Beyond the Law - Part 5
Data-to-Mandate Bridges: ABS/PABS & Sectoral Data Trusts
Governments and international treaties are building systems that decide who gets access to what data — from genetic information and health records to environmental and economic statistics. These rules, commonly referred to as ‘access-and-benefit-sharing’ or ‘data spaces’, decide not just who can see the data but also what kinds of research, models, and policies can exist at all.
Think of it like this: without access to the raw numbers, you can’t check whether a report is true, you can’t build risk models for banks, you can’t issue credentials tied to compliance, and you can’t audit whether policies are working. No data, no oversight.
This is what we mean by epistemic control — control over knowledge itself. Earlier systems of governance managed outcomes: who gets certified, who gets funded, who gets to participate, who gets punished. Data governance goes deeper. It controls the inputs — what can even be seen and measured. Whoever controls the data decides what’s real enough to be acted on.
The Foundational Layer: Enabling and Constraining All Other Rails
The previous four rails demonstrated sophisticated enforcement mechanisms, but each depends on a fundamental assumption: that underlying data is accessible for verification, modelling, and analysis. Data governance removes this assumption, revealing how it enables and constrains every other enforcement mechanism:
Accreditation depends on data access: The ‘trust of trust’ layer requires access to performance data, audit evidence, and benchmarking information. Control who can access this data, and you control whose verification systems can even function.
Liquidity mechanisms depend on data access: Risk models, stress tests, and disclosure templates require economic, environmental, and social data. Control data access, and you control what risks can be modelled and therefore what gets financed.
Credential systems depend on data access: Digital identity verification requires access to health records, educational data, and compliance histories. Control data access, and you control whose credentials can be verified and updated.
Audit processes depend on data access: Legal liability requires evidence bases for due diligence assessments. Control data access, and you control what can be audited and therefore who can be held liable.
This isn't just another enforcement rail — it's the foundational layer that determines whether the other rails can operate at all. The ultimate form of control is making resistance impossible not through punishment, but through ignorance.
The Architecture of Data Sovereignty
From Nagoya to Digital Colonialism
The Convention on Biological Diversity's Nagoya Protocol1 (2010) established the principle that genetic resources and associated traditional knowledge belong to the countries and communities where they originate2. Any commercial or research use requires prior informed consent and benefit-sharing agreements.
Initially focused on physical genetic material — plants, animals, microorganisms — the protocol's logic has expanded dramatically into digital genetic data, environmental monitoring information, and broader datasets deemed sovereign resources by states.
Digital Sequence Information3 (DSI): The latest CBD negotiations extend Nagoya principles to genetic sequence data stored in digital databases4. This means that climate research using genetic data from biodiversity hotspots, pharmaceutical research using digitised traditional knowledge, or agricultural research using crop genetic databases all become subject to access and benefit-sharing requirements5.
People and Benefit Sharing6 (PABS): Emerging frameworks extend these principles beyond genetic resources to encompass health data, environmental monitoring, social and economic data generated within sovereign territories. The logic: if data about people, environments, and resources originates within a jurisdiction, that jurisdiction has sovereign rights over its use.
State-Blessed Data Spaces
Parallel to international treaty frameworks, individual states and regions are creating ‘data spaces’ — controlled access frameworks that determine who may process which data for which purposes.
European Data Spaces7: The EU's data governance framework creates sectoral data spaces for health, environment, agriculture, and mobility. Participation requires compliance with European values, democratic principles, and regulatory frameworks. Non-EU entities face restricted access regardless of technical capability.
China's Data Security Law8: Classifies data by importance levels and restricts cross-border transfer of ‘important data’ and ‘core data’. Foreign research institutions cannot access Chinese environmental, health, or economic datasets without explicit approval and benefit-sharing arrangements.
India's Data Protection Framework9: Requires ‘critical personal data’ to be processed only within India. Health research, environmental monitoring, and social science research using Indian data must involve Indian institutions and share benefits with Indian communities.
