Translations of this page:

What ISVS is and is not

Act No. 365/2000 Coll., on Information Systems of Public Administration and on Amendments to Certain Other Acts, as amended (hereinafter referred to as the "ISVS Act") sets out the rights and obligations related to the creation, use, operation and development of information systems of public administration (hereinafter referred to as "ISVS"). There are some important obligations associated with the administration of ISVS, such as the obligation to create an information concept of the public administration body, to follow the Information Concept of the Czech Republic and its related documents, to apply for an opinion of the Ministry of the Interior (OHA) on an ISVS project or obligations under Act No. 181/2014 Coll., on cyber security. Due to the obligations imposed by law on each ISVS or its administration, public administration authorities are faced with the crucial task of identifying information systems that are ISVS for which they perform the role of administrator within the meaning of the ISVS Act.

Past practice shows that it is not always easy for public authorities to determine which of the information systems under their management are ISVS or not, or into which category they fall. Public administrations may encounter the need to distinguish between different types of information systems when drawing up an information concept, i.e. a document setting out the long-term quality and security management objectives for managed ISVs, the general principles for acquiring, creating and operating ISVs. The information concept should also include the characteristics of each ISVS managed by the public administration authority; for each ISVS, the public administration authority must maintain operational documentation 1) on requirements for the structure and content of the information concept and operational documentation and on requirements for security and quality management of public administration information systems (Decree on long-term management of public administration information systems). The public administration body is also obliged to transmit data on managed ISVS to the relevant part of the basic register of rights and obligations (RPP), which replaced the former information system on public administration information systems, i.e. the so-called Register of ISVS (hereinafter referred to as the "RISVS"). The administrator of this basic register is the Ministry of the Interior.

The elaboration of the information concept and the transfer of data to the RPP are necessary conditions for the attestation of the long-term management of the ISVS.

Determining which of the managed information systems are ISVS, or which category they fall into, is therefore necessary, particularly with regard to the fulfilment of the obligations laid down in the ISVS Act.

Act No. 365/2000 Coll., on public administration information systems and on amendments to certain other acts, as amended.

Act No. 111/2009 Coll., on basic registers, as amended

Act No. 181/2014 Coll., on cyber security, as amended

Act No. 499/2004 Coll., on archiving and file service and on amendments to certain acts, as amended.

Decree No. 529/2006 Coll., on requirements for the structure and content of the information concept and operational documentation and on requirements for security and quality management of public administration information systems (Decree on long-term management of public administration information systems).

Decree No. 530/2006 Coll., on the procedures of attestation centres in assessing the long-term management of public administration information systems.

Decree No. 53/2007 Coll. on the technical and functional requirements for the implementation of links between public administration information systems through a reference interface (Decree on the reference interface).

Terms used

Information system - a functional unit or a part of it providing a purposeful and systematic information activity. Each information system includes data that are organized in such a way as to enable their processing and access, as well as tools that enable the performance of information activities

Information systems of public administration - a functional unit or a part thereof providing purposeful and systematic information activities for the purposes of public administration - § 2(b) of the ISVS Act.

Information Concept of the Czech Republic - created by the Ministry of the Interior and approved by the Government of the Czech Republic, it sets out the objectives of the Czech Republic in the field of public administration information systems and general principles for the acquisition, creation, management and operation of public administration information systems in the Czech Republic for a period of 5 years - Section 5a(1) of the ISVS Act.

Binding documents of the Information Concept of the Czech Republic - binding documents according to the Resolution of the Government of the Czech Republic of 3 October 2018, No. 629, which develop the principles and objectives of the Information Concept of the Czech Republic, i.e. Methods of ICT management of public administration in the Czech Republic, Glossary of eGovernment concepts, National Architectural Framework and National Architectural Plan (published on the website https://archi.gov.cz).

Information Concept of a Public Administration Authority - in this information concept, public administration authorities set out their long-term objectives in the area of quality and security management of managed public administration information systems and define the general principles for the acquisition, creation, management and operation of their public administration information systems - see Section 5a(2) of the ISVS Act.

Public administration authority - state authorities (e.g. ministries, other administrative authorities) and local self-government units - see Section 1(1) of the ISVS Act.

Operational documentation - ISVS documentation that describes the functional and technical characteristics of the information system and elaborates the authorisations and obligations of its administrator, operator and user - see Section 2(s) of the ISVS Act.

Operational information system - an information system providing information activities necessary for the internal operation of the competent authority, such as accounting, asset management or electronic mail - see Section 2(p) of the ISVS Act.

