Tag: uk data service

  • Five Safes Framework: FAIR Access vs Privacy

    The Five Safes framework is a governance model — Safe People, Safe Projects, Safe Settings, Safe Data and Safe Outputs — that lets trusted research environments grant researchers FAIR access to sensitive data while keeping disclosure risk under continuous, auditable control. Rather than treating openness and privacy as opposing goals, it turns each into a checkable dimension, so a dataset can be findable and reusable in principle while remaining tightly access-controlled in practice.

    The five safes framework is a risk-management taxonomy, originated by the UK’s Office for National Statistics (ONS) and formalised in the 2010s, that decomposes data-access decisions into five independent dimensions of risk rather than a single accept/reject gate. It is the governance logic underneath most UK trusted research environments (TREs), including the UK Data Service SecureLab, ONS’s Secure Research Service, Research Data Scotland, and the network of TREs coordinated by Health Data Research UK (HDR UK).

    What is the Five Safes framework?

    The Five Safes framework was set out formally by ONS statisticians Felix Ritchie and Tanvi Desai, whose 2016 working paper “Five Safes: designing data access for research” is the primary methodological source most secondary explainers omit. It reframes data access as five separable risk dimensions rather than a binary “share or withhold” decision.

    Each dimension is assessed independently, then combined. A weakness in one — for example, less rigorously screened outputs — can be offset by tightening another, such as restricting the setting to an air-gapped enclave. This modularity is what allows the same underlying dataset to support both a low-risk aggregate release and a high-risk record-level research project, governed by different combinations of the same five controls.

    The five dimensions explained

    Each “safe” answers a distinct governance question. Together they form the checklist that a trusted research environment applies before, during and after a project.

    Dimension Core question Typical TRE control
    Safe People Is the researcher trustworthy and trained? Accreditation, Safe Researcher Training, signed data-access agreements
    Safe Projects Is the proposed use ethical, lawful and in the public interest? Independent approvals panel, ethics review, public-benefit test
    Safe Settings Is the technical environment controlled? Air-gapped enclave, no local downloads, logged sessions
    Safe Data Has disclosure risk in the dataset itself been reduced? De-identification, pseudonymisation, statistical perturbation
    Safe Outputs Could anything leaving the environment re-identify someone? Manual/automated output-checking against small-cell disclosure rules

    No single safe carries the whole burden. Under the Five Safes model, a dataset that cannot be fully anonymised can still be used safely if the setting, people and outputs are controlled tightly enough to compensate — the logic that underwrites most modern TRE design.

    Five Safes in NHS secure data environments

    The 2022 Goldacre Review, Better, Broader, Safer: Using Health Data for Research and Analysis, recommended that NHS data for research move away from dissemination of pseudonymised extracts and into Five Safes-governed trusted research environments by default. NHS England’s subsequent secure data environment (SDE) policy, published as part of the Data Saves Lives strategy, requires that access to NHS health and care data for research and planning purposes take place inside approved SDEs rather than through bulk data transfers.

    This is Five Safes applied at national scale: Safe Settings replaces the old model of emailing or shipping extracts; Safe People and Safe Projects are enforced through SDE accreditation and project approval panels; Safe Outputs is enforced through statistical disclosure control before any result leaves the environment. HDR UK’s federated TRE network and NHS England’s regional sub-national secure data environments both operate on this same five-dimension logic.

    Reconciling FAIR access with disclosure control

    The FAIR principles — Findable, Accessible, Interoperable, Reusable — were published by Wilkinson et al. in Scientific Data (2016) to improve the value of research data for both humans and machines. FAIR’s “Accessible” criterion is frequently misread as “open”; the original principles explicitly state that access can require authentication and authorisation, provided the conditions are clearly documented.

    The Five Safes framework is the mechanism that satisfies that condition for sensitive data. It does not compete with FAIR — it operationalises the “A” in FAIR for data too sensitive to release openly.

    FAIR principle Five Safes dimension that operationalises it Practical mechanism
    Findable Safe Data (metadata layer) Catalogued metadata is public even when the underlying data is not
    Accessible Safe People + Safe Projects Documented accreditation and approval routes, not open download
    Interoperable Safe Settings Standardised formats and tooling inside the controlled enclave
    Reusable Safe Outputs Disclosure-checked results and code released for onward reuse

    Under GDPR Article 89, processing special-category data for research purposes is permitted subject to appropriate safeguards. In UK practice, a Five Safes-governed trusted research environment is the safeguard: it lets institutions claim the research exemption while still meeting data-protection obligations, which is why TREs — not open repositories — are now the default access route for identifiable or quasi-identifiable datasets.

