Large Language Model Enabling Trusted Data Spaces: Data Security Governance and Trust Mechanism Construction

Pei Lei¹, Chen Xiaoyu²
¹Data Intelligence and Interdisciplinary Innovation Laboratory, Nanjing University, Nanjing 210023, China
²School of Cultural Heritage and Information Management, Shanghai University, Shanghai 200444, China

Abstract

[Purpose/Significance] This article explores the key components and implementation pathways of trustworthy data spaces, with a particular focus on the role and impact of large language model (LLM) technologies in data security governance and the construction of trust frameworks. [Method/Process] A combination of theoretical analysis and practical case studies is adopted to examine three core areas: data security governance, technical pathways of LLM, and the establishment of trust mechanisms. [Result/Conclusion] The development of trustworthy data spaces requires deep integration across institutional frameworks, technological infrastructures, and multi-stakeholder collaboration. LLM offer powerful support for data security governance, particularly excelling in real-time monitoring, anomaly detection, intelligent decision-making, and automated compliance management. The improvement of data security governance hinges on the dynamic optimization of trust evaluation systems, which can enhance the transparency and controllability of trusted data circulation through tiered protection strategies, cross-actor collaboration mechanisms, and enhanced explainability. Ultimately, building trustworthy data spaces is not only a matter of technological innovation but also a paradigm shift in data governance. Its implementation must align with regulatory compliance, interoperability, and international standards to facilitate the efficient allocation of data as a production factor.

Keywords: Trusted data space; Large language model (LLM); Data security governance; Trust mechanism; Data governance framework

1.1 Connotation Characteristics and Current Status of Trusted Data Spaces

Trusted data spaces represent a data governance ecosystem built upon consensus mechanisms and multi-stakeholder collaboration. Their key characteristic lies in employing both technical means and institutional design to ensure the security, trustworthiness, and controllability of data during circulation, sharing, and transactions. Fundamentally, trusted data spaces are not merely a technical architecture but an infrastructure for the market-oriented allocation of data as a production factor, with their core mission being to resolve issues of "data sovereignty," "data security," and "trust mechanisms" in data circulation.

The construction of trusted data spaces encompasses multiple objectives. First, they emphasize data sovereignty and autonomy, granting data providers autonomous control over data usage processes through technology and institutions to ensure that ownership and privacy remain protected during sharing and circulation. Second, trusted data spaces prioritize multi-party collaboration and interoperability, breaking down "data silos" through unified technical standards and interface specifications to promote efficient circulation and utilization of data resources across different platforms and systems. Third, security and compliance constitute basic requirements, with cutting-edge technologies such as blockchain, digital signatures, and smart contracts safeguarding data transmission integrity, immutability, and traceability while ensuring usage complies with national and industry regulations. Fourth, in terms of economic efficiency, trusted data spaces significantly enhance transaction efficiency and unlock the potential value of the data economy through well-designed incentive mechanisms and optimized circulation pathways.

Significant progress has been made in trusted data space construction both domestically and internationally, establishing them as critical pillars for global digital economic development. Internationally, Europe has pioneered systematic exploration through organizations like the International Data Spaces Association (IDSA), developing representative universal architectures and standard systems such as the IDSA 4.0 reference architecture model, and implementing demonstration projects in automotive manufacturing (e.g., Catena-X data space) and supply chain management (e.g., Smart Connected Supplier Network, SCSN). In contrast, the United States primarily relies on cloud service providers like Google Cloud to drive cross-enterprise data sharing and intelligent analysis, featuring mature market mechanisms and strong platform capabilities, though challenges remain in cross-industry interoperability and data security assurance. In Asia, Japan and South Korea have demonstrated active engagement. Japan released the Connected Industries Open Framework (CIOF), emphasizing standardization and collaborative governance for trustworthy industrial data circulation across entities. South Korea has built upon its MyData personal data services to explore personalized data space construction oriented toward data sovereignty.

