project acronym: e-sens approved by ec · pdf fileproject acronym: e-sens project full title:...

Approved by EC

1

Submitted to the EC on 30/11/2013

COMPETITIVENESS AND INNOVATION FRAMEWORK PROGRAMME ICT Policy Support Programme (ICT PSP)

Project acronym: e-SENS

Project full title: Electronic Simple European Networked Services

ICT PSP call identifier: CIP-ICT-PSP-2012-6

ICT PSP main theme identifier: CIP-ICT-PSP-2012-6-4.1 Basic Cross Sector Services

Grant agreement n°: 325211

D3.4 Preliminary proposal for a governance body

Deliverable Id : D3.4

Deliverable Name : Preliminary proposal for a governance body

Version : V1.0

Status : final

Dissemination Level : Confidential

Due date of deliverable : M6

Actual submission date : 30.11.2013

Work Package : WP3

Organisation name of lead partner for this deliverable : Federal Office of Administration (BVA), Germany

Author(s): Katrin Weigend (BVA,DE), Roberto Zuffada (LISPA, IT), Aleida Alcaide (MINHAP, ES), Carmen Ciciriello (OpenPEPPOL), Carmen Cirnu (ICI, RO)

Partner(s) contributing : Anni Buhr (DIGST, DK), Pia Jespersen (NSI, DK), Freek van Krevel (MINEZ, NL), Lefteris Leontaridis (UPRC, GR)

Abstract:

This report presents ideas, suggestions and recommendations regarding a future governance body respectively structure, which will ensure the maintenance and sustainability of the solutions provided by e-SENS. The LSP sustainability experts, the members of the Domain Board and the Architectural Board were asked to give their opinion on a future governance structure. The results are contained in this document - D3.4 “Preliminary proposal for a governance body” - which will form the basis for further investigations and elaborations.

Approved by EC

2

History

Version Date Changes made Modified by

0.1 03.09.2013 Initial Draft Katrin Weigend

0.2 25.09.2013 Updated Initial Draft Katrin Weigend

0.3 14.10.2013 Revised Initial Draft after WP3 internal review cycle

Roberto Zuffada

0.4 17.10.2013 Finalisation of Initial Draft Katrin Weigend

0.5 21.11.2013 Revised Initial Draft after e-SENS Review Cycle and Finalisation

Katrin Weigend

1.0 30.11.2013 Final editorial amendments WP1

This deliverable contains original unpublished work or work to which the author holds all rights except where clearly indicated otherwise. Acknowledgement of previously published material and of the work of others has been made through appropriate citation, quotation or both.

Approved by EC

3

Table of contents

HISTORY .............................................................................................................................................2

TABLE OF CONTENTS ..........................................................................................................................3

LIST OF FIGURES .................................................................................................................................5

LIST OF TABLES ...................................................................................................................................6

LIST OF ABBREVIATIONS.....................................................................................................................7

EXECUTIVE SUMMARY .......................................................................................................................9

1. INTRODUCTION........................................................................................................................ 11

1.1. SCOPE AND OBJECTIVE OF DELIVERABLE ...................................................................................... 11

1.2. WP3 “SUSTAINABILITY AND LONG-TERM GOVERNANCE” AND TASK 3.5 “GOVERNANCE

IMPLEMENTATION”: GENERAL OBJECTIVES AND VISION............................................................................. 12

1.3. METHODOLOGY OF WORK ....................................................................................................... 12

1.4. RELATIONS TO INTERNAL E-SENS ENVIRONMENT ......................................................................... 14

1.5. RELATIONS TO EXTERNAL E-SENS ENVIRONMENT ......................................................................... 14

1.6. QUALITY MANAGEMENT ......................................................................................................... 15

1.7. RISK MANAGEMENT ............................................................................................................... 16

1.8. LEGAL ISSUES ........................................................................................................................ 17

1.9. STRUCTURE OF THE DOCUMENT ................................................................................................ 17

2. ORGANISATIONAL GOVERNANCE ASPECTS PER LSP/DOMAIN................................................. 18

2.1. PEPPOL/ E-PROCUREMENT .................................................................................................... 18

2.1.1. OVERVIEW .................................................................................................................... 18

2.1.1.1. Relation between PEPPOL/e-Procurement and e-SENS ....................................... 19

2.1.2. COMMUNITY AND STAKEHOLDERS ..................................................................................... 19

2.1.3. GOVERNANCE SUSTAINABILITY .......................................................................................... 20

2.1.3.1. What has been achieved – OpenPEPPOL ............................................................ 20

2.1.3.1.1. Organisation Structure of OpenPEPPOL ........................................................... 21

2.1.3.1.2. OpenPEPPOL Legal Framework ........................................................................ 23

2.1.3.2. Possible Sustainability Governance Structure for short, medium and long term . 23

2.1.4. CONCLUSION ................................................................................................................. 24

2.2. SPOCS/ BUSINESS LIFECYCLE .................................................................................................. 24

2.2.1. OVERVIEW .................................................................................................................... 24

2.2.1.1. Relation between SPOCS/Business Lifecycle and e-SENS ..................................... 25



2.2.3.1. What has been achieved .................................................................................... 25


2.2.3.2.1. Advantages and disadvantages of the proposed governance structure for SPOCS/Business Lifecycle ................................................................................................... 27

Approved by EC

4

2.2.3.2.2. Involvement of the different stakeholders ....................................................... 29

2.2.4. CONCLUSION ................................................................................................................. 32

2.3. STORK/STORK 2.0 ............................................................................................................. 32

2.3.1. OVERVIEW .................................................................................................................... 32

2.3.1.1. STORK ................................................................................................................ 32

2.3.1.1.1. Relation between STORK and e-SENS .............................................................. 34

2.3.1.2. STORK 2.0 .......................................................................................................... 34

2.3.1.2.1. Relation between STORK 2.0 and e-SENS ......................................................... 35


2.3.2.1. STORK ................................................................................................................ 35

2.3.2.2. STORK 2.0 .......................................................................................................... 36




2.3.4. CONCLUSION ................................................................................................................. 38

2.4. EPSOS/ E-HEALTH ................................................................................................................. 39

2.4.1. OVERVIEW .................................................................................................................... 39

2.4.1.1. Relation between epSOS/e-Health and e-SENS ................................................... 41





2.4.4. CONCLUSION ................................................................................................................. 44

2.5. E-CODEX/ E-JUSTICE ............................................................................................................. 44

2.5.1. OVERVIEW .................................................................................................................... 44

2.5.1.1. Relation between e-CODEX/e-Justice and e-SENS ............................................... 45





2.5.4. CONCLUSION ................................................................................................................. 49

3. COMMONALITIES OF THE DIFFERENT LSPS/DOMAINS ON ORGANISATIONAL GOVERNANCE ASPECTS ........................................................................................................................................... 51

CONCLUSION .................................................................................................................................... 53

I. REFERENCES ............................................................................................................................. 54

II. APPENDIX I – GLOSSARY .......................................................................................................... 57

III. APPENDIX II – GOVERNANCE MATRIX/QUESTIONNAIRE ......................................................... 63

Approved by EC

5

List of Figures

Figure 1: Governance Structure of OpenPEPPOL ............................................................................... 21

Approved by EC

6

List of Tables

Table 1: Abbreviations ........................................................................................................................8

Table 2: Quality Checklist .................................................................................................................. 15

Table 3: Risks .................................................................................................................................... 16

Table 4: OpenPEPPOL – Layers of Governance .................................................................................. 23

Table 5: Advantages and disadvantages of the proposed governance structure for SPOCS/ Business Lifecycle ............................................................................................................................................ 29

Table 6: SPOCS/ Business Lifecycle: Levels of involvement ................................................................ 30

Approved by EC

7

List of Abbreviations

Acronym Explanation

AB Architectural Board

BB Building Block

BIS Business Interoperability Specifications

CC Competence Cluster

CCBE Council of Bars and Law Societies of Europe

CEF Connecting Europe Facility

CIP Competitiveness and Innovation Framework Programme

CNUE Council of the Notariats of the European Union

CSP Core Service Platform

D3.4 Deliverable 3.4 “Preliminary proposal for a governance body”

DB Domain Board

DG Directorate General of the European Commission

DSI Digital Service Infrastructure

EEA European Economic Area

EC European Commission

e-CODEX e-Justice Communication via Online Data Exchange

ICT Information and Communication Technology

eIDAS Regulation Proposal for a Regulation “on a electronic identification and trusted services for electronic transactions in the internal market”

EIF European Interoperability Framework

epSOS Smart Open Services for European Patients

e-SENS Electronic European Networked Services

ETSI European Telecommunications Standards Institute

EU European Union

FWA Framework Agreement

ICT Information and Communication Technology

ICT PSP Information and Communication Technology Policy Support Programme (part of CIP)

LSP Large Scale Pilot

Approved by EC

8

MS Member State

NCP National Contact Points

NPO Non-Profit Organisation

OASIS Organisation for the Advancement of Structured Information Standards

PEPPOL Pan-European Public Procurement Online

PSC Point of Single Contact

PSP Project Steering Board

QAA Quality of Authentication Assurance Model

RACI Responsible, Accountable, Consulted and Informed

SDO Standardisation Organisation

SME Small and Medium-sized Enterprises

SPOCS Simple Procedures Online for cross-border Services

STORK/STORK 2.0 Secure Identity Across Borders linked

VCD Virtual Company Dossier

WP 2 e-SENS Work Package 2 “Marketing and Communication”

WP 3 e-SENS Work Package 3 “Sustainability and Long-Term Governance”

WP 4 e-SENS Work Package 4 “Project Legal Expertise Centre”

WP 5 e-SENS Work Package 5 “Piloting”

WP 6 e-SENS Work Package 6 “Building Block Provision”

Ten-Tele Regulation

Regulation of the European Parliament and of the Council on “Guidelines for trans-European telecommunications networks” (part of the CEF)

TFEU Treaty on the Functioning of the European Union

Table 1: Abbreviations

Approved by EC

9

Executive Summary

The project e-SENS - Electronic Simple European Networked Services - focuses on strengthening the Single Market by facilitating public services across borders. The previous Large Scale Pilots (LSPs) have already proven that the provision of electronic cross-border services is achievable and feasible. In numerous domains, technical building blocks have been developed and piloted, which enable seamless cross-border services respecting all the various challenges and requirements that were faced. e-SENS aims at consolidating and extending the work done by the previous Large Scale Pilots, industrialise the solutions and extend their potential to new domains.

The goal of e-SENS Work Package 3 is to pave the way for sustainability and long-term governance of the e-SENS building blocks and their usage to achieve the interoperability of public services across all European Member States and Associated Countries. WP3 aims to present proposals for sustainable building blocks that have emerged from the Large Scale Pilots or from national initiatives that are relevant to the e-SENS project such as e-ID, e-Signatures, e-Documents and e-Delivery.

Task T3.5 of Work Package 3 focuses on the long-term governance structure1 of the developed solutions. There is a strong link with the draft regulation on “Guidelines for trans-European telecommunications networks” (Ten-Tele Regulation; No 1336/97/EC)2 as part of the “Connecting Europe Facility” (CEF).

The objective of this document is to provide a preliminary proposal for a governance body respectively structure, which will ensure the sustainability of the e-SENS results. The overall goal of the document is the presentation of ideas, intentions and suggestions on a suitable and valuable governance organisation per LSP/domain and the identification of a common ground on a future governance structure in order to ensure sustainability of the e-SENS solutions. Sustainability is about “long-term planning, and specifically about the maintenance of methodologies, data models, specifications and software components”3. Furthermore sustainability concerns the deployment and running of these components within an organisational framework. This deliverable focuses on governance sustainability4 and organisational governance aspects5, which need to be considered

1 The deliverable defines structure as “something made up of a number of parts that are held or put together in a particular way” (http://www.thefreedictionary.com/structure) to achieve a certain goal. Terms like “body”, “model”, “organisation” and “construction”, which are used in this document are synonyms for the term “structure”. The term “(governance) scenario” derives from the Deloitte Study on “The feasibility and scenarios for long-term sustainability of the Large Scale Pilots, including ‘ex-ante’ evaluation” and can also be considered as part of a “future governance structure”. 2 The future Regulation of the European Parliament and of the Council on guidelines for trans-European telecommunications networks and repealing Decision No 1336/97/EC, currently discussed, lays down guidelines for the timely deployment and interoperability of projects of common interest in the field of trans-European networks in the area of telecommunications infrastructure for the period 2014-2020 under the Connecting Europe Facility Framework. 3 e-CODEX D1.7 “Sustainability Plan”; Executive Summary, p. 9. 4 The deliverable defines “Governance sustainability” as the management of sustainability. That means: How

can sustainability be managed and achieved in an organisational framework? Which type of governance body is needed? 5 Governance aspects are aspects, which need to be considered for the creation of a future governance structure.

http://www.thefreedictionary.com/structure

Approved by EC

10

while creating a future governance structure. The preliminary findings serve as a starting point for further discussions and investigation regarding a future governance construction.

Because of the lack of essential background information6 it was not possible to gather the opinion of the Member States on a future governance structure. The information of this deliverable cannot be linked to any official position of one or several Member States. The scope of the deliverable is therefore limited and focuses on the description of ideas, intentions and recommendations of several experts on a future governance structure. Given e-SENS consolidates the results of the previous LSPs and furthermore given these LSPs address or have been addressing sustainability aspects, Task 3.5 gathered the opinions of the LSP sustainability experts on a future governance structure. Furthermore the members of the Domain Board (DB) of WP57 and the Architectural Board (AB) of WP68 to achieve a certain goal within e-SENS were asked to provide their point of view on a future governance scenario. Defining an official e-SENS point of view 9 is not yet possible since the project started six months ago and is still in the stocktaking phase. In this regard crucial information (e.g. about technical harmonisation, financial aspects and piloting) is still not available. Therefore D3.4 describes the commonalities (e.g. common requirements) of the different LSP/domain perspectives on governance sustainability in order to get an initial understanding, on how a future governance structure would be implemented.

The present document focuses on organisational governance aspects regarding a future governance structure. Task 3.5 will also identify and investigate additional parameters (e.g. financial aspects) in the future in order to obtain a more detailed picture of a future governance body. Furthermore, Task 3.5 will monitor the sustainability discussions within the current LSPs to take the results into consideration during future activities. An agreement on the regulation on “Guidelines for trans-European telecommunications networks” as part of the “Connecting Europe Facility” (CEF) is expected in December 2013. After the regulation is enforced and the approval and publication of the Work program of CEF has been carried out, essential background information will become available. This will enable Task 3.5 of e-SENS WP 3 to gather a more profound opinion on the preferred governance body for the e-SENS results. Furthermore, an evaluation will take place how already existing organisations (like for instance eu-LISA) within the EU could take up the developed solutions. Because of this, the present deliverable will be updated in month 18 after the start of the e-SENS project.

6 For the time being the decision-making process on the CEF/ Ten-Tele Regulation is still in progress. A final decision is expected in December 2013. The regulation will become effective in January 2014. Therefore the essential background information is still missing. 7 The Domain Board consist of the leaders of the different domains (currently: WP5.1 “e-Procurement”, WP5.2

“e-Health”, WP5.3 “e-Justice”, WP5.4 “Business Lifecycle”), the WP5-leader and their deputies. 8 The Architectural Board consists of the leaders of the different Competence Clusters (CC6.1 “e-Delivery and e-Interaction”, CC6.2 ”Semantics, Processes and Documents”, CC6.3 “Identity, Security and Trust”, CC6.4 “Conformance and Test”), the lead architect, WP6-leader and their deputies. 9 In order to formulate an e-SENS point of view or an e-SENS opinion the ideas and suggestions of the different

Work Packages and the involved partners need to be gathered, coordinated and approved by the project leader. Since the project started in April 2013 and certain topics are still under discussion, a formulation of an e-SENS opinion is therefore premature.

Approved by EC

11

1. Introduction

1.1. Scope and Objective of Deliverable The deliverable presents ideas, suggestions and recommendations regarding a future governance body, which will ensure the sustainability of the e-SENS results.

The main question is: What type of governance body is needed to ensure the sustainability of the e-SENS results?

The deliverable describes in this respect possible organisational governance aspects of a governance structure from an LSP/domain perspective taking into consideration different timeframes (short term10, medium term11, long term12).

One challenge is the identification of an e-SENS point of view on a preferred governance structure, because e-SENS only started six months ago. Defining an official e-SENS opinion is not yet possible since the project is still in the stocktaking phase and a lot of crucial information (e.g. about technical harmonisation, formal decisions on the financial aspects and piloting) is still not available.

Therefore D3.4 describes commonalities (e.g. common requirements) of the different LSP/domain perspectives on governance sustainability13 in order to get a first impression about a future governance structure. That means the first version of D3.4 identifies common views on governance sustainability and organisational governance aspects instead of finding an e-SENS point of view. However, involvement of the members of the AB and DB in the evaluation of the governance sustainability is a first step to identify an e-SENS point of view on a future governance scenario in the long run.

e-SENS has not yet conclusively defined which technical building blocks shall be maintained. Furthermore sustainability issues are currently under discussion within the still existing LSPs (e.g. epSOS, e-CODEX, STORK/STORK 2.0). Therefore the deliverable does not aim to provide a complete picture of the future tasks, responsibilities and organisation of a governance body. The present document “Preliminary proposal for a governance body” is a starting point for further discussions and investigations regarding a governance structure ensuring the sustainability of the e-SENS results. Finally, D3.4 is expected to be updated in month 18 and month 30 of the project. These update shall further substantiate this findings.

The present deliverable D3.4 forms the basis for the deliverable D3.5 “Preliminary proposal for long-term sustainability within the CEF”, which will be finalised in November 2013.

10

Short term comprises the timeframe from now until 2015. 11 Medium term comprises the timeframe 2016 until 2020. 12

Long term comprises the period of time beyond 2020 (after the expiration of the CEF). 13 The deliverable defines “Governance sustainability” as the management of sustainability. That means: How can sustainability be managed and achieved in an organisational framework? Which type of governance body is needed?

