Covered by:
Recommendation 46 | Consider the specific security and privacy requirements and identify measures for the provision of each public service according to risk management plans. Supporting Solutions |
Recommendation 47 | Use trust services according to the Regulation on eID and Trust Services as mechanisms that ensure secure and protected data exchange in public services. Supporting Solutions |
Legal initiative |
Description |
Recommendations |
Short title: General Data Protection Regulation (GDPR)
Status: In force |
The General Data Protection Regulation (GDPR) allows European Union (EU) citizens to better control their personal data. It also modernises and unifies rules allowing businesses to reduce red tape and to benefit from greater consumer trust. The GDPR is part of the EU data protection reform package, along with the data protection directive for police and criminal justice authorities. |
Recommendation 46 |
Short title: Data Governance Act Status: Legislative Proposal |
This Proposal aims at creating a legislative framework for the governance of common European data spaces. It proposes measures: - to unlock more publicly held data for research serving the common good; - to support voluntary data sharing by citizens (‘data altruism’); and - to set up an EU-level governance structure to prioritise standardisation needs and improve data interoperability. |
Recommendation 46 |
Short title: Regulation on the free flow of non-personal data Status: In force |
This regulation aims to ensure that electronic data, apart from personal data, can be processed freely throughout the EU. It bans restrictions on where the data can be stored or processed. It applies to the processing of non-personal data which is: - provided as a service to users living in the EU; - conducted by an individual, company or organisation in the EU for its own needs. |
Recommendation 46 |
Status: In force and transposed |
The Electronic Identification and Trust Services (eIDAS) Regulation creates a new system for secure electronic interactions across the EU between businesses, citizens and public authorities. A revision of the eIDAS Regulation has been proposed, see: Proposal for a Regulation of the European Parliament and of the Council amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity, URL: https://op.europa.eu/en/publication-detail/-/publication/5d88943a-c458-… |
|
Short title and title: Commission Implementing Regulation (EU) 2015/1501 - eIDAS Regulation Status: In force |
This Regulation lays down technical and operational requirements of the interoperability framework in order to ensure the interoperability of the electronic identification schemes which Member States notify to the Commission. | Recommendation 46 |
Short title: European Directive on patients’ rights Status: In force and transposed |
The aim of this directive is to set out the conditions under which a patient may travel to another EU country to receive safe and high-quality medical care and have the cost reimbursed by their own health insurance scheme. It also encourages cooperation between national healthcare systems. |
Recommendation 46 |
Status: In force |
This regulation aims to improve checks at the EU’s external borders, allow for better detection of security threats and identity fraud, and help in preventing and combating illegal immigration. | Recommendation 46 |
Short title: Privacy and Electronic Communications Directive Status: In force and transposed |
This Directive sets out rules to ensure security in the processing of personal data, the notification of personal data breaches, and confidentiality of communications. It also bans unsolicited communications where the user has not given their consent. |
Recommendation 46 |
Short title: Cybersecurity Act Status: In force |
This Act aims to achieve a high level of cybersecurity, cyber resilience and trust in the European Union (EU) by setting: - objectives, tasks and organisational matters for a strengthened and renamed European Union Agency for Cybersecurity (ENISA), with a new permanent mandate; - a framework for voluntary European cybersecurity certification schemes for Information and communications technology (ICT) products, services and processes. |
Recommendation 46 |
Status: In force and transposed |
This Directive proposes a wide-ranging set of measures to boost the level of security of network and information systems (cybersecurity) to secure services vital to the EU economy and society. It aims to ensure that EU countries are well-prepared and are ready to handle and respond to cyberattacks through: - the designation of competent authorities, - the set-up of computer-security incident response teams (CSIRTs), and - the adoption of national cybersecurity strategies. - It also establishes EU-level cooperation both at strategic and technical level. Lastly, it introduces the obligation on essential-services providers and digital service providers to take the appropriate security measures and to notify the relevant national authorities about serious incidents. |
Recommendation 46 |
Short title: European Electronic Communications Code Status: In force and transposed |
The Directive: - establishes a set of updated rules to regulate electronic communications (telecoms) networks, telecoms services, and associated facilities and services; - sets out tasks for national regulatory authorities and other competent authorities, and establishes a set of procedures to ensure that the regulatory framework is harmonised throughout the EU; - aims to stimulate competition and increased investment in 5G and very high capacity networks, so that every citizen and business in the EU can enjoy high quality connectivity, a high level of consumer protection and an increased choice of innovative digital services. |
Recommendation 46 |
Short title: Single Digital Gateway Regulation Status: In force |
The single digital gateway will facilitate online access to the information, key administrative procedures and assistance and problem-solving services that citizens and businesses may wish to contact if they encounter problems when exercising their internal market rights while living in or doing business in another EU country. | Recommendation 47 |
Short title: eInvoicing Directive Status: In force and transposed |
