- Česky (cs)
- English (en)
Identification of public administration clients
Description of identification of public administration clients
Physical Identification
Physical identification refers to a situation where a client of a public administration is personally present at the place where the service is provided to him/her or where he/she is required to interact. Identification documents are used to provide physical proof of identity and must include:
- Current and valid details of the holder
- A photograph of the holder
The identification documents used are ID card and passport. A driving licence is not an identification document because it does not meet the necessary parameters when it is issued, although it does contain, for example, a photograph of the holder.
In order to allow physical identification to work for both current need (a person attends a place at a given time) and historical need (validation of an identification document from a historical contract), eGovernment services provided via Reference interface will be extended with a service that returns, for any historical identification document number and type, whether it was valid at the requested time and the current details of the holder of that historical identification document.
Physical identification for persons without an identification document
Although the preceding text assumes identification only through identification documents, there are situations in which a person does not have the ability to identify himself with such an identification document. Typically these are children under 15 or foreigners. The basic prerequisite for the identification of these persons is their registration in the public administration information system, linked to the linked data fund and the subsequent issuance of a certificate or official/public document that can act as an identification document. For persons under 15 years of age this can be a birth certificate held in one of the editorial agency information systems or a temporary residence permit for foreigners.
Some of these documents, such as permanent residence permits, asylum tags or visa tags, are already held in the basic population register, but their use for identification is not fully resolved.
Electronic identification
Electronic identification refers to a situation where the client of a public administration is not present at the place of service provision. Identification is therefore carried out remotely, without physical contact.
For the unambiguous electronic identification and authentication of public administration clients, a technical and legal framework has been created which allows all administrators of public administration information systems to perform this activity in accordance with the Information Concept of the Czech Republic and without the need to create their own costly solutions and increase the administrative burden.
Act No. 250/2017 Coll., on electronic identification, introduces in §2 the obligation to perform proof of identity using electronic identification only through a qualified electronic identification system. This section comes into force on 1 July 2020. After this date, the practice of issuing access data of public administration clients outside qualified electronic identification systems will not be allowed to continue, unless another law allows this route.
To support the whole process of electronic identification through a qualified electronic identification system, a National Identity Authority (also referred to as NIA) platform is created to perform the activities of the National Point according to § 20 and following and the National eIDAS node for cooperation with notified electronic identification systems according to Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.
Mandates, rights and roles in electronic identification for public administration clients
The qualified electronic service provider will remain responsible for managing the authorisation (authorization) of the natural person who has proved his/her identity in this way. Therefore, he/she must continue to manage authorisations based on the data about the individual that he/she obtains from the Linked Data Pool and his/her own data held in the agenda.
View of client identification and identifiers VS
Rules for identification of public administration clients
Physical Identification
Physical identification refers to a situation where a client of a public administration is personally present at the place where the service is provided to him/her or where he/she is required to interact. Identification documents are used to provide physical proof of identity and must include:
- Current and valid details of the holder
- A photograph of the holder
The identification documents used are ID card and passport. A driving licence is not an identification document because it does not meet the necessary parameters when it is issued, although it does contain, for example, a photograph of the holder.
The ID card itself, which can also be used for electronic identification, can be used for physical identification at various levels:
- Medium level
- Detecting whether an ID card is counterfeit.
- Determining whether the ID presented is valid
- Checking the photo and details on the ID card against the client who presented it
- High level
- Determining if it is a fake ID card
- Determining whether the ID presented is valid
- Checking the photo and details on the ID card against the client who presented it
- Requesting and checking up-to-date details, including a photograph, of the client who produced it
Physical identification of legal entities
As far as legal persons in the Czech legal system are concerned, by their nature they can never legally act on their own, they must always be acted for by a representative, which (even indirectly, e.g. if the legal person is a statutory body of another legal person) is always ultimately a natural person (or natural persons). Legal entity identification devices are not issued in the Czech Republic for use in a physical environment. This is because the legal entity is not present in the physical space and is always represented by a natural person who proves his/her own identity.
Electronic identification
Electronic identification refers to a situation where the client of the public administration is not present at the place of service provision. Identification therefore takes place remotely, without physical contact.
For the unambiguous electronic identification and authentication of public administration clients, a technical and legal framework has been created which allows all administrators of public administration information systems to perform this activity in accordance with the Information Concept of the Czech Republic and without the need to create their own costly solutions and increase the administrative burden.
Act No. 250/2017 Coll., on electronic identification, introduces in §2 the obligation to perform proof of identity using electronic identification only through qualified electronic identification system. This section comes into force on 1 July 2020. After this date, the practice of issuing access data of public administration clients outside qualified electronic identification system systems will not be allowed to continue, unless another law allows this route.
To support the whole process of electronic identification through a qualified electronic identification system, the National Identity Authority (also referred to as NIA) platform is created, which performs the activities of the National Point according to § 20 and following and the National eIDAS node for cooperation with notified electronic identification systems according to Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.
