Difference between revisions of "DE4A Memorandum of Understanding"
Hans.graux (talk | contribs) (Copy editing) |
Hans.graux (talk | contribs) (→Contents: Copy editing) |
||
Line 7: | Line 7: | ||
As was also the case for other Large Scale Pilot projects in the EU, an MoU was drafted, circulated and approved by the DE4A partners. Briefly summarized, the MoU implements a risk based governance mechanism, requiring pilot participants to evaluate what the risk is in each piloting activity. It recognises three principal risk levels: | As was also the case for other Large Scale Pilot projects in the EU, an MoU was drafted, circulated and approved by the DE4A partners. Briefly summarized, the MoU implements a risk based governance mechanism, requiring pilot participants to evaluate what the risk is in each piloting activity. It recognises three principal risk levels: | ||
− | + | * '''Low risk''' piloting activities include piloting activities that involve only fictitious persons, fictitious data, and test procedures. All three of these requirements must be met, or the piloting activities are qualified as medium risk. | |
− | + | * '''Medium risk''' piloting activities include piloting activities that involve any one or two of the following factors (but not all three cumulatively, since that would qualify as high risk): | |
− | + | ** Real-life persons | |
− | + | ** Real-life data | |
− | + | ** Production environments | |
− | + | * '''High risk''' piloting activities including piloting activities that cumulatively involve real-life persons, real-life data, and production environments. | |
− | |||
− | |||
− | |||
− | |||
− | |||
The risk qualification must be documented and justified for each pilot, and specific legal and ethical safeguards are implemented for each level (covering interaction between the parties, communication with users, monitoring, and DPO involvement, among other points). In this way, a coordinated governance approach is created for all DE4A piloting activities. | The risk qualification must be documented and justified for each pilot, and specific legal and ethical safeguards are implemented for each level (covering interaction between the parties, communication with users, monitoring, and DPO involvement, among other points). In this way, a coordinated governance approach is created for all DE4A piloting activities. |
Latest revision as of 22:31, 21 February 2022
Scope and context
Piloting activities in DE4A are partially organised within the context of the SDGR, but they also aim to generally pilot solutions based on innovative technologies that enable new forms of organising once-only transactions in cross border e-government use cases (irrespective of whether they fall witing the scope of the SDGR). This raises certain challenges for some piloting partners in the DE4A project, since the legal rights and obligations of the partners are not comprehensively regulated. The SDGR will not become fully applicable until December 2023, and some piloting activities will not be covered by the SDGR. While the DE4A Grant Agreement and the DE4A Consortium Agreement provides a legally binding statement of the rights and obligations of DE4A partners, these do not address constraints and obligations in relation to piloting to any level of detail.
In the absence of sufficiently comprehensive legislation or contracts, it is not unambiguously clear what the limitations to piloting activities in DE4A might be, nor how piloting partners are expected to be organised. The purpose of the Memorandum of Understanding (MoU) is to fill this gap, by providing a joint statement of mutual understanding between piloting partners in relation to the requirements, assurances and limitations in relation to piloting. An MoU is not a legally binding contract. It is a non-binding, good faith, statement of shared understanding between the signatories.
Contents
As was also the case for other Large Scale Pilot projects in the EU, an MoU was drafted, circulated and approved by the DE4A partners. Briefly summarized, the MoU implements a risk based governance mechanism, requiring pilot participants to evaluate what the risk is in each piloting activity. It recognises three principal risk levels:
- Low risk piloting activities include piloting activities that involve only fictitious persons, fictitious data, and test procedures. All three of these requirements must be met, or the piloting activities are qualified as medium risk.
- Medium risk piloting activities include piloting activities that involve any one or two of the following factors (but not all three cumulatively, since that would qualify as high risk):
- Real-life persons
- Real-life data
- Production environments
- High risk piloting activities including piloting activities that cumulatively involve real-life persons, real-life data, and production environments.
The risk qualification must be documented and justified for each pilot, and specific legal and ethical safeguards are implemented for each level (covering interaction between the parties, communication with users, monitoring, and DPO involvement, among other points). In this way, a coordinated governance approach is created for all DE4A piloting activities.
To learn more
On this wiki, you can find a full copy of the Memorandum of Understanding - to be signed by all piloting partners prior to initiating piloting activities. An overview of the current MoU signature status is also available.