China's trusted data space construction is also advancing rapidly. At the policy level, the promulgation of the Data Security Law of the People's Republic of China and the Personal Information Protection Law of the People's Republic of China has provided solid legal foundations for data circulation and governance. In practice, China has actively explored data security frameworks based on blockchain and privacy-preserving computation technologies, gradually achieving full lifecycle management of trustworthy data circulation. Cities like Shanghai and Shenzhen have initiated pilot projects to construct industry-specific data spaces covering finance, healthcare, and manufacturing, providing innovative application scenarios for data circulation and value extraction. These practices have laid an important foundation for building unified data governance models, with major cases and current status summarized in Table 1 [TABLE:1].

Table 1. Data Space Practice Cases and Current Status

Country/Region Practice Cases Advantages Challenges Europe • International Data Spaces Association (IDSA)
• Catena-X (automotive manufacturing)
• SCSN (supply chain management) • Developed universal frameworks and standards for trusted data spaces (e.g., IDSA 4.0 reference architecture)
• Industry demonstration projects facilitate multi-domain collaboration
• Efficient circulation and sharing of data resources • Insufficient cross-industry interoperability
• Cross-border data compliance challenges
• Data sovereignty disputes United States Google Cloud and other cloud service platforms • Mature business models driving data sharing and value extraction
• Emphasis on technology-driven data economy development • Multi-domain collaborative governance
• Cross-industry interoperability through standardized interfaces
• User-centric personalized data spaces
• Emphasis on privacy protection and data autonomy Japan Connected Industries Open Framework (CIOF) • Standardized cross-industry collaboration
• User-centric personalized data spaces
• Emphasis on privacy protection and data autonomy • Limited cross-industry interoperability
• Insufficient data security assurance
• Weak inter-industry data integration and coordination South Korea MyData personal data services • Policy support through Data Security Law and Personal Information Protection Law
• Technological innovation (blockchain, privacy-preserving computation) enabling full lifecycle management
• Application scenarios covering finance, healthcare, and manufacturing • Data governance capabilities require further strengthening
• Limited international rule adaptation capacity
• Global data governance frameworks remain uncoordinated
• Weak data governance practices in some industries China Industry data spaces in Shanghai, Shenzhen, etc. • Policy support through Data Security Law and Personal Information Protection Law
• Technological innovation (blockchain, privacy-preserving computation) enabling full lifecycle management
• Application scenarios covering finance, healthcare, and manufacturing • Data governance capabilities require further strengthening
• Limited international rule adaptation capacity
• Global data governance frameworks remain uncoordinated
• Weak data governance practices in some industries

Despite these advances, several pressing issues remain in trusted data space development. First, global data governance frameworks have yet to achieve coordination and unification, with divergences in data protection standards, technical specifications, and compliance requirements across countries and regions creating obstacles for cross-border circulation and global promotion. Second, internal technical practices require optimization, as existing technologies have not fully resolved the trade-offs between performance, reliability, and scalability when addressing large-scale, multi-scenario, multi-stakeholder data collaboration. Third, insufficient awareness and practical capabilities for data governance in certain industries pose resistance to widespread adoption. Finally, trusted data space construction must address the complexity of coordinating multi-stakeholder interests, as trust mechanisms and collaboration models among data providers, users, and intermediary service providers require further improvement, with these interactions often profoundly influenced by different governance structures, legal environments, and business models.

1.2 Key Challenges in Data Security Governance

Data security constitutes a critical foundation for digital economic development and a core guarantee for the market-oriented allocation of data as a production factor. Amid global digital transformation, the secure and trustworthy circulation of data elements not only concerns effective resource integration and utilization but also relates to the stability and sustainability of socio-economic operations. In recent years, as data volumes have grown exponentially and usage scenarios have become highly complex, the connotation of data security governance has continuously expanded, with its importance far exceeding traditional technical protection to become a crucial factor influencing national governance, economic development, and social trust.

