Once Only: A Cornerstone of Efficient and Trusted Digital Governance in Europe

Any significant progress in digitalisation is build on the availability of good quality data. That is even more true in public administration. The EU has approached this topics a couple of years ago already. However, its implementation is slow and fragmented over the various member states. The objective of a more digitalised and in particular efficient public administration can only be achieved if the necessary data is available, otherwise digitalisation is unnecessary costly and there are not only issues of being inefficient arising but also problems with contradicting or incomplete data. On the other hand, we also need to keep in mind that there needs to be transparency of data usage as well as protection against unnecessary data aggregation or data misuse. A cornerstone topic for Legal AI and digitalisation in the legal domain. This complex topic is the focus of this week’s edition of the Legal Informatics Newsletter.

Introduction: Unlocking Efficiency and Trust in Europe’s Digital Future

The "Once Only" principle is a cornerstone of the European Union’s vision for efficient and citizen-friendly public administration. Rooted in the Single Digital Gateway Regulation (SDGR, EU 2018/1724), this principle ensures that citizens and businesses provide their information to public authorities only once, reducing redundancies and streamlining administrative processes. The concept represents a transformative step toward a digitally connected Europe, where data flows securely and efficiently across borders and sectors.

At its heart, "Once Only" is about interconnection, not centralization. Data remains stored in decentralized national databases, and the Once Only Technical System (OOTS) facilitates secure sharing between public administrations within and across EU member states. This approach balances the need for efficiency with robust protections for privacy and data security.

However, achieving this balance is quite a challenge. The trust of citizens is crucial to the success of the "Once Only" principle. Concerns about over-aggregation of data, potential misuse by AI systems, and risks of surveillance must be addressed with strong safeguards. Various reviews and statements by data protection authorities and other relevant stakeholders show that there is a significant amount of opposition and mistrust. Transparency, accountability, and citizen empowerment must be at the core of implementation, with mechanisms for independent oversight and judicial recourse ensuring that individual rights are upheld and trust in the concept can be build.

On the other hand the European framework for "Once Only", is without alternative when an efficient, service oriented digital public administration is a key objective for the future. It has the potential to drive digitalization in the public and private sectors, if it overcomes the opposition it faces. That can only be achieved by trust-building measures and strong protection of citizens’ rights, such as citizen access to digital logs, robust data protection standards, and independent supervision, to create a system that is not only efficient but also fair, ethical, and transparent.

By embracing the "Once Only" principle, Europe can lead the way in creating a digital governance model that prioritizes both innovation and individual rights.

1. The European Framework for "Once Only"

The "Once Only" principle is a foundational component of the European Union's strategy to create efficient, citizen-centric public services. It is referenced in the SDGR, which establishes a unified framework for digital access to information, administrative procedures, and support services across the EU. The principle embodies the EU’s commitment to reducing administrative burdens while protecting individual rights, forming a cornerstone of its broader digital transformation agenda. SDGR  objectives include:

• Streamlining Administrative Processes: By enabling citizens and businesses to provide information only once, public authorities can access and reuse this data for subsequent administrative procedures, reducing duplication.
• Cross-Border Integration: The regulation ensures that public services are interoperable across EU member states, facilitating cross-border mobility and cooperation.
• Digital Access to Public Services: Through the single digital gateway, users can interact with public administrations digitally, accessing information and completing procedures seamlessly across borders.

Under the SDG Regulation, the Once Only Technical System (OOTS) plays a pivotal role in enabling the secure sharing of information between decentralized national databases. This ensures that data remains under the control of the originating authority while being accessible across jurisdictions when needed.

The Role of the Once Only Technical System (OOTS)

The OOTS is the technical infrastructure that underpins the "Once Only" principle, ensuring efficient and secure communication between public administrations. Its key characteristics include:

• Decentralized Data Management: Data remains stored in its original databases, reducing the risks associated with centralized repositories.
• Interoperability Across Borders: OOTS enables the seamless exchange of information between EU member states, supporting cross-border public services such as tax compliance, legal aid, and business registration.
• Privacy and Security: The system is designed to comply with the General Data Protection Regulation (GDPR), incorporating robust encryption and purpose limitation safeguards to protect personal information.