Approved by EC

12

1.2. WP3 “Sustainability and Long-Term Governance” and Task 3.5 “Governance Implementation”: General Objectives and Vision

e-SENS Work Package 3 “Sustainability and Long-Term Governance” concerns the long-term consolidation and maintenance of the technical solutions developed within e-SENS. In this regard it will prepare the path towards a sustainable infrastructure for interoperable electronic cross-border services. Governance, policies and agreements on the organisational as well as legal and political level need to be taken into account.

Task 3.5 “Governance Implementation” of WP 3 focuses on three different subjects and will formulate:

recommendations for the governance 2014-2020

recommendations for a legal framework

recommendations for the Connecting Europe Facility (CEF)/ Ten-Tele Regulation14

Task 3.5 will develop a governance plan and a roadmap for the period from 2014 until 2020 and beyond. It will formulate recommendations for a transition governance model which will maintain the e-SENS results in the short term and which will start immediately after the expiration of e-SENS. Furthermore Task 3.5 will propose an organisational structure for an institution, which will become responsible for governing and maintaining the solutions developed within e-SENS in the medium and long term. In this regard Task 3.5 will propose roles and responsibilities which need to be carried out within a future governance structure. Moreover Task 3.5 will establish a financial plan, which will indicate how a future governance structure and tasks may be funded (e.g. public funding, funding through private-public partnership, private funding).

Besides making recommendations for a future governance body, Task 3.5 will propose directives for a legal framework that will prepare the ground for the future common EU “Digital Service Infrastructures” (DSI) foreseen in the Ten-Tele Regulation. In this regard the deliverable D3.10 “Proposal for legislative measures” will be finalised in month 36.

Apart from this Task 3.5 of WP3 will formulate recommendations for the “Connecting Europe Facility” (CEF) respectively the Ten-Tele Regulation in order to ensure the medium and long-term governance of the building locks (BB), which are consolidated and harmonized within e-SENS. These building blocks are part of the “Core Services Platforms” as defined in the Ten-Tele Regulation. Task 3.5 will provide guidelines for the development and deployment of the “Core Service Platforms” based on the results of e-SENS.

1.3. Methodology of Work Given that the Ten-Tele Regulation has not been agreed yet, it was and still is premature to involve the Member States in order to gather their opinion about a future governance structure. The scope

14 The future Regulation of the European Parliament and of the Council on guidelines for trans-European telecommunications networks and repealing Decision No 1336/97/EC, currently discussed, lays down guidelines for the timely deployment and interoperability of projects of common interest in the field of trans-European networks in the area of telecommunications infrastructure for the period 2014-2020 under the Connecting Europe Facility Framework.

Approved by EC

13

of the deliverable is therefore limited and focuses on intentions, suggestions and recommendations regarding a future governance organisation.

The Deloitte Study on “The feasibility and scenarios for the long-term sustainability of the Large Scale Pilots, including ‘ex-ante’ evaluation” was used as a basic document for this deliverable. A questionnaire was developed on the basis of the “Assessment of basic governance scenarios” and the table “Overview of assessment of the basic scenarios”15 carried out by Deloitte. This questionnaire was sent to the domain leaders of WP516 and the LSP sustainability experts. Task 3.5 collected information per LSP and domain within e-SENS about the decision-making process17, the involvement of different entities and the tasks and responsibilities which need to be carried out by a future governance structure.18 Furthermore the LSPs and domain representatives were asked to provide their comments and remarks on the governance scenarios assessed by Deloitte19. The information given by the surveyed experts were evaluated and assembled in a next step in order to identify a possible sustainability governance structure per LSP/domain. The results of the survey and the identified commonalities were presented to the LSP sustainability experts, the members of the Domain Board (DB) of WP5 and Architectural Board (AB) of WP6. This deliverable takes into consideration the opinions and views on an applicable governance structure expressed by the LSP sustainability experts, and the members of the AB and DB.

The involvement of the LSP sustainability experts was crucial, because a proposal for a future governance structure needs to take into account the existing governance situation of the previous LSPs. Since the domain leaders of e-SENS were highly involved in and possess knowledge of the previous LSPs, the answers of the LSP sustainability experts and domain leaders are subtly different. Nevertheless, sustainability aspects are still under discussion in the current LSPs (epSOS, e-CODEX and STORK/STORK 2.0). In this respect a solid view and opinion on governance sustainability from these LSPs is not entirely attainable for the time being. Therefore the findings indicated in the different chapters need to be considered as preliminary. The identification of an e-SENS point of view on a future governance structure is not possible yet, since the project started in April 2013 and is still in the stocktaking phase. Therefore D3.4 describes commonalities of the different LSP/domains perspectives on governance sustainability in order to formulate suggestions for a future governance structure.

While drafting the deliverable different chapters of the four Task Reports of the Deloitte Study on “The feasibility and scenarios for the long-term sustainability of the Large Scale Pilots, including ‘ex-

15 Report 2 and Report 3 of the Deloitte study on „The feasibility and scenarios for the long-term sustainability of the Large Scale Pilots, including ‚ex-ante’ evaluation“. 16 Currently e-SENS WP5 “Piloting” consists of four domains (WP5.1 “e-Procurement”, WP5.2 “e-Health”, WP5.3 “e-Justice” and WP5.4 “Business Lifecycle”). These domains are led by different partners, which have been addressed by the questionnaire. 17

Decision-Making process indicates the organisation of the decision making. In particular it was asked who shall be involved in the process and in which way (e.g. responsible, accountable, consulted etc.). 18 The domains in e-SENS are related to the previous LSPs. Therefore the Task 3.5 team associated PEPPOL with the e-Procurement domain (WP5.1), epSOS with the e-Health domain (WP5.2), e-CODEX with the e-Justice domain (WP5.3) and SPOCS with the Business Lifecycle domain (WP5.4). Since there is no associated domain for STORK and STORK 2.0 within e-SENS, the leaders of e-SENS Competence Cluster 6.3 “Identity, Security and Trust” were surveyed because this Competence Cluster deals with e-ID. 19 Deloitte assessed the following governance scenarios: DG Programme; EU-Agency; NPO by EC, private sector co-deciding; Private sector forming own NPO; Supervisory authority monitoring private companies

Approved by EC

14

ante’ evaluation”20 were used for further research and input. Allied to this, a “Responsibility assignment matrix”, also known as RACI21 matrix, was used to define and clarify roles and responsibilities within the decision-making process.

1.4. Relations to Internal e-SENS Environment As stated in the previous section, strong cooperation with WP5 (especially the Domain Board) and WP 6 (especially the Architectural Board) took place. Task 3.5 has collected information from the participants of these Work Packages (and also from the LSP sustainability experts, which are also engaged within e-SENS) through a questionnaire, through e-mail correspondence, joint conference calls and joint meetings. Thus the domains in WP 5 and the technical Competence Clusters in WP622 had the opportunity to express their opinions on the future governance structure. These opinions were considered by Task 3.5 and have been included in this document in order to identify a common ground for a sustainable governance structure. This document provides a first idea about a future governance body and serves as a basis for further elaboration.

Furthermore the cooperation with WP4 is important and needs to be strengthened since this Work Package is focusing on legislative developments at EU and also national level, which are likely to affect e-SENS and also the future governance structure. Currently, information about the CEF and especially the Ten-Tele Regulation as well as the Regulation “on electronic identification and trust services for electronic transactions in the internal market”23 is relevant for the work, which Task 3.5 is carrying out.

Finally, collaboration with WP2 is crucial as WP3 requires inputs from a number of external communities of stakeholders and agents. This input will be gathered through communication activities.

1.5. Relations to External e-SENS Environment e-SENS will consolidate and solidify the work done in the previous LSP projects, not only regarding the building blocks, but also in terms of the sustainability plans and strategies in order to deduct common approaches. For the purpose of drafting D3.4 “Preliminary proposal for a governance body” it is crucial to take into account the different governance discussions and situation of the different LSPs. Therefore the link between Task 3.5 and the previous LSPs (STORK, PEPPOL, SPOCS, epSOS and e-CODEX) is important.

e-SENS and especially the work of Task 3.5 is connected and influenced by a number of policies and agreements at European level, e.g. the CEF/ Ten-Tele Regulation, which is still under discussion. Since WP3 is planning the handover of the e-SENS results to the CEF/Ten-Tele Regulation in order to achieve sustainability, WP 3 will try to influence the initiatives and work program within the framework of the CEF/Ten-Tele Regulation and make recommendations to the expert group which is foreseen in the Ten-Tele Regulation.

20

For further information: http://ec.europa.eu/digital-agenda/en/news/final-report-study-feasibility-and-scenarios-long-term-sustainability-large-scale-pilots 21

RACI is the acronym for: Responsible, Accountable, Consulted and Informed. 22

WP 6 “Building Blocks Provision” consists of four technical Competence Clusters: CC6.1 “e-Delivery and e-Interaction”, CC6.2 “Semantics and Processes and Documents”, CC6.3 “Identity, Security and Trust”, CC 6.4 “Conformance and Test”. 23 Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on electronic identification and trust services for electronic transactions in the internal market (2012/0146 COD)

Approved by EC

15

The involvement of different stakeholders is important while creating a proposal for a future governance body. In this respect the EC, the Member States, the Associated Countries as well as the IT-Industry and standardisation organisations will be involved in future Task 3.5 activities in order to ensure that a future governance body will meet all the requirements and needs of these stakeholders and respect laws and regulations on national level as well as on European level.

1.6.Quality Management This section describes the process used to ensure the quality of the deliverable.

Category Remarks Checked by

Conformance to e-SENS template

OK Katrin Weigend

Language & Spelling OK Katrin Weigend

Delivered on time OK Katrin Weigend

Each technology description contains the correct elements

OK Katrin Weigend

Consistency with description in the TA and in other e-SENS deliverables

OK Katrin Weigend

Contents is fit for purpose

OK Katrin Weigend

Contents is fit for use OK Katrin Weigend

Commitment within WP

OK Katrin Weigend

Table 2: Quality Checklist

Approved by EC

16

1.7. Risk Management This section describes the process used for effective risk management. It summarises the risks identified for creating the deliverable “Preliminary proposal for a governance body”. This includes: identifying risks, risk analysis, risk assessment and defining responses and risk owner.

Description Probability Impact Priority Response Owner

Low involvement of partners working within in the project

medium medium medium Approval of WP3 structure and task division

WP3 leader, Task 3.5 leader

Limited resources against high expectations and unforeseen work

high high high Prioritisation of the tasks and responsibilities, which need to be carried out

WP3 leader, Task 3.5 leader

Contributions of domains and LSP sustainability experts are not delivered on time

medium low low Controlling timeline and reminding the experts to meet the deadlines/ monitoring the delivery

Task 3.5 leader, WP3 leader

The information delivered by the domains, LSP sustainability experts are insufficient or inconsistent

medium medium medium Preparation of a concise questionnaire for easy response/ contact the partners for further inquiries

Task 3.5 team, Task 3.5 leader

Contributions by the partners are not delivered in time/ the deadlines are not met

medium medium medium Controlling timeline and reminding the partners to meet the deadlines/ monitoring the delivery

Task 3.5 leader

Contributions by the partners do not have the sufficient quality and quantity

medium high high Monitoring of the development process of the deliverable

Task 3.5 leader, WP3 leader

Analysis of the given information is not detailed enough

medium high high Drafting a table of content and formulation of guidelines and expectations

Task 3.5 leader

Table 3: Risks

Approved by EC

17

1.8. Legal Issues An agreement on CEF, especially the Ten-Tele regulation has not been achieved yet. The still existing uncertainties regarding the CEF /Ten-Tele Regulation impacted on the drafting of the deliverable. As it has not been adopted yet, crucial information was missing which made it too premature to involve the Member States in order to obtain an official, political opinion about a preliminary proposal for a future governance body. A decision on the CEF/ Ten-Tele Regulation is expected in December 2013. After the adoption of the regulation Task 3.5 will be able to consult a broader audience, e.g. the Member States, about their expectations toward a future governance body, which will ensure the sustainability of the results of e-SENS.

1.9.Structure of the document The structure of D3.4 “Preliminary proposal for a governance body” consists of:

1. Introduction

2. Governance aspects per LSP/domain

2.1 PEPPOL/e-Procurement

2.2 SPOCS/Business Lifecycle

2.3 STORK/STORK 2.0

2.4 epSOS/e-Health

2.5 e-CODEX/e-Justice

3. Commonalities of the different LSPs/domains on Sustainability Governance aspects

Conclusion

Approved by EC

18

2. Organisational Governance Aspects per LSP/domain The following sections give an overview about different organisational governance aspects24, which where pointed out by the surveyed experts. These governance aspects need to be taken into consideration while creating a future governance structure.

In some LSPs the discussion on governance sustainability and a possible governance structure for short, medium and long term is still on going, whilst others have already reached a conclusion. It was possible to get a more detailed picture of a possible governance structure from the SPOCS/Business lifecycle and PEPPOL/e-Procurement perspective, since these LSPs are already finished. STORK has already established a solution for the short term (ISA programme) and will investigate further solutions for medium (an Action for the ISA 2013 Work Programme) and long term. D3.4 will refer to STORK 2.0, but will focus on the STORK predecessor. Since epSOS and e-CODEX are still in progress a final and official statement on governance sustainability cannot be provided for the time being.

Depending on the circumstances stated above and the sustainability discussions within the LSPs the section on the LSPs/domains will differ regarding the level of detail (e.g. advantages and disadvantages of a possible governance structures, involvement of the stakeholders etc.). The overall goal is the presentation of ideas and intentions on a suitable and valuable governance structure per LSP/domain.

2.1. PEPPOL/ e-Procurement

2.1.1. Overview Many EU countries already use electronic procurement, most solutions are implemented on a national or regional level, each with their own separate systems and standards, creating isolated “islands of e-Procurement” operating in closed network. This makes the connections between buyers and suppliers costly and complex.

In 2008, the PEPPOL (Pan-European Public Procurement Online) project was launched with the purpose to align business processes using common standards, address common legal issues, to develop open source technologies and an open and accessible network. The project was co-funded by the European Commission and a consortium of 18 government agencies from 11 Member States and Associated Countries: Austria, Denmark, Finland, France, Germany, Greece, Italy, Norway, Portugal, Sweden and the United Kingdom.

PEPPOL developed the Business Interoperability Specifications (BIS) for common e-Procurement processes such as e-Catalogue, e-Orders, and e-Invoices to standardise electronic documents exchange. This exchange is being validated through an open and secure network, between sending and receiving Access Points for public sector buyers and their suppliers across Europe. A Virtual Company Dossier (VCD) was developed for suppliers to submit company information in a standardised and ‘re-usable’ format. Furthermore an e-Catalogue for the use in the tendering process and a pan-European e-Signature validation service was created.

24

Organisational governance aspects are aspects, which need to be considered for the creation of a future governance structure. The deliverable focuses on governance sustainability and organisational governance aspects that means on the decision-making process, the involvement of different stakeholders etc. in a future governance structure.

Approved by EC

19

2.1.1.1. Relation between PEPPOL/e-Procurement and e-SENS The objective of e-SENS in the e-Procurement domain will be to take seamless cross-border e-Procurement to the next level, supporting the implementation of the proposed public procurement directive25 and to continue standardisation of public procurement processes. This implies a need to develop specifications and services for the processes leading to the award of a contract (pre-award tendering) as well as continued efforts for streamlining the processes for ordering and invoicing (post-award procurement). In this regard, it is important to estimate to what extent the high-level building blocks (e-ID, e-Signatures, e-Delivery and e-Documents) can be re-used in the domain.

The Large Scale Pilot PEPPOL has over its lifetime developed and implemented specifications and services that facilitate cross border electronic procurement processes between public sector entities and their suppliers. They are also re-usable between private sector entities. PEPPOL is the foundation for the piloting envisaged in the e-Procurement domain of e-SENS.

The future goal is to take e-Procurement to a stage where users are offered services that provide a European-wide tendering process and the support of electronic ordering and invoicing across countries, regions and sectors. e-Procurement is listed as one of five highly prioritised cross-border digital public services of vital importance for the Digital Single Market.

The EC Communication ‘A strategy for e-Procurement’ states that “e-Procurement can significantly simplify the way procurement is conducted, reduce waste and deliver better procurement outcomes by stimulating greater competition across the Single Market” 26.

In the e-Procurement domain of e-SENS, priority will be given to facilitate cross border e-Invoicing and thus provide support for Key Action 10 “Make electronic invoicing the standard invoicing mode for public procurement” in the “Single Market Act II – Together for new growth”27. The introduction of legislative measures making e-Invoicing a standard practice in public procurement will make the public sector the leading market for e-Invoicing and spearhead its wider use in the economy.

Support for interoperable post-award procurement processes has been developed to a satisfactory maturity level through the efforts of PEPPOL, CEN BII and OASIS. The main purpose of the planned post-award activities within e-SENS will be the introduction of refined business interoperability specifications, testing of new versions of the e-Delivery building block, as well as other relevant building blocks to be developed. In the production pilot environment, transactions amongst public administrations, or between them and European citizens and businesses, can take place, based on technological building blocks in a cross border context.

2.1.2. Community and Stakeholders Since September 2012, with the set-up of the OpenPEPPOL Association, the stakeholder base has been expanded to reflect the shift from a pilot project to a market-driven organisation.

OpenPEPPOL membership, also referred to as PEPPOL network, is open to the following types of organisations:

25

PROPOSAL FOR A DIRECTIVE OF THE EUROPEAN PALIAMENT AND OF THE COUNCIL on public procurement (COM(2011) 896 Final, 20.12.2011) 26 “Strategy for e-Procurement” (COM(2012) 179 final, 20.4.2012) 27

“Single Market Act II – Together for new growth” (COM(2012) 573 final, 3.10.2012)

Approved by EC

20

• Contracting authorities (public sector buyers), economic operators (suppliers) and other end-users of PEPPOL specifications, building blocks and services

• Regional or other types of Authorities who provide domain specific governance within the PEPPOL network.

• Service Metadata Publisher Providers who provide the client locator services within the PEPPOL network.

• Access Point Providers who provide access to send and receive documents through the PEPPOL network.

• e-Signature Validation Service Providers • Pre-award Service Providers (according to provisions of the Pre-award Infrastructure

Agreements) • Other organisations which are relevant to the purposes of OpenPEPPOL (e.g. universities,

standardisation bodies, etc.).

