The Online Access Act (OZG)

A large number of specific framework conditions must be taken into account when implementing the OZG services across the whole of Germany and rolling them out nationwide. In some cases, technical, organisational and political requirements anchored in federal and European law must also be complied with. Examples of this include the requirements of the European Single Digital Gateway (SDG) Regulation, the implementation and post-utilisation coordination in accordance with the "one for all" principle (EfA) and the connection of local authorities to the state portals.

Despite the large number of control elements and instructions issued, the implementation requirements are subject to a great deal of room for manoeuvre. Many guidelines are imprecisely formulated and need to be fleshed out by the federal states. This gives rise to strategic issues in the overall strategy, in programme management and in the individual implementation projects of the federal states and local authorities, which we would like to resolve together with you.

In any case, we support you in the development, introduction, implementation, further development and follow-up of your desired strategy. We integrate our approach into existing concepts, ensure that all stakeholders are involved and open up new perspectives for you.

To this end, we utilise tried-and-tested, established methods of strategy development, taking your specific situation into account. Our approach consists of the strong involvement of all relevant stakeholders. This is because only collectively developed strategic approaches can be implemented sustainably, as they must be supported operationally by individuals.

To this end, we use standardised analysis methods such as the STEP analysis, which incorporates political, economic, socio-cultural and technological influencing factors into the analysis in order to consider your organisational environment. We keep an eye on your strategic goals and key figures with the balanced scorecard. In workshops, we identify cause-and-effect relationships (Ishikawa diagram) and use the SWOT analysis to determine strategic recommendations for action. The guidelines, recommendations and assistance of the Federal IT Co-operation (FITKO) and the Federal Information Management (FIM) are also taken into account.

Use the KPMG assessment to analyse the digital maturity level of your organisation and your readiness for OZG implementation. The results can give you an initial indication of the current level of digital maturity in your organisation. Our analysis picks up on criteria that are relevant to the planning, management and implementation of digitalisation projects. Based on your answers to the criteria, the current digital status of your organisation can be made more transparent. Based on the current status of the current OZG implementation (through regular evaluation), measures are defined and controlling instruments for measuring progress are established.

The "Digital Transformation and OZG Public Sector - Assessment" maturity model developed by KPMG makes it possible to evaluate OZG implementation. To determine the digital maturity level of your organisation and your readiness for OZG implementation, we use suitable business analytics as part of our service module three. The maturity level of OZG implementation is determined in an online survey.

1. free variant

Our business analytics in the free version offer you individual added value to analyse issues from different perspectives.

2. advanced variant

Our Business Analytics in the Advanced version offers your organisation added value in determining the maturity level of specific topics. You receive a detailed real-time results report for up to 20 participants. Our detailed results analysis provides clarity and enables benchmark comparisons.

3. tailored variant

In addition to the advantages already mentioned, our tailored business analytics offer you the opportunity to develop the assessment individually for your problem and organisation.

The evaluation provides an analysis of the maturity level of your OZG implementation. Based on this information and the identification of optimisation potential, you can improve the user centricity of your organisation.

As a result, you will receive an overview of the maturity level of your organisation with recommendations for action. If a more in-depth analysis or answers to specific questions are required, our experts will offer further workshops.

The aim of this module is to obtain a comprehensive overview of the implementation status of the OZG requirements down to the municipal level. This not only creates clear transparency about the current status of OZG implementation, but also provides in-depth insights, lessons learned, recommendations and better practices for your future OZG implementation and further digitalisation measures. In consultation with you, we can also customise the categories and criteria for the as-is analysis for you, as shown in the illustration, for example.

Co-authors: Gerhard Rempp

The question of how many OZG services have already been implemented is the focus of many analyses of OZG implementation. However, no conclusions can be drawn from this purely quantitative analysis as to the extent to which user-friendliness has been taken into account in the respective OZG service. Easy access to OZG services for citizens should be the focus of implementation measures.

This gap between the quantitative and qualitative analysis of the OZG measures can be closed in particular by analysing the impact. Based on the current status of OZG implementation (through regular evaluation), measures are defined and controlling instruments for measuring progress are established.

By monitoring and evaluating data, conclusions can be drawn about the added value for users and employees of an OZG service.

With the impact analysis as part of the KPMG OZG transformation framework, we can therefore take a targeted approach to reviewing the effectiveness of individual OZG measures. This enables us to provide you with potential with regard to user-friendliness and/or process efficiency. The continuous monitoring process for a holistic view of OZG implementation therefore offers another important service component to counteract the existing digitalisation deficit.

