Data Sovereignty: Adapt Use Case Standards and Profile documentation

[DanielaWuensch]

The following CX standards need to be adapted to be consistent with CX-0018 and consider the new use case framework agreement Data Exchange Governance and to ensure that App Provider must support the constraints to allow Data Provider and Data Consumer to do data sovereign data exchange:

CX-0136: PCF (Houston: 2024-07-29 15:30 CET) CX-0081: BPDM-Country-Risk CX-0131: CircularEconomy CX-0125: Traceability CX-0077: BPDM-Data Quality Dashboard CX-0116: Sanction Party Watchlist Dashboard CX-0079: Natural Person Screening Dashboard CX-0118: Delivery Information Exchange CX-0138: Behaviour Twin CX-0012: BPDM-Pool API CX-0122: Item Stock Exchange CX-0074: BPDM-Gate API CX-0143: Product Passport (Houston: 2024-07-29 15:26 CET) CX-0135: Company Certificate Management CX-0059: Behavior Twin Predictor CX-0129: Request for Quotation Exchange CX-0078: Bank Data Verification Dashboard CX-0126: Industry Core Part Type CX-0115: Manufacturing Capability Exchange CX-0080: BPDM-Fraud Prevention CX-0142: Shop Floor Information Service CX-0144: ESS CX-0121: Planned Production Output Exchange CX-0128: Quality Management CX-0141: Health Indicator CX-0120: Short Term DCM CX-0127: Industry Core Part Instance CX-0146: Supply Chain Disruption Notification CX-0145: DaysOfSupplyExchange CX-0123: Quality Management

Goal is the following: All Standards should state this

### Conventions for Use Case Policy in context data exchange
In alignment with our commitment to data sovereignty, a specific framework governing the utilization of data within the Catena-X use cases has been outlined. A set of specific policies on data offering and data usage level detail the conditions under which data may be accessed, shared, and used, ensuring compliance with legal standards.
For a comprehensive understanding of the rights, restrictions, and obligations associated with data usage in the Catena-X ecosystem, we refer users to
•   the detailed [ODRL policy repository](https://github.com/catenax-eV/cx-odrl-profile). This document provides in-depth explanations of the terms and conditions applied to data access and utilization, ensuring that all engagement with our data is conducted responsibly and in accordance with established guidelines.
•   the ODRL schema template. This defines how policies used for data sharing/usage should get defined. Those schemas MUST be followed when providing services or apps for data sharing/consuming.

### Additional Details regarding Access Policies
A Data Provider may tie certain access authorizations ("Access Policies") to its data offers for members of Catena-X and one or several Data Consumers. By limiting access to certain Participants, Data Provider maintains control over its anti-trust obligations when sharing certain data. In particular, Data Provider may apply Access Policies to restrict access to a particular data offer for only one Participant identified by a specific business partner number.
•   Membership
•   BPNL

### Additional Details regarding Usage Policies
In the context of data usage policies (“Usage Policies”), Participants and related services MUST use the following policy rules:
•   Use Case Framework (“FrameworkAgreement”)
•   at least one use case purpose (“UsagePurpose”) from the above mentioned [ODRL policy repository](https://github.com/catenax-eV/cx-odrl-profile).
Additionally, respective usage policies MAY include the following policy rule:
•   Reference Contract (“ContractReference”).
Details on namespaces and ODRL policy rule values to be used for the above-mentioned types are provided via the [ODRL policy repository](https://github.com/catenax-eV/cx-odrl-profile)."

It is allowed to have sharper requirements for specific use cases

However, they must not mention

• old use case framework agreements
• to sign a framework agreement because it is never signed

Furthermore, it will be checked that the documentation of profiles with samples in tractus-x is checked if it shows valid examples or can be enriched/updated by up to date examples.

Impact

• [ ] Houston Requests for all Standards
• [ ] Adapt Use Case Standards based on new governance
• [ ] Adapt samples and policies in reference implementation https://github.com/eclipse-tractusx/tractusx-profiles

[stephanbcbauer]

Removed milestone since it was not yet discussed in open planning

[DanielaWuensch]

@arnoweiss as Tractus-X-Committer will review the issue after the Data Sovereignty EG has prepared the relevant PR

[matbmoser]

Added milestone @arnoweiss will take over as committer

[DanielaWuensch]

@jSchuetz88 : plans to prepare Pull Requests for the standards mentioned in this ticket already as patch for Catena-X Release 24.08. Review will happen by @DanielaWuensch and the relevant CX Standard Owners.