5 A common ecosystem for national digital collaboration

Municipalities, county authorities and central government agencies must be able to collaborate in order to develop user-centric, seamless and efficient digital services. Existing service development platforms shall be better utilised.

There is a need to see existing and planned service development platforms and basic data registers, etc. as a common «ecosystem» that shall enable government agencies to collaborate digitally and have access to the necessary common functionality and common IT architectures. The ecosystem must be managed in a coordinated manner, and its must be coordinated.

There are currently seven national common components: Altinn, ID-porten (ID-gateway), Digital Mailbox for Citizens, National Population Register, Contact and Reservation Register, Land Register and Central Coordinating Register for Legal Entities. There are several other common IT solutions and technical platforms, such as helsenorge.no, nav.no, the National Data Directory and the FIKS platform. Common standards, principles, and reference architectures have also been prepared. Collectively, they represent a common ecosystem for national digital collaboration and service development for the public sector.

Where are we?

Municipalities, county authorities and central government agencies are offering a growing number of digital services to citizens and the business sector. In its digitalisation activities, the public sector has access to a number of common IT solutions and some common IT architectures. The figure below provides an overview of key common components and common solutions for use by municipalities, county authorities and central government agencies. This overview is not exhaustive, but shows a basic selection. For example, common sectoral solutions are not shown.

Figur 5.1 Overview of key common components and common solutions in 2019

Several surveys 14 show that the common national solutions are widely used among central government, county and local government agencies in digitalisation activities, but challenges have also been identified.15 Moreover, the public sector has a strong need to reduce costs by realising the benefits of digitalisation, such as reusing existing solutions.

Responsibility for common components and common solutions is divided among many actors, and management of the central government solutions aligns with sectoral responsibility and line management. The Norwegian Association of Local and Regional Authorities is currently responsible for managing common services and common components within the FIKS framework, which has in turn been developed for reuse and collaboration with common central government components. The Norwegian Association of Local and Regional Authorities has also recently established a common architecture for the local government sector, in cooperation with the sector and with central government actors such as the Norwegian Directorate of eHealth, the Agency for Public Management and eGovernment (Difi) and the Norwegian Labour and Welfare Administration (NAV), where the local government sector’s collaboration with central government is a primary focus.

No sufficiently uniform and coordinated approach to what common functionality and common IT architectures the public sector needs has been established. Likewise, no uniform and coordinated management models have been established to support efficient use of resources in the public sector. Sometimes similar or overlapping functionality is developed in parallel, and in some cases there is a lack of incentives to reuse existing solutions rather than develop new ones. A lack of transparency regarding development plans also increases the risk of functionality being duplicated.

Safeguarding information security in the public sector is first and foremost an agency responsibility. The authorities must enable agencies to protect themselves from cyber incidents. The public sector must have sound management and control of its cyber security. Particular focus must be placed on safeguarding cyber security in the common national components and in other critical systems provided by public sector agencies. It is important that agencies in the public sector have a common understanding of and approach to security challenges. The objectives for security activities in the public sector are discussed in more detail in the National Cyber Security Strategy for Norway, which was launched by the Government in January 2019.

Secure electronic identification (eID) is a crucial factor in digital public administration. The use of market solutions for logging into public digital services through ID-porten has been a successful strategy. The number of logins to date shows a marked increase in the use of digital services from the public sector (see the figures below).

Figur 5.2 Number of ID-porten logins for the period 2010–2018

The use of eID and eSignatur (eSignature) in the public sector is regulated by the Act relating to electronic trust services. The Framework for Identification and Traceability provides guidelines on risk assessment and choice of security level for securing electronic communications with respect to verifying identity and linking identity to a document or transaction.

Where are we going?

At present, the managers of common solutions have different contractual, financing and payment models for similar solutions. There is no comprehensive overview of what common functionality is available or how agencies can implement common functionality. Lack of coordination of common functionality and common architectures leads to fewer benefits, inefficiency, lack of goal achievement, more bureaucracy for agencies and higher usage costs. The public sector is unable to fully realise the potential benefits of developing common solutions for identical needs. The ecosystem can help solve several of these challenges.

The key elements of the common ecosystem should be:

• common data sources, such as master data and basic data registers
• common solutions
• common architectures, such as reference architectures, standards, guides and frameworks
• standard access for multiple users
• standard business models and contracts
• harmonised financing and payment models

The goal is for services, websites and data sources in municipalities, county authorities and central government agencies to work together.

The digitalisation activities take place in the agencies, so a strategy to create common solutions for identical needs must not prevent agencies from developing innovative solutions that will benefit users. The decisive factor is to find a good balance between these considerations. The content of the ecosystem shall satisfy common needs for efficient task performance, information sharing and development of user-friendly and seamless services in municipalities, county authorities and central government agencies.

Existing IT infrastructure in the public sector must be maintained to facilitate continuous development and innovation of digital services. This must occur at the same time as new digital solutions are developed at an ever-increasing pace. From a socio-economic perspective, this suggests that there may be several good reasons why the public sector should make more use of solutions developed in the market rather than develop its own. Nonetheless, there can be no doubt that the public sector will also need solid in-house IT expertise, regardless of how the public sector chooses to use the market in future.