By harmonising the requirements of the OZG, the administration as an effective implementer and the focus on the satisfaction of citizens and companies as recipients and users of digital administrative services, the potential of digital processes in the public sector can be optimally utilised and the existing backlog can be closed.

Co-authors: Stephan Isegrei

People are a central component of technology and innovation management. Services are provided and utilised by them. In order to design outstanding services, people and their needs should be understood in depth. To this end, people are actively involved in the development processes. This means that solutions are developed in collaboration with citizens, employees, technology experts and other relevant stakeholders. This results in solutions that are accepted, supported and driven forward independently. When implementing the Online Access Act, the services to be offered to citizens must be precisely specified and implemented in a user-centred manner. For a legally compliant and contemporary user experience, both the service specification (service blueprint) and the technologies used must be harmonised and aligned with the individual needs of the users.

The targeted use of technology and innovation management can make a significant contribution to user acceptance. Taking the requirements into account, we use innovative solutions and methods and develop concepts that enable a user-centred and technologically mature OZG implementation. A sustainable and future-orientated approach is important to us. Right from the start, we examine the possible applications of methods from the field of artificial intelligence (AI), for example in the context of register modernisation, and consistently consider the subsequent use of AI and automation tools. This creates the basis for subsequent digitalisation approaches as part of the implementation of the OZG, always subject to review and compliance with current regulatory requirements, of course.

Their administrative services are consistently implemented in accordance with the OZG implementation principle of user-orientation. Services are tested in advance within the target group and presented as prototypes. This increases the acceptance of the developed services. You benefit from lower development costs, faster development times and a reduced risk of project failure. We support you in developing a programme that is tailored to your individual situation. We use an agile, sprint-based approach that is based on the phases of the design thinking process. Our approach is characterised by a variable space, the KPMG Ignition Center, heterogeneous interdisciplinary teams and structured and proven processes.

From the initiation to the implementation of individual OZG administrative services in the context of municipal to nationwide roll-outs, we support you in your OZG project.

The complexity of the Online Access Act encompasses various implementation projects at different levels. These include, for example, the digitalisation of online services, technical modernisation, such as the adaptation of existing online services to the guiding principle of the OZG implementation of user-friendliness, the adaptation of interfaces to specialist procedures and the implementation of the once-only principle. In addition to the coordination of a large number of players, the challenges of OZG implementation projects continue to include the heterogeneity of the IT landscape, guaranteeing the interoperability of technical services and ensuring legal certainty in the development of online services. In addition, all relevant stakeholders, including users and employees in particular, must be taken into account in the implementation project with their expectations, goals and requirements

The digitalisation of OZG administrative services relies on efficient implementation projects from initiation to (nationwide) roll-out. These often include the introduction of a prototype or pilot, possibly as part of further digitalisation projects. These projects generally aim to achieve a high level of maturity of the OZG service, i.e. the fully digital processing of an administrative service without media disruptions. At country level, this is often done according to the "one-for-all" principle (EfA), whereby one country develops an OZG administrative service centrally and makes it available to other countries for subsequent use. Efficiencies can be created in this way.

Your implementation project is accompanied by additional services during project planning and implementation, from multi-project management and change management to the consideration of data protection aspects. We use the findings to identify optimisation opportunities and derive suitable measures for further implementation. Additional services can be added as required, such as process analyses, development of organisational concepts, targeted requirements management, design thinking concepts and the development of user journeys.

With our experts in your area and our KPMG Nearshore Centre in Sofia, we are ideally equipped to support you with the OZG requirements in the areas of (1) management, organisation and planning, (2) requirements management and (3) the development of online services.

 Our approach includes the following points

As part of our implementation projects service module, we digitise OZG administrative services for you and, on request, also pay for objectives that go beyond the minimum OZG requirements.

Our teams develop project portfolio management tailored specifically to the OZG at a structural and procedural level. OZG implementation is monitored and controlled in a standardised manner. We can call on specialist expertise on OZG and e-government topics as well as portfolio management from our KPMG network of experts at any time and in a flexible manner. We adopt a cooperative consulting approach and draw on tried-and-tested methodological expertise and tools.

Co-authors: Dominik Nerge

Change management is a key success factor in the implementation of the Online Access Act (OZG). In the transformation towards digital administration, public organisations are faced with the challenge of not only introducing technological innovations, but also managing far-reaching changes in their work processes, structures and culture. The success of these measures depends crucially on how well these changes are supported.

The introduction of digital processes and services as part of the OZG affects all levels of administration and requires careful planning and implementation of change management. Without such management, there is a risk that the necessary changes will not be sufficiently accepted or even actively blocked. This can lead to delays, higher costs and an overall lower effectiveness of the implemented measures. A holistic approach to change management makes it possible to actively meet these challenges and organise the transformation process efficiently and sustainably.

A key aspect of change management in the context of the OZG is the early and comprehensive involvement of all affected stakeholders. In addition to the employees of the administration, this also includes the citizens and companies that are to use the new digital services. Transparent communication, the communication of clear benefits and targeted training measures can increase the acceptance and utilisation of the new services. Successful change requires resistance to be recognised at an early stage and actively addressed before it can hinder progress.

Another advantage of comprehensive change management lies in the continuous monitoring and adaptation of the transformation process. Digitalisation is not a one-off step, but an ongoing process that needs to be regularly reviewed and optimised. Through continuous feedback from users and employees, weak points can be identified and improvements implemented. This iterative approach ensures that digitalisation is not only introduced, but also sustainably anchored.

Effective change management also takes into account the cultural dimensions of the transformation. The transition to a digitalised administration not only means a change in technology, but also a profound change in the way people work and think. Managers play a key role here by acting as role models and promoting a culture of openness, flexibility and willingness to innovate. This cultural change is crucial to ensure the long-term acceptance and success of the digital transformation.

Overall, professionally implemented change management offers considerable advantages for the implementation of the OZG. It helps to minimise risks, maximise the efficiency of the measures and create a sustainable, future-proof administration. Targeted management of the change process can ensure that the objectives associated with the OZG - in particular improving citizen services and increasing administrative efficiency - are actually achieved. A holistic approach to change management is therefore not only recommended, but essential for the success of digital transformation in the public sector.

Co-authors: Johanna Winkels

The digitalisation of administrative services and their provision via the internet harbours a variety of risks. On the one hand, confidential and personal information is processed as part of administrative services. This makes it a worthwhile target for cyber criminals. On the other hand, online access offers new attack surfaces that can be used to siphon off information, penetrate authorities or compromise administrative services. It also creates further dependencies on service providers, particularly electricity, network and web service providers. A potential failure of these service providers jeopardises the provision of administrative services.

These risks are addressed in the Online Access Act (OZG) through direct requirements for cyber security and data protection. However, the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), state-specific data protection laws and the Telemedia Act (TMG) also result in various obligations for OZG projects that must be observed.

At the same time, the scepticism of users of the new procedures, i.e. administrative staff, citizens and companies, represents a further risk in the implementation of the OZG.

Meeting the regulatory and technical requirements in this mixed situation, while at the same time involving all stakeholders early and transparently and implementing changes in hardware and software, presents organisations with considerable challenges.

In light of these challenges, the confidentiality, integrity and availability of the OZG administrative services and the information processed therein must be planned at an early stage in the process and practised until the end in order to ensure adequate protection. Personal data, especially sensitive personal data, also requires additional protection in terms of transparency, non-linking, intervenability and data minimisation. Services for citizens and companies as well as back-end processes must be stable and the most important services must also be available in emergencies and crises while maintaining confidentiality and integrity.

KPMG is at your side with many years of expertise and offers you individual advice and solutions for information security in accordance with BSI IT-Grundschutz and ISO 27001, for business continuity management with BSI 200-4 and ISO 22301, as well as for data protection in accordance with the GDPR and federal and state data protection laws. We can look back on a large number of projects and years of implementation at federal and state level. Our BSI and ISO-certified employees combine expertise with industry knowledge and support you in your challenges on a daily basis.

Taking cyber security into account in all phases of an OZG project is an essential aspect of ensuring the confidentiality, integrity and availability of business processes, applications, IT systems, IT services and the associated information and data. An information security management system (ISMS) forms the structured basis for determining and implementing your organisational, personnel and technical information security measures in a risk- and needs-oriented manner so that your projects can be designed efficiently and securely today and in the future.

Be it digital citizen services, back-end processes such as the e-file, the e-folder, the e-invoice workflow, be it requirements of the BSI IT-Grundschutz from the coordination groups of the federal states on information security or the conversion of IT as part of IT consolidation - we are happy to support you with our team of certified information security experts.

We are also happy to support you with other information security issues:

• Conceptualisation, implementation and further development of your ISMS in accordance with BSI IT-Grundschutz or ISO 27001,
• Preparation and/or support for ISMS certification,
• Creation of the information security concept,
• Carrying out IS revisions and IS audits,
• Definition and implementation of your IS organisational and operational structure,
• Definition and support in the implementation of information security guidelines,
• guidelines and concepts,
• Development of a risk- and needs-oriented IS training and awareness programme,
• Review of information security concepts and development of improvement potentials for the realisation of a continuous improvement process,
• Realisation planning and implementation support for information security measures.

