Reflections from UK TRE 2025: Federation, Automation, and Sustainability in Trusted Research Environments

Last week, I had the opportunity to attend the DARE UK funded UK TRE 2025 conference in Leeds, a gathering of technologists and policymakers from across the UK all working to shape the future of Trusted Research Environments (TREs).

It was a fantastic three days of insight, challenge, and ambition. As a first-time attendee, it was great to meet many people, some whom I have only interacted with via video conference.

I can’t do justice to all the conversations that were had but there were several key themes that are worth discussion.

Federation: The Future Is Distributed

One of the most prominent threads throughout the conference was the growing importance of federation. This is particularly important in the area of paediatric medicine, where this involves analysis of rare disease data where individually, the numbers of patients per hospital for a particular disease are low, the benefits of federation allows for analysis across much larger aggregated data, but without the need to move data across geographical or regulatory boundaries.

Many of the tools and protocols required for federated analysis already exist and are rapidly maturing. The Open-Source PHEMS Federated Node, developed by Aridhia and based on the GA4GH TES standard, is just one example. However, the real friction lies in governance and the bureaucratic barriers to data sharing, especially across regional and national boundaries, continue to slow progress. Navigating differing legal frameworks, institutional policies, and risk appetites remains a major challenge.

The SATRE specification, as part of the TREvolution project, intends to expand to include Federation. At Aridhia, we are contributing to this work as part of the TREvolution project, proving the interoperability of TREs from different platforms in a federated network. While the intention is that SATRE will not identify a standard at the API level, establishing common ground and requirements for successful federation should significantly help with building out these networks, and establishing trust across federated networks.

SATRE and the Question of Standards

A particularly thought-provoking discussion at the conference centred on whether SATRE (Secure Accreditation for Trusted Research Environments) could or should become a formal standard. The benefits are clear, if a TRE is described as SATRE-compliant, researchers and data providers alike could be confident that a baseline set of features, safeguards, and operational procedures are in place. Independent accreditation would provide assurance, consistency, and trust across the ecosystem.

Establishing and funding a body responsible for accreditation would be costly, and questions remain about who would shoulder that responsibility.

The community sentiment leaned towards a peer-based, shared approach to evaluation. While this model fosters collaboration and inclusivity, it also raises issues about consistency of evaluation and long-term sustainability. Without a central authority, ensuring that standards are applied rigorously and uniformly across TREs could prove difficult. It could become a case of TRE providers ‘marking their own homework’.

As TREs increasingly seek to work together through federation, the need for a common standard becomes more pressing and SATRE will be extended as part of TREvolution project to address this. Without it, interoperability risks being undermined by uneven practices and varying interpretations of what constitutes a “trusted” environment.

Automating Disclosure Control: A Smarter Airlock

Another exciting development discussed was the automation of disclosure control, particularly how it pertains to machine learning. Statistical methods like SACRO (Statistical Automated Control for Research Outputs) and SACROML (SACRO for Machine Learning) are paving the way for smarter, more efficient airlocks and disclosure control of machine learning models between nodes in a federated learning network. By embedding disclosure control into the analysis code development workflow, SACRO enables a shared responsibility model, where researchers play an active role in ensuring Safe Outputs, rather than relying solely on administrative gatekeepers.

This shift not only empowers researchers but also opens the door to enhanced automation. With machine-assisted checks, the airlock process becomes faster, more scalable, and potentially more robust. It’s a promising direction that could significantly reduce bottlenecks without compromising data safety.

Sustainable TREs: Avoiding the Pitfalls of DIY

The final day of the conference turned a critical eye toward sustainability.

Often, institutional TREs are built out of by necessity and maintained by small teams with minimal IT support. These platforms are frequently underfunded and often inadequately resourced to support increasingly complex projects with mixed data modalities at scale. A TRE is not just a tech stack, it requires dedicated operational support, governance procedures, and regular ISO certification audit and penetration testing. The SATRE specification addresses all of the above and doing these things well requires experienced staff and dedicated attention. A TRE is not the core business of a hospital or academic institution and will struggle to get dedicated IT support. As a result, significant delays are introduced when setting up complex projects that demand dedicated operational support.

Research budgets rarely, if at all, account for the true cost running a project on TRE infrastructure. It was agreed that this needs to change, with research teams being required to explicitly address cyber security and infrastructure funding as part of grant proposals.

There are other alternatives, with regards to providing access to valuable data. Pekka Kahri from HUS discussed sustainability as it pertains to the PHEMS project. Where the intention is to allow commercial organisations join the network to provide access to federated data. Various models for managing this are being discussed, but as the PHEMS project moves into its third and final year, sustainability on the platform into the future is crucial.

Self-built TREs are difficult to maintain and ultimately difficult to sustain.

Serious consideration must be given to the build vs buy question, with readily available, proven and scalable platforms able to provide dedicated IT and support, allowing hospitals and institutions to focus on their core business of science and research.

The UK TRE 2025 conference was a powerful reminder that while the technical solutions exist, the human, institutional, and policy dimensions require just as much attention. Federation, automation, and sustainability are the pillars of a future where data-driven research can thrive responsibly and efficiently.