UKRAINE e-Government Assessment June 2018 Governance Global Practice Europe and Central Asia Region The World Bank ACKNOWLEDGEMENTS The report is prepared by a World Bank team based on the findings and research carried out between March and June 2018. Davit Melikyan (Senior Public Sector Specialist), Carolina Rendon (Senior Public Sector Specialist) and Constantin Rusu (Public Sector Specialist) are the main authors of the report and represent Governance Global Practice (GP). The team also included Iryna Shcherbyna (Public Sector Specialist), Daria Gulei (Program Assistant) and Anastasia Soltis (Team Assistant) who provided valuable professional contributions and organizational support throughout the assessment. The assessment was peer reviewed by Cem Dener (Lead Governance Specialist, Governance GP), Knut Leipold (Lead Procurement Specialist, Governance GP) and Juan Navas-Sabater (Lead ICT Policy Specialist, Transport & Digital Development GP). The oversight of this task was performed by Daniel Boyce, Practice Manager. The team would like to acknowledge extensive cooperation and assistance received in Ukraine from the staff of State e-Government Agency and Reforms Delivery Unit. The team is also grateful to involved ministries, services and agencies and their subordinated entities, as well as to the development partners and civil society representatives for sharing their views and information. i ABBREVIATIONS AND ACRONYMS AI Artificial intelligence API Application programming interface BPR Business process reengineering CDO Chief data officer CEGU Central Electronic Government Unit CERT Computer emergency response teams CoM Cabinet of Ministers CSA Civil Service Agency CSIRT Computer security incident response teams DGT Digital government toolkit ECA Europe and Central Asia eGGO Electronic Government Governance Outline (assessment framework) EIU Economic Intelligence Unit EU European Union GIR Government Information Resources SOE (under SEGA) HRM Human resource management HRMIS Human resource management information system I.I.I. Inclusive Internet Index IAD Income and assets disclosure ICT Information and communication technology IoT Internet of things ISO International Organization for Standards IT Information technology ITU International Telecommunication Union KIIS Kiev International Institute of Sociology KPI Key performance indicators LPPR Leading policy planning role M&E Monitoring and evaluation MoEDT Ministry of Economic Development and Trade MoJ Ministry of Justice MoEnv Ministry of Environment NAIS National Information Systems (SOE) NCCS National Confidential Communication System OECD Organization for Economic Cooperation and Development OGP Open Government Partnership OSS One stop shop PFM Public financial management PM Prime minister PPP Public-private partnership SEGA State Electronic Government Agency SFS State Fiscal Service SIDA Swedish International Development Cooperation Agency SNAP Local service centers (abbreviation in Ukrainian language) SOE State owned enterprise SSSCIP State Service of Special Communications and Information Protection of Ukraine SWOT Strengths, Weaknesses, Opportunities and Threats TAPAS Transparency and Accountability in Public Administration and Services UK United Kingdom UN United Nations UNDP United Nations Development Program USAID United States Agency for International Development USS Ukrainian Special Systems WB World Bank WDR World Development Report ii DEFINITION OF MAIN TERMS Benchmark A comparator derived from good practices, against which a specific aspect of the e- governance system is assessed Dimension A specific aspect (sub-area) of the e-governance system Area A distinct part of the e-governance system that pools together several specific dimensions that are thematically interrelated Current “Status” A description of the “de facto” status of e-governance compared to a Benchmark Progress An assessment of the current status of e-governance against the Benchmark (red, amber and green) Foresight An assessment of the planned development vision against the Benchmark (red, amber and green) Trend Is the dynamic characteristics of the e-governance reform implementation (stagnation, advancement, achievement) “Overall” Category Reformer category based on the percentile average score for all dimensions, and changing between Beginner, Follower, Performer, Frontier -Beginner Reformer category with overall score of 25% and less -Follower Reformer category with overall score above 25% that does not exceed 50% -Performer Reformer category with overall score above 50% that does not exceed 75% -Frontier Reformer category with overall score above 75% iii Table of Contents Executive Summary .....................................................................................................................................................5 Introduction ..................................................................................................................................................................7 The Overview of e-Government Reforms in Ukraine...........................................................................................7 About the methodology ...........................................................................................................................................8 Electronic Government’s Governance Outline (eGGO) ........................................................................................ 11 Area 1. Policy, Planning and Implementation .................................................................................................... 11 DIMENSION 1. POLICYMAKING ....................................................................................................................... 11 DIMENSION 2. IMPLEMENTATION ................................................................................................................... 14 DIMENSION 3. ICT PROCUREMENT................................................................................................................. 21 DIMENSION 4. STRATEGIC AND REGULATORY FRAMEWORK ...................................................................... 25 Area 2. Public Services......................................................................................................................................... 30 DIMENSION 5. PLATFORMS AND SERVICES .................................................................................................... 30 DIMENSION 6. REGISTRIES AND INTEROPERABILITY .................................................................................... 36 DIMENSION 7. ACCESS AND CONNECTIVITY.................................................................................................. 40 DIMENSION 8. CUSTOMER RELATIONs ........................................................................................................... 45 DIMENSION 9. DELIVERY MODES ................................................................................................................... 47 DIMENSION 10. e-IDENTIFICATION ................................................................................................................. 49 Area 3. Data and Analytics .................................................................................................................................. 51 DIMENSION 11. SMART ANALYTICS ............................................................................................................... 51 DIMENSION 12. INFORMATION FOR MANAGEMENT ...................................................................................... 54 Area 4. Infrastructure and Security...................................................................................................................... 56 DIMENSION 13. DATA CENTERS ..................................................................................................................... 56 DIMENSION 14. ACCESS TO ICT RESOURCES ................................................................................................ 58 DIMENSION 15. BUSINESS CONTINUITY ......................................................................................................... 59 DIMENSION 16. CYBER SECURITY ARRANGEMENTS .................................................................................... 60 Area 5. Control Mechanisms ............................................................................................................................... 64 DIMENSION 17. MONITORING AND CONTROL ............................................................................................... 64 DIMENSION 18. CROSS CHECKS ...................................................................................................................... 66 Overall Snapshot of the Assessment ................................................................................................................... 67 Conclusion ................................................................................................................................................................. 72 Annex 1: eGGO Assessment Summary .................................................................................................................. 73 Annex 2: List of Recommendations ........................................................................................................................ 74 iv Executive Summary Electronic Government (e-government) is among the main bases for improving public administration and service delivery in Ukraine. To effectively support enhanced development outcomes, it requires a systemic and coordinated approach and parallel advancement of various components of digitalization. The purpose of this assessment is to identify issues and opportunities to consolidate, enhance and accelerate the electronic government reform in Ukraine. It informs and serves as a foundation for the prioritization and development of future areas of engagement of the broader e-government reform. Efforts to advance the implementation of e-government activities have not been properly sequenced and have been uncoordinated. Policy instruments, such as Ukraine’s Strategy for Public Administration Reform (2016-2020) prioritize the need to improve the quality of and accessibility to administrative services. To achieve this objective, the government plans on investing in digital technologies, the implementation of administrative service centers as well as the decentralization of basic administrative services. But an initial review of the status of reforms reveals that there is fragmentation in the implementation of e-governance reform efforts at the central government level. The main initiatives included in the e-government agenda seem to be organized around: (A) regulatory and institutional framework, (B) interoperability and registries, (C) electronic services, (D) open data and transparency, and (E) capacity, digital literacy and communication. One of Ukraine’s key initiatives in advancing the e-government reforms is related to the ongoing implementation of the interoperability platform "Trembita" (based on the Estonian X-road). To assess governance e-transformation this report introduces a comprehensive methodology – Electronic Government’s Governance Outline (hereafter Assessment) – that was developed by the team and is used for the first time. Conceptually it is based on three major pillars – the twelve principles of the OECD Digital Government Toolkit, the World Development Report 2016 (WDR 2016) on Digital Dividends, and the priorities of institutional governance reforms from operational learning. This assessment reflects the progress and status against various benchmarks of e-government, grouped in 18 dimensions and spread among 5 areas. Progress is assessed based on actual status, while the foresight evaluates the ongoing directions and plans formalized through normative acts and strategic plans. The Ukraine assessment is a first attempt at bringing together the technical perspective of digitalization with the treatment of the agency problem underlaying the essence of governance. Pro-poor policies, in-line with the World Bank Group’s Twin Goals and the perspective of WDR 2016 are also incorporated into the report, in particular, through such entry points as delivery mode and connectivity. Recognizing the challenges and complexity of reforms in this area, the report outlines key priorities for future focus by policymakers and implementers in setting up specific strategies for v addressing weaknesses and advancing reforms. The assessment, which was performed through desk review of policy and regulatory framework, interviews and structured surveys of key stakeholders, reveals a pattern of disproportional development of the system. In some areas, Ukraine performed well (cyber security arrangements, access to ICT resources, access and connectivity, strategic and regulatory framework), while other areas appear to be at the inception phase or lacking clear foresight. Datacenters, data analytics, business continuity, ICT procurement, citizen identification, separation of stakeholder roles, and shared platforms and services are among the key functions exposed to vulnerabilities of e-government in Ukraine. Ukraine needs to initiate a number of important steps to address these vulnerabilities, inter alia, including commencing a process of public sector data centers consolidation, creating a unit or body in charge of data management in the public sector as an important step toward evidence based policymaking, implementing a data recovery center, establishing a unit in charge of ICT procurement policy at the central government level, filling in of the unified demographic register, making clear delineation of e-government policy making and implementation roles, as well as adopting an approach to implementation of shared services and platforms. The report discusses three foresight scenarios as alternatives to the “status quo”. The scenarios reflect different approaches to addressing identified vulnerabilities of e-government in Ukraine. It observes that pursuing a scenario that addresses the top five vulnerabilities – lack of attention to the “information for management”, challenges for centralization and virtualization of “data centers”, lack of “smart analytics”, weak “business continuity” arrangements, and missing arrangements for “ICT procurement” - would warrant upgrading the status to the next level of development. Implementing many of the good practices will be a challenge in the short-term. Next steps should ideally focus on reforms that prioritize consolidation of datacenters. Implementing a centralized policy for ICT procurement requires strong political will and high-level support. The first manifestation of such political support could be clear definition of the stakeholder roles and, most importantly, separation of implementation from policymaking. 6 Introduction The Overview of e-Government Reforms in Ukraine In its quest to meet citizen and business demands for qualitative and accessible public services, the Government of Ukraine (GoU) has expressed interest in investing in information and communication technologies (ICTs) and using e-government tools to improve the provision of public services. Given the increasing role of digital technologies in almost all areas of public administration – from citizen engagement in policy formulation to public service delivery, Ukraine’s e-government reform efforts have been placed at the core of its public administration reform agenda. Several motivations appear to have driven the implementation of e-government activities so far. Although efforts and initiatives have responded more to individual decisions than institutional planning, among the top-down motivational sources are the processes of integration with the EU, a more citizen-centric approach to administrative reforms, and efforts to increase transparency and accountability. Bottom-up motivations include increasing voice, awareness and participation, led mostly by civil society and NGOs. Efforts to advance the implementation of e-government activities have not been properly sequenced and have been uncoordinated. Policy instruments, such as Ukraine’s Strategy for Public Administration Reform (2016-2020) prioritize the need to improve the quality of and accessibility to administrative services. To achieve this objective, the GoU plans on investing in digital technologies, the implementation of administrative service centers as well as the decentralization of basic administrative services. But an initial review of the status of reforms reveals that there is fragmentation in the implementation of e-governance reform efforts at the central government level. Despite the challenges, progress has been made. Since the mid-2017 Ukraine has adopted two new strategies that further spell out the national priorities in e-government: (i) Concept Note for E-government Development in Ukraine (September 2017); and (ii) Concept Note on the Development of Digital Economy and Society in Ukraine for 2018-2020 (January 2018). Different sector ministries, such as health, education, and labor, have embarked upon reforms to incorporate the use of ICT technologies into their core front and back office services. The UN e-Government Development Index, 2016, ranked Ukraine 62nd out of 193 countries, an improvement of 25 places over its 2014 placement, with significant gains in e-government and e-participation. Limited donor coordination appears to have added complexity to the GoU’s reform efforts. Requests for collaboration and donor support have been sporadic and uncoordinated, increasing fragmentation and complexity in implementation. A full e-government assessment has not been completed since 2002, but among the most relevant activities, there was an Open Data Readiness Assessment (ODRA) by the UNDP in 2016. Furthermore, an e-government assessment focused on policy and institutional aspects is currently being conducted by EU consultants. With support of several projects financed by development partners such as the EU, SIDA, Swiss, USAID, and UK, among others, the GoU is pursuing the digitalization of one hundred key public administrative 7 services (out of a total of 1,200 mapped) by the end of 2018. Lastly, activities at the local level are being led mostly by civil society organizations and donors in an uncoordinated manner (although in some cases these partnerships with local public authorities have produced e-solutions that were later adopted by the central government, such as the mobile application for garbage collection management, currently hosted on the Ministry of Environment’s official web-page). Despite weak institutional capacity and resource constraints, reform efforts at the central level continue to be quite ambitious. The main initiatives included in the e-government agenda seem to be organized around: (A) regulatory and institutional framework, (B) interoperability and registries, (C) electronic services, (D) open data and transparency, and (E) capacity, digital literacy and communication. One of Ukraine’s key initiatives in advancing the e-government reforms is related to the ongoing implementation of the interoperability platform "Trembita" (based on the Estonian X-road). Due to the challenges related with finalizing key registries, in particular a reliable demographic registry (currently covering about 20% of population) which is sought as the basis for unique identification numbers for citizens, the full implementation of an interoperability platform to connect the registries may take an additional three years. The National Interoperability Development Roadmap envisages implementation steps till end 2020. About the methodology This assessment reflects an effort to uncover the status of key foundations for digitalization and the pre-conditions for the introduction of electronic service delivery from governance and institutions entry points. It analyzes the current development of several institutional, infrastructure and regulatory pre-conditions in Ukraine and how they have impacted reform efforts conducted by the Government. The aim of the Electronic Government’s Governance Outline (eGGO) assessment is to help inform and tailor future reform efforts in the use of ICTs and e- government tools for such things as the digitalization of government registers and databases; improved information flows between agencies; implementation of shared and sectorial e-services; data centers consolidation and user-friendly interfaces with citizens, businesses and local governments, among others. The present analysis follows the 2016 World Development Report (WDR 2016) on Digital Dividends recommendations on the importance of “analog foundations” to achieve the true benefits from digitalization. Likewise, Government plays important roles in ensuring such pre- conditions and to avoid exclusion and the deepening of the digital divide, using digital technologies to reinforce institutions, improving monitoring of service delivery, strengthening social norms and promoting civic behavior (like voluntary tax compliance or energy conservation through peer comparisons). The WDR 2016 also cautions on principal-agent information asymmetries to explain why systems can fail to combat rent seeking. It argues that without political commitment and leadership the digitalization may further contribute to exclusion and control without producing positive development impact. The present assessment has been conducted using the eGGO methodological framework, specifically developed for this exercise. The methodology benefits from existing tools and 8 approaches to the maturity benchmarks – for instance OECD digital government toolkit and EU e-government benchmark – organizing them around the governance and economic development priorities in the developing country context (as defined in the WDR 2016). Figure 1 – Conceptual bases of eGGO assessment Governance and Institutions Digitalization benchmarks and trends WDR 2016 lessons (OECD & EU) The key features of the methodology are reflected below: • Assessment of progress and foresight of e-government reform against a pool of benchmarks, compiled from various OECD and EU good practices, tools and the World Bank experience in ECA countries, grouped in 18 dimensions spread among 5 areas. The progress is assessed based on actual status, while the foresight evaluates the ongoing activities and plans formalized through normative acts and strategic plans. This approach allows assessing both the current status and the direction of any reform, thus providing more information for policy level discussions. • The assessment uses the traffic light or RAG (red-amber-green) rating system (red=0 or void, amber=50% or partial, green=100% or full). This is popular in project management and has been previously deployed in the similar World Bank assessments to classify against specific benchmarks, and aggregate these at the level of dimensions and areas over a 0-100 range or percentile measure (where 100% resembles the perceived best practice.) • Having both the progress and foresight measurements also allows the reporting of trends – upward sign (↑) if foresight is improvement over the progress; warning sign (!) if the foresight does not target further improvements; and finish sign (checkered flag) if the progress warrants getting full credit for the specific benchmark. • Depending on the percentile score for each dimension the framework proposes four possible reformer statuses – “beginner” (score≤25), “follower” (2575). While the overall score at the country level is not reported, it may be used to determine the overall status of the reform. 