Full text of Act No. 40 / 2007 Coll.
Full text of Act No. 365 / 2000 Coll., on Information Systems of Public Administration and on the amendment of certain other laws, as shown by later amendments
Valid
Declared full text
Text versions:
01.03.2007
Zobrazeno prvních 200 z celkem 363 ustanovení tohoto předpisu.
Zobrazit celý předpis →
Pro stažení celého znění použijte tlačítko Stáhnout výše.
40
PRESIDENT OF THE GOVERNMENT
Announces
full text of Act No. 365 / 2000 Coll., on Information Systems of Public Administration and on the amendment of certain other laws, as is apparent from the amendments made by Act No. 517 / 2002 Coll., Act No. 413 / 2005 Coll., Act No. 444 / 2005 Coll., Act No. 70 / 2006 Coll. and Act No. 81 / 2006 Coll.
Parliament has decided on this law of the Czech Republic:
Subject matter
That law lays down rights and obligations relating to the creation, use, operation and development of public administration information systems.
Definition of terms
For the purposes of this Act:
(a) information activities for the acquisition and provision of information, the representation of data information, the collection, evaluation and storage of data on tangible media and the storage, retrieval, modification or modification of data, their transmission, dissemination, disclosure, exchange, sorting or combination, the blocking and disposal of data stored on tangible media. Information activities shall be carried out by administrators, operators and users of information systems through technical and programme means;
(b) an information system of a functional whole or part thereof ensuring a targeted and systematic information activity. Each information system shall include data organised in such a way as to enable it to be processed and made available, as well as tools enabling the performance of information activities;
(c) the controller of the public administration information system, an entity which, under the law, determines the purpose and means of processing the information and is responsible for the information system;
(d) the operator of the public administration information system, an entity which carries out at least certain information activities related to the information system. The administrator may entrust the operation of the public administration information system to other bodies, unless other law excludes it;
(e) developing public administration information systems the process of implementing information and communication technologies, including its legal, organisational, knowledge and technical collateral;
(f) a data element of a data unit which is considered to be indivisible in a given context and is clearly defined;
(g) the service of the information system activity satisfying the requirements of the authorised entity associated with the information system function;
(h) the code list of the permissible values of the data element usually in the form of pairs, i.e. coded data and its code values;
(i) a reference, shared and secure interface between public administration information systems (hereinafter referred to as "reference interface"), a summary of legal, technical, organisational and other measures creating a uniform integration environment for public administration information systems providing a high-quality system of common services, including information exchange services between the various information systems of public administrations and other bodies, including with systems outside the Czech Republic;
(j) conformity tests
1. the capability to implement the links of the public administration information system with other information systems through a reference interface; or
2. long-term management of public administration information systems with the requirements of this Act and the implementing legislation on this Act;
(k) the product's aggregate name for or a combination of technical equipment, software, information systems or service documentation;
(l) an attestation certifying the positive result of the test;
(m) by the testing centre, a legal or natural person who is an entrepreneur carrying out attestations;
(n) remote access to the information system through an electronic communications network or service (e.g. using the Internet);
(o) the controller of the data element is a legal entity that submits new data elements, proposes to amend them or cancel them;
(p) the code list manager is the legal entity responsible for the creation and distribution of the code list;
(q) by the public administration portal, an information system established and operated with the aim of facilitating remote access to and communication with the public to the public;
(r) sharing data to allow access (i.e. providing the relevant service) to the data through the reference interface to several entities simultaneously;
(s) the link between public administration information systems between mutual or unilateral provision of services and information, such as data sharing;
(t) a public information system managed by the AIFMs referred to in Article 3 (2) or any other information system providing services to the public that has links to the public information systems;
(u) an operational information system providing the information activities necessary for the internal operation of the competent authority, such as accounting, asset management, and not directly related to the performance of public administration;
(v) the conditions and conditions of the trade issued by the testing centre, including in particular the definition of the subject-matter and the procedures of the testing centre for carrying out the tests approved by the Ministry of Informatics (hereinafter referred to as the Ministry);
(w) the accreditation procedure whereby a certificate is issued that the legal or natural persons who are entrepreneurs fulfil, to the extent specified, the technical, organisational, economic and personnel conditions for carrying out the attestations;
(x) operational documentation of the public administration information system which describes the functional and technical characteristics of the information system.
