Is Your TRE Actually a TRE? The ONS Five Safes Scorecard

15 questions. One honest answer each. Your vendor either passes the ONS Five Safes framework — or it doesn’t call itself a Trusted Research Environment.

In 2026, more platforms call themselves a “TRE” than actually qualify. The UK Statistics Authority Five Safes framework — the governing definition of a Trusted Research Environment, reaffirmed by the 2022 Goldacre Review — defines a TRE by five architectural pillars, not by marketing.

Score your platform against all five below. If it fails even one pillar, the name on the tin is wrong.

How to score

Read each question. Answer yes or no honestly. Count the “no” answers at the end. The number tells you whether you have a Trusted Research Environment, a secure analysis platform with TRE marketing, or a compliance liability.

No email required. No form. No gate. Score your vendor, score ours, score anyone’s.

Pillar 1 — Safe People

Are the humans who touch the data actually vetted, trained, and accountable?

1. Are researchers accessing the platform individually vetted — not just their institution?
2. Is researcher training renewed annually and enforced, not a one-time onboarding checkbox?
3. Are inactive researcher accounts auto-revoked after defined periods of non-use?

Pillar 2 — Safe Projects

Is every analysis authorized by governance — not by default platform access?

4. Does every analysis require explicit ethics + governance approval tied to a specific research question?
5. Are project approvals time-limited and renewable, not perpetual?
6. Can the data controller revoke an approved researcher’s project access independently of the vendor?

Pillar 3 — Safe Settings

Who actually controls the environment the data sits in?

7. Is the compute environment controlled by the data controller, or by the vendor?
8. Does the vendor have administrative access to your data at rest?
9. Can the data controller audit every system action end-to-end — without dependency on vendor-supplied logs?

Pillar 4 — Safe Data

Does the data stay where its governance already works?

10. Does your data remain at source, on infrastructure your governance team already trusts — or is a copy moved to the vendor’s cloud?
11. Is data pseudonymized and minimized before any analysis touches it?
12. If your contract with the vendor ended tomorrow, would any copy of your data remain in their systems, under their jurisdiction?

Pillar 5 — Safe Outputs

What actually leaves the environment — and who checks it?

13. Is every output — charts, models, summary statistics, derived datasets, trained AI — reviewed before it leaves the environment?
14. Is output review automated and consistent, or manual, ad-hoc, and dependent on researcher self-reporting?
15. Can an approved researcher download raw or derived data to a local machine? (Answer “yes” is a fail.)

Your score

• 0 “no” answers — you have a real TRE. The ONS Five Safes framework is satisfied. Rare in 2026.
• 1–3 “no” answers — you have a secure analysis platform, not a Trusted Research Environment. The distinction matters for regulatory submissions, patient-trust claims, and cross-border data agreements.
• 4+ “no” answers — your environment fails the Five Safes framework. This is a regulatory, reputational, and patient-trust exposure. A 2026 data incident on any platform scoring here is the kind of story that ends careers and contracts.

The architectural gap most platforms fail on

Most SaaS platforms marketing themselves as TREs pass Pillars 1 and 2 (Safe People, Safe Projects) because vetting and approval are procedural — you either do them or you don’t. They fail Pillars 3, 4, and 5 because those are architectural. You can’t bolt them on after the fact.

Specifically, a platform that copies your data into its own cloud fails Pillar 4 by definition. A platform that allows approved researchers to download raw or derived outputs fails Pillar 5 by definition. A platform where the vendor — not the data controller — owns the environment fails Pillar 3 by definition.

This is why the label on the tin matters. A secure analysis platform is a legitimate and useful product category. It is not a Trusted Research Environment.

Why Lifebit built federated from day one

Lifebit’s federated Trusted Research Environment was designed around the Five Safes from the architecture up:

• Safe Data — the data never leaves its source. The compute goes to the data. No copy is ever created in our cloud.
• Safe Settings — the data controller retains full sovereignty over the environment. Lifebit operates the platform; the data controller owns the data, the logs, and the audit trail.
• Safe Outputs — every output passes through an automated Airlock review before it leaves. No researcher can download raw or derived data to a local machine under any condition.

This is the architecture that powers Genomics England at national scale, the NIH, Singapore’s Ministry of Health, and Flatiron Health. It is the architecture every TRE buyer is going to be graded on for the next five years.