Indigenous Data Sovereignty
Indigenous communities worldwide are asserting sovereignty over data collected within their territories or about their communities, regardless of who collected it or where it's stored10.
CARE Principles11: Collective Benefit, Authority to Control, Responsibility, and Ethics frameworks require indigenous consent for any research using data from indigenous territories or communities12. This applies to climate data, biodiversity monitoring, health research, and social science data.
Indigenous Data Governance13: Tribal governments and indigenous organisations are establishing their own data governance frameworks that can override national or international research permissions. Researchers may have government approval but still be denied access by indigenous data authorities14.
The Control Chain: Making Alternative Models Impossible
The enforcement logic operates at the foundational level of knowledge production:
Surveillance/Data Collection → Licensed Access → Model Monopoly → Policy Captivity
Stage 1: Data as Sovereign Resource
Environmental monitoring, health surveillance, genetic sampling, and economic data collection now occur under explicit sovereignty frameworks. Data becomes a national resource controlled through licensing regimes, not a public good accessible for research15.
Stage 2: Licensed Access Creates Research Apartheid
Only entities that comply with sovereignty frameworks, sign benefit-sharing agreements, and accept usage restrictions can access critical datasets. This creates participation gates that exclude non-compliant researchers regardless of technical competence, fragmenting global knowledge production16.
Stage 3: Model Monopoly Through Data Exclusion
Climate models requiring genetic diversity data from multiple countries cannot be developed by researchers excluded from any jurisdiction's data. Health models using restricted datasets become the exclusive domain of approved institutions. The result: competing analytical frameworks become impossible to develop17.
Stage 4: Policy Captivity Through Model Dependency
When international bodies cite models that depend on restricted data, they embed data sovereignty requirements into global policy frameworks. Policies become impossible to verify, challenge, or improve without access controlled by sovereignty frameworks. Non-participants cannot even run the models that policy cites, making meaningful opposition impossible18.
Case Studies: Epistemic Control in Action
Climate Modelling: Making Opposition Impossible
The IPCC's latest climate models incorporate biodiversity data subject to Nagoya Protocol restrictions and indigenous data sovereignty frameworks. Critical genetic sequence information, traditional ecological knowledge, and environmental monitoring data require complex access agreements across dozens of jurisdictions.
The result: only a handful of research institutions with the diplomatic resources to navigate global data sovereignty requirements can develop comprehensive climate models. Independent verification becomes impossible — critics cannot access the data needed to challenge model assumptions or develop alternative frameworks.
This creates model monopoly through data exclusion. Climate sceptics cannot develop competing models because they cannot access the underlying data. The scientific debate becomes impossible not because the evidence is overwhelming, but because the evidence is inaccessible19.
Health Policy: Epistemic Capture Through Data Control
The World Health Organisation’s malaria intervention guidelines rely on models that are informed by health data from Indigenous and marginalised communities — groups that often face barriers to data access rooted in emerging Indigenous data sovereignty frameworks. Such frameworks require explicit community consent and often incorporate benefit-sharing arrangements before data can be used for research or policy planning.
Because of these access requirements, not all health agencies or researchers are able to make use of such data. This creates a situation where health policies effectively become contingent on data access negotiations: without the necessary permissions, alternative groups cannot verify or propose competing intervention strategies grounded in the same datasets.
The effect: health policy becomes hostage to data access negotiations, and alternative approaches become impossible to develop or verify2021.
Agricultural Models: Research Apartheid Through Data Sovereignty
FAO agricultural productivity models rely on crop genetic diversity data and traditional farming knowledge, both of which are regulated under expanding interpretations of the Nagoya Protocol and the International Treaty on Plant Genetic Resources for Food and Agriculture22 (ITPGRFA). These agreements mean that access to such essential data — including overseen by the FAO’s Multilateral System — comes with legal and bureaucratic requirements like benefit-sharing and prior-informed consent23.
