The Isle of Man has taken a decisive step toward a modern, regulated data economy. On April 7, the Island passed the Foundations (Amendment) Bill 2025, establishing a statutory framework for data asset foundations (DAFs). The core idea is both simple and powerful: treat data as a legally governed asset, so organisations can use it with confidence in real commercial arrangements—without sacrificing privacy, security, or accountability.
In practice, DAFs create a structured way to pool data across parties, license and monetise it, tokenise sensitive datasets, and even explore use cases such as using data as collateral or recognising governed data on balance sheets, where appropriate. Just as importantly, the framework is built to embed trust: access control, purpose limitation, governance, and alignment with GDPR-equivalent standards and an “adequacy” approach to cross-border transfers are fundamental to how DAFs are designed to operate.
This combination of commercial flexibility and regulated safeguards positions the Isle of Man as a pioneer in the emerging global data economy—especially in sectors where compliant data sharing is difficult but strategically valuable, such as fintech, healthcare, AI, and iGaming.
What is a Data Asset Foundation (DAF)?
A Data Asset Foundation is a foundation structure designed specifically to hold and govern data assets under clear rules. Rather than treating data as an informal byproduct of business operations, the DAF concept formalises data as something that can be managed, controlled, and used under defined governance conditions.
At a high level, a DAF helps organisations answer questions that often block data-led collaboration:
- Who controls access to a dataset (and under what conditions)?
- What uses are permitted (and what uses are prohibited)?
- How is consent, purpose, and compliance managed across different stakeholders?
- How do we create auditability and accountability for downstream use?
- How do multiple contributors collaborate without any one party “giving away” control?
By providing legal and operational infrastructure around these issues, DAFs are designed to make data collaboration and commercialisation more practical—especially where trust, regulatory constraints, and competitive concerns typically slow progress.
Why the Foundations (Amendment) Bill 2025 matters for the global data economy
Many jurisdictions have strong data protection rules, but fewer offer a purpose-built legal mechanism to treat data as a governed asset in a way that supports monetisation, licensing, and multi-party collaboration in regulated environments. The Isle of Man’s approach stands out because it aims to combine:
- Legal clarity around how data can be placed into a governed structure
- Commercial usability for real-world transactions (pooling, licensing, tokenisation)
- Embedded privacy and security aligned to international expectations
- Cross-border credibility through an “adequacy” posture for international transfers
The result is a framework designed not only to protect data, but to make high-integrity data useful—which is where much of today’s untapped economic value sits.
What DAFs enable: pooling, licensing, tokenisation, collateral, and balance-sheet recognition
The DAF framework is designed to unlock several practical, high-value data capabilities under clear governance. Below is a concise view of the headline outcomes and what they mean in real business terms.
| Capability | What it enables | Why it’s valuable |
|---|---|---|
| Secure pooling | Multiple parties contribute datasets into a shared foundation | Collaborate without surrendering control; build stronger combined datasets |
| Licensing and controlled use | Data can be licensed under specific permissions and limitations | Create new revenue models while keeping strict boundaries on usage |
| Tokenisation and permissioning | Sensitive data can be tokenised, anonymised, or permissioned | Increase usability for analytics and AI while protecting privacy |
| Use as collateral | Governed data may be used in financing contexts, subject to structure and risk controls | Supports innovation in capital formation for data-rich businesses |
| Recognition on balance sheets | Creates a pathway to treat governed data as an asset in financial reporting contexts | Helps leadership teams quantify and manage data strategically, not just operationally |
While each capability can be compelling on its own, the bigger win is what happens when they work together: a business can turn fragmented, underused information into trusted, reusable, and governable data products that support growth.
Privacy and security are built in: GDPR-equivalent governance, purpose limitation, and “adequacy”
A data economy only scales when people, regulators, and counterparties trust how data is handled. The Isle of Man’s framework places that trust-building at the centre by requiring DAFs to operate within strict governance frameworks. Key principles highlighted by the framework include:
- Access control: who can access data, and under what conditions, must be governed.
- Purpose limitation: data usage is constrained to specified, legitimate purposes rather than open-ended exploitation.
- GDPR-equivalent alignment: governance and compliance expectations align with international norms associated with GDPR-style data protection.
- Cross-border confidence via “adequacy”: maintaining an adequate posture supports international data flows in a way that encourages global participation.
For organisations, this translates into an attractive value proposition: you can innovate with data while demonstrating that privacy, security, and accountability are non-negotiable design requirements—not afterthoughts.
High-impact use cases: fintech, healthcare, AI, and iGaming
DAFs are particularly compelling in sectors where data is both highly valuable and highly sensitive, and where compliance requirements make sharing difficult. The Isle of Man’s framework creates a regulated path for collaboration and commercialisation in exactly these environments.
Fintech: faster innovation with safer data collaboration
Fintech products depend on timely, accurate, and compliant data—often spanning multiple institutions and service providers. With a DAF structure, participants can contribute and use shared datasets under clear permissions, improving risk controls and auditability while enabling new services that rely on secure data access.
Healthcare: governed sharing for research and outcomes
Healthcare data is among the most sensitive categories of information. A foundation-based governance model supports purpose-limited, permissioned usage—enabling collaboration (for example, across organisations) while preserving strict safeguards. This is a pathway to expand responsible innovation, where privacy and utility must move forward together.
