In an article we recently published in IT Nation, PwC data experts explored Luxembourg’s ambition under Accelerating digital sovereignty 2030, a national push to strengthen capabilities in data, AI. The direction is clear: digital sovereignty requires control, trust, and value creation from data.
But strategy alone does not create impact. It sets intent, not execution. Data must be governed so it can be protected, used, and, where appropriate, shared or reused under clear conditions. However, the real challenge is not data availability, but the ability to reuse data in a trusted and efficient way. When data can be reused, its value increases over time. A single dataset can support different business decisions, serve multiple teams, and enable new use cases or digital products. Each new reuse builds the previous one, creating a compounding return on the original data investment.
This is the practical promise of the FAIR principles: making data Findable, Accessible, Interoperable, and Reusable. In Luxembourg, FAIR is explicitly recognised in the context of facilitating access to and re-use of public sector data, giving data reuse a clear strategic and measurable dimension. In an enterprise context, however, FAIR should not be confused with openness. It means that even sensitive or regulated data can be made more findable, understandable, and reusable, as long as access rules, purpose limitations, confidentiality requirements, and governance controls are explicit.
What FAIR really means in a company
In large organisations, FAIR can sound abstract. In practice, it is a disciplined way to make data easier to find, understand, and reuse safely. FAIR does not mean open access, and it does not mean that all data should be freely shared. It is about managed reuse, not unrestricted sharing.
That distinction matters. In Luxembourg’s public strategy, FAIR is primarily tied to the access and re-use of public sector data. In a company, the picture is broader and more nuanced. Public or open data, internal enterprise data, and sensitive client or third-party data cannot be handled in the same way. The value of FAIR in an enterprise context is not openness by default, but clarity by design: making data more discoverable, better documented, and reusable under explicit rules. Even regulated or confidential data can become “more FAIR”, provided that access rights, purpose limitations, confidentiality obligations, and governance controls are clearly defined.
Findable means that people can discover existing data and quickly understand what it is. This requires clear descriptions, business definitions, and metadata that explain where the data comes from and how it is used.
Accessible means that data can be accessed through clear, well-defined rules. Instead of relying on informal requests or manual approvals, access is organised, transparent, and consistent.
Interoperable means that data uses common formats and shared definitions. This allows data from different systems or teams to work together without confusion or rework.
Reusable does not mean freely reusable. It means that data can be used again under clear, controlled, and legitimate conditions. Usage rights are explicit, data quality is understood, lineage is documented, and responsibilities are assigned. In the private sector, reuse may be restricted by consent, confidentiality requirements, professional secrecy, legal constraints, or contractual obligations. FAIR, in this sense, is about building the guardrails that make data reusable where appropriate and protected where necessary.
Why reuse fails in real life
- “Which number is correct?”
Data reuse often fails not because of technology, but because of semantic inconsistency. The same metric can have multiple valid definitions depending on context. For example, “end of a client relationship” may mean contractual termination for Legal, assignment completion for Business, or settlement of outstanding payments for Finance. All are correct within their context, but without standardised definitions, reuse leads to misinterpretation and inconsistent reporting.
Even when definitions are aligned, KPI drift occurs as businesses evolve while documentation and communication lag behind. The metric keeps the same name but no longer measures the same thing. Therefore, teams hesitate to use a dataset if they are unsure which definition or KPI applies.
- “Can I use this dataset for X?”
Regulatory uncertainty is another major obstacle.
Let us take an example.
A Business Analytics team in an organisation is developing a model to detect suspicious transaction patterns that could indicate fraud. They identify an existing data set containing historical client transaction data that could potentially improve the accuracy of the model. What are the questions that are raised at once.
- Where can i find the legal basis for the data collected?
- What was the original purpose of the data collected and is it aligned with the purpose limitation principle?
- If the new purpose is not aligned with the original purpose, what is the process for obtaining approval for reuse of data?
- Are there any safeguards to be taken while reusing the data? Like data deidentification, permission restrictions etc?
Legal basis, purpose limitation, retention periods, reuse conditions, and required safeguards are typically documented in compliance registers but rarely linked directly to datasets.
When these constraints are not operationalised and visible at the point of use, teams default to risk avoidance, choosing not to reuse data at all.
Risk avoidance, in turn, becomes the enemy of data reuse.
- “I can’t find it / I don’t trust it”
In today’s highly data-driven organisations, the challenge is rarely unavailability of data, but data overload combined with poor inventorisation. Teams often spend more time searching for data than using it. Data catalogues are supposed to solve this problem but may cause new frustrations.
Why?
Outdated or incomplete catalogs, missing metadata, translation gap between business terminology and IT terminology. When metadata or lineage is missing, datasets remain isolated within teams, hence making data not easy to discover.
- “Why should I trust this data?” Who is the owner of this data? What is the data quality score?”
