1. Introduction

Germany^[1] has been on the path to becoming a digital state for more than two decades. In international comparison^[2], by contrast, the Federal Republic is still not considered an eGovernment pioneer. However, the global COVID-19 pandemic has demonstrated that a digital public administration is crucial to master the challenges of the 21st century. In March 2020, the waiting time for administrative appointments in Germany for changes of residence, vehicle registrations or naturalisations etc. increased by weeks and months overnight. This is because both the application for administrative services and their processing by the authorities often still require citizens and public servants to appear in person^[3]. But even in times of crisis, the state must guarantee its citizens effective access to the administration. Consequently, in the summer of 2020, the Federal Government decided to provide additional three billion euros for the digitalisation of the public administration within its Corona stimulus package.^[4]

2. Legal foundations for the digital transformation of public administration

The digital transformation of the German public administration is primarily based on two pieces of laws: the Online Access Act (Onlinezugangsgesetz) and the Single Digital Gateway Regulation (EU) 2018/1724. These laws are intended to provide citizens with digital access to administrative services. They are also directly linked to the Register Modernisation Act (Registermodernisierungsgesetz), which lays the technical foundations for digital public administration (see 4.3.).

2.1. The Online Access Act (Onlinezugangsgesetz)

Since 2017, the Online Access Act has been the main law for the digitalisation of public administration in Germany. It has permanently placed the topic of eGovernment at the top of the political agenda. Section 1 of the Online Access Act (for cited German laws see 6.) obliges the Federal Government and the Länder (federal states)^[5] to offer all their administrative services and benefits also^[6] in digital form via their own administrative portals by the end of 2022. They are therefore digitising thousands of administrative services, summarised in 575 service bundles.^[7]

While the Federal Government is solely responsible for the digitalisation programme Bund (115 service bundles), the two levels of government cooperate in the digitalisation programme Föderal (460 service bundles). To coordinate their cooperation, the Federal Government and the Länder have created the IT Planning Council (IT-Planungsrat).^[8]

2.2. The Single Digital Gateway Regulation (EU) 2018/1724

Together with the Online Access Act, the Federal Government and the Länder must implement the Single Digital Gateway Regulation (EU) 2018/1724. Since 2018, the regulation obliges EU Member States to facilitate access to public administration information, procedures and assistance services for their citizens. For this purpose, the information portal “Your Europe” will be a central gateway to the online services of the EU Member States. But centrepiece of the regulation is, that the EU Member States have to offer 21 selected administrative services digitally across borders by the end of 2023, observing the so-called Once-Only principle (OOP). In this regard, the regulation – a “European Online Access Act” – goes beyond the German law, which does not yet explicitly require Once-Only.

The OOP promises a considerable relief for citizens and businesses, but also raises some concern (see 4.3.). If a public authority needs information that is already available (at another authority), it will in future be able to access it electronically without having to obtain it again from citizens or businesses.^[9] In contrast the public authorities will share the respective information with each other. According to a study by the German National Regulatory Control Council (Nationaler Normenkontrollrat), Once-Only could save citizens 84 million hours and the administration 64 million hours per year in Germany, which would mean a reduction in time and effort of 47% and 60% respectively.^[10]

Therefore, the Single Digital Gateway Regulation (EU) 2018/1724 has important implications for the EU Member States’ administrations. However, it is not the first legislative act with which Brussels has shaped national eGovernment strategies. Particularly noteworthy is Directive 2006/123/EC (the so-called Bolkestein directive), that established Points of Single Contact (PSCs).^[11] PSCs are eGovernment portals that allow service providers to retrieve all the information they need (e.g., to open a business) from a single source (instead of having to deal with different authorities) and complete administrative procedures online.^[12]

3. Current state of the digital transformation of public administration

The timely implementation of the Online Access Act and the Single Digital Gateway Regulation (EU) 2018/1724 can be considered impossible. The digitisation of administrative services is progressing too slowly. Even though the “Dashboard Digital Administration” of the Federal Ministry of the Interior shows that the Federal Government has already implemented 80 of its 115 service bundles and that the Länder could also demonstrate significant successes in the digitalisation of public administration (in particular, the Länder which successfully implemented the PSC lead the way^[13]).^[14] The Federal Court of Audit (Bundesrechnungshof) – an independent control body – has sharply criticised the presentation of the implementation status and accused the Federal Ministry of the Interior of whitewashing.^[15]

In order to address this accusation, it is necessary to establish when an administrative service is considered to be offered digitally. The European Commission has developed a model to measure the online availability of administrative services, which is also used by the Federal Government and the Länder to assess the implementation status of the Online Access Act.^[16] This model comprises five maturity stages (from stage 0 to stage 4):

• Stage-0: No information is available online about the administrative service.
• Stage-1: A description of the administrative service is available online and can be downloaded as a PDF.
• Stage-2: The administrative service can be applied for online. However, the required documents cannot yet be submitted electronically.
• Stage-3: The administrative service, including the required documents, can be completely processed online. The official notification is also delivered digitally.
• Stage-4: Once-only application for the administrative service is possible.

A digital administrative service complies with the Online Access Act as from stage 3 and with the Single Digital Gateway Regulation (EU) 2018/1724 at stage 4. However, the “Dashboard Digital Administration” already classifies a bundle of services as available online if only one of several associated administrative services complies with stage 2 (and it is available in at least one municipality). The responsible Federal Ministry of the Interior has thus refrained from displaying the real number of administrative services implemented in compliance with the law (i.e. those at stage 3 or 4). This distortion of the information basis makes it difficult for science and civil society, but also for political decision-makers, to understand the actual implementation status of administrative digitalisation in Germany. Nevertheless, it can also be seen from the official presentation that full implementation of the Online Access Act is not yet foreseeable.

