Periodic Reporting for period 1 - PROTECT-CHILD (A PRivacy-prOTecting Environment for Child Transplants health-related and genomic data integration in the European Reference Network)
Reporting period: 2024-06-01 to 2025-11-30
The PROTECT-CHILD project aims to establish a secure, privacy-preserving, and ethically grounded European framework for the integration and secondary use of paediatric health and genomic data in the context of organ transplantation. Embedded within the European Reference Network TransplantChild, the project addresses the fragmentation, limited scale, and governance constraints that currently hinder robust research and personalised care for transplanted children.
PROTECT-CHILD develops an EHDS-compliant federated data ecosystem that enables the integration of real-world clinical data with genomic data generated in the context of paediatric liver and kidney transplantation. The project adopts a common data model aligned with international interoperability standards and is supported by a strong legal, ethical, and governance framework designed to protect children’s rights and foster trust in cross-border data reuse.
At its core, PROTECT-CHILD implements a Zero-Trust, analytics-to-data architecture based on EHDS capsules and secure processing environments, allowing advanced analytics, federated learning, and AI workflows to be executed directly at data-holder premises without centralising sensitive data. This approach enables large-scale, privacy-preserving data processing while remaining fully compliant with GDPR and emerging EHDS requirements.
The project’s pathway to impact is closely aligned with European health data and genomics strategies, including the European Health Data Space, the Genomic Data Infrastructure, and ELIXIR. Through a multicentric pilot in paediatric liver and kidney transplant patients, the project aims to identify genomic and methylomic biomarkers predictive of post-transplant outcomes.
PROTECT-CHILD develops an EHDS-compliant federated data ecosystem that enables the integration of real-world clinical data with genomic data generated in the context of paediatric liver and kidney transplantation. The project adopts a common data model aligned with international interoperability standards and is supported by a strong legal, ethical, and governance framework designed to protect children’s rights and foster trust in cross-border data reuse.
At its core, PROTECT-CHILD implements a Zero-Trust, analytics-to-data architecture based on EHDS capsules and secure processing environments, allowing advanced analytics, federated learning, and AI workflows to be executed directly at data-holder premises without centralising sensitive data. This approach enables large-scale, privacy-preserving data processing while remaining fully compliant with GDPR and emerging EHDS requirements.
The project’s pathway to impact is closely aligned with European health data and genomics strategies, including the European Health Data Space, the Genomic Data Infrastructure, and ELIXIR. Through a multicentric pilot in paediatric liver and kidney transplant patients, the project aims to identify genomic and methylomic biomarkers predictive of post-transplant outcomes.
During the M1–M18 reporting period, the project focused on defining the architectural, legal, and clinical foundations of the PROTECT-CHILD ecosystem:
1. Requirements and Architecture (WP2): The consortium delivered the high-level requirements and user stories (D2.1) and the platform architecture (D2.3). A Zero Trust architecture based on Istio service mesh technology was designed to support federated learning and EHDS capsules. The first iteration of the Common Data Model (CDM) was completed, mapping clinical variables to the OMOP standard to ensure interoperability.
2. Legal and Ethical Framework (WP2, WP11): A comprehensive regulatory mapping of the GDPR, EHDS Regulation, Data Governance Act, and AI Act was conducted, resulting in the "Stakeholder Requirements and legal framework" deliverable (D2.2). The Independent Ethical Advisory Board (IEAB) was established and inaugurated, providing oversight on clinical protocols and stakeholder engagement.
3. Infrastructure and Core Services (WP3, WP4): Technical partners designed and validated a scalable container infrastructure. This included the deployment of a production-grade Beacon v2 service on AWS and the evaluation of the MedCo platform, which led to the adoption of custom Zero Trust components (SPIRE, OPA) for better security. A prototype of the PROTECT-CHILD capsule and orchestrator was developed, validating deployment patterns for Secure Processing Environments.
4. Data Discovery and Federated Analysis (WP5): The project defined a catalogue of federated algorithms using the Vantage6 framework and executed a first multi-node demonstration to validate privacy-preserving analytics. A dataset discoverability metadata model was drafted, aligned with the HEALTH-DCAT-AP standard.
5. Governance Services (WP6): Keycloak was selected and tested as the Authentication and Authorization Infrastructure (AAI). The FHIR at Scale Taskforce (FAST) specification was adopted for the consent management platform, with a sandbox HAPI FHIR server deployed for testing.
6. Pilot Study Preparation (WP8): The clinical study protocol was finalized (D8.4) and ethics approval processes were initiated across four sites, with approvals already obtained in two centers. A liver-specific Case Report Form (CRF) was finalized to support structured data collection.
