To access all factsheets, in all formats (pdf, Linked Open Data - LOD) click here.

Data portability mainly relies on standardisation, as established in Law 40/2015. It is also relevant to mention in this regard the Interoperability Technical Standards for the processing and preservation of databases, for the preservation of electronic documentation, for then Transfer and Entry of electronic documents and records, and for the reuse of information resources. By Order ETD/803/2020 of July 31, the Data Office was created to design strategies and frameworks for data management, governance policy, development of a data analytics competence centre and coordination of technical initiatives. In November 2022, the datos.gob.es portal published a guide to develop a plan of measures to promote openness and reuse of open data. The goal is to provide guidance on the different elements that the plan should contain in order to draw up a feasible roadmap for data opening, as well as to enable its monitoring and evaluation, which consider portability. For data portability at cross-border level, it is required to adopt standards and common specifications that are set up at the European level. In this regard, Spain is an active participant in the European working groups for semantic interoperability and uses those agreed at the European level for the data portability across borders related to several European information systems.

Along with the simplification of administrative processes, the Spanish NIF and legislation establish the mandate to use common services and infrastructures as well as reusable solutions, except for exceptional cases properly justified with an economic assessment. This mandate was mainly justified on behalf of the return of investments, total cost of ownership, and risk reduction provided by reusability. On the other hand, the Spanish NIF and Law 40/2015 on the Legal Regime for the Public Sector also establish the principle of interoperability-by-default for their IT solutions since it enables the collaborative provision of public services with a significant reduction of administrative burden thus improving user satisfaction and user centricity. Comprehensive information of these reusable assets can be found in the Centre of Technology Transfer (CTT) portal (reusability). For those CTT solutions that wish to build a development community around their open source project, the Forge-CTT space has been created within the large public collaborative environment of GitHub, where public administrations can create and manage their repositories and foster collaboration with both the public and private sectors (user satisfaction and user centricity). Royal Decrees 311/2022 and 4/2010 set up the obligation to be compliant with the security and national interoperability frameworks, providing audit guidelines to ease the understanding of their assessment and audit requirements (reusability, risks).   

As established by Article 8 of the Spanish NIF, services, data and documents of any public administration should be electronically accessible by any public unit, preferably under cooperation agreements that reflect the requirements and conditions of access and through interoperability nodes. The technical body for the cooperation governance is the Sectorial Commission on Electronic Administration, as Law 40/2015 establishes. This Commission is composed by public administrations of every level and universities. It is responsible for (a) ensuring the compatibility and interoperability of the systems and applications used by public administrations; (b) boosting the development of the Spanish eGovernment; and (c) ensuring cooperation between public administrations in order to provide precise, updated and unambiguous administrative information. This Commission has 14 active working groups focused on promoting and enhancing the progress of the Spanish eGovernment in several context.  Also, the National Security Framework regulated by Royal Decree 311/2022 must be applied by the entities of the public sector in Spain and also applies to the information systems of private sector entities, including the obligation to have the security policy referred to, when, in accordance with the applicable regulations and by virtue of a contractual relationship, they provide services or solutions to public sector entities for the exercise by them of their administrative powers and competencies.

In Spain, regulatory impact reports are issued for every legislation draft to analyse the ticked issues, also considering administrative simplification with digital proceedings. On the other hand, there is an extensive set of ground legislation for eGovernment, compiled in the called 'eGovernment Code', whose mandatory compliance ensures proper management of potential digital barriers, reuse of solutions, compliance with applicable national, European and international mandates, as well as the design of processes and procedures accordingly.

The use of shared infrastructures and reusable services is forced by the Spanish legislation. Some of the provisions include: 

• the Data Intermediation Platform (PID) that enables the exchange of data between public services and base registries for the implementation of the Once-Only principle;  
• INSIDE that enables the sharing of administrative e-documents and e-files;
• SIR that enables the exchange of entry registry record among different competent authorities and public administrations;  
• NOTIFICA that can be used by competent authorities to send communications and notifications to citizens and business;
• the datos.gob.es portal, a federated platform at national level whose source code is available in Github for reuse.   

The Spanish Centre of Technology Transfer (CTT) is, according to Law 40/2015 article 158, a public repository that contains all the reusable assets for IT solutions whose objective is to promote the reuse of solutions by all public administrations. In addition, the CTT provides a space reserved in Github, CTT Forge, where the collaborative development of applications of public administrations is facilitated. Any administration can publish its software project and create a development community around it. The CTT portal provides information on projects, services, semantic assets, regulations and solutions that are being developed in the field of e-Government. 

