The first task of WP3 is to set-up a sustainable operational coordination and governance structure so that the consortium continues to operate beyond the grant period. This is achieved by transforming and adopting the temporary project structure into a sustainable consortium over the course of the project. The Consortium Agreement will describe preliminary decision-making processes, which will be further operationalised in WP1 and later consolidated in this WP. The frameworks will be further tailored towards the specific needs and context of the consortium and its stakeholders as the ELSI-framework, the technical implementation, and the organisational aspects of the project progresses. Important aspects of the governance model include (but are not limited to) how strategic decisions will be made, how the collaboration between members of the consortium will look like and how compliance is ensured. Additionally, this task will define the ownership model for the new entity that is to be developed for managing the infrastructure. This entails the following subtasks:

• T3.1.1 Implementation of the governance model and ownership model as a foundation for the sustained coordination and operation of the infrastructure and verify that operations, decision- making and governance procedures are aligned with European laws for data governance, intellectual property, and AI, for example. The governance model refers to the strategic bodies, policies, and procedures for governance of the new entity that will be set-up for managing the infrastructure. The General Assembly, Executive Board, Ethics Advisory Board and Data Protection board will transition from project organisation towards long-term governance bodies. The ownership model refers to how ownership of that new entity is defined and allocated, as well as the responsibilities of ownership.
• T3.1.2 Design and implement strategic portfolio management and align with important stakeholderssuch as the Data Space Support Center and other European Health Data Space components, such as EUCAIM and Genome of Europe on strategic levels. This will be achieved by implementing and attending period round table discussions.
• T3.1.3 Implement knowledge management for transparency and dissemination of decision, policies, and other relevant documentation throughout the consortium and to support communication with external stakeholders. Knowledge management includes policies and standard operating procedures as defined by WP4 and WP6, the operating model of the new entity as defined in T3.2, the ELSI-framework and template agreements as defined in T3.4, and decisions, principles, processes, and governance.
• T3.1.4 Develop and implement principled conflict resolution processes to ensure clear, rules- based operations for all actors on the infrastructure, being data providers, data users, service providers, infrastructure providers, as well as the central governing body.

This task aims to lay the groundwork for a sustainable operational coordination and governance structure, open to the involvement of new stakeholders, that can manage and coordinate the infrastructure in line with the strategy and policies set by the governance (implemented by T3.1). This includes the governance structure for tactical and operational decision-making, the operational model for managing the infrastructure and support its’ users as well as capacity building measures necessary to ensure the establishment, sustainable operation, and successful uptake of the infrastructure. The aim is to create a new entity under European law, in all likelihood as (part of) a European Digital Infrastructure Consortium. will start the procedure to establish (or join) an EDIC. To achieve this, we will undertake the following subtasks:

• T3.2.1 Determine liability and legal aspects of the entity to be established.
• T3.2.2 Design a target operational model (TOM) and develop a roadmap to transition the project consortium to that model.
• T3.2.3 Design tactical portfolio management and organisational management based on the input from task 3.1.2.
• T3.2.4 Create standard operating procedures for risk and incident management, including cyber resilience and data protection.
• T3.2.5 Draft template Service Level Agreements for centralised and decentralised services.
• T3.2.6 Assess operational excellence and operational maturity of the consortium in preparation for transition to the new entity.

This task aims to define a business model for the infrastructure, including an uptake strategy explaining the motivation and incentives for all stakeholders at the different levels (regional, national, European, global) to support the data infrastructure towards its sustainability, including data controllers, data users, service providers, healthcare workforce, systems and public authorities at large and taking into account the role of SMEs in the deployment and the value chain. We will do so by elucidating the requirements for business model development, including refinement of potential user groups and their roles, as well as the boundary conditions for business model characteristics. This feeds into the development of the business models themselves. The process for the development of business will follow a structured pipeline with gates at each stage of the business readiness levels (BLRs) before a business model is implemented. Business models will be implemented and validated through pilot business interactions between companies and healthcare professionals to facilitate successful market introduction, a level playing field, and sustainable operation within the infrastructure, with a particular focus on SMEs. This task entails the following subtasks:

• T3.3.1 Determining the value proposition of data access along the entire data value chain, taking into account all stakeholders: lay people (data subjects), data providers, data users, service providers and infrastructure providers, not-for-profit and for-profit organisations, and organisations of different sizes with a particular focus on SMEs.
• T3.3.2 Development of the cost and revenue structures as well models for revenue generation to create examples of successful business models for data users, service providers, and infrastructure providers, whilst considering the needs of the data provider to ensure sustainable operation of federated infrastructure for ICU data.
• T3.3.3 Business model consolidation and validation through pilot projects. The outputs of T3.3.2 will be tested through several pilots where service providers will be invited to implement a service and offer it through the infrastructure. This subtask will be carried out in close collaboration with WP5, specifically T5.1.
• T3.3.4 Exploration of business services such as consulting and support services like those offered through the IMI EHDEN community to help on-board data providers onto the infrastructure.

Within this task we will build upon previous projects to further develop and implement an Ethical Legal and Social Impact framework that will provide guidance on AI ethics, data protection, storage requirements, data preservation requirements, data access and data usage policies. This task includes:

• 3.4.1 Ensure that all data processing during the project is lawful. INDICATE is a cross border collaborative project that utilises health data stored in Electronic Health Records of hospital data providers. The legal basis for secondary use of patient data varies between countries. In anticipation of the full Ethical, Legal and Societal impact framework that will handle this issue, we will ensure that these data are processed legally and undersigned by the participating data providers. While GDPR intended to harmonise rules on data protection, different interpretations exist between Member States and institutions within Member States. This subtask will compile previously conducted analyses of the legal frameworks, leveraging deliverables of TEHDAS, TEF-Health, EUCAIM, and PHEMS, and use these as a foundation for the rest of the work in this task.
• 3.4.2 INDICATE will formulate a Data Management Plan at the start of the project to detail general principles for data management. Data publication will align the EC’s Open Science recommendations, also considering IPR requirements and protection of sensitive data. For scientific publications the “Guidelines on Open Access to Scientific Publications and Research Data” will be implemented insofar as is possible.
• 3.4.3 Establish a Data Protection workgroup to implement and adopt frameworks, policies and procedures created in previous projects.
• 3.4.4 Establishing an Ethics Advisory Board that will be tasked with monitoring ethics issues in INDICATE and how they are handled, such as data representativeness, diversity, explainability as well as the emerging ethics issues related to the application of AI in medical research. The Ethics Advisory Board will align with existing data and AI initiatives, notably the European Ethics Guidelines for Trustworthy AI and the WHO guidance on Ethics and governance of artificial intelligence for health, as well as monitor upcoming legislation such as the AI Act.
• 3.4.5 Within this task we will perform a Data Protection Impact Assessment (DPIA) for the centralised components of the infrastructure. The resulting DPIA will be a report describing the risks arising out of processing personal data within the central components of the infrastructure and specify mitigating measures.
• 3.4.6 Set-up a Data Protection workgroup. Consortium partners and other organisations acting as data providers or data users must confirm that they have appointed a Data Protection Officer (DPO) and have made the contact details of the DPO available. The Data Protection workgroup will act as DPO at the consortium level and monitor compliance with data protection regulations and provide advice regarding Data Protection Impacts Assessment and act as second line support.