Regulation (EU) 2024/903 of the European Parliament and of the Council of 13 Marc... (32024R0903)
EU - Rechtsakte: 13 Industrial policy and internal market
2024/903
22.3.2024

REGULATION (EU) 2024/903 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

of 13 March 2024

laying down measures for a high level of public sector interoperability across the Union (Interoperable Europe Act)

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 172 thereof,
Having regard to the proposal from the European Commission,
After transmission of the draft legislative act to the national parliaments,
Having regard to the opinion of the European Economic and Social Committee (1),
Having regard to the opinion of the Committee of the Regions (2),
Acting in accordance with the ordinary legislative procedure (3),
Whereas:
(1) It is necessary to strengthen the development of the cross-border interoperability of network and information systems which are used to provide or manage public services in the Union, in order to allow public administrations in the Union to cooperate and make public services function across borders. The existing informal cooperation should be replaced by a clear legal framework to enable interoperability across different administrative levels and sectors and to facilitate seamless cross-border data flows for truly European digital services that strengthen the internal market while respecting the principle of subsidiarity. Public sector interoperability has an important impact on the right to free movement of goods, persons, services and capital laid down in the Treaties, as burdensome administrative procedures can create significant obstacles, especially for small and medium-sized enterprises (SMEs).
(2) Cooperation with regard to cross-border interoperability between public sector bodies can address common challenges, in particular in the border regions, and can ensure seamless cross-border data flows.
(3) The Union and Member States have been working for more than two decades to support the modernisation of public administrations through digital transformation and to foster the deep interconnections needed for a truly European digital space. In its communication of 9 March 2021 entitled ‘2030 Digital Compass: the European way for the Digital Decade’, the Commission underlined the need to speed up the digitalisation of public services by 2030, including by ensuring interoperability across all levels of administration and across public services. Moreover, Decision (EU) 2022/2481 of the European Parliament and of the Council (4) sets a clear target of 100 % online accessible provision of key public services by 2030. Furthermore, the COVID-19 pandemic increased the speed of digitalisation, pushing public administrations to adapt to the online paradigm, including for cross-border digital public services, as well as for the smarter and greener use of technologies in accordance with the climate and energy targets set in the European Green Deal and in Regulation (EU) 2021/1119 of the European Parliament and of the Council (5). This Regulation aims to significantly contribute to those Union objectives by creating a structured cooperation framework on cross-border interoperability among Member States and between the Commission and Member States to support the setup of digital public services, helping to reduce costs and save time for citizens, businesses and the public sector.
(4) In the pursuit of enhancing cross-border interoperability in the Union, it is imperative to underscore that interoperability, while of the utmost importance, does not ensure, in isolation, the accessibility and seamlessness of trans-European digital public services. A comprehensive and sustainable ecosystem of digital infrastructures, with adequate financial support, is equally important to achieving the objectives set out in Decision (EU) 2022/2481. In line with the communication of the Commission of 30 June 2021 entitled ‘A long-term Vision for the EU’s Rural Areas – Towards stronger, connected, resilient and prosperous rural areas by 2040’, particular attention should be paid to extending connectivity to rural and remote areas within the Union, areas affected by industrial transition, and regions which suffer from severe and permanent natural or demographic handicaps such as islands, cross-border and mountain regions, ensuring that the benefits of digital transformation align with and support established Union initiatives for enhanced regional inclusivity and connectivity.
(5) The development of cross-border interoperability for trans-European digital public services set out in this Regulation should take into account legal interoperability. As a catalyst for the development of organisational, semantic and technical interoperability, legal interoperability facilitates reaping the benefits of cross-border interoperability generally, including swift access for citizens and businesses to information, faster procedures and services and the reduction of administrative obstacles. Furthermore, as the language barrier is one of the obstacles to interoperability, to the reuse of solutions and to the establishment of cross border services, semantic interoperability is key to facilitating effective communication in diverse multi-linguistic environments, including at regional and local level.
(6) Trans-European digital public services are digital services provided by Union entities or public sector bodies to one another or to natural or legal persons in the Union, and requiring interaction across Member State borders, among Union entities or between Union entities and public sector bodies, by means of their network and information systems. Trans-European digital public services should include, inter alia, the key public services as defined in Decision (EU) 2022/2481, covering essential services that are relevant for major life events for natural persons, such as finding a job or studies, and for legal persons in their professional life-cycle. Key public services with trans-European relevance are intended to give rise to major benefits for citizens where they become interoperable across borders. Examples of trans-European digital public services are services that, by means of cross-border exchanges of data, allow for the mutual recognition of academic diplomas or professional qualifications, exchanges of vehicle data for road safety, access to social security and health data, including pandemic and vaccination certificates, access to single window systems, the exchange of information related to taxation, customs, public tender accreditation, digital driving licenses or commercial registers, and in general all those services that implement the ‘once-only’ principle to access and exchange cross-border data.
(7) Without prejudice to the competence of the Member States to define what constitutes public services, Union entities and public sector bodies are encouraged to reflect on user needs and accessibility in the design and development of such services, in line with the European Declaration of 15 December 2022 on Digital Rights and Principles for the Digital Decade (6). Also, Union entities and public sector bodies are encouraged to ensure that people with disabilities, older people and other vulnerable groups are able to use public services at service levels comparable to those provided to other citizens.
(8) A new governance structure, with the Interoperable Europe Board (the ‘Board’) at its centre, should be established and should have a legal mandate to drive, together with the Commission, the further development of cross-border interoperability in the Union, including the European Interoperability Framework (EIF) and other common legal, organisational, semantic and technical interoperability solutions, such as specifications and applications. Furthermore, this Regulation should establish a clear and easily recognisable label for certain interoperability solutions (Interoperable Europe solutions). The creation of a vibrant community around open government technology solutions should be fostered.
(9) Regional and local authorities will play an active role in the development of interoperability solutions. They should also seek to involve SMEs, research and educational organisations and civil society and share the outcome of such exchanges.
(10) It is in the interests of a coherent approach to public sector interoperability in the Union and of supporting the principle of good administration and the free movement of personal and non-personal data within the Union to align the rules as far as possible for all Union entities and public sector bodies that set binding requirements for trans-European digital public services, and thus affect the ability of those entities and bodies to share data through their network and information systems. That objective includes the Commission and other Union entities, as well as public sector bodies in the Member States across all levels of administration: national, regional and local. Union entities play an important role in collecting regulatory reporting data from Member States. Therefore, the interoperability of such data should also fall within the scope of this Regulation.
(11) The fundamental right to the protection of personal data is safeguarded, in particular, by Regulations (EU) 2016/679 (7) and (EU) 2018/1725 (8) of the European Parliament and of the Council. Directive 2002/58/EC of the European Parliament and of the Council (9) protects, in addition, private life and the confidentiality of communications, including by way of conditions for any personal and non-personal data storing in, and access from, terminal equipment. Those Union legislative acts provide the basis for sustainable and responsible data processing, including where datasets include a mix of personal and non-personal data. This Regulation complements and is without prejudice to Union law on the protection of personal data and privacy, in particular Regulations (EU) 2016/679 and (EU) No 2018/1725 and Directive 2002/58/EC. No provision of this Regulation should be applied or interpreted in such a way as to diminish or limit the right to the protection of personal data or the right to privacy and confidentiality of communications.
(12) Cross-border interoperability is not solely enabled by means of centralised digital infrastructures in the Member States, but also by means of a decentralised approach. This entails the need for trust between public administrations, allowing for data exchange between local administrations in different Member States without necessarily going through national nodes. Therefore, it is necessary to develop common interoperability solutions that are reusable across all administrative levels. Interoperability solutions encompass different forms ranging from higher-level tools like conceptual frameworks and guidelines to more technical solutions such as reference architectures, technical specifications or standards. Moreover, concrete services and applications, as well as documented technical components such as source code, including artefacts and artificial intelligence models can be interoperability solutions, if they address legal, organisational, semantic, or technical aspects of cross-border interoperability. Needs for cross-border digital interactions are increasing, which requires solutions that can fulfil those needs. This Regulation intends to facilitate and encourage exchanges at all levels of administration, overcoming cross-border barriers and administrative burdens, thereby increasing the efficiency of public services across the Union.
(13) Interoperability facilitates the successful implementation of policies, in particular those with a strong public sector connection, such as justice and home affairs, taxation and customs, transport, energy, health, agriculture, and employment, as well as in business and industry regulation. However, a single sector interoperability perspective is associated with the risk that the adoption of different or incompatible solutions at national or sectoral levels will give rise to new electronic barriers that impede the proper functioning of the internal market and the associated freedoms of movement. Furthermore, it risks undermining the openness and competitiveness of markets and the delivery of services of general interest to citizens and business. Therefore, this Regulation should also facilitate, encourage and apply to cross-sector interoperability, thereby supporting the removal of barriers, incompatibilities and the fragmentation of digital public services.
(14) In order to eliminate fragmentation in the interoperability landscape in the Union, a common understanding of interoperability in the Union and a holistic approach to interoperability solutions should be promoted. A structured cooperation should support measures promoting a digital-ready and interoperability-by-design policy set-up. Furthermore, it should promote the efficient management and use of digital service infrastructures and their respective components by Union entities and public sector bodies that permit the establishment and operation of sustainable and efficient public services, with the aim of ensuring accessibility up to the lowest administrative division.
(15) Union entities and public sector bodies can introduce binding requirements for trans-European digital public services. To ensure that such services are able to exchange data cross-border, a mechanism should be established to allow for the discovery of legal, organisational, semantic and technical barriers to cross-border interoperability (interoperability assessment). That mechanism should ensure adequate consideration of cross-border interoperability aspects in all decisions that can have an effect on the design of such services.
(16) To set up binding requirements for trans-European digital public services, it is important to focus on the interoperability aspect as early as possible in the policymaking process following the digital-by-default principle and interoperability-by-design approach. Therefore, a Union entity or public sector body that intends to set binding requirements for one or more trans-European digital public services that have an effect on cross-border interoperability, for example in the course of the digitalisation of key public services as referred to in Decision (EU) 2022/2481, should carry out an interoperability assessment. To ensure the effectiveness and efficiency of this task, a Member State can decide on the internal resources and the collaboration between its public sector bodies necessary to support carrying out those interoperability assessments.