The same applies to the Single Digital Gateway Regulation (EU) 2018/1724, even it has a much more limited scope (21 administrative services instead of 575 service bundles). Although the Federal Government’s administrative portal is already connected to the “Your Europe” portal, the administrative services are not yet connected. “BaföG Digital” (the state education subsidy in Germany) is the only one administrative service that can be applied for across borders. In addition, the realisation of a Once-Only application for administrative services in Germany is still in its infancy. So far, there is only one pilot project in Bremen, which will allow parents to apply for name determination, birth certificate and child and parental benefits bundled online since 1 July 2022 (Einfach Leistungen für Eltern).^[17]

4. Challenges for the digital transformation of public administration

The delayed implementation of the Online Access Act and the Single Digital Gateway Regulation (EU) 2018/1724 can be attributed to three challenges in particular: federalism, legal fragmentation and register modernisation.

4.1. Federalism

The federal system of government has a long tradition in Germany, which, after the horror of the centralist Nazi state, also found its way into the Basic Law (Grundgesetz) that is still in force today. However, federalism is seen by many not only as a guarantor of political diversity, but also as an obstacle to political reforms.

4.1.1. Division of competences

This criticism is being expressed more and more frequently in connection with the digital transformation of the public administration.^[18] In fact, although the Federal Government has legislative competence for the Online Access Act (Article 91c (5) of the Basic Law), its implementation falls primarily within the competence of the Länder. This is because the federal order attributes administration and the execution of federal laws primarily to the Länder (Article 30, Articles 83 et seqq. of the Basic Law).

4.1.2. The one-for-all-principle (Einer-für-alle-Prinzip)

In order to effectively advance the digital transformation of the public administration despite the divided competences, the Federal Government and the Länder have forged new cooperation models. Federal cooperation according to the so-called one-for-all-principle (Einer-für-alle-Prinzip) is considered ground-breaking: digital administrative services are first developed by one or more federal states and then made available to all other federal states and municipalities for joint or subsequent use (against payment^[19]).^[20] Instead of separately developed online services for the same administrative service, a nationwide uniform online service can be used in this way.

For this purpose, a digital marketplace of the one-for-all-services is in preparation (a beta version is already online).^[21] There, the online services are to be made available as software-as-a-service (SaaS)^[22] and can be shared or reused. This is intended to create a kind of “state app store”. The services cannot be obtained directly from the Federal Government or the Länder, but from the FIT-Store of the “Federal IT Cooperation” (Föderale IT-Kooperation; a joint institution of the Federal Government and the Länder, which supports the IT Planning Council)^[23] or the cooperative “govdigital” (a platform of public IT providers and other public organisations for the exchange and development of online services).

4.1.2.1. Admissibility under German constitutional law: impermissible “mixed” administration (Mischverwaltung)

This cross-level cooperation must be measured against German constitutional law. The digitalisation of the public administration must not lead to an inadmissible third level of government between federal and state level through the creation of new institutions such as the “Federal IT Cooperation”. According to the principle of an autonomous performance of tasks (Grundsatz der eigenverantwortlichen Aufgabenwahrnehmung), the Federation and the Länder themselves must be responsible for the digital transformation of their administration with their own institutions, their own personnel and their own material resources. A “mixed” administration (Mischverwaltung) is only permissible if it is limited to a narrowly defined administrative matter and a justifying objective reason.^[24] The mandate of “Federal IT Cooperation” must therefore be limited to the status quo: a supporting function in the administration and development of federal IT structures and IT standards.

4.1.2.2. Admissibility under data protection law: safeguarding the principle of accountability

Furthermore, the federal cooperation risks to violate applicable European Union law. Above all, the requirements of the General Data Protection Regulation (GDPR) are proving to be a challenge for the digital transformation of the German public administration. A core principle of the GDPR is that the responsible for the processing of personal data must always be clearly identifiable. These so called controller(s) must ensure compliance with the obligations under data protection law (Article 5 (2) and Article 24 of the GDPR), i.e. in particular safeguard the rights of data subjects (Articles 12 et seqq. of the GDPR). Controllership is based on the actual possibilities to influence the purposes and means of data processing (Article 4 (7) (1) of the GDPR).^[25] If only one body is involved in the data processing, it is obvious who is responsible.

However, data processing within one-for-all-services is characterised by a particular diversity of actors: The public authority or alliance of public authorities that developed the service and operates it centrally, as well as the possible thousands of public authorities that use the service. If there is no hierarchy between the public authorities involved that would justify commissioned processing under Article 28 of the GDPR, all authorities are to be regarded as responsible under data protection law.^[26] This is either a case of separate controllers or a case of joint controllership pursuant to Article 26 (1) (1) of the GDPR. The latter will apply if the spheres of responsibility of the public authorities cannot be clearly distinguished from each other. The European Court of Justice has so far interpreted the legal concept of joint controllership very extensively in order to protect data subjects in complex processing constellations.^[27] According to its case law, for example, it is not necessary that all joint controllers have access to the personal data.^[28]

Joint controllership of public authorities raises many legal questions. Each authority is potentially liable to data subjects for data protection breaches by the other authorities (Article 82 (4) of the GDPR). Moreover, the relevant data protection laws overlap. This is because federal and state public authorities must comply with the Federal Data Protection Act (Bundesdatenschutzgesetz) and/or state data protection laws in addition to the GDPR. At the same time, there are seventeen Data Protection Authorities (DPA) for the public sector in Germany.^[29] Which of these is responsible for one-for-all-services had not been regulated by data protection law. The concept of lead supervisory authority does not apply in the public sector (Article 55 (2) of the GDPR).