Data security directly impacts the trust foundation for multi-stakeholder collaboration. The essence of data circulation lies in multi-party sharing and collaborative utilization, where trust mechanisms are key to achieving efficient flow. However, frequent incidents of data breaches, privacy violations, and illegal misuse have created dilemmas: data providers fear privacy leaks and misuse, while data users face uncertainties regarding data quality and legality. This trust deficit not only reduces data transaction liquidity but also increases usage costs and risks, hindering the release of data value in economic activities. In domains involving sensitive data, security issues trigger cascading effects. In finance, data breaches can lead to customer privacy exposure and large-scale fraud, threatening financial system stability. In healthcare, misuse or leakage of patient health data not only violates privacy but also undermines public trust in medical services, affecting willingness to share data and impeding research value realization. In government affairs, where data serves as a critical national governance resource, security incidents causing data loss or improper dissemination can degrade public service quality, weaken public trust in government institutions, and even trigger social stability issues. At a deeper level, trust deficits often create a "data island" effect. Lacking unified security guarantees and trust mechanisms, data stakeholders tend to protect rather than share their assets, limiting value extraction and causing resource waste and redundancy. This fragmentation obstructs cross-industry and cross-regional collaborative innovation, yielding data circulation efficiency and economic benefits far below expectations.

The complexity and uncertainty of the international data governance landscape exacerbate the urgency of data security issues, as cross-border circulation has become central to economic and technological cooperation. Divergences among nations regarding data sovereignty, privacy protection, and compliance requirements have created a fragmented global data governance landscape, increasing potential security risks and raising compliance costs and operational difficulties for cross-border circulation. Differing interpretations of data sovereignty represent a primary cause of fragmented circulation rules. The European Union's General Data Protection Regulation (GDPR) establishes strict data protection and cross-border transmission standards, emphasizing privacy protection, though its stringent requirements limit applicability elsewhere. In contrast, the United States favors market-oriented data circulation with relatively relaxed privacy regulation. China, meanwhile, constructs its legal framework around the national security attributes of data through the Data Security Law and Personal Information Protection Law. These divergent rule systems, built upon different national interests and governance philosophies, lack unified standards, creating differentiated security norms and technical compliance requirements that complicate cross-border circulation legitimacy reviews.

Insufficient technical interoperability and absent standardization systems also constitute major bottlenecks for current cross-border data circulation. Regulatory diversity across countries and regions leads to varied technical implementation paths for data encryption, anonymization, and access control mechanisms. Incompatibilities in implementation details further hinder efficient circulation and create security vulnerabilities. Particularly between different technical systems, fragmented standards can create interface loopholes that become potential entry points for malicious attacks, amplifying cross-border circulation security risks.

The core solution to data security issues lies in building a sustainable, trustworthy security ecosystem. Such an ecosystem not only protects data resources themselves but also serves as a critical pathway for releasing data value and enhancing socio-economic effectiveness. Within this framework, data circulation extends beyond privacy protection and risk prevention to provide a solid trust foundation for multi-party collaboration and value co-creation. Only under secure conditions can large-scale trustworthy circulation be realized, promoting efficient integration of data elements within socio-economic systems, stimulating collaborative innovation, and achieving dynamic balance. This security ecosystem requires constructing dynamic protection systems covering the full data lifecycle, including legality review during collection, encryption and protection during storage, path control during transmission, and real-time monitoring and risk response during usage. Simultaneously, ecosystem construction must rest upon multi-stakeholder collaboration, fostering cooperation among enterprises, governments, and social organizations through improved institutional guarantees and transparent governance models to resolve trust barriers and enhance data sharing efficiency and governance effectiveness. Critically, ecosystem establishment should not focus solely on immediate technical issues but must adopt a long-term perspective, continuously unlocking data resource potential in a cost-effective manner to inject strong momentum into sustainable digital economy development.

2.1 Advantages and Challenges of Large Model-Driven Data Security Governance

As a major breakthrough in artificial intelligence technology, large models are becoming a crucial support force for data security governance, demonstrating significant advantages in data analysis, anomaly detection, and risk prediction. Their powerful computational capabilities and deep learning architectures enable efficient processing of security issues in complex data environments, enhancing data security monitoring and response capabilities while playing a key role in promoting data factor marketization and trustworthy circulation.

Large models' advantages in data security governance manifest in three primary aspects. First, in dynamic security monitoring and anomaly detection, large models can analyze massive datasets through deep learning algorithms to accurately identify potential security threats. For instance, in cybersecurity, large models can detect anomalous access, malicious attacks, and data leakage risks by analyzing data traffic in real time, generating automated alerts to improve security management response efficiency. Second, their self-learning capabilities enable continuous optimization of security strategies and dynamic adaptation to emerging threat environments. Through deep training on attack patterns and data circulation rules, large models can continuously improve detection accuracy, demonstrating stronger adaptability in dynamic risk environments. Third, large models show positive effects in data protection and privacy-preserving computation, such as through differential privacy and federated learning methods, achieving controllable data sharing while ensuring security and laying a technical foundation for trusted data space construction.