Market requirements are gathered through the activities of the OpenPEPPOL Coordinating Communities (CCc): Transport Infrastructure, Post-Award, Pre-Award, and e-Signature.

All OpenPEPPOL Members form the General Assembly and must also be members of at least one Coordinating Community. The General Assembly is the supreme power of the Association.

2.1.3. Governance Sustainability

2.1.3.1. What has been achieved – OpenPEPPOL A long term sustainability roadmap was agreed within the original PEPPOL project consortium. The roadmap described three parallel approaches for sustainability of PEPPOL results:

1. User driven approach: OpenPEPPOL AISBL 2. EC supported approach towards establishment of Connecting Europe Facility (CEF)

through:

ISA operations and governance of centralised software components/services (SML)

New CIP ICTPSP ‘Pilot A’ project ‘Basic Cross Sector Services’ (e-SENS) 3. Standardisation approach; continued efforts for standardisation of business processes

and semantics and e-Delivery through CEN WS BII, OASIS TC BDX and other relevant standardisation bodies.

As the Pan-European Public Procurement Online (PEPPOL) project has reached a successful completion, with the PEPPOL specifications being implemented across several European countries. OpenPEPPOL28 has been established as a non-profit international association comprised of public and private members of the PEPPOL community, with operations beginning on 1st September, 2012.

OpenPEPPOL strives to implement widely accepted standards based business processes, ensuring the long-term sustainability of the PEPPOL project results.

The main goals of OpenPEPPOL are as follows:

Encourage European governments and their suppliers to continue implementing e-Procurement using the PEPPOL specifications and promoting best practices.

28

For more information: http://www.peppol.eu/about_peppol.

Approved by EC

21

Ensure that the PEPPOL network continues to grow in an open, accessible and compliant manner, supporting interoperability for European public services and helping Europe move towards a Digital Single Market.

Encourage the development of innovative PEPPOL-based ICT products and services, promoting their use also in the business-to-business (B2B) context to harmonise processes across the private and public sectors, simplifying e-Procurement adoption for small and medium sized enterprises.

PEPPOL based solutions have been implemented successfully in 15 European countries to date and interest is now increasing from outside Europe. As more products are developed, businesses and contracting authorities will have a choice of simple and more flexible ways to implement PEPPOL-based e-Procurement solutions, which will lead to increased market driven adoption.

Over 75 members from both the public and private sectors, have joined the OpenPEPPOL Association in its first year of operation.

2.1.3.1.1. Organisation Structure of OpenPEPPOL

The structure of OpenPEPPOL consists of the following units and bodies:

Figure 1: Governance Structure of OpenPEPPOL

Approved by EC

22

OpenPEPPOL Layers of Governance

The General Assembly

The General Assembly holds all the powers that are expressly reserved by law, and that are not devolved to the Managing Committee by the current Statutes, except for powers of representation.

The General Assembly has the power to:

alter the Statutes;

elect or dismiss members of the Managing Committee and the Auditor;

establish or dissolve Coordinating Communities;

approve a broad programme of activities and initiatives for the forthcoming years to further the purposes of the Association;

approve a budget and sources of funding including the setting of a subscription fee or range of fees for the forthcoming year; approve the accounts of the previous fiscal year;

disqualify any member;

dissolve the Association; electing and appointing the Secretary General;

electing and appointing the members of the Managing Committee, except those elected and appointed by the Coordinating Communities.

All OpenPEPPOL members that form the General Assembly are also members of at least one Coordinating Community.

The Coordinating Communities

The OpenPEPPOL Coordinating Communities are as follows:

• OpenPEPPOL Transport Infrastructure Coordinating Community

• OpenPEPPOL post-award Coordinating Community

• OpenPEPPOL eSignature and eID Coordinating Community

• OpenPEPPOL pre-award Coordinating Community

Members of OpenPEPPOL are expected to participate, on a voluntary basis, in the activity of internal working groups, which are part of the Coordinating Communities, in order to ensure efficient operations within them and achieve their objectives, Typically, different working groups within a Coordinating Community would deal with different types of structured information and data exchange (e.g. within the Pre-Award Coordinating Community there is a working group on e-Tendering, one in the Virtual Comany Dossier and one in e-Catalogues).

The Managing Committee

The Managing Committee acts as a board and is composed entirely of OpenPEPPOL member representatives. The committee is composed of the Secretary General and one representative of each Coordinating Community, as a minimum.

Approved by EC

23

The OpenPEPPOL Secretary General is the highest authority of the Association between General Assemblies. The Secretary General is elected by the Managing Committee. The Secretary General may stand for more than one term of office. The Secretary General promotes the purposes of the association and implements the decisions of the General Assembly and the Managing Committee.

The OpenPEPPOL Operating Office assists the Secretary General in executive task.

Table 4: OpenPEPPOL – Layers of Governance

2.1.3.1.2. OpenPEPPOL Legal Framework OpenPEPPOL is a not‐for‐profit International Association founded in accordance with the Belgian Law (AISBL) of 27th June 1921.

The OpenPEPPOL Statutes29 define:

• Purposes of OpenPEPPOL • Membership criteria, subscriptions, withdrawal, liability, intellectual property rights • Organisational structure: the General Assembly, the Coordinating Communities, the

Managing Committee, the Secretary General • Fiscal Year, financial management and language • Dissolution and liquidation, covering procedures necessary in case the Association is decided

to be terminated

2.1.3.2. Possible Sustainability Governance Structure for short, medium and long term

The governance structure preferred by the stakeholders active in the e-Procurement domain and participating in OpenPEPPOL for the short, medium and long term is the Non-Profit Organisation (NPO) formed by the private and public sector which has resulted in the set-up of OpenPEPPOL AISBL, in September 2012, to ensure the long-term sustainability and maintenance of the PEPPOL specifications, and to promote implementation across Europe.

The private sector market in the e-Procurement domain with many service providers is well established and would see challenges regarding a strong centralised governance model lead by the public sector, where highly competitive and therefore sensitive company and business information could be exchanged, stored and gathered. The set-up of a DG programme is seen as difficult regarding sustainability issues, since it is limited in time and does not guarantee market take-up. An example is the e-SENS project itself, which is limited in terms of duration; and even if the

29 For more information: http://www.peppol.eu/about_peppol/openpeppol-statutes

Approved by EC

24

“Connecting Europe Facility” (CEF) provides a financing bridge, a disruption might still occur after the closing of CEF.

An NPO like OpenPEPPOL brings into the community the commitment of European governments as the authorities supporting the organisation and as buying entities, thereby providing incentives to private organisations to invest in PEPPOL-based solutions, increasing market take-up. Moreover, through a private NPO, decision making will, by virtue of its membership, take market needs into account.

The OpenPEPPOL governance structure is composed of different layers with related roles and responsibilities, including but not limited to strategic oversight, maintenance of the specifications through the work in the different Coordinating Communities, communications and related activities to increase market take-up. The OpenPEPPOL Operating Office also supports the Secretary General and the Managing Committee in daily administrative tasks.

OpenPEPPOL AISBL has an unlimited duration and will continue to be supported by governments and other member organisations.

In this respect, it is clear that a private Non-Profit Organisation - with the participation of Member States and the European Commission - is the preferred options from the stakeholder community active within OpenPEPPOL and in the e-Procurement domain. A possible alternative proposal could be an EC NPO with private decision makers involved.

2.1.4. Conclusion OpenPEPPOL believes that a one-size fits all governance model will not be able to meet the different domain specific needs of the individual LSPs. This is due to both the nature and the targets of the services offered.30 What works for OpenPEPPOL may not work for e-Health and e-ID. These domains may have different needs. The future governance structure will have to take into account key sustainability dimensions, such us market take-up and target users, technology, operational and strategic aspects in order to achieve a broad and on-going consensus for long term sustainable adoption.

2.2. SPOCS/ Business Lifecycle

2.2.1. Overview The Large Scale Pilot SPOCS31 (Simple Procedures On-line for Cross-border Services) was launched in May 2009 by the European Commission in order to facilitate the implementation of the Service Directive32. Partners from 16 European countries33 participated in the project. Over its lifetime SPOCS has developed and implemented specifications and services that facilitate cross-border electronic services between public sector entities and private sector entities (travel agents, master builders, etc.). SPOCS represents the foundation for the piloting envisaged in the Business Life Cycle domain of e-SENS. Upon SPOCS completion (31 December 2012), e-SENS is expected to continue and improve the work regarding e-Business and e-Services within the European area.34 The SPOCS sustainability approach encompasses both the sustainability of the operational pilots inside the European Member

30

This is the position of the OpenPEPPOL Managing Committee and is based on the discussions with Members within the Coordinating Communities. 31

More information about SPOCS:http://www.eu-spocs.eu/ 32

Directive 2006/123/EC of 12 December 2006 on services in the internal market 33 Participating countries: Austria, France, Germany, Greece, Italy. Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovenia, Sweden, United Kingdom 34

e-SENS D 2.2 Website Deliverable, Section e-SENS & Business Life Cycle (not published yet)

http://www.eu-spocs.eu/

Approved by EC

25

States and also the technical solutions developed. After its finalisation, the SPOCS project has not set up a governance model, however specific owners (e-SENS, DG MARKT and EUGO platform) for maintenance and support of the different building blocks have been appointed.

2.2.1.1. Relation between SPOCS/Business Lifecycle and e-SENS The objective of e-SENS in the Business Life Cycle domain will be to take seamless cross-border e-business processes and e-Services to the next level, supporting the continuous implementation of the Services Directive and the continued standardisation of e-Services and e-Business processes. This implies a need to develop specifications and services for the process leading to the opening of a cross-border business in a Member State, as well as continued efforts for streamlining the processes for opening and managing a business in another Member State.

In the Business Life Cycle domain of e-SENS, priority will be given to facilitate cross-border e-Services and thus provide support for Key Action 8 ”Support online services by making payment services in the EU more efficient” as stated in the “Single Market Act II – Together for new growth”35.

2.2.2. Community and Stakeholders The main SPOCS stakeholders are:

DG MARKT as creator and implementer of the Service Directive;

the MS implementing the Directive, which includes the establishment of the Point of Single Contact and different competent authorities;

The actual users; entrepreneurs, temporary service providers, etc.

DG MARKT together with the Member States were responsible for the implementation of the Service Directive and for the decision making. The main role is still played by the MS who are accountable for the implementation of the Directive through the competent national authorities36 involved.

The final users (the Points of Single Contacts - PSCs - and businesses) should be informed by the competent national authorities about the progress of the implementation since they are directly affected by the implementation of the Service Directive.


2.2.3.1. What has been achieved During the project, the SPOCS team prompted for feedback on three types of entities in the stakeholder sessions (dot.eu, dot.org, dot.com). The stakeholders were asked to respond to sustainability issues in terms of what they wanted to see happen and what they expected to happen. Over 192 interviews were conducted from June to September 2011.

35 „Single Market Act II –Together for new growth” (COM(2012) 573 final, 3.10.2012) 36

The national authorities are competent relevant ministries and other responsible public bodies.

Approved by EC

26

The proposed entities were37:

dot.eu – public authorities in the lead;

dot.com – the commercial sector in the lead;

dot.org – a non-for-profit agent/foundation in the lead.

The results are split fairly even between the three scenarios. 41% of the surveyed experts would like to see dot.eu, 31% dot.com and 28%. dot.org. However, 60% of the experts expect dot.eu to be realised in the future.


In order to identify a largely accepted governance structure, a timeframe has been defined consisting of short, medium and long term periods. The short term period has been defined from now until end of 2015, the medium term would run from 2016 to 2020, while the long term period would take into account the period beyond 2020, that means after the expiration of the “Connecting Europe Facility” (CEF).

When designing a governance structure several aspects have to be taken into account in general:

the need to engage key stakeholders;

the best way to ensure the market take-up of the developed technical solution;

the guarantee of long-term continuity of cross-border public services;

the need for flexibility in order to ensure the consideration of different needs and requirement.38

There are several governance scenarios to be considered, which have been identified and assessed by the Deloitte study39 :

a DG Programme;

an Agency;

an NPO created by the EC with private sector co-deciding;

Private sector forming their own NPO;

a Supervising Authority monitoring private companies.

37

SPOCS D7.13 Sustainability definitions and action plan / SPOCS Project (not published) 38

Task 2 Report, Deloitte Study on „The feasibility and scenarios for the long-term sustainability of the Large Scale Pilots, including ex-ante evaluation” p.1. 39 Task 2 Report, Deloitte Study on „The feasibility and scenarios for the long-term sustainability of the Large Scale Pilots, including ex-ante evaluation”

Approved by EC

27

The possible governance scenarios from the SPOCS/ Business Lifecycle perspective in the mentioned timeframes would be the following:

1. Short term (now until the end of 2015): DG Programme, more specifically Horizon 2020; 2. Medium term (2016-2020): DG Programme (Horizon 2020) including a transition phase to

the agency; 3. Long term (beyond 2020): Agency (within new budget cycle).

According to the surveyed experts40, the most likely implementable scenarios or structure would be either DG Programme or an Agency. Currently, there is limited usage of the results of the LSP projects, especially SPOCS. From that point of view, a DG Programme would be sufficient in order to expand the use of the solutions and fine tune the operational details at European level. This also supports the setting up of an Agency. In order to implement an Agency at European level, which will maintain the technical solutions developed by the LSP, the LSP solutions need to become more stable and more mature. A future governance structure could take into account the scenario for dot.eu, which was identified in the SPOCS Sustainability Plan41. That means that coordination will take place at EU level jointly with MS. Furthermore dot.eu will leave enough room for the private sector to be consulted and to be active under the supervision of the EU and the MS.

Looking at the implementation of the Service Directive, the setting up of a PSC structure is a Member State task and the provision and usage of the technical solutions as well. Therefore it is very unlikely that the private sector alone would create buy-in from MS to run the solutions in their own country, not to mention that the LSP solutions are public infrastructure (e.g. e-ID, e-Delivery). From that point of view, these services must be at least regulated and supervised by the public sector. Therefore, governance solutions that are based only on the private sector are not appropriate. However there might be a need for an intermediate scenario before having a fully operational solution for sustaining the technical work of the project. The participation of the Member States under the co-ordination of the European Commission is still required and this framework should be loose at the beginning. According to the surveyed experts and to the studies carried out on this subject42, there is evidence that the intermediate scenario with the focus on the DG Programme is the forerunner for the Agency at this stage.

2.2.3.2.1. Advantages and disadvantages of the proposed governance structure for SPOCS/Business Lifecycle

When proposing a governance scenario or structure, the advantages and the disadvantages for each of the preliminary proposed models must be taken into account.

The advantages and the disadvantages for the proposed scenarios have been summarized into the table below:

SCENARIO ADVANTAGES DISADVANTAGES

40

The detailled answers can be found in the Apendix II - Governance Matrix/ Questionnaire. 41 D7.13 Sustainability definitions and action plan / SPOCS Project (not pusblished) 42 Task 2 Report, Deloitte Study on „The feasibility and scenarios for the long-term sustainability of the Large Scale Pilots, including ex-ante evaluation”

Approved by EC

28

DG Programme

The DG Programme scenario has several advantages:

the continuity and funding - the DG

Programme benefits from funds it can

distribute for boosting cross-border

digital services) in the short run;

it could help the BB achieving a level of

maturity.

The surveyed experts43 stated that the short-term scenario should take into account the participation of the MS in the decision making process under the co-ordination of the EC. The MS would participate in the decision-making process while setting up the DG Programme and adjusting it. The model already exists since more working groups (like for e.g. DG Internal Market and Services expert groups and stakeholders) are already established under the coordination of various DGs.

However, the DG Programme is most able to ensure the technical solutions of SPOCS and the Business Lifecycle domain in the short and medium term and pave the way to an Agency.

The continuity (and the funding) could be guaranteed just for the time the DG Programme is running (7 years).

Other disadvantage for this scenario would be that e-Business (PSC) is Member States competence thus only the Member States have the possibility to adhere /uptake it.44

Disconnected initiatives, the lack of coordination across projects or working groups or the redundancy are just some of the potential disadvantages of the DG Programme governance scenario.

Through a DG Programme the roll out or conviction to push MS to adopt the solution is unattainable and therefore no targeted communication could be addressed to potential users in the entrepreneur community.

Agency The Agency scenario is considered sufficient by the surveyed experts for the long term, due to its visibility and its possibility for coordinated action on developing interoperable solutions even across domains. The Agency could function as a single owner of the sustainability of services for business operations.

Nevertheless, an Agency would imply a centralised approach and complex governance entity. This kind of governance scenario needs more time (probably between three or four years) to be established. Therefore, all the appropriate decisions at MS level and EC level should be taken in advance and afterwards the Agency should be established with specific responsibilities.

NPO by EC with private sector co-deciding

This scenario would offer more flexibility. Intermediaries could be involved in the services at national level. This could also be an auxiliary and intermediate state until the establishing of an Agency (that could be considered the long term governance solution). The main advantage

Also this model needs time to be established and organised. It is very complex which might cause inertia, as opposed to serving the business community and final users, for which the

43 The detailled answers can be found in the Apendix II - Governance Matrix/ Questionnaire. 44 Task 2 Report, Deloitte Study on „The feasibility and scenarios for the long-term sustainability of the Large Scale Pilots, including ex-ante evaluation”

Approved by EC

29

of an NPO would be the active participation of the private sector providing their interest in investing, but in the meantime the key problem would be the fact that e-Business (PSC) is national competence.

governance structure could be difficult to understand from the outset.

Private sector forming own NPO

According to the surveyed experts, the private sector forming its own NPO does not seem to be a viable solution. Since e-Business (PSC) is MS competence that have the final decision, the public sector must be involved in the governance model.

Supervisory Authority monitoring private companies

A proposed scenario of a Supervising Authority monitoring private companies would have the serious disadvantage of no legal competency under this domain. e-Business implementations are public-sector owned and in this scenario the public sector would not be involved. The scenario could be useful for having a business case for the private sector, but this may delay the private investments towards this directions.