9 The task team used the “eGGO framework questionnaire” to interview selected key stakeholders on various aspects of electronic government, which were organized around the assessment areas and dimensions listed below: 1. Policy, Planning and Implementation - Policymaking; Implementation; ICT procurement; Strategic and regulatory framework; 2. Digital services - Platforms and services; Registries and interoperability; Access and connectivity; Customer relations; Delivery modes; Identification; 3. Data and analytics - Smart analytics; Information for management; 4. Infrastructure and security - Data centers; Access to ICT resources; Business continuity; Cyber security arrangements; 5. Control mechanisms - Monitoring and control; Cross checks. The eGGO assessment focuses on the institutional contexts and capacities of relevant institutions to design and deliver government to citizen and government to business services effectively. The next section of this report reflects the findings of eGGO assessment by areas, dimensions and benchmarks. 10 Electronic Government’s Governance Outline (eGGO) Area 1. Policy, Planning and Implementation DIMENSION 1. POLICYMAKING The Cabinet of Ministers of Ukraine (hereinafter referred to as “CoM”) plays the leading role in e-Government policy setting by approving various concept notes, strategies and action plans in the field of e-Government. For example, the CoM decided on e-Government as one of main priorities in its mid-term priority action plan (till 2020), as well as recently approved a number of important strategic documents such as e-Government Development Concept Note (2017) and Concept Note of e-Services Development (2018) and their implementation plans. Recently approved documents are clearly showing that implementation of the e-Government agenda is a top CoM’ reform priority and needed policy and strategic framework actions are being approved. Another theoretically important body in the field of policy development is the Intersectoral Council on e-Governance Development (hereinafter referred to as “Council”). The CoM established the Council back in 2009, but recently revisited its role and functions (2017)1. According to its regulation, the Council is headed by the Prime Minister and includes 44 members - 1 CoM Decision No. 4 from the January 14th, 2009 (with last amendments from May 24th, 2017). 11 representatives of various ministers, services and agencies, as well as academia, business and civil society organizations. The Council is a consultative and advisory body of the CoM, established with the purpose to coordinate the activities on development, implementation and monitoring of implementation of programs and projects (tasks) in the field of e-Government development. Organizational support and the secretariat work of the Council is carried out by the State Agency for e-Governance. The main tasks of the Council are: • preparing proposals for the formulation and implementation of state policy in the field of e- government development and integration of Ukraine into the global information space; • assistance in ensuring coordination of activities of executive authorities and local self- government bodies while conducting work in the areas of e-government, computerization, the formation and use of national electronic information resources and the development of the information society; • preparing proposals and recommendations on the targeted and effective use of public finances and other financial assistance, implementation of sectoral, regional and informational programs and informatization of executive authorities and local self-government bodies. According to its regulation the Council shall meet on a need basis, but not less than twice per year. In addition, the e-Government Development Concept Note states that an effective operation of the Council should be ensured in order to raise management efficiency in the field of e-Government. Moreover, the Council should play a key role in fostering the coordination of the authorities’ activities in the process of implementation of the provisions of the Concept Note – the main strategic document in the field of e-Government development. However, it appears that the Council has not met in recent years underlining its irrelevancy. As result, the State e-Government Agency (hereinafter referred to as “SEGA”) is de facto coordinating both e-Government policy making and policy implementation. The SEGA participates in policy development related to following main themes: development of electronic services; automation of internal processes of the public authorities and implementation of the documents management system; improving IT registries and implementation of the interoperability platform, as well as making government data public. There are other players involved in policy making somewhat connected to the implementation of the e-Government agenda. For example, the Ministry of Economic Development and Trade (hereinafter referred to as “MoEDT”) oversees policy in the field of administrative services and the State Service of Special Communications and Information Protection (hereinafter referred to as “SSSCIP”) does the same in the field of cyber security. The absence of clear leadership and lack of coordination of policy making is complicating the implementation of the "whole-of-government" e-transformation as the entire e-Governance reform effort is sporadic and uncoordinated both horizontally and vertically. From a governance prospective there should be a clear delineation of policy making from the policy implementation. But SEGA seeks to lead both policy making and implementation, splitting its capacity, raising conflict of interest issues, and undermining SEGA’s ability to fully focus on its policy implementation role. 12 The policy making process includes conducting public consultations as one of the main requirements for the assurance of transparency in decision making. Authorities which are developing a legislative act must organize its public discussion which includes both publishing documents on the authority’s web-site and face to face meetings with civil society2. The core policy papers related to e-government reforms, such e-Government Development and e-Services Development Concepts, followed the appropriate process of public discussion before their approval3. The policy making process takes into consideration emerging modern technologies and is considering their application in the specific areas. For example, the Roadmap of the National Interoperability Development includes an action with the aim to improve transparency and accountability of the data processing in public registries through the implementation of the pilot projects using blockchain technology. A broader plan for adopting blockchain technology in public sector through 2020 is in the pipeline. SEGA and MoEDT are members of the Innovation Council where the development and application of such innovative and modern technologies are frequently discussed. Overall, as summarized in the table above, the policymaking framework is still emerging, with an eGGO status of a “follower”. The trends are mostly directed upwards, but may not materialize without commitment to revise the mandates, delineate roles and responsibilities, and change the relevant regulatory framework. Recommendations: • The policymaking function should be streamlined and consolidated. • The Intersectoral Council on e-Government should be strengthened. Decreasing the number of Council members should be considered, while retaining sufficient representation and incisiveness. This recommendation stems from the high number of members that might make the functioning and decision making of the Council difficult. • Given that any policy is ultimately approved by the CoM, Council’s management and membership could be set up at a more technical level to make the scheduling and sessions more agile, technical, and productive. • Clear delineation of policy making versus implementation is needed. • Clear delineation of mandates and the policy/decision-making roles is warranted amongst the key actors in the e-Government agenda. • Strong political support to advance this agenda that has been declared a national priority. The Head of SEGA should be given the status of Advisor to the PM on e-government reform. • Public outreach to communicate about plans and achievements of e-Government reform is needed. 2 CoM’s Decision No. 996 from March 3, 2011 on the Regulation of Public Consultations on the Development and Implementation of the State Policy. 3 SeGA published the Concept of E-Governance Development Strategy 2020 and the Concept of e-Services on its website and organized face-to-face public debates in its office in January 2017. During March-April 2017, SeGA provided regional level public discussions (https://www.e.gov.ua/content/gromadske-obgovorennya-komponentu-elektronne-uryaduvannya). 13 DIMENSION 2. IMPLEMENTATION As mentioned under the previous dimension, one of the key players in the field of e-Government implementation is the State e-Government Agency (https://www.e.gov.ua/). The SEGA was set up by the CoM4 in 2014 as a dedicated central public administrative body to lead the implementation of state policy in the fields of informatization, e-governance, the formation and use of national electronic information resources, the development of information resources in society. In addition, SEGA is entitled to make proposals to the CoM to ensure the development of a state policy in this area. As mentioned in the e-Government Development Concept Note, SEGA should carry out the coordination and control of implementation of the provisions of the Concept – the main policy document in the field of e-Government. In addition, the SEGA is responsible for the introduction of 4 CoM Decision no. 492 from October 1, 2014. 14 the project approach to the implementation of e-government, as well as standards of information systems management. According to its regulation, SEGA should perform the following activities: • suggest improvements to legislation; • conduct various studies; • perform monitoring and evaluations; • coordinate sectorial and regional programs and projects; • provide methodological, legal, informational and organization support to various actors involved; • perform state registration of information resources from the public sector and issue corresponding certificates of registration; • assure functioning of the CoM’s single web portal; • monitor the content of the public sector websites; • assure integration of information systems (hereinafter referred to as “IS”) in the single web portal of public sector bodies and assure provision of information and services through the IS “e-Government”; • coordinate the work on creation, maintenance and operation of the National Register of Information Recourses; • establish data formats of electronic documents, methodology of determining who should paid from the budget programs, methodology for indicators development; • submit proposals on: policy goals and tasks and ways of implementation; coordination of the activities of state bodies; establishment of standards, norms, rules, orders, classifiers; rules for web portal and web pages content; • development and implementation of interoperability IS; • approval (together with MoEDT) of the procedure and requirements for integration of services to the State Administrative Services Portal • development and implementation of Open Data Portal; • development and implementation of the IS “Single window for e-reporting”; • development of Administrative Services Portal; • implementation of national system of indicators for the development of Information Society; • implementation of digital signature; • participate in the protection of state information resources; • participates in capacity building; • organizes public awareness and promotion campaigns; • participates in international collaboration. The above mandate, that looks quite broad, covers functions related to both policymaking and implementation. Perhaps, those related to policymaking could be reassigned to the e-Government Council proposed as part of the recommendations on the previous dimension, unless the political decision is for SEGA to concentrate on the policy formulation, which should trigger alternative arrangements on part of the implementation. 15 The decisions and orders of SEGA are mandatory for execution by the central executive authorities, their territorial bodies, regional and local state administrations and authorities, local self-government bodies, enterprises, institutions, organizations irrespective of the form of ownership, and citizens. According to its regulation, SEGA is headed by a Director who is appointed and dismissed by the CoM on the proposal of the Commission on the Issues of the Senior Civil Service that selects the candidates based on the results of the competition in accordance with the law on civil service. The Director has two deputies that are selected on a competitive basis and similarly are appointed by the CoM based on proposals of the Commission. To discuss and/or agree on specific aspects of e-Government implementation SEGA can establish thematic councils. Council decisions can be implemented by issuing an order. Other permanent or temporary consultative, advisory and other subsidiary bodies may be formed for consideration of recommendations and conducting professional consultations on the key issues of SEGA’s activity. The Director of SEGA is deciding on the establishment or liquidation, as well as composition of such bodies. The maximum number of civil servants and employees of the Agency shall be approved by the CoM and currently SEGA has 75 staff position out of which 54 are filled. The staff structure is approved by the Director, in agreement with the Minister of the CoM. The staffing and SEGA budget are approved by the Director in agreement with the Ministry of Finance. As reported by SEGA during the interview, its capacity has been sufficient to handle the current scope of work, but the perception of the WB Team is that some functions are clearly lagging. For example, there has been little done regarding the adoption of BPR methodology, delays in implantation of the interoperability system and coordination of the e-government agenda at the subnational level is lagging. SEGA capacity could improve after it fills its current vacancies and achieves a narrower functional scope. SEGA should revisit its overly broad mandate and functions to become more focused and efficient in implementing e-Government reform. SEGA should undergo a functional analysis to determine what is critical and realistically can be performed on its own and what should be transferred, delegated or outsourced. SEGA is missing an institutional development strategy and indicators for monitoring of its own performance. In addition, its funding model is not defined to allow incentives based on results of e- Government implementation and to assure financial sustainability and institutional development. SEGA is the founder of the State Enterprise “Government Information Resources” (hereinafter referred to as “GIR”), which is technically maintaining and operating several e- Government related portals and platforms such as Open Data Portal and interoperability platform “Trembita”, Electronic Documents Management System (EDMS) and some front office information systems for SNAPs. SEGA benefits from substantial donor support for many key e-Government initiatives, such as implementation of the interoperability platform, improving of the state registries, administrative services digitalization, front office digitalization for local service centers (hereinafter referred to as “SNAP”s as per their Ukrainian abbreviation), Open Data, implementation of the e-tools for participatory governance and capacity building. Below are 16 presented main donor projects with their areas of support. More details on donors’ assistance are included throughout the report under specific thematic areas: • Technical assistance project “Transparency and Accountability in Public Administration and Services” (hereinafter referred to as “TAPAS”) co-funded by USAID and UKAid. A 19 million USD project for 5 years (2016 – 2021) that is covering the areas of e-procurement, open government data, e-services and capacity building. • Technical assistance project “e-Government for Ukraine” (hereinafter referred to as “EGOV4UKRINE”) co-funded by the Estonian Development Cooperation and Sweden with its “You Lead” sub-project (hereinafter referred to as “U-LEAD”) implemented by the e- Governance Academy of Estonia is focusing on: rollout of the interoperability platform “Trembita”; development of a front-office IS for the SNAPs; capacity building in the field of e-Government for the central and local authorities. • EU Delegation planned an assessment of the e-Government in Ukraine with support of experts from the E-Governance Academy of Estonia. The assessment focuses on policy framework and institutional aspects, potential assistance in improvement of the policy documents and action plans as well as reinforcement of the SEGA. Based on the assessment report the EU Delegation is planning to provide recommendations and future support in implementation. The work started in April 2018 and will be finalized during the summer. Per EU’s vision the e-Government in Ukraine should be treated as an integral part of a broader Public Administration Reform. EU Delegation is conducting the Public Administration Reform (PAR) SIGMA assessment to be released in June 2018 that will also include e- Government aspects. The SIGMA assessment report will be also used for defining further steps of the e-Government implementation and EU potential support in the area. • More narrowly focused donor financed digitalization projects are primarily implemented with responsible public entities, who in turn collaborate with SEGA. Examples from the WB active portfolio include Human Resource Management System (HRMIS) for civil service, e-Heath System, etc. The e-Government Development Concept Note sets up priorities for the e-Government implementation in key sectors. According to the Concept, effective management in any sector currently is impossible without wide application of modern e-government tools. These tools should include automation of processing of the big volumes of data, information and analytical support of decision making, optimization and automation of business processes and introduction of e-tools for interaction. In addition, the Concept encourages the use of modern technologies for the e-Government such as geo-information technologies, internet of things, big data processing and blockchain. The priority activities for sectorial e-Government implementation are the following: • In healthcare: creation of basic registers including professionals, medicines and intuitions; introduction of e-medical records and e-prescription IS; introduction of the unified open standards for healthcare IS; development of integrated healthcare IS and telemedicine; • In environment and natural resources: online environment monitoring; electronic integrated environment permission; IS on water balance; 17 • In education and science: encouraging the development of design infrastructure and secure application in the sector; development of the training IS and automation of the main processes of work of educational establishments, including e-grade book, e-text book, distance learning; • In social protection: unified social state register with integration of the existing disintegrated data bases; introduction of the e-sick leave; introduction of automated data verification; introduction of electronic employment agreements; • In financial and fiscal policy: development of e-office of a taxpayer; development of "one- stop-shop" customs automated system; automated processes for budgets planning and approval at various levels; e-excise stamps; • In human rights and freedoms protection: integrated IS for the Ministry of Internal Affairs; implementation of the “112” integrated emergency system; development of single demographic register; • In transport and infrastructure: introduction of the e-ticket; • In regional development and reform of local self-governance and territorial organization of authorities: city planning cadaster; introduction of sample information and analytical systems for the local communities; • In elections: development and implementation of the e-election IS; • In archiving: development of the archiving IS; implementation of the e-archive services. Public authorities are currently facing multiple problems related to the implementation of e- Government agenda, such as: • lack of capacity and qualified staff in the field of IT management to assure decent implementation, management and maintenance of the IT solutions; • low level of salaries and high turnover in the public sector that makes it difficult to retain qualified staff; • lack or insufficiency of the IT infrastructures to assure optimal level of performance and security; • lack of IT projects management capacity to professionally conduct IT procurements; • capacity constraints for evaluation of the purchased systems, proper acceptance of deliverables and assurance of sustainability. The Ministry of Infrastructure and its Digital Department can serve as a relevant example of these problems. The head of the Digital Department serves as Chief Information Officer (CIO) of the sector but is the only person that currently works in the Department. The Department has 10 staff positions, all unfilled. The Digital Department is responsible for budgeting of related activities, conducting e-Government related feasibility studies and monitoring the implementation of specific e- Government sectorial projects. The allocated 10 staff positions, however are not dedicated exclusively to e-Government implementation. For example, 3 positions will work on Postal Services, including market regulation; another 3 positions will be dedicated to Railways and assure development and maintenance of the technical side of its activity (hard and soft) and only the remaining 3 positions will work on integration of the systems and development of the sectorial e-services that are pure e- 18 government related tasks. One service to be implemented by the Ministry of Infrastructure, in collaboration with the CoM and Agency of Transporters and with the support of TAPAS project, is to connect different registries with geo-positioning information systems. There are also discussions on using railway pillars and wires for support to extension of the internet access. The State Enterprise “Government Information Resources” is an example of the impact of staff turnover. Although this quasi state enterprise has entrepreneurship possibilities and elements for attracting high qualified staff, it is still financed mainly by the state. The competitiveness of pay is not high, which results in an annual turnover of about 50%. Retention of qualified staff is a problem. After gaining professional experience at GIR, staff members easily find jobs in the private sector with 3-4 times higher pay. The average pay in a state enterprise is close to US$500 a month (US$1000 for IT, US$700 for support staff, and US$500 for front office work). In public institutions where salaries are lower, the retention of staff is even more challenging. Government agencies are operating in silos rather than collaborating, withholding data rather than sharing it, building redundant systems rather than leveraging shared applications and infrastructure. Currently, most administrative bodies maintain their own ICT staff and suboptimal technology infrastructure in a siloed manner that lead to duplication of functions and inefficiencies. Regional and local governments suffer from a shortage of ICT capacity and national agencies do not have sufficient resources to support them. Another list of problems related to implementation that needs to be addressed is reflected in the e-Government Development Concept Note: • insufficient level of integrated coordination, control and interaction of the customers; • economic crisis, which leads to decreased amount of funding in the sphere of e-government development; • low quality, effectiveness and efficiency of projects and tasks implementation; • low quality of management of design, implementation, maintenance and development of the information and communication systems (data bases, registers etc.) and resources (data processing