    Assessing maturity: from principles to governance

    Because the five dimensions are qualitative by design, data custodians need a way to compare TREs consistently. Administrative Data Research UK (ADR UK) has developed a Five Safes maturity model that scores environments against each dimension, moving the framework from a descriptive checklist to an auditable governance standard. Many TREs also pursue ISO/IEC 27001 information-security certification to provide independent evidence for the Safe Settings dimension specifically.

    • ONS Secure Research Service — the original Five Safes implementation
    • UK Data Service SecureLab — Five Safes applied to social science and economic microdata
    • Research Data Scotland — devolved administrative-data TRE built on the same model
    • HDR UK’s TRE network and NHS England’s sub-national SDEs — Five Safes at health-data scale

    For research administrators negotiating data-sharing agreements, the maturity model matters more than the framework name: a self-declared “Five Safes-aligned” environment is not equivalent to one independently assessed against all five dimensions.

    Common questions about the Five Safes framework

    What are the five dimensions of the Five Safes framework?

    The five dimensions are Safe People, Safe Projects, Safe Settings, Safe Data and Safe Outputs. Each is assessed and controlled separately, so weaknesses in one dimension can be offset by stricter controls in another, rather than requiring every dimension to reach maximum safety independently.

    How does the Five Safes framework work in the NHS?

    NHS secure data environments apply Five Safes by requiring accredited researchers, approved projects, and controlled technical settings instead of releasing pseudonymised data extracts. Following the 2022 Goldacre Review, NHS England’s secure data environment policy makes this the default access route for NHS health and care data used in research.

    Is a trusted research environment the same as the Five Safes framework?

    No. A trusted research environment is the technical and organisational setting — the “Safe Setting” — while the Five Safes framework is the broader governance logic covering people, projects, data and outputs as well. A TRE is one implementation of the Safe Settings dimension, not the whole model.

    How does the Five Safes framework relate to the FAIR data principles?

    The Five Safes framework operationalises FAIR’s “Accessible” principle for sensitive data that cannot be openly released. It makes metadata findable and reusable outputs disclosure-checked, while authorisation and accreditation — rather than open download — satisfy the accessibility requirement.

    Implications and outlook

    The direction of UK policy is unambiguous: dissemination of raw or lightly de-identified extracts is being phased out in favour of Five Safes-governed environments, first in health data and increasingly across administrative and social datasets held by ADR UK partners. For institutions, this means data-sharing agreements, ethics approvals and researcher training pathways increasingly need to be designed around the five dimensions from the outset, not retrofitted once a TRE is chosen.

    For publishers and funders assessing data-availability statements, understanding which of the five safes underpins a stated access route — rather than treating “available in a trusted research environment” as a single undifferentiated category — is becoming a necessary part of due diligence. The framework’s real value is not that it makes data open; it is that it makes the terms of controlled access explicit, auditable and consistent across institutions, which is the precondition FAIR access needs when the data itself cannot be.

  • ADR UK Explained: Administrative Data Access for Social Scientists

    ADR UK (Administrative Data Research UK) is a UK-wide partnership that gives accredited researchers secure access to de-identified, linked government administrative data — held not in a conventional downloadable repository, but inside supervised Trusted Research Environments (TREs). For social scientists, this matters because it is a distinct access route: the data never leaves government custody, and the researcher, not the dataset, is what gets vetted and admitted.

    ADR UK is a partnership of four national bodies — ADR England, ADR Scotland, ADR Wales and ADR Northern Ireland — together with the Office for National Statistics (ONS), coordinated by a UK-wide Strategic Hub and funded by the Economic and Social Research Council (ESRC), part of UK Research and Innovation (UKRI).

    What is ADR UK?

    ADR UK is the mechanism by which public sector administrative data — records originally collected for tax, benefits, education, health or justice administration, not for research — is linked, de-identified and made available for social science research in the public interest. It commissions flagship linked datasets, funds research using them, and maintains a public data catalogue describing what is available and to whom.

    The partnership operates under the Digital Economy Act 2017, which created the legal gateway allowing UK government bodies to share de-identified data with accredited researchers for statistical research purposes. This is the statutory basis that distinguishes ADR UK access from a voluntary data-sharing agreement between two universities.