Reference interface - a set of legal, technical, organisational and other measures creating a uniform integration environment of public administration information systems, which provides a quality set of common services of public administration information systems, including services for the exchange of legitimately required information between individual information systems, including with systems outside the Czech Republic - see § 2(h) of the ISVS Act.

Binding between public administration information systems - mutual or unilateral provision of services of public administration information systems, for example data sharing - see § 2(o) of the ISVS Act; for the purposes of this methodological guideline, automated, mutual or unilateral provision of services between ISVS of different ISVS administrators.

Web service - a group of technologies and methods that connect information systems via the Internet and enable them to communicate and exchange information effectively with each other.

Abbreviations used

ISVS - public administration information system(s).

The prerequisite for an information system to be designated as an ISVS is, first of all, the fulfilment of the material characteristics of an ISVS, i.e. the factual state in which the information system in question meets the definitional characteristics of an ISVS as set out in the ISVS Act. The absence of a formal designation of an information system as an ISVS does not play a role in determining the type of information system, although, as will be mentioned below, a number of public administration information systems are explicitly designated as public administration information systems in the relevant laws.

ISVS in the ISVS Act

In accordance with Section 2(b) of the ISVS Act, an ISVS is a functional unit or part thereof providing a purposeful and systematic information activity for the purposes of public administration. This includes information systems providing activities pursuant to special laws. In order to determine whether a particular information system is also an ISMS, it is necessary to assess the relationship of that information system to the performance of public administration. In this context, it is necessary to define the concept of public administration.

Public administration can be characterised as the administration of public affairs which pursues public objectives and is carried out in the public interest (it is therefore the opposite of private administration, which is carried out by any natural or legal person who, on the contrary, pursues private objectives in his or her own private interest).

Public administration can be conceived in two ways, namely as a specific public activity (the so-called functional concept of public administration) and as a set of bodies (subjects) that carry out this activity (the so-called organisational or institutional concept of public administration).

For the purpose of defining the content of the concept of public administration in relation to ISMS under the Act
on ISVS the relevant concept is the functional concept, according to which public administration represents a publicly beneficial activity which pursues the fulfilment of a certain public (state, municipal, etc.) interest.

The form of public administration activity may take the form of so-called sovereign (sovereign) public administration. In this case, it is a prescriptive (authoritative) activity, which has the nature of public power2), when a public authority (e.g. a municipal authority) interferes in the legal relations of other persons (natural or legal persons). The existence of relations of superiority and subordination in which the public authority always stands above the person whose rights or obligations it decides on is typical for the public administration of a superiority. The classical result of the public administration of the superiors is administrative decisions issued in administrative proceedings 3), but also other acts of administrative authorities which affect the rights and obligations of the addressees of public administration (e.g. various certificates, public law contracts, measures of a general nature, etc.).

However, public administration may also take another form of activity, which consists in providing certain public needs. In the case of this care or management activity, we speak of non-sovereign (non-exclusive, fiscal) public administration, which, on the contrary, is characterised by equal relations between public administration bodies and their addressees (e.g. management of state or municipal property). In non-sovereign public administration, public administration bodies enter into private law relations (e.g. civil law relations).

Categories of ISVS

The ISVS Act itself describes only one category of ISVS, namely operational ISVS (Section 2(t) of the ISVS Act), and does not specifically name or divide the remaining ISVS. This division is only introduced by the Basic Registers Act, which distinguishes basic registers (Section 2(a) of the Act), i.e. four specific public administration information systems, which do not themselves serve to perform specific public administration activities, but represent a source of binding information for these activities, as well as agency information systems, which serve to perform specific public administration activities (Section 2(a) of the Act). (f) of the Act on Public Administration, and finally the so-called information system of basic registers as a self-contained information system of public administration having as part of the so-called reference interface the category of communication node (§ 2 (g) of the Act on Public Administration).

ISVS and their regulation in legislation

The fact that an information system is an ISVS does not have to be explicitly established by law, as it is described by material (factual) characteristics (§ 2(b) of the ISVS Act). Nevertheless, some laws provide that a particular information system is an ISVS.

On the other hand, an information system which, although not related to the exercise of public administration, is expressly declared by law to be an ISVS may be an ISVS.

For the unambiguous identification of an ISVS, the situation is easiest in cases where a legal regulation regulates the management of an ISVS (which meets the characteristics of an ISVS listed in Section 2(b) of the ISVS Act), explicitly designating it as such, possibly with reference to the ISVS Act. However, this is not the case in all cases.

The following examples document the ways in which the legislation regulates the maintenance of ISVS:

  • The legislation regulates the management of a specific information system, at the same time designating it as an ISMS and referring to the ISMS Act:

For example, Act No. 300/2008 Coll., on Electronic Acts and Authorised Conversion of Documents, in Article 14(1) provides:

"(1) The information system of data boxes is an information system of public administration, which contains information about data boxes and their users."