centers, telecommunication networks etc.) of the authorities; • insufficient level of readiness of the civil servants and local self-governance bodies staff, individuals and legal entities for implementation and use of e-government tools. Additional implementation challenges identified by the WB Team indicate that there is no clear definition and delineation of the roles related to the IS implementation and life-cycle (IS design and development, testing, placement in production, technical operation and maintenance, service delivery, quality assurance, monitoring and evaluation). In addition, the business model and financial sustainability of implemented solutions are usually addressed on an ad-hoc basis and lack a unified approach; and financial management arrangements are not properly defined. SEGA has the mandate and is working on coordination across the sectors and regions, however rules are not consistently followed by the stakeholders. Overall, the implementation capacity needs to improve. As can be observed in the table above, the current eGGO status of a “follower” may be upgraded in the future subject to achievement of the set 19 strategic targets. Yet, there is no clear plan on delineation of implementation from policymaking, which is the most critical step, as well as narrowing SEGA’s scope of work. Recommendations: • Implementation should be guided by following principles stated in the EU e-Government Action Plan: Digital by default, Cross-border by default, Once only principle on EU level, Interoperability by default, Openness and transparency, Inclusiveness and accessibility, Trustworthiness and Security. • IT project and programs design and management capacity of the public sector should be consolidated. Quality assurance of the provided IT solutions should be improved. • Development of all systems should follow the same rules, practices and procedures to assure acceptable quality, documentation and sustainability plans. • Deployment of the shared services should be embraced by the key guiding principles of the e- government implementation. • The e-Government reform should help systematize projects and programs management related to IT development, implementation and maintenance from the ministries, subordinated agencies, regional and local authorities to a qualified central unit or net of units. Public authorities should deal only with strategic planning of the use of modern technologies and digitalization (sectorial e-transformation), as well as participation at the concept development phase for the IT projects and solutions and use of the implemented solutions. • SEGA should consider narrowing its scope of activities and responsibilities to become more focused. It should be decided what can be done in-house and what can be delegated or outsourced. • e-Government transformation agents (persons or units) should be strategically established in public sector entities to ensure proper implementation of activities under the e-government development plan. The person responsible for sectorial e-transformation should not have a rank lower than deputy minister (state secretary). It must be understood such persons or units are in charge of advising on e-Government policy implementation and should not be placed in operative units such as IT departments (or units in charge of maintenance of the IT hardware in ministries or agencies). They need to be change agents in the sector and work tightly with SEGA. • Clear delineation of institutional mandates related to the IT cycle (design and development, testing, placement in production, technical operation and maintenance, service delivery, quality assurance, monitoring and evaluation) is needed. • Reform Delivery Unit under PM can monitor and evaluate the progress of reform implementation through a Scorecard based on KPI and foster reforms implementation. • Business model and financial sustainability plans for implemented solutions should be developed, approved and followed. 20 DIMENSION 3. ICT PROCUREMENT Procurement of digital technologies is included as one of the twelve principles of OECD Digital Government Toolkit5 (DGT). Procurement of modern digital technologies requires more agile ways of procurement and deployment, new forms of public private partnerships (PPPs) and service contracts with the private sector. Given the large scale and extended implementation period, the procurement of ICT systems is associated with high risk of failure. Besides being transparent, procurement of ICT systems needs to be agile. Due to its complexity the procurement of ICT system should be covered by special guidelines available to public entities. DGT highlights that to select the appropriate mix of ICT solutions, governments should have a good knowledge of their existing assets, including a skills inventory, ICT inventory and age of existing assets 5 OECD Digital Government Toolkit: http://www.oecd.org/governance/digital-government/toolkit/ 21 to determine where they are in their life cycle, a public services catalogue, current contracts, inter- agency agreements and a list of public sector registries. These tools can guide future investments and help prioritize strategic decisions on resource allocations. Addressing these questions requires sound coordination mechanisms and implementation arrangements. In an intermediate or advanced system these functions are carried out by a designated unit in charge of ICT procurement policy at the central government. The complexity of ICT systems also introduces additional requirements for maintenance provisions. In summary, the relevant DGT principle (#11) underlines the importance of reviewing procurement rules and creating an ICT-acquisition environment and strategy that supports the digital transformation of the public sector. Intelligent ICT Capability is needed to: Public procurement Failure to address these procurement: should be adapted to new issues accurately exposes  Identify common trends in technology and governments to:  Increases efficiency needs across the public ICT deployment  Supports innovation sector methods, namely:  Efficiency and sharing  Changes in shortcomings  Helps achieving the procurement and  Cloud computing  Untapped national digital contracting rules  New forms of PPPs opportunities for government strategy  Set clear frameworks  Open source software public sector and responsibilities  Service contracts with innovation the private sector  Financial risks through project failure Source: http://www.oecd.org/governance/digital-government/toolkit/principle11/ According to the 2014 OECD Survey on Digital Government Performance, 36% of member countries did not have a specific strategy for ICT procurement, and 50% did not have central repository of existing ICT contracts in government. The Ukrainian procurement system does not have separate procurement procedures or arrangements for ICT systems. Most of the recent advances in public procurement reforms are associated with introduction of ProZorro system for electronic procurement. ProZorro was primarily introduced to enhance transparency in Public Procurement in Ukraine. It was developed in 2014. Before becoming operational, the system was piloted between February 2015 and April 2016. Currently, the ProZorro covers the entire country. The ProZorro system provides transparency for certain stages of general public procurement, but it appears that the whole process is not digitalized and integrated with other systems. Nor are all procurement methods covered by ProZorro, as revealed in the “Assessment of Ukraine Electronic Procurement System” by the World Bank in 2017 (hereafter Assessment of ProZorro). More importantly, there are no specific methods and documents for ICT procurement comparable with the Bank’s bidding documents for supply and installation of ICT systems. The National Program for Informatization, coordinated with SEGA, is the main instrument for keeping the track of procurement planning. There is no information about the robustness of this process. 22 There are no specific ICT procurement standards or guidelines available to public entities. In some cases, the gap is partially covered by the provisions in outdated GOST standards, which are derived from general budgeting and public procurement legislation. The Law on the National Program of Informatization provides the regulatory framework for coordinating the ICT procurement. Coordination with SEGA and SSSCIP respectively on ICT and cybersecurity is a formal requirement, but is not reliably enforced. There is no centralized and specialized ICT procurement policy unit in place. Despite requirements for coordination with SEGA, ICT procurements at subnational level lack coordination. There is also no dedicated centralized repository for ICT contracts. There have been certain surveys for existing systems in context of "Trembita" and/or the MOF fund for intellectual property, but there is no robust inventory with the real-time age information. While the ProZorro systems contains the details about awarded contracts there is also no database for historical supplier performance. Introducing relevant accounting standards could help to keep better track of expenditures on ICT assets and services. There are provisions in the Budget Code, Law on Public Procurement and National Program of Informatization that support budgeting the maintenance of ICT systems. According to the Article 9 of the Law on National Program of Informatization, the Cabinet of Ministers annually, together with the draft Law on the State Budget of Ukraine for the next year, submits to the Verkhovna Rada of Ukraine: a report on the state of informatization in Ukraine; the tasks of the National Informatization Program for the next three years; and a program of informatization tasks for the next budget year with the definition of funding sources. As part of the mandatory review of ICT procurement packages SEGA pays attention to the total cost of ownership in the context of procurement of the systems. Plans about introducing the ICT specific good practices did not come out during the interviews and the desk review of national strategies. Based on the Assessment of ProZorro, the Bank recommended that the MoETD needs to create a guide book on public procurement. There has been no specific discussion about the guidelines for ICT procurement in the Assessment of ProZorro, or the 2016 Strategy for Public Procurement Reform (Roadmap) approved by the Cabinet of Ministers. The Bank recommendations also included introduction of black and white lists for economic operators6 (suppliers) and central pool of ICT procurement and contract management expertise. As shown in the table above, ICT procurement is at inception, which corresponds to eGGO status of a “beginner”. While there is a foresight for coordination and transparency of all procurement, the core procurement nuances that are specific to ICT are missing from the strategic documents. 6 This information could also justify the cases of use of direct contracting, for instance if the government has committed to specific brands and signed special framework contracts with vendors for this purpose. 23 Recommendations: • Develop a central data base on all existing assets in the public sector including their age, as a next step to earlier initial stocktaking exercises. Develop a strategy for ICT procurement based on the inventory of existing assets. • Establish a central repository for all ICT tenders, contracts and payments across the public sector at the central levels. ProZorro should provide a good foundation for it. Expand the central open repository to include ICT tenders, contracts and payments at the subnational level. • Establish a unit in charge of ICT procurement policy at the central government level, and establish co-operation and collaboration with subnational levels of government to avoid duplicities and improve value for money of ICT investments. The unit, inter alia, will be responsible for putting in place the arrangements for framework agreements for aggregated ICT demand. • Adapt ICT procurement policy to more agile and iterative delivery methods and facilitating access to small specialized firms to compete for contracts in their area of expertise. • Develop an ICT procurement strategy applicable across the public sector. • Develop an open database of previous supplier performance for ICT projects. The Assessment of ProZorro made a relevant general recommendation to establish a black and white list of suppliers. • Although in contrast to the general trends and the logic of reduced transaction cost in the procurement sector, in-line with OECD recommendation over longer term there could be significant benefits from breaking down large projects to smaller, more manageable sizes as appropriate. One immediate result would be reduction of the risk of failure for smaller and simpler tasks. The smaller sized projects will also allow smaller bidders to compete and bring quite interesting and specialized expertise that some small start-ups or companies may offer. • A more coordinated and unified investment in public sector IT needs to be implemented. At the local public authorities should coordinate their investments in IT with the central level. 24 DIMENSION 4. STRATEGIC AND REGULATORY FRAMEWORK The main policy document in the field of e-Government is the Concept Note on the e- Government Development in Ukraine (hereinafter referred to as “e-Government Concept”. The Concept Note was approved by the Cabinet of Ministers in September 20177. The Concept shall guide central, regional and local level public authorities and subordinated entities during implementation of the e-Government. The document is quite comprehensive and covers the following topics: • The problem which should be addressed; • The goal and timeline of the implementation; • Ways and methods of solving the problem; • Modernization of the public services and development of interaction between the authorities, citizens and business with the support of information and communication technologies; • Development of electronic services; • Open data development; • Development of electronic tolls for citizens involvement; • Development of electronic identification and trust services; 7 COM Decision no 649-P from September 20, 2017. 25 • Modernization of public administration with the support of ICT; • Development of electronic interaction (interoperability); • Development of the e-document flow; • E-Government in the key sectors and support of the priority reforms; • Management of the e-government development; • Formation of basic ICT e-government infrastructure; • Raising the efficiency of management of the e-government development. According to the Concept, the e-Government reform was set by the CoM as one of main priorities of the Public Administration Reform as well as implementation of the e-Government is one of the Ukraine’s commitments under the EU Association Agreement. Implementation of the e-Government is treated as a main precondition to the effective development of the digital economy and digital market in Ukraine and its further integration into the EU Digital Single Market Strategy. The goal of the e-Government Concept is to define the directions, mechanisms and period for the development of an effective e-government system in the Ukraine for meeting the interests and satisfying the needs of individuals and legal entities, improvement of public administration, increasing the competitiveness and fostering social and economic development of the country. The implementation is envisaged for the period until 2020. In line with the EU e-Government Action Plan, the Concept sets out the following internationally recognized principles for the implementation of e-Government: • Digital by default • Once only • Compatibility by default • Accessibility and citizens involvement • Openness and transparency • Trust and security The implementation implies undertaking of integrated measures covering three main areas: public services modernization and development of interaction between the authorities, citizens and business with the support of ICT; modernization of public administration with the support of ICT; management of the e-government development. Another important policy document in the field of e-Government is the e-Services Concept Note (hereinafter referred to as “e-Services Concept”). The e-Services Concept was approved by the CoM in November 20168. The Concept recognizes that Ukraine is lagging the global pace of the development of electronic services and there is a need to develop a single coordinated state policy in this area. The e-Services Concept seeks to solve key issues in the field of e-services delivery. The purpose of the Concept is to develop an efficient electronic services system in Ukraine to meet the interests of 8 COM Decision no. 918-p from November 19, 2016. 26 individuals and legal entities through the development and maintenance of accessible and transparent, safe and non-commercial, least costly, fast and convenient electronic services. In addition, the e-Services Concept sets out main principles that should guide the development of the e-services in Ukraine: • consumer orientation; • accessibility; • security and protection of personal data; • de-bureaucratization and administrative simplification; • transparency; • preservation of electronic information (subjects of treatment should be able to receive information on the actions of the entities providing administrative services related to the receipt of their personal data); • openness and reuse (the ability of the actors to provide administrative services to interact to provide high-quality and efficient electronic services, using data and technical solutions of each other); • technological neutrality; • efficiency and effectiveness. Implementation of the Concept is foreseen for the period up to 2020. The Concept approved a list of 45 priority services to be digitalized by 2020. More details related to the planned 3 stages and actual status of implementation are provided in the following chapter that focuses on services. An important policy document is the Roadmap of National Interoperability Development (2017- 2020) (hereinafter referred to as “Interoperability Roadmap”). The Interoperability roadmap defines the main steps to be taken by various public authorities in coordination with SEGA to implement an interoperability platform. According to the Roadmap, by the end of 2017 the central elements of the interoperability platform were expected to be deployed followed by integration of registers. The integration of registries into the interoperability platform was supposed to happen in 3 stages. By the end of 2017, top-priority electronic registries of the 15 central bodies were expected to be integrated and by the end of 2-nd quarter of 2018, registries of another 30 (2nd line) central executive bodies. More details about the Interoperability Roadmap and status of implementation is provided below in another chapter. As described above, Ukraine has a strong policy framework for implementing e-government, e- services and interoperability system. These policy documents supported by several other laws and regulations, create the foundation of policy, legal and regulatory environment for e-Government implementation. In terms of legislative and regulatory framework, there is a modern and dynamic legislation in place defining and regulating such basic e-Government related notions such as Digital Signature and Electronic Document. This Laws regulate the activity of the users in the respect with electronic documents and their exchange between various authorities. Based on the Law on Electronic Documents the SEGA is currently implementing the public-sector Documents Management System. 27 An important law connected to the area of public services modernization is the Law on Administrative Services.9 The information about each administrative service can be received free of charge from the Register of Administrative Services, located on the Government portal. According to the Art. 16 of that law, the Register of Administrative Services is formed and maintained by the Ministry of Economic Development and Trade. The procedure for keeping the Register is regulated by the Cabinet of Ministers. The Register aims to include a proper accounting of administrative services and provide an open and free access to information about administrative services. Cyber security is also regulated by the Law on Administrative Services.10 The Law defines the legal and organizational foundations for ensuring the protection of private and national interests of Ukraine in cyberspace, the main goals, directions and principles of state policy in the field of cybersecurity, the powers of state bodies, enterprises, institutions, organizations, persons and citizens in this area, and the main principles of coordination of their work on the provision of cyber security. The area of Open Government Data is regulated by the Law on Information Access, as well as the Regulation on data sets that should be published in the open data format.11 The Regulation defines the requirements for the format and structure of the data sets to be made public in the form of open data, the frequency of updates, and the procedure for their publication, as well as the list of such sets of data. According to the Regulation, creation and provision of the operation of the Unified State Portal for Open Data is carried out by the SEGA, which is its holder. The Administrator of the Unified State Web-Portal for Open Data is the State Enterprise “Government Information Resources”. The regulation established that data sets should be published in open-readable formats for reuse such as: CSV, XML, JSON, RDFa, HTML, Microdata, or other similar formats. An important law in preparation with TAPAS Project assistance is the Law on State Electronic Registries. The Law is aiming at the unification of criteria and requirements for all the state registries. The law will define the legal framework for the creation and maintenance of electronic registries. The draft is supporting the implementation of the EU standards for data exchange and interoperability, including cross border data exchange with EU member-countries. A semantic catalog will be implemented to allow connection to EU single digital gateway and digital market. The data exchange will be based on the “once-only” principle and unique identification number, to exclude duplication of personal data in all state registers. The IT committee in the Parliament is supporting the draft that was recently publicly consulted and is expected to be sent for approval by the Parliament. In addition to the policy and legal acts, there are many CoM’s decisions and regulations, earlier mentioned in the report, to support the e-Government implementation at the sub-legislative level, such as the Regulation on Intersectoral Council of e-Government Development and the Regulation on State e-Government Agency. While laws and regulations mentioned above do not provide a comprehensive list, they provide insight into the general legal and regulatory framework. It is also important to emphasize that in Ukraine there a strong policy and legal framework to implement the e-Government reform and that it 9 The Law no. 5203-VI from September 16, 2012. 10 The Law no. 3163-VIII from October 5, 2017. 11 CoM decision no. 835 from October 21, 2015. 