The once-only principle (OOP) is promoted as a key enabler for the digital transformation of the public sector at European and national level, relieving citizens and businesses from the burden to supply the same information to the Public Administration more than once. The adoption of the Single Digital Gateway Regulation has been welcomed as an effort towards a horizontal, comprehensive legal framework supporting OOP. In this paper we investigate legal challenges regarding OOP in different areas of law. As an example, in the case of Greece, our results indicate that Greek courts, following the letter of law, interpret the use of the European Single Procurement Document in a way contrary to the intention to apply OOP in public procurement. Our results suggest that a sector-specific legislation approach is needed for the OOP implementation to ensure legal certainty and compliance with other legal principles and requirements.
From 2009 and onwards, the concerted and deliberate effort of the Member States to reduce
the frequency with which citizens are required to submit the same information to the public
authorities by promoting the electronic exchange of information [
The awareness of OOP's expected benefits has been highlighted as one of the most
important enablers of its wider implementation at European Union (EU) level [
Among the enablers and barriers for the adoption of the OOP at EU level, the need for the
establishment of a common legal basis was recognized as a critical difficulty for the wide
application of the OOP [
This paper aims to investigate the legal framework that supports OOP application in the EU and Greece, as an example of a specific Member State. The paper does not intend to provide a comprehensive presentation or analysis of all relevant legislation. Instead, within the scope of assessing the applicable Regulations, Directives, and Proposals, it aims to present legislative developments with regard to OOP implementation and identify legal challenges and legal barriers. We concentrate on three specific areas: the Maritime and Customs Sector (EU level), the Business Register Interconnection System - BRIS (EU level) and the European single procurement document (Member State level - Greece).
In fulfilment of the Member States' commitments under the Malmö Ministerial Declaration
[
The European Commission supported the Member States' commitments to the digital
transformation with two projects funded by the Horizon 2020 programme, namely
"Stakeholder Community Once-Only Principle for Citizens" (SCOOP4C) and "The Once-Only
Principle Project" (TOOP). TOOP mainly focused on services concerning legal persons and
included three pilot projects, namely (1) Cross-border e-Services for Business Mobility, (2)
Updating Connected Company Data, and (3) Online Ship and Crew Certificates[
In the context of TOOP, the aforementioned pilots were legally assessed for compliance with the legislation that existed at that time [12]. This evaluation was horizontal but also focused at each pilot project to identify its specific legal challenges [12]. It was a high-level assessment of legal texts, though, in order to derive general principles for OOP implementation without an in-depth analysis of the respective legislation of each individual use case or pilot context [12]. As per Graux's conclusions, the legal basis was indeed found in the law and he proposed to be further supported by a contractual framework on a pilot specific case-by-case basis [12]. The experience of the TOOP was seen as an opportunity for the lessons learnt and the sustainability recommendations to be effectively utilized for legislation purposes, and especially in the regulation for the creation of a Single Digital Gateway (hereinafter the "SDG"), which was at the proposal stage at that moment, and was perceived as the expected general legal framework for the OOP[12]. At the end of TOOP and upon the adoption of the Regulation (EU) 2018/1724 (hereinafter the "SDGR") [23], it was underlined by Graux that the SDGR managed to create the generic legal basis for OOP, but due to its explicit and implicit legal constraints and limitations, it would need revisions so as to expand and facilitate the use of SDG and OOTS to additional sectors[13].
References to the OOP in new Regulations, Directives or Proposals, either in the Recitals or the Articles, are more and more often, as it is shown in the following sections. During the research of OOP's legal framework hereof, it was found that apart from the SDGR, the OOP implementation seems to be promoted within other areas of law by transforming selected administrative procedures.
