Draft Government Decree on government contracts concerning information and communication developments and procurements, 2007

Government Decree …/2007 (… …)

Version A
on government contracts
concerning custom-made information and communication developments and procurements

Version B
on government contracts
concerning information and communication developments and procurements

In its capacity as original legislator provided for in Article 35(2) of the Constitution, within the scope of its duties provided for in Article 35(1)(a) and (c) of the Constitution, and, in accordance with Article 14(3), on the basis of the powers granted by Article 174/A of Act CLX of 2004 on the general rules of administrative procedures and services, the Government hereby decrees as follows:

Article 1
(1) The mandatory content elements of an information or communication contract concluded by the state purchaser, as set out in this Decree, are part of the contract even if the parties to the contract provide otherwise.
(2) The provisions of this Decree establishing requirements as regards the information or communication products, services or systems acquired by the state purchaser and the rights implied therein shall be appropriately applied also to information or communication products, services and systems produced or updated by the state administration body, or an organisation maintained by the state administration body, following the entry into force of this Decree.
(3) As from the entry into force of this Decree, any information or communication contract concluded by the state purchaser shall require the prior consent of the body in charge of the Software and Interface Data Warehouse.
(4) As from the entry into force of this Decree, the state purchaser shall not consider accomplished a contract concluded by a state purchaser or any partial service related to information or communication products, services or systems arising from thereof, and shall not consider as accomplished and paid for that partial service until the compliance of that service with the provisions of this Decree has been certified by the body in charge of the Software and Interface Data Warehouse or another certifying body.

Explanatory provisions

Article 2
(1) For the purposes of this Decree:
a) state purchaser: the state administration body and the organisation maintained by the state administration body; the business organisation in majority state ownership if it is party to an information or communication contract;
b) connection interface: …;
c) interoperability: the ability of two or more information or communication products, services or systems to mutually exchange data and to interpret and process these data according to formally established terms;
d) information or communication system: the totality of information or communication products and services—connected for accomplishing a specific task or function—including every hardware and software element required for operation and interoperation between the elements of the system;
e) information or communication contract: a contract with the subject of providing individual, original information or communication services, products or systems; or the totality of provisions of a contract concerning the providing of individual, original information or communication services, products or systems;
f) information or communication service: all services…;
g) information or communication product: all products…;
h) open standard: a standard relative to an information or communication product, service or system
ha) which is accessible to anyone in exchange for a fee not exceeding the distribution costs, or free of charge, without registration or any other condition, can be used by anyone free of charge and unconditionally;
hb) achieving compliance with which is unrestricted by intellectual property rights, contractual rights, ownership or other rights, or any other standard or technical requirement not in conformity with the conditions of the open standard;
hc) for which obtaining and using the information necessary for ensuring the interoperability of the information or communication products, services or systems, in conformity with the conditions of the open standard, is unrestricted by intellectual property rights, contractual rights, ownership or other rights;
i) web-based application: an information or communication application the use of which does not require installation on the part of the user.

Open standards

Article 3
(1) A state purchaser shall only conclude information or communication contracts which ensure—at their accomplishment and sustainedly thereafter—that their subject
a) complies with, and only with, the open standards included in the Software and Interface Data Warehouse;
b) complies exclusively with, apart from the standards set out in a), the open standard not featuring in the Software and Interface Data Warehouse; and
c) complies exclusively with, apart from the standards set out in a) and b), the open standard not complying with Article 2(1)(ha), and ensuring compliance with Article 2(1)(ha) is a mandatory content element of the information or communication contract when the contract is being accomplished.
(2) As from the conclusion of the contract, or in the case described in paragraph (1)(c) as from the accomplishment of the contract, the state purchaser shall provide sustained access to the standards serving as the basis of the subject of the information or communication contract on its website, or in default of this, on the website of the exerciser of the management, maintenance or ownership rights, appropriately applying the rules pertaining to the open standard.
(3) The state purchaser shall submit—at the conclusion of the information or communication contract in the case described in paragraph (1)(b), and when the contract is being accomplished in the case described in paragraph (1)(c)—the standard serving as the basis of the subject of the contract described in paragraph (1)(b) and (c), together with all relevant information, to the body in charge of the Software and Interface Data Warehouse.
(4) Paragraphs (1)–(3) shall be applied appropriately if the information or communication product, service or system constituting the subject of the information or communication contract is in amended in any way whatsoever, and even if the amendment of the product, service or system is the subject of the original information or communication contract.
(5) If the information or communication contract concerns hardware or a hardware system, the contract shall provide that the hardware or hardware system must be sustainedly able, as from the accomplishment of the contract, to accommodate the information or communication products, services and systems complying with the open standards.

