Secure access to local government services based on the Online Access Act

The primary goal: modern public services that are oriented towards the needs and preferences of their users. The Online Access Act (OZG) has created the foundation for this since 2017. This Act requires German public authorities at the federal, state and municipal levels to also offer their public services electronically via a set of government portals.

Digitalised and user-friendly

From applications for student grants or parental allowances to requests for birth certificates, Germany's public services are aiming to make their interactions with citizens and businesses significantly faster, more efficient and more user-friendly in the future. The OZG addresses services that are digitalised and thus require an infrastructure that makes them available in a secure, reliable and efficient manner. Accordingly, close cooperation is necessary among a number of stakeholders and organisations.

Greater value for consumers

The OZG covers a broad portfolio of services across 14 separate topic areas that address digital solutions for consumers -- from the world of work and family life to environmental issues. By the end of 2022, the OZG will require all German public administrations to offer public services electronically via public administration portals, as well. These individual portals are to be linked together in a portal network. In addition, public authorities are being asked to provide user accounts that enable citizens to use a uniform system of identification and authorisation for their services. User data entered once for a user account can then be reused as often as required. A user account with the Federal Government or one of the states will also allow the user to access the administrative services of the other providers in an interoperable way.

Secure design

To ensure that citizens can use these services with confidence, a high level of IT security is also required in implementing the OZG. The BSI is therefore acting in its capacity as IT security architect and providing support to the portal network project (for example) by preparing a general security model. In line with Section 1 (2) OZG, the BSI will need to create a Technical Guideline to be able to guarantee IT security in the portal network. In addition, the BSI plans to create Technical Guidelines for the signature and seal service to be offered in the portal network in the future, as well as for a standardised corporate account.

Technical Guidelines: a secure foundation

Preparations are also currently underway on how to securely regulate register retrieval in line with the Register Modernisation Act (RegMoG). This is to be ensured by a new Technical Guideline. The BSI is also drawing up a security concept for the Interoperable Service Accounts project and providing advice on all information security issues. In addition, the BSI is creating and updating a Technical Guideline that will form the basis of secure identification and interoperable identity management. To ensure the OZG can be used securely by consumers in the future, the BSI is evaluating identification and authentication solutions from public and private service providers in line with the EU's eIDAS Regulation and the BSI's own Technical Guidelines 03107 and 03147.