What is a Data Asset Foundation?

A plain-English guide to the Isle of Man's statutory framework for data as a formally recognised, governable, and commercialisable asset.

What it is
A Data Asset Foundation is a permanent Isle of Man legal entity whose sole purpose is to hold, govern, and commercialise a specific, defined data asset. It gives data a formal legal home, with a registered property right and a governed structure for ongoing use.
Who it is for
Organisations that hold data with genuine, ongoing commercial or strategic value and want to govern it with legal clarity: technology businesses, financial institutions, research bodies, healthcare providers, and data-native enterprises across any sector.
What it enables
Once fully registered under s.80, a data asset can be licensed, commercialised, used as collateral, and placed on a balance sheet. The Foundation structure provides counterparties, investors, and regulators with verifiable governance and provenance assurance.

Once you understand what a DAF is, the natural question is how to get from where you are today to a fully registered asset. The six-stage journey below maps that path.

The registration journey

From data to registered asset

The DAF registration journey runs from initial data identification through to first utilisation. Each gate must be passed before the next stage begins.

Stage 0

Founder Preparation

Before anything is established, the founder identifies the data asset, confirms it can be described and governed, and builds the business case for dedication. This is the pre-DAF readiness and classification stage.

Purpose
Define the dataset, confirm rights can be transferred, and assess whether a DAF is the right structure for this asset and its intended use.
Classify the data asset and identify contributors and restrictions
Obtain legal and tax advice where applicable
Define the asset boundary and compile the Rights and Restrictions Pack
Draft the DDI Readiness Pack and business case
Complete initial privacy, security, and ethics screening
Gate decision
G0
Founder and dedicator confirmed as suitable to proceed
Key outputs
Asset inventory and classification
Business case document
DDI Readiness checklist
Initial ethics and privacy screen
Who is involved
Founder
Dedicators
Legal, accounting and data advisers
Run the classification tool to complete Stage 0
Stage 1

Establish the DAF

With the business case approved and a Registered Agent appointed, the Data Asset Foundation is formally established as a legal entity under the Isle of Man Foundations Act. The constitutional documents, Charter and Rules, are drafted and the governance structure is put in place.

Purpose
Create the DAF legal entity and embed the governance requirements into its constitutional instruments, including the appointment of all required roles.
Draft the DAF Charter, setting out objects, name, council members, and Registered Agent
Draft or adopt Model Rules covering governance framework, Council responsibilities, and the Data Enforcer role
Appoint DAF Council members and document competence
Appoint the Data Enforcer and obtain independence declaration
Adopt operating and governance procedures
Gate decision
G1
DAF legal entity established and constitutional documents in place
Key outputs
Legal entity (DAF) established
Charter and Rules (controlled copies)
Appointments and delegations
Data Enforcer independence declaration
Who is involved
Founder
Registered Agent
DAF Council
Data Enforcer
Stage 2

Dedication and Application

The Data Asset Dedication Instrument (DDI) is the central legal document of the DAF regime: the instrument by which the founder formally transfers rights in the data to the Foundation. Execution of the DDI is followed immediately by submission to the Registrar for provisional registration.

Purpose
Execute the DDI, formally dedicating the data asset to the DAF, and submit the application pack to the Data Asset Registrar for provisional registration.
Draft the DDI in prescribed form, specifying rights, restrictions, and reversion conditions
Execute by the Dedicator and accept by Council resolution
Assemble the application pack including prescribed particulars, DDI, and registration fee
Submit to the Data Asset Registrar and capture acknowledgement
Registration journey determined at this stage
The DDI submission triggers the classification of your registration journey. Fast Track applies to I1 and D1 assets. Standard applies to C1, C2, D2, and Federated (F-class) assets. Extended applies to D3 assets only. The Extended journey requires independent red-team verification and an AI Safety Board review, as the highest-oversight pathway for systemic-risk AI and frontier use cases. Federated asset journey requirements are subject to the data governance framework currently being finalised by the Isle of Man Government.
Gate decision
G2
Registrar accepts application and records the data asset as provisionally registered
Key outputs
Executed DDI with Council resolution
Application pack and submission record
Register particulars pack
Provisional registration acknowledgement
Data Asset Identifier (DAI) assigned by the Registrar
Who is involved
Founder
DAF Council
Data Asset Registrar
Stage 3

Provisional Registration and Accreditation Preparation

Once provisionally registered, the asset exists on the Data Asset Register but cannot yet be commercially exploited. This stage involves building the governance evidence required for independent accreditation. The AAP is appointed and works alongside the DAF to review controls and documentation.