Public administration information systems
(1) Public administration information systems are a set of information systems used for the exercise of public administration. These include information systems providing activities under special laws (1).
(2) The managers of public administration information systems are ministries, other administrative offices and local authorities (hereinafter referred to as "public administrations").
(3) The Act does not apply to public administration information systems
(a) intelligence services (2);
(b) The police of the Czech Republic in the performance of its tasks (3);
(c) law enforcement authorities in connection with criminal proceedings (3a), with the exception of the register of criminal offences (3b);
d) Police of the Czech Republic and the Prison Service of the Czech Republic in providing special protection and assistance to vulnerable persons under special legislation 3c);
(e) by the Ministry of Finance in the framework of an activity under a specific legislation on combating the legalisation of proceeds from crime or a specific legislation on the implementation of international sanctions in order to maintain international peace and security, the protection of fundamental human rights and the fight against terrorism;
(f) the National Security Office, the Intelligence Service or the Ministry of the Interior in carrying out security proceedings and keeping records under the Special Law (5);
(g) under the responsibility of the Ministry of Defence, in activities carried out under special legislation6);
(h) the Ministry of the Interior, the Ministry of Finance and the Ministry of Justice for the processing of personal data of members of the Security Corps pursuant to a special legislation (6a);
(i) the administrative and administrative authorities of the territorial authorities of the delegated units in the defence-related activities of the State pursuant to the special legislature6b);
(j) public authorities and legal persons, provided that they are used exclusively to promote crisis management (6c).
(4) If they have the information systems referred to in paragraph 3 (b), they shall: (b) to (j) links to other public administration information systems carried out through information activities, covered by the law only to the extent of such links, unless specific legislation provides otherwise.
(5) The Act does not apply to operational information systems of managers of information systems of public administration, except for links of operational information systems to information systems of public administration.
(6) The Act also does not apply to public information systems dealing with classified information5).
(7) The rights and obligations of controllers and information system operators in the processing of information in information systems provided for by special legislation7) are not affected by this law.
(8) The operator is obliged to ensure the protection and safety of information within the operational information system when operating [§ 2 (d)].
Ministry of Informatics
(1) Ministry in cooperation with public authorities
(a) seek, process, store and generate new information which is a knowledge base for the quality of the creation and development of public administration information systems;
(b) develop draft strategic documents in the field of public administration information systems, including in terms of the security of those systems, and submit them to the Government, monitor and analyse the information needs of the public administration and the state of the public administration information systems;
(c) prepare or coordinate the preparation of projects for the building or reforming of public administration information systems due to the common need of multiple managers of public administration information systems;
(d) prepare or coordinate the preparation of projects for the construction or conversion of public administration information systems due to the need for cooperation and coordination at international level;
(e) express its views on the proposals for documentation of programmes containing the acquisition, renewal and operation of information and communication technologies drawn up under the Specific Legislation 7a). In particular, the Ministry shall take into account the legitimate interests of the programme documentation promoter and the need to ensure the proper performance of the public administration;
(f) ensure the development of methodological guidelines for the pursuit of professional activities related to the creation, development and use of public administration information systems;
(g) establish and manage a reference interface and establish technical and functional requirements for the implementation of links between information systems through a reference interface by implementing legislation;
(h) establish and manage a public information system containing basic information on the availability and content of publicly available information systems;
(i) establish and manage a public information system on data elements, proclaim data elements through it, and establish the form and technical details of the transmission of data to it by implementing legislation;
(j) establish and manage a public administration portal;
(k) coordinate and create conditions to promote the development of electronic commerce;
(l) coordinate and create conditions for public administration activities through public information systems, including remote access.
(2) Ministry
(a) checks with public authorities compliance with the obligations laid down by this law. The inspection shall be carried out in accordance with the special legislation8);
(b) comment on the investment intentions of the actions of the acquisition, renewal and operation of information and communication technologies, the registration of which in the Information System of the financing of the reproduction of assets, the award of their implementation and the amendment of their mandatory parameters shall be carried out only with the approval of the Ministry of Finance in accordance with the specific legislation7a). In particular, the Ministry shall take into account the legitimate interests of the promoter of investment projects and actions and the need to ensure the proper performance of the public administration;
(c) exercise the powers laid down by this law in the field of accreditation and attestations;
(d) establish rules on data sharing and services between different public administration information systems through a reference interface and rules on the entry of data elements into the data element information system. The procedures of the Ministry and public authorities for the management and entry of data elements into the data element information system, including those of the Ministry for the publication of data elements, shall be laid down in implementing legislation;
(e) impose penalties for administrative offences pursuant to Article 7;
(f) imposes measures to remedy deficiencies;
(g) express its views on projects of public administration information systems;
(h) issue a Bulletin in which it publishes methodological guidance [paragraph 1 (f)], a list of test centres, certification of accreditation and of the award of tests and other documents relating to public administration information systems. The publishing of the Bulletin shall be provided by the Ministry through the Public Administration Portal;
(i) consult in particular the proposals for methodological guidance in the form of a public consultation aimed at obtaining opinions and comments from the parties concerned on the proposal in question and, to this end, establish and manage an information system where it publishes the proposals for methodological guidance in a way that allows remote access, allows comments to be made and publishes the outcome of the consultation.
Public authorities
(1) The public authorities shall, to the extent of their legal competence, select technical and programme means and other products for the operation of the information systems they create and manage.
(2) Public authorities are obliged to:
(a) cooperate with the Ministry in the performance of its tasks under Article 4 (1), including on-the-spot checks under Article 4 (2) by the Ministry;
(b) submit to the Ministry proposals for documentation of programmes containing the acquisition, renewal and operation of information and communication technologies developed under the Special Legislation (7a) and investment intentions of actions for the acquisition, renewal and operation of information and communication technologies, the registration of which in the Information System of the financing of the reproduction of assets, the award of their implementation and the amendment of their mandatory parameters shall be carried out only with the approval of the Ministry of Finance under the Special Legislation (7a). The formalities for documentation on programmes and investment projects shall be laid down in specific legislation8a);
(c) publish code lists where the managers of such code lists are and are not provided for otherwise by law, including in a way that allows remote access, and transmit data to the Ministry to the information system on data elements in electronic form, in the form and with the technical requirements laid down in the implementing legislation;
(d) ensure that the links of the information system operated by them to the information systems of another operator are implemented through a reference interface using data elements declared by the Ministry and maintained in the data element information system. The eligibility of the information system for the implementation of these links must be demonstrated by the test. This provision shall not apply to links between the information systems operated by them and those managed by the intelligence services;
(e) make available to the Ministry, in electronic form, in the form and with the technical requirements laid down in the implementing legislation, without undue delay, information on the information system they operate and the services they provide and the data elements used, for the purpose of publication in the information system referred to in Article 4 (1) (h) and (i), unless otherwise provided by the special law);
(f) to proceed with the publication of information in a way that allows remote access so that the information related to the performance of public administration is made public in a form that enables disabled persons to become familiar with such information to the extent necessary. The form of disclosure shall be laid down in the implementing legislation;
(g) to remedy the identified deficiencies within the deadline set by the Ministry.
(3) The central administrative authorities publish bulletins published in their respective responsibilities on the public administration portal.
Long-term management of public administration information systems
(1) Public authorities create and publish an information concept, apply it in practice and evaluate compliance with it. In the information concept, public authorities shall set out their long-term objectives in the field of management of the quality and safety of managed public administration information systems and shall define the general principles for the acquisition, creation and operation of public administration information systems. The content and structure of the information concept, as well as the procedures of the public authorities in establishing, issuing and evaluating its compliance and the requirements for the management of the safety and quality of public administration information systems shall be laid down in implementing legislation.
(2) Based on the published information concept, public authorities create and issue operational documentation on individual public administration information systems, apply it in practice and evaluate compliance with it. The content and structure of the operational documentation shall be laid down in the implementing legislation.
(3) Public authorities shall ensure that long-term management of public administration information systems is carried out and shall demonstrate compliance with the obligations under paragraphs 1 and 2 with the long-term management of public administration information systems. The scope of the operational documentation submitted at the procedure shall be laid down in the implementing legislation. The obligation under the first sentence shall not apply to municipalities which exercise the delegated powers only within the basic range 9a).