Footnote 4:

Act No. 365/2000 Coll., on Public Administration Information Systems and on Amendments to Certain Other Acts, as amended."

  • The legislation regulates the maintenance of a specific register (record, register, etc.), i.e. the term "information system" or "system" is not in the title; the legislation designates the register, record, register as ISVS and refers to the ISVS Act:

For example, Act No. 455/1991 Coll., on Trade Enterprise (Trade Licensing Act), in Section 60(1) provides:

"(1) The Trade Register is a public administration information system38d) maintained in electronic form….The Trade Register is administered by the Trade Licensing Office of the Czech Republic."

Footnote 38d:

Act No. 365/2000 Coll., on Public Administration Information Systems and on Amendments to Certain Other Acts, as amended"

  • The legislation regulates the maintenance of a specific information system, register, register, register, list, database, portal, etc., refers to it as ISVS, does not refer to the ISVS Act.

For example, Act No. 182/2006 Coll., on Bankruptcy and Methods of its Resolution (Insolvency Act), in Section 419(1) provides:

"(1) The Insolvency Register is a public administration information system, the administrator of which is the Ministry of Justice (hereinafter referred to as "the Ministry")."

  • The legislation regulates the maintenance of the ISVS but does not explicitly designate it as an ISVS.

For example, Act No. 311/2006 Coll., on Fuel and Fuel Stations and on Amendments to Certain Related Acts (the Fuel Act) in Section 6(1) provides:

"(1) The Ministry shall keep a register of filling stations and dispensing units….."

Some public administration information systems are in practice referred to by a name that is not specified in the legislation. An example is the Administrative Register of Economic Entities (the content of which is specified in Section 7(1) and (2) of Act No. 304/2013 Coll., on Public Registers of Legal Entities and Natural Persons) or the so-called Unified Identity Space - Catalogue of Authentication and Authorisation Services (JIP/KAAS), which is referred to as an authentication information system in Section 56a(1) of the Act on the Public Register.

ISVS without regulation in legislation

The management of an ISVS does not have to be explicitly regulated by a specific legal regulation (i.e. a legal regulation different from the ISVS Act), or the existence of an ISVS does not have to be explicitly mentioned in any legal regulation.

For example, municipalities, according to Act No. 565/1990 Coll., on local fees, collect local fees, e.g. from dog owners. In connection with this activity, a number of municipalities (or municipal authorities as local tax administrators) maintain as an information system registration of dog owners as local tax payers. This information system is an ISVS, and is maintained by decision of the public authority in support of the administrative activities carried out by it, i.e. it serves for the performance of public administration.

Registration of ISVS in the ISVS register in the RPP

It should be emphasised that an ISVS without being registered in the RISVS for eGovernment management purposes does not effectively exist and cannot fulfil its role within the interconnected data pool of the GG and support the provision of digital services of the relevant GG agency. Registration in the RISVS and completion of the relevant identifier is required by OHA as part of the request for an OHA opinion.

Availability

The examples in the previous section can be used to demonstrate that whether an information system is public or non-public, or whether that characteristic is explicitly stated in the legislation, is not the determining factor in determining whether an ISVS is a public or non-public information system. For example, the Criminal Register is not a public information system, the Insolvency Register or the Trade Register are publicly accessible with certain restrictions, the Land Registry is a public information system, yet they are all ISVS. The level of publication of data is therefore not a criterion for determining whether it is an ISVS.

Outsourcing

Whether the system is operated directly by the authority (public authority) or by another, even commercial, entity, for example by outsourcing, is not a criterion for determining an ISVS.

In some cases, the legislation allows for some form of outsourcing, for example by saying "a legal person may be entrusted with the management of the ISVS (by the public administration authority)" or "a legal person established by it" (see Section 2(d) of the ISVS Act), while in others it does not mention such a possibility, but it is still done.

In other cases, the law directly provides for the operator, for example, Act No. 300/2008 Coll., on electronic acts and authorised conversion of documents, in Article 14(2) provides:

"(2) The administrator of the data box information system is the Ministry. The operator of the data box information system is the holder of the postal licence."

Act No. 13/1997 Coll., on Roads:

"Section 22a (1) The operation of the electronic toll collection system and the collection of tolls shall be carried out by the Ministry of Transport. The Ministry of Transport may entrust the operation of the electronic toll collection system and toll collection to an organisation established by the Ministry of Transport or to a legal entity for which the Ministry of Transport performs the function of founder on behalf of the State (hereinafter referred to as the "operator of the electronic toll collection system") on the basis of the Government's consent.