However, extensive large model applications may also introduce new security challenges. Their training processes depend on large volumes of diverse data often involving personal privacy, commercial secrets, and even national strategic information. Under such extensive data aggregation, without rigorous security management measures, they may become primary targets for attackers, with weak links in data chains potentially triggering large-scale information leaks and causing immeasurable consequences. In cross-industry and cross-domain usage scenarios, these risks are further amplified, imposing higher technical and management requirements on data security governance.

The algorithmic complexity and "black box" characteristics of large models increase regulatory complexity. As their reasoning processes are difficult to explain, data users and regulators struggle to determine whether decision logic complies with requirements, affecting trust in model predictions. In privacy-sensitive scenarios such as healthcare, finance, or cross-border circulation, algorithmic opacity may trigger data compliance disputes and even affect the legality of cross-border sharing. Additionally, large models require continuous iteration and optimization, yet vulnerabilities remain regarding the legality, credibility, and source control of new data, making compliance during model optimization a key challenge for data supervision and governance.

Data security governance in distributed computing environments presents even greater challenges. While multi-node collaboration improves computational efficiency, it also increases security risks during data transmission and processing. Permission management, vulnerability remediation, and access control for computing nodes become critical issues, as security failures in any single node may trigger cascading effects that impact overall system stability and even cause systemic security incidents. In cross-border circulation and multi-industry collaboration scenarios, data must flow across different legal and technical standards, with countries maintaining varying standards for privacy protection and cybersecurity compliance, further complicating governance. Balancing the security and legality of computing nodes, cross-border circulation compliance requirements, and large model computational efficiency and response speed represents a multi-objective optimization problem that imposes higher demands on trusted data space technical design and governance systems.

2.2 Privacy Protection, Data Governance, and Algorithm Transparency

The widespread application of large model technology in data security governance has made privacy protection, data governance, and algorithm transparency core elements of trusted data space construction. These three components jointly constitute the trust foundation in data circulation processes, influencing not only the effectiveness of data security and privacy protection mechanisms but also directly affecting the stability and compliance of multi-stakeholder collaboration.

In trusted data spaces, privacy protection represents the core task for ensuring secure data element circulation, particularly in cross-stakeholder collaboration and cross-border scenarios where protection of sensitive information is paramount. Large models rely on vast amounts of data during training and inference, often involving personal privacy, commercial secrets, and even national security information. Centralized storage and computation patterns make such data vulnerable to attacks, increasing information leakage risks. To mitigate privacy risks, current approaches widely adopt differential privacy and federated learning technologies to achieve trustworthy computation where data is "usable but invisible."

Differential privacy ensures individual data points remain unidentifiable by introducing random noise during data analysis, thereby protecting individual privacy without compromising overall data analysis effectiveness. This method has been widely applied in personalized recommendation, statistical analysis, and public data sharing. In contrast, federated learning employs decentralized distributed training, keeping data stored locally while transmitting only encrypted model parameters, avoiding centralized exposure risks. In cross-institutional collaboration scenarios across healthcare, finance, and intelligent manufacturing, federated learning enables collaborative computation among different entities while ensuring privacy protection compliance. These technical approaches provide solid support for privacy protection in trusted data spaces, maximizing data value while guaranteeing security.

Data governance plays a dual role in trusted data spaces as both rule-setting and security management mechanisms, serving as an important safeguard for data compliance and a key link for optimizing data resource circulation efficiency. Data governance in trusted data spaces primarily involves data storage, permission management, access control, and compliance supervision to ensure legal usage and effective circulation.

In permission management and access control, role-based access control (RBAC) and attribute-based access control (ABAC) have become mainstream governance models. RBAC ensures data access behaviors comply with established rules by defining different user roles and their permissions, while ABAC achieves more refined permission management by incorporating user behaviors and environmental conditions. These mechanisms not only enhance data access security but also establish dynamic authorization mechanisms among different entities, improving the flexibility and adaptability of trusted data spaces.