For comprehensive and structured emergency preparedness, we recommend implementing a business continuity management system (BCMS). The ISO 22301 and BSI 200-4 standards provide a proven and recognised basis for this.

We are at your side with certified BCM experts and auditors and support you in the following areas

• Designing and implementing a BCMS structure and process organisation,
• Identification of your critical processes and services,
• Determining the tolerated downtimes and restart parameters
• Carrying out risk analyses with regard to the availability of your most important resources,
• Development of emergency preparedness measures and emergency plans,
• Definition of an emergency organisation,
• Planning, implementation and monitoring of emergency drills.

Depending on your individual needs, you will receive specific and customised services for the successful implementation of the OZG in your projects, while ensuring information security, data protection and emergency preparedness. If you are looking for a comprehensive, long-term and future-orientated solution in these areas, you will receive an information security management system, a data protection management system, a business continuity management system or a combined, integrated management system.

Our consultants support you with many years of expertise from past and comparable OZG projects and the implementation of cyber security requirements in public authorities and business. Together, we create comprehensive protection for the processed information and procedures of your OZG administrative services against attacks and failures. You receive detection and response capabilities so that you remain capable of acting even in critical situations. With us, you ensure compliance with all relevant regulatory requirements in cyber security, data protection and emergency preparedness. By starting early in the process, you increase the long-term trust of administrative staff, citizens and companies in your organisation and your OZG capabilities.

Digitalisation must be viewed holistically and, where necessary and possible, the aim should be to achieve end-to-end digital processes. However, the front-end-orientated approach of the OZG pushes internal administrative processes into the background. As a result, although administrations are digitised at the front end, processing in the existing specialist procedures is still paper-based and the application landscape therefore has media discontinuities. The specialised applications must be able to communicate bidirectionally with the components of the OZG platform in order to achieve higher levels of maturity at the latest.

To this end, standardised interfaces between specialist procedures and the OZG platform must be implemented if these are not offered by the OZG platform. In this way, existing procedures and access to the data managed there can be guaranteed at any point in the process flow in procedures that are implemented on the OZG platform. Standards such as XTA and standardised metadata schemas from XÖV, XFall and FIM (e.g. XProcess, XData fields, XZuFi) can be used for this purpose.

A service-orientated approach also enables the encapsulation and reusability of interfaces and components. Technologies and procedures and open standards used in the creation of web-based and mobile applications enable platform-independent, sustainable and maintainable applications or process chains. Container technologies and tools for orchestration round off the topic. In addition to considering the optimal architecture and the use of specific technologies and development languages, the optimisation of existing processes and the involvement of employees in the transformation process also play an important role.

A critical examination of existing processes should be the starting point and, where possible, optimisation should be carried out with those involved in the processes. This has the practical side effect that those directly affected by the change - because digitalisation always means changing established work processes - are involved and help shape the transformation. This increases the acceptance of digitalisation measures in the organisation as a whole. The combination with our change management service module is particularly suitable here.  

Our backend integration service module involves the seamless integration of selected or all backend processes. Among other things, the backend enables access to databases, the integration of various systems, compliance with rules and business logic and the provision of data and functions for the frontend. The frontend permanently accesses the backend.

We analyse your current situation and, depending on your requirements, develop a target process taking into account the digitalisation projects in the front end, so that a seamless process is created from the digital application for an online service by the user to the fully digitalised processing of the application by the clerk. Your administration is fully digitalised in both the front end and the back end. As a result, your process runtimes are reduced and your output increased. By establishing digital end-to-end processes, you will achieve higher levels of maturity for your online services and accelerate the implementation of the OZG in your organisation.

You benefit from the end-to-end digital availability of services and digitalised processing without media disruptions, which reduces the processing time of procedures and increases the satisfaction of your employees.

Co-authors: Dominik Nerge

The lack of flexibility often associated with technologically outdated specialised procedures, long process times and insufficient transparency due to incomplete documentation lead to increasing employee dissatisfaction and long processing times.

With the aim of enabling purely electronic process handling in adjacent areas as well, we work with our IT experts to plan, simplify and implement your specialist processes and thus enable largely digital process handling in your organisation. We also consider how back offices can be optimised using innovative approaches such as robotic process automation (RPA) or artificial intelligence.

We model your business processes on the basis of Business Process Model and Notation (BPMN), thus creating a bridge of understanding between business and IT and avoiding gaps in understanding. Models based on BPMN have the ability to represent authorities from different perspectives and enable a view of inter-process collaboration.