28 provides a clear mandate for the SEGA to lead the implementation of such a reform. This framework continues to evolve as new legislation and government decisions are passed. At the same time, the e-Government Concept recognized that the regulatory framework is imperfect and the following actions are needed: • analysis and systematization of the regulatory framework on e-government and ICT regarding their effectiveness and focus on e-Government goals and strategic objectives; • updating and development of the new regulatory documents regarding e-government, ICT, information-oriented society and e-services etc.; • reliable protection of the data and right to privacy of an individual, with the aim of strengthening public confidence in the on-line environment; • harmonization and introduction of the international standards in the sphere of information technologies; • defining unified rules and requirements for the creation, introduction and functioning of the state electronic information resources and introduction of the national register of electronic information resources. In addition, the WB’s Team would like to mention the following issues related to the strategic and legal framework: there is no clear delineation of mandates and responsibilities related to policy making and implementation of the various players involved; high-level of decentralization requires a more explicit regulation of the e-Government implementation at the regional and local level; standards based on international best practices are implemented in limited areas such as open data and information security, but in some areas such as IS development and interoperability are still missing or under development; there is no methodological framework in place to support such processes as re- engineering and digitation of services, protection of data, etc.; the Law on Personal Data Protection is in place, but there are some challenges related to implementation. Overall performance on this dimension, as reflected in the table below, is significant and secures an eGGO status of a “performer”. Nevertheless, special attention should be paid to improvement of the foresight, implementation of standards and benchmark regulation as well as provision of methodological support. Recommendations: • Revise the legal framework to provide a clearer definition and delineation of mandates and responsibilities related to policy making and implementation of the various players involved. • A more detailed regulatory framework on e-Government implementation at the regional and local level is needed due to the high-level of decentralization. • Establish the interoperability framework in line with the European Interoperability Framework, as well as a whole-of-government Enterprise Architecture as the overarching operational document. • Explore the option of standardizing by adopting international best practice or benchmark regulations, for example on the quality of public services, management of registries, etc. 29 • Methodological support documents in such areas as re-engineering and digitalization of services, registry cleansing, data protection, etc. needs to be developed and provided. • A better implementation mechanism for the Law on Personal Data Protection should be define and implemented. Area 2. Public Services DIMENSION 5. PLATFORMS AND SERVICES 30 The main policy document in the area of e-services is the Concept Note on e-Services Development. By approving this document, CoM places the public services modernization in the center of e-Government reform and aims at development of a unified coordinated policy in this area. The purpose of the Concept is the implementation of the efficient user oriented e-services system through the development and maintenance of accessible and transparent, safe and non-commercial, least costly, fast and convenient electronic services. The Concept seeks to solve the following key problems: • failure of the regulatory framework governing the provision of e-services; • lack of uniform requirements for e-services implementation; • the unsettled issue of electronic identification and authentication of business entities when providing e-services; • the lack of an interoperability system that will assure interagency electronic interaction • complexity and overlapping of the procedures for the provision of administrative services; • uncertainty of the format of the electronic document, according to which the applicant must submit documents for the receipt of administrative services; • the lack of a single information and telecommunication infrastructure, providing electronic services; • lack of confidence in the electronic interaction of entities providing administrative services and users; • low level of readiness of civil servants, officials of local self-government bodies, individuals and legal entities for the introduction of electronic services. Services digitalization is based on the following internationally recognized basic principles: • consumer orientation; • accessibility; • security and protection of personal data; • de-bureaucratization and administrative simplification; • transparency; • preservation of electronic information (subjects of treatment should be able to receive information on the actions of the entities providing administrative services related to the receipt of their personal data); • openness and reuse (the ability of the actors to provide administrative services to interact to provide high-quality and efficient electronic services, using data and technical solutions of each other); • technological neutrality; • efficiency and effectiveness. Implementation of the Concept is foreseen for the period up to 2020 and is based on a phased approach consisting of three main stages. In the first stage (2016-2017) the reform focused on priority services, including their re-engineering, digitalization and piloting; development of the single Services Portal; as well as regulation of the use of digital signature and electronic identification. At 31 the second stage (2018-2019 years) that is currently on-going the reforms should focus on optimization of the procedures for the provision of administrative services; introduction of priority services in electronic form; as well as wide involvement of individuals and legal entities in the use of electronic services. The third stage (2020) provides for the provision of e-services in all areas of public life, the provision of integrated electronic services, and the introduction of cross-border electronic services. According to the Concept a precondition for digitalization of administrative services is re- engineering (optimization) of procedures for the provision of administrative services. The re- engineering is aiming at: reduction of the number of documents required when applying for a service; reduction of the number and simplification of the stages/steps to be taken during provision of services; the introduction of electronic forms of interaction between the providers and users; identification of certain stages (procedures) that can be automated and reduction of the internal processing time for the certain stages during services provision. However, a clear step-by-step methodological guideline for the re-engineering is missing. Currently the re-engineering is done on an ad-hoc basis, mainly with donor’s support, or by own agency efforts in the format of a “brain-storming”. A task force that would provide a more systemic and comprehensive approach to such a complex issue as re-engineering of services is missing. MoEDT is responsible for setting up polices in the field of administrative services and their provision. According to the Ministry currently there are 1200 administrative services in Ukraine. The services are provided by a net of service centers set up at the local level. There are around 700 service centers that provide local services and central administrative services as well as some online services. The government of Ukraine plans to create an additional 600 service centers and to implement the concept of one-stop-shop centers for service delivery both local and central as well as offline and online. More information on service delivery model is provided in the specific dimension below. The SEGA is coordinating the process of services digitalization. The e-Services Concept defines a list of 45 priority services to be digitalized in the first run. Currently there are around 50 public services (land and environment -10, citizenship and migration-5, business registration and activities-8, construction and real estate-14, social assistance-9) that can be accessed on-line from the web page of the CoM: (https://www.kmu.gov.ua/ua). For modernization of a service, the SEGA, in collaboration with the relevant ministry or agency, is developing the concept of the service which needs to be backed up by a Ministerial decision or regulation. Services that are to be reformed with the support of donors are regulated by a Memorandum of Understanding (MoU) with the donor. Digitalized services are at a different level of maturity. For some, individuals can only submit the application on-line while others are fully transactional. For example, the on-line certificate on criminal record is one of the services digitalized and used as a pilot, but only the application for the certificate can be submitted on-line. Back processing, payment and issuance of the certificate are done in the traditional way - manually. The process of sectorial services digitalization is benefiting from donors’ support. The TAPAS project in collaboration with SEGA and some ministries did implement 12 online services. For example, on-line application for the allowances for the new born was implemented for the Ministry of Social Protection (over 10,000 on-line applications). Another important achievement is the implementation of the on-line business registration (more than 5,000 entrepreneurs registered online). According to project representatives, the technical part of digitalizing a service is the easiest one. The 32 most difficult it is to synchronize ministries and to develop a proper legal framework for the service to be modernized. According to the Government of Ukraine's Mid-Term Priority Action Plan which was adopted by the Cabinet of Ministries' Order no. 275 of April 3, 2017, 100 public services are to be digitalized by the end of 2018. Prioritization of the services to be digitalized is done based on the EU recommendations for prioritization of the online series (EU 20 services). The final list of services to be digitalized has not yet been defined. There are different approaches to determine which services are subject to digitalization. Some services are prioritized in policy documents and SEGA is helping ministries to address them. In other cases, a bottom-up approach is used when a ministry approaches SEGA with a request to help with the digitalization of a specific service. There are other cases when the digitalization of services it is done by an entity itself (i.e. Tax Service). The coordination role of MoEDT and SEGA in the area of administrative services modernization are somewhat overlapping due to poorly assigned mandates and competences. Apparently, SEGA and MoEDT have different understandings of coverage boundaries created by the lack of clear definition of the terminology used. SEGA is focusing mostly on the services planned for digitalization that include both central “administrative services”, as well as “sector specific” services, whilst MoEDT is responsible for the administrative services through the lens of traditional offline delivery with some elements of on-line delivery. This creates a lack of clear leadership and responsibility for the coordination and advancing on the overall public services modernization reform. In addition, there is no clear methodology on prioritizing the services for digitalization and it is not obvious how the Government is going to modernize all 1200 existing services. The MoEDT, with the support of U-Lead project, has been conducting services inventory surveys. The initial extensive list of around 3000 services is reported to be optimized to 1200 through the consolidation and clustering of services. Initially, the list was sorted by service providers, but later MoEDT decided to move to a listing based on the names of services. These are more demanded and better described. As result, MoEDT created a register of services based on the screening of existing legislation. However, a robust horizontal review and regulatory guillotine aiming at exclusion of the outdated services and elimination of duplications is missing. While digitalization may indeed reduce the administrative burden, its impact will be limited without proper filtering and guillotining of services. Recently MoEDT tasked a team of five persons to prepare the revised full list of services by end 2018. The e-Services Concept and its Implementation Action Plan12 refer to the Unified Administrative Services Portal that should incorporate the information about all existing services and serve as a single-entry point for provision of on-line services. In addition, the e- Government Concept Note mandates the “implementation of the "one-stop-shop" principle through ensuring development and functioning of the Unified State Administrative Services Portal, as a single point of access of individuals and legal entities to the electronic services”. However, on-line services as well as information about off-line services can be found on various sources usually containing different information and steps for service provision. For example, online public services are provided 12 Approved by the Cabinet of Minister’s decision no. 394-p from June 14th, 2017. 33 through the CoM official web page (https://www.kmu.gov.ua/ua), compartment “Services”, were citizens and business can access online services as well as find information about the offline administrative services; and an Online state services portal “IGov” (https://igov.org.ua/) where only online services G2C and G2B are provided (a portal developed on a volunteer base). The information about sectorial services can be found as well on the web-pages of specific ministries or agencies. Currently SEGA is considering several experiences (UK, Estonia, Israel, etc.) in collecting all services on a single portal. Narrow technical services are closely linked to their back office and are considered hard to move to a centralized portal. SEGA’s preference is to have multiple entry points (portals or web-pages) but compliant to a unified design code. Several countries expanded the design code to cover such services, so that for the user it appears as a single system. SEGA is currently discussing this option with MoEDT and is trying to finalize development of the design code and introduce it for the pilot ministries. The design code and templates also need to be citizen friendly. There is some proactivity in deployment of modern technologies. There are attempts to use blockchain when issuing the land titles based on cadaster records and during the auctions of property confiscated by bailiffs. Despite implicit understanding, the common aspects of digitalization (Government IT enterprise architecture, shared and enabling services) are not handled in a coordinated and comprehensive manner. The existing shared services include the implementation of electronic signature, Electronic Documents Management System and interoperability system “Trembita”, which currently has been piloted. More details on “Trembita” implementation is provided under the “Interoperability” dimension. The requirement stated in the e-Government Concept on “ensuring the repeated use of the ICT systems to minimize budget expenses and avoid the duplication of systems and decisions” is not properly fulfilled. In spite of the progress made, the delivery of e-services in the public administration at all levels (central, regional and local) remains decentralized and is characterized by inefficient spending, divergent practices and standards, limited inter-sectoral coordination and planning, and fragmentation of ICT capacities. There are multiple examples of two or more ministries or local public authorities purchasing different aspects of the same IT systems without any coordination, i.e. human resources, financial or assets management systems. Similarly, a large majority of organizations within the Government outsource some ICT functions to an external entity. However, the outsourcing of these activities is rarely harmonized across organizations. In other cases, some IT hardware investments have become obsolete before the administration was ready to utilize them. Implementation of shared services is used by most countries as a valid strategy to address the above-mentioned problems. There are opportunities to save costs and to benefit from the economies of scale through the development of a unified architectural framework that would integrate all shared and sectorial services. Governments around the world are implementing shared services to simplify processes and increase efficiency. Implementation of shared services are leading to improved services both within the Government and to the public – by reducing the administration’s burden through streamlined, automated administrative processes and by institutionalizing best practice ICT standards, such as once only, open data and digital by default. 34 SEGA is making some efforts to implement shared services, however the Government is lacking a common vision and strategy of implementation of shared services for all the functionalities that are similar from sector to sector and public authorities of the same cluster. SEGA should become de facto an institutional coordinator of shared services implementation. It should lead and oversee the development and evolution of the whole-of-Government’s IT enterprise architecture, as well as identify technology standards to be used when developing IT solutions. Shared solutions can be implemented for application for a service, identification, signature, payment, reporting and other common features of services provision. Overall, as shown in the table above Ukraine receives an eGGO status of a “follower” for this dimension. It needs to invest in filtering the services and pursuing prospects for common solutions for common services, as well as implementing cross-sectorial shared and enabling services. Recommendations: • The implementation of the platforms and services should be guided by the EU eGovernment Action Plan principles: Digital by default, Cross-border by default, Once only principle on EU level, Interoperability by default, Openness and transparency, Inclusiveness and accessibility, Trustworthiness and Security. • The definition of services, whether (i) public service, (ii) administrative service (central/sectorial and central/local) or (iii) communal services need to be clarified to avoid duplications and overlaps as well as responsibility vacuums. A common approach to all services delivered by the public sector for businesses and citizens should be established. • A unified public services registry should be implemented. • The roles related to the services modernization should be clearly defined. Currently there is ambiguity and overlap between the mandates of MoEDT and SEGA. • The possibility of implementation shared services should be analyzed more carefully and an approach to shared services implementation should be developed (application/front-office digitalization, identification, signature, log, payment, reporting, delivery, etc.). • A horizontal review and guillotining of outdated and duplicating services should be conducted. Cleanse the services register. • Prioritization methodology for services subject to modernization should be developed and implemented. • Methodologies of services re-engineering and digitalization should be developed. • SEGA should consider clustering of services based on common features and apply the same approaches to those services. • SEGA should consider the unification of on-line entry points for receiving the services. Modernization of Services Portal should be implemented. • A unified approach to public services tariffs setting should be developed and applied. • Define the expected results and targets of the public services reform with indicators and proper monitoring of the progress. 35 • A system to monitor the quality of delivered services should be implemented. • Implementation of a call center to support public service delivery. • Capacity building for the staff involved in the new models of public service delivery. • SEGA needs to have a strategy to improve the uptake of digitalized public services. The strategy should include public awareness campaigns and tutorials and training on how to use e-services. • An approach to assisted service delivery (through a net of centers like SNAPs or other qualified entities) for those who do not have computer/internet at home. DIMENSION 6. REGISTRIES AND INTEROPERABILITY The problems related to the interoperability are duly reflected in the e-Government Concept: the absence of the automated data exchange and interoperability of the public sector IS; low rate of interaction between public authorities and legal entities, especially related to the provision of the e- services and access to open data; and the lack of proper e-identification and e-authentication of individuals and legal entities in the process of interaction with public authorities. The Law on Administrative Services (Art 9) states: an entity providing administrative services shall receive information necessary for the service provision (without the participation of the user) through the access to information systems or databases of other entities providing administrative services or 36 through the interoperability system. Thus, mandating the implementation of the “once-only” and “public information reuse” principles. In addition, according to the same Law, “the state entities possessing the documents or information necessary for the provision of administrative services, are obliged: to provide free of charge such documents or information no later than three working days from the date of receipt of the request unless otherwise provided by law; take measures to develop the system of interagency electronic interaction, provide free and open access to their information systems and databases, unless otherwise provided by law; provide free remote access to their own information systems and electronic databases (registers) containing information necessary for the provision of administrative services, administrators of the centers for the provision of administrative services and entities providing such administrative services, including through the system of electronic interaction between public electronic information resources”. The Government of Ukraine decided to address the above problems through the implementation of an interoperability system/platform (hereinafter referred to as “Interop”) that will allow an automated exchange of data between IS. The implementation of the Interop should as well reduce the time for obtaining data, improve the quality and relevance of the processed data, end the repeated collection and duplication of data in the different registries and IS, improve access to IS and their systematization. Implementation of Interop foresees the integration of core public registries, service centers as well as connection to a wider cross-border electronic interaction with various international stakeholders in line with European Interoperability Framework. The implementation of Interop is done under coordination of SEGA with the support of TAPAS and U-LEAD projects. Project activities are focused on the development and implementation of the interoperability system and improving of the state registries. This is a joint project, where TAPAS is covering semantic, organizational and legal aspects and the U-LEAD project is covering technical aspects. The technical solution it is called “Trembita” (after its Ukrainian name) and is based on the Estonian X-Road developed by the e-Governance Academy of Estonia - one of the implementers of the U-LEAD project. At the end of the project SEGA aims at connection of all state registries to the interoperability platform. The “Trembita” will assure exchange of data among various public sector IS and will serve as a core infrastructure for the digitalization of the administrative services. Public authorities and service centers will have direct access to the data contained in the various state registries that will enable fast provision of the services to citizens and businesses. In October 2017 the SEGA became the official holder of “Trembita” platform. Technical maintenance and operation of the platform is assured by the