Seven principles for digital-ready legislation

Read more about the seven principles of digital-ready legislation and read the questions which the Danish ministries can use as part of the legislative work.

The given ministry should assess the extent to which the legislative proposal follows the seven principles of digitising legislation in order to ensure that the legislation can easily be digitised — both in the form of digital administration and in the form of digital services for citizens and businesses.

The seven principles for digital-ready legislation are described on this page.

For each principle, a number of control questions are listed which the ministries can use as part of the legislative proces.

The seven principles

Description

The legislation should be simple and clear so that it is easy to understand for citizens as well as businesses. Simple rules facilitate the protection of legal rights by providing more clarity on the legal position of the individual and improve citizens’ and businesses’ experience of being treated fairly. For the authorities, simple and clear rules have the advantage of being easier to administer and contribute to a more uniform administration and digital legislative support. If the legislation is unclear or complex with many exceptions, requirements, schemes, process requirements or discretion it may be difficult to administer - also digitally.

The rules should be worded clearly and simply, unambiguously and consistently. Simple rules do not necessarily mean a brief law text. It may require more words to make it unambiguous and clear what the rules are. This does not, however, change the overall legal principle that superfluous words in the law text should be avoided.

It should be stated clearly in the law text what the general rules and exceptions are, and it should be considered whether, instead of additional exceptions and special schemes, a basic revision of the legislation should be made to make it generally simpler and clearer. However, exceptions should be preserved to the extent it is necessary to ensure that the civil rights of citizens are protected.

Control questions

  • Have rules and concepts been worded in a clear, simple, unambiguous and consistent manner?
  • Is there a clear distinction between general rules and exceptions?
  • If the rules include process requirements: Can the law text be translated into a number of work tasks and is the description of the individual steps listed in the sequential order of the workflow in the act?
  • Is it clear which operators are targeted in the provisions?
  • Is knowledge of implementation impacts such as case processing times incorporated in the preparation of the act?

Description

The legislation must support digital communication with citizens and businesses. For citizens and businesses that cannot communicate digitally, alternative solutions should still be offered. This could be through help and guidance or alternative communication channels.

If it must be mandatory for citizens and businesses to communicate digitally with public authorities there must be legal authority for this. This legal authority should be worded so as to take account of future technological development. This means that, as a general rule, it should be technology-neutral and should therefore not refer to specific means of communication such as telephone, SMS, apps, specialist systems or the like.

The Danish Act on digital post from public issuers (Lov om digital post fra offentlige afsendere) has introduced requirements on the use of digital mail for direct communication with citizens and businesses. However, it is possible to obtain exemption from digital communication.

Control questions

  • Does the necessary legal basis exist for mandatory digital communication between citizens and businesses and the public sector?
  • Has the legal basis been worded so as to include future technological development, meaning that it is technology-neutral?
  • Is it clear what should be communicated digitally (for example applications, decisions etc.)?
  • Communication with public authorities Do any requirements for mandatory use of digital self-service follow the concept from the model in the four ‘waves’ for mandatory digital self-service (see Act no. 558 of 18 June 2012, Act no. 662 of 12 June 2013, Act no. 552 of 2 June 2014 and Act no. 742 of 1 June 2015)?
  • Web accessibility: Are the rules on web accessibility followed as stated in the implementation of Directive of the European Parliament and of the Council on web accessibility in order to ensure that persons with visual impairment or other functional impairment also have access to the digital solution?

Description

The legislation should support complete or partial digital administration of the legislation with due consideration for the legal rights of citizens and businesses.

As a general rule, it is a prerequisite for a public authority using a system involving automated decisions that the automated parts of the decision can be made according to strictly objective criteria so that there is no doubt as to which factual information is relevant and what legal effects it involves if one or the other fact is presented.

In cases where the legislation in one area requires that the decision or elements of a decision are based on discretion it will restrict the scope of the automation of the case processing. This issue can be solved by making discretion manual while the remaining case processing procedure is supported digitally. It may, however, also give rise to deliberations on amendment of the legislation so that it becomes better adapted to a more automated case processing procedure. This depends on whether discretion is expedient and professionally relevant. One of the preconditions for automated case processing is that, as a general rule, the legislation is worded so that objective criteria are applied when deemed relevant and with clear and unambiguous concepts and common concepts rather than special concepts.

Objective rules should only be applied when it makes sense and when no professional discretion is required. Increased use of objective rules may give the specialists more time to spend on the more complex types of cases with a great need for professional discretion, for example cases concerning the welfare of a child and support for particularly marginalised citizens.

