Data is everywhere, but trusted data that can be shared, governed, valued, and commercialised is still surprisingly hard to achieve. Organisations collect vast volumes of information, yet many struggle to move beyond siloed systems, unclear ownership, and risk-heavy sharing arrangements. The result is a familiar pattern: data stays “valuable in theory” while teams remain stuck in compliance-only thinking.
The Isle of Man is aiming to change that dynamic by introducing a clear statutory route to treat data as a legally governed asset. By passing the Foundations (Amendment) Bill 2025 to create Data Asset Foundations (DAFs), the Island has put a formal legal wrapper around how data can be pooled, controlled, licensed, tokenised, audited, and used commercially within a trusted governance framework.
If executed well, this is more than a new legal structure. It is a platform for building an ecosystem where data can be deployed confidently across high-value, regulated sectors such as fintech, healthcare, AI, and iGaming, without weakening privacy and security expectations. In fact, privacy and security are positioned as core enablers of long-term trust and scalability through GDPR-equivalent standards, purpose limitation, and robust access controls.
What is a Data Asset Foundation (DAF) in plain terms?
A Data Asset Foundation is a statutory foundation structure designed to hold and govern data as an asset in its own right. Instead of data being treated as an informal byproduct of operations (and therefore difficult to share or monetise safely), a DAF is designed to make data:
- Ownable and governable with clear decision rights
- Auditable with traceability around access and use
- Commercially usable through licensing and structured permissions
- Collaborative so multiple parties can contribute without losing control
- Trustworthy because privacy and security rules are embedded into the operating model
Think of a DAF as a legal and governance “container” that can bring together datasets, rules, roles, and permissions so organisations can unlock value while maintaining confidence and accountability.
Why the Isle of Man’s DAF framework matters globally
Across most jurisdictions, the commercial use of data is often limited by a familiar set of friction points:
- Unclear ownership and decision-making authority over datasets
- Complex contractual frameworks that are costly to negotiate and maintain
- Privacy and confidentiality risks that scale faster than benefits
- Limited auditability, making it difficult to prove compliant use
- Low trust between parties, especially in regulated markets
The Isle of Man’s approach is significant because it aims to replace ad-hoc, contract-only models with a statutory governance framework. That statutory backing can increase confidence for organisations that need dependable controls before they will share, licence, or operationalise high-value data.
In a world where competitive advantage increasingly depends on high-quality, well-governed proprietary data (especially for AI development and regulated analytics), the ability to create a trusted legal structure for data is a compelling differentiator.
Core capabilities unlocked by DAFs
The DAF framework is designed to make a wider range of data strategies practical, including secure pooling, licensing, tokenisation, collateralisation, and (where appropriate) balance-sheet recognition. The commercial point is not that “all data becomes an asset overnight,” but that organisations can finally create clear pathways to treat data with the same seriousness as other strategic assets.
| Capability | What it enables | Why it matters |
|---|---|---|
| Secure data pooling | Multiple parties contribute datasets into one governed structure | Enables collaboration without each party surrendering control or duplicating governance |
| Licensing and permissions | Structured access rights, conditions, and usage scopes | Turns “data sharing” into a repeatable commercial product with enforceable rules |
| Tokenisation and permissioning | Data access can be represented and managed through controlled tokens or permissions | Supports scalable, auditable access models while reducing uncontrolled distribution |
| Use as collateral | Potential to support financing structures where data assets are part of the security package | Creates new capital pathways for data-rich businesses (subject to legal and lender requirements) |
| Balance-sheet recognition | Potential recognition and valuation frameworks where accounting rules allow | Signals maturity in how data is governed and measured (subject to applicable accounting standards) |
| Auditability and accountability | Clear governance roles, oversight mechanisms, and traceability | Builds trust with regulators, partners, customers, and internal risk teams |
Privacy and security are not a bolt-on: they are the growth engine
One of the most commercially important aspects of the Isle of Man’s DAF framework is that it does not treat privacy as an afterthought. The design intent is to embed GDPR-equivalent privacy and security standards into how DAFs operate so that organisations can innovate without eroding trust.
In practical terms, this means a DAF should be built around:
- Access controls (who can access what, when, and under what conditions)
- Purpose limitation (data is used for defined, legitimate purposes rather than open-ended reuse)
- Robust governance (roles, oversight, decision rights, and accountability)
- Security-by-design (controls that match the sensitivity and risk profile of the datasets)
- Audit trails (demonstrable records of access and permitted use)
This matters because the strongest commercial data models are built on trust. When participants believe that the rules are enforceable and transparent, they are more willing to contribute valuable datasets, adopt shared infrastructure, and commit to long-term partnerships.
