A Comprehensive Analysis of the Five Safes Framework: Origins, Applications, Challenges, and Future Directions

Abstract

The Five Safes Framework stands as a foundational and widely adopted model for governing secure and ethical access to sensitive data, primarily for research and public benefit purposes. Conceived within the UK Office for National Statistics (ONS) in the early 2000s, this comprehensive framework has transcended its initial application, becoming an international standard for data custodians and research organizations. This extensive research report provides an in-depth exploration of the Five Safes Framework, commencing with its historical genesis and subsequent evolution, including the philosophical underpinnings that transformed it into a holistic risk management strategy. We meticulously detail its broader applications, extending far beyond the UK Data Service (UKDS) to encompass diverse national and international data access initiatives, including its critical role in the architectural design and operationalization of Trusted Research Environments (TREs). The report then undertakes a granular analysis of each of the five ‘safes’—Safe People, Safe Projects, Safe Settings, Safe Data, and Safe Outputs—examining the intricate practical challenges encountered during their implementation, alongside successful strategies and best practices for their robust execution in varied organizational contexts. Furthermore, this report critically evaluates the framework’s efficacy in meticulously balancing the imperative of research utility with the paramount need for robust privacy protection and confidentiality. It addresses pertinent critiques leveled against the framework, compares its structure and principles with alternative and complementary data security and governance models, and concludes with a forward-looking perspective on its necessary adaptations in response to the rapid emergence of novel data types, advanced analytical methodologies, and ever-evolving technological advancements.

Many thanks to our sponsor Esdebe who helped us prepare this research report.

1. Introduction: Navigating the Data Frontier with the Five Safes

In the contemporary landscape, data has emerged as an indispensable cornerstone of innovation, policy development, and societal progress. The ability to harness vast datasets, particularly those containing sensitive personal information, is pivotal for addressing complex societal challenges, ranging from public health crises to economic forecasting and social policy evaluation. However, the immense potential of data-driven research is inextricably linked to profound ethical and practical dilemmas concerning individual privacy, data confidentiality, and the potential for misuse. The tension between maximizing data utility for public good and rigorously safeguarding personal information is a defining challenge of the information age.

Against this backdrop, the Five Safes Framework has distinguished itself as a pragmatic and comprehensive governance model designed to navigate this delicate balance. It provides a structured, risk-managed approach to facilitating access to confidential data, ensuring that legitimate research can flourish while simultaneously upholding the highest standards of privacy protection. Its widespread adoption underscores its perceived effectiveness as a robust mechanism for building and maintaining public trust in data-sharing initiatives.

This report embarks on a detailed scholarly journey through the Five Safes Framework. We aim to illuminate its historical origins and conceptual development, trace its global proliferation and integration into critical data infrastructure, and dissect the operational nuances of each ‘safe’ through the lens of real-world implementation challenges and successes. A critical appraisal of its effectiveness in achieving its core objective—harmonizing research utility with privacy—will be undertaken, alongside an exploration of academic and practical critiques. Finally, the report will contextualize the Five Safes within the broader ecosystem of data governance models and project its potential evolution to remain pertinent in an era of relentless technological advancement and the emergence of increasingly complex data modalities.

Many thanks to our sponsor Esdebe who helped us prepare this research report.

2. Origins and Evolution of the Five Safes Framework

2.1. Genesis and Intellectual Development at the ONS

The Five Safes Framework is a testament to the proactive efforts of statistical agencies to reconcile the growing demand for microdata access with an unwavering commitment to confidentiality. Its conceptual genesis can be precisely dated to the winter of 2002/2003 within the UK Office for National Statistics (ONS). At this juncture, the ONS was grappling with the challenge of enabling external researchers to access detailed, individual-level microdata—data that, by its very nature, carries significant re-identification risks—without compromising the privacy of citizens or the public’s trust in national statistics. Traditional approaches often involved severe restrictions on data access, leading to underutilization of valuable public data and hindering policy-relevant research.

Felix Ritchie, a leading figure at the ONS, spearheaded the development of what was initially conceptualized as the ‘VML Security Model’. The Virtual Microdata Laboratory (VML) was an innovative secure remote-access environment designed to provide a controlled space for researchers to analyze sensitive data. Ritchie’s objective was to articulate a comprehensive yet intuitive set of principles that would govern access to and use of this confidential microdata. His vision was to move beyond a simplistic ‘yes/no’ decision on data access to a nuanced, multi-faceted risk management strategy. This model sought to systematically assess and mitigate risks across various dimensions, thus enabling legitimate research that would otherwise be deemed too risky.

The initial VML Security Model was not merely a collection of technical specifications; it was a conceptual framework for managing disclosure risk. Its core innovation lay in disaggregating the complex problem of data security into five distinct, yet interdependent, domains. This decomposition allowed for a more granular assessment of risk and the application of targeted controls. The re-branding to the ‘Five Safes’ was a strategic move to enhance its mnemonic quality and underscore its broader applicability beyond the specific VML environment. This nomenclature, encompassing Safe People, Safe Projects, Safe Settings, Safe Data, and Safe Outputs, encapsulated the holistic nature of the framework, emphasizing that security is not a singular point of failure but a chain of interlinked safeguards. This shift from a technical ‘security model’ to a more universally understandable ‘safes’ framework significantly aided its subsequent adoption and recognition.

2.2. Foundational Principles and Philosophical Underpinnings

At its heart, the Five Safes Framework embodies a risk-managed, rather than a risk-averse, philosophy towards data access. It acknowledges that perfect, absolute security is an elusive ideal, particularly when aiming to preserve data utility. Instead, it posits that by meticulously controlling five critical dimensions, the residual risk of re-identification or misuse can be reduced to an acceptable level, thus enabling beneficial research. This approach contrasts sharply with models that prioritize strict data suppression or complete anonymization, which often render data unusable for complex analytical tasks.

The framework operates on the premise that data custodians have a dual responsibility: to protect the privacy of individuals and to facilitate the use of data for public good. It shifts the paradigm from ‘data hoarding’ to ‘responsible data sharing’. Each ‘safe’ represents a distinct but interconnected layer of protection, forming a ‘defence in depth’ strategy. A weakness in one safe can potentially be compensated by strengths in others, though the ideal is robust implementation across all five. This integrated approach ensures that risks are assessed not in isolation, but in context, considering the interplay between the researcher, the research question, the environment, the data itself, and the dissemination of findings.