The Federal Government and the Länder have tried to overcome these legal uncertainties, in particular with administrative agreements (Verwaltungsvereinbarungen) and new laws. In this way, they want to avoid unclear responsibility. However, the legal determination of responsibility must always correspond to the actual possibilities of influencing the purposes and means of data processing. This is why, despite all efforts, data protection-compliant cooperation remains a challenge and at the same time raises the question of how suitable European Union data protection law is for federally organised Member States.

4.1.2.3. Admissibility under public procurement law: safeguarding the principle of competition

In addition to data protection law, the one-for-all-principle also brings public procurement law into play. This ensures that public contracts above the EU thresholds are awarded in competitive, transparent and non-discriminatory procedures. The legal framework for this is provided by the Sections 97 et seqq. of the Competition Act (Gesetz gegen Wettbewerbsbeschränkungen), which are based on European Union law requirements. According to these, the exchange of services between the Federal Government and the Länder against payment also requires a Europe-wide call for tenders, which made it difficult to share or reuse one-for-all-services.

The Federal Government and the Länder have reacted to this problem with the construction of the “Federal IT Cooperation”. This establishes an in-house relationship between the “Federal IT Cooperation” and its executing agencies (the Federal Government and the Länder).^[30] Within the framework of this in-house relationship, the provisions of public procurement law do not apply (Section 108 of the Competition Act). However, it is problematic that the freedom from public procurement law does not apply to municipalities, since they are not among the executing agencies of the “Federal IT Cooperation”. An additional inclusion of about 11,000 municipalities would also hardly be practicable. They are now to be given legally secure access to the one-for-all-services via the cooperative “govdigital”, insofar as they are indirectly or directly executing agencies of the associated public IT providers. Then an exempting in-house relationship also exists.

Whether these in-house solutions will be upheld by the European Court of Justice remains an open question.

4.1.3. Federalism reform as a booster for digitalisation?

The last major federalism reforms in Germany took place in the 2000s. In 2006, the Federal Government and the Länder reorganised their legislative competences. In 2009, they primarily revised their financial relations (and added Article 91c to the Basic Law).

The challenges of the digital transformation have recently raised calls for a new federalism reform. In this way, the one-for-all-principle could be integrated into the Basic Law and the existing legal uncertainties in federal cooperation could be overcome. In the future, the constitution could explicitly say that the Länder can choose one federal state exclusively for the digitalisation of an administrative area.^[31] Such a division of tasks could prevent a stronger centralisation at the federal level and still offer the chance of a more effective and uniform approach. The current Federal Government, however, is only seeking a dialogue between the levels of government and not constitutional amendments,^[32] which is why the discussion on federalism reform remains academic for the time being.

4.2. Legal fragmentation

Another challenge in the digital transformation of the German public administration is the considerable legal fragmentation. This is because the Online Access Act and the Single Digital Gateway Regulation (EU) 2018/1724 are by no means the only legal foundations for the digital public administration. In addition, there are regulations in the administrative procedure laws (Verwaltungsverfahrensgesetze) and eGovernment laws of the Federal Government and the Länder, as well as numerous special laws. The complex legal situation slows down digitalisation projects due to an increased need for review and consultation.

All though the federal state system caused some fragmentation of the law of digital administration – the Federal Government and the Länder have proven that uniform regulations in a federal state are possible. This was achieved by enacting their administrative procedure laws simultaneously and in a coordinated manner. The first digital regulations for the administration therefore applied uniformly throughout Germany because the federal and state legislatures opened up their general administrative law (allgemeines Verwaltungsrecht) uniformly to electronic communication (in particular through Section 3a of the Federal Administrative Procedure Act and the corresponding state regulations) at the turn of the millennium.

However, in the area of eGovernment law, this uniformity is decreasing.^[33] In 2013, the Federal Government enacted its eGovernment Act (previously, such a law had only existed in the federal state of Schleswig-Holstein). The Federal eGovernment Act obliges the public administration, among other things, to open an electronic communication channel (Section 2 (1)) and to keep records electronically (Section 6). It applies to federal authorities and, in part, to state and local authorities that execute federal law (Section 1 (2)).

The eGovernment laws of the Länder apply to state and local authorities. Initially, these eGovernment laws largely corresponded to the Federal eGovernment Act. Over time, however, the law on digital public administration in the Federation and the Länder developed at an increasingly different pace – for example, in the areas of IT security and the use of open source software. In addition, the Bavarian legislature recently chose a completely new regulatory approach, replacing its eGovernment Act in 2022. The new Bavarian Digital Act (Bayerisches Digitalgesetz) not only declares electronic administrative procedures to be the general rule for the first time nationwide (“Digital First”),^[34] but also addresses the digitalisation of the economy and society more broadly. The lack of uniform legislation in eGovernment law makes it difficult to embed new concepts such as Once-Only nationwide in the legal order in a timely manner.

Decisive for the complex legal situation is not only general administrative law but also special administrative law (besonderes Verwaltungsrecht) at federal and state level. This is because in various areas – for example in the education or social sector – there are numerous special laws for electronic administrative procedures. In addition, legal terms are not used uniformly in different sectors. This known problem of relativity of legal terms becomes very urgent when procedures are standardized and digitized. An example is the deviating meaning of “income” in tax or social proceedings. On the one hand, this makes it more difficult to transfer data across public authorities according to the OOP and, on the other hand, forces the public authorities to store data more than once. The National Regulatory Control Council has therefore proposed a cross-procedural linguistic standardisation and modularisation of legal terms.^[35] For the modularisation, the legal terms are to be broken down into their components and designated uniformly. This demand has also been endorsed by the current government coalition. Whether the “Online Access Act 2.0” announced for the end of 2022 will already lead to more legal uniformity is still open.