Furthermore, data governance addresses cross-border data compliance issues. Due to significant differences among countries regarding data sovereignty, privacy protection, and circulation rules, trusted data spaces must provide compliance guarantees at the technical level, such as data source legality review, cross-border encrypted transmission, and smart contract-based usage supervision. For instance, under the EU's GDPR, enterprises must ensure user data complies with the "data minimization" principle during cross-border circulation, while China's Data Security Law emphasizes tiered data classification and protection, imposing stricter review standards for specific data types leaving the country. Therefore, trusted data space governance systems must adapt to multi-level data security and compliance requirements to ensure secure circulation across different legal systems.

The "black box" characteristic of large model reasoning processes poses a significant challenge to algorithmic transparency. Traditional deep learning models often make their decision logic difficult to explain, causing doubts about their trustworthiness among users, regulators, and the public. In data governance scenarios, this unexplainability may trigger data misuse, bias amplification, and decision opacity issues, particularly in highly sensitive domains involving public decision-making, medical diagnosis, and financial risk control, where lack of algorithmic transparency may affect the credibility of data spaces.

Explainable artificial intelligence (XAI) has become an important solution for enhancing algorithmic transparency. XAI clarifies model reasoning logic through feature importance analysis, counterfactual reasoning, and model visualization, helping users understand decision processes. For example, in financial risk control, XAI can explain loan approval scoring criteria, enabling data users to understand the rationality of rejection decisions and ensuring algorithmic fairness and compliance. Additionally, algorithm auditing and third-party evaluation represent important means to enhance transparency in trusted data spaces. Introducing independent review institutions can effectively reduce model bias, improve algorithmic credibility, and strengthen stakeholder trust in data circulation processes.

In technical practice, the synergistic effects of privacy protection, data governance, and algorithmic transparency primarily manifest in ensuring data sharing within trusted environments, reducing leakage risks, achieving effective resource allocation through tiered management, access control, and compliance supervision, and enhancing the rationality, transparency, and traceability of data decisions through explainability methods and auditing systems. Building trusted data spaces requires close integration of these three technical dimensions to optimize data value release while ensuring security, making data governance systems more stable and sustainable.

2.3 Security Strategies for Cross-Border Data Circulation and Distributed Computing

As international data collaboration increases and distributed computing develops in depth, data circulation and processing have evolved beyond purely technical issues to involve complex legal differences, inconsistent technical standards, and missing trust mechanisms in multi-stakeholder collaboration. While the Action Plan has proposed constructing a unified national framework for data circulation and governance, detailed implementation measures remain lacking. The application of cross-border data circulation and distributed computing in trusted data spaces requires not only innovative technical pathways but also organic integration of institutional design and collaborative governance.

The core challenge of cross-border data circulation lies in achieving balance between security and compliance across multiple legal systems. Against a backdrop of incomplete international rule unification, significant variations in national requirements for data sovereignty and privacy protection necessitate simultaneous compliance with diverse regional regulations. Taking the EU's GDPR as an example, its strict restrictions on data exportation require detailed compliance documentation, while China's Data Security Law emphasizes the national security attributes of data circulation. In this highly fragmented legal environment, blockchain technology and zero-knowledge proof (ZKP) provide innovative solutions for cross-border data circulation. Blockchain's distributed ledger characteristics ensure transparency and security in circulation processes through immutable records, while smart contracts enable automated permission control and compliance verification. ZKP can complete legitimacy verification without disclosing data itself, providing technical guarantees for cross-border use of sensitive data. The combination of these technologies not only establishes a technical foundation for international data circulation but also enables interoperability among different legal systems.

However, technical applications still require policy and institutional safeguards. Cross-border governance of trusted data spaces needs dual support from trust evaluation systems and smart contract mechanisms to achieve trustworthy circulation among multiple entities. Establishing multi-dimensional trust evaluation models based on reputation scores, data usage records, and compliance reviews ensures transparency and security in cross-border circulation. Data providers and users must undergo regular compliance assessments by independent institutions, with access permissions adjusted according to historical circulation records to strengthen trust mechanisms in international data sharing. Smart contracts can automate cross-entity data circulation rules across different legal systems, ensuring usage scope, access permissions, and usage supervision meet compliance requirements. In international supply chain data sharing scenarios, smart contracts can preset access permissions, allowing only enterprises meeting specific conditions to access critical data while dynamically adjusting during circulation to ensure legal usage.