Security of public administration information systems
(1) Public administrations ensure the security of public administration information systems within the scope of the implementing legislation. The implementing act shall also lay down minimum safety requirements to ensure the confidentiality, integrity and availability of the information processed.
(2) Public authorities are responsible for the selection and implementation of adequate security measures to meet minimum safety requirements.
Control of compliance with public authorities' obligations
(1) If the Ministry finds deficiencies with a public authority in the control provided for in Article 4 (2) (a), it shall require the public authority to take measures to remedy those deficiencies.
(2) In the call referred to in paragraph 1, the Ministry shall specify the deficiencies identified and lay down the measures to be taken by the public authority to remedy those deficiencies and shall set a reasonable time for the public authority to take such measures. This period shall not exceed 6 months.
Authorisation to carry out accreditation
(1) Accreditation shall be carried out by a legal person who is a member of an international accreditation association designated by the Ministry pursuant to paragraph 6 and who has been entrusted with the accreditation decision of the Ministry of Accreditation (hereinafter referred to as the "Accreditation Person") following a request for accreditation. The accreditation authority shall not be transferable.
(2) The applicant shall attach to the application for delegation of a legal person to carry out accreditation:
(a) the founding document;
(b) proof of material, personnel and organisational assumptions for the activity of the accreditation person;
(c) proof of membership of international associations dealing with accreditation and designated by the Ministry pursuant to paragraph 6 and the manner and extent of compliance with membership obligations;
(d) proof of the means needed to carry out the activities of the accreditation body;
(e) the conditions and procedures for the assessment of accreditation applicants (hereinafter referred to as "accreditation rules") which must comply with the rules of international accreditation associations designated by the Ministry pursuant to paragraph 6.
(3) If the applicant complies with all the conditions laid down in this Act for the authorisation to carry out accreditation, the Ministry shall issue a decision authorising it to carry out the accreditation. Otherwise, it shall reject the application for accreditation. In the decision by which the Ministry entrusts the Accreditation Person with carrying out the Accreditation, the Ministry shall give its approval to the Accreditation Rules.
(4) The Accrediting Person shall:
(a) proceed with the implementation of accreditation in accordance with the accreditation rules with which the Ministry has given its consent;
(b) fulfil the obligations arising from membership of international associations dealing with accreditation designated by the Ministry pursuant to paragraph 6;
(c) have the resources necessary to carry out their activities,
(d) to provide personnel with their activities by persons with the expertise, experience and qualifications necessary for carrying out accreditation and familiar with the accreditation rules;
(e) to act impartially and unbiased during the accreditation process, in particular to refrain from anything that might jeopardise confidence in its impartiality;
(f) notify the Ministry without delay that it is unable to fulfil the obligations referred to in (c) for more than 3 months.
(5) If the accredited person fails to fulfil the obligations laid down in this Act, and
(a) has been fined by the Ministry in the previous calendar year at least twice in accordance with Section 7; or
(b) the infringement of the law is so serious that it is no longer possible to expect a correction of the malfunctioning and proper performance of the duties of the accredited person;
the Ministry decides to withdraw the accreditation mandate. The Ministry shall always decide to withdraw the accreditation mandate if the accredited person so requests in writing.
(6) The list of designated international accreditation associations, the decision to delegate the accreditation body and the decision to withdraw the accreditation mandate shall be published by the Ministry in the Bulletin.
(7) The Ministry shall supervise the Accreditation Person in carrying out the obligations under this Act. Surveillance shall be carried out in accordance with the Special Law (8).
Accreditation certificate
(1) Accreditation shall be initiated at the request of a legal or natural person if they are entrepreneurs. Accreditation shall be made for consideration. The price is negotiated according to a special legislation10).
(2) On the basis of the accreditation carried out, the Accreditation Person shall issue an Accreditation Certificate if the Accreditation Accreditation Applicant is authorised to conduct an accreditation business and meets the conditions of the Accreditation Rules. The accreditation certificate shall define the subject matter, scope and conditions of the security of the assumptions according to the first sentence and the period for which it was issued.
(3) The Accreditation Person shall provide the Ministry, in electronic form, with information on the accreditation certificate issued within 7 working days of its issue.