§ 22b (2) The Ministry of Transport and the operator of the electronic toll collection system shall cooperate with the Police of the Czech Republic in the operation of the system and the collection of electronic tolls. To this end, the operator of the electronic toll collection system shall, in particular on the motorway network, create the organisational and technical prerequisites for the supervision of road safety and traffic flow, monitoring and evaluation of the traffic situation.

The ISVS Act does not apply if an information system is not a public administration information system. For example, an operating system, a web browser, a word processor and a spreadsheet are not in themselves ISVS.

The ISVS Act also does not apply if it explicitly provides for an exemption. Although operational information systems are also considered as public administration information systems under Section 2(t) of the ISVS Act, the ISVS Act explicitly excludes them from its scope under Section 1(4). However, certain operational information systems are exempted from this exclusion and are covered by the ISVS Act, as will be discussed below.

The ISVS Act also does not apply where it expressly exempts certain authorities or certain of their competences. For example, Section 1(2) of the ISVS Act completely excludes from the scope of this Act, for example, systems managed by the intelligence services or the National Office for Cyber and Information Security, Section 1(3) of the ISVS Act excludes from the scope of this Act, for example, systems managed by the security forces, however, the exemption does not apply in this case to the links of such information systems to other information systems.

The following questions may be helpful in assessing whether or not a particular information system is an ISVS:

  • Would the failure of the information system to function immediately impair or jeopardise the performance of a duty arising from the competences of the public authority concerned?
  • Does the information system store data on the administrative activity performed or data to support the performance of that activity?

If the answers to these questions are YES, the information system under consideration is most likely an ISVS.

However, an information system that is expressly declared to be an ISVS by law, even if it does not meet the characteristics of an ISVS under section 2(b) of the ISVS Act, will always be an ISVS.

If you evaluate the information system you manage as an ISVS, you must next determine the extent to which the ISVS Act applies to you. Section 1 of the Act sets out which ISVS are not covered by the Act, or are covered to a specified extent.

For example, the Home Office is the administrator of the following ISVS:

According to Act No 111/2009 Coll., on basic registers

  • Basic Population Register
  • Basic register of agencies, public authorities, private data users and certain rights and obligations

Pursuant to Act No. 133/2000 Coll., on Population Registration and Birth Numbers and on Amendments to Certain Acts (Act on Population Registration)

  • information system of population registration,
  • the register of birth numbers - ISVS, which is a separate functional part of the information system of population registration.

Act No. 365/2000 Coll., on public administration information systems and on amendments to certain other acts

  • information system, through which the competence of public administration contact points is ensured (CzechPOINT),
  • public administration portal,

In the case of municipalities, ISVS are, for example

  • registers of payers of local fees pursuant to Act No. 565/1990 Coll., on local fees,

In its information concept, a public administration body is required by law to set out its long-term objectives in the field of quality management and security of the managed ISVS and to define the general principles for the acquisition, creation and operation of ISVS. Decree No 529/2006 Coll., on the long-term management of public administration information systems, further provides for the obligation of a public administration body to characterise in its information concept all its ISVS of which it is the administrator. The information concept is created for the entire public administration body, not for individual ISVS.

The full structure of the information concept and examples of information concepts are available from https://archi.gov.cz/znalostni-baze:znalostni_baze .

Administrator, operator and user

An information concept shall always be prepared by a public administration authority with regard to those ISVS for which it is the administrator (§ 2© of the ISVS Act), and shall include these ISVS in its information concept.

The ISVS Act distinguishes between two roles of an entity in relation to ISVs, namely the administrator (Section 2© of the ISVS Act) and the operator (Section 2(d) of the ISVS Act). In particular, it regulates the obligations of the public administration body as the administrator of the ISVS, while the obligations of the operator are set out in Section 9e of the ISVS Act.

The administrator of the ISVS is the public administration body, unless a special law provides otherwise. This is the case, for example, with the Council for Research and Development, which is the administrator of the Research, Development and Innovation Information System, as this is provided for in Act No. 130/2002 Coll., on the support of research and development from public funds (the Council for Research, Development and Innovation is an expert and advisory body to the government in the field of research, development and innovation, i.e. not a public administration body within the meaning of the ISVS Act).

Any entity may be the operator of an ISVS 'unless otherwise excluded by law' - see Section 2(d) of the ISVS Act.

A public administration body may also be an ISVS user, as provided for in Section 2(e) of the ISVS Act.

For the development of the information concept, it is necessary to distinguish these roles, or rather to distinguish the administrator from the other two roles, i.e. the role of the operator and the role of the user.