Interoperability

Article 4
(1) A state purchaser shall only conclude information or communication contracts which ensure, at their accomplishment and sustainedly thereafter, that their subject—with the exception of the case described in paragraph (2)—possesses interoperability with the subject of an information or communication contract concluded in accordance with the present Decree, and conforms with the standards listed in Annex 1.
(2) A product, service or system different from the kind described in paragraph (1) may only constitute the subject of an information or communication contract concluded by a state purchaser if it complies with an interoperability-ensuring open standard (hereafter “alternative interoperation standard”) which, as from the accomplishment of the contract, sustainedly ensures interoperability with other information and communication products, services and systems complying with the interoperation standards listed in Annex 1 and with the alternative interoperation standards included in the Software and Interface Data Warehouse.

Security

Article 5
(1) A state purchaser shall only conclude information or communication contracts whose subject complies with the standards set out in Annex 2 or any other at least equivalent open standard.
Version A
(2) With regard to information or communication products, services or systems requiring special security, the minister in charge of the civil intelligence services and the minister in charge of national defence may prescribe additional standards not in compliance with the requirements of the open standard, with which the product, service or system, as described in paragraph (1), must comply.
Version B
(2) With regard to information or communication products, services or systems requiring special security, the minister in charge of the civil intelligence services and the minister in charge of national defence may prescribe additional open standards, with which, or with any other at least equivalent standards, the product, service or system, as described in paragraph (1), must comply.
(3) The state purchaser shall not conclude information or communication contracts the source code of whose subject cannot be monitored by the Software and Interface Data Warehouse for security or other purposes.

Usability

Article 6
(1) A state purchaser shall only conclude information or communication contracts concerning information or communication products, services or systems employed for the operation or usage of a data base capable of storing personal data or for the creation of such a data base, which do not prevent or restrict compliance with the requirement as defined in paragraph (2).
(2) The state purchaser or the state administration body or the organisation maintained by the state administration body or the business organisation in majority state ownership responsible for managing the data base, as defined in paragraph (1), shall ensure, by means of a customer portal, that any data subject, as defined by the Protection of Personal Data Act—and provably only that person or the person authorised to access the personal data—shall be provided information regarding the management of his or her personal data appearing in the data base directly, in electronic form and—unless the legislation provides otherwise—free of charge, in accordance with the Protection of Personal Data Act.
(3) The state purchaser shall only conclude information or communication contracts for web-based software or for the provision of information or communication services employing that software, whose subject and all functions thereof can be used sustainedly, fully and unconditionally with the current last two versions of the three most widespread browser families.
(4) The state purchaser shall only conclude information or communication contracts for web-based software or for the provision of information or communication services employing that software, whose subject and all functions thereof can be used sustainedly, fully and unconditionally with the current last three versions of the three operating systems—server-side or user-side, according to the software in question—used most often by state administration bodies and organisations maintained by state administration bodies and business organisations in majority state ownership.
(5) The state purchaser shall only conclude information or communication contracts whose subject complies with the standards set out in Annex 3, or with any other at least equivalent open standards.
(6) The range of browsers set out in paragraph (3), and the operating systems set out in paragraph (4) shall be published every six months by the minister in charge of administrative information technology.

Efficiency

Article 7
(1) If the state purchaser concludes the information or communication contract outside of the framework of public procurement procedure, choosing among several bids, the bids shall be assessed in accordance with the provisions set out in this article.
(2) The state purchaser shall choose the bid whose subject possesses the highest net present value.
(3) The net present value of a product, service or system shall be calculated with the application of the open standards set out in Annex 4, or any other at least equivalent open standard.
(4) The state purchaser shall make the bids, the standards applied in the course of assessing the net present value of the bids, the audited calculations serving as the basis of determining the net present value, as well as the contract, publicly available on its website free of charge, without registration obligation or any other restriction.