To this end, we combine our extensive expertise in the areas of project management, technology and innovation management and implementation projects. Our "Modernisation of other specialist procedures" service module enables process optimisation as well as the modernisation and new development of specialist procedures. Specialised procedures can also be connected to the e-file. You benefit from modernised specialist applications and standardised systems.

Co-authors: Dominik Nerge

Specialist applications are no longer developed according to the waterfall principle, but generally with the help of agile methods and processes in order to be able to react to adjustments to the legal, technical and user-centred requirements of the Online Access Act.

When using agile methods, small-scale improvements must be constantly made available to the organisation. These consist on the one hand of new (technical) functionalities in specialist applications, but also of process adjustments and, if necessary, adjustments to the organisation. As part of the continuous roll-out of improvements, these must always be harmonised and made available to users as part of coordinated change management/communication management.

The continuous improvement process is a basic principle of quality management and is firmly integrated into the DIN ISO 90001 quality standard. In accordance with the philosophy of the Japanese word "KAIZEN", which translates as "change for the better", the focus here is on the constant endeavour to increase the quality of products, services and processes through operationally-oriented, permanent process improvements (as opposed to innovations in the context of sudden, radical changes). The concrete procedure in administration begins with process documentation, followed by regular comparisons of standard processes (actual processes) with predefined target processes and ends with problem evaluation and the derivation of measures and solution ideas with the constant inclusion of customer requirements.

Our approach is based on the iterative control loop of the so-called Plan-Do-Check-Act cycle (PDCA). The PDCA cycle is an instrument of quality management and enables the regular presentation of planning tasks (Plan), implementation measures (Do) and control tasks (Check) as well as improvement in the event of deviation/missing the target or consolidation and institutionalisation (Act).

In the "Plan" step, the specific problem or task to be solved is determined and the current situation is analysed. In addition, objectives and measures for the solution or optimisation are decided.

In the "Do" step, the plan is communicated to the employees concerned and the measures defined under "Plan" are implemented.

A review takes place under "Check" (target/actual comparison). The results achieved are recorded and evaluated and it is checked whether the objectives of the planning phase have been achieved.

In the "Act" step, the process is reflected upon and decisions are made, particularly in the event of deviations between target and actual, as to how often and with what content phases P and D need to be repeated. If the target and actual situation match, the result can be standardised and introduced or institutionalised.

Co-authors: Dominik Nerge

The implementation of the provisions of the OZG poses a number of legal challenges and questions. It is a federal law, but responsibility for the actual implementation falls largely within the remit of the federal states and local authorities. The specific framework conditions and project guidelines for municipal OZG implementation lead to various legal ambiguities, particularly, but not exclusively, with regard to the expectations and tasks of the municipalities. The experts at KPMG Law Rechtsanwaltsgesellschaft mbH can advise* you on all legal issues relating to the legally compliant implementation of the OZG and on cross-jurisdictional support. KPMG Law supports you in legally navigating the complex field of OZG implementation and assists you with all questions relating to the legal requirements in relation to the digitalisation of administration. KPMG Law's expertise is not limited to constitutional and administrative law, but also includes all relevant areas of law, such as public procurement law, data protection law, IT law and contract drafting. This provides you with comprehensive legal advice "from a single source "*.

_{* Legal services are provided by KPMG Law Rechtsanwaltsgesellschaft mbH.}

KPMG Law provides step-by-step recommendations and assessments for the implementation of the OZG in your authority, which have been extensively reviewed by the law experts for legal certainty. KPMG Law will support you from the beginning to the final implementation of the digitalisation project, including in all related areas of administrative law, from legal data protection and IT issues to questions of contract design and public procurement law. Constant feedback with other municipalities, administrative authorities, the state and also the federal government in relation to standardised issues and questions of competence and responsibility is particularly important. The pooling of expertise and the regular exchange of information between the players at local, state and federal level thus serves the main objective of the legally compliant design of the measures necessary for a solution-orientated implementation of the OZG objectives. Clarity and efficiency are the top priorities here.

In addition, we offer you training on how to deal with the legal pitfalls of the OZG and its implementation in order to recognise and overcome legal obstacles in the long term.

Of course, KPMG Law's team of experienced (specialised) lawyers will also represent you in legal proceedings at all instances (if necessary).

Co-authors: Dr Sandro Köpper

Dr. Simon Meyer*

Rechtsanwalt, Partner
KPMG Law Rechtsanwaltsgesellschaft mbH