Table 5: Advantages and disadvantages of the proposed governance structure for SPOCS/ Business Lifecycle

2.2.3.2.2. Involvement of the different stakeholders The stakeholders involved would share different responsibilities. Assuming the Agency scenario, the EC should be in charge for the correct and completion of the initiative, since it would be the primary funding organisation (because it would operate under the EC) and it needs to set up a proper structure. Nevertheless, the EC should play a co-ordination role together with Member States for ensuring the implementation and using of the solutions.

The key role will then be assumed by the MS. The MS will be responsible for decision making at European level and for the implementation and using of the solutions at national level. In some countries the regions are responsible for the implementation of the Services Directive. In those countries regions need to be consulted. At this point the MS should set up an organisational structure through which the regions can be consulted in order to take into account their needs and requirements. However, the influence of the regions in this respect (if consulted through the national state) will remain low since their opinion will be filtered at national level.

Approved by EC

30

The private sector, especially the ICT Industry should be consulted because of their capacity to provide innovative information and make products that take advantage and support the LSP services. Other industry should be informed since they are also affected by the outcome of those initiatives and the solutions provided by LSPs.

One community that requires special attention is the one represented by the standardisation organisations. They must be consulted in order to get feed-back for defining and updating the standards in order to fulfil the needs of the LSPs services.

The relationship with technical/ building block experts needs to be carefully evaluated since the goal is to implement LSP building blocks. So there is the need to provide support to organisations that are interested to use them.

The Domain/LSP experts must be informed and consulted, not necessarily in a direct manner, because it could be difficult to provide an objective opinion regarding the solutions they have already developed. Their role would be to provide the needs that should be addressed in the solutions created by LSPs, to implement the pilots that can depict how the solutions can be used and to identify the issues to be solved at a later stage from technical building blocks experts.

Research and knowledge institutions could play the role of the independent validator of the solutions, so they must be consulted and asked to make proposals for improvements.

Also the users that are being affected by the outcome of the solutions must be kept up-to-date and consulted regularly. In this case the PSC would play the role of the intermediate user along with the entrepreneur community and the citizens would play that of the final user.

The following table presents the possible levels of involvement for each stakeholder45:

Level of involvement

European Union Member States Private sector Third parties

Decides X

Co-decides X X X (X)

Advises/consulted X X X

Not involved

Table 6: SPOCS/ Business Lifecycle: Levels of involvement

From a governance perspective, a DG Programme, has very few possibilities for decision-making and direct stakeholder involvement. The EC is the sole decision-maker. The only time that that co-decision takes place, is during the setup or definition of the programme, where MS are involved in defining and approving the programme. As in all scenarios, it is an option to consult the other stakeholders as deemed necessary. However, other stakeholders cannot be directly involved in the decision-making.

During the programme, although the unit(s) (within the DG(s)) responsible for the programme will be driving the work and the European Commission will be making the final decisions, it is possible to have46:

45

Task 2 Report, Deloitte Study on „The feasibility and scenarios for the long-term sustainability of the Large Scale Pilots, including ex-ante evaluation” 46 Task 3 Report, Deloitte Study on “The feasibility and scenarios for the long-term sustainability of the Large Scale Pilots, including 'ex-ante' evaluation, pg. 31

Approved by EC

31

A Programme Committee that assists in the management of the programme – An example could be the ISA Committee consisting of Member State representatives (DG DIGIT).

A Coordination Group that ensures the coordination of the work on the programme – An example could be the ISA Coordination Group (DG DIGIT), another could be DG TAXUD’s network of Customs 2013 monitoring coordinators (National Monitoring Coordinators) from the Customs 2013 Programme.

Working groups that drive the work on individual areas within the Programme –An example could be the Trusted Information Exchange ISA Working Group (DG DIGIT), another could be the Youth in Action programme’s Youth Working Party (DG EAC).

To conclude, from a Member State buy-in perspective (since the MS want stability), the DG Programme scenario may ensure enough buy-in, providing the Member States are content with the way the programme is setup and run and providing that not too many changes are needed. Although it is possible to setup a programme that Member States are happy with and thereby ensure Member State buy-in, it is not possible to count on the involvement of other stakeholders and therefore a programme does not ensure a balanced stakeholder representation. This means that there is a real risk that the needs and requirements of the other stakeholders may not be taken sufficiently into account.

Seen in terms of involving the MS in the decision-making along with the EC, there are already functioning agencies under this kind of structure, like for e.g. EASA (European Aviation Safety Agency) or EFCA (European Fisheries Control Agency). EASA for e.g. is an Agency of the European Union. As an EU-Agency, it is a body governed by European public law. It is distinct from the other European institutions (Council, Parliament, Commission, etc.) and has its own legal personality and specific regulatory and executive tasks in the field of civil aviation safety and environmental protection. The Agency works hand in hand with the national authorities, which continue to carry out many operational tasks, such as certification of individual aircraft or licensing of pilots.47 This represents an example that in the proposed Agency scenario, the MS could be involved directly in the co-decision processes together with the EC. However, if there is co-decision with the MS, this does not imply that all MS have to be involved as e.g. the EFSA (European Food Safety Authority) and EIGE (European Institute for Gender Equality) agencies do not have all MS on their boards. Nor does the European Commission have to be on the board (if wished so): examples of this could include CEPOL (European Police College) and EUROJUST (The European Union s Judicial Cooperation Unit). In addition to this, it is possible for other stakeholders to be involved in the decision-making process by having representatives on the board, such as is the case in e.g. ENISA (European Network and Information Security Agency) and CEDEFOP (European Centre for the Development of Vocational Training).

To conclude, the Agency can have any desired level of MS involvement and any level of involvement of other stakeholders that may be wished for, thereby optimising both MS buy-in and a balanced stakeholder representation48.

47 More information about EASA: http://easa.europa.eu/frequently-asked-questions.php#what-is-the-agency. 48 Task 3 Report, Deloitte Study on “The feasibility and scenarios for the long-term sustainability of the Large Scale Pilots, including 'ex-ante' evaluation”, p. 31.

Approved by EC

32

2.2.4. Conclusion There are areas (like strategic oversight, legal/regulatory/compliance or business readiness) and activities, that should be carried out by a centralised governance structure at European level. The coordination could be settled down at European level in order to set the basic rules and integrate the processes and leave the MS the independence in their operations. User involvement should occur at regional level.

In case of a DG Programme, in terms of governance, the European Union would decide and the Member States would co-decide. The MS can be involved whilst the programme is setup, but not whilst it is running (it can run for up to seven years at a time). The financial aspects would be carried out by the EU that could either fully finance the programme or it could co-finance it. The co-finance aspect could involve several different stakeholders if the operations are licensed out.

If the Agency is preferred, the EU could be either sole decider or co-decider with the Member States. They could also co-decide with the private sector and third parties if they wish. The financial side could be ensured either fully by any of the stakeholders (only by private sector if there is possibility for profit) or it could be co-financed by a combination of stakeholders.49

In terms of the preferred governance structure, it has been argued that the Agency scenario under EU law (in terms of legal status) would be the most appropriate one. The legal framework for the technical components could be settled under Joint Agreements at first and in a later stage could be converted into a European legislative initiative.

2.3. STORK/STORK 2.0

2.3.1. Overview

2.3.1.1. STORK In 2008 a consortium of 29 participants of 14 European countries was founded, to execute the STORK project (Secure Identity Across Borders Linked), a co-funded project under the 2007 call of the Competitiveness and Innovation Framework Program. The STORK project ran from May 2008 until December of 2011.

The aim of the STORK project was to establish a European e-ID Interoperability Platform that will allow citizens to communicate electronically with public administrations across borders, just by presenting their national e-ID. Some of the requirements for STORK were to be respectful to the administrative cultures within the EU Member States and to provide scalability, trust and security, especially with respect to privacy.

Cross-border user authentication for such electronic communications has been applied and tested by the project with the help of six pilots in existing government services in EU Member States. When the STORK solutions are implemented in national infrastructures it will be possible for additional public service providers to become connected to the platform, thereby increasing the number of cross-border services available to European users.

The upcoming regulation on electronic identities and trusted services50 will bring the results of STORK into a legislative environment. The regulation will facilitate citizens to start a company, get their tax

49

Task 3 Report, Deloitte Study on “The feasibility and scenarios for the long-term sustainability of the Large Scale Pilots, including 'ex-ante' evaluation, pg. 23 50 Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on electronic identification and trust services for electronic transactions in the internal market (2012/0146 COD)

Approved by EC

33

refund, or obtain their university papers without requiring a physical presence. All what is needed to access these services is to enter the citizen’s personal data using their own e-ID, and the STORK platform will obtain the required guarantee (authentication) from the respective government.

Approved by EC

34

User-centric Approach = Privacy Guarantee

The role of the STORK platform is to identify a user who is in a session with a service provider, and to send his data to this service. Whilst the service provider may request various data items, the user always controls the data to be sent. The explicit consent of the owner of the data - the user - is always required before his data can be sent to the service provider.

The platform will not store any personal data, so no data can be lost.

This user centric approach was not taken to satisfy some preferences, but in line with the legislative requirements of all the various countries involved that oblige concrete measures to be taken to guarantee that a citizen's fundamental rights - such as their privacy - are respected.

At the end of the project the STORK consortium had grown to a total of 35 members composed of national governments, academia and research, non-profit and private organisations.

2.3.1.1.1. Relation between STORK and e-SENS e-SENS will integrate the existing solutions provided among other by the previous LSPs and extend them to create reusable generic building blocks. Part of this is related to the results of STORK, as the Competence Cluster 6.3 (CC 6.3) focuses on “Identity, Security and Trust”.

Particularly, the infrastructure developed by STORK for cross-border use of electronic identities will be taken into account to provide an integrated framework to handle e-ID within e-SENS, addressing several issues currently out of the scope of the previous LSP. For example, e-SENS will investigate the possibility to use self-managed user-centric on-line identities (based on cloud ID or other types of consumer ID) within the context of public services and the trust frameworks allowing this to happen. The final aim is to give choice and control to individuals (for better control over their identity data and support for the verification of identity attributes that may be wilfully shared with the relevant parties).

Besides the e-ID infrastructure, e-SENS will work in a solution for modular mobile e-ID/e-Signature. Based on STORK, the so-called “mobile phone signature” solution has been developed, and this will form part of the modular building block to be industrialised by e-SENS.

Finally, STORK developed an interoperability framework for ID (QAA) that will be a basis within e-SENS to provide the definition of best-practices or common foundations to assure security, privacy, data protection and trust in the exchange of information.

2.3.1.2. STORK 2.0 The STORK 2.0 project started in April 2012 to facilitate the creation and take-up of a single interoperable and sustainable electronic identification (e-ID) authentication area for Europe, for individuals and legal entities, building on the results of STORK. The initiative will drive convergence between the private and public sector, at national and EU level, for secure and easy access to cross-border public services using e-ID credentials. Four pilots will run for 12 months, focusing on eLearning and Academic Qualifications, e-Banking, Public Services for Business and e-Health to demonstrate the capabilities and benefits of an interoperable e-ID in a real-world environment.

STORK 2.0 is an EU co-funded initiative under the 2011 ICT Policy Support Program (ICT PSP) of the Competitiveness and Innovation Framework Program (CIP). It brings together 58 consortium partners and 19 countries.

Approved by EC

35

The four key objectives of STORK 2.0 are:

Accelerate the deployment of e-ID for public services by co-ordinating national and EC initiatives in support of federated e-ID management architecture across Europe.

Maximise the take-up of its scalable solutions throughout the EU, with a strong commitment to open specifications and longer-term sustainability around a vision of e-ID as a Service Offering (backed by participating European countries and industry).

Facilitate the convergence of private and public sectors in a fully operational framework and infrastructure, which uses e-ID for secure and coherent authentication of legal and natural persons across the EU.

Run four cross-border and cross-sector pilots to test and demonstrate the capabilities and benefits of interoperable e-ID in a real-world environment.

2.3.1.2.1. Relation between STORK 2.0 and e-SENS Based on the results of STORK, STORK 2.0 is working in extending the e-ID infrastructure to, for instance, the exchange of attributes in the electronic identities endorsed by governments, including roles and mandates as needed by various on-line services. e-SENS Competence Cluster 6.3 will take all this work as a basis and will extend it to include cross-sector data and specific needs, such as those identified by epSOS in e-Health or in e-CODEX.

2.3.2. Community and Stakeholders

2.3.2.1. STORK Different types of organisations (private, agencies and government) and government layers (municipal/local, regional, national) have participated in the pilot activities. The project attempted to cover the entire value chain - from core data to citizens’ service - by including both those who build the infrastructures for the services, as well as those who provide them in real life to the end users, the citizens. This will ensure that the services developed have market potential, and are used, during and beyond the lifetime of the project.

The consortium needed to attend to a rich variety claims and interests of stakeholder groups. A wide range of persons and groups exist with legitimate interests in STORK.

A great diversity of stakeholders were listed including the European Commission , national, regional, local government officials, democratic governments, public authorities, other LSPs, citizens, businesses/service providers, industry, potential partners, media, NGOs, activists, academics, researchers, scientists and leadership staff.

To attend the particular needs of industry, Member States and other groups, some communities were created:

• For Industry the STORK Industry Group was set up as an open forum where industry stakeholders could remain informed of developments throughout the project and provide their feedback and comments to the Consortium. The Industry Group included small, medium and large companies and associations in the ICT sector that manufacture, supply and consult on infrastructure and end user related products for e-ID for Member States and EEA members in Europe.

Approved by EC

36

• For Member States the STORK Member States Reference Group was set up as an open forum where EU Member States and EU institutions which were not already part of the project, could remain fully informed of developments throughout the duration of the project and to provide their feedback and comments to the Consortium. More specifically, the MS Reference Group was composed of MS national authorities and EEA members in Europe in charge of national identity.

• For those with interest in the achievements of STORK but were not part of the Consortium nor part of the Industry of Member State group, an eID community of interest was created. Some of its members are departments of the European Commission, the media, NGOs, academics and researchers.

2.3.2.2. STORK 2.0 The central stakeholders include the following:

Public Administrations of all EU Member States, Associated and Candidate States, and in particular Identity Providers and national public PKI authorities (certification authorities, registration authorities, validation etc.), Attribute Providers.

EU Directorate Generals, projects and European agencies (incl. privacy and data protection experts and authorities such as Article 29 Working Group and national data protection agencies).

Citizens and civil society.

Industry – European companies, SMEs and national and European industrial associations.

Additional stakeholders that will be addressed in the project include decision makers at MS level to gain political support, public administrations responsible for the roll out of e-ID infrastructure, and the public sector, involving some major public administrations to get buy-in. Furthermore EU countries that may join later, service providers form both the public and private sectors and their portals options for e-ID, academia and research institutions that could further develop the state of the art in cooperation with industry will be addressed. As well as the private sector, STORK’s Industry Group, STORK partners to help them focus on sustainability issues at an early stage of the project need to be involved.


2.3.3.1. What has been achieved The STORK project finished in December 2011, and the Consortium of the project agreed with the Commission that the STORK architectural building blocks were taken, maintained and updated by the ISA programme of the European Commission. This decision was made to bridge the gap until the CEF is in place. The objective of the ISA programme is to assure the sustainability of STORK architectural building blocks for the short-medium term.

STORK 2.0 started in April 2012 to improve some functionalities of the STORK architectural building blocks and include also the private sector to use the architectural building blocks (that is the European e-ID platform). For the time being, the project is in a first stage of development and the Consortium is not in a position to take decisions regarding sustainability of the STORK architectural building blocks, as their first deliverable regarding this issue is in May 2014.

Approved by EC

37


STORK 2.0 is in the first stage of development: Therefore there is a lot of uncertainty about the take-up of its results. Accordingly this chapter will focus on the findings of the finished STORK project.

As indicated previously, when STORK finished in 2011, the Consortium and the Commission decided to take over its results and maintain them till 2013 under the ISA programme. ISA has launched an Action in its Work Programme of 2013 to ensure the sustainability of STORK QAA Model, the common specifications and the common code in the short to medium term beyond the end of the project (until 2015). The action’s main goal is to bridge the gap until the CEF is in place as a programme to make all LSP building blocks sustainable and to facilitate the industrialisation of them.

The Action, that has a budget of €990.000, will address various legal and organisational barriers to the widespread implementation of STORK, supported by analysis of significant business cases and applications.

Among the activities considered in the Action are the upgrade and the maintenance of the software modules and the support of common functionalities of the cross-border infrastructure as well as architectural issues.

The main objective is to support the implementation of a system for the recognition of e-IDs and authentication that is interoperable across the EU, enabling businesses, citizens and government employees to use their national e-IDs in any EU Member State.

The benefits of the Action will be:

provide a suite of tested Common Specifications for e-IDs agreed to by a majority of EU Member States.

make specifications and support available to all Member States, even those who did not participate in STORK;

promote exploitation and potential hook up of new applications through an operational European e-ID infrastructure based on state-of-the-art open technology;

strategic contribution to the ambitions of the Digital Agenda for Europe;

enable access of private sector to an open suite of e-ID specifications

This Action is coordinated closely with other relevant studies, such as for example the ECAS/STORK project initiated by the European Commission’s Informatics Directorate-General (DG DIGIT) to ensure that duplication will be avoided, while maximising complementarity.

A key consideration will be updating STORK’s Common Specifications (CS) and the Quality Authentication Assurance (QAA) model. Together with the upgrading and maintenance of reference software modules, this will ensure that Member States can reuse STORK modules and upgrade national e-ID infrastructure in accordance with developments.

This Action is not finished, so there is not an official position on how the STORK infrastructure will be maintained in the future/ for medium-term. However, it seems that the governance structure (still under discussion) will be materialised with the participation of the MS representatives in a "technical committee". The main goal of this technical committee would be to take the necessary technical, operational and strategic decisions in order to guarantee that STORK services can be provided in a smooth, interoperable, sustainable and secure way. This committee will also supervise and follow-up the updates to the common specifications developed within STORK.