These access restrictions can delay or block the updating and verification of agricultural models. When researchers or countries cannot obtain the necessary permissions, FAO-endorsed models may become unadjustable or unverifiable using the latest genetic data.
As a result, independent agricultural research institutions — especially those lacking formal agreements or diplomatic resources — may be unable to build alternative productivity assessments. This effectively concentrates modeling authority within organisations that have established access frameworks, creating what some critics describe as a form of ‘research apartheid’.
The Black Box Imperative: When Models Become Unverifiable by Design
The data sovereignty trajectory creates an even more severe epistemic problem: mandatory model opacity. When models incorporate data subject to sovereignty restrictions or proprietary access controls, the models themselves become unverifiable black boxes by legal necessity.
From Data Restriction to Model Concealment
Institutions building policy models using restricted datasets face a fundamental contradiction: transparency requirements conflict with legal obligations to protect data sources. The result is enforced opacity where models using indigenous knowledge, sovereign genetic data, or proprietary information cannot disclose their methodologies without violating access agreements. Third-party verification becomes not just impossible but illegal.
Democratic Accountability Through Faith
This creates a qualitatively different form of epistemic control. Evidence-based policy becomes faith-based policy with scientific legitimacy. Since models cannot be examined, policy acceptance depends entirely on trusting authorised institutions. Scientific skepticism becomes structurally impossible and legally prohibited.
‘Evidence-based’ becomes a ceremonial designation rather than a verifiable claim. When citizens question model-based recommendations, the response cannot address methodological concerns but only institutional credentials: ‘trust us because we're the authorised experts’.
Why Data Control Sits Deepest
Epistemic Control Trumps All Other Mechanisms
Previous rails operated on outputs — controlling whose verification counts, who gets financed, who participates, who gets sued. Data governance operates on inputs — controlling what can be perceived and therefore what can be contested.
This is the deepest form of control because it prevents opposition from forming. You cannot challenge climate models if you cannot access climate data. You cannot develop alternative health interventions if you cannot access health data. You cannot verify economic policies if you cannot access economic data.
The power isn't just exclusion — it's making dissent impossible through ignorance.
Making Resistance Unthinkable Through Data Monopoly
When data access is restricted, alternative frameworks cannot be developed because the evidentiary basis for alternatives is unavailable. This goes beyond enforcement mechanisms that punish non-compliance — it creates epistemic monopoly that makes non-compliance inconceivable.
Previous rails created pressure to comply. Data governance creates incapacity to resist by making the knowledge needed for resistance inaccessible.
Foundational Dependency for All Other Rails
Every enforcement mechanism depends on data access:
Accreditation systems require performance data for verification standards
Liquidity mechanisms require risk data for capital allocation decisions
Credential systems require compliance data for identity verification
Audit processes require evidentiary data for liability assessments
Control data access, and you control whether any other enforcement mechanism can function. This makes data governance the foundational layer that enables or disables the entire indicator system.
The Constitutional Questions of Epistemic Control
Democracy and Knowledge Production
Data sovereignty frameworks raise fundamental questions about the relationship between democratic governance and knowledge production. When data access becomes conditional on political alignment, scientific research becomes subordinate to diplomatic relationships.
The principle that scientific knowledge should be universally accessible for verification and improvement conflicts with sovereignty assertions over data as national or community resources. This tension creates new forms of scientific nationalism that fragment global knowledge production.
Transparency and Accountability in Data-Dependent Policies
When policies depend on models that use restricted data, democratic accountability becomes impossible. Citizens cannot evaluate policies based on models they cannot access, verify, or improve. Policy makers cannot be held accountable for recommendations based on opaque data relationships.
This creates a democratic deficit where policies appear to be evidence-based but the evidence is accessible only to approved institutions with appropriate data access agreements.
Indigenous Rights and Global Knowledge
The assertion of indigenous data sovereignty conflicts with traditional scientific practices of open data sharing and peer review. Whilst some communities have legitimate rights to control information about their territories and traditional knowledge, these rights can conflict with broader public interests in accessible knowledge.