state enterprise “Government Information Recourses”. Some of the root registries such as population, cadaster, tax payers and demographic registries are already connected to the platform for piloting. The SEGA aims to connect to “Trembita” up to 20 state registries by the end of 2018. In 2016 the CoM approved the Decision No. 606 that regulates the implementation of interoperability. In addition, SEGA with the support of TAPAS project conducted an inventory and audit of the state registries and developed a mapping report “State Electronic Information Resources: Status and Perspectives”. This was the first audit of the information resources of state during the last quarter century. The report outlines the main problems related to interoperability and provides recommendations. Currently there are around 135 registries of which 23 are defined as “root” 37 registries. Around 90% of data is duplicated in different registries and therefore registries need to be cleansed and aligned to common standards. The data exchange is only partially digitalized and is done on a bilateral basis. The report is focused on the 23 most demanded (“root”) state registries. The maintenance of these “root” registries costs about US$ 21.0 million a year, and over 45% of the cost is spent on maintenance of the servers. The state registries are held by more than 40 various central public administration bodies. (In Ukraine there are 18 ministries and 65 other central public administration bodies such as agencies, inspections and service). Some of them have special status and are subordinated directly to the CoM such as the space agency, civil service, cyber security service, etc. and others are subordinated to the ministries). Main holders of the state registries are Ministry of Justice (20 registries), State Tax Service (15 registries) and Ministry of Internal Affairs (13 registries). The SEGA is planning modernization of the state registries and Register of Registries that is under its maintenance. The Ministry of Justice is the biggest owner of various registries such as civil status registry, registry of ownership rights, registry of movable assets, digital signatures registry etc. The technical maintenance and operation of the registries and information systems it is done by a state enterprise under the Ministry of Justice “National Information Systems”. The SE has representations in each oblast (regional administrative-territorial unit) and around 550 employees in total. The communication with representations currently is done through a unified central data system with web based access protocols. Legal and physical entities such as notaries and state registrars and all the service centers can access the MoJ’s registers online through a bilateral agreement and only if they have digital signatures. The access is provided free of charge and each access is registered in a specific log. The MoJ’s plans to connect its registers to the interop to facilitate data exchange with subordinated entities, professionals from the justice sector and other ministries. Based on the conclusions from the report a Roadmap of National Interoperability Development (2017-2020) was developed. The Roadmap defines main steps to be taken by various public authorities with SEGA’s coordination in implementation of interoperability platform. Implementing activities are structured around 5 main blocks: Technical interop; Semantic interop; Organizational interop; Legal interop; and Integrated public services. According to the Roadmap, by the end of 2017 the central elements of the interoperability platform was expected to be deployed followed by integration of registers. The integration of registries into the interoperability platform was supposed to happen in 3 stages. By the end of 2017, top-priority electronic registries of the 15 central bodies were expected to be integrated and by the end of 2-nd quarter of 2018, registries of another 30 (2nd line) central executive bodies. However, despite clear implementation plans and responsible entities, the implementation is lagging. The TAPAS project provided support in the development of draft Law on state electronic registries. The Law will aim at unification of the criteria and the requirements for all the state registries. It will create a legal framework for the creation and maintaining of electronic registries. The draft is supporting the implementation of the EU standards for data exchange and interoperability, including cross border data exchange with EU member-countries. The initial draft is currently undergoing public consultations. A semantic catalog will be implemented to allow connection to the EU single digital gateway and digital market. The data exchange will be based on the “once-only” principle and unique 38 identification number, to exclude duplication of personal data in all state registers. The IT committee in the Parliament is supporting the draft. It is expected that the draft will be submitted for full Parliamentary approval soon. Implementation of the Interop is based on unique ID numbers assigned by the Demographic Registry that will allow the connection of data from the different state registries and data bases. Recently Ukraine started to implement unique identification numbers for its citizens. Around 8 million people from the total of 40 million have received their unique identification number. The number is attributed when people receive their passport or national ID in a new format. The unique identification number is kept in the Demographic Register maintained by the State Migration Service under the Ministry of Internal Affairs. The Demographic Register was implemented starting with 2015 with the issuance of biometric passports for foreign travel - one of the conditions of the Ukraine/EU visa free regime. The SEGA intends to connect the demographic register to the civil status register through the interoperability platform to allow exchange of data and attribution of the unique identification number at birth. Ukraine is planning to cover its entire population within 3-4 years. Since a unique identification number is one of the core elements of interoperability, to accelerate completion the owner of the Demographic Register, SEGA in collaboration with Minister of Interior is working on developing an intermediary solution by attributing to citizens so called “temporary unique identification numbers”, that can be verified during consequent entries/interaction. In addition, the TAPAS project is working to start generating unique identification numbers at birth. A set of legal amendments were developed to support this approach, but are not approved yet. The EGOV4UKRAINE/U-LEAD is working on the technical solution. The Law on access to information provides the right to citizens to verify what data on them is kept in the state registries and to request fixing data if that is wrong. However, the number of requests has been small. There is no electronic user-friendly service to back up this right. Overall, as reflected in the table above, the eGGO status for this dimension is a “follower”, which is about to be upgraded to a “performer” with implementation of “Trembita”, connection of the state registries, and finalization of assigning of the unique ID number to the entire population of Ukraine. Recommendations: • The timeline and deadlines for the interoperability platform implementation should be redefined and set more realistically. • The SEGA needs to create an interoperability implementation inter-sectoral body to hasten cleansing of root registers (such as population, real estate, tax, business, etc.) and implementation of the platform. • The SEGA should discuss with other stakeholders the potential solutions and come with some ways of accelerating attribution of unique IDs or for identification of alternative solutions. The uptake of unique IDs is crucial for interoperability. 39 DIMENSION 7. ACCESS AND CONNECTIVITY Ukraine was one of the countries that showed faster growth in internet penetration by the start of the decade. In 2011 Ukraine was ranked among the top 10 countries in Europe with the highest number of internet users, approximately 34 per cent of its population or more than 15 million users13. However, by mid-decade the pace of internet adoption had slowed significantly and to date Ukraine lags in terms of internet access in comparison with its regional peers. According to the International Telecommunication Union (ITU), Ukraine’s progress in bridging the digital divide to internet access has been slow, showing a penetration rate of 41 per cent in 2013, 43 percent in 2014, and 49 percent by 2015. According to different sources, between 2016 and 2017 internet access in Ukraine was mostly urban and varied between 52 and 63 per cent. The Inclusive Internet Index for 2018, commissioned by Facebook and conducted by The Economist Intelligence Unit, estimates that only about 55% of Ukrainian households have access to the Internet (see the Figure 2 below). 13 The World Factbook. See www.cia.gov/library/publications/the-world-factbook/geos/up.html 40 Figure 2 – Internet users among households, % Source: Facebook-EIU I.I.I.-2018: https://theinclusiveinternet.eiu.com/ Fixed-line broadband subscribers is about 12% (11.98 out of 100). High income countries average 29%. The joint Facebook-EIU I.I.I.-2018 gave Ukraine a maximal score of 2 for national broadband strategy. Figure 3 - Fixed-line broadband subscribers per 100 inhabitants Source: Facebook-EIU I.I.I.-2018 41 Internet users in Ukraine are mostly young adults (over 18 years old). Figure 4. Share of the Internet users among the adult population of Ukraine Source: Kiev International Institute of Sociology (KIIS: http://www.kiis.com.ua/?lang=eng&cat=reports&id=621) According to the Kiev International Institute of Sociology (KIIS), there is a reverse relation between the age and the use of the Internet - the younger the age, the higher the penetration of the Internet. As reported over the past four years the number of Internet users has increased among all age groups younger than 60. Figure 5. Share of the Internet users among different age groups Source: Kiev International Institute of Sociology (KIIS: http://www.kiis.com.ua/?lang=eng&cat=reports&id=621) The majority of urban population access computers or mobile phones. Mobile phones seem to be the most frequent point of access to the internet in Ukraine, currently estimated at 39 per cent of users followed by home laptops (31 per cent) and stationary/desktop computers (30 percent), with several users/households accessing the internet through more than one device. The number of mobile subscribers per 100 people is 130. Gender gap in mobile phone access is 1.12%. Female access to mobile phone is 89% of households. 42 Ukrtelecom is currently the largest provider of Internet access and was the only 3G provider in Ukraine until 2015, when all three major operators (Vodafone, Kyivstar, Lifecell and Intertelecom) acquired license permits to set up their own 3G networks. Figure 6 – Network coverage (min. 3G), % of population Source: Facebook-EIU I.I.I.-2018 The main disparity factors in access to the Internet, besides age, continues to be urban/rural setting, although Freedom House reports that the digital divide between rural and urban continues to narrow14. Less than half of rural population access internet (if the general number is 55% and it is very high in urban areas). Barriers to access in rural settings include lack of connectivity, affordability and information. Other characteristics on barriers to access for less favored or vulnerable populations such as women, lower quintiles of education and income are not being tracked. The maturity and appetite among end users to absorb the e-service offerings needs particular government attention. Beyond improved connectivity and the supply of services, there is a need to work on fostering the demand. One favorable condition is the high level of trust in government websites and apps (64% according to Facebook-EIU I.I.I.-2018). Participatory planning of services has been one of the entry points, but a lot still needs to be done. 14 Freedom on the Net. Ukraine Country Report See: https://freedomhouse.org/report/freedom-net/2017/ukraine 43 Figure 7 – Internet connection of any type at home Source: Kiev International Institute of Sociology (KIIS: http://www.kiis.com.ua/?lang=eng&cat=reports&id=621) The more active phase of this growth is for 2015-2016, a period which coincides with an increase in market competition due to the entrance of three additional companies as Internet providers. Figure 8. Share of the Internet users among the population of different types of settlements (2017) Source: Freedom on the Net. Ukraine Country Report See: https://freedomhouse.org/report/freedom-net/2017/ukraine Overall, as reflected in the score-table at the beginning of this dimension, the eGGO status for access and connectivity is a “performer” however there is some room for improvement. 44 Recommendations: • Elaborate a strategy to strengthen access to the Internet and broadband connectivity from disadvantaged groups (rural, old, poor, etc.) to bridge the digital divide and ensure that all benefit from the advancement of e-government services. • Considering that cost can be a barrier to access, points of access in local governments through kiosks and one-stop-shops should be explored. • Exploit the almost universal access to mobile connectivity to offer e-services and connect to citizens. DIMENSION 8. CUSTOMER RELATIONs During the last two years, Ukraine has risen by 25 points in e-government and by 45 points – in e-participation according to the UN e-Government Development index, placing itself at 62 out of 193 countries. Advances made in the areas of open data, e-petitions, and transparency as well as the efforts displayed by the government to advance the provision of e-services have resulted in Ukraine being considered above the world average in terms of e-government development. Feedback or complaints mechanisms are seldom used in the public sector. It appears that citizens are more used to providing feedback for services provided through private sector operators or civil society organizations and NGOs. Among the NGOs the team interviewed during the missions, a limited number of them reported that they had set up feedback mechanisms, but monitoring of them were very limited. Another area of development is related to the design and implementation of feedback mechanisms as well as raising awareness among citizens of the possibility e-platforms offer to report on the quality and efficiency of service delivery and its importance for improving service. For institutions it is also important to record user satisfaction as a means to improve the provision of service and measure the impact and satisfaction in the implementation of reforms. 45 Development of electronic tools of for citizen engagement. The implementation of mechanisms to foster participation and voice citizens’ priorities and concerns significantly extends opportunities in public administration and influencing decision making, and creates the condition for new levels of interaction between authorities and citizens. However, only basic feedback mechanisms are in place. There are requirements defined at the level of law. Government contact centers receive grievances and documents to follow-up. SNAPs are using happy and unhappy smiles. Some surveys and exit polls are conducted but not systematically. Call centers are created by municipalities and can forward complaints to central providers. However, they do not operate 24/7 and may not be equipped with modern ICT solutions. State Fiscal Service (SFS) is among the few exceptions. It has a large call center for tax, which is under the tax service, and a smaller call center for customs under the IT department. The SEGA is planning to implement citizens feedback mechanisms that could be used for improving interaction with citizens, make the public sector more transparent, as well as improve the quality of public services. Overall, customer relations are not set-up properly, with eGGO status of a “follower” as reflected in the table above. Relevant plans for development are not reflected in formal strategies. Recommendations: Taking into account the advantages of the electronic tools of involving the citizens into the processes of management, the main activities in ensuring the development of e-government in Ukraine under this dimension are: • development of e-applications and e-petitions; • development of the instruments of "open budget", "public budget", on-line discussion of the draft regulations and other instruments of public participation in decision making; • introduction of electronic feedback forms at the official authorities’ web-sites, including thematic, for receiving quality feedback on different issues and ensuring closed feedback loop that secures answers to citizen feedback and suggestions; • wide involvement of non-governmental organizations and industry specific associations in the planning, development and monitoring of e-government initiatives; • encouragement of the use of electronic tools to involve citizens and their support for public initiatives in the sphere of e-government. 46 DIMENSION 9. DELIVERY MODES According to the Concept on e-Services Development the services are provided in correspondence with an agreed conceptual model. The “interaction” level of the conceptual model should be implemented based on a single state portal of administrative services, including the integrated IS of all executive bodies and local authorities that operate and interact in accordance with unified requirements. The “interaction” level should ensure the implementation of the “one-stop-shop” principle and the use of a single referral entity’s electronic cabinet and a unified electronic identification, authentication and log systems. The portal should provide: • access to all electronic services from one place; • unified interfaces for the provision of electronic services; • log the entire history of the interaction of the users with providers; • provide a possibility of automatic planning of the need for administrative services; and • provide control over the quality of the provision of electronic services. The procedure and ways of the service provision are defined by the Law on Administrative Services: a) the off-line administrative services are provided by the entities providing administrative services directly or through the centers of administrative services. The law prescribes that a physical person has the right to receive administrative services regardless of the registration of his place of residence and that a legal entity has the right to receive administrative services at its place of registration or where its activity is performed, as well as at the place of the facility in which it is located; and b) the on-line administrative services are provided through the Unified State Administrative Services Portal, including through the integrated information systems of state and local governments. Most of the e-services are web-based. Mobile versions of e-services will be implemented after the roll out of the mobile ID. 47 The holder of the Unified State Administrative Services Portal is the MoEDT. According to the Law on Administrative Services the Portal should provide the following functionalities: • availability of information about administrative services and their providers; • availability for downloading and filling in electronic forms of applications and other documents necessary for obtaining administrative services; • the possibility of on-line submission of the application by users; • the possibility for users to receive information on the progress of their applications; • the possibility of on-line reception by the users of the results of the provision of administrative services; and • the possibility for entities to apply for payment for the provision of administrative services remotely, in electronic form. As mentioned earlier in the “Platforms and Services” dimension of the Report, in spite of clear policy and regulation about the State Services Portal as a single-entry point for the provision of on-line services, the on-line services as well as information about off-line services can be found on various sources usually containing different information and steps for service provision. For example, online public services are provided through the CoM’s official web page (https://www.kmu.gov.ua/ua), compartment “Services” where citizens and businesses can access online services as well as find information about the offline administrative services; and Online state services portal “IGov” (https://igov.org.ua/) where only online services G2C and G2B are provided (a portal developed on a volunteer base). The information about sectorial services can be found as well on the web-pages of specific ministries and agencies. To address this problem SEGA, in collaboration with MoEDT, is trying to come up with an alternative solution that would provide multiple entry point but with a unified design code and service application templates. The e-Services Concept defines that the access to electronic services may also be implemented through the centers for the provision of services (SNAPs), intermediaries with whom users interact on an ongoing basis (libraries, banks, telecommunication providers, etc.) and special automated access points to electronic services or mobile applications that interact with a single state portal of administrative services. Creation, development and operation of information systems for provision of administrative services should be based on their compatibility with a single ICT infrastructure and interaction with the portal. There are no specific examples of the public-private- partnership arrangements (libraries, banks, telecommunication providers, etc.) in the field of e-services delivery. The U-LEAD project is supporting the implementation of on-line service provision through the service centers – SNAPs. The U-LEAD is modernizing the existing 700 centers and aims to open several new ones. Only 15% of the processes within the service centers are automated. In the framework of the project a IS has been developed to be used by the SNAPs. The system should allow receiving of an on-line application and send it to the service owner (specific agency) for further processing. The system will use a cloud based solution that will allow automation of receiving and sending of the documents. Also, the system should be integrated to the interoperability platform and documents management system to assure data exchange and smooth document flow with assigning specific tasks and deadlines. Since such IT products are considered expensive and with hard licensing 48 requirements it was decided to develop a centralized IS. The tender was conducted and a national IT development company was selected in October 2017 to develop the system. After finalization of development the system will be piloted in 10 service centers by the end of 2018. The architecture of the system is modular and the company will create APIs to allow service centers to develop additional modules on a need base. The administration of the system will be done by the State Enterprise “Governmental Information Resources” under the SEGA. Overall, the eGGO status for the delivery mode is a “follower”, but it is about to be upgraded. Recommendations: • The unification of the single-entry points for the service delivery should continue. If services are to be delivered from multiple sources they should be integrated into the portal or if there are more platforms they should adhere to a unified design code. • The Services Portal should be redesigned to be more user friendly. • The SEGA should define a model of assisted service delivery for those who do not have computers or internet access. • Mobile based e-Services should be broadly implemented. • Public awareness campaigns on how to access e-services via portal or through assisted service delivery should be conducted. DIMENSION 