(4) The Accreditation Person shall supervise compliance with the conditions in the accreditation rules with the attestations centres. If they find deficiencies in their performance, depending on the seriousness of the deficiencies in accordance with the accreditation rules, they shall withdraw the accreditation certificate. The accredited person shall immediately communicate this fact to the Ministry in electronic form.
Authorisation to carry out tests
(1) Attestation shall be carried out by the attestations centre referred to in Article 2 (o), which, following an application for authorisation to carry out attestations, has been authorised by the Ministry to carry out attestations.
(2) The Ministry shall issue a decision on the delegation of the attestations centre for the implementation of the attestations if it submits to the request for delegation for the implementation of the tests
(a) a proposal for the conditions of attestations containing the elements referred to in Article 2 (v);
(b) the accreditation certificate referred to in Article 6a; and
(c) confirmation by the competent authorities that it does not have a due arrears for public health insurance premiums, social security premiums, contributions to state employment policy and does not have tax arrears recorded in the tax records.
(3) In the mandate for the implementation of attestations, the Ministry shall determine the period for which the delegation is granted and approve the procedures of the attest centre for the implementation of attestations contained in the attestations submitted by the applicant for the authorisation for the implementation of attestations.
(4) The authorisation to carry out the tests cannot be transferred to another person without the consent of the Ministry. The authorisation to carry out the tests shall be granted for a maximum period of 5 years.
(1) The Ministry shall withdraw the authorisation to carry out the tests if the testing centre:
(a) the accreditation certificate on the basis of which the authorisation to carry out the tests has been granted has ceased;
(b) the authorisation to conduct business under which it was authorised to do business in the field of tests has ceased;
(c) fails to comply with the obligations laid down by this law, does not comply with the conditions of the procedure, or does not comply with the provisions of the implementing legislation of that law, although the possibility of withdrawal of the authorisation for the performance of the tests was, for these reasons, notified by the Ministry in writing and the remedy was not dealt with within a reasonable period set by the Ministry; or
(d) it has not submitted to the Ministry, within the prescribed time limit, the amended version of the test conditions referred to in paragraph 4.
(2) The Ministry shall withdraw the authorisation to carry out the tests if the attestation centre so requests in writing.
(3) The Ministry may, on its own initiative, repeal the decision approving the procedures of the testing centre under Paragraph 6b (3),
(a) if the operation of public administration information systems is threatened or reduced;
(b) if necessary to comply with the international treaties by which the Czech Republic is bound.
(4) If the Ministry withdraws the decision to approve the procedures of the attestations, it shall inform the attestations centre of the reasons for the revocation of the decision and invite it to submit within a reasonable time to the Ministry the modified version of the attestations to approve the procedures of the attestations.
(5) The Ministry approves the procedures of the testing centre in carrying out the tests if the testing centre submits a draft of their new version.
Implementation of tests
(1) Attestation centres are obliged to:
(a) proceed in accordance with the test conditions; and
(b) to carry out an assessment of the long-term management of information systems of public administration and competence to implement the links of information systems of public administration with other information systems through a reference interface in accordance with this Act and by delegation to the procedures laid down in the implementing legislation.
(2) The Attestation Centre is not authorised to carry out the long-term management of public administration information systems and the ability to carry out the links of public administration information systems with other information systems through a reference interface, the development, preparation, production or trade of which has been involved in any way by itself or by an economically or staffed person, where:
(a) economically or professionally linked persons shall be understood for the purposes of this Act if one person participates, directly or indirectly, in the management, control or property of the other person, or if the same legal or natural person directly or indirectly participates in the management, control or wealth of both persons or of a natural person close to11);
(b) participation in control or capital shall mean, for the purposes of this Act, any share of the capital or of the voting right.
(3) The attestation centre shall carry out the tests on the basis of a contract concluded with the applicant for an attestation for consideration. The price is negotiated according to a special legislation10).
(4) The attestation centre shall issue a test report to the applicant for the attestation within 7 working days of the date of completion of the test. The testing centre shall issue a positive result to the applicant and test. The test shall include the conditions of validity of the test.
(5) The test is issued for a maximum period of 5 years.