In this paper, we capitalise on multiple case-study research methodology [24] and proceed by in-depth investigating three distinct sectors based on the review of legal documents in English and in Greek. We decided to select the same sectors as TOOP project to further support the research that has started and reported by the project, also including Customs as a new identified sector that aims to implement OOP. These areas are: • • •
The Maritime and Customs Sector (EU level) The Business Register Interconnection System - BRIS (EU level)
The European single procurement document (Member State level - Greece) The first two areas were selected to be examined at EU level due to the ongoing efforts of the European legislation to be updated, as recent legislative developments have been noted in these fields. While the well-established processes of public procurement sector and the adoption of the European single procurement document in each Member State during the past few years, could allow the assessment of post-implementation results regarding its use, such as case law. The case of Greece was preferred, due to authors' nationality and easy access to judicial decisions in Greek language.
The search of the European legal framework was conducted through EUR-Lex digital portal (https://eur-lex.europa.eu/homepage.html) and of the Greek legal framework and judicial decisions through the legal document database NOMOS (https://lawdb.intrasoftnet.com/) using the following keywords indicatively (along with their Greek translations): "Once only principle" AND ("Single Digital Gateway", "European single procurement document/ESPD", "Business Register Interconnection System", "BRIS", "Interoperability"). Another important source of online bibliographic sources, scientific articles, publications and texts such as deliverables, was TOOP website (https://www.toop.eu/), using the "Library" section, since its collection has the most important and targeted documents regarding OOP.
In relation to the exchanges of evidence in the maritime environment, since the applicable
maritime legislation has not been included in the "closed list" of Article 14 of the SDGR, the
OOTS does not apply to these exchanges [13]. However, the fact that the exchanges of
information in the maritime sector was left out of the scope of the SDGR which has been
identified as a constraint of the said regulation [13], does not mean that there is no legal
coverage of the OOP application in this sector. The results of our research indicate that the
adoption of Regulation (EU) 2019/1239 [25] for the establishment of the European
Maritime Single Window Environment (EMSWe) and EMSWe Ship Database aims to
improve data handling for the fulfilment of reporting obligations in compliance with OOP
(Recital 20) [25]. According to Article 8, it has been explicitly set as Member States'
obligation to ensure the once-only provision of information pursuant to the said regulation
per port call, and its availability and reuse through the EMSWe [25]. The OOP and
interoperability by default should be taken into account and apply for the creation of
databases in relation to the recognition of professional qualifications in inland navigation,
such as the European Hull Data Base (EHDB) and the connection of the EU database with
national registries, as per Recital 7 of the Delegated Regulations (EU) 473/2020 [26] and
(EU) 474/2020 [27]. Hence, the compliance with the OOP has been individually handled in
maritime sector and this may be justified by the complexity of its legislation [12] and the
different challenges that were exceptionally faced in the case of Online Ship and Crew
Certificates pilot [
Similarly, customs as another sector with complex and burdensome administrative checks between countries at EU and international level, is underpinned by an extensive legal framework to ensure EU residents' security and safety and the protection of the environment [28]. Our results hereof show that the OOP application has been actively promoted in customs, with the creation of the EU Single Window Environment for Customs (EU SWE-C) and a certificates exchange system on a pilot basis, namely the electronic European Union Customs Single Window Certificates Exchange System (EU CSW-CERTEX), pursuant to Regulation (EU) 2022/2399 [28]. This regulation will allow the electronic exchange of the necessary information between national customs systems and EU noncustoms systems for the administrative checks during the clearance process in line with the OOP (Recitals 7, 9, 26) "where appropriate" (Recital 27) [28].
In light of the above, the exclusion of the exchanges of information in these two sectors from the use of the OOTS does not seem to be an omission. The nature and the specific characteristics of maritime's and customs' legislation could not be simply overlooked or overcome, and this may justify why the OOP implementation regarding the exchanges of data in these environments is legally treated on an individual sector basis.
The Business Register Interconnection System, known as "BRIS", was launched in June 2017, allowing the interconnection of all Member States' registers to facilitate the search of companies' data and their cross-border exchange [29]. Its legal basis may be found in the Directive (EU) 2017/1132 relating to certain aspects of company law (hereinafter the "BRIS Directive") [30], which was amended by the Directive (EU) 2019/1151 as regards the use of digital tools and processes in company law [31] and the insertion of provisions directly linked with OOP, such as the disclosure by the register itself instead of the companies of documents and information that need to be published in a national gazette (Article 16 para. 3 of BRIS Directive) and the notification of changes in documents and particulars of a company through BRIS (Article 30a of BRIS Directive). Recently, a new Directive has been proposed to further amend Directive (EU) 2017/1132 as regards further expanding and upgrading the use of digital tools and processes in company law (hereinafter the "Proposal") [32]. The Proposal introduces, among others, amendments for the realization of OOP, as shown in Table 1, providing that the mother company applying for the formation of a branch/subsidiary in another Member State, should be exempted from the obligation to resubmit its corporate data already available in the national register where it is established. For this purpose, the documents and particulars of the mother company shall be collected through the BRIS.
Achieving the seamless interconnection of registers and efficient exchange of corporate data is still an ongoing process and, as it has been noted, it depends on interrelated key factors such as OOP, scrutiny of information, mutual recognition of register data and the reliance on registered information [33]. This is evident from the fact that the registered company data used for OOP purposes must be accurate, legally validated and horizontally accepted between the registries [33]. It is, thus, noted that the principle of transparency in the single market, the requirement of protection of third parties' interests and the building of trust in business transactions, which are primary objectives in the sector of company law and the Proposal [11], render the OOP subject to the aforesaid factors which need to be ensured. The Proposal addresses these issues and proposes the introduction of new provisions as shown in Tables 1, 2 and 3 in its attempt to resolve them.
Formation of a subsidiary based on the registered data of the mother company collected directly through BRIS Formation of a branch based on the registered data of the mother company collected directly through BRIS Sharing of information between the register of a parent company and the register of a subsidiary established in a different Member State through BRIS
Implementation of harmonized national rules for the horizontal acceptance of documents referred in Article 16 Establishment of a new Digital EU Company Certificate Establishment of a new Digital EU power of attorney Alleviation of formalities for legalization regarding documents issued from business registers or meeting some minimum requirements such as notarial acts etc.
Process of verification of the origin of the documents through registers
business registers
In addition to the above considerations, as more and more data are stored and made publicly available in the registers, including personal data relating to legal persons, it needs to be assessed whether the GDPR is duly followed and respected [11]. With regard to any publication of personal data, this has to be provided for by law but also serve a purpose of public interest and be proportionate and necessary for that purpose [11]. Hence, the vague reference to "business purposes" stated in the Proposal without any further explanation or the general objective of transparency could not justify their public accessibility [11]. Accordingly, a question that is hereby examined is whether OOP could provide the grounds for such publication of personal data. This may be challenging since OOP, same as interoperability and transparency, should not be invoked as an end in itself but would have to serve a clearly defined genuine public interest objective [11] [16]. On a related subject, the EDPS had stated that despite of the fact that the OOP may be expected to generally contribute to and achieve worthwhile public interest objectives, such as the reduction of the administrative burdens, saving time and resources in the public sector, these could not fall within the scope of Article 23 para.1 of the GDPR, unless they are actually applied in a targeted manner to safeguard for instance national security, defense, fight against crime (such as prevention of tax evasion etc.) or other objectives of general public interest referred to in the said Article, which again would have to be examined ad hoc on a case-bycase basis [10][16]. Therefore, it can be concluded that only the implementation of the OOP may not be sufficient to justify the publication of personal data unless there is a specific legitimate aim of public interest pursued by the OOP application, clearly defined by the law.
The European single procurement document, known as the ESPD, since its early days, has been regarded as a potential "key building block of the implementation of the once-onlyprinciple in public procurement" [34] and the token with which the contracting authorities may extract data directly from a source [12]. The ESPD was introduced at national level by Article 79 of Law 4412/2016 [35] adopting the Directive 2014/24/EU on public procurement (hereinafter the "ESPD Directive") [36] and serves as an "updated selfdeclaration, preliminary evidence in replacement of certificates issued by public authorities confirming that the relevant economic operator fulfils the conditions" referred in Article 59 para.1 of the ESPD Directive. While the researchers aim to find ways to further improve the public procurement sector enabling the generation of pre-filled versions of the ESPD with information pulled directly from business registers or other reliable sources [37][38], the current use of the ESPD from the economic operators in Greece seems inconsistent with its intended purpose.
In particular, the main concern regarding the use of the ESPD is whether "the up-to-date supporting documents" (Article 59 para.4 of the ESPD Directive), required to be submitted by the tenderer to which it has been decided to award the contract, need to refer to the time of the selection or to the time of the tender, as well. The legal issue that arises is whether the tenderer needs, at the time of award, to prove that the absence of grounds for exclusion and the fulfilment of the selection criteria also applied as of the tender date, by producing the supporting certificates covering the relevant period, even though it has already submitted the ESPD instead. The interpretation by the national courts in Greece [e.g. Decisions: Council of State of Greece 1020/2022, Administrative Court of Appeal of Piraeus (Cassation) Α132/2023, Administrative Court of Appeal of Athens 436/2023, Administrative Court of Appeal of Athens (Cassation) 145/2023 NOMOS Legal Database] provides that the award documents are considered as the means of proof of the fulfilment of the required conditions for the award and for this reason they should also cover the date of submission of tenders. This interpretation is derived from the definition of the ESPD as preliminary evidence and not a mean of proof, and the requirement for the statements made in the ESPD to be ascertained at the stage of the award, as per the Greek law. This interpretation leads to the economic operators' obligation to collect and produce a double set of certificates both at the time of submission of their tender and at the time of submission of the award documents, in case one set of certificates cannot cover both periods, contrary to the legislature's attempt to relieve the economic operators of additional administrative burdens and reduce bureaucratic bottlenecks. This is mainly due to the fact that the public authorities in Greece cannot issue certificates, such as tax and social security clearance certificates, referring and covering past periods [Decision: Authority for the Examination of Preliminary Appeals, Remedies Review Body (Hellenic Single Public Procurement Authority) 427/2022 NOMOS Legal Database].
Moreover, the review of judicial decisions, for the purposes hereof, has shown that there were cases in which the contracting authorities failed to meet their obligations to obtain the supporting documents directly by accessing a database or to declare from the outset that the same are at their disposal and include them in the relevant file [Decision: Administrative Court of Appeal of Ioannina 31/2020, Council of State of Greece 1339/2022, NOMOS Legal Database]. However, the Council of State with its decision 1339/2022 highlighted that the successful tenderer always has the burden to submit, under the penalty of rejection, the required supporting documents for the final award so that both the contracting entity and the other candidates-tenderers, who have not been definitively excluded, have access to such information. In this regard, the relevant contracting authorities' obligation should be treated only as an exception; always ensuring that it does not infringe the principle of equal treatment of tenderers and the transparency of the procedure. Should one (or more) of the supporting documents be already available to the contracting authority, the tenderer, acting at its own risk, has to invoke them, as appropriate to prove a specific requirement, and identify them as being available to the contracting entity, in order to be sought by the latter and be included in the file. This approach seems to set the principles of public procurement (Article 18 of the ESPD Directive) above the respective legislature's intention to simplify the procedure by eliminating the need for the economic operators to produce a substantial number of certificates or other documents related to exclusion and selection criteria (Recital 84 of the ESPD Directive), and consequently, above the compliance with the OOP.
It has been argued that the implementation of the OOP should be in compliance with the
GDPR [10] but also with other legal requirements, restrictions and general principles
derived from the EU laws[
Based on our findings regarding the legislative developments supporting OOP in maritime, customs and company law, in each sector there are different overarching legal principles and the compliance with the OOP should be promoted in a way that does not undermine them. When it comes to a conflict between the objective of reduction of administrative burden and the principles of equal treatment and transparency, as identified in the case of public procurement in Greece, the national courts, follow the letter of law and underestimate the value of complying with OOP, resulting in ESPD's lack of purpose. A change of law, which would provide to the ESPD equal value as evidence would lead to the application of the OOP lato sensu, i.e. economic operators' information would be supplied to the contracting authorities at all stages but would be proven by submitting up-to-date certificates only once. While a radical change in the public procurement system in Greece that would require the examination of non-exclusion grounds only at the stage of award would lead to the application of the OOP stricto sensu, i.e. economic operators' information would be declared once along with the supporting certificates as evidence.
Consequently, a critical question is to which legal requirements and restrictions the OOP should be subject and which one should take precedence in case of a conflict between OOP and other general principles, or rights and obligations derived from EU or national laws. This ambiguity could be resolved in a holistic way through legislative means by looking at the legal framework of each concerned sector and determining which requirements typically align more closely with the legislative intent, its overarching legal principles, and its specific circumstances. To this end, it is unavoidable for each area of law (public procurement, customs, maritime, company law, etc.) to be treated separately and on an ad hoc basis, for the identification of the procedures that need to be amended to comply with the OOP, taking into consideration its specific needs, particularities, requirements, and limitations. In this way, the introduction of revisions and updates in the existing legal framework per sector at EU level, rather than a common legal basis for the wider application of the OOP, would be an approach that could ensure the observance of the principle of legal certainty in the process of its adoption, so as to eliminate the risk of some provisions being inapplicable, especially at national level, such as in the case of Greek laws in the public procurement.
This paper stipulates a preliminary, limited research and further investigation of legal challenges and potential conflicts of OOP with other legal principles could contribute to the ongoing legislative reform efforts at EU and national level towards the digital transformation of the public sector through the implementation of OOP. [10] European Data Protection Supervisor, Opinion 08/2017 on the Proposal for a Regulation establishing a single digital gateway and the 'once-only' principle, 2017. URL: https://www.edps.europa.eu/data-protection/ourwork/publications/opinions/digital-single-gateway-and-once-only-principle-0_en. [11] European Data Protection Supervisor, Opinion 19/2023 on the Proposal for a Directive amending Directive 2009/102/EC and (EU) 2017/1132 as regards further expanding and upgrading the use of digital tools and processes in company law, 2023. URL: https://www.edps.europa.eu/data-protection/ourwork/publications/opinions/2023-05-17-edps-opinion-192023-directive-amendingdirectives-2009102ec-and-eu-20171132-regards-further-expanding-and-upgradinguse-digital-tools-and_en. [12] H. Graux, D2.5. Overview of legal landscape and regulations, Zenodo, 2018. doi: 10.5281/zenodo.3947851. [13] H. Graux, The Single Digital Gateway Regulation as an enabler and constraint of onceonly in Europe, in: R. Krimmer, A. Prentza, S. Mamrot (Eds.), The Once-Only Principle, Lecture Notes in Computer Science, vol. 12621, Springer, Cham, 2021, pp. 83–103. doi:10.1007/978-3-030-79851-2_5. [14] H. Graux, Whose data is it anyway? Diverging perspectives in EU policy on the current and future role of the citizen in digital government, in: DGO '23: Proceedings of the 24th Annual International Conference on Digital Government Research, 2023, pp. 508–513. doi:10.1145/3598469.3598526. [15] K. Nyman Metcalf, T. Kerikmae, Machines are taking over - are we ready?: Law and artificial intelligence, Singapore Academy of Law Journal, 33, (2021) 24–49. [16] M. Mikiver, P. K. Tupay, Has the GDPR killed e-government? The “once-only” principle vs the principle of purpose limitation, International Data Privacy Law, vol. 13, no. 3, (2023) 194–206. doi:10.1093/idpl/ipad010. [17] Eur-Lex. Document 32016R0679, URL: https://eurlex.europa.eu/eli/reg/2016/679/oj. [18] Eur-Lex. Document 52010DC0743. URL: https://eur-lex.europa.eu/legalcontent/EN/TXT/?uri=celex%3A52010DC0743. [19] Eur-Lex. Document 52016DC0179 URL: https://eur-lex.europa.eu/legalcontent/en/TXT/?uri=CELEX%3A52016DC0179. [20] Tallinn Declaration on eGovernment at the ministerial meeting during Estonian Presidency of the Council of the EU, 2017. URL: https://digitalstrategy.ec.europa.eu/en/news/ministerial-declaration-egovernment-tallinndeclaration. [21] Berlin Declaration on Digital Society and Value-based Digital Government at the ministerial meeting during the German Presidency of the Council of the European Union, 2020. URL: https://digital-strategy.ec.europa.eu/en/news/berlin-declarationdigital-society-and-value-based-digital-government. [22] European Court of Auditors, Special Report 24/2022: e-Government actions targeting businesses Commission’s actions implemented, but availability of e-services still varies across the EU, 2022. doi:10.2865/53654. [23] Eur-Lex. Document 32018R1724. URL: https://eurlex.europa.eu/eli/reg/2018/1724/oj. [24] S. Hunziker, M. Blankenagel, Multiple Case Research Design, in: Research Design in Business and Management. Springer Gabler, Wiesbaden, 2021, pp. 171-186. doi:10.1007/978-3-658-34357-6_9. [25] Eur-Lex. Document 32019R1239. URL: https://eurlex.europa.eu/eli/reg/2019/1239/oj. [26] Eur-Lex. Document 32020R0473. URL: https://eurlex.europa.eu/eli/reg_del/2020/473/oj. [27] Eur-Lex. Document 32020R0474. URL: https://eurlex.europa.eu/eli/reg_del/2020/474/oj. [28] Eur-Lex. Document 32022R2399. URL: https://eurlex.europa.eu/eli/reg/2022/2399/oj. [29] European Commission, BRIS Now Live on the European e-Justice Portal, 2017. URL: https://ec.europa.eu/digital-buildingblocks/sites/pages/viewpage.action?pageId=533366015. [30] Eur-Lex. Document 32017L1132. URL: https://eur-lex.europa.eu/legalcontent/EN/TXT/?uri=celex%3A32017L1132 [31] Eur-Lex. Document 32019L1151. URL: https://eurlex.europa.eu/eli/dir/2019/1151/oj. [32] Eur-Lex. Document 52023PC0177. URL: https://eur-lex.europa.eu/legalcontent/EN/TXT/?uri=celex%3A52023PC0177. [33] The Informal Company Law and Corporate Governance Expert Group, Report on Crossborder Use of Company Information, Brussels, European Commission, 2023. URL: https://www.tara.tcd.ie/handle/2262/102419. [34] Eur-Lex. Document 52017PC0256. URL: https://eur-lex.europa.eu/legalcontent/EN/TXT/?uri=CELEX%3A52017PC0256. [35] Hellenic Single Public Procurement Authority, Hellenic Law No. 4412, Official Gazette
A147/08.08.2016. URL: https://www.eaadhsy.gr/n4412/. [36] Eur-Lex. Document 32014L0024. URL: https://eur-lex.europa.eu/legalcontent/EN/TXT/?uri=celex%3A32014L0024. [37] K. Douloudis, M. Siapera, A. Prentza, Improving electronic public procurement using the once-only principle: Connecting the Greek electronic single procurement document system to the once-only principle project's infrastructure, implementing the eProcurement pilot, in: Proceedings of the International Conference on ComputerHuman Interaction Research and Applications, Association for Computing Machinery, 2021, pp. 238-245. doi:10.1145/3494193.3494226. [38] M. Siapera, K. Douloudis, G. Dimitriou, A. Prentza, Employing the Once-Only Principle in the Domain of the Electronic Public Procurement, in: Themistocleous, M., Papadaki, M. (eds) Information Systems. EMCIS 2019. Lecture Notes in Business Information Processing, vol 381. Springer, Cham, 2020, pp. 236-246. doi:10.1007/978-3-03044322-1_18.