Utilisation

Article 8
(1) A state purchaser shall only conclude information or communication contracts concerning individual, original information or communication products, services or systems which, as from the accomplishment of the contract, sustainedly ensure that its disposal of the complete documentation of the information or communication product, service or system and of the source codes of its software elements is not limited by the rights of another party to the contract or of any third person—apart from the optional requirement of distribution with identical eligibility conditions.
(2) The information and communication contract concluded by the state purchaser shall provide that its subject must comply with the open standards set out in Annex 5, or with any other at least equivalent standard.
(3) The state purchaser shall only decide against applying Article 12(2) to the source code and documentation of the individual, original information or communication product, service or system, provided that the conditions pertinent to sale by the state purchaser are met and the minister in charge of the state budget, the minister in charge of administrative information technology and the minister in charge of coordinating government administration have given their prior consent.
(4) The conditions pertinent to sale by the state purchaser are met when the net present value of a individual, original information or communication product, service or system would be higher without the application of Article 12(2) than if it were applied. Only revenues originating from abroad shall be considered in the calculation.
(5) If the state purchaser decides against applying Article 12(2), the information or communication contract it concludes shall provide that the changes necessary for the sale should be made to the subject of the contract by the product, service or system provider, in conformity with the requirements set out in the contract and at the request of the state purchaser.
(6) If paragraphs (3)–(5) are applied, the individual, original information or communication product, service or system cannot be sold in Hungary, and the state purchaser shall review the calculation establishing the net present value every six months, make the audited version of the calculation available to anyone sustainedly, free of charge and without an obligation to register, electronically, and submit it to the body in charge of the Software and Interface Data Warehouse.

Reutilisation

Article 9
(1) If the subject of the public procurement procedure to be published by the state purchaser is an information or communication product, service or system, the state purchaser shall submit in advance its call for bids to the body in charge of the Software and Interface Data Warehouse.
(2) The body in charge of the Software and Interface Data Warehouse shall examine the call for bids to determine whether its subject or any element therein can be substituted for an information or communication product, service or system (hereafter “substitute service”) appearing in the Software and Interface Data Warehouse.
(3) If a substitute service exists, its net present value shall be published, together with the call for bids, in the Software and Interface Data Warehouse.

Guarantees

Article 10
(1) The information or communication contract concluded by the state purchaser shall have as a mandatory content element the provider’s guarantee, warranting the faultless performance of the product, service or system with respect to the mandatory content elements set out in this Decree, for … year(s).
(2) The information or communication contract concluded by the state purchaser shall have as a mandatory content element the provider’s obligation to pay a daily penalty rate equivalent to … per cent, but no more than one hundred per cent, of the total remuneration in the event of default in performance with respect to the provisions of this Decree, thirty days after receiving warning of the problem until the problem is eliminated.

The Software and Interface Data Warehouse and the body in charge of the Software and Interface Data Warehouse

Article 11
(1) The Government shall appoint the minister in charge of administrative information technology as the body in charge of the Software and Interface Data Warehouse.
(2) The body in charge of the Software and Interface Data Warehouse shall
a) operate the Software and Interface Data Warehouse;
b) monitor compliance with the provisions of this Decree;
c) in the event that the provisions of this Decree are violated, call the breach to the attention of the body authorised to institute proceedings, and—if the conditions persist—institute proceedings;
d) examine the existence of the content elements, mandatory in accordance with this Decree, in any information and communication contract to be concluded by the state purchaser, and give prior consent in this respect to the conclusion of the contract;
e) in the course of the execution of an information and communication contract concluded by the state purchaser, examine whether it is in conformity with the provisions of this Decree and issues a certificate of performance;
f) create and consistently update a software and interface inventory which shall include every information and communication product, service and system used by state administration bodies, organisations maintained by state administration bodies and business organisations in majority state ownership, together with all of their designations, version numbers, customisations and interfaces;
g) provide sustained, flawless operability, and compliance with the provisions of this Decree, for every information and communication product, service and system used by state administration bodies, organisations maintained by state administration bodies.
h) provide, as the need may be, version tracking of the subjects of contracts concluded by the state purchaser;
i) provide sustained, real-time, web-based information and communication service, documented in provably unalterable form, necessary to establish public net present value as laid down in Article 12(2); and
j) consistently provide the possibility for anyone to express—in electronic form and without registration—their views freely in connection with the content of the Software and Interface Data Warehouse.