Electronic identification of legal persons
As far as legal persons in the Czech legal system are concerned, by their nature they can never legally act on their own, they must always be acted for by a representative, which (even indirectly, e.g. if the legal person is a statutory body of another legal person) is always ultimately a natural person (or natural persons). It follows that the provisions of Section 2 of the Electronic Identification Act, which apply to the cases of natural persons, also apply to the actions of legal persons, since it is always the natural persons who actually act, whether for themselves or for another natural person or legal person.
However, in an electronic environment, particularly where automated communications are involved, mechanisms are used which are in the nature of a means of identification of a legal person. These include, for example, a certificate for the registration of sales pursuant to Act No 112/2016 Coll., on the registration of sales, or certificates issued by the Czech National Bank for automated communication between the CNB and entities subject to its supervision, typically banks. However, it is true that identification means of legal entities with use irrespective of agendas, equivalent to e.g. ID cards, are not issued in the Czech Republic.
While the authentication of a natural person is not problematic in itself, the question of determining whether a natural person is acting for himself or herself in a given situation (or in what role) or whether he or she is acting for another natural person or for a legal person appears to be problematic. The issue of mandates and authorisations is addressed in below.
The fact that a given natural person has the right to identify and authenticate himself/herself on behalf of a legal person (i.e. to "log in to a service on behalf of a legal person") does not without more confer the right for that natural person to act on behalf of that legal person through a digital service. The authorisation of a given natural person to provide a digital service must be assessed by the person to whom the natural person applies on the basis of the information available to him (information from the commercial register, power of attorney authorising a specific person to act on behalf of a legal person, etc.) in conjunction with the relevant legal provisions.
As an example of such access, we can cite data boxes to which a natural person logs in, for example, with a new ID card with an activated chip. After successful authentication with an electronic identification means (i.e. e.g. with an "eCard)" and consent to the transmission of personal data on the National Point for Identification and Authentication portal, the natural person is identified for the purposes of the Information System for Data Boxes (ISDS). After identification, the ISDS shall offer the natural person a list of data boxes in relation to which the registered natural person is authorised to act.
The authenticated natural person therefore chooses for whom and in what role he/she will act through datavboxes. The ISDS obtains the information about this authorisation, e.g. from ROS, from other sources (e.g. information about the fact that a certain person is a lawyer or insolvency administrator) or keeps it on the basis of a communication from the data box holder himself (e.g. information about the so-called authorised person). However, regardless of the source of the information on the authority to represent another person, or the source of the role information, it is up to the ISDS itself, as the service provider, to implement the authority to represent another person properly in its environment so that persons can exercise that authority. The offering of individual authorisations, or roles, is therefore the responsibility of the service provider and depends on the data and authorisations it maintains within its information system or the data it has access to.
Mandates, roles and rights in electronic communications
Ensuring the correct role assignment, or authorisation, of a client using an electronic service is one of the basic prerequisites for its proper functioning. Different roles have different permissions and responsibilities within the service, and the service provider is obliged to offer the client all the roles into which he or she can fit within the service, including roles as a representative of a legal entity, a representative of a minor, a patient's registering physician, and others. These roles with authorisations in relation to other public administration clients are mandates. In order to properly cast into a role and establish a mandate, several basic elements must be in place to provide electronic services to public administration clients:
- Knowledge of the types of mandates when dealing with public administrations.
- Unique identification and authentication of the public administration client
- A public administration system capable of communicating and retrieving data from a linked data pool
- Self-authorization of the public administration client
Mandates for dealing with public administration
In the exercise of public administration, and in particular in any interaction and communication with a public administration client, it is necessary that the public administration respects the mandates to represent one person by another under different titles. A simplified form of representation mandate can be categorized according to the following table.
Entity Type | Mandate |
---|---|
Natural person | Acting on own behalf |
Acting on behalf of another natural person by law: - parent of a child, - spouse, - registered partner, - guardian, adoptive parent, guardian, foster parent - heir, executor, - substitute for persons incapable of acting or without a legal representative |
|
Acting on behalf of another natural person by power of attorney. | |
Power of attorney authorizing a specific person to act on behalf of a legal entity | |
Natural person acting on behalf of a legal person | Director of a legal person |
statutory representative of a legal person (one FO) | |
Statutory body of a legal person (multiple FOs) | |
Insolvency administrator | |
Liquidator | |
Acting on behalf of the founder of the legal entity | |
Authorised to act on behalf of the legal entity: - Public law title, - Private law title (contract, power of attorney, memorandum of association, etc.) |
|
If an agency regulation allows the use of access data to the data box system as identification means, this is further: a) For natural persons - statutory representatives authorised to access the data box of a legal entity by verifying the authorisation to the data box of the legal entity through the Data Box Information System (verification of access data and authorisation). b) For natural persons - authorised by the statutory representative to access the data box of the legal entity by verifying the authorisation to the data box of the legal entity through the Data Box Information System (verification of access data and authorisation). c) Verification of special agenda authorisation according to the agenda regulation on the basis of which agenda digital services are provided. |
Examples of mandates for natural persons resulting from certain municipal ordinances and regulations:
- To register for payment of the municipal waste collection fee.
- To register for payment of the fee:
- Housing,
- dog tax,
- for the occupation and use of public spaces.