Global Implications and Resistance
The Fragmenting of Global Science
Data sovereignty frameworks are creating a fragmented global research landscape where scientific collaboration depends on diplomatic relationships rather than research competence. Climate science, health research, and economic analysis are becoming balkanised along sovereignty lines.
This fragmentation undermines the universality that has traditionally characterised scientific knowledge production, replacing it with politically contingent access to information needed for research and policy development.
New Forms of Digital Colonialism
Paradoxically, data sovereignty frameworks intended to address digital colonialism may create new forms of exclusion. Well-resourced institutions from wealthy countries can navigate complex data access requirements, whilst researchers from developing countries may be excluded from data needed for research relevant to their own populations.
This creates new hierarchies where diplomatic resources become prerequisites for scientific participation, potentially excluding precisely those researchers whose participation would advance decolonised knowledge production.
The Compliance Infrastructure for Data Access
Managing data sovereignty requirements creates enormous compliance costs that favour large, well-resourced institutions over smaller research groups24. The infrastructure needed to negotiate, maintain, and monitor data access agreements across multiple jurisdictions becomes a barrier to research participation25.
This compliance infrastructure creates new forms of concentration in research capabilities, undermining the distributed and collaborative character that has driven scientific progress.
The Foundational Rail
Data governance represents the foundational layer that enables and constrains every other enforcement mechanism. By controlling access to the raw material of measurement, it determines not just how the indicator system operates, but what it can perceive and therefore what policies it can generate.
This creates epistemic control — the deepest form of governance:
Rail 1 (Accreditation): Controls whose verification counts (depends on access to performance data)
Rail 2 (Liquidity): Controls who gets financed (depends on access to risk data)
Rail 3 (Credentials): Controls who participates (depends on access to compliance data)
Rail 4 (Audit): Controls who gets sued (depends on access to evidentiary data)
Rail 5 (Data Access): Controls what can be known (enables or disables all other rails)
Together, these create a comprehensive system where technical infrastructure governs through epistemic monopoly, market mechanisms, access restrictions, and legal enforcement. But even this sophisticated control architecture requires implementation through routine government operations.
The final question becomes: how does this comprehensive enforcement system manifest in the daily operations of the state? How do these rails bite in the mundane but pervasive activities that shape markets and societies every day?
The answer lies in the most routine yet powerful mechanism of government: public procurement. Every government purchase — from office supplies to infrastructure projects — becomes an enforcement action for the entire indicator regime. Through buying power, the state transforms every commercial transaction into compliance verification, making the abstract enforcement architecture tangible in daily economic life.
Procurement constitutionalism reveals how the state makes the entire system bite, not through dramatic enforcement actions, but through the routine exercise of its buying power across every sector of the economy.
Addressing Common Objections
‘Indigenous communities and developing countries have legitimate rights to control their data’
This analysis doesn't dispute the legitimacy of data sovereignty claims - it examines their systemic implications for knowledge production and democratic accountability. Indigenous communities do have valid rights to control information about their territories and traditional knowledge, particularly given historical exploitation. However, legitimate rights can still create governance challenges when they conflict with verification, replication, and democratic oversight of policies that affect broader populations. The question isn't whether these rights are valid, but how to balance them with public interests in accessible knowledge for policy evaluation.
‘Data sharing has historically benefited wealthy countries at the expense of data sources’
Historical patterns of extractive research and unequal benefit distribution are real problems that data sovereignty frameworks attempt to address. However, the current trajectory risks creating new forms of exclusion where diplomatic resources and institutional relationships determine research access rather than addressing underlying inequities. The essay acknowledges this paradox: frameworks intended to address digital colonialism may inadvertently create new hierarchies that exclude precisely those researchers whose participation would advance decolonised knowledge production.