Article 12
(1) The Software and Interface Data Warehouse shall include, in a form complying with the open standard set out in 5,
a) the open standards set out in the Annexes of this Decree;
b) the open standards with which the products, services and systems, constituting the subject of an information or communication contract concluded by the state purchaser, comply;
c) the information or communication contract concluded by the state purchaser, the source code and the full documentation of the subject of the contract;
d) the connection interfaces complying with the open standards and used exclusively in the information or communication products, services or systems constituting the subject of information or communication contracts concluded by a state purchaser;
e) the certificates relative to the accomplishment of the information or communication contrats concluded by a state purchaser;
f) the state software and interface inventory;
g) the alterable and installable, and the unalterable and installable versions of closed-version information or communication products, services and systems, and the alterable and installable versions of unclosed-version information or communication products, services and systems;
h) the log tracking the changes of the source code of alterable information or communication products, services and systems;
i) the call for bids according to Article 9(3), and the net present value of the substitute service(s); and
j) in order for the provisions of this decree to become effective, any information determined by the body in charge of the Software and Interface Data Warehouse.
(2) If the information or communication contract permits, the body in charge of the Software and Interface Data Warehouse shall make the contents of the Software and Interface Data Warehouse—with the exception of the source codes and documentation of the information or communication products, services or systems set out in Article 8(3)—available freely to anyone, on text level, in searchable, copyable and printable form, electronically, free of charge and without registration, and usable without further conditions, except for the optional requirement of distribution with identical eligibility conditions.

Article 13
(1) Within the scope of its duty to track the versions of the subjects of contracts concluded by the state purchaser, the Software and Interface Data Warehouse shall classify as closed any versions of an information or communication product, service and system which comply with the requirements set out in Annex 6.
(2) A closed-version information or communication product, service or system shall be unalterable, its installable version shall be provably unalterable after classification, and its classification as closed shall not be withdrawn. The Software and Interface Data Warehouse shall provide for the unalterability of this version and its exclusive usability by state administration bodies, organisations maintained by state administration bodies and business organisations in majority state ownership.

Procedural rules

Article 14
(1) The General Rules of Administrative Procedures and Services Act shall apply with the derogations set out in this Decree to the following procedures of the body in charge of the Software and Interface Data Warehouse:
a) prior consent procedure for contracts;
b) procedure certifying that a contract was accomplished in conformity with the provisions of this Decree; and
c) monitoring procedures.
(2) The body in charge of the Software and Interface Data Warehouse shall adopt a substantive decision within 45 days of receipt of the application.
(3) There shall be no appeal against the resolution of the body in charge of the Software and Interface Data Warehouse.

Article 15
(1) The state purchaser shall submit to the body in charge of the Software and Interface Data Warehouse for initiation of prior consent
a) the definitive draft of the information or communication contract; or
b) the information or communication contract concluded but not yet come into existence.
(2) If, given the case described in paragraph (1)(a), the contract concluded is different in content compared to the definitive draft, it shall be resubmitted to the body in charge of the Software and Interface Data Warehouse for prior consent.

Article 16
(1) The state purchaser shall submit the certificate to the body in charge of the Software and Interface Data Warehouse
a) prior to certifying the accomplishment of the information or communication contract, in order to initiate a certification procedure in accordance with this Decree; or
b) within eight days of the accomplishment of the contract, if the accomplishment of the contract, in compliance with the provisions of this Decree, has been certified by another certifying body.
(2) The body in charge of the Software and Interface Data Warehouse shall have the right to verify the authenticity of the certificate.

Authorising provisions

Article 17
The minister in charge of the civil intelligence services and the minister in charge of national defence shall be authorised to set out in a decree
a) the concept of an information or communication product, service or system requiring special security, in agreement with the minister in charge of administrative information technology; and
b) standards according to Article 5(2), applying to information or communication products, services or systems requiring special security.