- For the transfer, purchase, sale, acquisition of city property, (premises in city-owned buildings)
- For the use, subletting, cancellation of the use of the city's housing stock
- Mandate for dealing with the library - borrowing by a registered reader
As highlighted below, in the exercise of public administration, it is essential that the competent authority doing some action under the agenda in question knows for which form of representation the mandate is allowed or even necessary. A public authority will treat a mandate arising under the public law title of parentage quite differently from a mandate arising under the private law title of power of attorney.
It is also appropriate to distinguish the purpose of the mandate, i.e. the type of acts that the client of the public administration does through the represented person. These can be divided into the following groups:
- Looking at the data of the subjects of law without any interactive use or recording of the data (informational purpose).
- Accessing and reclaiming the data of the subjects, or where editing is directly enabled for the public administration clients (transactional purpose).
- Authorisation to access or use the data of the right holder for third parties, or to provide data from the ISVS to third parties (authorisation purpose).
- Making submissions and actions to public authorities (action purpose).
- Use of electronic client services such as making an appointment with an official.
- Enrolment, modification and cancellation of mandates.
Unique identification and authentication of public administration clients
All entities obliged according to Law No. 250/2017 Coll., on electronic identification are obliged according to §2 to use only a qualified system to prove their identity during electronic contact, namely:
"If a legal regulation or the exercise of competence requires proof of identity, proof of identity using electronic identification may be enabled only through a qualified electronic identification system."
The qualified system is managed by a qualified administrator (a public authority or an accredited person) and complies with technical standards and European Union specifications, and in particular is linked to a national point for identification and authentication - the so-called National Identity Authority (NIA).
Identification and authentication through the NIA will provide only and only the service of verified identity of the natural person, or any system using the services of NIA can rely on the fact that the logged-in natural person is actually who he/she claims to be remotely and electronically. No further authorization services are provided.
Public administration system capable of communicating and retrieving data from a linked data pool
A system providing electronic public administration services shall be able to communicate with and retrieve data from the linked dataset. To do this, the system must comply with the regulations:
- Law 365/2000 Coll., on public administration information systems. A system classified as an Information System for Public Administration (ISVS) using a public administration reference interface.
- Act 111/2009 Coll., on basic registers. A system classified as an Agenda Information System (AIS) using data from basic registers and basic register editors according to its agenda law.
- Law 250/2014 Coll., on electronic identification. A system that requires identity verification
- eIDAS Regulation
More about the use of Linked Data data and the infrastructure of the reference interface is written in the chapters:
The central shared eGovernment services can provide the following mandates for individuals who have proved their guaranteed electronic identity to the service provider:
-
- to ensure verification that a natural person is a statutory representative
- eGON service aiseoCtiPoddaju, aiseoCtiAifo (agency information system for population registration)
- to ensure verification that the natural person is the parent of a minor who lacks legal capacity
- to ensure verification that the natural person is the legal representative of another natural person
- to ensure verification whether the natural person is the guardian of another natural person
- to provide verification that the natural person is the spouse of another person
- eGON service isknCtiVlastniky (land registry information system)
- to ensure verification that the natural person is the owner of the property
- ISDS service
- To ensure that the natural person authorised to perform actions in ISDS is the owner of the data box
No other central authorisation/mandate verification services are planned at present or in the foreseeable future. Therefore, it is important that each e-service provider provides different types of mandates itself.
Self-provision of public administration client authorisation
Each agenda performed (public administration performance) may require different mandates for its needs. For example, a mandate to file a tax return on behalf of another individual, a mandate to consult the medical records of another individual, to dispose of the property of a legal entity for which I am not the statutory representative, or, for example, a mandate to represent me in inheritance proceedings.
All of these mandates must be dealt with within the framework of the given agenda and we propose as an ideal solution:
- Establishing a mandate register either in individual agency information systems or within the centralised administration of entities.
- Within the mandate registry, define predefined types of mandates allowed in the given agenda and the way of registering mandates for viewing and for client transactions.
- Allow all clients to write mandates according to the defined types under their guaranteed electronic identity.
- Allow clients to add mandates offline, for example at the office counter.
- Each time a client logs in, in addition to mandates from central shared eGovernment services, check the client's own mandate registry and let the client choose which role and mandate they want to work with each time they log in.
It is important to emphasise that the public administration should not differentiate between the form of communication and dealing with the client. Thus, a mandate generally valid for face-to-face dealings with a civil servant or for physical actions performed at the counter must also be available to the client for electronic communication and vice versa. It is therefore also necessary to keep the mandates in a standardised form in one place and to use them for electronic client communication.
Mandates arising from public or private law titles, including powers of attorney and agreements on representation in administrative dealings with the authorities, are among the common decisive facts, as enshrined in the related provisions of the Administrative Procedure Code (in particular Section 6 and Section 50 and related). It is therefore highly appropriate that the competent public authority, if
- uses and builds a central register of subjects,
- a central register of relevant facts,
- the facts of a registered or implied mandate of representation,
- include them in the relevant facts.
In fact, the client may refer to the relevant provisions of the Administrative Code and not provide, in particular, powers of attorney and other documents from which the mandate derives, to the authority repeatedly.
Discussion