What to do next

If you scored your current vendor above a 0, you have three options:

1. Ask your vendor for their written answers to each of the 15 questions above. A real TRE vendor answers without hedging.
2. Read the full breakdown of federated vs SaaS TRE architectures against the Five Safes framework, and our explainer on what the UK Biobank incident reveals about SaaS TREs.
3. Book a 30-minute Five Safes assessment with Lifebit. We’ll walk your current architecture through the framework and tell you the gaps — whether you end up working with us or not.

This scorecard is a Lifebit-authored interpretation of the UK Statistics Authority Five Safes framework as applied to 2026 TRE vendor evaluation. We publish it free because owning the framework is the point — no email required, no form, no gate. Copy it. Share it. Use it to grade us.

Frequently asked questions

What is a Trusted Research Environment (TRE)?

A Trusted Research Environment is a secure analytics platform defined by the UK Statistics Authority Five Safes framework, in which sensitive data stays at its source, the environment is controlled by the data controller, and every research output passes through a disclosure-control airlock before it leaves. A TRE is an architectural category — a platform that fails any of the five pillars (Safe People, Safe Projects, Safe Settings, Safe Data, Safe Outputs) is not a TRE even if marketed as one.

What are the ONS Five Safes?

The ONS Five Safes are the five pillars that define a Trusted Research Environment under the UK Statistics Authority framework, originally published in 2017 and reaffirmed by the 2022 Goldacre Review. They are: Safe People (researchers are individually vetted and trained), Safe Projects (every analysis has explicit ethics approval), Safe Settings (the data controller, not the vendor, owns the environment), Safe Data (data is minimised and stays at source), and Safe Outputs (every output is reviewed by an airlock before leaving the environment).

What is the difference between a federated TRE and a SaaS TRE?

A federated TRE brings the compute to the data — the data never leaves its source, and the data controller retains sovereignty over the environment. A SaaS platform marketing itself as a TRE copies the data into the vendor’s cloud, where researchers run analyses and typically download derived outputs to local machines. Under the ONS Five Safes framework, the SaaS model structurally fails Safe Data (the data left source), Safe Settings (the vendor owns the environment), and Safe Outputs (researchers can download results directly). Only a federated architecture satisfies all five pillars.

Was the UK Biobank data incident a hack or a breach?

It was neither. According to reporting from April 2026, the UK Biobank data that surfaced on Alibaba listings was exfiltrated by approved researchers — individuals who had been vetted, signed data protection agreements, and cleared ethics review. No perimeter was breached. The access that led to the exfiltration was access that was supposed to exist. This is the failure mode of any SaaS-style research platform where approved researchers can download derived outputs to local machines, and it is why the ONS Five Safes requires outputs to leave only via an airlock — not a download button.

What does “Safe Data” mean in the Five Safes framework?

Safe Data means the data is minimised, pseudonymised, and stays at its source. In practice, this rules out any platform that copies data from the data controller’s infrastructure into a vendor’s cloud. If a copy of your data exists inside the vendor’s systems, Safe Data is not satisfied — the data is in a different jurisdiction, under a different security model, and under the vendor’s administrative control rather than yours.

What does “Safe Settings” mean?

Safe Settings means the environment where data is analysed is controlled by the data controller, not outsourced to a vendor. The data controller should hold administrative rights, own the audit logs, and be able to audit every system action end-to-end without dependency on vendor-supplied reports. If the vendor has administrative access to the data at rest, Safe Settings is not satisfied.

What does “Safe Outputs” mean?

Safe Outputs means only statistically-disclosure-controlled results leave the research environment, via an airlock review rather than a download button. Every output — charts, models, summary statistics, derived datasets, trained AI models — must be inspected before it reaches a researcher’s local machine. If an approved researcher can download raw or derived data directly, Safe Outputs is not satisfied regardless of how rigorous project approval is.

How do I score my TRE vendor against the Five Safes?

Use the 15-question Lifebit TRE Scorecard, which breaks the Five Safes into three yes/no questions per pillar. Score zero “no” answers and you have a real Trusted Research Environment. Score one to three and you have a secure analysis platform, not a TRE. Score four or more and you have a regulatory and reputational exposure. The scorecard is published free, with no email gate, and can be used to grade any vendor including Lifebit.