10. e-IDENTIFICATION The trust services to support the implementation of the Electronic ID were recently approved by Ukraine according to EU Directives. Ukraine issues to its citizens internal IDs in a new format that includes elements of digital signature (the chip) and it is considered as digital ID. The issuance of the national ID in the new format (with elements of electronic ID) started in 2016. Also, the public sector in cooperation with mobile operators is implementing the concept of mobile identification that includes the elements of digital signature. However, in most of the cases the traditional digital signature (flesh drive or plastic card) are used to access the systems and to sign electronic documents. There are 49 around 20 centers subordinated to the Ministry of Justice, Tax Service and Treasury that are issuing digital signatures to legal and physical entities as well as civil servants. All civil servants in Ukraine have digital signatures. Ukraine approved recently the Law on Electronic Trust Services, adopted by the Parliament in 2017, which established the national standards of digital signature in line with the requirement of the Regulation (EU) No. 910/2014 of the European Parliament and Council from 23 July 2014 on electronic identification and trust services for electronic transactions in internal market and repealing the Directive 1999/93/EU. According to the Law, starting from 2017 e-signatories can use other means than flesh drives and plastic cards for digital signatures. As mentioned above, most of the digital signatures are issued on the traditional means (flesh drives and plastic cards). Individual require identifying themselves to access services through different administration entities in different levels of government. Likewise, governments, as services providers, need to identify and authenticate citizens to classify, for instance, the services they are entitled to. As such, robust identification systems become the foundations to improve access to and efficiency of e-services and become a precondition for the expansion of e-services. New and innovative e-government technologies are providing countries with the opportunity to leapfrog from the current paper-based systems and rapidly establish a robust identification infrastructure that allows them to serve citizens better and more rapidly. Ukraine is in the process of adopting a nationwide digital identification (ID) system that would serve as a gateway for citizens to access e-services. The development of the electronic identification infrastructure will allow practical and secure access of citizens and economic agents to defined data from the information systems currently in the hand of authorities in different levels (national and subnational), different electronic services and interactive instruments without the need to use several accounts in different information systems. The e-ID will facilitate the development of electronic forms of cooperation of citizens and the state. With the passing of the law on a Unified State Demographic Register on 29 November 2012, the introduction of the ID cards was approved and ID cards have been gradually replacing old passports since January 2016. The Ukrainian ID card (also referenced as the Passport of the Citizen of Ukraine) is mandatory for citizens aged 14 and above and permanently residing in Ukraine. The ID card is currently issued by local authorities of the State Migration Service. Overall, electronic identification needs to be developed and rolled-out more broadly to enable the desired progress on e-government reforms. As reflected in the table above, the current eGGO status is at the level of a “follower”. Recommendations: • Development of electronic trust services. • Facilitation of filling in of the unified demographic register and promotion of the passports of the citizens of Ukraine in the form of ID card. • Development of the existing and introduction of the new schemes and methods of electronic identification and setting the levels of trust to them (including Mobile ID, Bank ID). 50 • Implementation of the principle “single-sign-on” through introduction of integrated system of electronic identification and verification and repeated use in information and communication systems of the authorities. Area 3. Data and Analytics DIMENSION 11. SMART ANALYTICS Use of data and modern technology is critical for strengthening intelligence in the public sector. According to OECD DGT principles, to get the full benefit of public sector information, governments should better exploit digital technologies and data analysis to understand societal needs. Governance arrangements should ensure responsible and coherent use of data that benefits citizens and strengthens public trust. The use of data and analytics should be embedded throughout the policy cycle. The culture of data analysis and use within the public sector should be developed through comprehensive civil servant training programs to help predict new needs and trends. Yet according to the 2014 OECD Survey on Digital Government Performance only 18% of member countries have digital literacy programs that included development of data analytics skills to develop and stimulate better policies and services. Advanced data-driven culture requires a sustainable model of data production, free access and re-use across the administration. The free exchange of information between registries through the 51 interoperability platform can significantly enhance the data supply, whereas machine readable data from the OGP portal can promote engagement of civil society and private sector in evidence based policy formulation. The countries with advanced culture of data analysis and use assign a designated unit or body in charge of data management in the public sector. They are able to perform sophisticated data analysis across the public sector that effectively supports policy-making and service delivery. As the data is increasingly considered a new natural resource of the twenty-first century transforming industries, a new leadership role emerged and became popular in private sector and increasingly penetrates public sector at different levels – national, regional (state) and municipal15. France was the first country to appoint a Chief Data Officer on September 17, 2014 to coordinate government actions aimed at inventorying, governing, producing, circulating and using government data16. The aim was to enhance evaluation of government policies, increase government openness and boost research and innovation. According to the 2014 OECD Survey on Digital Government Performance only 18% of member countries have CDOs. The “big data” has a potential to make analytics smarter and more powerful if there is sufficient evidence and data concerning government operations, processes and results. Governments need to create incentives for public engagement in using these data and enhance public sector’s capabilities on big data analytics. Data management and analytics are not sufficiently streamlined as part of digitalization process in Ukraine. There is no dedicated unit (or platform) in charge of data management in the public sector. The use of data and analytics in not a norm or part of the current practice of service delivery. It gets more attention in case of MOJ registries. There is a plan to introduce an interactive tool for public access to data and analytics with support from TAPAS. So far there have been no formal interoperability standards, but they will be introduced with the Trembita platform. The data-driven culture is emerging gradually. There are no special courses for teaching evidence based policy analyses to civil servants. The earlier efforts to use big data at SFS has not succeeded so far. At the central level SEGA is responsible for the implementation of the Big Data concept that will be based on open data. Meanwhile, local examples of successful application of data analysis and intelligence for improving public services can be found for particular separate systems, for instance at State Fiscal Service and ProZorro. According to the Assessment of ProZorro, the Business Intelligence module (bi.prozorro.org) is a great analytical tool in both its public and private versions. Open data polices have been quite successful in Ukraine. The Open Government Data Roadmap was approved in 2017. The legal framework of Open Data includes the Law on Access to Public Information and 835 Decree of CoM on Open Data, which defines the requirements for the format and structure of the data sets to be made public in the form of open data, the frequency of updates, and the procedure for their publication, as well as the list of such sets of data. According to the Regulation, creation and provision of the operation of the Unified State Portal for Open Data is carried out by the 15 Jane Wiseman, Lessons from Leading CDOs: A Framework for Better Civic Analytics, Civic Analytics Network, Ash Center for Democratic Governance and Innovation, Harvard Kennedy School, 2017. 16 Gijs Hillenius, France appoints Chief Data Officer: https://joinup.ec.europa.eu/news/france-appoints-chief-data 52 State Agency for E-Governance, which is its holder. The Government Information Resources SOE under SEGA is the administrator of the Open Data Portal and monitors use of Open Data on daily bases. The Administrator of the Unified State Web Portal of Open Data is responsible, in accordance with the law, for ensuring the integrity of the information on the Unified State Web Portal of Open Data after disclosure of this information by its administrators. SEGA started the implementation of the Open Government Data agenda in 2015. SEGA is a member of the Open Data Charter. It is responsible for the development of the concept and to coordinate the activities in this domain. The SEGA is the holder of the web portal for the Open Government Data (http://data.gov.ua/). The portal hosts more than 40,000 data sets and over 3000 data providers. According to the law, the information managers are responsible for the authenticity and relevance of the published data sets on the Unified State Web-portal of open data. Ukraine is 31st in the Global Open Data Index, with certain start-ups in the area of open data aggregation and services. Startups use open data to deliver various interesting services. For example, the Open Data Bot (https://opendatabot.com) is a service to monitor the registration data of Ukrainian companies and the judicial register to protect against raider hijackings, which has been available already for a couple of years. Recently over 200 start-ups applied to compete for Open Data Challenge 2018 (http://tiny.cc/UkraineODC-2018), based on the success of the Ukraine’s first contest in 2017. The three winning projects target to increase transparency in Ukraine’s coal market; launch an application for lawyers that helps them easily find information from the register of court decisions; and calculate payment of motorist fines and provides information on compulsory third party insurance. In addition to the support to the Open Government Data portal, TAPAS project is implementing public outreach campaigns on the use of open data. The Unified State Open Data Portal, a register of publicly available data sets in the format of open data is kept, allows identifying each of the published data sets, obtaining their metadata, including the hyperlink to access the data set on the Internet. The Register of published datasets should contain at least the following information: • dataset identification number; • name of data set (up to 254 characters); • formats in which a dataset is available; and • hyperlink to dataset page. The Register of published datasets is hosted in one of these open-readable formats for reuse. These formats include CSV, XML, JSON, RDFa, HTML, Microdata, or other similar formats. On the page of each data set on the Unified State Web Portal, the following data should be displayed: • a dataset datasheet/passport by displaying on a web page (for browsing through a web browser) and by placing a file in an open machine-readable format that can be downloaded or accessible through the application programming interface (API); • a data set structure in an open machine-readable format (an electronic file that can be downloaded, or an API); • a dataset in one or more machine-readable formats defined; 53 • form for user feedback; • information on the further use of the data set; and • information on the terms of using an open license. Any person may freely copy, publish, distribute, use, except for commercial purposes, in conjunction with other information or by including in its product the open data with the obligatory reference to the source of their receipt. The condition of any further use of open data is the mandatory reference to the source of their receipt (including the hyperlink to the web page of the open data). Nevertheless, there is a substantial progress in opening government data, due to not using at the maximal capacity for analytical and decision-making purposes. Overall this dimension is among the lagging areas of e-government reforms, with eGGO status corresponding to a “beginner” level as shown in the score-table above. Recommendations: • Create a unit or body in charge of data management in the public sector. • Develop a national public sector data management strategy to strengthen a strategic use of data in the public sector to improve policymaking and performance. • Develop training programs to develop, attract and retain data analysis skills across the public sector. • Develop programs to engage with the community of data producers and re-users on the usefulness and re-use of open government data to find innovative solutions to public issues. • Develop the required data infrastructure to enhance data sharing across the public sector. • Develop close collaboration with subnational governments on data management issues. DIMENSION 12. INFORMATION FOR MANAGEMENT 54 The information for management is closely related to data-driven culture in public administration. This dimension further emphasizes generation of performance information and indicators to inform managerial decision-making on different aspects of public administration from human resource management in the public sector, to budgeting and public procurement. There is no effective system for exchanging performance information between systems. Introduction of an interoperability platform is sought to expand the base of performance information available for managerial decision-making. The current systems generally do not process and report information on performance of entities, services and civil servants. There is no system for assessing civil service performance (HRM in civil service). Nor does management uses performance information in policymaking. Some mechanisms exist for tracking performance of SNAPs. Similarly, performance information should be introduced in the e-procurement area. The development and introduction of a set performance indicators as part of an e-GP implementation strategy was among the recommendations of the Assessment of ProZorro. The need for better use of information for management decisions is formally acknowledged at the level of government strategies. The 2017 Concept Note for E-government Development in Ukraine highlights the “low pace of development of internal e-document flow and modern information and analytical decision-making tools” among the issues to be solved. The Concept considers automation of the big data volumes processing and information and analytical support of decision making, optimization and automation of the administrative processes, introduction of the electronic interaction forms among the e-government instruments that are critical for effective management of any sector. The development of the e-document flow is seen among the steps that will contribute to strengthening of the information and analytical support in decision making in public sector. While the Concept highlights the critical role of data and analytics in decision-making, no specific targets and milestones are defined. Overall, this dimension, like the previous one for smart analytics, is at the lowest level of development, with eGGO status corresponding to a “beginner” level as reflected in the score-table above. Recommendations: • Establish a coherent monitoring and evaluation (M&E) system for public administration that can be used for bringing together various aspects of performance information at the level of HRM, PFM /budget, etc. The automation of M&E systems will allow incorporating information from citizen feedback platforms, statistical data and other registries. SEGA should develop key performance indicators for implemented services, and monitor the evolution of the services delivery and financial models. • Consider creation of an executive dashboard with key indicators for decision-making. • Ensure seamless exchange of performance information through the interoperability platform. • Consider introducing an effective framework for evaluating performance of public sector intuitions and civil servants. 55 Area 4. Infrastructure and Security DIMENSION 13. DATA CENTERS The e-Government Concept Note recognizes that ICT infrastructure that is used as the base for the e-Government projects and tasks implementation is immature and needs improvement. The CoM decided to undertake the following actions related to e-Government infrastructure: implementation of the specially protected networks for data transmission, including national confidential communication system and implementation of protected data centers, including with the application of “Cloud” technologies. ICT infrastructure should assure the compatibility of the technologies used for the computerization and e-Government development and safe use of public sector cyberspace. Public sector registries, information system and data bases are operated using data centers assets of different ownership and level of sophistication. In some cases, the infrastructures are rented from the state or private data centers, in other cases public authorities will have primitive hosting on its own servers kept in obsolete conditions. Data centers from the public sector are at different level, some of them comply with the ISO standards (e.g. Minister of Interior) and some of them would meet just minimum requirements for such data centers. The WB Team could not find evidence of in inventory or registry of all public sector data centers with an indication of their level of maturity and types of data or IS that are operated in that data centers. 56 Data center consolidation is the only approach to be used, as the existing information and communications technology infrastructure is not adequate to meet the needs of government and citizen services, and without central support it is unlikely individual ministries and agencies will be able to develop adequate ICT infrastructure in the future. This may result in a serious shortfall in Ukraine’s ability to continue developing and competing in a European or global economy, as well as present additional challenges in meeting the security and development needs. There is no shared vision for centralized public sector IT infrastructure or development of a consolidated model that would assure required standards of safety, redundancy and business continuity. Moreover, there is no coordinated and thought-through investment in public sector IT infrastructure. The process of data centers consolidation should start with an inventory of data centers assets with an indication of their level of maturity and development of a consolidation plan. The most advanced data centers can be consolidated and used as nodes of a unified public sector virtual environment. For the less advanced data centers an upgrade plan with the aim of their future integration in the unified public sector virtual environment should be developed. Non-compliant data centers and server rooms should disappear as a class. If a new facility, or facilities are recommended, the facility design should comply with ISO 24764, TIA-942, or BICSI 002-2010 standards. These standards also make accommodation for security, and will give a basis for either local Ukrainian or international compliance for data center standards. It is globally recognized that Cloud technologies and IaaS enable IT systems and services to efficiently share the growing demand across infrastructure assets. The shift of IT investment to more efficient platforms and technologies, such as Cloud technologies, will result in substantial cost savings, allowing agencies to optimize spending and to reinvest in the most critical needs. The Government and agencies must consolidate existing data centers, reducing the needs for infrastructure growth by implementing “Cloud First” policy for systems and services, and increasing their use of available cloud and shared services. Consolidated data centers that use Cloud technology based computing environment for the public sector accompanied by a strong disaster recovery plan will provide a strong backup, archival, and near real time applications recovery in the event any planned or unplanned event disrupts data center operations. The adaptation and wide use of cloud technology are meeting data centers needs for high availability and disaster recovery and improves information security through shared security controls managed within the cloud. As reflected in the table above, data centers are among the weakest dimensions of e-government in Ukraine, without clear foresight for development. Without revisiting the plans of data centers consolidation, the eGGO status will not significantly change from the current “beginner” level. Recommendations: • SEGA should initiate the process of public sector data centers consolidation. • An inventory of all data centers should be conducted by attributing levels of maturity. 57 • SEGA should carefully plan a good cloud implementation and transition strategy, including the concept of hybrid cloud (embedded implicitly in the last recommendation about use of public clouds), and cost recovery strategy. • Most mature data centers should be operationally consolidated and a cloud base virtual environment should be created based on those data centers that will serve as nodes. • Less mature but still advanced datacenters could be upgraded to meet the standards and also become a node for single virtual data centers. • Government should consider using public clouds for open data and less sensitive data. DIMENSION 14. ACCESS TO ICT RESOURCES There is full access to ICT equipment in institutions at central level, and in particular, public workers in charge of IT departments all have access to the basic equipment they require to perform their functions. The biggest disparity in terms of access to ICT equipment lies between the central and subnational level in Ukraine. At the central level, all civil servants requiring to have a PC to perform their functions have access to one as well as those requiring to access the internet have access to it, although access to broadband and higher connectivity may be limited at subnational level. It is noteworthy that all civil servants have been granted and possess digital signatures, these are used for day to day accreditation but also for example to sign their corresponding assets declaration when starting a job in the public administration. Finally, Ukraine public servants make little or no use of telecommuting or of “virtual offices” - that is making use of ICTs to perform their work at home or in any other space beside the institutional office, in part because the limited access to the systems from outside the institutional network. 