(17) An interoperability assessment is necessary to understand the magnitude of the impact of the planned requirements and to propose measures to reap the benefits and address the potential costs. In situations in which an interoperability assessment is not mandatory, the Union entity or public sector body should be able to carry out the interoperability assessment on a voluntary basis. This Regulation therefore fosters interoperability in general.
(18) Binding requirements include any obligations, prohibitions, conditions, criteria, or limits of a legal, organisational, semantic or technical nature within a law, regulation, administrative provision, contract, call for tender, or other official document. Binding requirements affect how trans-European digital public services and their networks and information systems used for their provision are designed, procured, developed and implemented, thereby influencing the inbound or outbound data flows of those services. However, tasks such as evolutive maintenance that do not introduce substantive change, security or technical updates, or the simple procurement of standard information and communication technologies (ICT) equipment do not usually affect the cross-border interoperability of trans-European digital public services, and do not therefore give rise to a mandatory interoperability assessment within the meaning of this Regulation.
(19) The approach to conducting interoperability assessments should be proportionate and differentiated in accordance with the level and scope at which they are undertaken. In some circumstances, it can be reasonable and economical for the subject of an interoperability assessment to be broader than a single project, including where public sector bodies intend to establish a common application or processing platform. In such cases, the interoperability assessment should be strongly encouraged to go beyond the achievement of the Interoperable Europe objectives towards the full implementation of interoperability. Similarly, the requirements for interoperability assessments conducted at the level of single project implementation, such as in a local authority, should be pragmatic and allow for a narrow focus, taking into account the fact that the wider benefits of interoperability assessments are generally harvested at the early stages of policy design and the development of reference architecture, specifications and standards. Where the Board adopts guidelines on the content of the interoperability assessment, it should take into account, inter alia, the capacity of regional and local public sector bodies and avoid excessive administrative burden.
(20) In the process of consulting those directly affected or their representatives, the Union entity or public sector body should be able to make use of established consultation practices and current data.
(21) The interoperability assessment should evaluate the effects of the planned binding requirements for trans-European digital public services on cross-border interoperability, for example, having regard to the origin, nature, particularity and scale of those effects. The outcome of that assessment should be taken into account when determining the appropriate measures that need to be taken in order to set up or modify the binding requirements for trans-European digital public services.
(22) The Union entity or public sector body should publish a report on the outcome of the interoperability assessment in a public location designated by the national competent authorities or the interoperability coordinators for Union entities, at least on an official website in a machine-readable format. Publication of the report should not compromise intellectual property rights or trade secrets, and should be restricted where justified on the grounds of public order or security. Union law governing the protection of personal data should be complied with. The Union entity or public sector body should share the outcome of the interoperability assessment electronically with the Board. On that basis, the Board should analyse and provide proposals for improving the cross-border interoperability of trans-European digital public services. The Board’s proposals should be published on the Interoperable Europe portal.
(23) A common checklist for interoperability assessment reports is needed to facilitate the tasks of Union entities and public sector bodies of carrying out those assessments and to enable the Board to draw up recommendations based on their outcomes in order to improve cross-border interoperability. Accordingly, the report representing the outcome of the interoperability assessment process should summarise the effects of the assessed requirement on the legal, organisational, semantic, technical and governance dimensions of cross-border interoperability, along with the type of Interoperable Europe solution used to tackle such effects and the remaining barriers that are not yet tackled. The use of that common checklist should be further explained by guidelines adopted by the Board.
(24) The Commission should provide user-friendly means by which to address and transmit the outcome of the assessments, including in a machine-readable format. An online tool for interoperability assessment reports should serve the purpose of providing a simple and user-friendly interface to produce and publish such reports. A standardised output of reporting in a machine-readable format could be used for monitoring purposes. Such a tool should also facilitate automated translation and should be integrated in the Interoperable Europe portal. To foster interoperability and seamless integration, the online tool should also adopt and comply with an open data model derived from the common checklist for interoperability assessment reports. The provision of an application programming interface is crucial, allowing the integration of the tool into existing reporting platforms, thereby maximising utility and efficiency for all stakeholders. While the use of the online tool should be voluntary, by submitting the necessary data and by allowing for its publication on the Interoperable Europe portal, the obligation of a Union entity or a public sector body to publish a report presenting the outcome of the interoperability assessment in a public location should be considered to be fulfilled.
(25) Union entities or public sector bodies that search for interoperability solutions should be able to request from other Union entities or public sector bodies the interoperability solutions those bodies or entities use such as good practices, specifications, and software code, together with the related documentation. Sharing should become a default. In addition, Union entities or public sector bodies should seek to develop new interoperability solutions or to further develop existing interoperability solutions. When doing so, they should prioritise solutions that do not carry restrictive licensing terms where such solutions are equivalent. Nevertheless, sharing interoperability solutions should not be understood as a requirement for Union entities and public sector bodies to give up their intellectual property rights.
(26) Where public administrations share their solutions with other public administrations or the public, they are acting in the public interest. This is even more relevant for innovative technologies. For instance, open code makes algorithms transparent and allows for independent audits and reproducible building blocks. The sharing of interoperability solutions among public administrations should set the conditions for the achievement of an open ecosystem of digital technologies for the public sector that can produce multiple benefits.
(27) When monitoring the coherence of the recommended interoperability solutions and proposing measures to ensure their compatibility with existing solutions that share a common purpose, the Board should take into account the obsolescence of solutions.
(28) The EIF should ensure coherence and be recognised as the single point of reference for the Union’s approach to interoperability in the public service sector. In addition, specialised interoperability frameworks can address the needs of specific sectors, domains or administrative levels. Those frameworks, which are of a non-binding nature, should further promote the implementation of interoperability solutions and the interoperability-by-design approach.
(29) The EIF should, inter alia, promote the principle of multilingualism in the public sector.
(30) The EIF should be developed by the Board. The Board should be composed of one representative from each Member State and one representative of the Commission. The Member States, together with the Commission, are thus at the centre of the development and implementation of the EIF. The Board should update the EIF where necessary.
(31) The specialised interoperability frameworks issued to complement the EIF should take into account and not prejudice the existing sector-specific frameworks developed at Union level, such as in the health sector.
(32) Interoperability is directly connected with and dependent on the use of open specifications and standards. Therefore, the Union public sector should be allowed to agree on cross-cutting open specifications and other solutions to promote interoperability. The new framework should provide for a clear process on the establishment and promotion of recommended interoperability solutions in the future, bearing the label ‘Interoperable Europe solution’. This way, the public sector will have a more coordinated voice to channel public sector needs and public values into broader discussions. The Board should agree upon the general criteria which interoperability solutions are to meet. The Board should be able to withdraw its recommendations. Where the Board withdraws its recommendations, the ‘Interoperable Europe solution’ label should be removed from the relevant interoperability solutions and those interoperability solutions could, if necessary, be deleted from the Interoperable Europe portal.
(33) Many interoperability specifications used by the public sector could be derived from existing Union law. Therefore, it is necessary to establish a link between all specifications for trans-European digital public services that are mandatory pursuant to Union law. It is not always easy for implementing authorities to find the requirements in the most recent and machine-readable format. A single point of entry in the form of the Interoperable Europe portal and clear rules on the metadata of the information relating to such requirements are intended to help public sector bodies to ensure their digital service infrastructures complies with existing and future rules.
(34) The Interoperable Europe portal should be developed on the basis of existing initiatives and should be established as an easily accessible point of reference for interoperability solutions, assessments, knowledge and community. The Interoperable Europe portal should be established as a link to official sources and should be open to input from the Interoperable Europe Community established by this Regulation.
(35) The Interoperable Europe portal should make publicly available and findable interoperability solutions that follow the EIF principles of openness, accessibility, technical neutrality, reusability, security and privacy. There should be a clear distinction between Interoperable Europe solutions, which are recommended by the Board, and other interoperability solutions, such as those shared proactively for reuse by public administrations, those linked to Union policies and relevant solutions from national portals. Use cases in the Interoperable Europe portal should be searchable by country or by the type of public service that they support. The Board should be consulted on how solutions are to be categorised on the Interoperable Europe portal.
(36) As open source enables users to actively assess and inspect the interoperability and security of solutions, it is important that open source supports the implementation of interoperability solutions. In that context, the use of open source licences should be promoted to enhance legal clarity and the mutual recognition of licences in the Member States. With the European Union Public Licence (EUPL), the Commission already provides a solution for such licencing. Member States’ portals collecting open source solutions that are linked with the Interoperable Europe portal should allow for the use of EUPL, while not excluding the possibility that such portals can allow the use of other open source licences.
(37) The Union’s public services that are delivered or managed electronically currently often depend on non-Union providers. It is in the Union’s strategic interest to ensure that it retains and develops essential technological capacities to secure its Digital Single Market and, in particular, to ensure service delivery, protect critical network and information systems, and to provide key public services. The Interoperable Europe support measures should help public administrations to evolve and be capable of incorporating new challenges and new areas in cross-border contexts. Interoperability is a condition for avoiding technological lock-in, enabling technical developments, and fostering innovation, which should boost the global competitiveness, resilience and open strategic autonomy of the Union.
(38) It is necessary to establish a governance mechanism to facilitate the implementation of Union policies in a way that ensures interoperability. That mechanism should focus on the interoperable digital implementation of policies once they have been adopted in the form of legal acts and should serve to develop interoperability solutions on a needs-driven basis. The mechanism should support public sector bodies. Policy implementation support projects to support public sector bodies should be proposed by the Board to the Commission who should decide whether to set up the support projects, with due regard to the potential need for non- authoritative, machine-executable versions of the policy, such as reference implementation models or code, reusable at all levels of administration.