Crucially, the Five Safes promotes transparency and accountability. By explicitly defining the controls in place, data custodians can articulate to the public and data subjects how their information is being protected and for what purposes it is being used. This transparency is vital for fostering public trust, which is the bedrock of any successful data-sharing initiative. The framework provides a structured language for discussing and implementing data governance, making complex security considerations more accessible to diverse stakeholders, from technical experts to policy makers and data subjects.

2.3. Adoption and Global Recognition

The intrinsic strengths of the Five Safes Framework—its comprehensive yet intuitive design, its focus on risk management, and its adaptability—quickly propelled its adoption beyond the ONS. Its initial success within the UK, particularly in enabling access to sensitive government microdata, served as a powerful proof of concept. The UK Data Service (UKDS), a leading provider of access to social and economic data, became an early and prominent adopter, integrating the framework into its operational protocols for secure data dissemination.

International recognition followed swiftly. The Australian Bureau of Statistics (ABS) and the Australian Department of Social Services (DSS) were among the earliest international entities to embrace the framework, utilizing it as a foundational design principle for their secure data access systems. In 2017, the Australian Productivity Commission, in its landmark inquiry into ‘Data Availability and Use’, strongly advocated for the widespread adoption of a modified version of the Five Safes framework across Australian government agencies to bolster cross-government data sharing and re-use, underscoring its potential for national-level data infrastructure reform. This recommendation highlighted the framework’s utility not just for secure access but also for establishing a common, understandable standard for data governance across disparate government entities.

Beyond national statistical offices, the framework found resonance with international bodies, research consortia, and academic institutions seeking to establish secure data environments. Eurostat, the statistical office of the European Union, has referenced similar multi-dimensional approaches for microdata access. Its appeal stems from its ability to provide a clear, auditable structure for managing sensitive data, making it a de facto standard in many secure data environments globally. This widespread adoption reflects a collective recognition that the Five Safes offers a robust, flexible, and scalable solution to the persistent challenges of data confidentiality and utility.

Many thanks to our sponsor Esdebe who helped us prepare this research report.

3. Broader Applications and Institutionalization of the Five Safes Framework

The Five Safes Framework has proven remarkably adaptable, extending its influence far beyond its initial application at the ONS and the UK Data Service. Its modular and principle-based design allows for its effective integration into diverse data governance structures, from national statistical systems to highly specialized research initiatives.

3.1. Integration into Trusted Research Environments (TREs)

One of the most significant and pervasive applications of the Five Safes Framework is its foundational role in the design and operation of Trusted Research Environments (TREs), also known as Secure Data Environments (SDEs) or Data Safe Havens. TREs are secure, controlled digital platforms designed to provide accredited researchers with access to sensitive, de-identified data for legitimate research purposes, while rigorously protecting the privacy of individuals. The Five Safes framework serves as the conceptual blueprint and operational standard for these environments, ensuring that every layer of data access and analysis is systematically safeguarded.

In a TRE, the Five Safes are manifested as follows:

• Safe People: Only highly trained, accredited, and authorized researchers gain access. TREs typically mandate specific training modules on data ethics, privacy legislation, and statistical disclosure control. Researchers must sign legally binding data user agreements, often with personal liability clauses, and undergo identity verification and vetting processes.
• Safe Projects: All research proposals undergo stringent review by independent ethics committees and data access committees. Projects must demonstrate clear public benefit, align with legal and ethical mandates, and articulate a precise scope that justifies the use of sensitive data. The ‘purpose limitation’ principle, often enshrined in privacy regulations like GDPR, is central here.
• Safe Settings: TREs are technologically and physically isolated environments. They often comprise ‘air-gapped’ virtual machines or highly secured cloud instances, robust firewalls, multi-factor authentication, intrusion detection systems, and encrypted data storage. Physical access to data centres is heavily restricted. Researchers typically access data through remote desktop protocols, with no ability to download or export raw data, and all activity within the environment is logged and audited.
• Safe Data: Data ingested into TREs undergoes extensive de-identification, pseudonymisation, or anonymisation processes. Direct identifiers are removed or replaced with artificial identifiers. Data custodians within the TRE apply various statistical disclosure control (SDC) techniques to minimize re-identification risk while preserving analytical utility. Data linkage, when necessary, is performed under strict protocols by trusted intermediaries.
• Safe Outputs: All research findings, including tables, graphs, and statistical models, generated within the TRE are meticulously reviewed by human and/or automated checkers before release. This output checking process applies SDC rules to ensure that no individual can be identified, either directly or indirectly, from the disseminated results. Only non-disclosive outputs are permitted to leave the secure environment.

Examples abound globally. The UK’s Integrated Data Service (IDS), a flagship initiative for cross-government data access, is explicitly built upon the Five Safes principles, providing accredited researchers with secure access to a wealth of linked administrative data. Similarly, the NHS England Secure Data Environment (SDE) facilitates access to health data for research, strictly adhering to the Five Safes. Across Europe, various national statistical offices and health data platforms have adopted similar frameworks, often drawing directly or indirectly from the Five Safes architecture to create their secure research environments. These environments exemplify the framework’s power in institutionalizing responsible data access at scale.

3.2. Adoption by Government Agencies and Beyond

Beyond dedicated TREs, the Five Safes Framework has permeated the operational policies and guidelines of numerous government agencies and other organizations that handle sensitive data. It serves as a practical blueprint for establishing data governance procedures, even when a full-fledged TRE might not be in place.

In the UK, departments like the Department for Education (DfE) utilize the framework’s principles to guide their data sharing practices. When DfE shares personal data for research, it ensures that recipient organizations possess robust IT and physical security measures (aligned with ‘Safe Settings’), that researchers are accredited (‘Safe People’), and that the research project has clear public benefit and ethical approval (‘Safe Projects’). Similar approaches are evident in the Department for Work and Pensions (DWP) and other governmental bodies that manage large administrative datasets crucial for policy analysis.

Its utility extends beyond governmental statistical and administrative functions. Academic research institutions, particularly those engaged in longitudinal studies or health research involving patient data, frequently adopt the Five Safes as a guiding principle for their internal data access protocols. For instance, many university data archives or specialized research centres that curate sensitive datasets (e.g., genetic data, detailed survey responses) implement similar multi-layered safeguards.

The framework also informs the development of national data strategies and legislative frameworks. While not a legal instrument itself, the Five Safes provides a practical operational model that can help organizations meet the requirements of data protection regulations like the General Data Protection Regulation (GDPR) in the EU, the California Consumer Privacy Act (CCPA), or the Health Insurance Portability and Accountability Act (HIPAA) in the US. These laws set the legal parameters, and the Five Safes offers a concrete methodology for achieving compliance in a functional research context. Its widespread acceptance is a testament to its adaptability and its ability to provide a common language and standard for managing the complex interplay of data utility and privacy protection across diverse institutional landscapes.

Many thanks to our sponsor Esdebe who helped us prepare this research report.

4. In-Depth Analysis of Each ‘Safe’: Principles, Implementation, Challenges, and Best Practices

4.1. Safe People

Definition: This ‘safe’ ensures that individuals granted access to sensitive data are trustworthy, skilled, and accountable, possessing the necessary ethical understanding and technical competence to handle confidential information responsibly.

Principles: The core principles underpinning Safe People are competence, ethical conduct, accountability, and legal compliance. Researchers must demonstrate a clear understanding of data protection principles, potential risks, and their legal obligations. Ethical integrity is paramount, as even the most secure technical environments can be compromised by malicious or negligent human actions.

Implementation Mechanisms:

• Accreditation and Vetting: This is often a multi-tiered process. Researchers typically need to be affiliated with recognized research institutions, demonstrate a track record of responsible research, and undergo identity verification. Some jurisdictions require formal accreditation by a national statistical body or a designated authority (e.g., ONS Accredited Researcher status in the UK). This may involve criminal record checks for access to highly sensitive data.
• Mandatory Training: Comprehensive training programs are essential. These cover data ethics, privacy legislation (e.g., GDPR, DPA), secure coding practices, statistical disclosure control (SDC) methods, and the specific rules of the secure environment. Training often includes practical exercises and assessments to ensure comprehension.
• Legally Binding Agreements: Researchers are required to sign strict Data User Agreements (DUAs) or confidentiality declarations. These documents explicitly outline their responsibilities, permissible data uses, restrictions on data transfer, and the severe penalties for breaches, including legal action and revocation of access.
• Codes of Conduct: Adherence to professional codes of conduct for research ethics and data handling is often a prerequisite, reinforcing the importance of ethical behaviour.
• Ongoing Monitoring and Auditing: Researcher activity within secure environments (e.g., login times, commands executed, files accessed) is often logged and subject to audit. This helps identify unusual behaviour or potential policy violations.

Detailed Challenges:

• Scope and Depth of Training: Ensuring all researchers, regardless of their disciplinary background, receive adequate and relevant training can be challenging. Statisticians might be proficient in SDC, but social scientists might need more emphasis on ethical considerations. Keeping training up-to-date with evolving threats and technologies is also resource-intensive.
• Insider Threat: Even accredited researchers can pose a risk, either through malicious intent or accidental negligence. Detecting and mitigating this ‘insider threat’ requires sophisticated monitoring and robust incident response protocols.
• Vetting International Researchers: Establishing trust and verifying credentials for researchers from diverse international backgrounds can be complex due to varying legal systems and accreditation standards.
• Maintaining Researcher Engagement: Strict security protocols can sometimes be perceived as overly burdensome by researchers, potentially leading to ‘workarounds’ if not carefully managed with user-friendly interfaces and clear communication.
• Resource Allocation: Establishing and maintaining comprehensive accreditation, training, and monitoring programs requires significant investment in human resources and technological infrastructure.

Detailed Successes and Best Practices:

• Standardized Accreditation Programs: The ONS Safe Researcher Training and accreditation scheme serves as a global benchmark, providing a robust, transferable model for assessing researcher trustworthiness and competence.
• Multi-tiered Access Levels: Implementing differentiated access levels based on a researcher’s accreditation, project sensitivity, and demonstrated expertise can optimize resource allocation and enhance security.
• Public Registers of Accredited Researchers: Increasing transparency by publishing lists of accredited researchers and their affiliations can foster public trust and accountability.
• Clear Sanction Regimes: Explicitly communicating the consequences of data misuse, including legal penalties and permanent revocation of access, acts as a strong deterrent.
• User Support and Engagement: Providing responsive technical and ethical support to researchers, and involving them in the ongoing refinement of security protocols, can improve compliance and user satisfaction.

4.2. Safe Projects

Definition: This ‘safe’ ensures that research projects seeking access to sensitive data are legitimate, ethically sound, proportionate, and demonstrably serve a clear public benefit.

Principles: The core principles include public benefit, proportionality, ethical approval, legal basis, and clear scope. Data access must be justified by a compelling public interest, and the data requested should be the minimum necessary to achieve the stated research objectives (data minimization).

Implementation Mechanisms:

• Independent Ethics Review Boards (ERBs) / Institutional Review Boards (IRBs): All projects typically undergo rigorous ethical review to ensure adherence to ethical guidelines, respect for data subjects’ rights, and assessment of potential harms and benefits.
• Data Access Committees (DACs): These committees, often multidisciplinary and independent, evaluate research proposals against established criteria. They assess the project’s scientific merit, public benefit, alignment with legal mandates (e.g., GDPR Article 6 and 9 conditions for processing sensitive data), and the suitability of the requested data and methods.
• Detailed Project Proposals: Researchers must submit comprehensive proposals outlining the research question, methodology, data requirements, expected outputs, public benefit statement, and data protection measures.
• Proportionality Assessments: DACs meticulously verify that the data requested is proportionate to the research aim and that no less sensitive data could achieve the same objective.
• Public Benefit Test: Many data custodians require researchers to articulate how their project will contribute to public good, policy development, or scientific advancement, ensuring that the use of sensitive data is justifiable to citizens.

Detailed Challenges:

• Defining ‘Public Benefit’: This can be subjective and contentious. Balancing academic freedom with the public’s expectation of direct societal impact often requires careful judgment and clear guidelines.
• Scope Creep: Ensuring that approved projects do not expand beyond their original scope, or that researchers do not pursue unauthorized lines of inquiry, requires diligent monitoring and clear amendment procedures.
• Commercial Research: Managing requests from commercial entities poses particular challenges in demonstrating public benefit without perceived private gain or exploitation of public data assets.
• Complexity of Multi-partner Projects: Research involving multiple institutions or international collaborators can complicate ethical review and data access agreements due to differing standards and legal jurisdictions.
• Timeliness of Review: The rigorous review process can be time-consuming, potentially delaying valuable research. Striking a balance between thoroughness and efficiency is a constant challenge.

Detailed Successes and Best Practices:

• Transparent Application Processes: Clear, publicly available application forms, guidelines, and criteria for project approval foster trust and streamline the application process.
• Multi-stakeholder Review Panels: Including ethicists, data owners, statisticians, legal experts, and public representatives on DACs ensures a holistic and balanced review.
• Public Registers of Approved Projects: Publishing details of approved projects (e.g., research title, lead researcher, public benefit statement, data used) enhances transparency and accountability, demonstrating responsible data use.
• Regular Audits of Project Outputs: Periodically reviewing published research to ensure it aligns with the approved project scope and stated public benefit can help maintain integrity.
• Tiered Review Processes: Implementing faster, streamlined reviews for low-risk projects and more intensive scrutiny for high-risk, highly sensitive projects can optimize resources.

4.3. Safe Settings

Definition: This ‘safe’ concerns the physical and technological environments in which sensitive data is accessed and analyzed, ensuring robust security measures are in place to prevent unauthorized access, use, or disclosure.

Principles: The core principles are confidentiality, integrity, availability, least privilege access, and auditability. The environment must guarantee that data remains confidential, is not altered without authorization, and is accessible only to authorized individuals when needed. Security must be designed to withstand evolving cyber threats.

Implementation Mechanisms:

• Trusted Research Environments (TREs) / Secure Data Environments (SDEs): These are the primary implementation of Safe Settings. They are typically virtualized, air-gapped environments, often cloud-based or on-premise, that isolate sensitive data from the open internet.
• Technical Security Controls:
  • Access Control: Strict role-based access control (RBAC), multi-factor authentication (MFA), and VPN access are standard. Least privilege principle is enforced, meaning researchers only get access to the specific data and tools required for their approved project.
  • Network Security: Robust firewalls, intrusion detection/prevention systems (IDS/IPS), and segregated networks prevent unauthorized network access. All traffic is encrypted.
  • Data Encryption: Data is encrypted both at rest (on storage servers) and in transit (during transfer within the secure environment or to researchers).
  • System Hardening: Operating systems and applications within the TRE are regularly patched and configured to minimize vulnerabilities. Unnecessary ports and services are disabled.
  • No Data Export/Download: Researchers cannot download raw data, upload external files without explicit approval, or print information from the environment. All outputs are subject to review before release.
• Physical Security: Data centres housing TRE infrastructure have stringent physical access controls (biometric scanners, security personnel, CCTV, access logs) to prevent unauthorized entry.
• Regular Audits and Penetration Testing: Independent security audits and ‘red team’ penetration testing are conducted regularly to identify and rectify vulnerabilities in the TRE’s infrastructure and policies.
• Incident Response Plan: A well-defined plan for responding to security incidents (e.g., data breaches, attempted hacks) is crucial, including detection, containment, eradication, recovery, and post-incident analysis.

Detailed Challenges:

• Cost and Complexity: Building and maintaining a truly secure TRE is extremely expensive, requiring significant investment in hardware, software, cybersecurity experts, and ongoing operational costs. This can be prohibitive for smaller organizations.
• Balancing Security with Usability: Overly restrictive security measures can impede research efficiency and frustrate users, potentially leading to shadow IT practices. Finding the optimal balance is a constant challenge.
• Evolving Cyber Threats: The threat landscape is constantly changing, with new vulnerabilities and attack vectors emerging regularly. Maintaining state-of-the-art security requires continuous vigilance and adaptation.
• Scaling Infrastructure: As the number of researchers and datasets grows, scaling TRE infrastructure without compromising security or performance becomes a complex technical and logistical task.
• Integration with Existing Systems: Integrating a TRE with legacy systems, data ingest pipelines, and other organizational IT infrastructure can pose significant technical hurdles.

Detailed Successes and Best Practices:

• ISO 27001 Certification: Achieving international standards like ISO 27001 for Information Security Management Systems demonstrates a commitment to robust security practices.
• Cloud-based Secure Enclaves: Leveraging secure cloud computing services (e.g., AWS GovCloud, Azure Government) can provide scalable and resilient infrastructure for TREs, often with built-in security features and compliance certifications.
• Standardized TRE Architectures: Developing and sharing standardized blueprints for TRE construction can reduce complexity and improve consistency across different implementations (e.g., national SDE blueprints).
• User Training and Awareness: Educating researchers on the rationale behind security measures and best practices (e.g., strong passwords, phishing awareness) is crucial for human-factor security.
• Dedicated Security Teams: Establishing specialized cybersecurity teams responsible for monitoring, maintaining, and evolving the TRE’s security posture is vital.

4.4. Safe Data

Definition: This ‘safe’ concerns the preparation and presentation of the data itself, ensuring that it has been appropriately de-identified, anonymized, or otherwise transformed to minimize the risk of re-identification while retaining sufficient utility for research.

Principles: The core principles include data minimization, anonymization/pseudonymisation, utility preservation, and ongoing risk assessment. The aim is to reduce the direct and indirect identifiability of individuals within the dataset to an acceptable level, considering all available information, while ensuring the data remains analytically valuable.

Implementation Mechanisms:

• De-identification Techniques: This involves removing or altering direct identifiers (e.g., names, addresses, national ID numbers). Common techniques include:
  • Pseudonymisation: Replacing direct identifiers with artificial identifiers (pseudonyms or tokens). This allows for re-linkage of data within the secure environment if necessary, but makes it difficult to link outside.
  • Anonymisation: More extreme measures where direct identifiers are permanently removed, and other attributes are modified to prevent re-identification. This aims for irreversible de-identification.
  • Suppression: Removing specific data points or entire records (e.g., for very small groups).
  • Generalisation: Broadening categories (e.g., replacing exact age with age ranges, or specific postcodes with broader geographical areas).
  • Perturbation/Noise Addition: Introducing slight random noise into numerical data to mask individual values without significantly altering statistical properties.
  • Data Aggregation: Providing access only to aggregated statistics rather than individual records, where appropriate.
• Statistical Disclosure Control (SDC): These are methods applied to statistical outputs rather than the raw data itself, to prevent disclosure (see Safe Outputs), but also inform how data is prepared for release into a TRE.
• Synthetic Data Generation: Creating entirely artificial datasets that statistically mimic the original sensitive data but contain no real individual information. This offers a high degree of privacy but can sometimes lack the nuance of real data.
• Tiered Data Access: Offering different ‘versions’ of the data based on sensitivity and purpose. For instance, a highly anonymized public-use file, a pseudonymised research file in a TRE, and a fully identifiable master file accessible only to trusted data custodians.
• Metadata Provision: Comprehensive metadata (data dictionaries, variable descriptions, data provenance, quality reports) is provided alongside the de-identified data to enhance utility and context.

Detailed Challenges:

• Re-identification Risk: The continuous challenge is that re-identification is a dynamic process. As more external data becomes available (e.g., through social media, public records), the risk of re-identifying individuals from seemingly anonymized datasets increases. Combining multiple ‘safe’ datasets can also increase risk.
• Utility-Privacy Trade-off: There is an inherent tension between reducing re-identification risk and preserving data utility. The more data is anonymized or perturbed, the less precise or useful it becomes for certain research questions, potentially introducing bias or obscuring subtle relationships.
• Managing Linked Datasets: When multiple datasets are linked, the risk of re-identification increases significantly, as the unique combination of attributes across linked files can act as a quasi-identifier. This requires extremely careful management of the linkage process and the resulting linked data.
• Public Perception vs. Technical Reality: The public’s understanding of ‘anonymization’ often differs from the technical reality, leading to concerns about ‘de-anonymization’ even when significant safeguards are in place.
• Standardization of Anonymization: There is no single universally accepted standard for anonymization, and the effectiveness of different techniques varies depending on the data characteristics and research context.

Detailed Successes and Best Practices:

• Privacy-Enhancing Technologies (PETs): Research and development into advanced PETs like differential privacy, secure multi-party computation (SMPC), and homomorphic encryption are helping to push the boundaries of privacy preservation while maintaining utility.
• Expert Data Curators: Employing specialized data scientists and SDC experts who understand the nuances of data transformation and re-identification risks is crucial.
• Clear Data Dictionaries and Provenance: Documenting every step of the data cleaning, transformation, and de-identification process, along with comprehensive metadata, improves data usability and builds trust.
• Risk Audits: Regular re-evaluation of de-identified datasets against current external data sources to assess evolving re-identification risks.
• Consultation with Data Users: Involving researchers in the anonymization process to understand their analytical needs helps strike a better balance between utility and privacy.

4.5. Safe Outputs

Definition: This ‘safe’ ensures that all research outputs generated from sensitive data undergo rigorous review and statistical disclosure control (SDC) before release, preventing any inadvertent disclosure of individual identities.

Principles: The core principles are non-disclosive, replicable (where possible), verifiable, and ethical dissemination. The goal is to ensure that the findings can be publicly shared without revealing information about specific individuals or small identifiable groups.

Implementation Mechanisms:

• Output Checking: This is a mandatory step for all research findings leaving a secure environment. It can involve:
  • Manual Review: Human reviewers (trained SDC experts) scrutinize every table, chart, regression output, and text commentary.
  • Automated Tools: Software tools can be used to scan outputs for common SDC rule violations (e.g., small cell counts).
• Statistical Disclosure Control (SDC) Methods Applied to Outputs: These are techniques specifically applied to the research results:
  • Minimum Cell Counts: A common rule is that no cell in a table can contain data for fewer than a specified number of individuals (e.g., 3 or 5). Cells below this threshold are suppressed or aggregated.
  • Thresholding: For continuous variables, minimum or maximum values might be capped or bottom-coded to prevent identification of outliers.
  • Rounding and Perturbation: Small numbers in tables might be rounded to the nearest multiple of 5, or small amounts of noise added to summary statistics.
  • Disclosure Risk Assessment: For complex outputs like regression coefficients or machine learning model parameters, the risk of inferential disclosure is assessed.
• Audit Trails: All output requests, checks, and approvals are meticulously logged to maintain an auditable record.
• Embargo Periods: In some cases, outputs may be subject to embargo periods to allow for concurrent publication or policy review before public release.
• Review by Data Owners: The original data owners or custodians may have a final review step to ensure compliance with their specific data sharing agreements and policies.

Detailed Challenges:

• Time and Resource Intensiveness: Output checking is notoriously time-consuming and labor-intensive, particularly for complex projects generating numerous outputs. This can create bottlenecks and delay research dissemination.
• Preventing ‘Residual Disclosure’: Even if individual outputs are non-disclosive, combining multiple outputs from the same or different projects could, theoretically, allow for re-identification. Managing this ‘mosaic effect’ or ‘residual disclosure’ risk is highly complex.
• Complex Outputs: Machine learning models, geospatial visualizations, and highly granular data analyses present novel challenges for SDC, as traditional rules might not apply or be sufficient.
• Training Output Checkers: Developing and maintaining a skilled team of SDC experts who can rigorously review diverse research outputs is a significant investment.
• Balancing Thoroughness with Speed: Researchers often face pressure to publish quickly. The need for rigorous output checking must be balanced against the imperative for timely dissemination of research findings.