58 On part of ICT hardware, Ukraine has been performing well, thus securing an eGGO status of a “performer” as shown in the table above. There is a room for further development through planning and introduction of centralized virtual environment. Recommendations: • Strengthen access to ICT equipment and broadband connectivity for subnational employees. • Plan ahead to ensure the possibility of tapping the benefits of telecommuting/virtual offices for public sector work. That would entail investing in connectivity, security and privacy. DIMENSION 15. BUSINESS CONTINUITY Incorporating business continuity mechanisms and standards it crucial to allow public sector institutions to continue to perform their core functions in case of a disruptive event (such as a fire, natural disaster, or a security data breach). Literature often references three basic dimensions to business continuity: (i) resilience: designing back up storage for example that allows the institution to cope and continue operating despite disruptions; (ii) recovery: have arrangements in place to recover or restore key information and functions; and (iii) contingency: establish last resort mechanisms for when resilience and recovery fail, that is coping and responding to a incident. Ukraine has regulations in place that establish the need to store information and have a back- up for institutional systems and processes. However, the degree of implementation within the different entities at central level varies significantly and most institutions (even within a same sector) can have different levels of protection against events and disruptions. Most of entities have irregular and/or inadequate data back-up and recovery systems, heightening continuity of operations risks. Inconsistencies in the application of information security requirements increase the vulnerability of the administration’s ICT environment to cyber-attacks and data loss. 59 Furthermore, in terms of archiving, the Government spends significant financial resources on paper, printing, the storage of physical documents, including the construction and maintenance of registries and warehouses. There is the need to implement plans to consolidate the data of various institutions and agencies data centers into a single data center enabling the provision of virtual services such as data storage services (cloud services). The SCS is currently piloting the implementation of data hubs and analyzing the possibility of replicating such pilots. Finally, to ensure the safety of all the information the Government stores and maintains in its various registries and to ensure the continuity of government business operations in the case of emergency and unexpected events there is the need to implement a centralized Data Recovery Center. As shown in the table above, “Business continuity” dimension is at the “beginner” level and needs to be properly addressed for improving it. Recommendations: • Ensure that regulations that establish business continuity mandates are updated and respond to the best practices. • Systematize methodologies for the collection, storage and management of information. • A public sector cloud strategy needs to be developed that will cover the migration of the data to the cloud environment as well as the implementation of the Data Recovery Center. • Establish guidelines for the provision of data storage services at central level. • Implement a Data Recovery Center. DIMENSION 16. CYBER SECURITY ARRANGEMENTS 60 Note that the coverage of this dimension is limited to checking the availability of the key cyber security arrangements or attributes at the higher level. Although the cyber security system has been improving after the serious security incidents in 2017, much remains to be done in continuous process of improvements that are critical for coping with the dynamic nature of cyber-attacks. At the same time the consequences of cyber security incidents are dangerous due to the weak business continuity arrangements that are covered by a previous assessment dimension. The core law in the field of cybersecurity is the Law on Main Measures for Providing Cyber Security of Ukraine.17 It defines the legal and organizational foundations for ensuring the protection of the citizens, society and the state, the national interests of Ukraine in the cyberspace, the main goals, directions and principles of state policy in the field of cybersecurity, the powers of state bodies, enterprises, institutions, organizations, persons and citizens in this area, and the main principles of coordination of their work on the provision of cyber security. Coordination of activities in the sphere of cyber security as a component of national security of Ukraine is carried out by the President of Ukraine through the Council of National Security and Defense of Ukraine headed by him. The executive body of the National Security and Defense Council of Ukraine is the National Cybersecurity Coordination Center (NCCC). The NCCC coordinates and supervises the activities of the security and defense sector that provide cybersecurity, and makes proposals to the President of Ukraine on the formation and refinement of the Cybersecurity Strategy of Ukraine. The Cabinet of Ministers of Ukraine shall ensure: the formation and implementation of state policy in the field of cybersecurity, protection of human and civil rights and freedoms, national interests of Ukraine in cyberspace, fight against cybercrime; organizes and provides the necessary forces, means and resources for the functioning of the national cybersecurity system; establishes requirements and ensures the functioning of the information security audit system at the objects of critical infrastructure (except critical infrastructure objects in the banking system of Ukraine). The main subjects of the national system of cybersecurity are: a) the State Service for Special Communications and Information Protection of Ukraine, b) the National Police of Ukraine, c) the Security Service of Ukraine, d) the Ministry of Defense of Ukraine and the General Staff of the Armed Forces of Ukraine, e) intelligence agencies, f) the National Bank of Ukraine, which, in accordance with the Constitution and laws Ukraine perform the following main tasks in the established order: The State Service for Special Communications and Information Protection of Ukraine (hereinafter referred to as “SSSCIP”) (http://www.dsszzi.gov.ua) is responsible for the development and implementation of the state policy on the protection of state information resources and information in the cyberspace, cyber defense of objects of critical information infrastructure, and exercises state control in these areas. The SSSCIP coordinates the activities of other entities providing cyber security regarding cyber defense. It ensures the development and operation of the National Telecommunication Network, including its cyber defense. It carries out 17 Law no. 3163-VIII from October 5, 2017. 61 organizational and technical measures to prevent, detect and respond to cyber threats, incidents and attacks and to eliminate their consequences. The SSSCIP is responsible for the implementation of the information security audit for critical infrastructure objects, sets requirements for information security auditors, and determines the procedure for their certification (re-certification). The SSSCIP ensures the functioning of the State Center for Cyber Defense and the Government Response Team for Computer Emergencies in Ukraine (hereinafter referred to as “CERT-UA”). Other players such as the National Police, Security Service, Ministry of Defense, National Bank of Ukraine and other entities listed above, also have some attributions to prevention, detection and combating cybercrime in their fields of activity, as well as raising public awareness of security in cyberspace. According to the Law on Cyber Security the tasks of CERT-UA are: • accumulation and analysis of data on cyber incidents, keeping the state register of cyber incidents; • providing owners of cyber defense objects with practical help in preventing, detecting and eliminating the effects of cyber incidents on these objects; • organizing and conducting practical seminars on cyber defense issues for subjects of the national system of cyber security and owners of objects of cyber defense; • preparing and publishing on its official website recommendations on the counteraction to modern types of cyber-attacks and cyber threats; • interaction with law enforcement agencies, ensuring their timely information on cyber-attacks; • interaction with foreign and international organizations for responding to cyber incidents, in particular through participation in the FIRST Security Response Team Response Forum with the payment of annual membership fees; • interaction with the Ukrainian teams responding to computer emergencies, as well as other enterprises, institutions and organizations, regardless of the form of ownership, engaged in activities related to security of cyberspace; • processing of information received from citizens about cyber incidents regarding objects of cyber defense; • assistance to state bodies, bodies of local self-government, military formations formed in accordance with the law, enterprises, institutions and organizations irrespective of the form of ownership, as well as citizens of Ukraine in solving cyber defense and countering cyber threats. The State Enterprise "Ukrainian Special Systems" (USS) under SSSCIP (http://www.uss.gov.ua/) is the provider of confidential communications services. In accordance with the Statute of the State Enterprise "USS", the subject of its activity is the deployment and maintenance of the functioning of the National Confidential Communication System (NCCS). The e-Government Concept Note underlines that there is an insufficient level of information security and information protection in public sector ITC. To address this issue the CoM adopted a Cyber Security Strategy in 2016 as well as a new Law on Cybersecurity which entered into force in May 2018. There is sufficient capacity dedicated to the field of cyber security, but as in the entire public sector there is a high turnover and it is difficult to retain qualified staff. This is due to low pay that is 62 five time lower than the private sector. There are certain training courses targeting the population. The interaction with the civil servants on cyber security subject became closer and the courses became more comprehensive. Cyber security arrangements are among the strongest dimensions, with an eGGO status of a “performer”, which in terms of the arrangements in place can potentially be ready for a further upgrade in a short timeframe. In addition to further efforts to ensure progress in line with the set foresight, it is important to continue improvement of cyber security arrangements, as well as various aspects of capacity development that are beyond the higher-level scope of this assessment. Recommendations: • Continue improving business processes within, and collaboration with, the stakeholders responsible for cyber security arrangements and public entities in charge of systems, registries, or digitalization initiatives. • Continue running simulations and stress tests on a regular basis to identify public sector IS vulnerabilities. • Continue improving risk assessment system. Invest in developing the capacity to collect and process data to assess the risk and impact of incidents. • Invest in user awareness, education and readiness. 63 Area 5. Control Mechanisms DIMENSION 17. MONITORING AND CONTROL Monitoring and control are fundamental aspects of governance. These control mechanisms are not in the mainstream of the topics covered by e-government strategies and reforms, but are implicitly captured in various solutions and discussions, given their fundamental role in definition of the governance and underlying agency relations18. This assessment included this specific dimension to reinforce the importance of monitoring and control in governance, even when supported through information technology. This is a follow-up on earlier discussions of principal-agent relations in the context of WDR 2016 on Digital Dividends. WDR 2016 refers to principal agent information asymmetries to explain why the systems failed to combat rent seeking. It argues that without political commitment and leadership the digitalization may further contribute to authoritarian control without producing positive development impact. It considers it important to use digital technologies to reinforce institutions, improve monitoring of 18 The ‘agency theory’ was formulated in late 1960s and early 1970s* (Berhold; Ross; Mitnick). In corporate context, the agency problem is related with the conflict between the interests of shareholders of the company (the principal) and the hired executive (the agent). * See for original contributions to the literature: Berhold, Marvin. “A Theory of Linear Profit-Sharing Incentives.” The Quarterly Journal of Economics 85.3 (1971): 460- 482. Mitnick, Barry. “The Theory of Agency: The Policing "Paradox" and Regulatory Behavior.” Public Choice 24 (1975): 27- 42. Ross, Stephen. “The Economic Theory of Agency: The Principal's Problem.” The American Economic Review 63.2 (1973): 134-139. 64 service delivery, strengthen social norms and promote civic behavior like voluntary tax compliance or energy conservation through “peer comparisons” (naming and shaming). Like in the case of monitoring of hired managers by the board members, company shareholders or financial institutions in the private sector, the monitoring of public officials by various stakeholders (other public entities and various auditors, CSOs, citizens, etc.) is critical for controlling fiduciary risks related with use of public resources and the quality of public service delivery. One of the important outcomes of any digitalization initiatives should be enhancing the efficiency of such monitoring and control mechanisms. Currently, Ukraine does not have commonly accepted standards for handling monitoring and control aspects of digitalization projects. In practice, this means that in the best case the developed information systems will incorporate already existing monitoring and control mechanisms described in regulations. The efficiency of the digitalization initiatives is further hindered due to the absence of formally adopted (participatory) BPR methodology. While there are informal BPR approaches used by SEGA they are not public and there is no clarity on how the checks and balances are handled. Digitalization might still implicitly contribute to improve monitoring and control of agency relations but it is not properly articulated. There is no evidence to track from logs that can be used for audit. While there have been very few discrete systems in some specific cases, the use of advanced digital solutions in monitoring is not a norm. There are no defined procedures and requirements for using the technology (e.g. big data and analytics, AI, etc.) for improved monitoring or citizen engagement and processing customer grievances. There are not many examples where the public is engaged as external monitors, except a few specific contexts. Electronic government procurement is one of the examples where some solutions for monitoring have emerged. The ProZorro system was created to introduce transparency in Public Procurement in Ukraine. The ability of NGOs, including Transparency International (TI), to be able to see everything that is happening in the system provides a transparency environment for monitoring. TI is creating a monitoring portal and online forum, where interested parties can discuss procurement questions and procedures. Providing such an open monitoring portal aims to ensure transparency and integrity in the public procurement. According to findings of the Assessment of ProZorro, the CSOs are much more involved in the monitoring the public procurement. Many of the CSOs and NGOs found ProZorro to be a great tool for monitoring and analysis of procurement. According to the Assessment of ProZorro, the Business Intelligence module (bi.prozorro.org) is also a great analytical tool that can be used for procurement monitoring by NGOs. At the level of strategies, the wide involvement of non-governmental organizations and industry specific associations in the monitoring of the e-government development is highlighted in the context of electronic tools for citizen engagement in line with the e-Government Development Concept Note. Overall, the eGGO status for this dimension is a “follower” as reflected above. 65 Recommendations: • Adopt a robust BPR methodology that, among other things, identifies all agency relation risks and opportunities for (mutual) monitoring between the parties concerned to reinforce checks and balances. • Ensure that automation equips the parties with effective and innovative electronic tools to facilitate monitoring. • A good e-government strategy needs a solid M&E framework, including the creation of an executive dashboard with key indicators for decision-makers. • Ensure that all digitalization initiatives ensure proper track of logs that can be used for monitoring. • Establish framework for motivating and engaging customers, civil society and media through effective feedback mechanisms. • As applicable, use technology solutions, including interoperability platform, blockchain technology, artificial intelligence and big data to reduce the transaction costs of monitoring and control of agency relations. DIMENSION 18. CROSS CHECKS The essence of this dimension of the assessment is related with the concept cross-checks. The third-party cross-check are among the common technique for verification of reported information by various inspection and enforcement agencies, which have been routinely embedded in information management systems. These are usually popular for implementation of risk-based systems, for example automated solutions in tax administration or anti-corruption (e.g. IAD systems), public financial management, social assistance, etc. 66 Interoperability and data exchange is the main enabling condition and requirement. While the “Trembita” interoperability platform is not rolled-out yet, the cross-checks are imbedded on case by case bases without any strategic and regulatory framework. In the absence of specific regulatory framework, the international good practices were perhaps the main source for introducing third-party cross-check in number of systems. These are currently implemented in tax administration and IAD systems, which also exchange data between themselves using exchange protocols (in absence of “Trembita”). Yet the risk management and cross check mechanisms do not use advanced technology, despite earlier SFS attempts to use big data, which have not succeeded yet. Overall, the eGGO status for this dimension is a “follower” as shown in the score-table above. Recommendations: • Use the interoperability platform to establish real time data exchange between registries. • Ensure there is clear regulation (and guidelines) enabling accessing required information and use for automatic cross checks. • Observe prospects of introducing risk management culture in other areas and automated systems. Overall Snapshot of the Assessment According to the findings there is a strong correlation between the progress and foresight at the aggregated level of areas. The areas have composite structure, and one still should bear in mind that they do not necessarily reveal the weaknesses at the level of dimensions due to averaging. In terms of the foresight, the vision for the reforms is relatively advanced for such areas as “digital services”, “control mechanisms”, and the “planning and implementation” of policies, which are at the level of 65% and above. While the area of “infrastructure and security” seemingly does not lag too much compared to the highlighted three areas, the contrast and heterogeneity in term of included dimensions is huge. For instance, due to the averaging the score of 56.8% for this area does not immediately reveal the weakest and most concerning dimension - “data centers” - which is the obvious “Achilles heel” in Ukraine’s e-government architecture. Although, at the level of areas, the “data and analytics” is the area with the most limited foresight. The progress generally echoes the foresight with certain implementation lag. The area of the data and analytics is again the one which has not seen any significant progress. Overall, as it can be seen from the below figure, there is a room to significantly improve all the areas of e-government covered by the eGGO assessment. 67 Figure 9 – eGGO assessment by areas Planning and implementation 100% 80% 60% Control 40% Digital services mechanisms 20% 0% Infrastructure and Data and analytics security Progress Foresight As it was mentioned above, the real picture on the strengths and the weaknesses of the e- government system is revealed through discussion at the level of the dimensions, dully reflected in the figure below. Certain correlation between the foresight and progress still can be traced at the level of dimensions, although less consistently. Most notably, there is no clear foresight for some critical dimensions. In particular, for “data centers” and “customer relations” the scores for the progress and the foresight converge. 68 Figure 10 – eGGO assessment summary by dimensions and areas 1-Policymaking 18-Cross checks 100% 2-Implementation 90% 17-Monitoring and 80% 3-ICT procurement control 70% 60% 16-Cyber security 4-Strategic and arrangements 50% regulatory framework 40% 30% 15-Business continuity 20% 5-Platforms and services 10% 0% 14-Access to ICT 6-Registries and resources interoperability 13-Data centers 7-Access & connectivity 12-Information for 8-Customer relations management 11-Smart analytics 9-Delivery modes 10-Identification Progress Foresight Data and analytics Planning and implementation Infrastructure and security Digital services Control mechanisms The shell-shaped chart below reflects the ranking of the dimensions bases on the current progress. This provides a useful picture to inform the priority setting. The most sluggish dimensions include: • Information for management (0.0%); • Data centers (7.1%); • Smart analytics (14.3%); • Business continuity (20.0%); and • ICT procurement (25.0%). The score for the progress on Ukraine’s top five vulnerable dimensions of e-government listed above does not exceed 25%, which corresponds to the reform status of a “beginner”. 69 At the same time, there are a few dimensions that have been performing relatively well and deserved a status of a performer (with a score above 50%). These dimensions include: • Cyber security arrangements (75.0%); • Access to ICT resources (70.0%); • Access & connectivity (60.0%); and • Strategic and regulatory framework (56.3%). Note: Although the “Cyber security arrangements” above show the highest score (75%) and, according to the benchmarks used by the current methodology, in relative terms is the most advanced dimension, the coverage of this dimension is limited to checking the availability of the key cyber security arrangements or attributes at the higher level. Although the cyber security system has been improving after the serious security incidents in 2017, there is still much remains to be done in continuous process of improvements that are critical for coping with dynamic nature of cyber-attacks. The implementation of the cyber security arrangements at the sectorial and regional levels is still lagging. At the same time the consequences of cyber security incidents are dangerous due to the weak business continuity arrangements. Figure 11– EGGO assessment dimensions by priorities Information for management Cyber security arrangements 100.0% Data centers 90.0% Access to ICT resources 80.0% Smart analytics 70.0% 60.0% Access & connectivity 50.0% Business continuity 40.0% 7.1% 30.0%0.0% 14.3% 20.0% Strategic and regulatory 20.0% ICT procurement framework 10.0% 25.0% 0.0% Registries and interoperability 30.0% Identification Delivery modes Policymaking Implementation Customer relations Monitoring and control Cross checks Platforms and services Progress Foresight 70 It is evident from the figures 10 and 11, that setting proper foresight directly contributes and informs the advancement of the progress of the reform under the respective area. Having the foresight scores by dimensions allows using the eGGO framework for simulation of scenarios19 improving the average score by addressing the identified major weaknesses. Under the “Status Quo” scenario (Scenario-1), presumable achievement of the current foresight targets will ideally increase the average score to 58.7%, which would allow upgrading the overall reform category to a “performer”. The proposed Scenario-2 assumes setting maximal targets for the two dimensions covered by the area of “data and analytics”, which is the weakest at the level of areas. The more ambitious Scenario-3 adds to the Scenario-2 additional focus on full-scale advancement of the ICT procurement framework, which needs centralized policy coordination and introduction of ICT specific provisions and arrangements. The most ambitious Scenario-4 would go beyond the targets under the Scenario-3, by making the political decision to opt for establishment of centralized virtual datacenter and implementation of a robust business continuity system. Among the options reflected in the Table 1 below, only implementing the Scenario-4 would enable an upgrade to a status of a “frontier”, which should be interpreted as comparability with the frontiers of the e-government reform. Table 1. Foresight Scenarios Scenario Scenario Name Average Score Status 1 Status Quo 58.7% PERFORMER 2 Plus: Data and Analytics (D-11 & D-12) 67.6% PERFORMER 3 Plus: ICT Procurement (D-3) 70.9% PERFORMER 4 Plus: Infrastructure and security (D-13 & D-15) 78.8% FRONTIER Note: The scores and reform statuses are derived by attributing 100% score to respective dimensions referenced in the parentheses. 