E-invoicing by a business in one EU country for work done for or goods delivered to a public authority in another has been hampered by problems of a lack of interoperability, i.e. incompatible e-invoicing systems in different countries. The law applies to invoices falling within the scope of the public procurement directives (i.e. most contracts) but does not apply to contracts falling within the scope of Directive 2009/81/EC in the fields of defence and security, where the procurement and performance of the contract are declared to be secret or must be accompanied by special security measures. |
Recommendation 46 |
Short title: Law Enforcement Directive Status: In force and transposed |
This Directive aims to better protect individuals’ personal data when their data is being processed by police and criminal justice authorities. It also aims to improve cooperation in the fight against terrorism and cross-border crime in the EU by enabling police and criminal justice authorities in EU countries to exchange information necessary for investigations more efficiently and effectively. The Data Protection Directive for Police and Criminal Justice Authorities is part of the EU data protection reform package along with the General Data Protection Regulation (Regulation (EU) 2016/679). | Recommendation 46 |
Short title: Regulation on Interoperability in the field of justice, freedom and security Status: In force |
It aims to to improve checks at the EU’s external borders, allow for better detection of security threats and identity fraud, and help in preventing and combating illegal immigration. | Recommendation 46 |
Short title: eProcurement Directive Status: In force and transposed |
The legislation specifies that when national authorities use public procurement to invite tenders to provide works, supplies or services, they must treat all applicants equally and not discriminate between them. They must also be transparent in their dealings. | Recommendation 46 |
Concrete example/good practice |
Summary |
Integrated Public Service Provision - The central solutions of Hungary |
Hungary stands out with regard to its implementation of the security and privacy component of the EIF conceptual model. While different elements have made possible the implementation of the recommendations set by the EIF with regards to the legal, organisational, semantic and technical layers of interoperability within Hungarian public administrations, two main initiatives are highlighted in this concrete example. These are the centrally provided Municipality ASP service and the Customisable State Administration Portal. They almost function as platforms for interoperable service provision. Both integrate several building blocks in order to ensure a ready-to-use integrated solution for all Hungarian public administrations to make their digital public services available on a single platform, therefore increasing interoperability. This concrete example also demonstrates how the country tackled the challenged linked to these services, which are their take-up by public bodies and the need to replace the traditional decision-making process with a data-driven approach. |
Solution | Description | Associated Recommendations |
![]() |
The European Parliament Crypto tool Software offers an open source software that enables to exchange files different parties in a secure manner. | Recommendation 47 |
![]() |
The eDelivery Building Block helps public administrations to exchange data and documents via AS4 Access Points, based on the AS4 messaging protocol. This allows different parties to exchange electronic data and documents across sectors and borders through a secure eDelivery message exchange network. By connecting to an AS4 Access Point, a public administration can exchange electronic data and documents with any organisation connected to another Access Point in the network. The eDelivery Building Block also helps upgrade exisiting solutions so they can connect to eDelivery messaging networks through an Access Point. | Recommendation 47 |
![]() |
The eID Building Block allows public administrations and private service providers to easily extend the use of their online services to citizens from other Member States, in line with the eIDAS Regulation. | Recommendation 47 |
![]() |
The European Interoperability Reference Architecture (EIRA©) is an architecture content metamodel defining the most salient architectural building blocks (ABBs) needed to build interoperable e-Government systems. The EIRA© provides a common terminology that can be used by people working for public administrations in various architecture and system development tasks. The EIRA© was created and is being maintained in the context of Action 2016.32 of the ISA² Programme. The EIRA uses (and extends) the ArchiMate language as a modelling notation and uses service orientation as an architectural style. | Recommendation 47 |
![]() |
The CEF eSignature Building Block allows public administrations, businesses, and citizens to electronically sign any document, anywhere in Europe, at any time, in line with the eIDAS Regulation for e-signatures, e-seals and related services offered by Trust Service Providers. | Recommendation 47 |
![]() Location Framework Blueprint |
The European Union Location Framework (EULF) Blueprint is a framework of recommendations and related guidance for publishing and using location information and applying interoperability principles in digital government. The EULF Blueprint was initially developed through the EULF project in the ISA programme. The content has been updated extensively through the European Location Interoperability Solutions for e-Government (ELISE) project, which is part of the ISA2 programme. | Recommendation 46 |
![]() |
The objective of the IQAT© is to allow Solution Owners to assess the Potential Interoperability of their software solutions supporting Public Services. The toolkit is based on a specific conceptual model for the Interoperability assessment of software solutions, which relies on four interoperability areas: Interoperability (IOP) Governance, Software Architecture, |
Recommendation 46 |
![]() |
The presented architecture is based on the analysis about the exchange of e-Documents in 16 selected Member States, available here. Please use this report as a supporting document for the presented reference architecture and as a source of detailed information about the solutions used in the analysed Member States. |