Clear legal ownership and governance: the missing layer in many data strategies
Even sophisticated organisations often struggle with a deceptively basic question: Who is actually authorised to decide how this dataset is used? Within a typical enterprise, responsibility is fragmented across IT, legal, compliance, product, and business leadership. Across multiple organisations, it becomes even more complex.
DAFs are positioned to reduce that complexity by establishing:
- A legally defined structure for holding and managing data rights
- Governance processes for approving use cases and access
- Separation between the originating business and the ongoing governance of the dataset
- More consistent decision-making across contributors and users
For many companies, that is the difference between data being “available” and data being usable at scale.
High-impact use cases across fintech, healthcare, AI, and iGaming
The Isle of Man already has a reputation as a well-regulated digital jurisdiction across sectors such as iGaming and fintech. DAFs build on that by providing a clear structure for data-heavy, compliance-sensitive use cases where trust, auditability, and controlled sharing are essential.
1) Fintech: faster innovation with controlled data collaboration
Fintech businesses often need to collaborate across banks, payment providers, identity services, and fraud systems. The challenge is that risk and compliance requirements can slow collaboration to a crawl.
DAFs can support fintech innovation by enabling:
- Shared datasets for fraud detection and risk analytics with defined usage boundaries
- Controlled data access for regulated partners and service providers
- Audit-ready governance that helps satisfy internal and external scrutiny
The benefit is not only speed. It is the ability to scale partnerships confidently without renegotiating core controls every time a new participant joins.
2) Healthcare: enabling research and analytics while protecting patient rights
Healthcare data is among the most sensitive. Yet it is also among the most valuable for outcomes improvement, operational efficiency, and research. Real progress depends on ensuring that privacy, consent, and lawful use are handled rigorously.
DAFs can be relevant for:
- Data collaboration between clinical providers, researchers, and technology partners
- Governance models that define approved purposes and restrict misuse
- Privacy-preserving approaches such as anonymisation and permissioned access
The potential upside is a safer pathway to accelerate insights and innovation while maintaining the protections people expect.
3) AI development: raising the standard for training data governance
AI performance often depends on unique, high-quality datasets. But the market is increasingly sensitive to how training data is sourced, governed, and used, especially as expectations around AI ethics evolve.
DAFs can support AI initiatives by making it easier to demonstrate:
- Clear provenance and governance of training datasets
- Purpose-defined usage and access restrictions
- Accountability structures for data stewardship and risk management
That creates a competitive advantage: teams can build and deploy AI with greater confidence that their data foundation is defensible, auditable, and built for long-term trust.
4) iGaming: leveraging a regulated heritage to scale compliant data models
iGaming operators and suppliers rely on data for player protection, fraud prevention, responsible gambling interventions, and operational optimisation. They also operate under high scrutiny where controls and evidence matter.
DAFs can enable:
- Structured sharing of risk signals across approved participants
- Improved governance around sensitive player-related datasets
- More consistent auditability, helping demonstrate responsible practices
When done well, this supports both commercial performance and trust-building outcomes in a sector where credibility is a differentiator.
From “big data” to “usable data”: why governance is now the advantage
The modern data conversation is shifting. Organisations are realising that simply collecting more data does not automatically create value. What creates value is the ability to make data usable in real time, safely and consistently, across teams and partners.
DAFs align well with this shift because they are designed to make data:
- Actionable through structured access and permitted use
- Repeatable through consistent governance patterns
- Composable so datasets can be combined under agreed rules
- Commercial so licensing and monetisation are operational realities, not one-off deals
For leadership teams, the strategic message is clear: the next era is not won by those who store the most data, but by those who govern and operationalise it best.
What will determine success: proving real-world DAF adoption
Passing legislation is a powerful start, but the biggest wins come from execution. The Isle of Man’s opportunity now is to turn DAFs into visible, repeatable success stories that demonstrate why the framework is not only novel, but practical.
High-impact adoption typically depends on early examples that prove:
- Time-to-value: foundations can be set up and used without excessive delay
- Commercial clarity: licensing and collaboration models are understandable and enforceable
- Risk confidence: governance, privacy, and security reduce risk rather than shifting it
- Operational usability: real teams can integrate the model into workflows and systems
- Audit readiness: organisations can evidence compliance and permitted usage
Once those early use cases are running, they become credible references that help attract more participants, more service providers, and more international attention.
Building the DAF ecosystem: the services that make the model scalable
DAFs are as much an ecosystem play as a legal one. For the model to scale, organisations need access to specialised support across law, corporate services, security, and technology implementation.
Key ecosystem components
- Legal and governance expertise to structure foundations, define rights and obligations, and maintain compliant operating models
- Corporate and fiduciary services to administer foundations, handle oversight processes, and ensure governance does not degrade over time
- Cybersecurity capability to implement security controls, monitoring, incident response, and assurance aligned to data sensitivity
- Data engineering and platform tooling to enable permissioning, tokenisation approaches, secure access, and audit logging
- Privacy and data protection leadership to embed purpose limitation, privacy-by-design, and data subject safeguards into day-to-day operations
The commercial upside of a strong ecosystem is momentum: when set-up and operation become “known patterns,” organisations can adopt faster, with fewer unknowns.