In some cases, it might be difficult to distinguish between operator and user, based on the definition of operator in the ISVS Act - an operator is an entity that 'ensures the functionality of technical and software means constituting the information system of the public administration' - see Section 2(d) of the ISVS Act. However, a strict distinction between operator and user is of no practical significance in the elaboration of the information concept, since - as mentioned above - the information concept 'obligatorily' deals only with those ISVS,
for which the public authority is the administrator.

However, if a public authority considers it useful, for example for the sake of comprehensiveness of access, to include in the information concept all the ISVs it works with (also as an operator or as a user), it is not prevented from doing so.

It is recommended that the public authority should include in the information concept all the information systems of which it is the administrator, i.e. both ISVs and operational systems. When assessing which public administration information systems are subject to the obligation to include them in the information concept, it should also be taken into account that there is an obligation to include in the information concept those operational information systems which have links to public administration information systems which are not operational information systems.

Summary - in the information concept of the public administration

  • the ISMS for which the authority is the administrator must be listed,
  • the operational IS of selected categories for which the public authority is the administrator must be listed,
  • the ISVS for which the authority is the operator or user may be listed,
  • the operational information systems for which the authority is the administrator may be listed,
  • the operational information systems for which the authority is the operator may be listed

The information concept should also include 'combined' information systems involving the processing of several agendas of the authority, some of which are public administration in the narrow sense (the subsystem of the combined system is the ISMS) and some of which are purely operational (the subsystem of the combined system is the operational IS), e.g. the collection of administrative charges linked to the treasury and accounting of the authority.

Websites and portals

A public authority may view its websites and portals as ISVS for these purposes, or it may consider making information available via a website or portal as one of the functionalities (activities) of a particular ISVS. If it chooses the former approach, it should define the individual agendas on the website or portal as subsystems. In any case, both websites and portals should be listed in the information concept.

Although the previous version of the ISVS Act mentioned operational information systems, these systems were explicitly excluded from the scope of the Act on the grounds that they were not public administration information systems at all.

The current legislation brings operational information systems largely within the scope of the ISVS Act. Section 2(t) of the ISVS Act states that operational information systems are, without exception, public administration information systems. Selected categories of operational information systems administered by public authorities are subject to the ISVS Act (with express exceptions) in the same way as other public administration information systems; these are (i) human resource management and development and compensation information systems, (ii) electronic filing systems, (iii) accounting or financial management information systems, and (iv) electronic mail systems (Section 1(4) of the ISVS Act). Although other operational information systems are excluded from the scope of the ISVS Act, it is clear from the above list that the categories of operational information systems most commonly managed by public authorities are undoubtedly subject to the ISVS Act.

The activities for which these IS are used do not directly serve the exercise of public administration in the strict sense.

The above-mentioned systems would be non-operational systems in the case where the activity in question is the responsibility of the public authority concerned. Thus, a distinction should be made between

the public authority's asset register (this is an operational information system)

an information system e.g. on (administrative) decisions on the allocation or withdrawal of subsidies (in this case it would be a non-operational ISVS).

In both cases, these are information systems that monitor the (static and dynamic) state of the assets, but in the first case only the assets managed by the public administration body, whereas in the second case the competence of the public administration body (which in practice may be one and the same public administration body).

From the point of view of practice, e.g. when preparing an information concept, it may be more advantageous for the public administration body not to divide information systems into those that are operational ISVS or other ISVS.

For the long-term management of public administration information systems, the Information Concept of the Czech Republic, explicitly provided for in Article 5a(1) of the ISVS Act, and its follow-up documents mentioned above are crucial.


1)
The structure and content of the information concept and operational documentation are laid down in Decree No. 529/2006 Coll.
2)
Public power means such power which authoritatively decides on the rights and obligations of subjects, either directly or indirectly. The subject whose rights or obligations are decided by a public authority is not in an equal position with that authority and the content of the decision of that authority does not depend on the will of the subject - see the Constitutional Court's resolution of 25 November 1993, Case No II ÚS 75/93.
3)
The general procedural regulation in the field of public administration is Act No. 500/2004 Coll., Administrative Procedure Code. The Administrative Procedure Code regulates both the issue of administrative proceedings and other acts of administrative authorities - statements, certificates, communications (Part Four), public contracts (Part Five) and measures of a general nature (Part Six). According to the Administrative Procedure Code, an administrative procedure is a procedure of an administrative authority, the purpose of which is to issue a decision establishing, amending or revoking the rights or obligations of a named person in a particular matter or declaring that such person has or does not have rights or obligations in a particular matter.
Enter your comment: