By Alfonso Casanueva, from Spain, former Policy Officer at the European Commission’s Secretariat-General, Document Management Policy unit, Belgium
The European Commission started a records management project called e-Domec (electronic document management in European Commission) in 2002, with the aim to rationalise the production and management of records, and to adapt it to the electronic environment, in the line of similar initiatives of e-government carried out in some European countries.
In this framework, several provisions were adopted, setting out the basic rules that all Commission officials should respect when dealing with their records. One of this provisions is the Commission Decision 2004/563/CE, EURATOM, on electronic and digitised documents, which was completed with the Implementing Rules SEC (2005) 1578.
With these provisions, the Commission aims to set the conditions for the validity and the legal value of electronic records, whether they are born digitally (Word documents, e-mails…) or scanned, and also ensure the authenticity, integrity and readability thereof, and the preservation of the records and their metadata during the whole lifecycle of the document. The link between these two texts and the rest of the provisions on records management written for the e-Domec project is obvious, as it is in these other texts where the lifecycle of the document is defined and where the metadata describing the document are set. It is important to mention that according to Commission Provisions, lifecycle and metadata for records are independent of the support of the record, paper or electronic, therefore the Decision 2004/563 does not cover these questions.
We will see how this text deals with the management of electronic records, not being very audacious in pushing towards the electronic environment, but taking, on the contrary, a very safe approach.
The provisions are organised, as usually, in two different texts, each of one of a different level of importance. On the top, we have the Commission Decision 2004/563, which sets the basic principles to be followed and it was approved by the College of Commissioners. Then, we have the Implementing Rules SEC (2005) 1578 that details those principles. The second one is a text approved by the Secretary General of the Commission. Both texts cover four basic questions regarding electronic documents:
Their validity
Their transmission
Their preservation
Their security.
Validity of electronic documents:
Regarding this question, the Commission distinguishes on one side, the validity of the document itself, and on the other side, the validity of an electronic process that may lead to the production of an electronic document (in other words: an electronic workflow)
For the first question, the legal text looks into the question of the unambiguous identification of the author. A precondition is established: if there is, somewhere, any regulation, any legal basis that requests a hand written signature on the (paper) document for its validity, like it is the case of many contracts, for instance then an electronic document would be valid only if it is born digital and signed with an advanced electronic signature. If there is not a legal text demanding for a handwritten signature as a condition for the validity of a document, scanned versions or electronic born documents are considered legal provided that their author is identified unambiguously.
Regarding the validity of electronic workflows, the texts request that every actor and the steps they perform are duly identified by the workflow system. Then, a difference is made among those workflows completely internal to the Commission and those where external actors may take part; for the internal ones, it is just said that the Commission Directorate for IT will ensure that the systems fulfil that conditions; for the second type, the workflow system shall be agreed among all parts performing any task in that given system.
Transmission of electronic documents:
The texts are pretty weak in this point. They just list the different existing forms of transmission at the moment (e-mail, fax…) and suggest that any form is accepted, as long as there is no any legal basis establishing a particular form of transmission. We notice again that the attitude of the text is “when nothing else is said, electronic transmission is accepted”
Preservation of electronic documents:
The provisions describe in detail the conditions for the preservation of electronic records, covering the question of format, time, and inalterability of the content.
Regarding the time and format, the provisions indicate that the electronic documents must be preserved during their complete lifecycle in the original format (i.e., the format in which they were created or scanned) and in a second format that facilitates its preservation for the long term. The text suggest (but does not establish) some of those so called “preservation formats”: PDF/A or Tiff. Together with the document, the provisions indicate that their metadata must be also preserved, and so with the electronic signature and the information regarding its transmission and production in a workflow (if any).
Concerning the inalterability of the content, the Commission is requested to have an electronic repository for its electronic records and keep an electronic “hash” code for each of the records in the repository. This hash code is an algorithm that will allow knowing if the document has been changed since its inclusion in the repository. The repository itself must include some functionalities about the safety of the records hold (back ups, etc.)
Security of electronic documents:
These provisions just indicate that the electronic records must comply with the general provisions on security (applicable also for paper records) and just add that any new electronic program must have the agreement of the Security Directorate to guarantee that it complies with the security rules.
Conclusion:
The position that the Commission would take towards electronic management of records has been expected very long both within and outside the institution, as it could have set a trend or a path towards the e-government for other bodies and for the institution itself. However, it has got critics for being too conservative and cautious. It has been said that the position the Commission took in these texts does not change any practice, any proceeding or any legal basis in order to impulse the electronic management (and production) of records. This conservative attitude is more relevant in comparison to banks, travel agencies, vendors, or even some other public administrations that have change the ways their customers and citizens communicate, pay or interact with them.
The Commission has just put on writing the practices already in place in the Institution, adding only the creation of a repository for the preservation of the records, and opens the possibility of implementing a system for the advanced electronic signature.
It could be said that for these, more technical, decisions, a regulatory text won’t be necessary.
Basically, the texts say that, when paper is not needed, an electronic record can be accepted.
Another proof of this, maybe excessive, prudency is that the text does not set a format for long term preservation (which would have facilitate the creation of an IT strategy for the future preservation of the chosen format). Another criticism to the Commission states that, 5 years after the approval of the implementing rules, the European Commission still don’t has an advanced electronic signature mechanism.
However, it is worth to note that this text has help a lot for the mind changing in the institution. Not only in the Commission, but in almost every other public body, electronic records management projects have to face the opposition of part of the staff that does not trust electronic records. These legal provisions are a step forward for this mind change.