Development principles
The development of integrated government solutions is guided by a set of principles that ensure consistency, efficiency, interoperability, and security across the entire ecosystem. These principles are mandatory for all actors involved in the design, development, and implementation of government information systems.
🧠 Smart architecture¶
Architectural decisions must be taken at the appropriate level, depending on the scope and impact of the solution. Local architectures (at the level of a single institution) must be aligned with national and sectoral architectures, ensuring interoperability and avoiding duplication of resources.
The principle requires that any solution is integrated into the national digital ecosystem, supporting data and service exchange through the interoperability platform and common standards.
🛡️ Secure by design¶
Security must be built into the foundation of every system, not added later. This encompasses the entire security lifecycle: threat modeling, secure architecture, hardened infrastructure, vulnerability management, and incident response.
Secure by design ensures that government systems can withstand cyber attacks, maintain service availability, and protect the integrity of government operations.
♻️ Reuse of solutions¶
Architectures must balance consistency with the need for innovation. The reuse of solutions and technologies is encouraged, as long as this ensures efficiency and cost optimization.
Consistency ensures that systems follow common rules, while innovation allows institutions to improve processes and services with modern technologies.
📜 Full compliance¶
Solutions must be developed in full compliance with the applicable legal and regulatory framework. This includes respect for legislation on the protection of personal data, electronic signatures, electronic documents, and auditing of information systems.
Compliance guarantees that services are legally valid and trusted by citizens, businesses, and institutions.
🔒 Privacy by design¶
Privacy must be integrated from the design stage of any system. This includes authentication and authorization mechanisms (for example, through mpass), encryption of communications (tls), role-based access control (rbac), and continuous logging (mlog).
Trust by design ensures that systems are resilient to cyber threats and that citizens can safely use government services.
🚀 Cross optimization¶
Solutions must be optimized for integration into broader workflows. This includes asynchronous flows, orchestration of processes through bpm tools, integration of notifications (mnotify), and delivery of documents (mdelivery).
Cross-application optimization increases efficiency and reduces duplication of efforts.
🤝 Contribute not just consume¶
Institutions must not only consume data from government registers but also contribute and maintain their own authoritative data sources. Every institution is responsible for ensuring the accuracy, completeness, and timeliness of data under its mandate.
Semantic catalog serves as the single point of discovery for all government data, enabling efficient reuse and preventing fragmentation.
🎯 Once only principle¶
Citizens and businesses must provide information to government only once. Institutions must reuse validated data from authentic registers through the semantic catalogue, which systematizes metadata from government data sources.
The "once only" principle reduces administrative burden, ensures data consistency, and prevents duplicate collection across government services.
🔔 Events by default¶
Systems must automatically emit events when significant state changes occur, rather than requiring others to poll for updates. Authoritative registers publish events (e.g., "address changed," "license issued," "deadline approaching") that enable automated workflows and asynchronous integration between systems. Event-driven architecture reduces system load, improves responsiveness, and ensures timely information delivery to citizens and institutions.
🔗 Interoperability in mind¶
Government solutions must be interoperable by default. This means they expose apis (rest or soap), respect open standards, and can be integrated via api gateways or other middleware.
The principle of interoperability by design prevents the creation of isolated systems and ensures integration at national and cross-border levels.
🌐 High reliability¶
Government services must be highly available and reliable. Solutions are hosted on scalable infrastructure (MCloud operated by STISC), monitored continuously, and delivered under clear Service-Level Agreements (SLA).
Availability ensures that services are provided without interruption, while reliability ensures that data and processes remain consistent and trustworthy.