Final provisions

Article 18
(1) This Decree shall enter into force on 31 October 2007.
(2) This Decree shall be revoked on … [deregulation provisions to be drafted at a later time]
Version A
No paragraph (3)
Version B
(3) The text “individual, original” in Article 2(1)(e) shall be repealed on …

Annex 1 to Government Decree …/2007 (… …)
Open standards ensuring interoperability
[
The current latest version of the e-Government Interoperability Framework (http://www.govtalk.gov.uk/schemasstandards/schemasstandards.asp), including any further standards included in the current latest version of this standard.
]

Annex 2 to Government Decree …/2007 (… …)
Open standards ensuring security and secure reproductiveness
[
Information technology—Security techniques—Information security management systems—Requirements, ISO/IEC 27001:2005 (http://www.iso.org/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=42103);
Information technology—Security techniques—Code of practice for information security management, ISO/IEC 27002:2005 (http://www.iso.org/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=39612);
The current latest version of the Open Web Application Security Project “OWASP Testing Guide” (http://www.owasp.org/index.php/OWASP_Testing_Project);
Systems and software engineering—Content of systems and software life cycle process information products (Documentation, ISO/IEC 15289:2006 (http://www.iso.org/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=43790);
Software and system engineering—Guidelines for the design and preparation of user documentation for application software, ISO/IEC 18019:2004 (http://www.iso.org/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=30804); and
Trusted Time Stamp Management and Security, ANSI X9.95:2005 (http://webstore.ansi.org/ansidocstore/product.asp?sku=ANSI+X9.95%3A2005).
]

Annex 3 to Government Decree …/2007 (… …)
Open standards ensuring usability
[
Research-Based Web Design & Usability Guidelines (http://www.usability.gov/pdfs/guidelines.html);
Web Content Accessibility Guidelines (http://www.w3.org/WAI/WCAG20/quickref); and
Version A
Open Document Format for Office Applications (http://docs.oasis-open.org/office).
Version B
The latter standard is omitted.
]

Annex 4 to Government Decree …/2007 (… …)
Open standards for calculating net present value
[
Establishing the open standard for calculating the net present value requires that in the relevant information or communication transaction, the state seller or purchaser should, on the grounds of contractually guaranteed conditions, include, among others, the following:
– include in the sale-side or buy-side net present value of any software solution the following cost factors of the product service or system, according to the procurer’s needs and the provisions of this Decree:
— documentation;
— education;
— localisation;
— maintenance;
— follow-up;
— development; and
— value of de facto collateral provided by seller to buyer;
– in the case of open-source-code software solutions and solutions contractually remaining open-source-code, if the software solution is publicly and freely accessible,
— the selling price and the initial cost;
— the expected revenue and expenditure resulting from a long-term lock-in to this solution; and
— the cost of software audit
shall be considered as zero;
– in the case of state- and/or privately owned source-code software solutions, the sale-side and buy-side net present value of the license shall include the following cost factors of the product, service or system:
— the selling/purchase price of the license;
— the expected revenue and expenditure—based on the net present value calculation signed by a certified auditor—resulting from a long-term lock-in to this solution (cf. http://www.riehle.org/computer-science/research/2007/computer-2007-article.html and http://www.nuff.ox.ac.uk/users/klemperer/Farrell_KlempererWP.pdf); and
— the costs of the mandatory source-code software audit based on the IEEE Standard for Software Reviews (http://ieeexplore.ieee.org/ISOL/standardstoc.jsp?punumber=5362);
– in the case of web-based software solutions due contractually to remain web-based (i.e. not requiring user-side software installation), the costs of future maintenance and updating, on all of the computers affected or potentially affected, shall be considered as zero;
– in the case of software solutions requiring user-side software installation, the sale-side or buy-side net present value of the license shall include the following cost factors of the product, service or system: the expected revenue and expenditure—based on the net present value calculation signed by a certified auditor—of future maintenance and updating, on all of the computers concerned or potentially affected;
– in the case of procurements and developments of special-security information and communication systems, open-source security products and services ensuring Mandatory Access Control such as the Security-enhanced Linux developed by the National Security Agency of the United States, and other commercially available solutions shall be used as a reference to determine the net present value.
]

Annex 5 to Government Decree …/2007 (… …)
Open standards concerning utilisation

Annex 6 to Government Decree …/2007 (… …)
Open standards concerning the conditions of classifying a version as closed

[Authored together with the OpenReform group and anonymous civil servants]

Leave a Reply

Your email address will not be published. Required fields are marked *