Trust is a fundamental condition for data reuse, yet it quickly erodes in the absence of clear ownership and documented data lineage. Due to discoverability and trust issues, teams often rebuild it from scratch rather than reuse existing assets. Even worse, Data reuse often fails because access takes weeks, making governance feel like a bottleneck rather than an enabler. Multiple approvals and unclear workflows create delays and frustration.
The governance guardrails that make reuse scalable
FAIR principles can quickly run into practical pitfalls. A dataset may be easy to find but impossible to interpret because definitions are unclear. It may be technically accessible but impossible to reuse because legal conditions, confidentiality constraints, or ownership are not explicit. In both cases, the promise of reuse breaks down because trust and clarity are missing.
If data reuse is to scale, governance cannot act as a brake pedal. It must function as guardrails on a highway: keeping the organisation safe while allowing it to move faster. The goal is enablement: fast, controlled, and confident reuse. The following guardrails create the conditions for sustainable, FAIR-aligned data reuse.
Guardrail 1: Accountability that worksScalable reuse starts with clear, operational accountability — not vague collective ownership. Three roles must be explicit:
- Data Owner: prioritise fixes, approve definitions, arbitrate trade-offs, and formally accept residual risk when imperfections remain
- Data Steward: ensures quality, definitions, and semantic consistency
- Data Custodian: manages the technical platform and controls
Without real decision rights and escalation paths, governance becomes symbolic, and reuse stalls in uncertainty.
Guardrail 2: Metadata as the user manual (FAIR’s backbone)
Data cannot be reused if it is not understood. Metadata is the backbone of FAIR, the mechanism that makes data findable, accessible, interoperable, and reusable.
Every reusable dataset needs a “passport” that includes:
- Business meaning and definitions
- Sensitivity and classification
- Allowed and prohibited uses
- Refresh rate and timeliness
- Data Owner and contact point
Crucially, metadata must be treated like a product, continuously maintained and versioned, not as a one-off documentation sprint during a governance initiative. When metadata is alive, reuse becomes self-service. When it decays, trust disappears.
Guardrail 3: Quality as fitness-for-use (not perfection)
Perfect data does not exist. And waiting for perfection kills reuse. Instead, quality must be defined as fitness for use. “Good enough” depends on context: a strategic KPI, a regulatory report, and an exploratory AI model do not require the same thresholds. Quality guardrails therefore combine:
- Explicit quality criteria per use case
- Continuous automated controls
- Transparent issue management
- Clear ownership for remediation
This shifts the mindset from “zero defects” to “controlled reliability,” enabling faster, responsible consumption.
Guardrail 4: Traceability and lineage
Trust depends on transparency. Reusers must know:
- Where the data originates
- How it has been transformed
- What downstream processes depend on it
Lineage is not just technical plumbing; it is the foundation of auditability, regulatory confidence, and AI readiness. When transformations are traceable and impacts are visible, change becomes safer and reuse becomes scalable.
Without lineage, reuse introduces invisible risk. With it, organisations gain explainability and control.
Guardrail 5: Access that is policy-driven, not ticket-driven
Manual access approvals do not scale. Instead, access must be driven by classification and predefined policies.
This means:
- Clear data classification standards
- Standard access patterns linked to roles
- Pre-approved data products for common use cases
When access rules are codified and automated, time-to-access decreases while compliance certainly increases. The organisation moves from reactive gatekeeping to predictable enablement.
Guardrail 6: Reuse rules (legal/ethical/contractual) that are explicit
Finally, scalable reuse requires clear legal, ethical, and contractual boundaries made operational.
This includes:
- Explicit purpose limitations, especially where data may only be reused for specific, legitimate purposes
- A clear lawful basis for reuse where personal data is involved, including consent where applicable
- Retention and minimisation rules, so only the necessary data is kept and used
- Contractual commitments linked to third-party data, including restrictions on access, reuse, transfer, or downstream processing
- And data contracts or equivalent usage rules that define what is allowed, prohibited, and monitored
These rules should be understandable and embedded into workflows, not buried in legal documents. Clarity reduces hesitation. Explicit reuse conditions give teams confidence to innovate without crossing invisible lines.
Together, these guardrails transform governance from a control framework into an acceleration mechanism. They make reuse predictable, trusted, and scalable — the essential foundation of a truly FAIR future.
Conclusion
The demand for data reuse is accelerating. For instance, machine learning models require vast volumes of diverse, well-documented, and interoperable data to generate reliable outcomes. At the same time, machine learning magnifies the consequences of poor-quality data: hidden bias, large-scale errors, and automated decisions that are difficult to explain or audit. Weak governance does not stay local; it scales with the model.
Strong governance guardrails such as clear policies, traceability, access controls, and alignment with FAIR principles are no longer optional. They are essential infrastructures. The conclusion is simple: FAIR governance guardrails are how you scale data reuse without scaling chaos.
What we think
Governance can be designed and enforced, but trust cannot; it must be earned through consistent, transparent reuse. That’s why FAIR governance guardrails are how you scale reuse without scaling chaos.
Data reuse doesn’t fail because data is missing; it fails because context, trust, and governance are.