This way, the European Commission will be responsible for the governance and for the maintenance of STORK building blocks in the short to medium term.

http://ec.europa.eu/isa/actions/01-trusted-information-exchange/1-5action_en.htm




Approved by EC

38

ISA action for STORK short-term sustainability would provide the technical support to the MS for the building blocks and reference implementation for the PEPS and VIDP architectures, which are explained in the glossary of this document. However, second level support should be provided by the MS STORK teams to the persons in charge of running the local STORK infrastructures: S-PEPS/S-VIDP, C-PEPS/C-VIDP and national e-ID and AP infrastructures.

Allied to this Action of sustainability of STORK the future regulation on eIDAS51 will provide the legal basis for the mutual recognition of foreign e-ID credentials and for the provision of cross-border e-ID services like STORK. But until the new regulation is in force, the ISA Action will explore the possibility of using some agreements between the Member States to formalise the circle of trust to tackle of the matter describe before, and therefore enable the operation of STORK services in production.

For the mid and also long-term – within the CEF and beyond - there are no formal decisions on the governance structure of STORK yet. It is possible that future alignment about the following arrangements is necessary:

Reference to minimum technical requirements related to the identity assurance (QAA) levels;

A mapping of national identity assurance levels of notified national electronic identification schemes;

Reference to minimum technical requirements for interoperability;

Rules of procedure like dispute resolution and harmonizing supervision and certification;

Updating of relevant technological standards.

2.3.4. Conclusion The e-SENS WP3 team has gathered feedback from participants of STORK and STORK 2.0 regarding the governance structure that proposes to assure the sustainability of the building blocks developed in these projects in the short term.

In order to identify an appropriate governance structure for the STORK, it is necessary to know some main factors of the STORK project. On one hand, most of the authoritative sources of this data are in governance administrations. On the other hand, the data managed in STORK is very sensitive. Therefore, it needs to be avoided that a future governance structure will be completely managed by the private sector. Among the Deloitte proposals for a governance scenario a DG Programme, and Agency or a NPO created by the EC, are considered appropriate in order to ensure the sustainability of the STORK results.

As it has been indicated, for the short term a governance scenario is already in place. The Directorate General for Informatics (DIGIT) is now in charge of the results of STORK, and defining a more concrete governance structure to take into account the Member States, which shall have a quite prominent role in the decision-taking process. This scenario was proposed directly by the Commission, so it was not necessary to consider other ways to assure the sustainability or the advantages or disadvantages of each model.

Regarding the long-term (beyond 2020), experts have been consulted. For the time being it is not possible to give a concrete statement about a long-term governance scenario since Member States, including the STORK 2.0 participants, are waiting for the finalisation of the regulation on eIDAS. This

51 A proposal for a Regulation “on electronic identification and trusted services for electronic transactions in the internal market” was adopted by the Commission on 4

th June 2012 and is currently under discussion.

Approved by EC

39

regulation will provide the legal basis for the mutual recognition of foreign e-ID credentials and for the provision of cross-border e-ID services based on STORK, and will define the basic steps for further adoption of the e-ID solution to access public services. A future governance structure regarding the e-ID building block will largely depend on its outcome.

Similarly to the adopted governance scenario for STORK, the STORK 2.0 Consortium has created a decision making body called “Member State Council”, which is composed of one representative per Member State. The Commission has an observing role in this council. As for STORK, it is expected that ISA will take charge of the results for its maintenance in short term.

It is evident that several stakeholder groups would be interested in the development of the e-ID solution. Therefore the industry must be quite well informed about the decisions, which will be made.

Strategic oversight, regulatory aspects and the operation of the developed components should be addressed in a centralised way in a future governance structure. The handling of the technological aspects should be done in a centralised way combined with the involvement of national entities. For example, the software code is open software so it should be centralised in one organisation and enhance by the software community. However, each country should be in charge of the technological part necessary to connect with the national gateway. The marketing activities should be realised in a national environment so in a distributed way.

Finally, when looking at the best governance structure for the complete set of e-SENS components, the experts consider that, given the different maturity and sensitivity of the different areas the best option would be a mixture of the governance scenario proposed by Deloitte. For example, as mentioned before the e-ID building block involves the processing of personal and sensitive data, so a governance structure is necessary, where the Commission and the Member States co-decide the strategy. For e-Document or e-Signature, as no personal data is stored, it could be governed by the private sector under the control of a regular regulatory body.

2.4. epSOS/e-Health

2.4.1. Overview epSOS is a Large Scale Pilot that operates within a complex policy background and focuses on cross border e-Health services for mobile EU citizens. The aim of epSOS (European Patient Smart Open Services (duration: 01.07.2008-30.06.2014) is to support patient mobility across Europe in line with the requirements of the European Directive “on the application of patients’ rights in cross-border healthcare”52.

These rights for the mobility of patients and healthcare workers have highlighted the need to share health records across national boundaries. In most cases it is hard enough to exchange patient data from one hospital to another or even from one doctor to another: how can you safely exchange patient information across borders, in different languages, across multiple systems and domains?

This was the challenge firstly addressed by Member States53 and then jointly supported together with the European Commission when it issued a call for co-funding a Large Scale Pilot to provide concrete cross-border services that might ensure safe, secure, and efficient medical treatment for citizens when travelling across Europe. Two specific areas were identified: a shared patient summary

52 DIRECTIVE 2011/24/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 9 March 2011 on the application of patients‘ rights in cross-border healthcare. 53

Through the i2010 subgroup on eHealth.

Approved by EC

40

for EU citizens and an e-Prescription service (including e-Dispensing). epSOS focuses on improving the medical treatment of citizens while abroad by providing health professionals with the necessary patient data. The following epSOS Services are in pilot operation since April 2012:

Patient Summary: access to important clinical data for the treatment of patients;

Cross-border use of Electronic Prescriptions ("e-Prescription" or "e-Medication" systems).

The following epSOS Services are planned to be in pilot operation by December 2013:

Patient access to data: provide patients with access to their patient summary translated into an epSOS language;

Health Care Encounter Report: new medical information generated in the Country of treatment are sent to the Country of affiliation;

Medication Related Overview: relevant information for a safe dispensation is made available to the pharmacist in the Country of treatment.

During the first phase of its development epSOS focused on demonstrating this concept around the common implementation of two such cross-border use cases, addressing in parallel all interoperability levels: political and legal, organisational, semantic and technical. epSOS has also focused on EU wide solutions rather than bilateral service piloting. This was achieved within the constraints of existing e-Health systems in the participating nations. While epSOS has not and will not impose changes to existing national legal and regulatory frameworks neither interfere with the pre-existing e-Health policies of the MS procedures and infrastructures, the project is implemented on the basis of common Interoperability Agreements54 as a first step to recommendations for long term deployment.

epSOS main outcomes have been so far the development of a proof-of-concept standards-based semantic and technical specification and a platform, as well as the legal agreements that enable the use of this platform for carrying out the pilots. The latter have been incorporated in national contracts in countries participating in the pilot in parallel with work on organisational interoperability challenges. epSOS has also largely influenced the Recommendations of the Common CALLIOPE EU e-Health Interoperability Roadmap55.

The epSOS implementation is happening at a time of important EU policy developments which must be fully addressed by the project. Firstly, the “Directive on Patients’ Rights” (Directive 2011/24/EU) to cross-border healthcare (its transposition into national legislation is due by October 2013) creates conditions of increased legal certainty on patients’ rights to reimbursable cross border care and it provides clear directions of how major legal barriers (as for example recognition of e-Prescriptions) should be addressed.

54 Deployment of epSOS and incorporation of the epSOS services into the national infrastructures and e-Health services will require Agreements between national governments. epSOS will pursue such Agreement through the voluntary network on e-Health provided for in Article 14 of the Cross Border Directive and the supporting e-Health Governance Initiative. This Agreement may take the form of a MoU, an Interoperability Agreement under the European Interoperability Framework or any other appropriate legal instrument of sufficient strength to allow routine operation of services in full legal certainty. 55

For more information: www.calliope-network.eu

http://www.calliope-network.eu/

Approved by EC

41

At the same time, the voluntary Article 14 Network56 is now established with a foreseen support mechanism expressed by the “e-Health Governance Initiative” (eHGI)57. This Network will provide the forum for commitments of MS around major decisions directly related to epSOS such as data sets for patient summaries and e-ID management.

On one hand, epSOS has reached agreements on common policies, their implementation, audit and monitoring which have then been substantiated in national level legally binding contracts. For this purpose, epSOS has drawn up a Framework Agreement blue print document. The Framework Agreement (FWA) has been localised in the form of national level contracts in the piloting participating nations which are a pre-requisite to engagement in the pilots. The use of a common FWA establishes the epSOS Trusted Domain amongst National Contact Points (NCPs). This domain is considered to be an extension beyond national or regional territories where epSOS services are physically provided.

On the other hand, epSOS, while concentrated on cross-border access to patient summaries and prescriptions, has encountered challenges that cannot be addressed within the restricted health sector. Such areas identified but not to be implemented under epSOS include: e-ID, privacy, updating records with new information created in the country of treatment, exchange digitally signed documents, reimbursement of e-Health services.

2.4.1.1. Relation between epSOS/e-Health and e-SENS Health systems face growing demand to improve the quality, safety, equity and access to health care services and sustainability of healthcare systems at a time of significant financial constraint. The use cases of e-Prescription and Patient Summaries are kernel domains. Common ground but also solutions from projects of more generic eGovernment domains are needed, but these challenges are not addressed in epSOS. Therefore epSOS is and will remain an LSP focusing exclusively on the “pure” health domain. e-SENS should be regarded as an LSP presenting an opportunity for “e-Health meeting eGovernment”. Cross-sectoral challenges identified but not addressed by epSOS should be considered in e-SENS to build upon this already agreed process.

epSOS can draw to some extent on the achievements of other LSPs, e.g. on STORK for e-ID, PEPPOL for e-Signatures, and SPOCS for e-Delivery. However, it also has some specific legal issues that are not yet substantially influenced by existing LSP outputs.

2.4.2. Community and Stakeholders The epSOS project counts now 45 Beneficiaries consisting of national and regional Ministries of Health, competence centres and agencies at national and regional level and a Consortium of Industries (the Industry Team, represented by IHE Europe) with a comprehensive involvement of 22

56

Article 14(1) of the Directive 2011/24/EC specifies that “the Union shall support and facilitate cooperation … among Member States with a voluntary network connecting national authorities responsible for eHealth designated by the Member States.” 57

For more information: www.ehgi.eu

http://www.ehgi.eu/

Approved by EC

42

EU Member States and 3 non-EU countries58. On one hand, the commitment of MS is a key factor to ensure the effective provision of cross-border e-Health services. On the other hand, more than 40 companies providing services, expertise and knowledge in the e-Health market59 - ranging from small enterprises to large multinationals - contribute with their knowledge and expertise to the project in the epSOS Industry Team. The epSOS Industry Team is a setting where companies are offered the opportunity to expand their professional networks, help drive e-Health in Europe forward, and create business opportunities. New industries and vendors can join the team by accessing the “Memorandum of Understanding” that rules non-disclosure and intellectual property rights and commit a minimum input in terms of expertise, knowledge and/or services that will benefit epSOS. Furthermore, the above mentioned Article 14 Network, e-Health Network of national authorities responsible for e-Health designated by the MS - whose activity is facilitated by DG SANCO - is definitively a major stakeholder, crucial for the e-Health cross-border governance. Finally, the services providers such as hospitals, health professionals and pharmacies play a vital role as for agreeing on possible e-Health governance model.


2.4.3.1. What has been achieved After more than five years epSOS is expected to conclude its operations, as an LSP partially funded by the EU and the MS, in June 2014.

All policy and strategy decisions, including those concerning sustainability plans and possible governance structures for future take-up and continuation of the epSOS services after the end of the funding phase, are taken at the level of the Project Steering Board (PSB). This board is composed of representatives of Participating Nations health authorities. PSB decisions are prepared within the "Policy and Strategy" work package of the epSOS project where all the project functions are represented (co-ordination, technical, administrative). The considerations envisaged in this paragraph are the preliminary result of a debate which is taking place within the epSOS project in consideration of a background of project released deliverables and PSB decisions.

The epSOS approach to sustainability is still in progress and the consideration that setting up a sustainable epSOS Community requires focus on different sustainability dimensions is being taken into account.

epSOS is engaged in a comprehensive analysis of the requirements for sustainability of cross-border services in each of its domains of activities leading collectively to interoperable and sustainable solutions. Now the challenge is to achieve results in line with these recommendations (addressing business, governance, marketing & recruitment, semantic, ICT and financial sustainability) towards large scale deployment of cross-border services. Furthermore, the epSOS services need to demonstrate that they can expand within a collaborative governance structure that will allow exploitation of existing info-structure assets developed inside and outside epSOS and made freely available.

Cross-border e-Health services will form the health related focus of the CEF/Ten-Tele Regulation. epSOS is not the only project concerned and transferable assets from other projects, other than LSPs,

58

Austria, Belgium, Croatia, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Italy, Luxembourg, Malta, Norway, Poland, Portugal, Slovenia , Slovakia, Spain, Sweden, Switzerland, The Netherlands, Turkey, United Kingdom. 59

For more information: http://www.epsos.eu/home/project-members-beneficiaries/industry-team.html.

Approved by EC

43

towards the provision of such services are also relevant; what merits transfer is what is “ready” for deployment in terms of usability and maturity.

In the specific cross-border e-Health sector, maintaining and sustaining key achievements such as the establishment of an operational infrastructure based on National Contact Points (NCPs), also includes setting up NCPs in further MSs (as part of the governance concept).

Finally, the approach to sustainability has been covered in the five components of the “European Interoperability Framework”60: technical sustainability, semantic sustainability, legal sustainability, organisational sustainability and governance sustainability. The first three of these sustainability components are further elaborated in e-SENS D3.3 “Report on the integrated view of LSP strategies”, the following section will focus on the governance sustainability of epSOS/e-Health and especially on the organisational aspects of a possible sustainability governance structure.


In general, epSOS is facing stronger privacy and data protection concerns than other LSPs, due to the processing of sensitive (health-related) personal data. This concern implies that all stakeholders relying on epSOS (e.g. individual doctors and hospitals) need to apply stringent security requirements. These are developed within epSOS and applied through the adoption, at national level, of the epSOS Framework Agreement. However, in the longer run, a more generic governance mechanism for the emerging e-Health Network may be necessary. To allow a smooth continuation of e-Health cross-border services, at least the following elements should be considered:

The open co-ordination and voluntary co-operation on certain aspects of National HealthCare Systems independently from epSOS Grant Agreement and Consortium Agreement,

The adoption of the Directive 2011/24/EU (with specific regard to Art.11 and 14) and

The extension of the Privacy Information Notice / Patient’s Consent out of epSOS data treatment purposes.

Organisational aspects fundamental to the establishment of the e-Health cross-border interoperability service, such as the need of central services to manage the National Contact Point configuration and VPN creation, the management and distribution of the terminologies, the change management and ticket support service, have to be addressed in the short term.

Furthermore, semantic represents an additional challenge for cross-border e-Health.

All the above considered, for the short term (now until the end 2015), the most appropriate governance scenario for the sustainability of the results of the e-Health LSP/domain could be that MS continue with their voluntary maintenance of the legal agreements and assets by MS. However, as this entails maintenance of central EU level components and governance structures, additional support from EU funding schemes (DG Programme), would be needed. MS could continue the large-scale operation as part of their participation in relevant projects which can act as follow up of epSOS and establish their interoperability on the existence of epSOS services adopting adequate processes. In this perspective some new EU funded projects such as the following have been established:

60

For more information about EIF: http://ec.europa.eu/idabc/en/document/2319/5644.html.

Approved by EC

44

• Semantic HealthNet: definition of a Sustainable Semantic Interoperability Virtual Organisation – SSI-VO61;

• EXPAND: “Expanding Health Data Interoperability Services” for e-Health assets maintenance and distribution;

• ANTILOPE: e-Health asset testing strategies62; • Multi-Stakeholder Platform Initiative; • Trillium Bridge: EU-US patient summary interoperability

In medium-long term perspective (2015-2020 and beyond) the most viable governance structure should foresee an EU mechanism and MS co-decision with industry and the private sector advises, being also self-regulated and pro-active through platforms like the IHE, Continua, HL7 etc. which are of great importance since they represent settings where government and non-government agencies, standards development organizations, vendors and business developers, healthcare providers and organisations converge on interoperable health solutions. This structure is particularly suitable for specifications and semantic assets. However, any governance structure expecting a sharing mechanism of decision making powers needs to be discussed within the eHealth Network (Art. 14 Directive 2011/24/EU) which is the ultimate forum grouping the national authorities responsible for eHealth cross-border governance designated by the MS.

Finally, it is fairly to point out that, from an e-Health domain viewpoint, any governance model to be designed and proposed for consideration in the framework of the e-SENS project should accommodate sector specific considerations.

2.4.4. Conclusion The epSOS sustainability strategy is still under definition. It currently focuses on conditions needed to make the epSOS services “surviving” after the project formal closure and on those that should guide the sustainability of the services.

While sustainability deals implicitly with the concept of “cost of maintenance alive”, survivability is meant as the possibility of the epSOS services to be provided after the end of the operation. This concept is different from the former, in the sense that it is considered as a short term impediment to continue piloting.

Both dimensions are addressed under different levels (such as legal & organisational, semantic and technical). The on-going discussions within epSOS and amongst the National e-Health authorities leave room for further investigations and evaluations also considering the opportunity to complement and bridge the CEF.