Detailed Successes and Best Practices:

• Automated Checking Tools with Human Oversight: Developing and deploying tools that can automatically flag potential SDC violations (e.g., small cells) greatly speeds up the initial review process, allowing human experts to focus on complex cases.
• Clear Output Guidelines: Providing researchers with explicit, detailed guidelines on SDC rules and acceptable output formats before they commence analysis can reduce the need for revisions later.
• Standardized Review Protocols: Implementing consistent, documented protocols for output checking ensures fairness, transparency, and reproducibility of the review process.
• Training for Researchers on SDC: Educating researchers on SDC principles empowers them to produce safer outputs from the outset, reducing the burden on checkers.
• Transparency in SDC Methods: Clearly stating the SDC methods applied to outputs (e.g., ‘all cell counts less than 5 have been suppressed’) informs users and maintains scientific integrity.

Many thanks to our sponsor Esdebe who helped us prepare this research report.

5. Effectiveness and Impact: Balancing Research Utility with Privacy Protection

The Five Safes Framework has unequivocally proven to be a highly effective model for balancing the competing demands of research utility and individual privacy protection. Its success is rooted in its holistic, multi-layered approach, which acknowledges that no single safeguard is sufficient, but a combination of robust controls across all five dimensions can create an environment where sensitive data can be used responsibly for public good.

Enabling Transformative Research:

The most significant impact of the Five Safes is its role in enabling research that would otherwise be impossible or severely restricted. By providing a structured and auditable mechanism for secure data access, it has unlocked vast datasets—ranging from national census microdata and administrative records to health and genomic information—for academic, government, and policy research. This has led to:

• Informed Policy Making: Research conducted within Five Safes-compliant environments has directly informed public policy in areas such as education, employment, health, and social welfare. For example, studies on the long-term impact of educational interventions, the effectiveness of social benefit programs, or the geographical distribution of health inequalities have provided crucial evidence for government decisions.
• Economic and Social Insights: Researchers have utilized these secure environments to analyze complex socio-economic trends, understand labor market dynamics, study demographic shifts, and evaluate the efficacy of various economic stimuli. This deeper understanding is vital for national planning and resource allocation.
• Public Health Advancements: Access to pseudonymized health data through SDEs has facilitated epidemiological studies, drug safety surveillance, research into disease progression, and the evaluation of healthcare interventions, contributing directly to improvements in public health outcomes. The response to the COVID-19 pandemic, for instance, heavily relied on rapid, secure access to linked health and administrative data within Five Safes-aligned TREs.

Building and Maintaining Public Trust:

The framework’s transparent and systematic approach is crucial for fostering and sustaining public trust in data sharing initiatives. In an era of heightened privacy concerns and data breaches, explicitly outlining the safeguards in place can reassure data subjects that their information is handled with the utmost care. The clear articulation of ‘who’ can access ‘what’ data for ‘which’ purpose, in ‘what’ environment, and with ‘what’ resulting outputs, demystifies the data access process. This transparency is particularly important for gaining public acceptance for data linkage projects, which often draw on data from multiple sources to create rich, policy-relevant datasets.

Risk Mitigation and Accountability:

The Five Safes framework provides a robust risk management paradigm. It moves beyond a simplistic binary of ‘safe’ or ‘unsafe’ to a continuous process of risk assessment and mitigation. By systematically addressing risks associated with people, projects, settings, data, and outputs, it significantly reduces the likelihood of unauthorized disclosure or misuse. Moreover, the framework embeds strong accountability mechanisms. Researchers, data custodians, and institutional leaders are held responsible for adhering to the defined ‘safes’, with clear consequences for non-compliance. This creates a culture of responsibility and due diligence.

Adaptability and Scalability:

Its inherent modularity and principle-based design have allowed the Five Safes to be adapted to diverse organizational contexts and data types, from small university departments handling specialized survey data to large national statistical offices managing vast administrative datasets. This scalability has been a key factor in its global recognition and continued relevance.

Continuous Evolution, Not Stasis:

While highly effective, the framework’s effectiveness is not static. It hinges on rigorous and consistent application, coupled with continuous evaluation and adaptation. As technologies evolve, new data types emerge, and re-identification techniques become more sophisticated, the implementation of each ‘safe’ must be regularly reviewed and updated. For instance, the ‘Safe Data’ component now increasingly incorporates advanced anonymization techniques like differential privacy, and ‘Safe Settings’ continually adopts cutting-edge cybersecurity measures. This dynamic rather than static application is crucial for the framework to maintain its efficacy in the face of evolving challenges.

In essence, the Five Safes Framework has created a fertile ground for data-driven innovation while simultaneously reinforcing ethical data governance. It provides a practical, comprehensible, and auditable pathway for organizations to unlock the immense value of sensitive data, thereby maximizing research utility for public benefit, all without compromising the fundamental right to privacy.

Many thanks to our sponsor Esdebe who helped us prepare this research report.

6. Critiques, Comparisons, and Future Directions

Despite its widespread adoption and proven utility, the Five Safes Framework is not without its critics. Engaging with these critiques and comparing the framework to alternative models is crucial for understanding its limitations and for informing its future evolution.

6.1. Critiques of the Five Safes Framework

One of the most prominent critical analyses, ‘Not fit for Purpose: A critical analysis of the ‘Five Safes’’ by Culnane, Rubinstein, and Watts (2020), argues that the framework, while well-intentioned, possesses fundamental flaws. Their core arguments revolve around several key areas:

• Disconnection from Legal Protections: The authors contend that the Five Safes, as a practical framework, is insufficiently anchored in robust legal data protection principles (e.g., those found in GDPR or the Australian Privacy Act). They argue that it focuses on operational controls without adequately addressing the fundamental rights of data subjects or the legal obligations of data custodians. They suggest it appropriates the notion of ‘safety’ without necessarily providing the means to implement strong technical measures that are legally sound and defensible in privacy law.
• Static View of Disclosure Risk: A significant criticism is that the framework tends to view disclosure risk as static, determined at the point of data preparation or project approval. However, re-identification risk is dynamic, evolving over time as new external datasets become available and as analytical techniques advance. The framework, in their view, does not explicitly mandate or facilitate ongoing, dynamic risk assessments or require repeat assessments of previously deemed ‘safe’ data or outputs.
• Lack of Strong Technical Measures: While ‘Safe Settings’ and ‘Safe Data’ address technical aspects, the critique suggests the framework doesn’t inherently compel the adoption of the strongest available privacy-enhancing technologies (PETs) or cutting-edge cryptographic solutions. It often relies on administrative controls and ‘security by obscurity’ rather than mathematically provable privacy guarantees.
• Potential for ‘Security Theatre’: Critics argue that organizations might implement the Five Safes in a superficial manner, focusing on compliance with each ‘safe’ as a checklist rather than genuinely embedding a culture of robust security and privacy protection. This can lead to ‘security theatre’ where the appearance of security overshadows its actual effectiveness.
• Implicit Public Engagement: While the framework aims to build trust, it has been argued that it does not explicitly mandate or structure meaningful public engagement or citizen participation in the governance of sensitive data. Decision-making processes under the Five Safes can sometimes be opaque to the wider public.
• Resource Intensiveness and Scalability: Implementing the Five Safes rigorously can be extremely resource-intensive, requiring significant financial investment in infrastructure, specialized personnel, and ongoing audits. This can be a barrier for smaller organizations or those with limited budgets, potentially leading to uneven application of the framework.
• Human Error Vulnerability: Despite ‘Safe People’, human error, negligence, or malicious intent remains a persistent vulnerability. The framework, while addressing training and accreditation, cannot entirely eliminate this fundamental risk factor.

These critiques highlight areas where the Five Safes might be strengthened or complemented by other approaches, particularly concerning the integration of legal principles, the adoption of advanced technical safeguards, and the institutionalization of dynamic risk assessment.

6.2. Comparison with Alternative and Complementary Data Security Models

The Five Safes Framework operates within a broader ecosystem of data security and governance models. Understanding its relationship to these models helps to contextualize its strengths and limitations.

• SafeGUARDS Principles (UK Health Data Research Alliance): Developed by the UK Health Data Research Alliance, the SafeGUARDS principles offer a broader governance framework specifically tailored for health data. While not a direct replacement, they complement the Five Safes by emphasizing:

  • Transparency: Clear communication about data use.
  • Accountability: Robust governance and oversight.
  • Public Involvement: Engaging patients and the public in decision-making.
  • Safeguards: Drawing heavily on the Five Safes operational model.
  • Research Ethics: Strong ethical oversight.
  • Data Minimisation: Using only necessary data.
  • Data Quality: Ensuring fitness for purpose.
    The SafeGUARDS principles add a stronger emphasis on public engagement and ethical oversight at a strategic level, providing a wider governance umbrella under which the operational Five Safes can function effectively, particularly in sensitive domains like health.

• Privacy by Design (PbD): Pioneered by Ann Cavoukian, PbD advocates for privacy to be proactively embedded into the design and operation of information systems and business practices, rather than being an afterthought. Its seven foundational principles include:

  • Proactive not Reactive; Preventative not Remedial.
  • Privacy as the Default Setting.
  • Privacy Embedded into Design.
  • Full Functionality—Positive-Sum, not Zero-Sum.
  • End-to-End Security—Full Lifecycle Protection.
  • Visibility and Transparency.
  • Respect for User Privacy.
    The Five Safes can be seen as a practical implementation strategy for achieving PbD in a research data access context. By designing TREs, data preparation workflows, and output review processes around the Five Safes, organizations are, in effect, embedding privacy into the design of their data research ecosystem from the outset.

• Differential Privacy: This is a rigorous, mathematical definition of privacy, providing provable guarantees that the outcome of a data analysis is almost identical whether an individual’s data is included or excluded. It is a technical mechanism that fits squarely within the ‘Safe Data’ and ‘Safe Outputs’ components. While offering strong privacy, its application can be complex and may sometimes impact data utility for certain analyses. It represents a cutting-edge technique that TREs are increasingly exploring to enhance the privacy guarantees of their data releases.

• Access Control Models (e.g., RBAC, ABAC): Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) are technical models primarily used within ‘Safe Settings’ to manage who can access what resources. RBAC assigns permissions based on a user’s role (e.g., ‘researcher’, ‘data steward’), while ABAC offers finer-grained control based on attributes (e.g., user’s clearance level, data sensitivity, time of access). These are granular technical implementations that operationalize the ‘least privilege’ principle inherent in Safe Settings.

• Legal Frameworks (e.g., GDPR, HIPAA, CCPA): It is crucial to understand that the Five Safes is a framework for implementation rather than a legal framework itself. Laws like the GDPR provide the legal mandate and principles for data protection (e.g., lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality, and accountability). The Five Safes then offers a practical, systematic methodology for how an organization can operationalize these legal requirements specifically for data access in a research context, particularly satisfying the ‘integrity and confidentiality’ (security) principle and the ‘accountability’ principle through its structured governance.

In essence, the Five Safes Framework provides a robust, operational backbone for secure data access. It is most effective when complemented by broader governance principles (like SafeGUARDS), proactive design philosophies (like Privacy by Design), and cutting-edge technical solutions (like differential privacy), all within the overarching envelope of robust legal data protection frameworks.

6.3. Future Adaptations to Emerging Data Types and Technological Advancements

The relentless pace of technological innovation and the emergence of new data types necessitate continuous evolution of the Five Safes Framework to maintain its relevance and effectiveness.

• Big Data and Real-time Data Analytics: The sheer volume, velocity, and variety of ‘Big Data’ (e.g., sensor data, streaming data, social media feeds) present new challenges. Manual processes for output checking (‘Safe Outputs’) become impractical. The framework will need to integrate more automated, AI-driven solutions for disclosure control and anomaly detection. Real-time data access also requires dynamic risk assessment and adaptive controls.

• Machine Learning and Artificial Intelligence (AI): The widespread adoption of AI in data analysis introduces complex privacy challenges. AI models can learn and inadvertently ‘memorize’ sensitive information from their training data, potentially leading to disclosure risks even from seemingly aggregate model outputs. Techniques like federated learning (where models are trained on decentralized data without moving the raw data) and secure multi-party computation (SMPC) will become increasingly vital within ‘Safe Settings’ and ‘Safe Data’ to train models across sensitive datasets without direct data sharing.

• Genomic and Bio-Metric Data: These highly sensitive data types pose unique re-identification risks due to their inherent uniqueness and potential for broad inferential disclosure. The ‘Safe Data’ component will need to incorporate specialized anonymization and pseudonymisation techniques, alongside robust consent mechanisms, to manage these risks effectively.

