Trusted Research Environments – From Framework to Practice

Reflections from the Health Data Forum Global Hybrid Summit Wales 2025
At the Health Data Forum Global Hybrid Summit Wales 2025, held under the banner "Driving Change through Data Insights," one of the most substantial discussions of the programme focused on a question that sits at the heart of modern health data innovation: how do we move Trusted Research Environments from concept to everyday practice?
This session brought together Cathie Sudlow, Davide Chiarugi, Petra Ritter, Ashley Akbari, and moderator Alex Newberry for a timely and highly practical exchange on the future of secure, ethical and interoperable health data use. The discussion was especially relevant in the Welsh context, where the Summit set out to showcase how data can improve care, strengthen governance, and support collaboration across boundaries.
Professor Cathie Sudlow opened the session with a powerful reminder that Trusted Research Environments, or TREs, are not valuable simply because they are secure technical infrastructures. Their value depends on what they enable. In her view, TREs must be populated with the right data sources, equipped to support a broad range of analytical tools, and interoperable with other environments across regions and countries. Most importantly, they must preserve privacy while enabling meaningful research.
Her intervention drew on the conclusions of her review of the UK health data landscape. The message was clear: the UK has extraordinary health and care data assets, but their public benefit is still limited by fragmentation, poor interconnectivity, and overly complex access arrangements. The greatest value comes not from isolated datasets, but from linking data across care settings, sectors and geographies. That point strongly echoed one of the Health Data Forum's broader priorities: better data ecosystems are essential for trustworthy innovation in healthcare.
Sudlow also highlighted an important lesson for Wales. In her view, Wales has already demonstrated what is possible through the SAIL Databank, which links primary care and cross-sector data to generate insights into the wider determinants of health. Rather than duplicating infrastructure unnecessarily, she argued for preserving and strengthening what already works well, particularly the Welsh "One Wales" approach to joining up health, social care and wider public data.
The international panel then widened the lens.
From Switzerland, Davide Chiarugi emphasised two foundational pillars for any TRE: a robust legal framework and strong usability. For him, trust is not created only through compliance. It is also created by designing systems that researchers can actually use. If the legal and governance requirements introduce too much friction, the environment may be secure, but it will struggle to deliver real value.
From Germany, Petra Ritter brought a strong European perspective centred on sovereignty and autonomy. She argued that trusted environments should not be overly dependent on external proprietary providers, especially when dealing with sensitive health data. Open-source infrastructure, code transparency, and operational control are not just technical preferences; they are governance choices that reflect societal values. Ritter also underlined the need for a broader European network of interoperable TREs, supported by trusted digital identity mechanisms and common standards.
Representing Wales, Ashley Akbari grounded the discussion in practice. He stressed that trust and transparency must extend across the full chain: data owners, researchers, institutions, patients and the public. He also made a highly pragmatic point: data custodians are more willing to share sensitive data when they can clearly see the value and impact of prior uses. In other words, TREs need not only strong safeguards but a visible track record of public benefit.
This led naturally into one of the most important themes of the session: public trust.
Interestingly, the panel challenged a common assumption. The main barrier is not always the public. In many cases, patients are broadly supportive of their data being used, provided it is used responsibly and for meaningful health benefit. The deeper challenge often lies with institutions and data controllers, who carry legal and reputational risk and therefore default to caution. Several speakers argued that this creates a need to shift the narrative: not using data can also carry a public cost, especially when valuable health improvements are delayed or lost altogether.
That perspective was particularly striking in the discussion about governance. The panel explored how legacy access procedures, shaped in an older era of data sharing, can remain unnecessarily complex even when data never leaves a secure environment. If trusted research environments are to fulfil their promise, governance models must evolve too. Standards, accreditation, and modern assurance mechanisms can help give data owners the confidence that simpler access processes do not mean weaker safeguards.
Another major thread running through the conversation was interoperability. Technical interoperability matters, but so does semantic and legal interoperability. Davide Chiarugi noted that federating data across countries requires both computational infrastructure and a shared language for understanding the data itself. Petra Ritter added that cross-border collaboration also depends on practical literacy: people need training, certification and confidence to work responsibly with sensitive data. This point resonated strongly with the UK's growing leadership in accredited access and trusted research training, which was recognised during the session as an area where others are looking to learn from British practice.
Taken together, the panel offered a mature view of what comes next for TREs. The future is not just bigger platforms or more storage. It is about portability, flexibility, accreditation, usability, interoperability and trust by design. It is about enabling more complex data types, including imaging and free text, while avoiding duplication and maintaining system sustainability. And it is about ensuring that secure access to data leads to better science, better policy, and ultimately better care.
For the Health Data Forum community, this session captured something essential. Trusted Research Environments are not merely a technical topic for specialists. They are strategic enablers of the future of real-world evidence, responsible AI, cross-border research, and health system transformation. If healthcare wants better intelligence, it must first build better data foundations. That principle remains central to the wider Health Data Forum agenda and to the movement for trustworthy AI in healthcare.
In Cardiff, this conversation moved beyond abstract support for "using data better." It showed that the real work lies in turning trust into operating models, standards, tools and relationships that work in practice.