    How does ADR UK access differ from conventional repository deposit?

    Most research data infrastructure — repositories, DataCite-indexed archives, institutional data stores — is built around deposit and download: a dataset is prepared, described with metadata, and released for reuse under a licence. ADR UK’s model inverts this. The data is never released to the researcher’s own machine; instead, the researcher is admitted into a controlled environment where the data already resides.

    This is best understood as “FAIR-adjacent” rather than FAIR-compliant in the open-repository sense: the data is findable (via the catalogue) and, under approval, accessible, but interoperability and reusability are deliberately constrained by design, because the underlying records are personal and sensitive at source. The table below maps the three routes UK researchers commonly encounter.

    Route Access model Typical data Governing framework
    ADR UK Supervised Trusted Research Environment (TRE); no download Linked cross-government administrative data (education, benefits, justice, tax) Digital Economy Act 2017; Five Safes
    NHS Secure Data Environments Supervised SDE; “dissemination by exception” NHS health and social care records NHS England’s 2022 Secure Data Environment policy
    UK Data Service Deposit/download under end-user licence Social surveys, census, cross-national socioeconomic data ESRC-funded repository terms

    The practical consequence for a social scientist: an application to ADR UK is an application for supervised admission to a workspace, not a request for a file transfer.

    What is the Five Safes model and what is a Trusted Research Environment?

    ADR UK access is governed by the Five Safes model, a risk-management framework originally developed by the ONS and now used across UK administrative data infrastructure, including NHS Secure Data Environments. It manages disclosure risk across five dimensions rather than relying on a single control.

    • Safe people — only accredited, trained researchers gain access.
    • Safe projects — proposals are approved for public benefit and ethical soundness.
    • Safe data — records are de-identified before linkage.
    • Safe settings — analysis happens only inside a Trusted Research Environment, a monitored, non-internet-connected computing environment.
    • Safe outputs — every result is disclosure-checked before it can leave the TRE.

    Each of the four UK nations operates its own TRE, accessed in person at a designated safe location or via a secure remote connection, using approved statistical software such as R, Python, SPSS or Stata.

    Who is eligible, and how does accreditation work?

    Eligibility runs through the researcher, not the institution. Under the Digital Economy Act 2017 accreditation process, an applicant must complete Safe Researcher Training and pass an assessment before an accreditation panel will approve them; this status is valid for five years. Accreditation alone does not grant data access — a specific research project must then be separately approved against public-benefit, feasibility and ethics criteria before a TRE account is issued.

    For institutions supporting early-career or interdisciplinary social scientists, this two-stage gate (accredit the person, then approve the project) is the single most common point of delay administrators should plan for, since neither step can be skipped or run in parallel with data linkage preparation.

    How is ADR UK funded and governed?

    ADR UK began as an ESRC investment running from July 2018. In September 2020, UKRI, the Department for Business, Energy and Industrial Strategy and HM Treasury approved £15.3 million for the 2021/22 financial year — the first year of a planned five-year investment. In September 2021, the remaining £90.12 million of that investment was secured from UK government to extend the programme to March 2026. In July 2025, UKRI confirmed a further £168 million investment to continue the programme beyond 2026, securing its next phase.

    Governance sits with the UK-wide Strategic Hub, which coordinates the four national partnerships, engages with government departments to secure data access agreements, and administers the dedicated research grant fund — distinct from the accreditation function, which remains with the statutory panel under the Digital Economy Act 2017.

    Frequently asked questions

    Is ADR UK the same thing as “alternative dispute resolution”?

    No. ADR UK in a research-administration context refers exclusively to Administrative Data Research UK, the government-data access partnership described here. “ADR” also commonly abbreviates alternative dispute resolution in a legal context — an unrelated field covering mediation and arbitration — and searchers should check context before assuming which meaning applies.

    What kind of data does ADR UK provide access to?

    ADR UK provides access to linked, de-identified administrative data generated by government departments — including education records, benefits and employment data, and justice-system data — rather than data collected specifically for research, such as surveys. Its public data catalogue and flagship datasets list what is currently available to accredited researchers.

    Is ADR UK data FAIR or open access?

    ADR UK data is not open access and is only FAIR-adjacent: it is findable through the catalogue and accessible to accredited, approved researchers, but it cannot be freely downloaded, reused or redistributed, because the source records are personal and disclosive. Outputs, not raw data, are what eventually leave the Trusted Research Environment.