(39) All levels of administration should cooperate with innovative organisations, including companies and not-for-profit entities, in design, development and operation of public services. Supporting GovTech cooperation between public sector bodies, research and educational institutions, start-ups and innovative SMEs, and civil society organisations (CivicTech), is an effective means of supporting public sector innovation, flexibility and promoting use of interoperability tools across the private and public sectors. Supporting an open GovTech ecosystem in the Union that brings together public and private actors across borders and involves different levels of administration should allow the development of innovative initiatives with regard to the design and deployment of GovTech interoperability solutions.
(40) Identifying shared innovation needs and priorities and focusing common GovTech and experimentation efforts across borders would help Union public sector bodies to share risks, lessons learnt, and results of innovation measures. Those activities will tap in particular into the Union’s rich reservoir of technology start-ups and SMEs. Successful GovTech projects and innovation measures piloted by Interoperable Europe innovation measures should help scale up GovTech tools and interoperability solutions for reuse.
(41) Interoperable Europe support measures could benefit from safe spaces for experimentation, while ensuring responsible innovation and integration of appropriate risk mitigation measures and safeguards. To ensure a legal framework that is innovation-friendly, future-proof and resilient to disruption, it should be made possible to run such projects in interoperability regulatory sandboxes. Interoperability regulatory sandboxes should consist of controlled test environments that facilitate the development and testing of innovative solutions before such solutions are integrated in the network and information systems of the public sector. The establishment of interoperability regulatory sandboxes should aim to foster interoperability through innovative solutions by establishing a controlled experimentation and testing environment with a view to ensuring the alignment of those solutions with this Regulation and other relevant Union and national law, to enhance legal certainty for innovators and the competent authorities and to increase the understanding of the opportunities, emerging risks and the impact of the new solutions. To ensure uniform implementation across the Union and to achieve economies of scale, it is appropriate to establish common rules for the implementation of the interoperability regulatory sandboxes. The European Data Protection Supervisor has the power to impose administrative fines on Union entities in the context of interoperability regulatory sandboxes, in accordance with Article 58(2), point (i), of Regulation (EU) 2018/1725.
(42) It is necessary to provide rules for the use of personal data collected for other purposes in order to develop certain interoperability solutions in the public interest within the Interoperability regulatory sandbox, in accordance with Article 6(4) of Regulation (EU) 2016/679 and Article 5 of Regulation (EU) 2018/1725 and without prejudice to Article 4(2) of Directive (EU) 2016/680 of the European Parliament and of the Council (10). All other obligations of data controllers and rights of data subjects under Regulations (EU) 2016/679 and (EU) No 2018/1725 and Directive (EU) 2016/680 remain applicable. In particular, this Regulation does not provide a legal basis in the meaning of Article 22(2), point (b), of Regulation (EU) 2016/679 or Article 24(2), point (b), of Regulation (EU) 2018/1725. This Regulation aims to provide only for the processing of personal data in the context of the Interoperability regulatory sandbox. Any other processing of personal data falling within the scope of this Regulation would require a separate legal basis.
(43) In order to increase transparency of the processing of personal data by Union entities and public sector bodies, the Interoperable Europe portal should provide access to information on the processing of personal data in the context of Interoperability regulatory sandboxes, in accordance with Regulations (EU) 2016/679 and (EU) No 2018/1725.
(44) It is necessary to enhance a good understanding of interoperability issues, especially among public sector employees. Continuing training is key in this respect and cooperation and coordination on the topic should be encouraged. Beyond training on Interoperable Europe solutions, all initiatives should, where appropriate, build on, or be accompanied by, the sharing of experience and solutions and the exchange and promotion of best practices. To that end, the Commission should develop training courses and training materials, and should promote the development of a certification programme on interoperability matters in order to promote best practices, qualifications for human resources and a culture of excellence. The Commission should contribute to the increase of the general availability and uptake of training on public sector interoperability at national, regional and local level, in line with the Union strategies for digital skills. The Commission and the Member States should foster capacity-building, particularly within public administrations, in terms of the reskilling and upskilling needed for the implementation of this Regulation.
(45) To create a mechanism facilitating a mutual learning process among Union entities and public sector bodies and sharing of best practices in implementing Interoperable Europe solutions across the Member States, it is necessary to lay down provisions on the peer review process. Peer review should lead to valuable insights and recommendations for the public sector body undergoing such review. In particular, it could contribute to facilitating the transfer of technologies, tools, measures and processes among the participants of peer review. Peer review should create a functional path for the sharing of best practices across Member States and Union entities with different levels of maturity in interoperability. It should be possible to carry out peer review on a voluntary basis upon the request of a Union entity or a public sector body where necessary. In order to ensure that the peer review process is cost-effective, produces clear and conclusive results, and avoid unnecessary administrative burden, the Commission should be able to adopt guidelines on the methodology and the content of peer review, based on the needs that occur and after consulting the Board.
(46) The Board should facilitate the development of the general direction of the Interoperable Europe structured cooperation in promoting the digital interconnection and interoperability of public services in the Union and oversee the strategic and implementation activities related to that cooperation. The Board should carry out its tasks taking into consideration cross-border interoperability rules and solutions already implemented for existing network and information systems.
(47) Certain Union entities, such as the European Data Innovation Board and the European Health Data Space Board, have been created and tasked, inter alia, to enhance interoperability at specific domain or policy level. However, none of the existing entities are tasked to address binding requirements for trans-European digital public services. The Board should support the Union entities working on policies, actions and solutions relevant for cross-border interoperability of trans-European digital public services, for example on semantic interoperability for data spaces portability and reusability. The Board should interact with all relevant Union entities in order to ensure alignment and synergies between cross-border interoperability actions and sector specific ones. To that end, the Commission, as Chair of the Board, may invite experts with specific competence in a subject on the agenda, including representatives from regional and local authorities and from the open source and standardisation communities.
(48) Advancing public sector interoperability needs the active involvement and commitment of experts, practitioners, users and interested citizens across Member States. That effort spans all levels of administration – national, regional and local – and involves international partners, research and educational institutions, as well as relevant communities, and the private sector. In order to tap into their expertise, skills and creativity, the Interoperable Europe Community, a dedicated forum, should help channel feedback, user and operational needs, identify areas for further development and priorities for interoperability cooperation in the Union. The establishment of the Interoperable Europe Community should support the coordination and cooperation between the strategic and operational key players for interoperability.
(49) The Interoperable Europe Community should be open to all interested parties. Access to the Interoperable Europe Community should be made as easy as possible, avoiding unnecessary barriers and administrative burdens. The Interoperable Europe Community should bring together public and private stakeholders, including citizens, with expertise in the field of cross-border interoperability, coming from different backgrounds, such as academia, research and innovation, education, standardisation and specifications, business and public administration at all levels. Active participation in the Interoperable Europe Community, including by identifying support measures and funding opportunities should be encouraged.
(50) In order to ensure the effective and efficient implementation of this Regulation, it is necessary to designate national competent authorities responsible for its implementation. In many Member States, some entities already have the role of developing interoperability. Those entities should be able to take over the role of competent authority in accordance with this Regulation and, where there is more than one national competent authority, a single point of contact should be designated from among them.
(51) An Interoperable Europe Agenda should be developed as the Union’s main instrument for coordinating public investments in interoperability solutions and setting out the roadmap for implementing this Regulation. It should deliver a comprehensive overview of funding possibilities and funding commitments in the field, integrating where appropriate the related Union programmes. This should contribute to creating synergies and coordinating financial support related to interoperability development and avoiding duplication at all levels of administration.
(52) Information should be collected in order to guide the effective and efficient implementation of this Regulation, including information to support the work of the Board, and input for the evaluation of this Regulation in accordance with the Interinstitutional Agreement of 13 April 2016 on Better Law-Making (11). Therefore, the Commission should carry out a monitoring and evaluation of this Regulation. The evaluation should be based on the following five criteria of efficiency, effectiveness, relevance, coherence and value added, with a specific focus on the impact of this Regulation on the cross-border interoperability of trans-European digital public services as an enabler for seamless and accessible digital public services, the reduction of administrative burdens and the need for any additional measures and policies at Union level. The evaluation should also be the basis for impact assessments for possible further measures. Furthermore, the Commission should, after consulting the Board, prepare the methodology, process, and indicators for monitoring. The monitoring mechanism should be designed to minimise the administrative burden on Member States by reusing, to the extent feasible, existing data sources and by creating synergies with existing monitoring mechanisms, such as the Digital Economy and Society Index, the eGovernment Benchmark and the trajectories of the Digital Decade Policy Programme 2030 established by Decision (EU) 2022/2481.
(53) The Commission should submit and present an annual report to the European Parliament and to the Council on interoperability in the Union. That report should include an account of progress made with regard to the cross-border interoperability of trans-European digital public services, implementation barriers and drivers, and results achieved over time, in line with the monitoring topics listed in this Regulation. With regard to indicators for which data is not available, Member States should provide the data in a timely manner through the Board to ensure the effective delivery of the report. The quality of the report is contingent upon the timely availability of data.
(54) In order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission to set out rules and the conditions for the establishment and the operation of the interoperability regulatory sandboxes. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council (12).
(55) Since the objective of this Regulation, namely to strengthen the internal market by promoting cross-border interoperability of trans-European digital public services, cannot be sufficiently achieved by the Member States, but can rather, by reason of its scale and effects, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union (TEU). In accordance with the principle of proportionality as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve that objective.
(56) The application of this Regulation should be deferred by three months after its date of entry into force in order to provide Member States and the Union entities with sufficient time to prepare for the application of this Regulation. Such a deferral is necessary to establish the Board and the Interoperable Europe Community and to designate interoperability coordinators. In addition, this Regulation should allow time for Member States and the Union entities to prepare for the effective implementation of interoperability assessments and for each Member State to designate one or more national competent authorities and a single point of contact. Therefore, the provisions on interoperability assessments, national competent authorities and single points of contact should apply nine months from the date of entry into force of this Regulation.
(57) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 and delivered an opinion on 13 January 2023 (13),
HAVE ADOPTED THIS REGULATION:

Chapter 1

General provisions

Article 1

Subject matter and scope

1.   This Regulation lays down measures that promote the cross-border interoperability of trans-European digital public services, thus contributing to the interoperability of the underlying network and information systems by establishing common rules and a governance framework.
2.   This Regulation applies to Union entities and public sector bodies that regulate, provide, manage or implement trans-European digital public services.
3.   This Regulation applies without prejudice to the competence of Member States to define what constitutes public services or to their ability to establish procedural rules for or to provide, manage or implement those services.
4.   This Regulation is without prejudice to the competence of Member States with regard to their activities concerning public security, defence and national security.
5.   This Regulation does not entail the supply of information the disclosure of which would be contrary to the essential interests of Member States’ public security, defence or national security.

Article 2

Definitions

For the purposes of this Regulation, the following definitions apply:
(1) ‘cross-border interoperability’ means the ability of Union entities and public sector bodies of Member States to interact with each other across borders by sharing data, information and knowledge through digital processes in line with the legal, organisational, semantic and technical requirements related to such cross-border interaction;
(2) ‘trans-European digital public services’ means digital services provided by Union entities or public sector bodies to one another or to natural or legal persons in the Union, and requiring interaction across Member State borders, among Union entities or between Union entities and public sector bodies, by means of their network and information systems;
(3) ‘network and information system’ means a network and information system as defined in Article 6, point (1), of Directive (EU) 2022/2555 of the European Parliament and of the Council (14);
(4) ‘interoperability solution’ means a reusable asset concerning legal, organisational, semantic or technical requirements to enable cross-border interoperability, such as conceptual frameworks, guidelines, reference architectures, technical specifications, standards, services and applications, as well as documented technical components, such as source code;
(5) ‘Union entities’ means the Union institutions, bodies, offices and agencies set up by, or on the basis of, the TEU, the Treaty on the functioning of European Union or the Treaty establishing the European Atomic Energy Community;
(6) ‘public sector body’ means a public sector body as defined in Article 2, point (1), of Directive (EU) 2019/1024 of the European Parliament and of the Council (15);
(7) ‘data’ means data as defined in Article 2, point (1), of Regulation (EU) 2022/868 of the European Parliament and of the Council (16);
(8) ‘machine-readable format’ means a machine-readable format as defined in Article 2, point (13), of Directive (EU) 2019/1024;
(9) ‘GovTech’ means technology-based cooperation between public and private sector actors supporting public sector digital transformation;
(10) ‘standard’ means a standard as defined in Article 2, point (1), of Regulation (EU) No 1025/2012 of the European Parliament and of the Council (17);
(11) ‘ICT technical specification’ means ICT technical specification as defined in Article 2, point (5), of Regulation (EU) No 1025/2012;
(12) ‘open source licence’ means a licence whereby the reuse, redistribution and modification of software is permitted for all uses on the basis of a unilateral declaration by the right holder that may be subject to certain conditions, and where the source code of the software is made available to users indiscriminately;
(13) ‘highest level of management’ means a manager, management or coordination and oversight body at the most senior administrative level, taking account of the high-level governance arrangements in each Union entity;
(14) ‘interoperability regulatory sandbox’ means a controlled environment set up by a Union entity or a public sector body for the development, training, testing and validation of innovative interoperability solutions, where appropriate in real world conditions, supporting the cross-border interoperability of trans-European digital public services for a limited period of time under regulatory supervision;
(15) ‘binding requirement’ means an obligation, prohibition, condition, criterion or limit of a legal, organisational, semantic or technical nature, which is set by a Union entity or a public sector body concerning one or more trans-European digital public services and which has an effect on cross-border interoperability.

Article 3

Interoperability assessment

1.   Before taking a decision on new or substantially modified binding requirements, a Union entity or a public sector body shall carry out an interoperability assessment.
Where, in relation to binding requirements, an interoperability assessment has already been carried out or where binding requirements are implemented by solutions provided by Union entities, the public sector body concerned shall not be required to carry out a further interoperability assessment in relation to those requirements. A single interoperability assessment may be carried out to address a set of binding requirements.
The Union entity or public sector body concerned may also carry out the interoperability assessment in other cases.
2.   An interoperability assessment shall, in an appropriate manner, identify and assess the following:
(a) the effects of the binding requirements on cross-border interoperability, using the European Interoperability Framework referred to in Article 6as a support tool;
(b) the stakeholders to which the binding requirements are relevant;
(c) the Interoperable Europe solutions referred to in Article 7 that support the implementation of the binding requirements.
The Union entity or public sector body concerned shall publish, in a machine-readable format facilitating automated translation, a report presenting the outcome of the interoperability assessment, including the items listed in the Annex, on an official website. It shall share that report electronically with the Interoperable Europe Board established pursuant to Article 15 (the ‘Board’). The requirements laid down in this paragraph shall not restrict existing Member States’ rules on access to documents. The publication of that report shall not compromise intellectual property rights or trade secrets, public order or security.
3.   Union entities and public sector bodies may decide which body is to provide the necessary support to carry out the interoperability assessment. The Commission shall provide technical tools to support the interoperability assessment, including an online tool to facilitate the completion of the report and its publication on the Interoperable Europe portal referred to in Article 8.
4.   The Union entity or public sector body concerned shall consult recipients of the services directly affected, including citizens, or their representatives. That consultation shall be without prejudice to the protection of commercial or public interests or the security of such services.
5.   By 12 January 2025, the Board shall adopt the guidelines referred to in Article 15(5), point (a).

