While data spaces increasingly rely on advanced technical safeguards, the PLIADES project reveals that some of the greatest vulnerabilities still stem from human behaviour, limited training, and organizational complexity. As part of task T2.6 “Human factors across the data life cycle in multiple data spaces”, led by White Research, the project examined how human behaviour, stakeholder interaction, organisational practices and security awareness influence the resilience of AI-enabled data-sharing ecosystems across healthcare, mobility and energy sectors.
The analysis explored how users, stakeholders, and organizational processes can unintentionally create vulnerabilities that adversaries exploit. The objective was to identify human-centric vulnerabilities and define security requirements capable of supporting trustworthy and resilient AI-enabled data space environments.
Research Methodology
The analysis behind T2.6 rests on three complementary research pillars:
- A comprehensive desk research and framework analysis covering human factors, ergonomics, and security models (including the Swiss-cheese model) across safety-critical sectors;
- A multi-sector stakeholder mapping of 38 key actors across the healthcare, energy , and mobility sectors to better understand roles, responsibilities, and influence within emerging data spaces.; and
- A targeted professional survey involving 58 professionals working with data-sharing ecosystems, assessing real-world awareness, preparedness, behaviours, and experiences with data incidents and security risks.
Key Findings: A Readiness Gap
The results reveal a significant readiness gap in today’s data space landscape.
74% Are Data Space Newcomers
Nearly three out of four survey participants reported having little or no previous experience participating in data spaces. This finding highlights the early maturity stage of many data-sharing ecosystems and underscores the need for stronger onboarding and operational guidance.
82% Report a Training Deficit
An overwhelming majority of respondents stated they feel inadequately or only partially prepared to detect and respond to compromised data scenarios. This indicates that while data spaces are evolving rapidly, many professionals still lack the practical preparation required to identify threats, understand protocols, and react effectively to security incidents.
Human-Centric Threats Dominate
The survey identified phishing and social engineering as the most significant threats affecting data spaces. These attacks exploit human behaviour, trust, and decision-making rather than technical weaknesses alone.
The findings reinforce a critical message: cybersecurity in data spaces is not solely a technical challenge, but also a behavioural and organizational one.
Sensitive Data Raises the Stakes
The majority of data processed within these ecosystems was identified as highly sensitive:
- 52% business confidential data
- 43% consumer confidential data
This highlights the importance of strong confidentiality safeguards, transparent governance mechanisms, and trusted access management processes.
Common Incident Causes Across Sectors
Across all examined sectors, the most frequently reported causes of incidents were lack of training and awareness, misunderstanding of operational protocols, and system error or external attacks.
Why This Matters
As data spaces become increasingly interconnected and AI-enabled, security challenges extend beyond infrastructure and software vulnerabilities. Misunderstood procedures, insufficient training, unclear responsibilities, and poor usability can create risks even in technically advanced environments.
The PLIADES findings demonstrate that improving human readiness is essential for building secure, trustworthy, and resilient European data spaces.
Six Human-Factor-Sensitive Security Requirements
- Based on this analysis, T2.6 defines six security requirements that designed to strengthen trust, accountability, and operational resilience in data spaces:Awareness & Training – Mandatory, role-specific onboarding and adaptive training, with refresher modules triggered by user behaviour, to prevent unintentional compromise.Role Clarity & Access Governance – Strict Role-Based Access Control (RBAC/RRAC) tied to lifecycle responsibilities, ensuring accountability and minimizing internal threats.
- Protocol Usability & Decision Support – Human-centered interfaces with real-time AI guidance to reduce cognitive load and reliance on personal judgment under pressure.
- Detection of Human-Centric Anomalies – AI behavioural models trained to identify atypical user interactions, unusual access patterns, and irregular data sharing behaviours.
- Trust-by-Design – Transparency dashboards and traceable audit trails so stakeholders can track data lineage and access logs, fostering trust and alignment.
- Incident Response & Resilience – User-specific escalation flows, regular simulation exercises, and audit trails to support effective recovery from human-driven breaches.
Building Resilient Data Spaces Requires a Human-Centric Approach
The PLIADES T2.6 findings underscore a fundamental truth: building resilient data spaces requires addressing not just technical vulnerabilities, but the human behaviours, attitudes, and organizational structures that surround them. By embedding human-centric security principles into AI-enabled ecosystems, PLIADES contributes to the development of more trustworthy, interoperable, and resilient European data spaces across critical sectors.
Stay tuned for more updates from PLIADES as the project continues advancing secure, interoperable and resilient European data spaces.