4.3. Register modernisation

Not only the legal, but also the technical foundations of the digital public administration require standardisation and compatibility. The current fragmented state of public registers hinders online services without media discontinuity (stage 3 of the digital maturity model) as well as the realisation of the OOP (stage 4 of the digital maturity model). A register modernisation is therefore a key condition for the implementation of the Online Access Act and the Single Digital Gateway Regulation (EU) 2018/1724.^[36]

4.3.1. Register landscape in Germany

In Germany, there are over 375 centralised and decentralised public register types and thousands of individual registers.^[37] As a rule, only the register-keeping authorities themselves can access the registers. Cross-authority exchange possibilities are the exception. The registers therefore usually contain all the data necessary for their area of application. This leads to multiple collection of the same data categories (e.g. name, date of birth and address) and to inconsistent data sets for the same person due to different update frequencies and transcription errors.

4.3.2. Unique cross-register identification number

With the Register Modernisation Act (Registermodernisierungsgesetz) passed in 2021, the Federal Government is now pursuing the goal of linking at least the 51 most important register types by 2025 in order to be able to transmit information across registers and guarantee digital administrative services without media discontinuity. For this, many registers have to be digitised for the first time.

The core of the Register Modernisation Act is the Identification Number Act (Identifikationsnummerngesetz). It introduces an additional classification feature into the registers concerned: The tax identification number according to Section 139b of the German Fiscal Code (Abgabenordnung) will become the unique identification number for all registers (Section 1 of the Identification Number Act). The use of the identification number is intended to prevent confusion of individuals, increase data quality and enable Once-Only information gathering and sharing.

However, the introduction of the identification number is extremely controversial. Its critics fear that it paves the way for a panoptic social order in which the state gains ever more comprehensive insights into the lives of its citizens. That is because the introduction of a cross-register identification number simplifies the creation of personality profiles.

4.3.2.1. Admissibility under data protection law: EU Member States’ room for manoeuvre

Despite its high data protection requirements, European Union law does not stand in an insurmountable opposition to a cross-register identification number.^[38] On the contrary, the opening clause^[39] of Article 87 (1) of the GDPR allows EU Member States to determine in more detail under which specific conditions a national identification number or an identifier of general application may be the subject of a processing operation. The prerequisite is that appropriate safeguards for the rights and freedoms of the data subjects accompany the processing (Article 87 (2) of the GDPR).

4.3.2.2. Admissibility under German constitutional law: complying with the population census decision (Volkszählungsurteil)

The identification number must also be permissible under German constitutional law. The fundamental right to informational self-determination,^[40] which the Federal Constitutional Court (Bundesverfassungsgericht) has derived from Article 2 (1) in conjunction with Article 1 (1) of the Basic Law, constitutes the main legal barrier. This fundamental right guarantees individuals to make their own decisions with regard to the disclosure and use of their personal data.^[41] The register modernisation in general and the Identification Number Act in particular interfere with this fundamental right. The mere possibility of linking personal data already causes such a threat to privacy as to be considered an encroachment.^[42] It is therefore irrelevant that individuals can in principle refrain from transmitting their data to public authorities according to the OOP. In any case, he or she cannot avoid the assignment of an identification number without a reason and its implementation in the 51 register types. The tax identification number is assigned to every citizen at birth.

The encroachments on fundamental rights resulting from the Identification Number Act could even be so intensive that they can no longer be justified. The Federal Constitutional Court decided that it constitutes an infringement of fundamental rights to compulsorily register and catalogue the entire personality of a human being.^[43] And in its population census decision (Volkszählungsurteil) that, «the introduction of a uniform personal identification number applicable to all registers and files would, however, be precisely a decisive step towards registering and cataloguing the individual citizen in his or her entire personality».^[44] The cross-register identification number is such a uniform personal identification number ^[45] – a novelty in the German legal system under the Basic Law. This is not contradicted by the fact that it is not initially used in all registers and that the Identification Number Act defines it (contrary to the legislative materials) as a sector-specific identifier (cf. Section 16 (2) (2) (1) (1) of the Identification Number Act). This is because already the register selection under current law enables the creation of comprehensive personality profiles, since it covers essential areas of life. In addition, the federal legislature left the possibility to include the identification number in all registers in the future (cf. Section 16 (2) (2) (1) (2) of the Identification Number Act). While the tax identification number has been deemed constitutional,^[46] its modified use could thus be unconstitutional per se.

The decisive question is whether the absolute prohibition of a uniform personal identification number can be inferred from the cited census decision as sometimes argued in literature.^[47] The argument against this is that the number itself – especially as a so-called non-speaking number – is harmless. Only the concrete possibility of using it to create comprehensive data records on individuals constitutes a threat.^[48] In favour of such a differentiation, it can be argued that the Federal Constitutional Court, in its judgement at the time, determined the conditions of modern data processing as the crucial challenge.^[49] Thus, as early as 1983, the potential danger of new linking possibilities, and not the processing of personal data per se, was the focus of constitutional considerations.

In the light of modern data processing the risks have changed significantly compared to the state of the art of almost 40 years ago. In times of big data analyses and artificial intelligence, a uniform personal identification number is not necessary anymore to screen individuals. Such an identifier merely facilitates profiling.