Article 4

Share and reuse of interoperability solutions between Union entities and public sector bodies

1.   A Union entity or public sector body shall make available to any other Union entity or public sector body that requests it an interoperability solution supporting a trans-European digital public service, including the technical documentation, and, where applicable, the version history, documented source code and the references to open standards or technical specifications used.
The obligation to share shall not apply to any of the following interoperability solutions, namely those:
(a) that support processes which fall outside the scope of the public task of the Union entity or public sector body concerned as defined by law or by other binding rules, or, in the absence of such rules, as defined in accordance with common administrative practice in the Union entities or Member State in question, provided that the scope of the public tasks is transparent and subject to review;
(b) for which third parties hold intellectual property rights that restrict the possibility of sharing the solution for reuse;
(c) access to which is excluded or restricted on grounds of:
(i) sensitive critical infrastructure protection related information as defined in Article 2, point (d), of Council Directive 2008/114/EC (18);
(ii) the protection of defence interests or public security, including national critical infrastructure.
2.   To enable the reusing entity to manage the interoperability solution autonomously, the sharing entity shall specify any conditions that apply to the reuse of the solution, including any guarantees provided to the reusing entity with regard to cooperation, support and maintenance. Such conditions may include the exclusion of liability of the sharing entity in the case of misuse of the interoperability solution by the reusing entity. Before adopting the interoperability solution, the reusing entity shall, upon request, provide to the sharing entity an assessment of the solution covering its ability to manage autonomously the cybersecurity and the evolution of the reused interoperability solution.
3.   The obligation in paragraph 1 may be fulfilled by publishing the relevant content on the Interoperable Europe portal or a portal, catalogue or repository connected to the Interoperable Europe portal. In that case, paragraph 2 shall not apply to the sharing entity. At the request of the sharing entity, the Commission shall publish the relevant content on the Interoperable Europe portal.
4.   A Union entity or public sector body, or a third party reusing an interoperability solution, may adapt it to its own needs, unless intellectual property rights held by a third party restrict the adaptation of the interoperability solution. If the interoperability solution is made public pursuant to paragraph 3, the adapted interoperability solution shall be made public in the same way.
5.   The sharing and reusing entities may conclude an agreement on sharing the costs for future developments of the interoperability solution.
6.   When deciding on the implementation of interoperability solutions, Union entities and public sector bodies shall prioritise the implementation of interoperability solutions that do not carry restrictive licensing terms, such as open source solutions, where such interoperability solutions are equivalent in terms of functionalities, total cost, user-centricity, cybersecurity or other relevant objective criteria. The Commission shall provide support in identifying such interoperability solutions, as provided for in Article 9.
7.   The Board shall adopt guidelines on the sharing of interoperability solutions.

Chapter 2

European Interoperability enablers

Article 5

General principles

1.   The Commission shall publish Interoperable Europe solutions and the EIF on the Interoperable Europe portal, by electronic means, in formats that are open, machine-readable, accessible for persons with disabilities in accordance with Directives (EU) 2016/2102 (19) and (EU) 2019/882 (20) of the European Parliament and of the Council, findable and re-usable, if applicable, together with their documented source code and metadata. Machine-translated versions of the Interoperable Europe solutions shall be published on the Interoperable Europe portal in all the official languages of the Union institutions.
2.   The Board shall monitor the overall coherence of the recommended interoperability solutions, and propose measures to ensure, where appropriate, their compatibility with other interoperability solutions that share a common purpose, while supporting, where relevant, their complementarity with or transition to new technologies.

Article 6

European Interoperability Framework and specialised interoperability frameworks

1.   The Board shall develop a European Interoperability Framework (EIF). It shall submit the EIF to the Commission for adoption. In the event that the Commission adopts the EIF, it shall publish the EIF in the
Official Journal of the European Union.
2.   The EIF shall provide a model and a set of recommendations for legal, organisational, semantic and technical interoperability as well as for its governance, that are addressed to all entities falling within the scope of this Regulation for the purpose of facilitating interactions among each other through their network and information systems. The EIF shall be taken into account in the interoperability assessment referred to in Article 3 and in the Annex.
3.   The Commission may, after consulting the Board, adopt other interoperability frameworks (specialised interoperability frameworks) targeting the needs of specific sectors or administrative levels. Specialised interoperability frameworks shall be based on the EIF. The Board shall assess the alignment of the specialised interoperability frameworks with the EIF. The Commission shall publish the specialised interoperability frameworks on the Interoperable Europe portal.
4.   Where a Member State develops a national interoperability framework and other relevant national policies, strategies or guidelines, it shall take the EIF into utmost account.

Article 7

Interoperable Europe solutions

1.   The Board shall recommend interoperability solutions for the cross-border interoperability of trans-European digital public services. Where the Board makes such a recommendation, that solution shall carry the label ‘Interoperable Europe solution’ and shall be published on the Interoperable Europe portal, clearly distinguishing between Interoperable Europe solutions and other solutions. Where the Board withdraws its recommendation the ‘Interoperable Europe solution’ label shall be removed and, where necessary, the solution shall be deleted from the Interoperable Europe portal.
2.   The Interoperable Europe solutions shall adhere to the principles of openness and reuse and shall meet the criteria referred to Article 15(5), point (i).

Article 8

Interoperable Europe portal

1.   The Commission shall provide a portal as a single point of entry for information related to cross-border interoperability of trans-European digital public services (the ‘Interoperable Europe portal’). The Interoperable Europe portal shall be electronically accessible to all citizens, including persons with disabilities, and such access shall be free of charge. The Interoperable Europe portal shall have at least the following functions:
(a) providing access to Interoperable Europe solutions in a user-friendly manner and at least searchable per Member State and per public service;
(b) providing access to interoperability solutions other than Interoperable Europe solutions, such as those:
(i) shared pursuant to Article 4(3);
(ii) provided for pursuant to other Union policies;
(iii) published on other portals, catalogues or repositories connected to the Interoperable Europe portal;
(c) providing access to ICT technical specifications eligible for referencing in accordance with Article 13 of Regulation (EU) No 1025/2012;
(d) providing access to information on the processing of personal data in the context of interoperability regulatory sandboxes referred to in Articles 11 and 12, where any high risk to the rights and freedoms of the data subjects, as referred to in Article 35(1) of Regulation (EU) 2016/679 and in Article 39 of Regulation (EU) 2018/1725, has been identified, as well as access to information on response mechanisms to promptly mitigate that risk, including, where appropriate, disclosure of the data protection impact assessment;
(e) fostering knowledge exchange between members of the Interoperable Europe Community referred to in Article 16, such as providing a feedback system for the expression of views on measures proposed by the Board or for expressions of interest in participating in actions related to the implementation of this Regulation;
(f) listing best practices and knowledge sharing supporting interoperability, including, where appropriate, guidance on public procurement, cybersecurity, IT integration and data governance;
(g) providing access to the data resulting from interoperability-related monitoring carried out pursuant to Article 20;
(h) allowing citizens, businesses, in particular SMEs, and civil society organisations to provide feedback on the published content.
2.   The Board may propose that the Commission publish other interoperability solutions on the Interoperable Europe portal or have them referred to on the Interoperable Europe portal.
3.   The solutions accessible through the Interoperable Europe portal shall:
(a) not be subject to third party rights that prevent their distribution and use;
(b) not contain personal data or confidential information;
(c) have a high-level of alignment with the Interoperable Europe solutions, which may be proven by publishing the outcome of the interoperability assessment referred to in Article 3 and in the Annex;
(d) use a licence that allows the solution at least to be reused by other Union entities or public sector bodies, or be issued as open source;
(e) be regularly maintained under the responsibility of the owner of the interoperability solution.
4.   Where a Union entity or public sector body provides a portal, catalogue or repository with similar functions, it shall take the necessary and proportionate measures to ensure interoperability with the Interoperable Europe portal. Where such portals collect open source solutions, they shall allow for the use of the European Union Public Licence.
5.   The Commission may adopt guidelines on interoperability for portals, catalogues or repositories with similar functions as those referred to in paragraph 4.

