Increasingly, governance is emerging as a major issue in MSW development
The development of a MSW in a country requires substantial effort of many different stakeholders. It is not an ICT issue only. A major bottleneck in most countries is the lack of meeting governance requirements to fulfill the implementation needs of Directive 2010/65/EU. Harmony between technology, organisation and legal (the MSW trinity) needs to be established. More in detail, some issues that need to be reckoned with are:
I. Interdepence between legal, organisational and technical aspects
- Ideally: first legal, then organisational, then technical
- In practice: not likely to be tackled as separate issues (legal and organizational aspects cannot be ignored when discussing per subjects like data storage, response messages and validation).
- When discussing security and availability issues: is this a legal issue? Yes. Most likely police and or custom law covers this. Is this an organisational issue? Yes. Is there an owner of the system MSW, of the software? If so, which department is risk-owner in case the system collapses or suffers from errors? Is this a technical issue? Yes. Extra security and extra availability has sometimes farstretching effects.
- Current legal framework: what formalities are implemented in which law (and lower regulation)
- Current legal framework: how are privacy aspects currently covered?
- Which competent authority is allocated the task of receiving the aforementioned formality?
- Which authority is appointed with the responsibility of ensuring all privacy aspects are covered?
- What changes as a result of the implementation of Directive 2010/65?
- One platform
- Reporting once
- Other issues relating roles and responsibilities?
- Is the development of the MSW platform an obligation for just one department/public authority? If so, is the Directive implemented with the intent of creating something new, i.e. a new entity?
- Need to identify users of the platform as soon as possible (customs, immigration, health, shipping authority, etc). A governing body, i.e. steering group, with all parties involved needs to be set up!
- Conflicting interests need to be tackled. Authority A wants the platform to use codebook A, authority B wants the platform to use codebook B Etc…
- Proposals regarding roles and responsibilities in the operational phase need to be discussed, including financial arrangements.
- Ideally this follows all the above. In reality various EU Member States have likely started the MSW development with the idea of implementing 2010/65/EU as an ICT project. Well, to be clear: it is not.
- If one competent authority cannot or will not accept their responsibility in the development process, you are heading towards either an ICT solution that will not be used by all authorities or a political/administrative clash in your country.
- One should prevent the waterfall perspective to be applied when implementing 2010/65/EU. One needs to clearly design and put an architecture in place that should be validated.