19 Simulation of scenarios is based on manipulation of the foresight numbers reflected in the Annex. 71 Conclusion Addressing the identified five key vulnerabilities of e-government is critical for the future success and sustainability of Ukrainian reforms. Ignoring any of them may hinder reform progress and constrain “leap-frogging” potential. Next steps should ideally focus reforms that prioritize consolidation of datacenters. Implementing a centralized policy for ICT procurement requires strong political will and high-level support. The first manifestation of such political support could be a clear definition of the stakeholder roles and, most importantly, separation of implementation from policymaking. The latter is not among the top five vulnerabilities, but could be included in the expanded list of top seven, together with the challenges of citizen identification, which is another key enabler of future progress in digitalization that requires continued attention from the authorities in charge of demographic registries. An efficient approach to further modernization of services requires stronger emphasis on implementation of cross-sectorial shared services, wherever applicable. The eGGO assessment provides a broad view on strengths and vulnerabilities of e-government in Ukraine, and outlines key scenarios for consideration by policymakers. Acting on them will require further analysis and consultations regarding specific approaches to addressing weaknesses. Required analyses may include, but will not be limited to, SWOT analyses of lagging dimensions, as well as inventory and gap analysis of infrastructure and services. Also required will be an in-depth review of the policy and regulatory framework with the aim to identify and implement required amendments. 72 Annex 1: eGGO Assessment Summary Areas Dimension Progress Foresight Status I-Planning and 1-Policymaking 33.3% 83.3% Follower implementation 2-Implementation 44.4% 66.7% Follower 3-ICT procurement 25.0% 40.0% Beginner 4-Strategic and regulatory framework 56.3% 68.8% Performer II-Digital 5-Platforms and services 40.0% 60.0% Follower services 6-Registries and interoperability 50.0% 81.3% Follower 7-Access & connectivity 60.0% 80.0% Performer 8-Customer relations 40.0% 40.0% Follower 9-Delivery modes 50.0% 62.5% Follower 10-Identification 30.0% 80.0% Follower III-Data and 11-Smart analytics 14.3% 28.6% Beginner analytics 12-Information for management 0.0% 12.5% Beginner IV- 13-Data centers 7.1% 7.1% Beginner Infrastructure 14-Access to ICT resources 70.0% 70.0% Performer and security 15-Business continuity 20.0% 50.0% Beginner 16-Cyber security arrangements 75.0% 100.0% Performer V-Control 17-Monitoring and control 41.7% 66.7% Follower mechanisms 18-Cross checks 40.0% 60.0% Follower 73 Annex 2: List of Recommendations Short-term priority Medium and longer-term priority Dimension (Risk – Low/Medium/High) (Risk – Low/Medium/High) 1. Policymaking 1) Policymaking function should be streamlined 1) Clear delineation of policy making and consolidated. versus implementation is needed. (Risk: High) (Risk: Medium) 2) The Intersectoral Council on e-Government 2) Clear delineation of mandates and the should be strengthened. Decreasing the number of policy/decision-making roles is Council members should be considered, while warranted amongst the key actors in the retaining sufficient representation and e-Government agenda. incisiveness. This recommendation stems from (Risk: Medium) the high number of members that might make the functioning and decision making of the Council difficult. (Risk: Medium) 3) Given that any policy is ultimately approved by 3) Public outreach to communicate about the CoM, Council’s management and plans and achievements of e-Government membership could be set up at a more technical reform is needed. level to make the scheduling and sessions more (Risk: Medium) agile, technical, and productive. (Risk: Medium) 4) Strong political support to advance this agenda that has been declared a national priority. The Head of SEGA should be given the status of Advisor to the PM on e-government reform. (Risk: Low) 2. Implementation 1) Implementation should be guided by following 1) The e-Government reform should help principles stated in the EU e-Government Action systematize projects and programs Plan: Digital by default, Cross-border by default, management related to IT development, Once only principle on EU level, Interoperability implementation and maintenance from by default, Openness and transparency, the ministries, subordinated agencies, Inclusiveness and accessibility, Trustworthiness regional and local authorities to a and Security. qualified central unit or net of units. (Risk: High) Public authorities should deal only with strategic planning of the use of modern technologies and digitization (sectorial e- transformation), as well as participation at the concept development phase for the IT projects and solutions and use of the implemented solutions. (Risk: Medium) 2) IT project and programs design and 2) Development of all systems should management capacity of the public sector should follow the same rules, practices and be consolidated. Quality assurance of the provided procedures to assure acceptable quality, IT solutions should be improved. documentation and sustainability plans. (Risk: High) (Risk: Medium) 3) Deployment of the shared services should be 3) Clear delineation of institutional embraced by the key guiding principles of the e- mandates related to the IT cycle (design Government implementation. and development, testing, placement in (Risk: High) production, technical operation and maintenance, service delivery, quality 74 Short-term priority Medium and longer-term priority Dimension (Risk – Low/Medium/High) (Risk – Low/Medium/High) assurance, monitoring and evaluation) is needed. (Risk: Medium) 4) SEGA should consider narrowing its scope of 4) Reform Delivery Unit under PM can activities and responsibilities to become more monitor and evaluate the progress of focused. It should be decided what can be done in- reform implementation through a house and what can be delegated or outsourced. Scorecard based on KPI and foster (Risk: Medium) reforms implementation. (Risk: Medium) 5) e-Government transformation agents (persons or units) should be strategically established in public sector entities to ensure proper implementation of activities under the e- government development plan. The person responsible for sectorial e-transformation should not have a rank lower than deputy minister (state secretary). It must be understood such persons or units are in charge of advising on e-Government policy implementation and should not be placed in operative units such as IT departments (or units in charge of maintenance of the IT hardware in ministries or agencies). They need to be change agents in the sector and work tightly with SEGA. (Risk: High) 6) Business model and financial sustainability plans for implemented solutions should be developed, approved and followed. (Risk: High) 3. ICT Procurement 1) Establish a unit in charge of ICT procurement 1) Develop a central data base on all policy at the central government level, and existing assets in the public sector establish co-operation and collaboration with including their age, as a next step to subnational levels of government to avoid earlier initial stocktaking exercises. duplicities and improve value for money of ICT Develop a strategy for ICT procurement investments. based on the inventory of existing assets. (Risk: High) (Risk: Medium) 2) Develop an ICT procurement strategy 2) Establish a central repository for all applicable across the public sector. ICT tenders, contracts and payments (Risk: High) across the public sector at the central levels. ProZorro should provide a good foundation for it. Expand the central open repository to include ICT tenders, contracts and payments at the subnational level. (Risk: Medium) 3) A more coordinated and unified investment 3) Adapt ICT procurement policy to more in public sector IT needs to be implemented. At agile and iterative delivery methods and the local public authorities should coordinate facilitating access to small specialized their investments in IT with the central level. firms to compete for contracts in their (Risk: High) area of expertise. (Risk: Medium) 4) Develop an open database of previous supplier 4) Although in contrast to the general performance for ICT projects. The Assessment of trends and the logic of reduced ProZorro made a relevant general transaction cost in the procurement 75 Short-term priority Medium and longer-term priority Dimension (Risk – Low/Medium/High) (Risk – Low/Medium/High) recommendation to establish a black and white list sector, in-line with OECD of suppliers. recommendation over longer term there (Risk: Medium) could be significant benefits from breaking down large projects to smaller, more manageable sizes as appropriate. One immediate result would be reduction of the risk of failure for smaller and simpler tasks. The smaller sized projects will also allow smaller bidders to compete and bring quite interesting and specialized expertise that some small start-ups or companies may offer. (Risk: Medium) 4. Strategic and 1) Explore the option of standardizing by adopting 1) Revise the legal framework to provide regulatory framework international best practice or benchmark a clearer definition and delineation of regulations, for example on the quality of public mandates and responsibilities related to services, management of registries, etc. policy making and implementation of the (Risk: Medium) various players involved. (Risk: Medium) 2)Establish a Ukrainian Interoperability 2) A more detailed regulatory framework framework, in line with the European on e-Government implementation at the Interoperability Framework, as well as a whole- regional and local level is needed due to of-government Enterprise Architecture as the the high-level of decentralization. overarching operational document. (Risk: High) (Risk: High) 3) Methodological support documents in such areas as re-engineering and digitization of services, registry cleansing, data protection, etc. needs to be developed and provided. (Risk: Medium) 4) A better implementation mechanism for the Law on Personal Data Protection should be define and implemented. (Risk: High) 5. Platforms and 1) The implementation of the platforms and services services should be guided by the EU eGovernment Action Plan principles: Digital by default, Cross- border by default, Once only principle on EU level, Interoperability by default, Openness and transparency, Inclusiveness and accessibility, Trustworthiness and Security. (Risk: High) 2) The definition of services, whether (i) public 1) SEGA should consider the unification service, (ii) administrative service of on-line entry points for receiving the (central/sectorial and central/local) or (iii) services. Modernization of Services communal services need to be clarified to avoid Portal should be implemented. duplications and overlaps as well as responsibility (Risk: Medium) vacuums. A common approach to all services delivered by the public sector for businesses and citizens should be established. (Risk: High) 3) A unified public services registry should be 2) Define the expected results and targets implemented. of the public services reform with 76 Short-term priority Medium and longer-term priority Dimension (Risk – Low/Medium/High) (Risk – Low/Medium/High) (Risk: Medium) indicators and proper monitoring of the progress. (Risk: Medium) 4) The roles related to the services modernization 3) A system to monitor the quality of should be clearly defined. Currently there is delivered services should be ambiguity and overlap between the mandates of implemented. MoEDT and SEGA. (Risk: Medium) (Risk: High) 5) The possibility of implementation shared 4) Implementation of a call center to services should be analyzed more carefully and an support public service delivery. approach to shared services implementation (Risk: Medium) should be developed (application/front-office digitization, identification, signature, log, payment, reporting, delivery, etc.). (Risk: High) 6) A horizontal review and guillotining of 5) SEGA needs to have a strategy to outdated and duplicating services should be improve the uptake of digitized public conducted. Cleanse the services register. services. The strategy should include (Risk: High) public awareness campaigns and tutorials and training on how to use e-services. (Risk: Medium) 7) Prioritization methodology for services subject to modernization should be developed and implemented. (Risk: Medium) 8) Methodologies of services re-engineering and digitization should be developed. (Risk: Medium) 9) SEGA should consider clustering of services based on common features and apply the same approaches to those services. (Risk: High) 10) A unified approach to public services tariffs setting should be developed and applied. (Risk: Medium) 11) Capacity building for the staff involved in the new models of public service delivery. (Risk: Medium) 12) An approach to assisted service delivery (through a net of centers like SNAPs or other qualified entities) for those who do not have computer/internet at home. (Risk: High) 6. Registries and 1) The timeline and deadlines for the interoperability interoperability platform implementation should be redefined and set more realistically. (Risk: Medium) 2) The SEGA needs to create an interoperability implementation inter-sectoral body to hasten cleansing of registers and implementation of the platform. (Risk: High) 77 Short-term priority Medium and longer-term priority Dimension (Risk – Low/Medium/High) (Risk – Low/Medium/High) 3) The SEGA should discuss with other stakeholders the potential solutions and come with some ways of accelerating attribution of unique IDs or for identification of alternative solutions. The uptake of unique IDs is crucial for interoperability. (Risk: High) 7. Access and 1) Elaborate a strategy to strengthen access to the 1) Exploit the almost universal access to connectivity Internet and broadband connectivity from mobile connectivity to offer e-services disadvantaged groups (rural, old, poor, etc.) to and connect to citizens. bridge the digital divide and ensure that all benefit (Risk: Law) from the advancement of e-government services. (Risk: Medium) 2) Considering that cost can be a barrier to access, points of access in local governments through kiosks and one-stop-shops should be explored. (Risk: High) 8. Customer relations 1) Wide involvement of non-governmental 1) Development of e-applications and e- organizations and industry specific associations in petitions. the planning, development and monitoring of e- (Risk: Medium) government initiatives. (Risk: Medium) 2) Introduction of electronic feedback forms at the 2) Encouragement of the use of official authorities’ web-sites, including thematic, electronic tools to involve citizens and for receiving quality feedback on different issues. their support for public initiatives in the (Risk: High) sphere of e-government. (Risk: Medium) 3) Development of the instruments of "open budget", "public budget", on-line discussion of the draft regulations and other instruments of public participation in decision making. (Risk: Low) 9. Delivery modes 1) The SEGA should define a model of assisted 1) The unification of the single-entry service delivery for those who do not have points for the service delivery should computers or internet access. continue. If services are to be delivered (Risk: High) from multiple sources they should be integrated into the portal or if there are more platforms they should adhere to a unified design code. (Risk: Medium) 2) Public awareness campaigns on how to access 2) The Services Portal should be e-services via portal or through assisted service redesigned to be more user friendly. delivery should be conducted (Risk: Low) (Risk: Medium) 3) Mobile based e-Services should be broadly implemented. (Risk: Medium) 10. e-Identification 1) Development of electronic trust services. 1) Development of the existing and (Risk: Medium) introduction of the new schemes and methods of electronic identification and setting the levels of trust to them (including Mobile ID, Bank ID). 78 Short-term priority Medium and longer-term priority Dimension (Risk – Low/Medium/High) (Risk – Low/Medium/High) (Risk: Low) 2) Facilitation of filling in of the unified 2) Implementation of the principle demographic register and promotion of the “single-sign-on” through introduction of passports of the citizens of Ukraine in the form of integrated system of electronic ID card. identification and verification and (Risk: High) repeated use in information and communication systems of the authorities. (Risk: Medium) 11. Smart analytics 1) Create a unit or body in charge of data 1) Develop training programs to develop, management in the public sector. attract and retain data analysis skills (Risk: Medium) across the public sector. (Risk: Medium) 2) Develop a national public sector data 2) Develop programs to engage with the management strategy to strengthen a strategic use community of data producers and re- of data in the public sector to improve users on the usefulness and re-use of open policymaking and performance. government data to find innovative (Risk: Medium) solutions to public issues. (Risk: Low) 3) Develop close collaboration with subnational 3) Develop the required data governments on data management issues. infrastructure to enhance data sharing (Risk: High) across the public sector. (Risk: Medium) 12. Information for 1) SEGA should develop key performance 1) Establish a coherent monitoring and management indicators for implemented services, and monitor evaluation (M&E) system for public the evolution of the services delivery and financial administration that can be used for models. bringing together various aspects of (Risk: High) performance information at the level of HRM, PFM /budget, etc. The automation of M&E systems will allow incorporating information from citizen feedback platforms, statistical data and other registries. (Risk: Medium) 2) Ensure seamless exchange of performance 2)Consider introducing an effective information through the interoperability platform. framework for evaluating performance of (Risk: Medium) public sector intuitions and civil servants. (Risk: Medium) 13. Data centers 1) SEGA should initiate the process of public 1) Less mature but still advanced sector data centers consolidation. datacenters could be upgraded to meet (Risk: High) the standards and also become a node for single virtual data centers. (Risk: Medium) 2) An inventory of all data centers should be 2) Government should consider using conducted by attributing levels of maturity. public clouds for open data and less (Risk: High) sensitive data. (Risk: Low) 3) SEGA should carefully plan a good cloud implementation and transition strategy, including the concept of hybrid cloud (embedded implicitly in the last recommendation about use of public clouds), and cost recovery strategy. (Risk: High) 79 Short-term priority Medium and longer-term priority Dimension (Risk – Low/Medium/High) (Risk – Low/Medium/High) 4) Most mature data centers should be operationally consolidated and a cloud base virtual environment should be created based on those data centers that will serve as nodes. (Risk: High) 14. Access to ICT 1) Strengthen access to ICT equipment and Plan ahead to ensure the possibility of resources broadband connectivity for subnational tapping the benefits of employees. telecommuting/virtual offices for public (Risk: High) sector work. That would entail investing in connectivity, security and privacy. (Risk: Medium) 15. Business 1) Systematize methodologies for the 1) Ensure that regulations that establish continuity collection, storage and management of business continuity mandates are updated information. and respond to the best practices. (Risk: High) (Risk: Medium) 2) A public sector cloud strategy needs to be 2) Implement a Data Recovery Center. developed that will cover the migration of the data (Risk: Medium) to the cloud environment as well as the implementation of the Data Recovery Center. (Risk: High) 3) Establish guidelines for the provision of data storage services at central level. (Risk: Medium) 16. Cyber Security 1) Continue improving business processes and Invest in user awareness, education and arrangements collaboration within the stakeholders responsible readiness. for cyber security arrangements and public entities (Risk: Medium) in charge of systems, registries, or digitalization initiatives. (Risk: High) 2) Continue running simulations and stress tests on a regular basis to identify public sector IS vulnerabilities. (Risk: Medium) 3) Continue improving risk assessment system. Invest in developing the capacity to collect and process data to assess the risk and impact of incidents. (Risk: High) 17. Monitoring and 1) A good e-government strategy needs a solid 1) Adopt a robust BPR methodology that, control M&E framework, including the creation of an among other things, identifies all agency executive dashboard with key indicators for relation risks and opportunities for decision-makers. (mutual) monitoring between the parties (Risk: Medium) concerned to reinforce checks and balances. (Risk: Medium) 2) Ensure that all digitization initiatives ensure 2) Ensure that automation equips the proper track of logs that can be used for parties with effective and innovative monitoring. electronic tools to facilitate monitoring. (Risk: High). (Risk: Medium) 3) Establish framework for motivating and 3) As applicable, use technology engaging customers, civil society and media solutions, including interoperability through effective feedback mechanisms. platform, blockchain technology, (Risk: Medium) artificial intelligence and big data to 80 Short-term priority Medium and longer-term priority Dimension (Risk – Low/Medium/High) (Risk – Low/Medium/High) reduce the transaction costs of monitoring and control of agency relations. (Risk: Low) 18. Cross checks 1) Use the interoperability platform to establish 1) Observe prospects of introducing risk real time data exchange between registries. management culture in other areas and (Risk: High) automated systems. (Risk: Low) 2) Ensure there is clear regulation (and guidelines) enabling accessing required information and use for automatic cross checks. (Risk: Medium) Note: The reported risks refer to a situation when the recommendations are not followed 81