Consequently, according to the view represented here, the unique cross-register identification number can in principle be compatible with the Basic Law. However, the accompanying encroachments on fundamental rights are only justified if the introduction of the identification number is also proportional, i.e. there must be no equally suitable but milder means. There are considerable doubts about this in jurisprudence.^[50] One argument repeatedly put forward against the necessity of the identification number is, for example, that the Federal Government has not sufficiently examined the “Austrian model”, i.e. the combination of uniform and sector-specific personal identification numbers. The technical, organisational and legal safeguards provided for in the Register Modernisation Act to mitigate the encroachment on fundamental rights must also be examined from a constitutional perspective. Central to this is the “data protection cockpit” (Datenschutzcockpit) incorporated into the Online Access Act by the Register Modernisation Act, which is intended to provide individuals with an overview of the data transfers by public authorities.^[51]

It can be assumed that the Federal Constitutional Court will decide on the constitutionality of the register modernisation. Should the judges in Karlsruhe come to the conclusion that the Identification Number Act is unconstitutional, this would mean a considerable setback for the digital transformation of the public administration in Germany. An unconstitutional register modernisation would delay an implementation of the Online Access Act and the Single Digital Gateway Regulation (EU) 2018/1724. These interdependencies illustrate the mutual impact of the aforementioned laws.

It is therefore to be welcomed that the Federal Government in office since December 2021, consisting of Social Democrats, Greens and Liberals, has committed itself to ensure the register modernisation in conformity with the constitution. However, a corresponding draft legislation is still pending.

5. Conclusion

Federalism, legal fragmentation and register modernisation are significant reasons for the delayed digitalisation of public administration in Germany. However, they are not insurmountable obstacles. Rather, the legislators at the federal and state levels are called upon to remove the existing hurdles. In particular, they must improve federal cooperation and register modernisation in conformity with the (constitutional) law and at the same time harmonise the legal framework of digital public administration more strongly. Otherwise, Germany will remain a state that relies on stamps, files and queues in government buildings instead of becoming digital.

6. Annex: cited German law

6.1. Basic Law (Grundgesetz)^[52]

Article 30 [Sovereign powers of the Länder]

Except as otherwise provided or permitted by this Basic Law, the exercise of state powers and the discharge of state functions is a matter for the Länder.

Article 83 [Execution by the Länder]

The Länder shall execute federal laws in their own right insofar as this Basic Law does not otherwise provide or permit.

Article 91c [Information technology systems]

(1) The Federation and the Länder may cooperate in planning, constructing and operating information technology systems needed to discharge their responsibilities.

(2) The Federation and the Länder may agree to specify the standards and security requirements necessary for exchanges between their information technology systems. Agreements regarding the bases of cooperation under the first sentence may provide, for individual responsibilities determined by their content and scope, that detailed regulations be enacted with the consent of a qualified majority of the Federation and the Länder as laid down in the agreements. They require the consent of the Bundestag and the legislatures of the participating Länder; the right to withdraw from these agreements cannot be precluded. The agreements shall also regulate the sharing of costs.

(3) The Länder may also agree on the joint operation of information technology systems along with the establishment of installations for that purpose.

(4) To link the information networks of the Federation and the Länder, the Federation shall establish a connection network. Details regarding the establishment and the operation of the connection network shall be regulated by a federal law with the consent of the Bundesrat.

(5) Comprehensive access by means of information technology to the administrative services of the Federation and the Länder shall be regulated by a federal law with the consent of the Bundesrat.

6.2. Online Access Act (Onlinezugangsgesetz)^[53]

Section 1 Portal Network for Digital Administrative services

(1) The Federation and the Länder shall be obliged to offer their administrative services digitally via administrative portals by the end of the fifth calendar year following the promulgation of this Act at the latest.

(2) The Federation and the Länder shall be obliged to link their administrative portals to form a portal network.

6.3. Federal eGovernment Act (E-Government-Gesetz Bund)^[54]

Section 1 Scope of application

(1) This Act shall apply to the administrative activities under public law of the federal authorities, including bodies, institutions and foundations under public law which are directly accountable to the Federal Government.

(2) This Act shall further apply to the administrative activities of authorities of the Länder, local authorities, local authority associations and other legal entities under public law which are subject to Land supervision in executing federal law.

(3) This Act shall apply to the activities of court administrations and administrative bodies of the judiciary, including public law entities under their supervision only where such activities are subject to review by the courts of administrative jurisdiction or review by the courts competent in cases concerning the activities of lawyers, patent lawyers and notaries under administrative law.

(4) This Act shall apply insofar as no federal law or regulation contains identical or conflicting provisions.

(5) This Act shall not apply to

1. criminal prosecution or the prosecution of and imposition of punishments for administrative offences, judicial proceedings carried out on behalf of foreign legal authorities in criminal and civil matters, tax and customs investigations (Section 208 of the Federal Fiscal Code) or measures relating to the legal status of the judiciary,

2. proceedings at the German Patent and Trade Mark Office or before its appointed arbitrators,

3. administrative activities pursuant to Book Two of the Social Code.

Section 2 Electronic access to government

(1) Every authority shall be obliged to open up a point of access for the transfer of electronic documents, including such documents provided with a qualified electronic signature.

(2) Every federal authority shall further be obliged to open up electronic access via a De-Mail address in accordance with the De-Mail Act, save where the federal authority concerned has no access to the central IT process provided for the federal administration via which the De-Mail services are provided for Federal authorities.

