The State Digitalisation Strategy is to be a comprehensive, long-term document setting out the directions for the development of the state’s computerisation. Re-consultations on this issue were announced by the Ministry of Digitalisation. It was within their framework that the experts of the Digital Poland Association prepared an opinion focusing on the elements necessary for the Strategy to be implemented effectively.
According to the Association, it is the freedom of technological choice – based on interoperability and open standards – that should become the foundation of digital sovereignty. Only such a model allows public administrations to avoid dependence on a single provider, to respond flexibly to technological changes and to effectively improve the security of public systems.
– Digital sovereignty is not about the state locking itself into one ‘own’ technological ecosystem. It is about being able to consciously choose the best available solution at any time and change it if a better alternative emerges, says Michał Kanownik, President of the Digital Poland Association.
The organisation points out that the technology market in Poland today accounts for around 10 per cent of GDP and provides work for nearly 1.5 million people. Global and local technology providers create a common ecosystem from which administration, business and citizens benefit. The strategy, according to the Association, should clearly reflect this fact, instead of suggesting that the presence of global companies is a threat to state sovereignty.
Cloud and procurement: diagnosis without tools is not enough
Experts emphasise that the Strategy document in its current form accurately diagnoses many problems, but does not always indicate the tools to solve them. This applies in particular to cloud implementation mechanisms and the organisation of IT procurement.
– A strategy should be an instruction manual for the administration, not just a set of ambitious goals. Without a simplification of IT purchasing, a viable Cloud First policy and a clear approach to cooperation with the market, neither the digitalisation of public services nor the building of state resilience will be accelerated, states Michał Kanownik.
Concretes? The strategy is too cautious about the public cloud, even though it is a standard in the most regulated sectors in the world, from banking to defence. Cyfrowa Polska’s experts call for adopting a Cloud First policy at the statutory level, treating the government cloud and commercial clouds as complementary solutions, adopting an obligation to justify decisions not to use the cloud in new IT projects, as well as promoting multi-cloud and hybrid architectures to reduce vendor lock-in.
One of the most serious problems of the digitisation of the administration is ineffective purchasing mechanisms. The union points out that the Cloud Service Provisioning System (ZUCH) in its current form has not fulfilled its role, which has also been confirmed by NIK inspections. The opinion proposes reforming or replacing ZUCH with a model modelled on the British G-Cloud and simplifying procedures so as to really open up the public procurement market for Polish SMEs and startups.
– The UK’s G-Cloud programme has enabled thousands of contracts with more than 5,000 suppliers, mainly in the SME sector, with a total value of around £11.5 billion. This is an example we should take advantage of,” notes Michal Kanownik.
It is necessary to prepare for new types of threats
Effective digitisation of the state cannot abstract from the issue of cyber security and resilience of critical infrastructure. As we read in the opinion of Cyfrowa Polska, the Strategy should focus more on practical solutions, such as physically and logically isolated data processing centres, dedicated communications infrastructure and systems designed to operate in crisis conditions.
In the Association’s view, the approach to new types of threats, including post-quantum threats, is also a significant understatement of the Strategy. The organisation points out that the development of quantum and post-quantum cryptography should not be limited to research and development facilities only, but should include pilot implementations of already available commercial solutions. This is particularly true for critical infrastructure and key data processing nodes, which should be prepared for long-term technological risks.
The issue of digital identity and the system of electronic signatures also needs to be sorted out. Experts believe that the Strategy should explicitly strengthen the role of qualified electronic signatures and qualified validation as EU-wide solutions for automatic, reliable document verification. In an environment of increasing document fraud, this is crucial for the security of legal transactions.
– All of these comments aim to create a comprehensive, sustainable strategy that will stay with us for years to come. While we are positive about the direction of the document itself, we believe that the details are of fundamental importance in this case. Therefore, we declare our readiness for further cooperation and dialogue with the Ministry of Digitalisation,” concludes Michał Kanownik.
Source: Związek Cyfrowa Polska