Chapter 3

Interoperable Europe support measures

Article 9

Policy implementation support projects

1.   The Board may propose that the Commission set up projects to support public sector bodies in the digital implementation of Union policies ensuring the cross-border interoperability of trans-European digital public services (policy implementation support project).
2.   The policy implementation support project shall set out:
(a) the existing Interoperable Europe solutions that are deemed to be necessary for the digital implementation of the policy requirements;
(b) any missing interoperability solutions to be developed that are deemed to be necessary for the digital implementation of the policy requirements;
(c) other recommended support measures, such as training, the sharing of expertise or peer review, as well as financial support opportunities to assist the implementation of interoperability solutions.
3.   The Commission shall, after consulting the Board, lay down the scope, timeline, necessary involvement of particular sectors and administrative levels and working methods of the support project. Where the Commission has already carried out and published an interoperability assessment pursuant to Article 3, the outcome of that assessment shall be taken into account when setting up the support project.
4.   In order to reinforce the policy implementation support project, the Board may propose the establishment of an interoperability regulatory sandbox pursuant to Article 11.
5.   The outcome of a policy implementation support project as well as interoperability solutions developed during the project shall be openly available and made public on the Interoperable Europe portal.

Article 10

Innovation measures

1.   The Board may propose that the Commission set up innovation measures to support the development and uptake of innovative interoperability solutions in the Union (innovation measures).
2.   Innovation measures shall contribute to the development of existing or new Interoperable Europe solutions and may involve GovTech actors.
3.   In order to support the development of innovation measures, the Board may propose the establishment of an interoperability regulatory sandbox.
4.   The Commission shall make the results from the innovation measures openly available on the Interoperable Europe portal.

Article 11

Establishment of interoperability regulatory sandboxes

1.   Interoperability regulatory sandboxes shall be operated under the responsibility of the participating Union entities or public sector bodies. Interoperability regulatory sandboxes that entail the processing of personal data by public sector bodies, shall be operated under the supervision of the national data protection authorities as well as other relevant national, regional or local supervisory authorities. Interoperability regulatory sandboxes that entail the processing of personal data by Union entities shall be operated under the supervision of the European Data Protection Supervisor.
2.   The establishment of an interoperability regulatory sandbox as referred to paragraph 1 shall aim to contribute to the following objectives:
(a) fostering innovation and facilitating the development and roll-out of innovative digital interoperability solutions for public services;
(b) facilitating cross-border cooperation between national regional and local competent authorities and synergies in public service delivery;
(c) facilitating the development of an open European GovTech ecosystem, including cooperation with SMEs, research and educational institutions and start-ups;
(d) enhancing authorities’ understanding of the opportunities or barriers to cross-border interoperability of innovative interoperability solutions, including legal barriers;
(e) contributing to the development or update of Interoperable Europe solutions;
(f) contributing to evidence-based regulatory learning;
(g) improving legal certainty and contributing to the sharing of best practices through cooperation with the authorities involved in the interoperability regulatory sandbox with a view to ensuring compliance with this Regulation and, where appropriate, with other Union and national law.
3.   In order to ensure a harmonised approach and to support the implementation of interoperability regulatory sandboxes, the Commission may issue guidelines and clarifications, without prejudice to other Union law.
4.   The Commission, after consulting the Board shall, upon a joint request from at least three participants, authorise the establishment of an interoperability regulatory sandbox. Where appropriate the request shall specify information such as the purpose of the processing of personal data, the actors involved and their roles, the categories of personal data concerned and their sources, and the envisaged retention period. The consultation shall not replace the prior consultation referred to in Article 36 of Regulation (EU) 2016/679 and Article 40 of Regulation (EU) 2018/1725. Where the interoperability regulatory sandbox is established for interoperability solutions supporting the cross-border interoperability of trans-European digital public services by one or more Union entities, including with the participation of public sector bodies, no authorisation shall be required.

Article 12

Participation in interoperability regulatory sandboxes

1.   The participating Union entities or public sector bodies shall ensure, where the operation of the interoperability regulatory sandbox requires the processing of personal data or otherwise falls under the supervisory remit of other national, regional or local authorities providing or supporting access to data, that national data protection authorities as well as other national, regional or local authorities are associated with the operation of the interoperability regulatory sandbox. As appropriate, participants may allow for the involvement in the interoperability regulatory sandbox of other GovTech actors such as national or European standardisation organisations, notified bodies, research and experimentation labs, innovation hubs, and companies wishing to test innovative interoperability solutions, in particular SMEs and start-ups.
2.   Participation in the interoperability regulatory sandbox shall be limited to a period appropriate to the complexity and scale of the project, which shall, in any event, not exceed two years from the establishment of the interoperability regulatory sandbox. Participation may be extended by up to one year if necessary to achieve the purpose of the processing.
3.   Participation in the interoperability regulatory sandbox shall be based on a specific plan elaborated by the participants and taking into account, as applicable, the advice of other national competent authorities or the European Data Protection Supervisor. The plan shall contain at least the following:
(a) a description of the participants involved and their roles, the envisaged innovative interoperability solution and its intended purpose, and relevant development, testing and validation process;
(b) the specific regulatory issues at stake and the guidance that is expected from the authorities supervising the interoperability regulatory sandbox;
(c) the specific arrangements for collaboration between the participants and the authorities, as well as any other actor involved in the interoperability regulatory sandbox;
(d) a risk management and monitoring mechanism to identify, prevent and mitigate risks;
(e) the key milestones to be completed by the participants for the interoperability solution to be considered ready to put into service;
(f) evaluation and reporting requirements and possible follow-up;
(g) where it is strictly necessary and proportionate to process personal data, the reasons for such processing, an indication of the categories of personal data concerned, the purposes of the processing for which the personal data are intended, the controllers and processors involved in the processing and their role.
4.   Participation in the interoperability regulatory sandboxes shall not affect the supervisory and corrective powers of any authorities supervising those sandboxes.
5.   Participants in the interoperability regulatory sandbox shall remain liable under applicable Union and national law on liability for any damage caused in the course of their participation in the interoperability regulatory sandbox.
6.   Personal data may be processed in the interoperability regulatory sandbox for purposes other than that for which it has initially been lawfully collected, subject to all of the following conditions:
(a) the innovative interoperability solution is developed for safeguarding public interests in the context of a high level of efficiency and quality of public administration and public services;
(b) the data processed is limited to what is necessary for the functioning of the interoperability solution to be developed or tested in the interoperability regulatory sandbox, and that functioning cannot be effectively achieved by processing anonymised, synthetic or other non-personal data;
(c) there are effective monitoring mechanisms to identify whether any high risk to the rights and freedoms of the data subjects, as referred to in Article 35(1) of Regulation (EU) 2016/679 and in Article 39 of Regulation (EU) 2018/1725, may arise during the operation of the interoperability regulatory sandbox, as well as a response mechanism to promptly mitigate that risk and, where necessary, stop the processing;
(d) any personal data to be processed are in a functionally separate, isolated and protected data processing environment under the control of the participants and only duly authorised persons have access to that data;
(e) any personal data processed are not to be transmitted, transferred or otherwise accessed by other parties that are not participants in the interoperability regulatory sandbox unless such disclosure occurs in accordance with Regulation (EU) 2016/679 or, where applicable, Regulation (EU) 2018/1725, and all participants have agreed to it;
(f) any processing of personal data do not affect the application of the rights of the data subjects as provided for under Union law on the protection of personal data, in particular in Article 22 of Regulation (EU) 2016/679 and Article 24 of Regulation (EU) 2018/1725;
(g) any personal data processed are protected by means of appropriate technical and organisational measures and erased once the participation in the interoperability regulatory sandbox has terminated or the personal data has reached the end of its retention period;
(h) the logs of the processing of personal data are kept for the duration of the participation in the interoperability regulatory sandbox, unless provided otherwise by Union or national law;
(i) a complete and detailed description of the process and rationale behind the training, testing and validation of the interoperability solution is kept together with the testing results as part of the technical documentation and transmitted to the Board;
(j) a short summary of the interoperability solution to be developed in the interoperability regulatory sandbox, including its objectives and expected results, is made available on the Interoperable Europe portal.
7.   Paragraph 1 is without prejudice to Union or national law laying down the basis for the processing of personal data which is necessary for the purpose of developing, testing and training of innovative interoperability solutions or any other legal basis, in accordance with Union law on the protection of personal data.
8.   The participants shall submit periodic reports and a final report to the Board and the Commission on the results from the interoperability regulatory sandboxes, including good practices, lessons learnt, security measures and recommendations on their operation and, where relevant, on the development of this Regulation and other Union law supervised within the interoperability regulatory sandbox. The Board shall issue an opinion to the Commission on the outcome of the interoperability regulatory sandbox, specifying, where applicable, the actions needed to implement new interoperability solutions to promote the cross-border interoperability of trans-European digital public services.
9.   The Commission shall ensure that information on the interoperability regulatory sandboxes is available on the Interoperable Europe portal.
10.   By 12 April 2025, the Commission shall adopt implementing acts setting out the detailed rules and the conditions for the establishment and the operation of the interoperability regulatory sandboxes, including the eligibility criteria and the procedure for the application for, selection of, participation in and exiting from the interoperability regulatory sandbox and the rights and obligations of the participants. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 22(2).