Control questions

  • Have the possibilities for using objective criteria been explored?
  • Is it possible, based on existing practice, to establish main criteria for a part of the existing discretionary assessment?
  • Have the possibilities for wording (parts of) the legislation so as to minimise discretion and discretionary assessments been explored?
  • Have the possibilities for adapting the rules to automated procedures been explored, also in relation to the relevant administrative and data protection law requirements? 
  • Is there a need for including discretionary criteria for a residual group or for stipulating rules on the exercise of discretion to enable the inclusion of specific conditions and the specific situation?
  • Has it been ensured that professional discretion will be exercised when dictated out of consideration for the legal rights of citizens?
  • Are the rules technology-neutral?

Description

In order to create cohesion across the public sector and to support an effective public service, the specific ministry should consider whether, instead of introducing new reporting requirements, it is possible to drawn on data from existing public registers as a basis for administration of the legislation.

Concepts and data should be reused across authorities in so far as this is possible. If the specific ministries use uniform concepts it creates a basis for reuse of data by the authorities. In this connection, the specific ministry should pay attention to relevant requirements for sharing data and distinguishing between the different types of data.

Concepts should be defined clearly, unambiguously and consistently. There should be a clear and unambiguous definition of ‘household income’, i.e. the persons included in a ‘household’ and what types of income are included in ‘income’. If concepts are used clearly and unambiguously across authorities, it supports a more uniform and effective public administration.

Control questions

  • Can data already collected by the public authorities - for example address, personal, company, geo or address data - be reused (with due consideration for, inter alia, the data protection legislation) or will new data have to be collected from citizens or businesses?10
  • Has it been ensured that the same definitions of data, accruals etc. are used that exist in public registers such as the income and accrual definitions used in eIndkomst?
  • Are existing geodata used - for example data from Danmarks Miljøportal, Plansystem.dk and geodanmark.dk?

Description

A high degree of digitisation requires a high prioritisation of data security. Within the framework of the data protection legislation, information from public registers such as name and address in the Danish civil registration register (CPR-register) may be used to offer citizens a smooth and effective case processing procedure. But at the same time it is vital that the authorities ensure safe and secure data handling in the public sector in connection with increased data usage.

At the same time, it should be considered whether citizens and businesses may obtain access to their own data and follow their own case in order to create transparency, see the administrative law and data protection law provisions.Citizens and businesses should have easy access to data on themselves held by an authority.

As part of the joint digitisation strategy initiative 1.3, an effort is made to create an overview of own cases and benefits where citizens and businesses are offered insight into public data on themselves.

Even during the preparatory legislative work, focus should be on whether new legislation gives rise to special points of attention in relation to safe and secure handling of citizens’ and businesses’ data. It is a prerequisite for this that technical solutions are designed so that all elements of the administration support safe and secure data handling and that transparency is ensured in the public data handling.

Control questions

  • Does the bill propose collection or reuse of data, including data from other authorities?
  • Is there the necessary legal basis for any collection or reuse of data?
  • Has safe and secure data handling been incorporated, including protection of personal data?

Description

To the extent it is possible and expedient, public authorities should use existing public infrastructure to ensure the largest degree of reuse and cohesion across authorities. The legislation should therefore take into consideration whether it is possible to use existing public infrastructure such as NemID, Digital Post, NemKonto and eIndkomst.

Control questions

  • Are existing joint infrastructure, including for example NemID/mobile NemID, Digital Post-solution, Nem Log-in, Digital Fuldmagt, NemKonto, eFaktura, NemHandel or eIndkomst, used rather than separate, proprietary solutions?
  • Will any existing joint processes be used, including processes for consultation procedure, sharing/access to large documents, receipt, notification, reporting, supervision etc.? Inspiration may be found in the joint Forretningsreferencemodel (FORM, business reference model), which includes a task catalogue that may help to find inspiration and reference examples for design of processes11.
  • In connection with the solution of tasks, is it necessary to log onto different public IT systems? If this is the case, should these IT systems be supported, perhaps by NemID and NemLog-in.
  • Is money paid to citizens, businesses or authorities (no reimbursement)? If this is the case, would it be advantageous to use NemKonto?
  • Is there communication with citizens, businesses or authorities? If this is the case, should Digital Post be used as a secure method of dispatch?

Description

Already during the preparation of the legislation, the possibility of subsequent control and prevention of fraud and errors should be taken into account. The legislation should be worded so as to permit effective IT application for control purposes, for example by making it possible to control whether case information is correct by means of relevant public registers. At the same time, it should be determined whether legislation opens up new opportunities for fraud and, if so, how the control procedure can be planned to handle these risks - so-called risk-based control. If personal data is processed for control purposes it must take place within the framework of the data protection legislation and with the necessary legal authority.

Control questions

  • Is there legal authority for collecting and processing relevant information from public registers etc. in order to prevent fraud and errors?
  • Are digital solutions used to control or validate case information in relevant public registers prior to payment of public benefits?
  • Has the legislation been worded so that any process requirements do not hinder effective IT application in connection with control?