2.5. e-CODEX/ e-Justice

2.5.1. Overview e-CODEX is an abbreviation for “e-Justice Communication via Online Data EXchange” and aims at improving the cross-border access of citizens and businesses to legal means, e.g. information on laws and procedures in other European countries. Furthermore e-CODEX seeks to improve the

61 For more information: http://www.semantichealthnet.eu/index.cfm/news/ 62

For more Information: http://www.antilope-project.eu/

Approved by EC

45

interoperability between legal authorities within the EU. The LSP was launched in December 2010 and aims at establishing an interoperability layer for e-Justice communication and develops technical solutions which facilitate the digital exchange of legal information between judicial authorities within the EU. Taking the above into account and through enabling the creation of a safe environment for different user-groups, who have access to a wide range of legal services across Europe, e-CODEX contributes to the realisation of the European Digital Single Market.

e-CODEX is building upon national solutions and ensures that, in due respect of subsidiarity and separation of power, Member States can connect to the European e-Justice Portal, which includes the further development of this central tool in the context of e-Justice. 63

The e-CODEX solutions (e-Delivery, e-Signature, e-Payment, e-ID management, e-Documents) are used in several different pilots. e-CODEX defines different pilots from the area of cross-border civil justice and cross-border criminal justice. These pilots are delivering real-life electronic services, which will facilitate cross-border legal procedures64, such as:

European Payment Order (area civil justice) based on Regulation (EC) No 1896/2006 of the European Parliament 65;

Small claims (area civil justice) based on Regulation (EC) No 861/2007 of the European Parliament;66

Secure cross-border exchange of sensitive judicial data (area criminal justice) based for instance on Framework Decision 2003/577/JHA, 2006/783/JHA, 2002/475/JHA and Directive 2005/60/CE;67

European Arrest Warrant (area criminal justice) based on Council Framework Decision 2002/584/JHA of 13 June 2002;68

Mutual Recognition of financial penalties (area criminal justice) based on Framework Decision 2005/214/JHA of 24 February 2005;69

Through the extension of e-CODEX until 2015 the number of pilots might be increased, allied to this, a new pilot is planned in the area of Business Register Interconnection.

2.5.1.1. Relation between e-CODEX/e-Justice and e-SENS Sustainability is an on-going question throughout the lifetime of e-CODEX. D1.7 “Sustainability Plan” of e-CODEX already describes the first steps and possible solutions in order to maintain the technical

63 e-CODEX D1.7 „Sustainability Plan“, S. 18 (not published) 64 For more Information about the e-CODEX piloting: http://www.e-CODEX.eu/pilots.html. 65 ePayment for EU companies, institutions and legal professionals, will enable electronic cross-border filing to the competent court in another piloting MS, by connecting the respective national filing systems via e-CODEX solutions. EU citizens will fill the application-form for an European order for payment and to submit directly in electronic format to the competent court in a Member State participating in the pilot. 66 The pilot will make small claims simpler and faster, removing existing barriers in cross-border legal disputes. 67 The pilot will provide judicial authorities with the ability to transmit any kind of judicial documents or information between judicial authorities in different EU countries, provided that certain conditions as to the legibility and reliability of the document received are observed. 68 The pilot will focus on the electronic transmission of the arrest warrant and exchanges between the issuing and the executing authority. 69

The pilot indicates the digitization of documents to exchange legal information between EU-countries.

Approved by EC

46

components after the expiration of the Large Scale Pilot. A key success factor, which has been identified to ensure the sustainability of the results of e-CODEX, is the current Large Scale Pilot e-SENS.

The technical solutions, which will be developed in e-SENS WP6 (e.g. e-Signature, e-Identity, e-Delivery and e-Documents are relevant in the legal area) and possibly piloted in the e-Justice domain shall facilitate the creation of a European judicial area and will respect the “Multi Annual European e-Justice Action Plan 2009-2013”70 and the “Strategy toward a European e-Justice”71. e-SENS and especially the e-Justice domain will build upon the results of e-CODEX and will “identify more specific demands of potential users of electronically available legal procedures”72 and might extent the piloting activities to additional areas (e.g. family law, administrative law etc.).

Nonetheless, prior to e-SENS’s role in extending or enhancing the solutions developed, e-CODEX must establish an update of the sustainability plan in light of its extension and the insights derived from the piloting phase. Furthermore, a final sustainability plan will identify the clear needs in terms of maintenance, consolidation and extension of the solutions in readiness for e-SENS to take over and incorporate into the consolidation of solutions. In other words, e-CODEX is to some extent, expected to answer some of the challenges posed by its sustainability, so this can be acted on by e-SENS in due time.

2.5.2. Community and Stakeholders Partners from 20 countries, being or representing their national ministries of justice, CCBE, CNUE and ETSI are participating in e-CODEX. Different Directorate Generals (DG’s) are also involved in e-CODEX, namely DG Justice73, DG CONNECT, DG Digit74 and DG Markt75.

e-CODEX and also the e-Justice domain address different stakeholders. Stakeholders are defined as “people or organisations that are concerned about, affected by, have a vested interest in, or are in some way with the issue addressed”76 by the pilots of e-CODEX and the e-Justice domain.

The stakeholder groups can benefit from the LSP or domain results. Furthermore their feedback, requirements and needs can be taken into account by addressing and consulting these groups. This will support the improvement of the project processes and products. e-CODEX and the e-Justice domain are focusing on the following stakeholder groups:

Legal community

The legal community is mainly formed by lawyers, notaries, bailiffs, judges/courts and EUROJUST. These stakeholders are able to disseminate the information about the legal area and support the usage of legal e-Services by European citizens.77

70 Multi-Annual European e-Justice Action Plan 2009-2013 (2009/C 75/01) 71 Communication from the Commission to the Council, the European Parliament and the European Economic and Social Committee: Towards a European e-Justice Strategy (COM(2008)329 final) 72

e-SENS, Technical Annex, WP5.3:e-Justice Piloting S. 102. 73 DG Justice is responsible for the European e-Justice Portal. This portal is being enabled to communicate through the e-CODEX platform. 74

DG Digit is responsible for the technical tasks, which need to be carried regarding the e-CODEX platform. 75

DG Markt decisions regarding the Interconnection of Business Registers will have an impact on the e-CODEX platform. 76 For more information: http://www.e-CODEX.eu/stakeholders.html. 77

For more information: http://www.e-CODEX.eu/stakeholders/legal-community.html.

Approved by EC

47

European citizens

Through the development of different solutions e-CODEX is simplifying the access of citizens to legal information within the European Union, e.g. information on laws and procedures in other European countries. e-CODEX is supporting citizens in using cross-border legal procedures. The solutions developed within e-CODEX are to enhance user-friendliness and address linguistic challenges/semantics and support the identification of potential legal professionals and courts, who will approach legal issues and claims78.

IT-Industry

The involvement of the IT industry is crucial for LSPs like e-CODEX and also for the e-Justice domain since they can benefit from the knowledge and experience of the IT industry partners. The IT industry can help improving processes, may provide technical support in delivering innovative products and technology for electronic cross-border legal procedures. The IT industry may play an important role regarding the maintenance of the technical solutions and future sustainability.79

Standardisation bodies

Standardisation organisations like OASIS and ETSI provide expertise for the building blocks, services and good practice and might also play a role in the future take up and maintenance of the technical solutions developed by e-CODEX and piloted in the e-Justice domain. The involvement of the standardisation organisations facilitates the efficiency and effectiveness of the results of e-CODEX/e-Justice.80


2.5.3.1. What has been achieved The Amsterdam Treaty, which entered into force 1999, paved the way towards a European area of justice, in which the mutual recognition of judicial decisions, a stronger cooperation between the national legal authorities and the free movement of citizens within Europe is and was facilitated.81 It was acknowledged that information and communication technologies support the strengthening of the European area of justice and the implementation of e-Justice services:

“’e-Justice’ represents an initial response to the threefold need to improve access to justice, cooperation between legal authorities and the effectiveness of the justice system itself.” (Towards a European e-Justice Strategy)

In this respect the European Commission launched different initiatives to support the usage of ICT in the European area of justice, namely the “European e-Justice action plan” and the associated establishment of the “European e-Justice portal” and the EC paper “Towards a European e-Justice Strategy”.82 Accordingly the LSP e-CODEX was launched in order to develop technical solutions, which facilitate interoperability and which enable cross-border communication and information exchange.

78

For more information: http://www.e-CODEX.eu/stakeholders/citizens.html. 79 For more information: http://www.e-CODEX.eu/stakeholders/it-industry.html. 80

For more information: http://www.e-CODEX.eu/stakeholders/standard-bodies.html. 81 Communication from the Commission to the Council, the European Parliament and the European Economic and Social Committee: Towards a European e-Justice Strategy (COM(2008)329 final), page 2 82

e-CODEX D1.7 “Sustainability Plan”, p. 18 (not published)

Approved by EC

48

It is important to sustain and maintain the results developed by e-CODEX after the expiration of the project. Thus a “Sustainability Plan” was created in order to describe possible sustainability activities. The sustainability plan refers to the Poznan Ministerial e-Government Conference in November 2011, which addressed the question of sustainability of LSPs and agreed upon policy objectives to ensure the sustainability of the building blocks of the different LSPs. Furthermore this deliverable points out the different interoperability layers, which are defined in the “European Interoperability Framework” (EIF): legal, organisational, semantic and technical interoperability, which need to be taken into account when looking at sustainability.83 The e-CODEX “Sustainability Plan” focuses on organisational or operational aspects and on organisational governance aspects such as the involvement of different stakeholder, the decision-making process etc. That means: how and whom will be maintaining the services and components of e-CODEX? Who will be involved in the decision-making process? The deliverable describes possible scenarios on a high-level. The present chapter will pick up these ideas, but will not give an overall and detailed description of possible sustainability governance scenarios, since the sustainability question within e-CODEX is still under discussion. Nevertheless, the sustainability ideas of e-CODEX and the work which is carried out by e-SENS WP3 will give an idea about the future sustainability aspects concerning e-SENS and the e-Justice domain.


The current “Sustainability Plan” of e-CODEX describes four possible governance scenarios, which give an idea about a future sustainability structure84:

1. It is imaginable that the European Commission will become responsible for the operational management and the maintenance of the technical solutions and for the enhancement of the service. (advantage: funding is guaranteed, cross-sectoral interests are respected/ disadvantage: little or no influence of the MS)

2. The maintenance and further development of the solutions can be ensured through a Consortium of Member States. (advantage: strong influence of MS/ disadvantage: complexity of decision-making process)

3. Another possible scenario is that the e-CODEX Consortium may select one Member State, which will host and maintain the e-CODEX solution. (advantage: independency on external funding/ disadvantage: difficulties in establishing an monitoring and control)

4. The maintenance may be ensured by a third party (e.g. private sector, commercial).

In different timeframes (short, medium and long term) different possible governance structures, which ensure the sustainability of the results of e-SENS, could be established.

In accordance to the surveyed experts a DG Programme and an Agency are the most viable scenarios in order to sustain and maintain the e-CODEX results.

The DG Programme, which will be run by the DGs, could be established in short term. This will guarantee the funding, which is needed to sustain and maintain the solutions developed by e-CODEX. Current e-CODEX participants might play a role during the runtime phase. However, the role of the Member States will be weak since the EC, representing the European Union, will be the exclusive decision making body after the programme was created and other stakeholders, e.g. the Member

83 e-CODEX D1.7 „Sustainability Plan“, p.15ff. (not published) 84

e-CODEX D1.7 „Sustainability Plan“, p. 20 (not published)

Approved by EC

49

States will just be consulted. Since the field of justice belongs besides others to the shared competences (Art. 4 paragraph j of the TFEU) the Member States need to have a more prominent role. Furthermore, there have been a number of initiatives in the e-Justice area on national level that indicate e.g. the setting up of fully electronic procedures. For the sake of exchange of best practice the involvement of the Member States is a logical consequence.

For the medium term and maybe long term an Agency85 could be established. In an Agency, all or some of the Member States will have a more prominent role since they can co-decide (together with the EC) on different aspects, which ensures their effective influence on the governance of the solutions. An Agency will ensure the involvement of other stakeholders as well, which represent the judicial domain, e.g. CCBE, CNUE, standardisation organisations, the ICT industry. Furthermore research and knowledge institutions could be consulted or at least informed. In Federal States even the involvement of the regions will be necessary, since the implementation of the e-CODEX solutions will happen on regional level as well. Through the consultation and information of these stakeholders their needs and requirements can be taken into account and more transparency is possible.

Looking at the governance of the e-CODEX results different aspects needs to be taken into consideration. Some components need to be maintained at European or central level, others on national level. Some components of the e-CODEX transport infrastructure might be centrally hosted, e.g. gateway authentication via TSL or PKI. Furthermore XML schemata might be maintained centrally through an Agency. Furthermore, the European Commission is already running the European e-Justice Portal as an additional component that is connected to the e-CODEX infrastructure.86

Other components, such as the e-CODEX gateways and the national adapters, which connect the national solutions to the overall e-CODEX transport infrastructure, will be maintained through computing centres within and under the control of Ministries of Justice of the Member States. Furthermore software, which is used within the courts (such as case management systems) will be entirely controlled and maintained by the Member States as well.87

It even is possible that other components, such as the transport protocol might be adopted and maintained by private vendors (e.g. provider of software for legal professionals), which could create documents according to the e-CODEX specifications, which again might be connected through the existing national adapters to the e-CODEX infrastructure. However, the take-up of the solutions by the IT industry and specifically by the private vendors will only be realistic, when it is profitable for them and a market is established.

2.5.4. Conclusion Regarding the sustainability of the results of e-CODEX and in the long-run of the e-Justice domain different aspects need to be considered, namely legal aspects, financial aspects, semantic aspects, technical aspects and organisational aspects. Some components are run decentralised within the Member States and Associated Countries, therefore maintenance will be to a large extent the responsibility of the Member States and Associated Countries. However, governance may be to some extend centralised.

85

The creation of an Agency, as a work infrastructure, was already considered in the “European e-Justice action plan” on page C75/4 (2009/C 75/01) 86 e-CODEX D1.7 „Sustainability Plan“, p.23ff.(not published) 87

e-CODEX D1.7 „Sustainability Plan“, p. 27 (not published)

Approved by EC

50

e-CODEX is currently updating its “Sustainability Plan”. It will focus on actions that can already be carried out during the lifetime of the project and on the definitions of success factors.

The on-going sustainability discussions within e-CODEX leave room for further investigations and evaluation.

Approved by EC

51

3. Commonalities of the different LSPs/domains on Organisational Governance Aspects

The investigation of the purposes, ideas and plans currently considered at LSP level reveals the complexity of the issues and reflects – in some cases – the discussion, which is still in progress.

The main question to which the deliverable should answer is: What type of governance body respectively structure is needed to ensure the sustainability of the e-SENS results?

Based on the evidence presented in this document, any definitive conclusion or proposal would, at this stage, be premature as they could not be supported by any robust finding due to the following:

The different levels of maturity of the LSPs sustainability strategies

The on-going discussion within e-SENS, about the alignment of AB-DB-WP3 on governance and sustainability

The still insufficient information regarding the acceptance and functioning of the CEF/ Ten-Tele Regulation

However, in light of the findings gained from the deliverable, some commonalities (common orientations) amongst different projects and domains regarding governance aspects can be identified.

A future governance structure should consider, at the very least, the following elements:

- Central role of the public administrations and clear definition of responsibilities at any level (EU, National, Regional administrations, competence centres, agencies etc.): Public services of general interest must be regulated, governed and supervised by public authorities. This does not mean that the governance structure should be centralised, but that the implementation and sustainability of cross-border public services cannot abstract from the coordinated action of the competent authorities and their leading political commitment.

- Stakeholders/Users involvement: A user-stakeholder driven approach in designing the future governance structure should be preserved in order to ensure the acceptability of the cross- border services and an effective decision making process.

- Market take-up oriented model: Technical solutions developed by the LSP and offered to the attention of the decision making level needs, for their maintenance and take up, a governance structure qualified by the engagement of the private sector (self-regulated and pro-active), who is committed to the sustainability of the cross-border services.

- Addressing standardisation issues: A major strand for the sustainability of the cross-border services is the standardisation component which should be involved in the governance structure for ensuring the reliability of the services.

- Considering domain/sector-specific vs. more generic (non-sector-specific) requirements: There is a natural hierarchy between the generic components, like the high-level building blocks which will be assessed in e-SENS Work Package 3.2 vis-à-vis the more sector specific components, simply because any adjustment of a high-level building block will affect all domains. Therefore, on the short term, domains should be given the opportunity to influence

Approved by EC

52

any change to generic components that have repercussions to their domain, which needs to be reflected in the eventual governance structure. On the long term, however, it is expected that any change of a generic component will be handled in domains as any ordinary update which should have little effect on domain related components. From the beginning, the distinction between domain specific and non-sector specific should be crystal clear for all stakeholders.

Future governance structures under consideration by the LSPs cover a range of schemes which balance, with different weight, the role of private and public sector waving from a co-leading up to an advise role of the former. Any proposed governance scenario for the sustainability of the cross-border services should be finally accommodated to sector specific considerations.

Finally a LSPs/domain common view seems to be consolidated at this stage of the analysis on the governance aspects. This considers that in the short term a DG Programme solution could be the most effective while in the medium-long term a solution based on an authority (such as an Agency) expression of strong political commitment should be appropriate.

Approved by EC

53

Conclusion The sustainability of the results of e-SENS is an important issue, which the project will address during its lifetime. That implies the clear identification of what needs to be sustained and maintained and in which organisational method this is materialised. This document gives the reader a first impression about future governance structure, which will ensure the sustainability of the results of e-SENS.

The current Task 3.5 team investigated the opinions of the previous LSPs and the associated domains within e-SENS on governance sustainability respectively organisational governance aspects and merged the different views. Furthermore, feedback from the members of the Architectural and Domain Boards was received regarding the first findings. In order to get a first idea on how a future governance structure will look like, common means and requirements of the different LSPs/domains were identified, such as the involvement of different entities in a future governance structure, e.g. the European Commission, the Member States and other stakeholders (e.g. the private sector as well as standardisation organisations or Associated Countries). The investigation of the commonalities revealed a complex landscape, where different requirements need to be taken into account, some of them are more generic, whereas others are more sector/domain-specific. In this respect an overarching organisation for coordination and funding is a serious option regarding a future governance structure. All domains seem to welcome additional guidance in particular for the generic components from such an organisation. Furthermore, a future governance structure needs to facilitate the take-up of the technical solutions developed by e-SENS and strongly involve the different user community. Another topic which needs to be considered is global standards and the involvement of standardisation organisation, which shall play a role in a future governance structure.

A future task of WP3 Task 3.5 will be the evaluation of clear responsibilities and tasks of the different stakeholders (public and private) at different levels (local, regional, national, European, global). Furthermore different parameters need to be defined (e.g. funding) in order to get a more detailed description of a future governance structure. In addition, the “Connecting Europe Facility” respectively the Ten-Tele Regulation will play a major role in future activities of Task 3.5. In this respect the results of D3.4 “Preliminary proposal for a governance body” form the basis for further investigations and elaborations.