The common solutions must be easier to adopt, and it must be clarified which actors can use them, which parts of the common solutions can be used, and on what terms, including private entities and voluntary organisations. Contracts must be coordinated, be standardised, and be designed in such a way that they stimulate use. For example, there is a need to consider how the local and central governments can ensure access to the basic data registers on equal terms. Administrative responsibility for the solutions must be clearly assigned, and management and financing better coordinated. It is also important to maintain and further develop the good collaboration that has been established with the private market on developing common solutions that are part of the ecosystem.

External attacks on the public sector’s common solutions represent a serious security risk. For example, if ID-porten (ID Gateway) were put out of action, access to public services would be severely reduced. Establishment of a dedicated computer emergency response team (CERT) function for the common ecosystem should be considered to manage such challenges, in accordance with the framework defined in the National Cyber Security Strategy for Norway (section 3.4). CERT functions are already in place in various sectors, such as Power CERT and Health CERT, and it should be possible to draw on their experiences.

The figure below illustrates a potential future common ecosystem and its key elements. A key change is the establishment of coordinated governance and coordination of the content included in the ecosystem. In principle, the seven common components – Difi and the Brønnøysund Register Centre’s common solutions and the FIKS platform (Norwegian Association of Local and Regional Authorities) – will constitute the core of the ecosystem. Any expansion of the ecosystem would be subject to consultation with the responsible sectoral ministries.

Figur 5.3 Common ecosystem for national digital collaboration and service development towards 2025

Work is underway on establishing a European governmental interoperability platform that will contribute to cross-border digital collaboration. In the same manner as the European platform, the ecosystem shall facilitate good collaboration between local and central government agencies, and with citizens, voluntary organisations and the business sector in Norway. This requires good cooperation between the administrative levels with respect to legal, organisational, semantic and technical issues.

In order to use digital public services, citizens must have the opportunity to acquire simple and secure eIDs. It is an important goal for all citizens to have an eID that can be used for the services they need. All groups, including foreign nationals without a Norwegian national identity number, and children and adolescents, should be able to obtain an eID at the level they have a need for it. In an increasingly digital public sector, individuals who, for one reason or another, are unable to act digitally themselves, must have the opportunity to be represented by a proxy. Provisions must therefore be made for the use of digital authorisations and digital consent.

It is important to ensure that electronic identities can be securely issued, that the solutions meet the necessary security requirements, and that they be as user friendly as possible. There is also a need to facilitate the use of electronic employee IDs. Some sectoral employee IDs have already been developed, such as Helse-ID in the health and care sector and Feide in the education sector. In addition to employees in the education sector, Feide is also used by pupils (from the first year of primary school) and students. Sectoral employee IDs create a significant challenge for the local government sector, which will have to deal simultaneously with multiple specialist sectors in the central government. Guidelines for the use of employee IDs should be included in the strategy for using eID and eSignatur in the public sector.

Goals for a common ecosystem for national digital collaboration and service development

1. Public sectorfacilitatesinnovation and valuecreation
2. When the public sector develops common solutions, collaboration with the private business sector in an ecosystem is taken into account. It is clear which of the common solutions in the ecosystem that can also be used by private enterprises, and on what conditions and terms.
3. Municipalities, countyauthorities and centralgovernmentagenciesdigitalisetheir services
4. Municipalities, county authorities and central government agencies use common solutions and common architectures in developing their services. The public sector shall use its resources efficiently, and the agencies shall share data and make their services to users seamless.
5. A commonecosystem for national digital collaboration and service development is readilyavailable, easy to use and meetscommonneeds
6. It is easy for municipalities, county authorities and central government agencies to keep track of the content of the ecosystem. The combined content is coordinated and managed in a coordinated manner. Common solutions are developed for similar needs, the content is coherent, and new needs are identified and addressed. Governance models, financing models and contractual terms and conditions are coordinated to ease implementation of common solutions. This takes place in close cooperation with the managers of the common solutions. Responsibility for the individual parts of the ecosystem is clearly defined and assigned.

   

Figur 5.4 Coordinated governance of the ecosystem

The Norwegian Association of Local and Regional Authorities coordinates local government interests, and the Ministry of Local Government and Modernisation coordinates central government interests in the ecosystem. An important prerequisite is that all actors who have common solutions in the ecosystem participate in its coordination and governance. Cooperation agreements are entered into between the Ministry of Local Government and Modernisation and the Norwegian Association of Local and Regional Authorities to ensure predictability for both the central and local government sectors. The cooperation agreements must be anchored in the collaborative governance model for digitalisation in the local government sector. The agencies shall cover their own costs for integrating their services and enterprise systems with components of the ecosystem.

The Government will:

• In consultation with the Norwegian Association of Local and Regional Authorities, establish arenas for coordinating the combined content of the common ecosystem for national digital collaboration and service development
• Ensure that the Ministry of Local Government and Modernisation take responsibility for coordinating central and local government interests in the common ecosystem for national digital collaboration and service development, including assessing whether the cooperation agreements between the Ministry of Local Government and Modernisation and the Norwegian Association of Local and Regional Authorities safeguard these interests
• Enable governance of the common national solutions in the ecosystem through the letters of allocation to central government managers of the national common solutions to be conducted in a coordinated manner
• Consider how eID and eSignatur can be provided for all groups that need them, and provide guidelines for the use of employee IDs
• Assess the need to establish a CERT function for the ecosystem