By leveraging OOTS, public administrations can streamline procedures while ensuring that data sharing is both efficient and compliant with EU data protection standards.

Implementation Across EU Member States

While the SDGR sets a unified vision, the implementation of the "Once Only" principle varies across EU countries:

• Advanced Implementers: Countries like Estonia and Denmark have already integrated OOTS into their administrative systems, leveraging their advanced digital infrastructure to realize significant efficiency gains.
• Fragmented Progress: Other member states are still in the early stages of implementation, facing technical, legal, or organizational challenges. This disparity highlights the need for greater collaboration and support to achieve uniform adoption across the EU.
• Cross-Border Challenges: Despite progress, ensuring full interoperability between different national systems remains a complex task, both for national and for cross-border public services.

The "Once Only" principle, backed by the SDGR and the OOTS infrastructure, represents a significant step forward in advancing digitalisation in member states but also in creating digitally connected Europe. However, its success depends on addressing implementation challenges and fostering trust among citizens and businesses.

2. Benefits of the "Once Only" Principle

The "Once Only" principle is more than just an administrative innovation; it is a transformative concept with far-reaching implications for public services, businesses, and legal AI. By streamlining processes and improving the quality of data management, "Once Only" delivers tangible benefits to citizens, governments, and private entities, while laying the groundwork for digitalisation in national public administration as well as a digitally connected Europe.

Efficiency Gains in Public Administration

The "Once Only" principle is the basis for avoiding redundancy, making public services more efficient and cost-effective:

• Streamlined Processes: Citizens and businesses no longer need to provide the same information repeatedly for different administrative tasks.
• Cost Savings: Reduced duplication of data collection lowers operational costs for public administrations, freeing resources for other priorities.
• Faster Service Delivery: By enabling seamless data sharing between public authorities, the principle accelerates procedures such as licensing, permits, and benefits applications.

Empowering Legal AI

Legal AI systems thrive on accurate and comprehensive data. The "Once Only" principle provides the structured and interoperable datasets needed to maximize AI’s potential:

• Data Accuracy: Ensures access to up-to-date, verified information from interconnected systems, minimizing errors and inconsistencies.
• Enhanced Decision-Making: AI systems can be based on linked datasets to support tasks like legal document review, case prediction, or regulatory compliance.
• Scalability: Cross-border data sharing expands the applicability of legal AI across jurisdictions, supporting multinational legal and administrative processes.

Supporting Digital Transformation in the Private Sector

The benefits of "Once Only" extend beyond public administration to the private sector, fostering innovation and economic growth:

• Simplified Compliance: Businesses can meet regulatory requirements more easily, such as cross-border tax declarations or labor certifications.
• Improved Service Delivery: Private entities partnering with governments can leverage streamlined data sharing to enhance customer experiences, such as in healthcare or insurance.
• Collaboration with Public Entities: The principle facilitates partnerships between the public and private sectors by creating shared, interoperable infrastructures.

Strengthening Trust in Public Administration

When implemented transparently, the "Once Only" principle can also significantly improve citizens’ trust in government:

• Transparency: Providing citizens access to information of digital public administration actions (e.g. by recording them in logs and making such logs available to citizens) and so enabling them to see how their data is used fosters confidence in public systems.
• Accountability: By requiring explicit consent for data sharing and adhering to GDPR, governments demonstrate their commitment to protecting personal privacy.
• Reduced Bureaucracy: A smoother, more responsive administrative process improves citizens’ interactions with public services, reinforcing trust.

The "Once Only" principle could serve as a critical enabler of digital transformation, offering benefits that extend from improved efficiency to stronger cross-border cooperation and enhanced trust. However, these benefits can only be fully realized if the risks associated with privacy, data security, and citizen oversight are addressed.

3. Risks and Challenges of the "Once Only" Principle

While the "Once Only" principle holds immense potential for improving public administration and fostering digital transformation, its implementation is seen sceptically by many who point to the related risks and challenges. Addressing these concerns is essential to ensure that the principle operates effectively, ethically, and in a way that earns public trust.