(3) In administrative procedures in which they are required to establish a person’s identity by virtue of a legal provision or in which they consider identification to be necessary on other grounds, every federal authority shall be obliged to offer an electronic proof of identity pursuant to Section 18 of the Passport Act or pursuant to Section 78 (5) of the Residence Act.

Section 6 Electronic record-keeping

The federal authorities should keep their records in electronic form. The first sentence shall not apply to authorities for whom keeping electronic records is not economical in the long term. Where records are kept in electronic form, appropriate technical and organizational measures are to be undertaken in accordance with the state of the art to ensure that the principles of orderly record-keeping are observed.

6.4. Identification Number Act (Identifikationsnummerngesetz)^[55]

Section 1 Aims of the Act

The identification number under section 139b of the Fiscal Code (identification number) shall be introduced as an additional regulatory feature in the federal and provincial registers resulting from the Annex to this Act in order to

1. Unambiguously allocate data to a natural person in an administrative procedure,

2. Improve the data quality of the data stored on a natural person, and

3. Reduce the need for the data subject to re-submit data already held by public authorities.

Section 16 Evaluation

(1) The Federal Ministry of the Interior, for Building and Community shall report to the German Bundestag on the data processing by the register modernisation authority in the third year after the entry into force of this Act and then every three years thereafter. In this context, reports shall be made in particular on the results of the reviews in accordance with section 8 subsection 4.

(2) The Federal Ministry of the Interior, for Building and Community shall report to the German Bundestag, with the involvement of scientific expertise, in the fifth year after the entry into force of this Act on the effectiveness of the measures contained in this Act for the achievement of the objectives specified in Section 1. The report shall in particular contain recommendations as to whether

1. further, sector-specific identification numbers are introduced for other sectors or a uniform identification number is implemented for all registers, and

2. the procedure according to Section 7 (2) should also be applied within administrative areas.

6.5. Competition Act (Gesetz gegen Wettbewerbsbeschränkungen)^[56]

Section 108 Exceptions for Cooperation with Other Public Authorities

(1) This Part shall not apply to the award of public contracts that are awarded by a public contracting authority within the meaning of Section 99 nos 1 to 3 to a legal person under public or private law where

1. the public contracting authority exercises over the legal person a control similar to that exercised by it over its own departments,

2. more than 80 per cent of the activities of the legal person are carried out in the performance of tasks entrusted to it by the public contracting authority or by other legal persons controlled by that public contracting authority; and

3. there is no direct private capital participation in the legal person with the exception of non-controlling and non-blocking forms of private capital participation that are required by national legislative provisions and that do not exert a decisive influence on the controlled legal person.

(2) The exercise of control within the meaning of subsection (1) no 1 is deemed to exist where the public contracting authority exercises a decisive influence over the strategic objectives and significant decisions of the legal person. Control may also be exercised by another legal person which is itself controlled in the same way by the public contracting authority.

(3) Subsection (1) also applies to the award of public contracts by a controlled legal person, which is at the same time a public contracting authority within the meaning of Section 99 nos 1 to 3, to the controlling public contracting authority or to another legal person controlled by that public contracting authority. It is required that there be no direct private capital participation in the legal person being awarded the public contract. Subsection (1) no 3 second half of the sentence shall apply mutatis mutandis.

(4) This Part shall not apply to the award of public contracts where, although the public contracting authority within the meaning of Section 99 nos 1 to 3 exercises no control within the meaning of subsection (1) no 1 over a legal person under public or private law,

1. the public contracting authority, jointly with other public contracting authorities, exercises over the legal person a control which is similar to that exercised by each of the public contracting authorities over its own departments;

2. more than 80 per cent of the activities of the legal person are carried out in the performance of tasks entrusted to it by the public contracting authorities or by another legal person controlled by those public contracting authorities; and

3. there is no direct private capital participation in the legal person; subsection (1) no 3 second half of the sentence shall apply mutatis mutandis.

(5) Joint control within the meaning of subsection (4) no 1 exists where

1. the decision-making bodies of the controlled legal person are composed of representatives of all participating contracting authorities; an individual representative may represent several or all of the participating public contracting authorities;

2. the contracting authorities are able to jointly exert decisive influence over the strategic objectives and significant decisions of the legal person; and

3. the legal person does not pursue any interests that are contrary to those of the public contracting authorities.

(6) Nor shall this Part apply to contracts concluded between two or more public contracting authorities within the meaning of Section 99 nos 1 to 3 where

1. the contract establishes or implements a cooperation between the participating public contracting authorities to ensure that the public services they have to perform are provided with a view to achieving objectives they have in common;

2. the implementation of the cooperation under no 1 is governed solely by considerations relating to the public interest; and

3. the public contracting authorities perform on the open market less than 20 per cent of the activities concerned by the cooperation under no 1.

(7) For the determination of the percentage under subsection (1) no 2, subsection (4) no 2 and subsection (6) no 3, the average total turnover or an appropriate activity-based measure for the three years preceding the public contract award shall be taken into consideration. An appropriate activity-based measure is, for example, costs incurred by the legal person or the public contracting authority in this period with respect to supplies, works and services. Where turnover, or an appropriate alternative activity-based measure such as costs, is either not available for the preceding three years or no longer meaningful, it shall be sufficient to show, particularly by means of business projections, that the measurement of activity is credible.

(8) Subsections (1) to (7) shall apply mutatis mutandis to sector contracting entities within the meaning of Section 100(1) no 1 for the award of public contracts and to concession grantors within the meaning of Section 101(1) nos 1 and 2 for the award of concessions.