‘This analysis exaggerates the practical impact of data restrictions’
The examples provided demonstrate concrete cases where data restrictions have already affected model development, policy verification, and research collaboration. The IPCC's reliance on data subject to sovereignty restrictions, WHO dependence on restricted health datasets, and FAO agricultural models requiring complex access agreements are documented realities, not hypothetical scenarios. The analysis focuses on structural capabilities and observable trends rather than speculating about future developments.
‘Alternative data sources and methods exist for most research questions’
While alternative sources may exist for some applications, the highest-quality, most comprehensive datasets often originate from specific jurisdictions or communities that assert sovereignty over them. Climate models require genetic diversity data from biodiversity hotspots; health interventions need epidemiological data from affected populations; agricultural research depends on crop genetic information from centers of origin. Alternative sources may be lower quality, less comprehensive, or subject to similar restrictions, limiting the robustness of competing analyses.
‘Scientific collaboration can continue within sovereignty frameworks’
Collaboration can occur within these frameworks, but it becomes contingent on diplomatic relationships, compliance infrastructure, and benefit-sharing negotiations rather than scientific merit and research competence. This creates new barriers to participation and new forms of hierarchy in global research. While collaboration remains possible, it operates under qualitatively different constraints that can exclude researchers based on institutional resources rather than scientific capability.
‘These frameworks protect marginalised communities from exploitation’
Protection from exploitation is a legitimate and important objective. The analysis doesn't argue against community rights or data protection - it examines how these frameworks can create unintended consequences for democratic accountability and knowledge production. The challenge is developing approaches that protect community rights while maintaining capacity for policy verification and scientific critique. Current frameworks may achieve protection at the cost of making evidence-based governance impossible to verify.
‘The benefits of preventing data exploitation outweigh epistemic concerns’
This reflects a fundamental disagreement about priorities rather than a factual dispute. The essay's argument is that epistemic control creates risks for democratic governance and evidence-based policy that should be weighed against protection benefits, not that protection is unimportant. The balance between community rights and public accountability for evidence-based policy represents a genuine dilemma without simple solutions.
‘Data sovereignty promotes research diversity and challenges Western-dominated science’
Data sovereignty can promote different research approaches and challenge extractive research practices. However, it can also fragment knowledge production in ways that make comprehensive analysis impossible and alternative viewpoints structurally excluded. The goal of decolonising research may be better served by approaches that ensure equitable participation in accessible knowledge production rather than fragmenting data access along sovereignty lines.
‘This ignores the colonial history of data extraction and exploitation’
The analysis acknowledges historical exploitation while examining current governance implications. Colonial data extraction was indeed exploitative and continues to have harmful effects. However, addressing historical injustices through frameworks that make democratic accountability impossible may create new problems without resolving underlying inequities. The challenge is developing approaches that address historical wrongs while maintaining capacities for evidence-based governance and scientific critique.
‘Technical solutions can address access issues while maintaining sovereignty’
Technical approaches like federated analysis, differential privacy, and secure multi-party computation may enable research while protecting sovereignty. However, these solutions remain limited in scope, require significant technical infrastructure, and may not address all forms of restricted data access. Moreover, the legal and diplomatic frameworks around data sovereignty often restrict technical solutions themselves. While promising, technical fixes don't resolve the fundamental tension between sovereignty assertions and verification requirements.
‘This analysis reflects bias toward Western scientific practices’
The concern about Western scientific hegemony is valid, but the alternative of fragmented, unverifiable knowledge systems may not serve decolonisation objectives. Many Indigenous and developing country researchers also rely on accessible data for their work and may be excluded by sovereignty frameworks that privilege institutional over individual access. The question isn't whether Western science is perfect, but whether making knowledge systems opaque and unverifiable serves democratic governance and equitable research participation.
‘Democratic accountability doesn't require universal data access’
Democratic accountability may not require universal access, but it does require sufficient access for meaningful verification and critique of policies that affect populations. When evidence-based policies become unverifiable because underlying data is restricted, democratic oversight becomes impossible regardless of who controls the data. The issue isn't universal access per se, but ensuring adequate access for policy evaluation and democratic accountability while respecting legitimate community rights.