Privacy and Data Protection Risks

The aggregation and sharing of personal data across interconnected systems raise critical privacy concerns:

• Over-Aggregation of Data: Interconnected databases could lead to the accumulation of sensitive personal information, creating risks of unauthorized surveillance or profiling.
• Loss of Control: Citizens may feel disempowered if their data is shared without their explicit knowledge or consent.

Security Vulnerabilities

Decentralized but interconnected data systems are attractive targets for cyberattacks:

• Data Breaches: A breach in one database could compromise sensitive information across multiple systems, leading to widespread harm.
• Cross-Border Challenges: Differences in cybersecurity maturity among EU member states could create weak links in the overall system.
• Insider Misuse: Even with external security measures, insider threats such as unauthorized access or misuse of data remain a concern.

Risk of Misuse by AI Systems

The integration of legal AI with the "Once Only" principle poses risks if not carefully managed:

• Unintended Bias: AI systems trained on aggregated data could unintentionally perpetuate or amplify biases present in the data.
• Surveillance Risks: Overly detailed data interconnections could allow AI to infer sensitive information about individuals, leading to misuse or overreach.
• Opaque Decision-Making: Automated systems relying on interconnected data might make decisions that are difficult for citizens or administrators to understand or challenge.

Fragmented Implementation Nationally and Across the EU

Despite the EU-wide framework, the implementation of "Once Only" remains uneven:

• Varying Progress: There is slow progress in providing sufficient Once Only solutions nationally in the member states with different levels of progress between the member states.
• Interoperability Issues: Inconsistent standards and practices hinder seamless national or cross-border data sharing.
• Administrative Resistance: Public authorities may resist the operational changes required to integrate the "Once Only" principle into their systems.

Public Trust and Acceptance

Without public trust, the "Once Only" principle cannot succeed:

• Transparency Concerns: Citizens may be sceptical about how their data is being shared and whether it is adequately protected.
• Lack of Awareness: Limited understanding of the principle and its safeguards could lead to resistance or fear among the public.
• Accountability Challenges: Inadequate oversight mechanisms could erode confidence in the system.

Addressing the Challenges

To overcome these risks, several measures should be considered and implemented:

• Privacy by Design: Systems must be built to prioritize privacy, incorporating features like data minimization and purpose limitation from the outset.
• Robust Security Measures: Investments in advanced cybersecurity infrastructure, regular audits, and real-time monitoring can mitigate risks of breaches and insider threats.
• Transparency and Oversight: Independent supervisory authorities should monitor the system, while citizens must have access to logs showing how their data is used.
• AI Governance: Ethical standards and human oversight must be integrated into AI systems to prevent misuse and ensure fairness.
• Public Engagement: Educating citizens about the principle and its safeguards can build trust and encourage acceptance.

The "Once Only" principle represents a significant leap forward for digital governance, but its success depends on addressing these challenges head-on. In the next chapter, we will examine how trust can be built through mechanisms such as independent oversight and citizen empowerment, ensuring a system that is not only efficient but also ethical and transparent.

4. Building Trust Through Oversight and Citizen Empowerment

The success of the "Once Only" principle depends not just on its technical implementation but also on earning the trust of citizens and businesses. Trust is built through transparency, robust oversight, and empowering individuals to control their personal data. This chapter explores the mechanisms needed to ensure the "Once Only" principle operates ethically, securely, and with full accountability.

Independent Oversight and Accountability

A trustworthy system requires robust, independent mechanisms to monitor operations and enforce compliance:

• Role of Independent Authorities: Supervisory bodies, should oversee the implementation of the "Once Only" principle to ensure adherence to GDPR and other legal frameworks. These authorities must have the resources and autonomy to conduct regular audits, investigate complaints, and impose penalties for non-compliance.
• Transparency Through Reporting: Public authorities should issue regular reports detailing how data is shared, accessed, and protected. These reports should include insights into security audits, usage trends, and any incidents or breaches.
• Judicial Review: Courts must remain accessible to citizens who wish to challenge unauthorized data use or enforce their rights under the system.