Data security issues in distributed computing environments focus more on technical implementation complexity. In distributed training or inference of large models, data must be transmitted and processed among multiple computing nodes. While this multi-node collaboration improves computational efficiency, it also increases security risks. On one hand, single-point failures in distributed computing can create system-wide vulnerabilities; on the other, participation by untrusted nodes may cause data leakage or result tampering. To address these issues, a more secure distributed computing environment can be constructed through fine-grained permission control and dynamic risk monitoring technologies. Fine-grained permission control strictly limits each node's operational scope through detailed access permission partitioning, while dynamic risk monitoring employs real-time analysis to quickly identify anomalous behaviors and intervene in potential risks. Additionally, introducing distributed consensus algorithms can improve fault tolerance, ensuring system stability and data integrity even when some nodes fail or behave maliciously.

In cross-border circulation and distributed computing environments, achieving "available but invisible" data represents the core objective for ensuring security and privacy. This concept requires that while data value is fully utilized, original content must not be leaked or misused. Large models play a crucial role in this process, particularly in real-time monitoring and anomalous behavior identification, where their powerful analytical and reasoning capabilities enable dynamic early warnings for circulation anomalies and rapid localization of security incident sources and responsible parties through traceability mechanisms. Furthermore, large model-based multi-party data permission control and dynamic authentication technologies can ensure data usage legality and transparency through refined management and real-time adjustment of access permissions. The technical pathway is illustrated in Figure 1 [FIGURE:1].

3 Trust Mechanism Construction for Trusted Data Spaces

The effective operation of trusted data spaces depends on robust trust mechanism construction, requiring institutional guarantees, technical support, and multi-stakeholder collaboration to build a transparent, secure, and traceable data circulation system. During circulation, trust involves not only secure interaction between data providers and users but also coordinated governance among government regulators, industry alliances, and technology platforms. Building a stable trust framework at institutional, technical, and collaborative levels is key to achieving trustworthy data circulation.

The foundation of trust originates first from normative constraints of laws, regulations, and policy frameworks. Cross-entity circulation and trading of data elements require legal definitions of data ownership, circulation boundaries, and compliance requirements. For instance, China's Data Security Law and Personal Information Protection Law explicitly require tiered data classification, cross-border circulation regulation, and usage supervision to ensure legal and compliant data flow. Additionally, regulations like the EU's GDPR provide different compliance pathways for cross-border circulation. Against this backdrop, trusted data space trust mechanisms must adapt to multi-level data governance rules and establish cross-regional, cross-industry standardized certification systems to ensure secure data interoperability across different legal systems.

Technical trust serves as the core support for trusted data space construction, with large models playing an important role. Large model-based dynamic access control and intelligent authentication technologies enable data access permissions to be dynamically adjusted according to user behavior, historical records, and risk assessments, improving usage transparency and security. In data security monitoring and anomaly detection, large models can accurately identify anomalous access and potential attacks by analyzing data flows in real time, combined with traceability mechanisms to quickly locate responsible parties. Moreover, introducing explainable artificial intelligence technologies helps enhance transparency in data processing and sharing, enabling data providers, users, and regulators to understand model decision logic and reducing trust barriers caused by algorithmic "black box" effects. Smart contract technology provides automated execution guarantees for data transactions, ensuring security and immutability in circulation while reducing manual intervention and improving governance efficiency.

Trusted data space trust mechanisms must accommodate multi-stakeholder collaborative governance, constructing dynamic trust systems based on rule constraints, behavioral supervision, and incentive mechanisms. Governments play regulatory and standard-setting roles in data governance systems, while industry alliances and data trading platforms are responsible for implementing specific rules. To enhance trust operability, multi-stakeholder data circulation trust evaluation systems can be established, introducing indicators such as reputation scores, circulation records, and compliance audits to credit-rate data users and adjust access permissions based on trust levels. With smart contract support, this trust evaluation can be embedded into transaction rules to automatically execute data sharing agreements, improving cross-entity collaboration credibility. Additionally, regulators can build transparent and traceable supervision chains using blockchain technology to conduct real-time reviews of data usage, ensuring circulation compliance.

