Accelerating the foundation for trusted data sharing in Dutch logistics

Shaping the future of data sharing in the Netherlands and Europe

This engagement helps the Netherlands approach data sharing in a more comparable and reusable way. Use cases are documented in a consistent, lightweight format so lessons can be reused across sectors. Insights flow back into the CoE-DSC knowledge base to reduce fragmentation and strengthen the Dutch position in European data-sharing discussions.  

Challenges

Data sharing involves many independent organisations with different priorities, vocabularies, and timelines. With dozens of initiatives, choices are often revisited and results are hard to compare—especially where business value and regulation are not yet clear. Without practical support, use cases risk staying isolated. (Problem context aligned with CoE-DSC landscape work.)  

Our role (NimbleNova in the CoE-DSC ecosystem)

We advise and facilitate

• Advise initiatives on scoping, design choices, and minimal documentation so outcomes are comparable and reusable.

• Facilitate collaboration: bring parties together, align on assumptions, and keep momentum through clear next steps.

• Capture & share lessons back to the CoE-DSC community so others can reuse what works.

• Respect ownership: initiatives remain responsible for progress and delivery—we accelerate, we don’t take over.

Ambition of the CoE-DSC

The CoE-DSC is the Netherlands’ central access point for data sharing and cloud. Its goal is to help organisations establish the trust mechanisms needed for secure, reliable data sharing, support scalable use cases, and avoid fragmentation by pooling efforts from prior initiatives (Data Sharing Coalition, AIC4NL data-sharing workgroup, Gaia-X Hub NL). The CoE-DSC is coordinated by TNO.  

Guiding a trust framework toward a shared, workable Security Framework

As one of the largest collaborative programs in Dutch logistics, BDI connects data flows across thousands of organisations. NimbleNova supported this effort by shaping an ecosystem-wide Security Framework that makes security explainable, governable, and ready for adoption.

The security framework is anchored in NIST CSF 2.0 and includes role-based profiles, implementation guidance, and a coherent register of required outcomes. As a result, stakeholders now share a single language and a clear path to adoption: associations can set and communicate their chosen security level, members apply the corresponding profiles, and living-lab pilots validate and refine the guidance before it becomes part of ongoing framework maintenance.

Challenges
The initiative faced siloed discussions where governance of trust (agreements, roles, mandates) became blurred with security enforcement, creating circular debates and uneven expectations. Differences in maturity across participants pulled the group in opposite directions—either toward heavy compliance demands or vague principles. Without a shared register and consistent profiles, implementation risked becoming tool-driven and fragmented, especially in an ecosystem with many-to-many integrations.

Our role
From start to finish, we combined Governance and Orchestrate to create clarity and keep momentum:

• Governance – we clarified decision rights, separated trust agreements from security enforcement, and introduced a lightweight policy lifecycle so updates move smoothly from proposal to publication with all stakeholders consulted.

• Orchestrate – we translated ambition into concrete steps:

  • Defined role-based security profiles that express required outcomes independent of specific tooling, keeping accountability with the role even when tasks are delegated.

  • Built a coherent Security Register aligned with the six CSF functions (Govern, Identify, Protect, Detect, Respond, Recover), including mappings to NIS2, ISO27001/2, BIO, and GDPR.

  • Prepared living-lab validation to test the baseline in practice before broad adoption.

  • Enabled associations to publish a chosen security level and set enforcement locally.

To ensure sustainability, we structured the operating model for associations into four reinforcing components: ecosystem-wide managed security services, enablement & adoption, compliance & assurance, and continuous improvement.

Ambition
The ambition of the trust framework was to move from fragmented, role-by-role interpretations of “security” toward a governed, explainable, and adoptable baseline—one that separates trust from security, and that both business and IT can work with. By aligning diverse stakeholders around a single framework, the initiative now has a foundation that is consistent, practical, and adaptable to different maturity levels, supporting secure and scalable growth across the ecosystem.

Business-driven transformation of a complex product organisation

NimbleNova supported a successful international wholesaler with a portfolio of more than 20,000 articles in transforming its IT and business landscape. The ambition was clear, move from fragmented solutions and ad hoc workarounds to a coherent, governed, and future-ready foundation.

A business-driven transformation delivered a coherent, future-ready application landscape and a professional way of working. Roles and responsibilities were clarified, internal capabilities were built, and knowledge was embedded so the organisation can own and extend the results. The transformation moved from short-term fixes to governed, structural solutions, leaving behind a solid base for growth and innovation.

Challenges

Progress was slowed by siloed ways of working, unclear ownership in decision-making, and fragmented data stewardship. Data quality issues persisted, with responsibility not consistently taken by the business. Some components, such as product information management, failed to meet architectural standards. Technical challenges like the stability and parity of environments underscored the need for a landscape-wide perspective, rather than piecemeal optimisation .

Our role

NimbleNova guided the programme from start to finish, combining governance and orchestration to keep the work focused on business outcomes:

• Governance: Set clear, business-owned principles and decision structures, ensuring choices were transparent, consistent, and aligned with the target blueprint. This avoided repeated discussions and secured accountability.
• Orchestrate: Translated ambition into an executable sequence, balancing dependencies across teams and maintaining a rhythm of progress without overloading leaders. We worked through internal teams to embed ownership, ensuring that capabilities remain after our role concluded.
• Solution selection: Supported the evaluation and confirmation of key platforms. The ERP backbone was validated as fit for the future if properly maintained and evolved. Where tools such as product information management fell short, we emphasised addressing data governance first before tool replacement.

Ambition

The organisation is a successful international wholesaler, managing a product portfolio of over 20,000 articles across multiple categories. This scale adds complexity to its IT and business processes, requiring a robust backbone and professional ways of working. The ambition was to “get the house in order”, replace fragmented systems with a coherent, governed landscape, strengthen business ownership, and prepare for future growth. The result is a more stable and integrated environment that the organisation can now evolve on its own.