Suppose a researcher does everything right: they prepare their data carefully, document it well, and deposit it in a repository so that others can find and reuse it. They have discharged their responsibility — but only if the repository itself can be trusted to keep the data safe, accessible and intelligible for the long term. A repository that quietly disappears, loses files, lets metadata rot or cannot maintain access over time turns a careful deposit into a wasted effort. The question “is this repository trustworthy?” is therefore foundational to the whole edifice of open and FAIR data, and it deserves a more rigorous answer than a reassuring name and a working website. Repository certification provides that rigorous, auditable answer. This article examines what makes a repository trustworthy and how that is assessed, drawing on the data infrastructure domain of the CASRAI Dictionary.
Why trust must be demonstrated, not assumed
Trustworthiness in a repository is not a vague quality; it is a set of concrete capabilities and commitments that can be examined. Can the repository sustain itself financially and organisationally over the long term, or might it vanish when a grant ends? Does it have proper procedures for preserving files as formats and technologies change? Does it manage metadata, identifiers and access in ways that keep data findable and usable? Does it have the technical infrastructure to protect against loss and corruption? Because these are real, checkable properties, trustworthiness can be assessed against defined criteria rather than taken on faith. Certification exists precisely to make that assessment systematic: to let a repository demonstrate, and an outside party verify, that it meets recognised standards of good stewardship.
CoreTrustSeal
The most widely used certification in the research-data world is CoreTrustSeal. It offers a core-level certification for trustworthy data repositories, based on a set of requirements covering the organisational, technical and procedural dimensions of running a repository responsibly. A repository seeking the seal documents how it meets each requirement — covering matters such as its mission and continuity arrangements, its handling of data integrity and authenticity, its preservation planning, its arrangements for access and reuse, and its technical infrastructure — and submits this for peer review against the standard. The result is a certification that gives depositors, funders and reusers a credible signal that the repository operates to recognised standards. CoreTrustSeal’s strength is that it is community-based, internationally recognised and pitched at a level that is demanding yet achievable, making it a practical baseline for trustworthy repositories across disciplines.
The TRUST Principles
Complementing the formal certification are the TRUST Principles for digital repositories, which articulate, at the level of principle, what a trustworthy repository should embody. The acronym captures five qualities:
- Transparency — being open about the repository’s terms, conditions and the extent of its services, so users know what to expect.
- Responsibility — taking responsibility for the data held and for serving the user community, including stewardship and adherence to standards.
- User focus — meeting the needs and standards of the community the repository serves.
- Sustainability — ensuring the continuity of services and the preservation of data over the long term.
- Technology — providing the infrastructure and capabilities needed to secure and preserve the data and serve its users.
The TRUST Principles are deliberately a useful counterpart to the better-known FAIR principles: where FAIR describes properties the data should have, TRUST describes properties the repository should have. Data can only be reliably FAIR if it lives somewhere that is itself trustworthy, which is why the two sets of principles are best understood together.
The standards landscape: nestor, ISO 16363 and OAIS
CoreTrustSeal sits within a broader ecosystem of preservation standards, and understanding that ecosystem clarifies what certification rests upon. At the foundation is the OAIS reference model (the Open Archival Information System), a conceptual framework that defines the functions and responsibilities of a long-term digital archive — how information is ingested, stored, managed, preserved and made accessible over time. OAIS provides the shared mental model that much preservation practice and certification draws upon. Building on this foundation are more demanding certifications for repositories that need to demonstrate a higher level of assurance: the nestor Seal, an extended certification based on a German standard for trustworthy digital archives, and ISO 16363, an international standard for the audit and certification of trustworthy digital repositories. These represent a tiered landscape — CoreTrustSeal as an accessible core level, and nestor and ISO 16363 as more rigorous, resource-intensive options for archives requiring formal, audited assurance. A repository can choose the level appropriate to its role and resources.
What certification means for researchers
For a working researcher, this apparatus translates into a simple, practical piece of guidance: deposit data in a certified, trustworthy repository wherever possible. A certification such as CoreTrustSeal is a signal a depositor can rely on without auditing the repository themselves — evidence that the place receiving their data is run to recognised standards and is likely to keep that data safe and usable for the long term. It also helps satisfy the expectations of funders and journals, which increasingly ask that data be deposited in trustworthy repositories rather than just anywhere convenient. The wider expectations around data deposit and reuse are part of what we cover in our learning resources.
A consistent vocabulary for trustworthy infrastructure
For repository certification and trust signals to be meaningful across disciplines, funders and institutions, the concepts involved must be described consistently — what certification a repository holds, what preservation commitments it makes, and how those map to the requirements depositors and funders care about. That consistency is what the CASRAI Dictionary provides: a shared vocabulary so that information about repositories and their trustworthiness is understood the same way wherever it is recorded. And because depositing, curating and stewarding data are genuine contributions to research, they can be described in the same framework used for every output — the CRediT taxonomy and its full set of contribution roles, data curation foremost among them. FAIR data needs a trustworthy home; certification is how we know a home deserves the name.