    How long does the ADR UK access process take?

    Timelines vary, but researchers should expect two sequential approval stages: Safe Researcher Training and accreditation first, then a separate project-specific approval before a Trusted Research Environment account is issued. Institutions should budget for both stages when planning grant timelines, since data linkage itself begins only after project approval.

    What this means for research administrators and institutions

    For institutions supporting quantitative social science, ADR UK access is a compliance and planning question as much as a technical one. Research offices should treat Safe Researcher Training and accreditation as a standing institutional capability — something built into PhD and postdoctoral training pipelines — rather than a one-off hurdle discovered mid-grant. Because accreditation is personal and portable across five years, institutions that pre-accredit staff gain a durable advantage in bidding for ADR UK-linked funding calls.

    The broader signal is that “FAIR-adjacent” access, governed by statute and a risk framework rather than a licence, is becoming a parallel track alongside conventional repository deposit — one that other data-holding sectors, including health, are converging on through NHS Secure Data Environments. Research administrators who understand both tracks are better placed to route projects to the correct infrastructure the first time.

  • UK Data Service vs ICPSR: Choosing an Archive

    The UK Data Service and ICPSR are the two largest social-science data archives in the English-speaking research world, and the right choice usually depends on jurisdiction and funder mandate rather than feature parity. The UK Data Service is the ESRC-funded national repository for UK social, economic and population data, while ICPSR is a US-based, membership-funded consortium archive at the University of Michigan. Researchers outside the biomedical repository ecosystem — where PubMed-linked mandates dominate — need to weigh deposit workflow, restricted-access tiers and citation practice before picking either as a home for a dataset.

    The UK Data Service is the largest digital repository for quantitative and qualitative social science and humanities research data in the United Kingdom, formed in October 2012 when the Economic and Social Research Council (ESRC) consolidated the UK Data Archive — established at the University of Essex in 1967 — with several university partners. ICPSR, by contrast, is a membership consortium of academic and research institutions that has archived social and behavioural science data since 1962. Both are listed in re3data.org, the global Registry of Research Data Repositories, and both hold CoreTrustSeal certification for trustworthy digital repositories.

    What Are the UK Data Service and ICPSR?

    The UK Data Service is a national data repository funded through UKRI’s Economic and Social Research Council (ESRC) and led by the UK Data Archive at the University of Essex, in partnership with the University of Manchester, Jisc, EDINA and University College London. It holds more than 6,000 datasets, including UK Census data, the Labour Force Survey, the Millennium Cohort Study and cross-national surveys such as the European Social Survey.

    ICPSR — the Inter-university Consortium for Political and Social Research — is a membership-funded archive based at the University of Michigan, serving several hundred member institutions worldwide alongside non-member depositors and users. Its holdings span large-scale US and international surveys, criminal justice, education and ageing data, and it runs openICPSR as a self-publishing companion repository for rapid dissemination.

    How Do Deposit Workflows Compare?

    Both archives run a curated deposit model rather than a bare-metal upload box: staff review documentation, check disclosure risk and enhance metadata before release. The UK Data Service’s ESRC funding creates a contractual hook — grant holders are required to offer their data for archiving as a condition of the ESRC Research Data Policy — which ICPSR’s membership model does not replicate for non-US funders.

    • UK Data Service: two routes — the main curated collection for large, complex or sensitive studies, and ReShare, a lighter self-deposit repository for smaller datasets, code and syntax files.
    • ICPSR: two routes — the standard curated deposit process, and openICPSR, a self-publishing repository for researchers who want faster turnaround with lighter-touch review.

    Depositors submitting to either service should expect a documentation checklist covering variable-level metadata, consent and ethics evidence, and a data management plan — the same categories UKRI and NSF grant terms typically require regardless of which archive receives the deposit.

    How Do Restricted-Access Tiers Differ?

    Access tiering is where the two services diverge most for researchers working with confidential or disclosive social-science data. The UK Data Service operates a published three-tier model; ICPSR uses a comparable but differently named structure built around its Virtual Data Enclave.