Approved by EC

54

I. References

1. Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on

guidelines for trans-European telecommunications networks and repealing Decision No

1336/97/EC: http://eur-

lex.europa.eu/Notice.do?val=728391:cs&lang=en&list=728391:cs,725624:cs,724214:cs,6

93398:cs,691346:cs,688430:cs,688452:cs,688131:cs,687624:cs,687626:cs,&pos=1&page=

1&nbl=452&pgs=10&hwords=&checktexte=checkbox&visu=#texte

2. Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on

electronic identification and trust services for electronic transactions in the internal

market (2012/0146 COD): http://eur-

lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0238:FIN:EN:PDF

3. Information about the European Interoperability Framework for pan-European

eGovernment services: http://ec.europa.eu/idabc/en/document/2319/5644.html

4. Task 1 Report, Deloitte Study on “The feasibility and scenarios for the long-term

sustainability of the Large Scale Pilots, including ‘ex-ante’ evaluation”





7. Final Report, Deloitte Study on “The feasibility and scenarios for the long-term

sustainability of the Large Scale Pilots, including ‘ex-ante’ evaluation”:

http://ec.europa.eu/digital-agenda/en/news/final-report-study-feasibility-and-scenarios-

long-term-sustainability-large-scale-pilots

8. RACI method: http://en.wikipedia.org/wiki/Responsibility_assignment_matrix;

http://www.valuebasedmanagement.net/methods_raci.html

PEPPOL/ e-Procurement

9. PEPPOL website: http://www.peppol.eu/about_peppol

10. OpenPEPPOL Statutes: For more information:

http://www.peppol.eu/about_peppol/openpeppol-statutes

11. Communication from the Commission to the European Parliament, the Council, the

European Economic and Social Committee and the Committee of the Regions:

“STRATEGY FOR e-PROCUREMENT” (COM(2012) 179 final, 20.04.2012): http://eur-


12. PROPOSAL FOR A DIRECTIVE OF THE EUROPEAN PALIAMENT AND OF THE COUNCIL on

public procurement (COM(2011) 896 Final, 20.12.2011): http://eur-



European Economic and Social Committee and the Committee of the Regions: “Single

Market Act II – Together for new growth” (COM(2012) 573 final, 3.10.2012):

http://ec.europa.eu/internal_market/smact/docs/single-market-act2_en.pdf

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0238:FIN:EN:PDF


http://ec.europa.eu/digital-agenda/en/news/final-report-study-feasibility-and-scenarios-long-term-sustainability-large-scale-pilots

http://ec.europa.eu/digital-agenda/en/news/final-report-study-feasibility-and-scenarios-long-term-sustainability-large-scale-pilots

http://www.valuebasedmanagement.net/methods_raci.html

http://www.peppol.eu/about_peppol





Approved by EC

55

SPOCS/ Business Lifecycle

14. Directive 2006/123/EC of the European Parliament and of the Council of 12 December

2006 on services in the internal market: http://eur-

lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32006L0123:EN:NOT


European Economic and Social Committee and the Committee of the Regions: “Single

Market Act II – Together for new growth” (COM(2012) 573 final, 3.10.2012):

http://ec.europa.eu/internal_market/smact/docs/single-market-act2_en.pdf

16. e-SENS D 2.2 Website Deliverable, Section e-SENS & Business Life Cycle (not published

yet)

17. SPOCS D7.13 Sustainability definitions and action plan / SPOCS Project (not published)

18. SPOCS website: http://www.eu-spocs.eu/

19. SPOCS Starter Kit: http://www.eu-spocs-starterkit.eu/

20. Information about EASA: http://easa.europa.eu/frequently-asked-questions.php#what-

is-the-agency

21. http://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2000:013:0012:0020:EN:PDF

22. http://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:376:0036:0068:en:pdf

23. Information about Horizon 2020:

http://ec.europa.eu/research/horizon2020/index_en.cfm?pg=h2020

24. Information about EUGO: http://ec.europa.eu/internal_market/eu-go/index_en.htm

STORK/ STORK 2.0

25. STORK D7.8.3 Final Sustainability Action Plan

26. ISA Work Programme for 2013: ISA Action for STORK sustainability:

http://ec.europa.eu/isa/actions/documents/isa_1.5_stork_sustainability_workprogramm

e.pdf

27. STORK D7.7 Dissemination Plan

28. STORK Overview for new MS

29. STORK website: https://www.eid-

stork.eu/index.php?option=com_frontpage&Itemid=1

30. STORK 2.0 website: https://www.eid-stork2.eu/

31. e-SENS, Technical Annex, WP6.3 Identity, Security and Trust

32. Draft proposal Regulation on e-IDAS: http://ec.europa.eu/digital-

agenda/en/news/draft-regulation-electronic-identification-and-trusted-services-

electronic-transactions-0

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32006L0123:EN:NOT

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32006L0123:EN:NOT

http://www.eu-spocs.eu/

http://www.eu-spocs-starterkit.eu/

http://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2000:013:0012:0020:EN:PDF

http://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:376:0036:0068:en:pdf

http://ec.europa.eu/research/horizon2020/index_en.cfm?pg=h2020

http://ec.europa.eu/internal_market/eu-go/index_en.htm

http://ec.europa.eu/isa/actions/documents/isa_1.5_stork_sustainability_workprogramme.pdf

http://ec.europa.eu/isa/actions/documents/isa_1.5_stork_sustainability_workprogramme.pdf

https://www.eid-stork.eu/index.php?option=com_frontpage&Itemid=1

https://www.eid-stork.eu/index.php?option=com_frontpage&Itemid=1

https://www.eid-stork2.eu/

Approved by EC

56

epSOS/ e-Health

33. epSOS website: http://www.epsos.eu

34. Information about epSOS stakeholders: http://www.epsos.eu/home/project-members-

beneficiaries/industry-team.html

35. DIRECTIVE 2011/24/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 9

March 2011 on the application of patients‘ rights in cross-border healthcare: http://eur-

lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2011:088:0045:0065:en:PDF

36. Information about Calliope: http://www.calliope-network.eu/

37. Information about the European e-Health Governance Initiative: http://www.ehgi.eu/

38. Information about the SemanticHealthNet:

http://www.semantichealthnet.eu/index.cfm/news/

39. Information about Antilope: http://www.antilope-project.eu/

e-CODEX/ e-Justice

40. Communication from the Commission to the Council, the European Parliament and the

European Economic and Social Committee: “Towards a European e-Justice Strategy”

(COM(2008)329 final): http://www.ccbe.eu/fileadmin/user_upload/document/E-

Justice_Portal/05_03_2009/English/EN_EC_Communication.pdf

41. Multi-Annual European e-Justice Action Plan 2009-2013 (2009/C 75/01): http://eur-

lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2009:075:0001:0012:en:PDF

42. e-CODEX D1.7 „Sustainability Plan” (not published)

43. e-SENS, Technical Annex v3.0, WP5.3: e-Justice Piloting

44. Information about EUROJUST:

http://eurojust.europa.eu/about/background/Pages/mission-tasks.aspx

45. Information about the e-CODEX piloting: http://www.e-CODEX.eu/pilots.html

46. Information about e-CODEX stakeholder: http://www.e-codex.eu/stakeholders.html

http://www.epsos.eu/

http://www.calliope-network.eu/

http://www.ehgi.eu/

http://www.semantichealthnet.eu/index.cfm/news/

http://www.ccbe.eu/fileadmin/user_upload/document/E-Justice_Portal/05_03_2009/English/EN_EC_Communication.pdf

http://www.ccbe.eu/fileadmin/user_upload/document/E-Justice_Portal/05_03_2009/English/EN_EC_Communication.pdf

http://eurojust.europa.eu/about/background/Pages/mission-tasks.aspx

http://www.e-codex.eu/pilots.html

http://www.e-codex.eu/stakeholders.html

Approved by EC

57

II. Appendix I – Glossary

Term Explanation

Article 29 Working Party

(e-Health)

The Article 29 Working Party is made up of a representative from the data protection authority of each EU Member State, the European Data Protection Supervisor and the European Commission. Its name comes from the Data Protection Directive and it was launched in 1996.

Its main missions are:

Give expert advices to the States regarding data protection

Promote the same application of the Data Protection Directive in all EU state members, as well as Norway, Liechtenstein and Iceland

Give to the Commission an opinion on community laws (first pillar) affecting the right to protection of personal data

ANTILOPE ANTILOPE EU project drives e-Health interoperability in Europe and beyond. Between 2013 and 2015 key national and international organisations will work together to select and define e-Health standards and specifications. They will create, validate and disseminate a common approach for testing and certification of e-Health solutions and services in Europe

CALLIOPE EU eHealth Interoperability Roadmap

CALLIOPE has been set up by the EU-funded Thematic Network "CALLIOPE - Creating a European coordination network for e-Health interoperability implementation". The main goal of the CALLIOPE Network has been to produce value for decision makers for national e-Health implementations.

The Roadmap provides the needed factual basis to support the planning of the operational activities of the eHGI (e-Health Governance Initiative) in taking forward priorities set by the High Level Governance Group (HLGG) of Secretaries of State.

CIP Competitiveness and Innovation Programme

Continua Continua Health Alliance is a non-profit, open industry organisation of healthcare and technology companies joining together in collaboration to improve the quality of personal healthcare. With more than 200 member companies around the world, Continua is dedicated to establishing a system of interoperable personal connected health solutions with the knowledge that extending those solutions into the home fosters independence, empowers individuals and provides the opportunity for truly personalised health and wellness management.

Core Service Platforms

Core service platforms are the central element(s) or hub(s) of the digital service infrastructures essential to ensure trans-European connectivity, access and interoperability. This may also encompass physical equipment, such as servers, dedicated networks and software tools. Core service platforms are open to entities in all Member States.88

ECAS ECAS provides authentication services for many of electronic services provided by the EC, ranging from services to support communication between Member States, such as the Internal Market Information System (IMI), to services to

88 Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on guidelines for trans European telecommunications networks and repealing Decision No 1336/97/EC

Approved by EC

58

support operations within the Commission, such as the participant portal in European research programmes.

e-CODEX Online access to judicial procedures for claimants, defendants and legal professionals

eHealth Governance Initiative

The e-Health Governance Initiative is working to establish a governance structure for e-Health within Europe in order to ensure continuity of healthcare both at home and across borders. It is achieving this through the development of strategies, priorities, recommendations and guidelines designed to deliver e-Health in Europe in a co-ordinated way. This work involves all stakeholders but especially patients and healthcare professionals.

The Initiative, co-funded by EU, has 39 Beneficiaries including: Ministries, Competence Centres, Users and Industry.

e-SENS Electronic Simple European Networked Services

epSOS Smart Open Services for European Patients (Cross-border access to patient information online)

epSOS Framework Agreement (FWA)

The epSOS FWA blueprint is the common base for establishing national contractual agreements in order to engage national pilot partners in the participating MS to effectively operate the epSOS services on a pilot basis. The FWA is used by each MS to draft a contractual agreement which establishes a legal relationship between the different national/regional/local entities in charge for the epSOS service implementation.

EUGO network EUGO network - The Points of Single Contact (PSCs) are e-government portals for entrepreneurs active in the service sector. It is a legal requirement to have a PSC in each EU country since December 2009 as set out in the EU Services Directive. EU countries are not legally obliged to make available tax and social security procedures through the PSCs. However, a large number of EU countries already provide for this possibility, and all others are encouraged to do so too. All national PSCs are part of the European EUGO network. PSCs allow to find information about the rules, regulations and formalities that apply to service activities or to complete the administrative procedures online (by submitting the necessary application forms and supporting documents etc. electronically). You no longer have to go to the individual offices of different authorities in different countries, one by one. In each EU country, applications can now be dealt with online through one single access point, the PSC89.

EUROJUST Eurojust, which was founded in 2002 is an European agency, which “stimulates and improves the coordination of investigations and prosecutions between the competent authorities in the Member States and improves the cooperation between the competent authorities of the Member States, in particular by facilitating the execution of international mutual legal assistance and the implementation of extradition requests. Eurojust supports in any way possible the competent authorities of the Member States to render their investigations and prosecutions more effective when dealing with cross-border crime.”90

European e-Justice portal

The European e-Justice portal aims at providing citizens and companies easier access to judicial information and facilitating judicial cooperation within

89 For more information: http://ec.europa.eu/internal_market/eu-go/index_en.htm 90

For more information: http://eurojust.europa.eu/about/background/Pages/mission-tasks.aspx

Approved by EC

59

Europe. The portal has three functionalities:

a) giving access to information concerning judicial systems and procedures, as well as to practical information concerning the competent authorities and methods of obtaining legal aid:

b) referring users to the websites of European legal institutions, networks and registers

c) providing a direct access to selected European procedures. The long-term goal is for the judicial procedures to be fully electronic.

European Interoperability

Framework (EIF)

The European Interoperability Framework supports the European Union's strategy of providing user-centred eGovernment services by facilitating, at a pan-European level, the interoperability of services and systems between public administrations, as well as between administrations and the public (citizens, businesses). It is an action of the eEurope 2005 Action Plan, under the eGovernment heading.

EXPAND EXPAND – “Expanding Health Data Interoperability Services” is Thematic Network co-funded under the CIP-ICT Policy Support Programme. The project, recently approved and still under negotiation, addresses the challenge of moving from a set of point-solution pilots to a large-scale deployment of cross border e-Health facilities. EXPAND shall secure the sustainability and expandability of epSOS pilot services including the proper handover, up to the launch of the Connecting Europe Facility. Another aim of the project is to foster the re-using e-Health assets created by both EU and national initiatives.

HL7 Health Level Seven International (HL7) is the global authority on standards for interoperability of health information technology with members in over 55 countries.

Horizon 2020 Horizon 2020 – is the financial instrument implementing the Innovation Union, a Europe 2020 flagship initiative aimed at securing Europe's global competitiveness. Running from 2014 to 2020 with an €80 billion budget, the EU’s new programme for research and innovation is part of the drive to create new growth and jobs in Europe. Horizon 2020 provides major simplification through a single set of rules. It will combine all research and innovation funding currently provided through the Framework Programmes for Research and Technical Development, the innovation related activities of the Competitiveness and Innovation Framework Programme (CIP) and the European Institute of Innovation and Technology (EIT). The Programme will tackle societal challenges by helping to bridge the gap between research and the market by, for example, helping innovative enterprise to develop their technological breakthroughs into viable products with real commercial potential. This market-driven approach will include creating partnerships with the private sector and Member States to bring together the resources needed.91

IDABC Interoperable Delivery of European eGovernment Services to public Administrations, Businesses and Citizens.

IHE Europe IHE Europe is a non-profit association dedicated to interoperability in health information technology; IHE-Europe gathers a broad range of stakeholders to

91

For more information: http://ec.europa.eu/research/horizon2020/index_en.cfm?pg=h2020

http://ec.europa.eu/research/innovation-union/index_en.cfm

http://ec.europa.eu/europe2020/index_en.htm

http://cordis.europa.eu/fp7/home_en.html

http://cordis.europa.eu/fp7/home_en.html

http://ec.europa.eu/cip/

http://eit.europa.eu/

Approved by EC

60

advance the shared exchange of patient information.

ISA Programme ISA, the program on Interoperability Solutions for European Public Administrations, addresses the need of public administrations to provide efficient public services to businesses and citizens across Europe. ISA supports and facilitates efficient and effective cross-border electronic collaboration between European public administrations. The programme enables the delivery of electronic public services and ensures the availability, interoperability, re-use and sharing of common solutions. A budget of 164,1Mio Euro has been foreseen for the period from 2010-2015.

PEPPOL Interoperable e-Procurement solutions, such as e-invoices and e-signatures for important documents

RACI The RACI method is a tool that can be used for identifying roles and responsibilities in projects or business processes. RACI is an acronym, which derives from the four key responsibilities: Responsible, Accountable, Consulted Informed.

Responsible:

The entity, which does the work to achieve the task.

Accountable:

The entity, which is answerable for the correct and thorough completion of the task and delegates the work to the entity, which is responsible.

Consulted:

The opinions of this entity will be considered (e.g. subject matter experts). Two way communication.

Informed:

The entity who is kept up-to-date on progress. One way communication.92

SemanticHealthNet SemanticHealthNet develops a scalable and sustainable pan-European organisational and governance process for the semantic interoperability of clinical and biomedical knowledge, to help ensure that HER (Electronic Health Record) systems are optimised for patient care, public health and clinical research across healthcare systems and institutions.

SPOCS Simple Procedures Online for Cross- Border Services (Online Points of Single Contact to help businesses expand into other countries)

STORK Secure idenTity acrOss boRders linKed (Electronic identity for easier access to public services)

STORK PEPS A Pan European Proxy Service or Server (PEPS), as defined by IDABC, is a system that

1. hides national problems for other countries

2. elevates the national circle of trust to European level.

A PEPS connects its national e-ID infrastructure to foreign service providers, as well as its national service providers to foreign e-ID infrastructure. To be able to use such e-ID infrastructure, the user plays an important role; without her/his participation there’s no way to get data exchanged. Thus a PEPS has 4

92 For more information: http://en.wikipedia.org/wiki/Responsibility_assignment_matrix and http://www.valuebasedmanagement.net/methods_raci.html

http://en.wikipedia.org/wiki/Responsibility_assignment_matrix

Approved by EC

61

interfaces, as made clear in the following chart:

PEPS is an architecture based in a centralised model

STORK S-PEPS/C-PEPS

When connecting a service provider to the STORK platform, this connection will be done through his national STORK node. This node connects to each of the other national nodes of the platform, which on their turn connect to the national e-ID infrastructure.

Thus one of the two PEPS has the role of S-PEPS, attending requests from Service Providers, in the SP country, the other one has the role of C-PEPS, taking care of the interface with the citizen, in citizen’s country. This last role also assumes the interface with e-ID provisioning and possible additional Attribute Providers.

STORK QAA The Quality Authentication Assurance (QAA) scheme developed by STORK comprises a labelling (ranging from 1 – low to 4 – high assurance) based on the quality of the e-ID issuance process and the security of the e-ID token. It allows the service provider to request credential fitting its needs.