1. The Author thanks Jonas Bohle for his valuable suggestions. ↑
2. European Commission, Digital Economy and Society Index 2022, Germany, Brussels, 2022, 15; United Nations, Department of Economic and Social Affairs, E-Government Survey 2020, Digital Government in the Decade of Action for Sustainable Development, New York, 2020, 51. ↑
3. I. Mergel, Digital Transformation of the German State, in S. Kuhlmann, I. Proeller, D, Schimanke, J. Ziekow (eds.), Public Administration in Germany, London, 2021, 331, 335. ↑
4. S. E. Schulz, Der elektronische Zugang zur Verwaltung, in RDi, 2021, 377, 378. ↑
5. The Online Access Act does not explicitly address the municipalities. They are part of the Länder in terms of German constitutional law (see Bundesverfassungsgericht, judgement 27 May 1992, BVerfGE 86, 148, 215). Nevertheless, the municipalities have their own self-administration and act autonomously within these limits. ↑
6. Due to the multi-channel concept, the administrative services will not only be available online. See J. Ziekow, Administrative Procedures and Processes, in S. Kuhlmann, I. Proeller, D. Schimanke, J. Ziekow (eds.), Public Administration in Germany, London, 2021, 163, 168. ↑
7. A service bundle consists of up to several hundred separate administrative services that are thematically interrelated from the citizens’ point of view. ↑
8. I. Mergel, Digital Transformation of the German State, in S. Kuhlmann, I. Proeller, D, Schimanke, J. Ziekow (eds.), Public Administration in Germany, London, 2021, 331, 334. More information on the IT Planning Council can be found at https://www.it-planungsrat.de/en/(accessed 21 November 2022). ↑
9. C. Schmidt, R. Krimmer, T. J. Lampoltshammer, “When need becomes necessity” – The Single Digital Gateway Regulation and the Once-Only Principle from a European Point of View, in H. Roßnagel, C. H. Schunck, S. Mödersheim (eds.), Open Identity Summit 2021, Bonn, 2021, 223. ↑
10. Nationaler Normenkontrollrat, Mehr Leistung für Bürger und Unternehmen: Verwaltung digitalisieren. Register modernisieren., Berlin, 2017, 55. ↑
11. T. Siegel, IT im Grundgesetz, in NVwZ, 2009, 1128. ↑
12. In Germany, there is one PSC (Einheitlicher Ansprechpartner) per federal state. ↑
13. S. Ehneß, OZG ist ein Prüfstein für die EA-Infrastruktur, in eGovernment Computing, https://www.egovernment-computing.de/ozg-ist-ein-pruefstein-fuer-die-ea-infrastruktur-a-1108284/ (accessed 21 November 2022). ↑
14. https://dashboard.ozg-umsetzung.de/ (accessed 21 November 2022). ↑
15. Bundesrechnungshof, Ergänzungsband zu den Bemerkungen 2021, Bemerkung Nr. 43, Verwaltungsdigitalisierung: BMI beschönigt Fortschritt, 2022. ↑
16. https://www.onlinezugangsgesetz.de/Webs/OZG/DE/grundlagen/info-ozg/info-reifegradmodell/info-reifegradmodell-node.html (accessed 21 November 2022). ↑
17. More information on the pilot project can be found at https://onlinedienste.bremen.de/Onlinedienste/Service/Entry/ELFE (accessed 21 November 2022). ↑
18. M. Rackwitz, T. Hustedt, G. Hammerschmid, Digital transformation: from hierarchy to network-based collaboration? The case of the German “Online Access Act”, in dms – der moderne staat, 2021, 101, 102. ↑
19. While the development costs for one-for-all-services can be completely covered by funds from the Federal Government’s Corona stimulus package, there are costs for ongoing operation and enhancement. ↑
20. J. Botta, „Digital First“ und „Digital Only“ in der öffentlichen Verwaltung, in NVwZ, 2022, 1247. ↑
21. https://mp.govdigital.de/(accessed 21 November 2022). ↑
22. SaaS is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. ↑
23. The Federal IT Cooperation provides organisational and strategic support to the IT Planning Council and its bodies. For example, it takes over the operational implementation management for selected projects and develops a federal IT architecture (see I. Mergel, Digital Transformation of the German State, in S. Kuhlmann, I. Proeller, D, Schimanke, J. Ziekow (eds.), Public Administration in Germany, London, 2021, 331, 334 et seq.). It is an institution under public law (Anstalt des öffentlichen Rechts) and therefore an independent legal entity. ↑
24. Bundesverfassungsgericht, judgment 12 January 1983, BVerfGE 63, 1, 41; judgment 20 December 2007, BVerfGE 119, 331, 367. ↑
25. C. Böllhoff, J. Botta, Das datenschutzrechtliche Verantwortlichkeitsprinzip als Herausforderung für die Verwaltungsdigitalisierung, in NVwZ, 2021, 425, 426. ↑
26. Cf. Article 29 Working Party, Opinion 1/2010 on the concepts of “controller” and “processor”, WP 169, 23. ↑
27. Court of Justice, judgment 5 June 2018, C-210/16, Wirtschaftsakademie Schleswig-Holstein, ECLI:EU:C:2018:388, paras. 25 et seqq.; judgment 10 July 2018, C-25/17, Jehovan todistajat, ECLI:EU:C:2018:551, paras. 63 et seqq.; judgment 29 July 2019, C-40/17, Fashion ID, ECLI:EU:C:2019:629, paras. 64 et seqq. ↑