Purpose
Implement the governance controls and assemble the evidence needed for the AAP to conduct its independent assessment. No external disclosure or commercial use is permitted during this stage.
Confirm the scope of preparation activities and confirm internal-only controls
Build governance artefacts: policies, data catalogue, business glossary, and permitted use constraints (BDS)
Implement access controls, lineage tracking, and monitoring infrastructure (TDS)
AAP conducts evidence-based assessment and issues accreditation or remediation plan
Address any outstanding requirements raised by the Data Asset Registrar
Gate decision
G3
AAP accreditation report issued confirming the asset meets the required governance standards
Key outputs
AAP accreditation report
Governance artefacts and evidence pack
Data Enforcer oversight log
Who is involved
DAF Council
AAP
Data Enforcer
Data Asset Registrar
Stage 4

Full Registration

With the AAP accreditation report in hand, the Council submits the completion request to the Data Asset Registrar. Full registration under s.80 of the Bill is the pivotal legal moment: the Register is constitutive, meaning it does not merely record a pre-existing right but creates one. The personal property right vests in the Data Asset Foundation at this precise moment, and the data asset comes into formal legal existence as a distinct, registered personal property right under Isle of Man law.

Purpose
Submit the accreditation confirmation and complete registration, bringing the data asset into legal existence with a statutory property right under Isle of Man law.
Submit accreditation confirmation and completion request to the Registrar
Data Asset Registrar updates status from provisional to fully registered
Create the internal Asset Master Record and activate the renewal calendar
Prepare the First Utilisation Pack ahead of any commercial or operational use
Gate decision
G4
Asset fully registered. Personal property right vests in the DAF under Isle of Man law.
Key outputs
Registrar confirmation and register extract
Asset Master Record
Accreditation renewal calendar
First Utilisation readiness checklist
Who is involved
DAF Council
Data Asset Registrar
Stage 5

Utilisation and Ongoing Operations

The asset is now live and can be licensed, commercialised, shared, or otherwise utilised in accordance with the Foundation objects. This stage is ongoing; it encompasses the operational life of the asset, including accreditation renewals, register hygiene, accounts maintenance, and the Council oversight cycle.

Purpose
Operate the DAF in accordance with its objects and governance framework, maintaining accreditation, register accuracy, and annual accounts while generating value from the data asset.
Authorise first utilisation through Council resolution and the First Utilisation Pack
Execute licensing, sharing, or commercialisation activities within the Foundation objects
Maintain monthly register hygiene and material change notification workflow
Annual accreditation renewal with the AAP
Ongoing Data Enforcer oversight, accounts, and valuation maintenance
Gate decision
G5
First utilisation authorised. Asset operational.
Ongoing obligations
Annual AAP accreditation renewal
Monthly register review and notifications
Annual accounts and valuation
Data Enforcer quarterly checks
Remediation: if accreditation expires or is revoked, the asset cannot be utilised until accreditation is restored. The Council and Data Enforcer manage the remediation process and must notify the Registrar. The property right is not automatically removed but the asset is suspended from utilisation until the Registrar confirms restored accreditation status.
Who is involved
DAF Council
AAP
Data Enforcer
Registered Agent
Stage
1 of 6
G0 G5
Asset classification

Twelve classes of data asset

Every data asset receives a two-character class code. Select your distribution scope, then your data sensitivity level, to discover your asset class code and what it means for your registration journey.

Quick preview This two-axis selector gives an indicative class code. For a complete 20-question assessment with governance flags and a PDF report, use the full tool.
Full assessment
1 Step 1: How is your data distributed?
Complete classification matrix
Distribution Sensitivity 1 Sensitivity 2 Sensitivity 3
Internal (I) I1 I2 I3
Controlled-Share (C) C1 C2 C3
Federated (F) F1 F2 F3
Distributed (D) D1 D2 D3
Common questions

Frequently asked questions

No. The Founder does not need to be resident in the Isle of Man, and the data does not need to be physically located there at the outset. The Data Asset Foundation itself is an Isle of Man legal entity and requires a licensed Registered Agent, a role Cavendish Trust provides.
Any data asset that can be described, accessed, and shown to have ongoing value. Financial datasets, health data, AI training corpora, logistics data, geospatial data, research datasets, and proprietary analytics all qualify in principle. The key tests are that the data can be defined, that the Founder holds sufficient rights to dedicate it, and that there is a genuine ongoing use case.
An AAP is an independent body appointed to verify that a data asset meets the Isle of Man DAF Assurance standards before full registration on the Data Asset Register. The AAP reviews governance documentation and issues an accreditation confirmation to the Registrar. Cavendish Trust is building its AAP capability and will offer this service once formal accreditation criteria are established by the Isle of Man Government.
This depends on your registration journey. Fast Track assets can progress to full registration significantly faster than Standard or Extended-journey assets. The classification tool will identify your journey type. Contact Cavendish for an indicative timeline once you have your classification profile.
Yes. Cavendish offers the full range of DAF services, including acting as Registered Agent and CSP. Where you already have an existing CSP relationship, we fully respect that and will work alongside them in an independent capacity as your AAP, Data Enforcer, or specialist adviser.
Common questions

Frequently asked questions

Next step

Does your data have a legal home?

Run the free assessment tool to find out. Twenty questions, under ten minutes, a complete classification profile and a downloadable PDF report you can share with advisers and stakeholders.

Run the free tool