Abstract
Compliance and trustworthiness are critical to the success of modern data marketplaces, where sensitive information is exchanged across organisational and jurisdictional boundaries. The UPCAST project addresses these challenges through a modular, plugin-based architecture that integrates privacy-preserving consent management, dynamic policy enforcement, and negotiation services. This paper presents the design and interaction of UPCAST’s core services, focusing on the bidirectional integration of Consent Management and Negotiation to ensure that agreements are legally sound, policy-compliant, and transparent to all stakeholders. By embedding compliance verification and trust assessment into the negotiation lifecycle, UPCAST moves beyond post-hoc auditing towards real-time, context-aware enforcement. The resulting architecture enables marketplaces that are adaptable to evolving regulatory requirements, interoperable across sectors, and capable of supporting secure, transparent, and mutually beneficial data transactions