, pilot projects, and an Institutional Arrangement for Partnership (IAP) that brings together governments, industry, and civil society. The roadmap aims to unlock economic and societal benefits from data sharing while preserving privacy, security, and human rights, signalling converging expectations for interoperability among data protection and digital trade regimes across the G7 and partner economies.

DFFT builds on Japan’s 2019 G20 initiative, seeking to reconcile open data flows with trust-enabling safeguards. The roadmap outlines priority sectors—including health, climate, manufacturing, and supply chains—where data exchange can drive innovation and resilience, and sets immediate actions to develop common standards, legal mappings, and technical architectures to enable responsible data use. The Institutional Arrangement for Partnership on DFFT (IAPDFFT) will serve as a coordination hub to catalogue best practices, support pilot projects, and facilitate cooperation with international organisations such as the OECD and WTO.

Capability implications

Enterprises should anticipate new requirements across four capability domains:

  • Cross-border compliance mapping. Organisations will need to map legal requirements across jurisdictions, leveraging shared taxonomies and interoperability tools promoted by the roadmap.
  • Trusted data spaces. The roadmap encourages creation of sector-specific data spaces with standardised governance, identity management, and consent frameworks, demanding investment in federated architectures.
  • Security and trust technologies. Adoption of privacy-enhancing technologies (PETs), secure data processing, and audit mechanisms will be critical to meet DFFT assurance expectations.
  • Transparency and accountability. Organisations must provide clear information about data handling, cross-border transfers, and trust safeguards, aligning with principles of lawfulness, fairness, and human-centric governance.

Principles and trust anchors

The roadmap reiterates key trust anchors: the rule of law, democratic values, respect for human rights, protection of personal data, and security-by-design. It calls for interoperability between privacy frameworks, safeguards for government access to data, and mechanisms for redress when data is misused.

Leaders emphasised transparency about data handling, including requirements for clear accountability chains, risk assessments, and independent oversight. The roadmap also highlights the role of certification and assurance schemes to build trust among businesses and consumers.

Implementation roadmap

To align with the Hiroshima DFFT roadmap, enterprises should mobilise programmes across policy, technology, and operations:

  • Policy harmonisation. Conduct gap analyses of privacy, cybersecurity, consumer protection, and digital trade obligations across G7 markets. Develop cross-border data transfer matrices highlighting lawful bases, adequacy decisions, contractual clauses, and certification schemes.
  • Participation in DFFT pilots. Identify relevant sector pilots—such as climate data exchanges or secure supply-chain platforms—and nominate business leads to contribute use cases, data requirements, and governance insights.
  • Technical enablement. Invest in interoperability layers (APIs, metadata standards, semantic vocabularies) that align with International Data Spaces Association (IDSA) models and other open standards referenced by the roadmap. Deploy PETs like homomorphic encryption, secure multiparty computation, and differential privacy where appropriate.
  • Governance frameworks. Update data governance charters to incorporate DFFT principles, including accountability for international transfers, risk assessments, and stakeholder consultation. Embed oversight for the IAP’s guidelines within data ethics committees.
  • Measurement systems. Implement dashboards tracking cross-border data flows, compliance status, and trust metrics (such as consent coverage and access control effectiveness) to demonstrate alignment.

Institutional Arrangement for Partnership (IAPDFFT)

The IAPDFFT will act as a multi-stakeholder platform cataloguing best practices, mapping legal requirements, and supporting interoperability toolkits. It will convene working groups on policy interoperability, trusted technical infrastructures, and data lifecycle management.

Members are expected to contribute resources, share pilot outcomes, and collaborate on common building blocks such as semantic vocabularies, assurance frameworks, and model contractual clauses. The arrangement is open to partners beyond the G7, enabling global participation from like-minded economies.

Responsible governance

DFFT requires leadership commitment to trusted data stewardship:

  • Board oversight. Boards should integrate DFFT milestones into enterprise data strategy, ensuring investments in interoperability, privacy, and security align with growth objectives.
  • Policy advocacy. Engage with the IAP and national digital policy bodies to share industry perspectives, influence pilot scope, and stay ahead of emerging guidelines.
  • Stakeholder engagement. Maintain transparent communications with customers, partners, and regulators about cross-border data use, including rights management and redress mechanisms.
  • Ethical safeguards. Incorporate human rights impact assessments for data sharing initiatives, especially those involving vulnerable populations or high-risk processing.

Sector playbooks

  • Healthcare and life sciences. Participate in health data pilot projects focusing on privacy-preserving research, cross-border clinical trials, and pandemic preparedness. Align with existing frameworks such as the Global Health Data Governance Principles.
  • Climate and energy. Support data exchanges for emissions monitoring, renewable integration, and climate risk modelling, ensuring alignment with sustainability reporting frameworks and Just Energy Transition goals.
  • Manufacturing and supply chains. Implement secure data sharing for digital twins, quality assurance, and logistics visibility across borders, integrating cybersecurity standards and contractual controls.
  • Financial services. Coordinate DFFT work with cross-border payments modernisation, open banking, and anti-financial crime initiatives, balancing data portability with regulatory compliance.

Opportunities and ecosystem development

The roadmap encourages industry consortia to build interoperable data ecosystems that support SMEs, research institutions, and public services. Use cases cited include climate risk modelling, cross-border health data analytics, digital trade facilitation, and secure manufacturing collaboration, all of which require robust governance and technical standards.

G7 members plan to leverage public procurement, international development assistance, and capacity-building programmes to scale trusted data practices globally, creating opportunities for technology vendors offering compliance, security, and interoperability solutions.

Measurement and assurance

Develop metrics to monitor progress and evidence trust:

  • Data transfer inventory coverage. Track percentage of cross-border data flows catalogued with lawful bases and safeguards.
  • Trust technology adoption. Measure deployment of PETs, encryption, and access controls that align with roadmap principles.
  • Pilot participation outcomes. Record contributions to DFFT pilots, including datasets shared, interoperability tests conducted, and lessons learned.
  • Compliance performance. Monitor audit results, regulator feedback, and remediation timelines for cross-border data operations.
  • Stakeholder trust indicators. Survey partners and customers on confidence in data handling and transparency, integrating feedback into governance cycles.

Timeline and next steps

The roadmap outlines immediate actions through 2023, including establishing the IAP, identifying pilot projects, and mapping legal interoperability. By 2024–2025, the G7 aims to deliver practical tools, model contracts, and interoperable certification schemes. Enterprises should create multi-year plans aligned to these milestones, ensuring funding and resources are allocated for iterative compliance.

Monitoring outcomes from G7 digital ministerial meetings, OECD workstreams, and WTO e-commerce negotiations will be essential, as these forums will refine DFFT principles and could introduce binding commitments or reference implementations.

Zeph Tech helps organisations operationalise DFFT by unifying cross-border data governance, interoperability tooling, and stakeholder engagement aligned to the Hiroshima roadmap.

Timeline plotting source publication cadence sized by credibility.
5 publication timestamps supporting this briefing. Source data (JSON)
Horizontal bar chart of credibility scores per cited source.
Credibility scores for every source cited in this briefing. Source data (JSON)

Related briefings

Curated signals from the same pillar or overlapping topics.

Continue in the Data Strategy pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • Data governance
  • International policy
  • Digital trade
Back to curated briefings