    Access dimension UK Data Service ICPSR
    Open tier No registration; Open Government Licence data Public-use files via free MyData account
    Standard tier Safeguarded — registration plus End User Licence Member-institution access under consortium terms
    Restricted tier Controlled — SecureLab, requiring accredited-researcher training under the Five Safes Framework Restricted-use data via secure Virtual Data Enclave or encrypted physical media, subject to a data security plan
    Governance standard Accredited under the Digital Economy Act 2017 by the UK Statistics Authority (2020) Institutional Review Board and data-use-agreement based review

    The UK Data Service’s Five Safes Framework — safe people, projects, settings, data and outputs — was developed with HMRC DataLab and the Office for National Statistics Secure Research Services, and now underpins the SafePod Network launched in 2021 for wider geographical access to sensitive data. ICPSR’s restricted-data pathway achieves an equivalent security outcome through its enclave model but does not use the Five Safes terminology, which matters for UK researchers writing data management plans against ESRC or UKRI templates that reference it explicitly.

    How Do Citation Practices Compare?

    Both archives assign persistent identifiers and expect formal data citation, but their machinery differs. The UK Data Service works with DataCite and the British Library to issue DOIs and promotes an easy-to-use citation tool, framing its approach around the FAIR data principles — Findable, Accessible, Interoperable, Reusable — and its open-source QAMyData tool, which gives depositors a health check for numeric data before release.

    ICPSR similarly issues persistent identifiers for deposited studies and expects citation in publications that reuse its data, but its emphasis sits more on bibliography-style study citations tied to its own numbering system than on a dedicated public FAIR-compliance tool. For researchers publishing in journals that enforce data-availability statements — a growing requirement under funder open-science mandates — the practical difference is smaller than the access-tier gap: both produce a citable, resolvable record, but only the UK Data Service publishes a named QA tool for pre-citation data quality.

    Which Archive Should Researchers Outside Biomedicine Choose?

    For most projects the decision is jurisdictional rather than qualitative. A research data repository choice driven by funder mandate removes ambiguity immediately: ESRC-funded UK researchers must offer data to the UK Data Service, while NSF- or NIH-adjacent US social-science grants more commonly point toward ICPSR or openICPSR.

    • Choose the UK Data Service if your funder is UKRI/ESRC, your data concerns UK administrative, census or longitudinal panel data, or you need SecureLab/Five Safes access to controlled government microdata.
    • Choose ICPSR if your institution is a consortium member, your data is US-focused or cross-national with US partners, or you want the faster openICPSR self-publishing route.
    • Consult both catalogues before depositing internationally comparable survey data (e.g. European Social Survey, Eurobarometer) — coverage overlaps, and the UK Data Service can facilitate UK-based access to ICPSR holdings.

    Institutions building or reviewing a data management plan should treat this as a data repository for research compliance question first and a discoverability question second: a technically excellent dataset deposited in the wrong repository for its funder mandate creates avoidable rework at grant closeout.

    Answer-First Questions Researchers Ask

    What Is the UK Data Service?

    The UK Data Service is the ESRC-funded national repository for UK economic, population and social research data, led by the UK Data Archive at the University of Essex. It holds over 6,000 datasets, including census, survey and longitudinal study data, and operates under the OAIS digital-preservation reference model.

    How Do You Access Data on the UK Data Service?

    Access runs through three published tiers: Open data requiring no registration, Safeguarded data requiring registration and an End User Licence, and Controlled data requiring SecureLab accreditation under the Five Safes Framework. Most researchers start with the free data catalogue and register once they identify a specific study.

    Is the UK Data Service Free?

    Yes — the service is free to data owners depositing studies and free at the point of use for non-commercial research and teaching. Commercial users may incur administrative fees, and controlled-tier access requires accredited-researcher training rather than a monetary charge.

    Implications for Research Administrators

    Data management plans reviewed by institutional research offices, ARMA and INORMS-aligned research administrators, and funder compliance teams increasingly treat repository choice as an auditable field, not a footnote. A UK-funded study archived outside the UK Data Service without documented justification can trigger ESRC compliance queries at final reporting; a US consortium study left undeposited with ICPSR can weaken an institution’s case for renewed membership funding. Neither archive competes with domain-specific biomedical repositories governed by NISO, ICMJE or COPE norms — this comparison sits squarely in the national data repository space for social science, distinct from that ecosystem.

    As open-science mandates from UKRI, cOAlition S and equivalent US funders converge on FAIR-by-default expectations, the operational gap between the UK Data Service and ICPSR is narrowing to jurisdiction, access-tier terminology and citation tooling rather than underlying trustworthiness — both hold CoreTrustSeal certification and both sit inside the CESSDA/re3data recognised-repository landscape that funders now check by default.