Trusted data space governance frameworks require integrated advancement of institutions, technology, and multi-stakeholder collaboration. At the institutional level, data classification, compliance supervision, and standardized certification systems constitute the foundational constraints of trust mechanisms. At the technical level, large models, privacy-preserving computation, and smart contracts provide core support for data security and circulation. At the collaborative governance level, governments, industry institutions, and data platforms jointly participate in constructing dynamic trust evaluation and incentive mechanisms to ensure stable operation. This trust mechanism establishment will provide more robust support for market-oriented allocation of data elements, creating a transparent, secure, and efficient operating environment for data sharing and trading. The trusted data space trust mechanism framework and corresponding levels are illustrated in Figure 2 [FIGURE:2].

Conclusion

Trusted data space construction is crucial for market-oriented allocation of data elements and high-quality digital economic development. Amid deep interweaving of technology, institutions, and multi-stakeholder collaboration, data security governance and trust mechanism construction have become central issues. Based on the Action Plan policy framework, this article proposes a large model-centered data security governance system and trust mechanism framework, addressing current policy deficiencies in technical adaptability, privacy protection, and trustworthy data circulation. As policy implementation deepens, the intelligent contract supervision and secure, controllable circulation models proposed herein are expected to provide technical and governance support for the Action Plan's implementation.

Currently, large model technology provides strong technical support for trusted data space construction, particularly in real-time monitoring, permission management, and smart contract execution, laying foundations for realizing "available but invisible" data. Simultaneously, data security governance plays a central role in tiered protection, dynamic risk management, and rule system design, enhancing circulation security and multi-stakeholder collaboration efficiency. However, the lack of unified global data governance rules, missing technical standards, and cross-border circulation compliance challenges still constrain widespread promotion and application. Resolving these issues requires comprehensive responses in technological innovation, legal system improvement, and multi-party cooperation models.

Countries have adopted different development paths for trusted data space construction. By comparison, China's approach features distinct policy guidance characteristics. In recent years, a legal system centered on the Data Security Law and Personal Information Protection Law has gradually improved, with local governments piloting trusted data space construction across multiple industries and levels. China's path emphasizes a comprehensive governance framework of "data classification + technological innovation + government supervision," building cross-departmental, cross-regional governance systems under government leadership, such as the Shanghai Data Exchange and Shenzhen data element circulation pilots. Through public-private collaboration, China explores new data trading mechanisms of "ownership confirmation—compliant circulation—value realization," enhancing liquidity and controllability in data factor markets.

This article systematically analyzes core issues in data security governance and trust mechanism construction from the connotation of trusted data spaces, examining key requirements and technical challenges in current construction processes. Based on this analysis, it proposes intelligent technical pathways represented by large models, exploring their adaptation mechanisms in privacy protection, real-time monitoring, and smart contract execution, and further constructs a multi-dimensional framework encompassing institutional trust, technical trust, and relational trust, aiming to provide systematic solutions and theoretical support for sustainable trusted data space development.

Looking forward, trusted data space construction must continuously evolve through deep integration of technical systems and institutional norms, particularly accelerating international rule coordination and standardization to gradually establish data circulation architectures compatible with multi-national legal systems and industry standards. Next steps should involve strengthening technological innovation capabilities while building multi-stakeholder collaborative governance mechanisms to advance trusted data spaces from pilot implementation to systematic deployment and standardized promotion. As the global data ecosystem continues evolving, trusted data spaces are poised to become critical infrastructure supporting high-quality digital economic development and global data collaboration.

References

[1] Fu Shaoxiong, Sun Jianjun. Data Circulation and Security: Standards and Guarantee Systems[J]. Library and Information, 2023(4): 20-28.

[2] Wang Yan, Yang Da. Transformation of Chinese Management Accounting System: From Data Elements to Data Assets[J]. Management World, 2024, 40(10):

[3] Persisting in Promoting Market-oriented Allocation Reform of Data Elements—National Data Bureau Introduces Progress and Achievements in Data Sector Reform[EB/OL]. [2025-04-22]. https://www.gov.cn/lianbo/bumen/202407/content_6964034.htm.