• Internet of Things (IoT) Data: The proliferation of IoT devices generates massive streams of diverse data, often contextual and granular. Managing the privacy implications of linking IoT data with other datasets will require sophisticated data anonymization strategies and robust consent frameworks.

• Cloud Computing and Distributed Data: As more data moves to cloud environments or is distributed across multiple organizations, ‘Safe Settings’ must evolve to encompass distributed trust models, advanced cloud security architectures, and robust data provenance tracking across complex data ecosystems. Zero-trust security models will likely become a standard.

• Quantum Computing: While still nascent, the potential emergence of quantum computing could threaten current cryptographic methods, necessitating a paradigm shift in encryption within ‘Safe Settings’ and ‘Safe Data’. Anticipatory research into post-quantum cryptography will be essential.

• Dynamic Risk Assessment: Moving beyond static risk assessments, future adaptations will likely involve continuous, automated monitoring of re-identification risk, leveraging machine learning to detect evolving threats and adjusting safeguards in real-time. This includes ongoing assessment of external data availability that could contribute to re-identification.

• Enhanced Public Engagement and Co-design: Addressing the critique of implicit public engagement, future iterations of data governance frameworks, including the Five Safes, will likely place a stronger emphasis on involving citizens and data subjects in the design, oversight, and decision-making processes for data access. This could involve citizen assemblies, patient and public involvement (PPI) groups, and co-design workshops to build deeper trust and ensure ethical alignment.

• Legal Harmonization and Interoperability: As data sharing becomes increasingly global, there will be a growing need for greater harmonization of data protection laws and interoperability of secure data access frameworks, allowing for secure cross-border research while maintaining high privacy standards.

The Five Safes Framework, therefore, must remain a living, evolving entity. Its strength lies in its conceptual simplicity and adaptability, but its continued efficacy depends on its capacity to integrate new technologies, address emerging privacy challenges, and incorporate evolving societal expectations around data governance. This ongoing adaptation will ensure its enduring relevance as a cornerstone of responsible data access for generations to come.

Many thanks to our sponsor Esdebe who helped us prepare this research report.

7. Conclusion

The Five Safes Framework has profoundly shaped the landscape of secure and ethical data access for research, transitioning from an internal ONS model to a globally recognized standard. Its genius lies in its holistic, multi-layered approach, systematically addressing the complex interplay of risks associated with people, projects, settings, data, and outputs. By disaggregating the challenge of data confidentiality into these five manageable dimensions, the framework provides a pragmatic yet powerful methodology for achieving a delicate balance: maximizing the utility of sensitive data for societal benefit while rigorously protecting individual privacy.

This report has meticulously traced the framework’s origins, detailed its evolution, and explored its widespread adoption in Trusted Research Environments and various governmental and academic institutions worldwide. We have delved into the intricacies of each ‘safe’, highlighting the practical challenges encountered during implementation—from the complexities of researcher accreditation to the delicate balance between data utility and anonymization, and the resource-intensive nature of output checking. Concurrently, we have showcased numerous successes and best practices, demonstrating the framework’s tangible impact in enabling groundbreaking research that informs policy, advances scientific understanding, and improves public welfare.

While the Five Safes has proven remarkably effective, it is not without its limitations. Critiques concerning its explicit links to legal frameworks, the dynamic nature of re-identification risk, and the call for stronger technical measures warrant careful consideration. However, these critiques also serve as catalysts for continuous improvement, pushing the framework towards greater sophistication and robustness. When viewed alongside complementary models such as Privacy by Design, the SafeGUARDS principles, and advanced privacy-enhancing technologies, the Five Safes forms a vital operational component within a comprehensive data governance ecosystem.

Looking ahead, the imperative for adaptation is clear. The relentless march of technological innovation, the advent of new data modalities like genomic, IoT, and AI-generated data, and the increasing sophistication of analytical techniques demand that the Five Safes remains a dynamic and responsive framework. Future adaptations will likely encompass a greater integration of automated risk assessment, advanced privacy-preserving AI techniques, enhanced technical safeguards against evolving cyber threats, and a deeper commitment to public engagement and co-design in data governance processes.

In conclusion, the Five Safes Framework stands as a pivotal achievement in the realm of data governance. It has provided a credible and widely accepted pathway for responsible data access, fostering trust and enabling invaluable research. Its continued evolution, driven by both critique and technological advancement, will ensure its enduring relevance as an indispensable tool for navigating the complex and ever-expanding data frontier, ensuring that the promise of data-driven insights is realized ethically and securely for generations to come.

Many thanks to our sponsor Esdebe who helped us prepare this research report.

References

• Australian Bureau of Statistics. (2017). Data Availability and Use: Australian Productivity Commission Inquiry Report. Retrieved from en.wikipedia.org
• Cavoukian, A. (2012). Privacy by Design: The 7 Foundational Principles. Information and Privacy Commissioner of Ontario.
• Culnane, C., Rubinstein, B. I. P., & Watts, D. (2020). Not fit for Purpose: A critical analysis of the ‘Five Safes’. arXiv preprint arXiv:2011.02142. Retrieved from arxiv.org
• Department for Education. (n.d.). How DfE shares personal data. Retrieved from gov.uk
• Integrated Data Service. (n.d.). Keeping data secure: Trusted Research Environment. Retrieved from integrateddataservice.gov.uk
• NHS England Digital. (n.d.). Five Safes Framework. Retrieved from digital.nhs.uk
• North West Secure Data Environment. (n.d.). How data is protected. Retrieved from northwestsde.nhs.uk
• Office for National Statistics. (2025). The Five Safes Framework. Retrieved from gov.uk
• Office for National Statistics. (n.d.). About the Secure Research Service. Retrieved from ons.gov.uk
• Office for Statistics Regulation. (2023). Data Sharing and Linkage for the Public Good: Follow-Up Report. Retrieved from osr.statisticsauthority.gov.uk
• Ritchie, F. (2019). The ‘Five Safes’: A framework for secure data access. Statistica Neerlandica, 73(1), 16-29.
• UK Health Data Research Alliance. (n.d.). The SafeGUARDS. Retrieved from ukhealthdata.org