1. Requirements and Architecture (WP2): The consortium delivered the high-level requirements and user stories (D2.1) and the platform architecture (D2.3). A Zero Trust architecture based on Istio service mesh technology was designed to support federated learning and EHDS capsules. The first iteration of the Common Data Model (CDM) was completed, mapping clinical variables to the OMOP standard to ensure interoperability.
2. Legal and Ethical Framework (WP2, WP11): A comprehensive regulatory mapping of the GDPR, EHDS Regulation, Data Governance Act, and AI Act was conducted, resulting in the "Stakeholder Requirements and legal framework" deliverable (D2.2). The Independent Ethical Advisory Board (IEAB) was established and inaugurated, providing oversight on clinical protocols and stakeholder engagement.
3. Infrastructure and Core Services (WP3, WP4): Technical partners designed and validated a scalable container infrastructure. This included the deployment of a production-grade Beacon v2 service on AWS and the evaluation of the MedCo platform, which led to the adoption of custom Zero Trust components (SPIRE, OPA) for better security. A prototype of the PROTECT-CHILD capsule and orchestrator was developed, validating deployment patterns for Secure Processing Environments.
4. Data Discovery and Federated Analysis (WP5): The project defined a catalogue of federated algorithms using the Vantage6 framework and executed a first multi-node demonstration to validate privacy-preserving analytics. A dataset discoverability metadata model was drafted, aligned with the HEALTH-DCAT-AP standard.
5. Governance Services (WP6): Keycloak was selected and tested as the Authentication and Authorization Infrastructure (AAI). The FHIR at Scale Taskforce (FAST) specification was adopted for the consent management platform, with a sandbox HAPI FHIR server deployed for testing.
6. Pilot Study Preparation (WP8): The clinical study protocol was finalized (D8.4) and ethics approval processes were initiated across four sites, with approvals already obtained in two centers. A liver-specific Case Report Form (CRF) was finalized to support structured data collection.
The PROTECT-CHILD project is advancing beyond the current state of the art in several key technical and clinical areas:
1. Zero-Trust EHDS Architecture: The project is moving beyond traditional perimeter-based security by implementing a Zero Trust architecture using Istio, SPIRE, and OPA. This approach specifically targets the requirements of "Secure Processing Environments" (SPE) under the EHDS, enabling fine-grained, policy-driven access control for federated microservices.
2. Federated Multi-Omics Integration: The project has deployed Beacon v2 services and is integrating them with complex federated analysis workflows (Vantage6). This goes beyond simple data discovery by enabling the distributed execution of not only genomic pipelines (e.g. variant annotation) but also epigenetic and methylomics analysis pipelines, which have been designed to run without centralizing sensitive pediatric data.
3. Advanced User Interfaces with AI: The project is designing "text-to-SQL" capabilities using Large Language Models (LLMs) to allow researchers to query OMOP-compliant databases using natural language. This innovation aims to lower the technical barrier for clinicians performing cohort exploration and feasibility analyses.
4. Quantum-Secure Readiness: The project has initiated exploratory assessments of Quantum Secure Multi-Party Computation (QS-MPC) and Quantum Key Distribution (QKD). This forward-looking research aims to future-proof the platform against emerging cryptographic threats, specifically in the context of genomic data management.
6. Dynamic Consent Standards: By adopting and adapting the FAST SCM (Scalable Consent Management) specification for pediatric use cases, the project is advancing the interoperability of dynamic consent mechanisms, moving beyond bespoke, isolated solutions often found in current research platforms
1. Zero-Trust EHDS Architecture: The project is moving beyond traditional perimeter-based security by implementing a Zero Trust architecture using Istio, SPIRE, and OPA. This approach specifically targets the requirements of "Secure Processing Environments" (SPE) under the EHDS, enabling fine-grained, policy-driven access control for federated microservices.
2. Federated Multi-Omics Integration: The project has deployed Beacon v2 services and is integrating them with complex federated analysis workflows (Vantage6). This goes beyond simple data discovery by enabling the distributed execution of not only genomic pipelines (e.g. variant annotation) but also epigenetic and methylomics analysis pipelines, which have been designed to run without centralizing sensitive pediatric data.
3. Advanced User Interfaces with AI: The project is designing "text-to-SQL" capabilities using Large Language Models (LLMs) to allow researchers to query OMOP-compliant databases using natural language. This innovation aims to lower the technical barrier for clinicians performing cohort exploration and feasibility analyses.
4. Quantum-Secure Readiness: The project has initiated exploratory assessments of Quantum Secure Multi-Party Computation (QS-MPC) and Quantum Key Distribution (QKD). This forward-looking research aims to future-proof the platform against emerging cryptographic threats, specifically in the context of genomic data management.
6. Dynamic Consent Standards: By adopting and adapting the FAST SCM (Scalable Consent Management) specification for pediatric use cases, the project is advancing the interoperability of dynamic consent mechanisms, moving beyond bespoke, isolated solutions often found in current research platforms