[4] Liu Jiangfeng, Zhang Ran, Zhang Jundong, et al. Empowering Computational Research in Intellectual History with Generative AI: Model Construction and Application Exploration[J]. Library Journal, 2025, 44(3): 113-127.

[5] Tang Xinglong, Zhang Yu, Zeng Wen. Research on the Construction of Technical Foundations for Scientific and Technological Intelligence in Complex Information Environments[J]. Journal of the China Society for Scientific and Technical Information, 2024, 43(7): 761-772.

[6] Zhang Dun. Analysis of the Connotation and Framework Construction of Data Resource Holding Rights Under the "Data Twenty Measures"[J]. Journal of Information Resources Management, 2024, 14(2): 54-67.

[7] Notice of the National Data Bureau on Issuing the "Trusted Data Space Development Action Plan (2024-2028)"[EB/OL]. [2025-05-06]. https://www.gov.cn/zhengce/zhengceku/202411/content_6996363.htm.

[8] Xia Yikun, Jiang Jie, Zhang Xiaheng, et al. Response and Reflection of Information Resources Management Discipline in Developing New Quality Productive Forces[J]. Journal of Library and Information Science in Agriculture, 2024, 36(1): 4-32.

[9] Wang Xue, Xia Yikun, Pei Lei. Research Progress on Data Factor Markets at Home and Abroad: A Systematic Literature Review[J]. Documentation, Information & Knowledge, 2023, 40(6): 117-128.

[10] Zang Guoquan, Xiao Yang, Zhang Kailiang. Research on Privacy Risk Measurement and Tiered Protection Mechanisms for Government Data[J/OL]. Journal of Library Science in China, 2024: 1-14[2024-12-25]. http://kns.cnki.net/kcms/detail/11.2746.G2.20241118.1338.002.html.

[11] Fan Ruguo. Platform Technology Empowerment, Public Gaming, and Complex Adaptive Governance[J]. Social Sciences in China, 2021(12): 131-152,

[12] Liu Taoxiong, Rong Ke, Zhang Yadi. Data Capital Estimation and Its Contribution to China's Economic Growth—Based on the Data Value Chain Perspective[J]. Social Sciences in China, 2023(10): 44-64, 205.

[13] Cui Wenbo, Zhang Tao, Ma Haiqun, et al. EU Data and Algorithm Security Governance: Characteristics and Implications[J]. Journal of Information Resources Management, 2023, 13(2): 30-41.

[14] Sun Jianjun, Pei Lei, Fu Shaoxiong. Inclusive Integration: Data Management in the Context of Information Resources Management Discipline Construction[J]. Journal of Information Resources Management, 2023, 13(1): 9-17.

[15] Wang Yan, Yang Da. Transformation of Chinese Management Accounting System: From Data Elements to Data Assets[J]. Management World, 2024, 40(10):

[16] Yang Xinya, Wang Ying, Yin Weihong. Research on Data-Driven New Intelligence Services[J]. Journal of Documentation and Data Studies, 2019, 1(1): 32-41, 117.

[17] Li Yuhai, Wang Rui. Ten-Year Practice and Future Prospects of Government Data Opening[J]. Journal of Documentation and Data Studies, 2022, 4(4): 12-14.

[18] Ma Haiqun, Zhang Tao. Interpretation of Data Productivity and Its "New Quality" Power[J/OL]. Journal of Library Science in China, 2024: 1-16[2024-12-25]. http://kns.cnki.net/kcms/detail/11.2746.g2.20241126.1531.002.html.

[19] Liu Zhaoge, Li Xiangyang, Qiao Limin, et al. Analytical Method for Big Data Governance Models in Urban Disaster Risk Response Supported by Cases[J]. Journal of the China Society for Scientific and Technical Information, 2024, 43(6): 672-684.

[20] Liu Mingda, Chen Zuoning, Shi Yijuan, et al. Research Progress of Blockchain in Data Security[J]. Chinese Journal of Computers, 2021, 44(1):

[21] Wu Yikai, Li Guoan. Technology Governance and Governance Technology: A Perspective on Regulating Blockchain Digital Assets[J]. Bulletin of Chinese Academy of Sciences, 2024, 39(8): 1375-1388.