Saved in:
| Main Authors: | , , , , , , , , , , , , |
|---|---|
| Format: | Preprint |
| Published: |
2026
|
| Subjects: | |
| Online Access: | https://arxiv.org/abs/2603.10063 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1866911503995633664 |
|---|---|
| author | Zhang, Fan Kreuter, Daniel Fernandez-Marques, Javier Consortium, BloodCounts Verghese, Gregory Butler, Bernard Lane, Nicholas Sivapalaratnam, Suthesh Taylor, Joseph de Wit, Norbert C. J. Gleadall, Nicholas S. Schönlieb, Carola-Bibiane Roberts, Michael |
| author_facet | Zhang, Fan Kreuter, Daniel Fernandez-Marques, Javier Consortium, BloodCounts Verghese, Gregory Butler, Bernard Lane, Nicholas Sivapalaratnam, Suthesh Taylor, Joseph de Wit, Norbert C. J. Gleadall, Nicholas S. Schönlieb, Carola-Bibiane Roberts, Michael |
| contents | Collaborative healthcare research across multiple institutions increasingly requires diverse clinical datasets, but cross-border data sharing is strictly constrained by privacy regulations. Federated learning (FL) enables model training while keeping data local; however, many existing frameworks remain proof-of-concept and do not adequately address governance risks such as unauthorised participation, misuse, and lack of accountability. In particular, enforceable mechanisms for authentication, authorisation, and accounting (AAA) are often missing, limiting real-world clinical deployment. This paper presents FLA$^3$ (Federated Learning with Authentication, Authorisation, and Accounting), a governance-aware federated learning platform that operationalises regulatory obligations through runtime policy enforcement. FLA$^3$ integrates eXtensible Access Control Markup Language (XACML) compliant attribute-based access control (ABAC), cryptographic accounting, and study-scoped federation directly into the federated learning orchestration layer to enforce institutional sovereignty and protocol adherence. We evaluate FLA$^3$ through two complementary studies. First, we demonstrate operational feasibility by deploying the platform infrastructure across five BloodCounts! Consortium institutions in four countries: United Kingdom, Netherlands, India, and The Gambia. Second, we assess clinical utility using simulated federation of full blood count (FBC) data from 54,446 samples from 35,315 subjects across 25 centres in the INTERVAL study. Results show that FLA$^3$ achieves predictive performance comparable to centralised training while strictly enforcing governance constraints. These results show that enforceable governance can function as a first-class privacy-preserving control, improving trustworthiness for scalable artificial intelligence (AI) in cross-jurisdictional healthcare deployments. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2603_10063 |
| institution | arXiv |
| publishDate | 2026 |
| record_format | arxiv |
| spellingShingle | Building Privacy-and-Security-Focused Federated Learning Infrastructure for Global Multi-Centre Healthcare Research Zhang, Fan Kreuter, Daniel Fernandez-Marques, Javier Consortium, BloodCounts Verghese, Gregory Butler, Bernard Lane, Nicholas Sivapalaratnam, Suthesh Taylor, Joseph de Wit, Norbert C. J. Gleadall, Nicholas S. Schönlieb, Carola-Bibiane Roberts, Michael Cryptography and Security Software Engineering Collaborative healthcare research across multiple institutions increasingly requires diverse clinical datasets, but cross-border data sharing is strictly constrained by privacy regulations. Federated learning (FL) enables model training while keeping data local; however, many existing frameworks remain proof-of-concept and do not adequately address governance risks such as unauthorised participation, misuse, and lack of accountability. In particular, enforceable mechanisms for authentication, authorisation, and accounting (AAA) are often missing, limiting real-world clinical deployment. This paper presents FLA$^3$ (Federated Learning with Authentication, Authorisation, and Accounting), a governance-aware federated learning platform that operationalises regulatory obligations through runtime policy enforcement. FLA$^3$ integrates eXtensible Access Control Markup Language (XACML) compliant attribute-based access control (ABAC), cryptographic accounting, and study-scoped federation directly into the federated learning orchestration layer to enforce institutional sovereignty and protocol adherence. We evaluate FLA$^3$ through two complementary studies. First, we demonstrate operational feasibility by deploying the platform infrastructure across five BloodCounts! Consortium institutions in four countries: United Kingdom, Netherlands, India, and The Gambia. Second, we assess clinical utility using simulated federation of full blood count (FBC) data from 54,446 samples from 35,315 subjects across 25 centres in the INTERVAL study. Results show that FLA$^3$ achieves predictive performance comparable to centralised training while strictly enforcing governance constraints. These results show that enforceable governance can function as a first-class privacy-preserving control, improving trustworthiness for scalable artificial intelligence (AI) in cross-jurisdictional healthcare deployments. |
| title | Building Privacy-and-Security-Focused Federated Learning Infrastructure for Global Multi-Centre Healthcare Research |
| topic | Cryptography and Security Software Engineering |
| url | https://arxiv.org/abs/2603.10063 |