AI: proprietary, high-quality data becomes a differentiator
As AI adoption accelerates, competitive advantage increasingly comes from proprietary, high-quality, well-governed data, not just model access. DAFs create infrastructure to curate, govern, and permission datasets for analytics and AI development, making it easier for organisations to move from “we have data” to “we can safely use data at scale.”
iGaming: strengthening an established reputation for regulated digital sectors
The Isle of Man is well known as a digital hub with robust regulatory frameworks in areas such as iGaming and fintech. DAFs extend that positioning into data: they offer a structured method to use data commercially while maintaining governance, transparency, and trust—qualities that matter deeply in regulated, data-driven industries.
From legislation to leadership: what comes next is execution and adoption
Passing legislation is the starting line, not the finish. The next phase is about proving that DAFs work in the real world—reliably, securely, and at commercial speed. The Isle of Man’s opportunity is to turn the framework into an ecosystem that attracts data-rich businesses and supports them end-to-end.
1) Prove real-world DAF implementations (and make them repeatable)
Early adoption matters because it produces the evidence the market needs: that DAFs can be set up efficiently, governed properly, and used to deliver measurable outcomes. Successful early use cases—whether focused on data sharing, licensing, or monetisation—can become powerful case studies that validate the model internationally.
High-value early examples typically share a few traits:
- Clear participants (data contributors, users, and governing roles)
- Defined permitted purposes and usage constraints
- Strong audit trails and accountability mechanisms
- Measurable value such as improved decisioning, new revenue, or reduced compliance friction
2) Build the supporting professional ecosystem
DAFs are not only a legal innovation; they are an operational discipline. To scale adoption, organisations need access to experienced providers who can help translate the framework into robust day-to-day practice.
Key ecosystem building blocks include:
- Legal and corporate service providers who can structure DAFs, define governance, and support regulatory oversight.
- Cybersecurity expertise to secure data sharing, manage access, and reduce risk.
- Technology platforms that support permissioning, tokenisation approaches, and auditability.
When these capabilities mature locally, the Isle of Man becomes easier to choose as a jurisdiction: businesses want not only a good framework, but a place where execution is smooth and dependable.
3) Strengthen international trust through regulatory partnerships and alignment
DAFs are naturally cross-border: data value chains often span jurisdictions, suppliers, and customers. To support global participation, the Isle of Man’s strategy benefits from maintaining and strengthening credibility on international data flows.
That means continuing to prioritize:
- GDPR-equivalent expectations in governance and protections
- “Adequacy” for international transfers to sustain confidence in cross-border sharing
- Partnerships with regulators and jurisdictions to improve interoperability and mutual trust
- Alignment with evolving standards in AI governance and data ethics
Done well, this builds a flywheel: better trust attracts better use cases, which produce stronger proof points, which in turn attract more participants.
The biggest unlock is behavioural: shifting mindsets to treat data as a strategic asset
Even with strong legislation, the organisations that benefit most will be those that change how they think about data. The DAF model signals a move from seeing data as a compliance burden or operational exhaust to seeing it as a strategic business asset that can compound in value.
In practical terms, that mindset shift looks like:
- Moving from compliance-only thinking to value creation thinking while still meeting strict obligations.
- Investing in data quality and governance so datasets are usable, not just stored.
- Designing for repeatable permissioning and auditability rather than one-off sharing agreements.
- Building feedback loops where governed data informs strategy, product, and operations continuously.
This is where DAFs can deliver a long-term advantage: they create a structure that rewards disciplined governance with faster, safer innovation.
A practical roadmap for organisations exploring a DAF
For leaders considering a DAF structure—whether on the Isle of Man or in collaboration with Isle of Man-based partners—momentum typically comes from starting with a focused, high-value problem and building governance around it.
- Identify a valuable dataset that is currently underused due to silos, risk, or unclear permissions.
- Define the permitted purposes (and prohibited uses) in a way that can be operationalised and audited.
- Map the participants: data contributors, data users, and governance roles.
- Design privacy and security controls from the start, including access control and purpose limitation.
- Select enabling technology for permissioning, audit trails, and (where relevant) tokenisation.
- Launch a pilot use case with measurable outcomes, then iterate into a repeatable model.
This approach supports the central goal of the framework: converting governed data into outcomes that are commercially meaningful and trusted.
Why the Isle of Man is well-positioned to lead
The Isle of Man’s DAF framework aims to do something rare: make data commercially actionable in a way that still prioritises privacy, security, and governance. That balance is exactly what global markets need as data becomes more central to competitive advantage—particularly with AI-driven business models.
By providing a statutory pathway for pooling, licensing, tokenisation, and other governed uses—while aligning with GDPR-equivalent standards and supporting cross-border confidence through an “adequacy” approach—the Isle of Man is positioning itself as a jurisdiction where data-led innovation can scale responsibly.
The next chapter is about execution: real use cases, a deep ecosystem of service providers and technology capabilities, and international regulatory alignment. If that execution matches the ambition of the legislation, the Isle of Man will not only host a new legal structure—it will help define how a trusted data economy can work in practice.