Article 13

Training

1.   The Commission, assisted by the Board, shall provide training material on the use of the EIF and on Interoperable Europe solutions, including solutions that are free and open source. Union entities and public sector bodies shall provide their staff entrusted with strategical or operational tasks having an impact on trans-European digital public services with appropriate training programmes concerning interoperability issues.
2.   The Commission shall organise training courses on interoperability issues at Union level to enhance cooperation and the exchange of best practices between the staff of Union entities and public sector bodies, targeting public sector employees in particular at regional and local level. The Commission shall make the training courses publicly accessible online, free of charge.
3.   The Commission shall promote the development of a certification programme on interoperability matters to promote best practices, human resources qualification and a culture of excellence.

Article 14

Peer review

1.   A voluntary mechanism for peer review shall be established for the purpose of facilitating cooperation between public sector bodies, designed to support them in implementing Interoperable Europe solutions, to support trans-European digital public services and to help them carry out an interoperability assessments pursuant to Article 3.
2.   A peer review shall be conducted by interoperability experts drawn from Member States other than the Member State where the public sector body undergoing the peer review is located.
3.   Any information obtained through a peer review shall be used solely for the purpose of that peer review. The interoperability experts participating in the peer review shall not disclose any sensitive or confidential information obtained in the course of that peer review to third parties. The Member State concerned shall ensure that any risk of a conflict of interest concerning the designated interoperability experts is communicated to the other Member States and the Commission without undue delay.
4.   The interoperability experts conducting the peer review shall prepare and present a report within one month of the finalisation of the peer review and submit it to the public sector body concerned and to the Board. The Commission shall publish a report on the Interoperable Europe portal when authorised by the Member State where the public sector body undergoing the peer review is located.
5.   The Commission may, after consulting the Board, adopt guidelines on the methodology and content of peer review.

Chapter 4

Governance of cross-border interoperability

Article 15

Interoperable Europe Board

1.   The Interoperable Europe Board (the ‘Board’) is hereby established. It shall facilitate strategic cooperation and provide advice on the application of this Regulation.
2.   The Board shall be composed of one representative from each Member State and from the Commission.
3.   The Committee of the Regions, the EU Cybersecurity Agency (ENISA) and the European Cybersecurity Competence Centre shall each designate one expert, who shall be invited to participate as observers.
4.   The Board shall be chaired by the Commission. The Chair may grant observer status in the Board to experts designated by Union entities, regions, organisations and candidate countries. The Chair may invite to participate, on an ad hoc basis, experts with specific competence in a subject on the agenda. The Commission shall provide the secretariat of the Board.
The members of the Board shall make every effort to adopt decisions by consensus. In the event of a vote, the outcome of the vote shall be decided by simple majority of the component members. The members who have voted against a proposal or abstained shall have the right to have a document summarising the reasons for their position annexed to the opinions, recommendations or reports.
5.   The Board shall have the following tasks:
(a) to adopt guidelines with regard to the interoperability assessment pursuant to Article 3(5) and the common checklist set out in the Annex to this Regulation, and, if necessary, update those guidelines;
(b) to analyse the information collected pursuant to Article 3(2) and to provide, on that basis, suggestions to improve the cross-border interoperability of trans-European digital public services;
(c) to adopt guidelines on sharing the interoperability solutions referred to in Article 4;
(d) to propose measures to foster the share and reuse of interoperability solutions;
(e) to develop the EIF, to update it if necessary and to propose it to the Commission;
(f) to support the implementation of the interoperability frameworks of the Member States and of the Union entities and other relevant Union and national policies, strategies or guidelines, including the digital-by-default principle and the interoperability-by-design approach;
(g) to assess the alignment of the specialised interoperability frameworks with the EIF and to answer requests for consultation from the Commission on those frameworks;
(h) to adopt the Interoperable Europe Agenda referred to in Article 19;
(i) to recommend Interoperable Europe solutions and to withdraw such recommendations on the basis of agreed criteria;
(j) to monitor the overall coherence of the recommended interoperability solutions, at national, regional and local level, including the information on their metadata and categorisation;
(k) to propose to the Commission measures to ensure, where appropriate, the compatibility of interoperability solutions with other interoperability solutions that share a common purpose, while supporting, where relevant, the complementarity with or transition to new technologies;
(l) to propose that the Commission publish the interoperability solutions referred to in Article 8(2) or have those interoperability solutions referred to on the Interoperable Europe portal;
(m) to propose to the Commission the setting up of policy implementation support projects, innovation measures and other relevant measures, including funding support;
(n) to identify best practices for integrating interoperability solutions in public procurement and tenders;
(o) to review reports from innovation measures on the use of the interoperability regulatory sandboxes and on peer review and to propose follow-up measures if necessary;
(p) to propose measures to enhance the interoperability capabilities of public sector bodies, such as training;
(q) to propose measures to relevant standardisation organisations and bodies to contribute to European standardisation activities, in particular by means of the procedures set out in Regulation (EU) No 1025/2012;
(r) to propose measures by which to collaborate with international bodies and research and educational institutions that could contribute to the development on interoperability, especially international communities on open source solutions, open standards or technical specifications and other platforms;
(s) to coordinate with the European Data Innovation Board referred to in Regulation (EU) 2022/868 on interoperability solutions for the common European Data Spaces, as well as with any other Union entity working on interoperability solutions relevant for the public sector;
(t) to inform regularly and coordinate with the interoperability coordinators referred to in Article 18 and, where relevant, with the Interoperable Europe Community, on matters concerning trans-European digital public services, including relevant Union-funded projects and networks;
(u) to provide advice to the Commission on the monitoring of and reporting on the application of this Regulation;
(v) to provide to the Commission in a timely manner the necessary input and data required for the effective delivery of the reports in accordance with Article 20.
6.   The Board may set up working groups to examine specific points related to the tasks of the Board. Working groups shall involve members of the Interoperable Europe Community.
7.   The Board shall adopt its own rules of procedure.

Article 16

Interoperable Europe Community

1.   An Interoperable Europe Community shall, where so requested by the Board, contribute to the activities of the Board by providing expertise and advice.
2.   Public and private stakeholders as well as civil society organisations and academic contributors residing or having their registered office in a Member State may register on the Interoperable Europe portal as members of the Interoperable Europe Community.
3.   After confirmation of the registration, membership status shall be made public on the Interoperable Europe portal. Membership shall not be limited in time. It may however be revoked by the Board at any time for proportionate and justified reasons, especially if a member is no longer able to contribute to the Interoperable Europe Community or has abused the status of member of the Interoperable Europe Community.
4.   The members of the Interoperable Europe Community may be invited, inter alia, to:
(a) contribute to the content of the Interoperable Europe portal;
(b) provide expertise with regard to the development of interoperability solutions;
(c) participate in the working groups and other activities;
(d) participate in the support measures provided for in Articles 9 to 14;
(e) promote the use of interoperability standards and frameworks.
5.   The Board shall organise an annual online assembly of the Interoperable Europe Community.
6.   The Board shall adopt the code of conduct for the Interoperable Europe Community. The code of conduct shall be published on the Interoperable Europe portal.

Article 17

National competent authorities and single points of contact

1.   Each Member State shall designate one or more competent authorities as responsible for the application of this Regulation. Member States shall designate a single point of contact from among their competent authorities.
2.   The single point of contact shall have the following tasks:
(a) to coordinate within the Member State with regard to all questions related to this Regulation;
(b) to support public sector bodies within the Member State to set up or adapt the processes by which they carry out interoperability assessments referred to in Article 3 and in the Annex;
(c) to foster the share and reuse of interoperability solutions through the Interoperable Europe portal or another relevant portal;
(d) to contribute country-specific knowledge to the Interoperable Europe portal;
(e) to coordinate and encourage the active involvement of a diverse range of national, regional and local entities in policy implementation support projects and innovation measures referred to in Articles 9 to 14;
(f) to support public sector bodies in the Member State to cooperate with the relevant public sector bodies in other Member States on topics covered by this Regulation.
3.   Member States shall ensure that the competent authorities have adequate competence and resources to carry out, in an effective and efficient manner, the tasks assigned to them.
4.   The Member States shall set up the necessary cooperation structures between all national authorities involved in the implementation of this Regulation. Those structures may build on existing mandates and processes in the field.
5.   Each Member State shall notify to the Commission, without undue delay, the designation of its single point of contact and any subsequent change thereto and shall inform the Commission of other national authorities involved in the oversight of the interoperability policy. Each Member State shall make public the designation of their single point of contact. The Commission shall publish the list of the designated single points of contact.