28. Court of Justice, judgment 5 June 2018, C-210/16, Wirtschaftsakademie Schleswig-Holstein, ECLI:EU:C:2018:388, para. 38. ↑
29. The federation and all federal states have their own state data protection laws and corresponding DPA. See M. Martini, J. Botta, Reform der Datenschutzaufsicht: Optionen und Grenzen einer Zentralisierung, in DÖV, 2022, 605 et seqq. ↑
30. S. E. Schulz, Der FIT-Store: Die Nachnutzung von Online-Diensten als Ausnahme vom Vergaberecht, in VergabeR, 2021, 544, 546. ↑
31. Cf. H. Hofmann, Perspektiven einer Staatsmodernisierung, in ZG, 2022, 249, 265. ↑
32. SPD, Grüne, FDP, Koalitionsvertrag 2021 – 2025, Berlin, 2021, 11. ↑
33. A. Guckelberger, E-Government: Ein Paradigmenwechsel in Verwaltung und Verwaltungsrecht?, in VVDStRL 78, 2019, 235, 279 et seqq. ↑
34. J. Botta, „Digital First“ und „Digital Only“ in der öffentlichen Verwaltung, in NVwZ, 2022, 1247, 1248. ↑
35. Nationaler Normenkontrollrat, Digitale Verwaltung braucht digitaltaugliches Recht, Der modulare Einkommensbegriff, Berlin, 2021, 92 et seqq. ↑
36. E. Peuker, Registermodernisierung und Datenschutz, in NVwZ, 2021, 1167, 1168. ↑
37. The (inconsistently defined) term “register” primarily covers all (electronic) databases that contain information required for an administrative procedure or that are to be used for official statistics. ↑
38. It should be noted, that the Single Digital Gateway Regulation (EU) 2018/1724 is silent on the use of an identification number. The European Commission’s proposal for a Regulation amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity, by contrast, includes a unique and persistent identifier (COM(2021) 281 final, 27). However, the European Commission has moved away from this approach. ↑
39. For further information on the role of opening clauses in European Union data protection law, see E. Mišćenić, A.-L. Hoffmann, The Role of opening clauses in harmonization of EU Law: example of the EU’s General Data Protection Regulation (GDPR), in EU and comparative law issues and challenges series, 2020, Issue 4, 44 et seqq. ↑
40. See G. Hornung, C. Schnabel, Data protection in Germany I: The population census decisionand the right to informational self-determination, in Computer Law & Security Report 25 (2009), 84 et seqq. ↑
41. Bundesverfassungsgericht, judgment 15 December 1983, BVerfGE 65, 1, 43. ↑
42. Bundesverfassungsgericht, judgment 15 December 1983, BVerfGE 65, 1, 45. ↑
43. Bundesverfassungsgericht, judgment 16 July 1969, BVerfGE 27, 1, 6. ↑
44. Translated from the German original quote «die Einführung eines einheitlichen, für alle Register und Dateien geltenden Personenkennzeichens […] wäre aber gerade ein entscheidender Schritt, den einzelnen Bürger in seiner ganzen Persönlichkeit zu registrieren und zu katalogisieren». See Bundesverfassungsgericht, judgment 15 December 1983, BVerfGE 65, 1, 57. ↑
45. C. Sorge, J. von Lucke, I. Spiecker gen. Döhmann, Registermodernisierung, 2021, 14 et seq. ↑
46. Bundesfinanzhof, judgment 18 January 2012, II R 49/10, BeckRS, 2012, 94274, para. 46. ↑
47. M. Kleinert, M. Kuhn, C. Otte, R. Will, Stellungnahme zum Referentenentwurf eines Gesetzes zur Einführung einer Identifikationsnummer in die öffentliche Verwaltung und zur Änderung weiterer Gesetze (Registermodernisierungsgesetz), in vorgänge. Zeitschrift für Bürgerrechte und Gesellschaftspolitik, 2020, Issue 230, 125, 130 et seqq. ↑
48. M. Martini, D. Wagner, M. Wenzel, Rechtliche Grenzen einer Personen- bzw. Unternehmenskennziffer in staatlichen Registern, Speyer, 2017, 31 et seq. ↑
49. Bundesverfassungsgericht, judgment 15 December 1983, BVerfGE 65, 1, 42 et seqq. ↑
50. M. Kleinert, M. Kuhn, C. Otte, R. Will, Stellungnahme zum Referentenentwurf eines Gesetzes zur Einführung einer Identifikationsnummer in die öffentliche Verwaltung und zur Änderung weiterer Gesetze (Registermodernisierungsgesetz), in vorgänge. Zeitschrift für Bürgerrechte und Gesellschaftspolitik, 2020, Issue 230, 125, 129 et seq.; C. Sorge, J. von Lucke, I. Spiecker gen. Döhmann, Registermodernisierung, 2021, 16 et seq. ↑
51. See J. Botta, Der digitale Staat als gläserner Staat, Transparenz als Bedingung verfassungskonformer Registermodernisierung, in S. Kuhlmann, F. De Gregorio, M. Fertmann, H. Ofterdinger, A. Sefkow (eds.), Opazität oder Transparenz?, Baden-Baden, 2023, 27, 39 et seqq. (forthcoming). ↑
52. https://www.gesetze-im-internet.de/englisch_gg/ (accessed 21 November 2022). ↑
53. Translated by the author. ↑
54. https://www.gesetze-im-internet.de/englisch_egovg/index.html (accessed 21 November 2022). ↑
55. Translated by the author. ↑
56. https://www.gesetze-im-internet.de/englisch_gwb/englisch_gwb.html (accessed 21 November 2022). ↑