Standards exist to unify and thus simplify processes. National and international standards are also used in public administration. With regard to the implementation of the Register Modernization Act (RegMoG), more and more stakeholders are calling for their use. The Single Digital Gateway Regulation (SDG Regulation) stipulates the upgrading and connection of registers not only at national but also at European level. In order to enable the simple, secure and low-maintenance transmission of data, it is important for all parties involved to maintain an overview of the wide range of existing and developing standards at national and European level.
Modernizing registers, digitizing them and ultimately making them talk to each other – that is the goal of the largest digitization project in public administration over the next few years, “Register Modernization”. In addition to the advantage for citizens of only having to submit documents once, the aim is also to reduce the workload for civil servants in the authorities. Driven by the initial successes of the Online Access Act (OZG), not only the applications themselves are to be digitally mapped, but also data and evidence from the applicant are to be automatically transferred directly to the application if desired. Administrative processes are to be simplified for citizens not only nationally, but throughout Europe. The basis for this is the SDG Regulation adopted by the European Parliament in 2018, which provides for the digitalization of services from a total of 88 areas and lays the European foundation for the implementation of the Once-Only-Technical System (OOTS). The German version is the National Once-Only Technical System (NOOTS), which is based on the OOTS. In order to enable interoperability across authorities and countries as well as communication at European level during implementation, both national and European standards must be taken into account.
High number of registers and complex areas of responsibility in Germany lead to a heterogeneous register landscape
Due to the decentralized federal structures of public administration, to which many registers and administrative processes are subject, the use of standards plays an essential role. Over 350 register types exist in Germany alone. According to the RegMoG, 51 of the register types are to be provided with an identification number based on the tax number and thus primarily serve the exchange of evidence in the National Once-Only-Technical-System (NOOTS). The great heterogeneity in the digitization of these registers can also be found in the use of standards of the already networked registers. For example, registers within an administrative area, such as “social affairs”, “employment” or “health”, already communicate in a standardized manner. Data transfer between statutory health insurance funds and social and long-term care insurance funds has been taking place since the 1990s using clearly defined professional and technical standards. Since the beginning of this year, the provision of data via the internationally used FHIR (Fast Healthcare Interoperability Resources) standard has also been continuously optimized.
While the use within administrative divisions works well, it is all the more difficult across administrative divisions. Due to different interests, legal requirements and degrees of digitization, the use of existing standards and the definition of new standards is a complex undertaking. Due to the different data formats and contents, data to be transferred often has to be mapped, which can lead to errors in data transfer and means a high maintenance effort. In order to enable a smooth exchange of data within the NOOTS and with the OOTS, recommendations and specifications for standards to be used are created by the IT Planning Council and the Coordination Office for IT Standards (KoSIT) in coordination with the Register Modernization Authority (task of the Federal Office of Administration).
A distinction must be made between requirements that are specific to the NOOTS and those that are also relevant for the connection and data transfer to the OOTS. At European level, standards are specified in accordance with the EU Technical Design (EU TDD) that are relevant for the interoperability of both systems, while the use of the specific standards of the German architecture is based on those of the IT Planning Council.
Technical and functional standards in the data exchange model
OASIS RegRep v4
The framework for the standards used is the data exchange model specified by the register modernization authority. This defines the process for the electronic transmission of messages when a proof is requested, as well as the corresponding response from the recipient of the request. In order to map the syntax, i.e. the structure of the data, in a standardized way, the NOOTS uses OASIS RegRep v4, which in turn is a collection of defined and recognized standards and is also provided for in the architecture of the OOTS in order to enable a generic query model. The data is first sent to an intermediary platform, which then transfers the data to the OOTS. Differences in the data resulting from adaptations due to specific requirements at national level are mapped to the European requirements at this point.
The use of OASIS RegRep v4 enables information units of relevant architecture components to be addressed at both levels. This enables a high degree of interoperability, comprehensibility and reusability without overly restricting the systems involved.
XBasisdaten, XNachweis and XDatenschutzcockpit
In addition to the purely technical standards for data transfer, the first functional standards for register modernization have already been published in the XRepository, a platform for public sector standards. These do not define the structure, but rather the technical information that is transferred during the request. In order to be able to assign personal data from a register without any doubt, basic personal data is required in addition to the identification number. The semantics are derived from the specifications of the registration system (the municipal registration registers), which are defined in the data set for the registration system. In addition to the address and gender, the nationality or whether there is an information block is also mapped. Data is transmitted to and by the register modernization authority using the OSCI and XTA standards, which also define the data structure of the data to be transmitted.
The XNachweis standard, a working version of which has also already been published in the XRepository, is currently being implemented to represent the core idea of register modernization, i.e. only having to submit evidence once. This is compatible with the EU specification of the EU TDD and therefore also allows the exchange of evidence at European level. In addition to identifying the person or authority that issued the proof and to which the proof is assigned, this standard also maps the type of proof and the information as to whether it is a natural or legal person. Whether data can be transmitted via OSCI and XTA as desired is currently still being examined.
Another example of a specific standard in the context of register modernization is Datenschutzcockpit. The data protection cockpit is defined at national level and offers citizens submitting applications transparency about which data has been exchanged between which authorities for the requested administrative processes using their identification number. Based on the specified standard, citizens are informed about the recipient of the information and their contact details, as well as the time of retrieval and the name of the data category. This may include, for example, the purpose of processing or the right to lodge a complaint. The data structure of this standard is also defined and transmitted using OSCI or XTA.
The implementation of standards that form the basis for data exchange for register modernization in Germany can be roughly divided into two categories: those that are as close as possible to the European specification and those that are defined independently at national level. This approach is based on the differences in the architecture of the OOTS and the NOOTS. At national level, for example, information is required for the data protection cockpit, which is not currently provided for at European level, meaning that the requirements for the NOOTS can be met here. However, data intended for exchange within the European Union should preferably be available in a format that can be processed correctly by all components involved. Since in this case, too, there may be adjustments to standards between the national and European versions due to different legal requirements, for example, the data still needs to be mapped by a central body (intermediary platform). However, by using a common technical specification, these differences can be kept to a minimum and the effort involved in mapping can be kept to a minimum.
At the national level of data exchange in particular, important initial foundations for simple and secure data exchange have been laid with XBasisdaten, XNachweis and XDatenschutzcockpit. It also makes sense to stay as close as possible to the European definition of required standards in the further specification of standards, especially those that are intended to enable a Europe-wide exchange of data.