22 November 2025
Case Study
Trusted Data Format (TDF) & Zero-Trust Data Format (ZTDF)
Reality or just Theory?
Should we invest in secure data formats? Can we manage the information management challenge?
Everyone talks about Trusted Data Format (TDF) and Zero Trust Data Format (ZTDF) as the next big step in data security. And technically and in theory, it’s true:
Data becomes self-protecting. Encryption and access rules travel with the file. Sharing becomes safer — even across organisations.
But there are practical challenges we rarely acknowledge:
TDF and ZTDF rely on correctly applied metadata for data AND for users AND logical ABAC rules.
Before you can protect anything, users must correctly label it — for example for ISO 27001 or GDPR. Even simple categories (Unclassified, Internal, Restricted, Confidential) are often chosen inconsistently.
Now add metadata attributes for release, topics, type of data, PII, etc. for a good baseline to do ABAC: So the metadata requirements become even more demanding.
Tools like ClassifyIt already support classification, release and encryption, but depends on the human interaction:
But here’s the real question: Even with strong tools and automation… will organisations realistically invest the time, training, and culture needed to make TDF and ZTDF tagging work realistically and at scale?
It is worth to invest in developing supporting tools? I'd love to hear your thoughts.