STORK VIDP The Vitual Identity Provider (VIDP) has the same objectives as a PEPS, but for a decentralised model: to hide the national problems for the other Member States, and to be an anchor of trust which allows to leverage the national circle of trust to the Europe. The main difference is the location: it is supposed to be located as close as possible to the Service Provider, thus enabling true end-to-end communication between Service Provider and user, but also enabling usage of or location beside national gateways, depending on each country’s decision.

Trillium Bridge “Trillium Bridge - Bridging Patient Summaries across the Atlantic” is a FP7 Support Action (started on 01.07.2013 with duration of 20 months) addressing interoperability of patient summary between EU and US. The objective of the action is to compare specifications of EU and US patient summaries with the aim of developing and testing common and consistent specifications and systems allowing the interoperability of electronic health records across the Atlantic.

Virtual Company Dossier (VCD)

The Virtual Company Dossier (VCD) system provides a set of tools to support national or cross-border public buyers and their suppliers in the pan-European tendering phase.

For eligible economic operators (suppliers), participation in public tenders requires proof of fulfilment of the qualitative selection criteria requested by the contracting authority. The burden of proof lies with the economic operator, who must collect evidences from different (national) sources and provide them to the contracting authority. PEPPOL provides an interoperable electronic document solution that supports the exchange of evidences across borders. PEPPOL has developed an eAttestation tool for tendering that provides a

http://www.peppol.eu/peppol-project/user_groups/economic-operators/economic-operators

http://www.peppol.eu/peppol-project/user_groups/contracting-authorities/contracting-authorities

Approved by EC

62

standardised structure to submit evidence that can be used for both national and cross-border eProcurement, during the qualitative selection process.

To realise this vision, the PEPPOL VCD project delivered:

European VCD System (EVS) providing decision support to derive evidences in order to meet the required criteria defined in the Call for Tenders (pursuant to the underlying legal rule sets in accordance with European and national procurement legislation, and represented as machine interpretable ontologies). The Ontology Management System provides the editing and management functionality for the different ontologies;

National VCD System (NVS) providing a full range of VCD functionalities to the economic operator - from the initial selection of criteria (via the VCD Designer) to the finalisation of a validated VCD Container (through the VCD Builder). A core functionality of the NVS is to enter data and to upload evidences to a VCD;

VCD Viewer - allowing users to view the content of VCD Packages.

The VCD tools have been developed to address the demand for improved interoperability in electronic tendering qualifications in public procurement. They offer simplification, transparency and electronic monitoring of supplier qualifications, while assisting private companies to create a legitimate package of supplier qualification.93

93

For more information: http://www.peppol.eu/peppol_components/virtual-company-dossier

Approved by EC

63

III. Appendix II – Governance Matrix/ Questionnaire

Sustainability mapping - LSP Approaches Organisational: Stakeholder interest / involvement / management

1. Preferred LSP Governance model for short (now until end of 2015), medium (2016-

2020) and long (> 2020) term.

Elements of the LSP Plans Answer

SPOCS SPOCS team prompted for feedback on 3 types of entities in the stakeholder sessions (.eu, .org, .com) and stakeholders were asked to respond to sustainability issues in terms of what they wanted to see happen and in what they expected to happen.

Business Lifecycle -

PEPPOL/e-Procurement

Concerns/preferences identified in stakeholder feedback sessions, led to conclusions about the type of entity required. Concerns were also expressed by the service provider community about long term governance falling into the hands of private companies who may be competitors.

STORK/e-ID

Concern relating to a central European legislation and governance structure maintained by the European Commission would be the key driver in adopting the eID solution

e-CODEX

The e-CODEX team envisioned 4 possible scenarios as follows: 1. Maintenance through the European Commission, 2. Maintenance through a Consortium of Member States, 3. Maintenance through an allocated Member State, and 4. Maintenance through a Third (commercial) Party - and looked at the pros and cons of each scenario in terms of dependency on funding, balance of cross-sector interests, re-use of infrastructure, decision making and influence of Member States or businesses, and ease or difficulty in establishing control.

e-Justice -

epSOS/ e-Health

For the short term (now until the end 2015), the most appropriate governance model for the sustainability of the results of the eHealth LSP/domain could be that MS continue with their voluntary maintenance of the legal agreements and assets by MS; however as this entails maintenance of central EU level components and governance structures, additional support from EU funding schemes (DG Programme), would be needed. MS could continue the large scale operation as part of their participation in relevant projects which can act as follow up of epSOS and establish their interoperability on the existence of epSOS services adopting adequate processes. In medium-long term perspective (2016-2020 and beyond) the most viable governance model should foresee an EU mechanism and MS co-decision with industry and the private sector advises, being also self-regulated and pro-active through platforms like the IHE, Continua, HL7 etc. This model is particularly suitable for specifications and semantic

Approved by EC

64

assets. However, any governance model expecting a sharing mechanism of decision making powers needs to be discussed within the eHealth Network (Art. 14 Directive 2011/24/EU) which is the ultimate forum grouping the national authorities responsible for eHealth cross-border governance designated by the MS.

2. Please indicate which of the following governance models you consider appropriate

for the sustainability of the results of the LSP/domain, taking into account the need to engage key stakeholders, market take-up, continuity and flexibility (rating from 3 = appropriate/viable, 2 = partially appropriate/viable to 1 = not appropriate/viable).

SPOCS SPOCS team prompted for feedback on 3 types of entities in the stakeholder sessions (.eu, .org, .com) and stakeholders were asked to respond to sustainability issues in terms of what they wanted to see happen and in what they expected to happen. Over 192 interviews were conducted during the period from June to

September 2011. Looking at "All Responses‟, in terms of what people say they want, the split between the 3 scenarios is fairly even, with dot.eu the largest at 41% (the others 31% and 28%). However, the same sample expect that dot.eu will come to the fore by a substantial majority (60%).

PEPPOL/ e-Procurement Governance model for eProcurement should be based through several layers based in the commercial and private market. eProcurement has been commercialised for many years and the private market with multiple service providers would not accept a strong centralized governance model. With this respect it is clear that a private Non Profit Organisation - with the participation of member states and the European commission is preferred. SPOCS Business

Lifecycle PEPPOL/ e-Procurement

STORK/ e-ID

e-CODEX e-Justice epSOS/ e-Health

DG

P

rogr

amm

e 3 3 1 1 2 2 2 (for short term only)

Approved by EC

65

Age

ncy

3 2 1 1 2 2 3 (The EC and MS co-decide. Industry and the private sector advises and is also self-regulated and pro-active through platforms like the IHE, Continua, HL7 etc. This model is particularly suitable for Specifications and semantic assets; however the sharing of decision making powers needs to be discussed within the eHealth Network.)

NP

O b

y EC

wit

h

pri

vate

sec

tor

co-d

ecid

ing

2 2 2 1 1 1 1

Pri

vate

sec

tor

form

ing

ow

n

NP

O

1 1 3 3 1 1 1 (seems to be possible only for maintenance of assets but not for reflecting MS priorities)

Sup

ervi

sory

A

uth

ori

ty

mo

nit

ori

ng

priv

ate

com

pan

ies

1 2 1 3 1 1 1

Please justify your answer:

SPOCS

Preferred scenario are for .EU with coordination at EU jointly with MS. In an .EU model, there would be room enough for the private sector to be consulted and to be active, under the control of the EU and the MS. Private sector alone wouldn't create buy-in from MS to run the solutions in their country.

Business Lifecycle

Currently there is limited usage regarding the results of the LSP projects. From that point of view additional DG Programme is required in order expand the use of the solutions and fine tune the operational details at European Level. The agency governance model at European level is very good, but at later stage when the LSP

Approved by EC

66

solutions will be more stable and become a commodity. The participation of the Member States under the co-ordination of the European Commission is still required and this framework should be loose at the beginning. That is why a DG programme is better from an Agency at this stage. Although it is nice to have the participation of the private sector, there are a lot of doubts if currently there is business case for them. Moreover the LSP solutions are public infrastructure (e.g. e-ID, e-delivery,) that in the long run will become critical for the electronic services. From that point this services must at least be regulated and supervised by the public sector. Therefore Governance solutions that are based only on the Private Sector are not appropriate.

Stork/e-ID

Due to the sensitivity of the data managed by the STORK platforms the solution should be mostly managed by some type of public body. However, industry recommendations shall be considered and taken into account in the decision-making process. This is the reason why governance models where the public sector has a strong weight to decide are preferred.

e-CODEX

It is not really possible to give a general answer to this question. As explained in the e-CODEX sustainability plan, for the different components different governance models apply (e.g. XML schemas might be maintained through an agency, but the e-CODEX software will be run by organisations under the control of ministries in the Member States) - see also "Operational" tab.

e-Justice These answers should be considered premature given that e-SENS is yet to choose the pilots it will implement. The choice of governance should indeed stem from the pilots. One should also notice that MS will need to have a greater say than any of these models suggest. A good starting point to assess this would be to study the current governance model for e-justice.

epSOS/e-Health

The epSOS sustainability strategy is still under definition. It currently focuses on conditions needed to make the epSOS services “surviving” after the project formal closure and on those that should guide the sustainability of the services. While sustainability has implicit the concept of “cost of maintenance alive”, survivability is meant as the possibility of the epSOS services to be provided after the end of the operation. This concept is different from the former, in the sense that it is considered as a short term impediment to continue piloting. Both dimensions are addressed under different levels (such as legal & organizational, semantic and technical) and the ongoing discussions within epSOS and amongst the National eHealth authorities leave room for further investigations and evaluations also considering the opportunity to complement and bridge the CEF

3. Please indicate which of the previously mentioned governance models is the most

appropriate in the following timeframes:

SPOCS agrees that there might be a need for an intermediate scenario before having a fully operational solution for sustaining the technical work of the project.

Approved by EC

67

SPOCS Business


STORK/ e-ID

e-CODEX

e-Justice epSOS/ eHealth

Sho

rt t

erm

(

no

w u

nti

l th

e en

d o

f 20

15)

DG Programme (Horizon 2020)

DG Programme

private NPO DG Programme

Agency see above DG Program

Med

ium

ter

m

(201

6-2

02

0)

DG Programme (Horizon 2020) including a transition phase to the agency

DG Programme

private NPO DG Programme

Agency see above Agency

Lon

g te

rm

(bey

on

d 2

020)

Agency (within the new budget cycle)

Agency or NPO by EC with private sector co-deciding

private NPO DG Programme / NPO by EC with private sector co-deciding/Agency

Agency see above Any governance model expecting a sharing mechanism of decision making powers needs to be discussed within the eHealth Network

4. Please describe any advantages / disadvantages of the governance models listed

above regarding your LSP/domain, or any relevant considerations/concerns for your LSP/domain (e.g. regarding the responsibility of one or different DGs for the domains).

SPOCS

DG PROGRAMME Advantages: continuity, funding, co-creation of solutions. Disadvantages: a series of disconnected initiatives, lack of coordination across projects, just the same thing happening at embryonic level. No roll out or conviction to push MS to adopt the solution. no targeted communication addressed to potential users in the entrepreneur community AGENCY Advantages: visibility and possibility for coordinated action on developing interoperable solutions even across domains. one single owner of the sustainability of services for business operations. Disadvantages: very centralised approach, complex governance, low incentives for MS to connect to this. NPO Advantage: hybrid solution offers more flexibility to

Approved by EC

68

bring in intermediaires involved in the services at national level. Disadvantage: too complex governance, focused on internal power struggles as opposed to serving the business community and users in general. too complex to understand from the outside. SUPERVISORY BODY Disadvantage: no legal competency under this domain to supervise anything.

Business Lifecycle

DG PROGRAMME The concept is that Member states are participating in the decision making process and European commission is co-ordinating. This model already exists since a lot of working groups are already established under the coordination of various DGs. AGENCY This solution needs more time to be established and all the appropriate decisions at Member States Level and European Commission level should have been taken in advance. Afterwards an agency could be established with specific responsibilities. NPO BY EC WITH PRIVATE SECTOR CO-DECIDING The main advantage will be the active participation of the private sector, provided that they will be interested to invest on something like that. This model needs time to be established and organised, similarly to the Agency model. PRIVATE SECTOR FORMING OWN NPO Since we expect that the LSP solution will become an important-critical pan European infrastructure that public sector should be involved in the governance model. SUPERVISORY AUTHORITY MONITORING PRIVATE COMPANIES This model will be good provided that we will have a business case for the private sector. This may delay the investments towards this directions (see the evolution of the Digital Signature framework from 1999).

PEPPOL/e-Procurement

In regards to eProcurement the current and strong commercial uptake has to be taken very seriously when choosing a governance model. Many commercial service providers would not accept a centralized governance where vital company and business information could be exchanged, stored, gathered etc. As possible alternative solution could be a EC NPO with private decision makers involved.

Approved by EC

69

STORK/e-ID

Data stored and managed by the STORK platform is quite sensitive and is born from the public sector, so the lack of trust makes impossible to have a private company in charge of the platform

e-CODEX

For a communication platform that is used by judicial authorities, it is hard to imagine having it run by a private company.

e-Justice

see above

epSOS/e-Health

In interpreting this inout, please take note of the fact that the organization and funding of health systems is anational prerrogative. The legal basis for cross border care is provided by Directive 2011/24/EU. The EU co-ordination is by means of the Article 14 eHealth Network national health authorities are on the steering wheel.

5. In order to sustain and maintain the solutions achieved in your LSP/domain, who

is/should be involved in the decision-making process? Please indicate the roles of

the entities (responsible, accountable, consulted, informed, not involved, other:…).

e-CODEX

Please not the difference between goverance and maintenance: since most e-CODEX componects are being run decentralised in the MS, maintenace will be under MS control, but governance may be to some extent centralized.

e-Justice

Not sure we understand the difference between responsible and accountable.

epSOS/e-Health

Article 14(1) of the directive specifies that “the Union shall support and facilitate cooperation … among Member States with a voluntary network connecting national authorities responsible for eHealth designated by the Member States.”

SPOCS Business Lifecycle

PEPPOL/ e-Procurement

STORK/ e-ID

e-CODEX

e-Justice epSOS/ eHealth

Euro

pea

n

Co

mm

issi

on

Accountable (it's their money on the table so they need to set up a proper structure for this)

Co-ordination role

Stakeholder / NPO participants

Responsible C Responsible Responsible

Approved by EC

70

Mem

ber

St

ates

/ G

ove

rnm

ents

Responsible (it's their money, but also their benefit, so they need to implement the solutions and use them)

Responsible for decisions at European level and for the exploitation of the services at National Level.

Governance caretakers / authorities

Responsible R, A Responsible Responsible

Reg

ion

s

Consulted Responsible for decisions at National level and for the exploitation of the services at Regional Level.

Governance caretakers / authorities

Informed C Informed (depending on MS's structure)

varies from country to country

Pri

vate

Se

cto

r:

Consulted Informed

ICT

Ind

ust

ry Consulted Making

products that take advantage and support the LSP services

NPO participants Informed C Informed engaged

Oth

er

Ind

ust

ry:

Informed Providing needs that should be addressed in the solutions provided by LSPs

_ Informed engaged

Stan

dar

dis

atio

n

Org

anis

atio

ns

Consulted Defining and updating the standards in order to fulfil the needs of the LSPs services.

NPO participants Informed, Consulted

C Informed responsible (ESOs, NSOs) and engaged (SDOs)

Tech

nic

al/

Bu

ildin

g B

lock

exp

erts

Consulted (but where? In MS? In private sector? In standard's organisations? Who as experts? The LSP people?

Implementing the LSP building blocks and providing support to organization that are interested to use them.

Advisory-, board-, technical- members

? C Consulted consulted

Do

ma

in/

LSP

exp

erts

Informed/ consulted/ not involved, it really depends (the LSP people are going to preach the benefits of what they did, not objectively)

Providing needs that should be addressed in the solutions provided by LSPs. Implement pilot that can depict how the solutions can be used and identify issues to be solve at later stage from the Technical building Blocks experts.

Advisory-, board-, technical- members

? C Responsible consulted

Approved by EC

71

Res

earc

h

and

kn

ow

led

ge

inti

tuti

on

s Consulted but not

systematically Independent validators of the solutions. Making proposals for improvements.

NPO participants ? C Informed consulted

Oth

ers:

users should be consulted regularly

6. What are the areas/activities that should be carried out by a centralised

governance model, considering the sustainability dimensions analysed (indicate YES or NO): SOCS Business


STORK/ e-ID

e-CODEX e-Justice epSOS/ eHealth

Stra

tegi

c O

vers

igh

t

YES (EU + MS)

YES NO Yes YES NO YES

Lega

l/R

egu

lato

ry/C

om

plia

ce

YES YES YES Yes YES NO YES

Bu

sin

ess

Rea

din

ess

(Mar

keti

ng

and

Tak

e u

p)

YES (at both central and MS level)

NO NO NO YES YES NO

Op

erat

ion

s

NO NO YES Yes NO YES Yes, centrally run services

Tech

no

logy

NO (Just the interconnection not the whole technolog, else we run into a one size fits all).

NO YES Two parts: the PEPS YES, but the integration with service providers NO

YES YES Yes, maintainance of assest

Approved by EC

72

Oth

er (

ple

ase

des

crib

e)

User involvement should occur at local level

7. Would you consider one or different governance models when looking at the

complete set of e-SENS components? Please provide your opinion.

SPOCS The opinion would be more in favor of coordination happening at a central level, rather than all operations run at central level. Ie basic rules are set, processes are integrated, but MS have still indepedence in their operations.

Business Lifecycle The models that have been proposed do not seem to reflect all the options.

PEPPOL/ e-Procurement -

STORK/ e-ID Difficult to have the same governance model for all the components as for example eID would need a public sector decision model, but e-Signature or e-Delivery that don't store sensitive data don't have this exigence.

e-CODEX As already mentioned for e-CODEX, the different nature of components requires different governance models. Also maintenance of specifications is different from maintenance of deployed solutions.

e-Justice Not sure we understand the question.

epSOS/ e-Health There should be one governance model accommodating sector specific considerations.