Citizen Empowerment and Control

Empowering citizens is essential to building trust in data sharing systems:

• Access to Digital Logs: Every interaction with a citizen’s data—whether by a public administration or third party—must be recorded in a secure digital log. Citizens should have unrestricted access to these logs, enabling them to monitor who accessed their data, for what purpose, and when.
• Granular Consent Mechanisms: Citizens must retain control over their data by granting or revoking consent for sharing, except in cases where a legal mandate applies. Consent systems should be designed to be user-friendly, ensuring that citizens can make informed decisions about their data.
• Right to Challenge and Redress: Clear mechanisms must be in place for citizens to challenge the use of their data, report misuse, and seek correction or compensation where necessary.

4.3 Privacy by Design and Security

Building trust also requires embedding privacy and security into the system’s architecture:

• Data Minimization: Only the data strictly necessary for a specific purpose should be shared, ensuring compliance with GDPR and reducing risks of misuse.
• Purpose Limitation: Data must only be used for the purpose specified at the time of collection or sharing, with no secondary use without explicit consent.
• Strong Security Measures: Decentralized storage, encryption, and multi-factor authentication should protect data from unauthorized access or breaches. Regular security audits and real-time monitoring can further strengthen resilience.

AI Governance and Ethical Standards

If legal AI systems are integrated with "Once Only," they must operate within clear ethical and governance frameworks:

• Algorithmic Transparency: AI systems must be explainable, with decisions derived from citizen data clearly documented and auditable.
• Human Oversight: Automated systems must include human-in-the-loop processes for sensitive decisions, ensuring fairness and preventing discrimination.
• Bias Mitigation: AI training data should be regularly reviewed to identify and eliminate biases, ensuring equitable outcomes for all citizens.

Public Engagement and Education

A well-informed public is more likely to trust and support the system:

• Citizen Awareness Campaigns: Governments should educate citizens about the "Once Only" principle, its benefits, and the safeguards in place to protect their data.
• Feedback Mechanisms: Systems should include channels for citizen feedback, allowing users to report issues, suggest improvements, and feel actively involved in shaping the system.
• Accessible Design: Interfaces for accessing logs and managing consent must be simple and intuitive, ensuring that citizens of all technical skill levels can participate fully.

By integrating these measures, the "Once Only" principle can deliver the efficiency and innovation it promises while earning the trust of the people it serves. In the next chapter, we will explore the path forward for harmonizing implementation across the EU and achieving a balance between innovation and accountability.

The Path Forward: Harmonizing Implementation and Balancing Priorities

The "Once Only" principle holds immense potential for transforming public administration, but its success depends on achieving harmonized implementation across the European Union while addressing the diverse challenges it poses. To unlock its full potential, policymakers, technologists, and citizens must work collaboratively to balance the goals of efficiency, innovation, privacy, and accountability.

5.1 Harmonized Implementation Across the EU

One of the key challenges of the "Once Only" principle is the uneven pace of adoption across EU member states:

• Bridging the Gaps: Member states must align their technical infrastructure and administrative processes to ensure equal levels of access and protection as a first step. National Progress and EU wide integration are finally what needs to be achieved in order to progress with building reliable trustworthy data structures that serve the objective of delivering an efficient digital public service.
• Standardizing OOTS Integration: The Once Only Technical System (OOTS) should be implemented uniformly to facilitate secure and efficient data sharing between decentralized national databases. Establishing shared technical and legal standards for data formats, protocols, and security will enhance cooperation.

Setting Priorities

For "Once Only" systems to expand, the key priorities need to be set and delivered

·        Prioritizing Privacy and Trust

·        Fostering Transparency

·        Developing Ethical AI Standards

·        Human Oversight in Decision-Making

·        Cross-Border AI Governance

·        Engaging Citizens and Stakeholders

·        Investing in Technical and Organizational Capacity

6. Conclusion: A Vision for a Trusted and Connected Digital Europe

The "Once Only" principle is a transformative step toward creating a trusted, efficient, and citizen-centric digital ecosystem. By ensuring that citizens and businesses only need to provide their data once, the principle streamlines administrative processes, supports cross-border cooperation, and empowers the integration of advanced technologies like legal AI.

The "Once Only" principle offers a blueprint for modernizing public administration and fostering digital sovereignty across the EU. By harmonizing implementation, protecting privacy, and ensuring accountability, member states of the EU can create a system that is not only efficient but also ethical and trustworthy and progress with achieving a more digital and efficient public service that respects citizens’ rights.