(6) At the request of the holder of the test, the testing centre which issued the test may extend its validity by 2 years, including repeatedly, before the expiry of the test. Both the applicant and the testing centre shall follow the same procedure as in the performance of the tests when extending the validity and test.
(7) The Attestation Centre shall, in electronic form, transmit to the Ministry, by means of an automated reporting process accessible by remote access, at an electronic address published by the Ministry in the Bulletin, information on the attestations carried out within 7 working days of the date of implementation. The Ministry will publish the information on the issue and test in the Bulletin.
(8) In carrying out the obligations under this Act, supervision of the testing centres is exercised by the Ministry. Surveillance shall be carried out in accordance with the Special Testament (8).
Conclusion of the attestations contract
(1) The attestations centre shall publish the conditions for attestations, any modification thereof, the withdrawal of the attestations (Sections 6c (1) and (2)), or the revocation of the decision approving the procedures of the attestations centre (Section 6c (3)) in its establishment and in a manner which allows remote access within 7 working days of the relevant decision of the Ministry.
(2) The testing centre shall propose the conclusion of a contract and the performance of an attestation to any person who invites him to conclude a contract in accordance with published conditions.
(3) Derogations from the test conditions can only be negotiated on a case-by-case basis if the test conditions allow this and if such changes do not alter the nature of the test service offered.
(4) The testing centre shall not be required to propose the conclusion of an attestation contract if its contents are also to be derogations from the conditions of the test referred to in paragraph 3.
Delivery of the data report to the public authority through the public administration portal
(1) The administrator of the public administration portal (hereinafter referred to as the "portal administrator") ensures the delivery of the data report to the public authority under the conditions laid down by this law, provided that specific legislation so provides.
(2) Each person shall be entitled to use the services of the delivery of the data report to the public authority (hereinafter referred to as "delivery ') through a public administration portal (hereinafter referred to as" portal') under the conditions laid down by this Act, by specific legislation11a) and by the operating rules of the portal for the delivery of data reports to public authorities via a portal (hereinafter referred to as "operating rules').
(3) By taking over the data message, the portal administrator shall be obliged to supply the data message to the public authority designated by the data message sender as the recipient (hereinafter referred to as the recipient) without undue delay and under the conditions laid down by this law. The data message shall be taken over by the portal when it is available to it and is eligible for further processing for delivery.
(4) The receipt of the data message shall be confirmed without delay by the portal administrator to the sender by a data message marked with an electronic tag 11b) of the portal administrator and shall contain the date and time of receipt.
(5) The portal administrator shall supply the data message to the recipient accompanied by the data and the time at which the data message was received.
(6) The delivery shall be confirmed by the recipient without undue delay by the data message to the portal administrator, which shall be marked with an electronic mark 11b) of the recipient and shall include the date and time of delivery to the recipient. The data report shall be supplied to the recipient at the time of the availability of e-mail to the public authority.
(7) The delivery of the data message to the beneficiary shall be confirmed by the recipient through the portal without undue delay to the sender by a data message marked with an electronic mark 11b) of the beneficiary and shall include the date and time of delivery to the recipient.
Operating rules
(1) The operating rules for the delivery of data reports to the public authority are issued by the Ministry through the public administration portal and published in the Bulletin.
(2) The operating rules contain a definition of:
(a) how the data message is transmitted by the portal consignor, including the determination of technical parameters of the data messages;
(b) the way in which the portal is delivered to the recipient, including the maximum period possible, which may elapse from receipt to delivery;
(c) public authorities which can be supplied by means of a data message portal under a specific legislation and the types of submissions which can be supplied by means of a portal,
(d) the operational time of access to the portal.
Obligation to maintain confidentiality
Sign in for notes, favorites and notifications
Regulation Information
| Citation | Full version of Act No. 40 / 2007 Coll., Act No. 365 / 2000 Coll., on Information Systems of Public Administration and on the amendment of certain other laws, as shown by later amendments |
|---|---|
| Regulation Type | Declared full text |
| Author | - |
| Collection | Code of Laws |
| Date of Promulgation | 01.03.2007 |
|---|---|
| Effective from | - |
| Effective until | - |
| Status | Valid |
The regulation text is for informational purposes only.
Comments 0