Article 18

Interoperability coordinators for Union entities

Any Union entity that regulates, provides or manages trans-European digital public services shall designate an interoperability coordinator under the oversight of its highest level of management to ensure the contribution of that Union entity to the implementation of this Regulation.
The interoperability coordinator shall provide support across that Union entity with regard to setting up or adapting internal processes to implement the interoperability assessment.

Chapter 5

Interoperable Europe planning and monitoring

Article 19

Interoperable Europe Agenda

1.   After organising a public consultation process through the Interoperable Europe portal that involves, among others, the members of the Interoperable Europe Community and the interoperability coordinators, the Board shall adopt, each year, a strategic agenda by which to plan and coordinate priorities for the development of cross-border interoperability of trans-European digital public services (the ‘Interoperable Europe Agenda’). The Interoperable Europe Agenda shall take into account the Union’s long-term strategies for digitalisation, existing Union funding programmes and ongoing Union policy implementation.
2.   The Interoperable Europe Agenda shall contain:
(a) a needs assessment for the development of interoperability solutions;
(b) a list of ongoing and planned Interoperable Europe support measures;
(c) a list of proposed follow-up actions to innovation measures, including actions in support of open source interoperability solutions;
(d) an identification of synergies with other relevant Union and national programmes and initiatives;
(e) indications of available financial opportunities in support of the priorities included.
3.   The Interoperable Europe Agenda shall not impose financial obligations or further administrative burdens. After its adoption, the Commission shall publish the Interoperable Europe Agenda on the Interoperable Europe portal and shall provide regular updates on its implementation.

Article 20

Monitoring and evaluation

1.   The Commission shall monitor the progress of the development of trans-European digital public services to support evidence-based policymaking and necessary actions in the Union at national, regional and local level. Monitoring shall give priority to the reuse of existing Union, national and international monitoring data and to automated data collection. The Commission shall consult the Board in the preparation of the methodology, the indicators and the process relating to the monitoring.
2.   As regards topics of specific interest for the implementation of this Regulation, the Commission shall monitor:
(a) progress with regard to the cross-border interoperability of trans-European digital public services in the Union;
(b) progress towards the implementation of the EIF by the Member States;
(c) the take-up of interoperability solutions for different public services across the Member States;
(d) the development of open source interoperability solutions for public services, public sector innovation and cooperation with GovTech actors, including SMEs and start-ups, in the field of cross-border interoperable public services to be delivered or managed electronically in the Union;
(e) the enhancement of public sector interoperability skills.
3.   Monitoring results shall be published by the Commission on the Interoperable Europe portal. Where feasible, they shall be published in a machine-readable format.
4.   The Commission shall submit and present to the European Parliament and to the Council an annual report on interoperability in the Union. That report shall:
(a) set out progress with regard to the cross-border interoperability of trans-European digital public services in the Union;
(b) identify significant implementation barriers to as well as drivers of cross-border interoperable public services in the Union;
(c) set out the results achieved over time in terms of the implementation of the EIF, the take-up of interoperability solutions, the enhancement of interoperability skills, the development of open source interoperability solutions for public services, and the increase of public sector innovation and cooperation with GovTech actors.
5.   By 12 January 2028 and every four years thereafter, the Commission shall submit to the European Parliament and to the Council a report on the application of this Regulation, which shall include the conclusions of its evaluation. The report shall specifically assess whether there is a need to establish mandatory interoperability solutions.
6.   The report referred to in paragraph 5 shall assess, in particular:
(a) the impact of this Regulation on cross-border interoperability as an enabler for seamless and accessible digital public services in the Union;
(b) the increased efficiency, including by the reduction of administrative burdens in online transaction processes resulting from cross-border interoperability, on citizens and businesses, in particular SMEs and startups;
(c) the need for any additional policies, measures or actions that are required at Union level.
7.   Where the timing of the reports referred to in paragraphs 4 and 5 coincide, the Commission may combine both reports.

Chapter 6

Final provisions

Article 21

Costs

1.   Subject to the availability of funding, the general budget of the Union shall cover the costs of:
(a) the development and maintenance of the Interoperable Europe portal;
(b) the development, maintenance and promotion of Interoperable Europe solutions;
(c) the Interoperable Europe support measures.
2.   The costs referred to in paragraph 1 shall be met in a manner that complies with the applicable provisions of the relevant basic act.

Article 22

Committee procedure

1.   The Commission shall be assisted by a committee. That committee shall be a committee within the meaning of Regulation (EU) No 182/2011.
2.   Where reference is made to this paragraph, Article 5 of Regulation (EU) No 182/2011 shall apply.

Article 23

Entry into force

1.   This Regulation shall enter into force on the twentieth day following that of its publication in the
Official Journal of the European Union.
2.   It shall apply from 12 July 2024.
However, Article 3(1) to (4) and Article 17 shall apply from 12 January 2025.
This Regulation shall be binding in its entirety and directly applicable in all Member States.
Done at Strasbourg, 13 March 2024.
For the European Parliament
The President
R. METSOLA
For the Council
The President
H. LAHBIB
(1)  
OJ C 184, 25.5.2023, p. 28
.
(2)  
OJ C 257, 21.7.2023, p. 28
.
(3)  Position of the European Parliament of 6 February 2024 (not yet published in the Official Journal) and decision of the Council of 4 March 2024.
(4)  Decision (EU) 2022/2481 of the European Parliament and of the Council of 14 December 2022 establishing the Digital Decade Policy Programme 2030 (
OJ L 323, 19.12.2022, p. 4
).
(5)  Regulation (EU) 2021/1119 of the European Parliament and of the Council of 30 June 2021 establishing the framework for achieving climate neutrality and amending Regulations (EC) No 401/2009 and (EU) No 2018/1999 (‘European Climate Law’) (
OJ L 243, 9.7.2021, p. 1
).
(6)  
OJ C 23, 23.1.2023, p. 1
.
(7)  Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (
OJ L 119, 4.5.2016, p. 1
).
(8)  Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (
OJ L 295, 21.11.2018, p. 39
).
(9)  Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (
OJ L 201, 31.7.2002, p. 37
).
(10)  Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (
OJ L 119, 4.5.2016, p. 89
).
(11)  
OJ L 123, 12.5.2016, p. 1
.
(12)  Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by Member States of the Commission’s exercise of implementing powers (
OJ L 55, 28.2.2011, p. 13
).
(13)  
OJ C 60, 17.2.2023, p. 17
.
(14)  Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive) (
OJ L 333, 27.12.2022, p. 80
).
(15)  Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on open data and the re-use of public sector information (
OJ L 172, 26.6.2019, p. 56
).
(16)  Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance and amending Regulation (EU) 2018/1724 (Data Governance Act) (
OJ L 152, 3.6.2022, p. 1
).
(17)  Regulation (EU) No 1025/2012 of the European Parliament and of the Council of 25 October 2012 on European standardisation, amending Council Directives 89/686/EEC and 93/15/EEC and Directives 94/9/EC, 94/25/EC, 95/16/EC, 97/23/EC, 98/34/EC, 2004/22/EC, 2007/23/EC, 2009/23/EC and 2009/105/EC of the European Parliament and of the Council and repealing Council Decision 87/95/EEC and Decision No 1673/2006/EC of the European Parliament and of the Council (
OJ L 316, 14.11.2012, p. 12
).
(18)  Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection (
OJ L 345, 23.12.2008, p. 75
).
(19)  Directive (EU) 2016/2102 of the European Parliament and of the Council of 26 October 2016 on the accessibility of the websites and mobile applications of public sector bodies (
OJ L 327, 2.12.2016, p. 1
).
(20)  Directive (EU) 2019/882 of the European Parliament and of the Council of 17 April 2019 on the accessibility requirements for products and services (
OJ L 151, 7.6.2019, p. 70
).

ANNEX

COMMON CHECKLIST FOR INTEROPERABILITY ASSESSMENT REPORTS

The following items shall be included in the report referred to in Article 3(2):
1.
General Information
— Union entity or public sector body providing the report and other relevant information
— Initiative, project or action concerned
2.
Requirements
— Trans-European digital public services concerned
— Binding requirements assessed
— Public and private stakeholders affected
— Identified effects on cross-border interoperability
3.
Results
— Interoperable Europe solutions identified for use
— Other relevant interoperability solutions, where applicable, including machine-to-machine interfaces
— Remaining barriers to cross-border interoperability
ELI: http://data.europa.eu/eli/reg/2024/903/oj
ISSN 1977-0677 (electronic edition)
Markierungen
Leseansicht