Maintaining global trust: adequacy status and cross-border confidence
DAFs are designed to support global-facing business models, which makes international confidence essential. A core element of that confidence is maintaining strong alignment with GDPR-equivalent standards and preserving the conditions that support cross-border data flows.
From a business perspective, the practical benefits of international trust include:
- More straightforward partnerships with organisations operating under GDPR-like requirements
- Greater confidence from boards and risk committees that cross-border use is defensible
- Reduced friction for multinational adoption, especially in regulated sectors
For the Isle of Man, the opportunity is to reinforce its reputation as a jurisdiction where innovation is welcome because governance is strong, not despite it.
Aligning with evolving AI and data-ethics standards
As AI accelerates, expectations around transparency, fairness, explainability, and responsible data use are evolving quickly. While legal compliance remains essential, market trust increasingly depends on whether organisations can demonstrate principled and well-controlled data practices.
DAFs can support this direction by providing a structure that makes it easier to implement and evidence:
- Data provenance (where data came from and under what rights)
- Defined permitted uses (what the data can and cannot be used for)
- Governance oversight (who approves new uses and monitors ongoing use)
- Auditability (proof that usage matched the approved purposes)
That alignment is commercially valuable: it can lower adoption barriers for enterprise buyers and regulated partners who need assurance before they engage.
The biggest mindset shift: from compliance-only to strategic data governance
Many organisations treat data governance as a defensive function. The goal is often to avoid regulatory problems, pass audits, and reduce exposure. That is necessary, but it is not sufficient to compete in a data economy.
The Isle of Man’s DAF framework signals a more ambitious model: governance as a value-creating capability. When governance is designed as an enabler, organisations can:
- Move faster because rules and decision rights are already defined
- Collaborate more confidently because auditability and controls are built in
- Create new revenue lines through licensing or data products
- Support better AI outcomes with trusted, high-quality datasets
- Increase enterprise value by turning data into a managed, measurable asset
This is where DAFs can become a genuine competitive advantage: they provide a structure to turn “data potential” into operational reality.
A practical roadmap for organisations exploring DAFs
If you are assessing whether a DAF could support your data strategy, a pragmatic approach is to start with a specific, high-value use case and build the governance and controls around it.
Step-by-step starting points
- Identify a dataset with clear demand (internal or external) and a defined value driver such as risk reduction, new product capability, or licensing potential.
- Define permitted purposes with precision, including what is explicitly out of scope.
- Map contributors and users, including who supplies data, who consumes it, and who approves changes.
- Design the governance model: roles, oversight processes, escalation, and review cycles.
- Implement access controls and security proportionate to sensitivity, including logging and monitoring.
- Plan auditability from day one so reporting and assurance are not retrofitted later.
- Measure outcomes using metrics that connect governance to value (time-to-access, reduction in duplication, licensing revenue, improved model performance, fewer incidents).
By focusing on one strong use case first, organisations can build confidence, establish repeatable patterns, and expand to wider datasets over time.
What the Isle of Man is really building: a trusted marketplace for governed data
DAFs can be understood as an effort to create the conditions for a data economy where:
- Data can be shared and monetised without collapsing into uncontrolled distribution
- Privacy and security standards are seen as accelerators of adoption
- Legal clarity reduces friction and speeds up collaboration
- Auditability supports regulated and high-trust markets
- Organisations can move from isolated datasets to strategically governed data assets
The Isle of Man’s opportunity is to become a jurisdiction of choice for data-rich and data-driven organisations that need more than general guidance. They need a clear, statutory, operational framework that supports commercial outcomes while safeguarding rights and trust.
Conclusion: DAFs can make governed data a competitive advantage
The Foundations (Amendment) Bill 2025 and the introduction of data asset foundations represent a meaningful evolution in how data can be treated: not merely as information to be protected, but as a legally governed asset that can be pooled, licensed, tokenised, audited, and deployed commercially under strong standards.
The biggest benefits are straightforward and powerful: clearer ownership, stronger governance, better auditability, and more credible commercial pathways for high-value sectors like fintech, healthcare, AI, and iGaming. With GDPR-equivalent privacy and security expectations embedded into the framework, the model is designed to scale trust alongside innovation.
The next chapter is execution: proving real-world use cases, growing a capable ecosystem of specialist providers, maintaining international confidence for cross-border data flows, and helping organisations shift from compliance-only thinking to strategic, value-creating data governance. If those pieces come together, the Isle of Man will not just have introduced new legislation. It will have built one of the clearest practical launchpads for the emerging global data economy.