In Spain, building blocks are used as cloud services to provide access to base registries, digital identification, digital signing, and digital payment. There is also a shared service to provide telecom services through a unified and consensual public contract at the central administration level. Moreover, most of the public organisations use social media channels, such as Twitter, and provide open data. A building block that offers an open source application to create open data portals has been established, but the national open data portal, datos.gob.es, can be directly used by any public administration. Specific programmes to adopt IoT technologies in municipalities in order to provide better public services also can be found. 

The Spanish Ministry of Economic Affairs and Digital Transformation (MAETD) is the current ministerial department entitled to conduct the proposal and execution of national government policy regarding economic affairs and reforms to improve competitiveness, telecommunications and information society. The ministry also proposes the government policy for digital transformation and the development and promotion of AI following Royal Decree No. 2/2020 of 12 January 2020, which restructured the ministerial departments.  

The detailed structure and functions of this ministry were set out in Royal Decree No. 403/2020. 

Nadia María Calviño Santamaría First Vice President of the Government and Minister of Economic Affairs and Digital Transformation   Source: http://www.mineco.gob.es/

Carme Artigas Brugal Secretary of State for Digitisation and Artificial Intelligence   Source: http://www.mineco.gob.es/

Roberto Sanchez Secretary of State for Telecommunications and Digital Infrastructures   Source: http://www.mineco.gob.es/

Juan Jesús Torres Carbonell General Secretary of Digital Administration   Source: http://www.mineco.gob.es/

The Commission for ICT Strategy approved by Royal Decree No 806/2014 of 19 September 2014, on the organisation and operational instruments for ICT at the State General Administration, is an inter-ministerial body comprised of senior officials, mainly undersecretaries, representing all ministries and the central administration. Its main goal is to ensure the appropriate use of ICT resources based on strategic lines in order to improve the delivery of public services to citizens. It is tasked with the preparation, design and development of the eGovernment strategy and ICT policy.  

The Ministerial Committees for Digital Government are responsible for promoting digital governance in public administration. Royal Decree No. 806/2014 of 19 September establishes that each ministerial department features a Ministerial Commission for Digital Administration (CMAD) with the purpose of developing the action plan for the digital transformation of the ministry.  

The National Cybersecurity Council helps the National Security Council with its tasks and duties, particularly by helping the Spanish Prime Minister manage and coordinate the National Security Policy in the field of cybersecurity. The main functions and activities are stated in Decree PRA/33/2018, which sets out the Agreement of the National Security Council regulating the National Cybersecurity Council.  

Its main functions are the following: 

• Proposing to the National Security Council the guidelines on planning and coordinating the National Security Policy related to cybersecurity;
• Contributing to strengthening the proper functioning of the National Security System in the field of cybersecurity, whose supervision and coordination falls under the scope of the National Security Council; and
• Strengthening the relations with the concerned public administration bodies in the field of cybersecurity, as well as the coordination, collaboration and cooperation between the public and private sectors.  4. 

Law No. 40/2015 of 1 October 2015 on the Legal Regime of the Public Sector (BOE-A-2015-10566), established the Sectorial Commission of eGovernment as a technical cooperation body of the General State Administration, the Administration Bodies of the Regional Governments and Local Entities in matters of electronic administration. Universities also take part in this Commission through the CRUE-TIC representatives. 

Its main functions are to:  

• Ensure the compatibility and interoperability of systems and applications used by public administrations;
• Promote the development of electronic administration in Spain; and
• Ensure cooperation between public administrations to provide clear, updated and unequivocal administrative information.  

The National Centre for Infrastructure Protection and Cybersecurity (CNPIC) is the responsible body for the promotion, coordination and supervision of all policies and activities related to the protection of critical infrastructures and cybersecurity under the authority of the Ministry of the Interior. The CNPIC is accountable before the Secretary of State of Security.  

The CNPIC was created in 2007 under the Agreement of the Council of Ministers of 2 November 2007. Its competences are regulated by Law No. 8/2011 of 28 April 2011, by which the measures for Critical Infrastructure Protection (CIP) are established, and by Royal Decree No. 704/2011 of 20 May 2011, by which the Regulation on critical infrastructure protection was adopted.  

In addition, the Council of Ministers’ Agreement of 15 February 2019 established the Cybersecurity Operations Centre for the general State administration. This Centre aims to improve the prevention, detection and response to cyberattacks and incidents.  

The Committee for Social Security Digital Strategy has been created with the objective of coordinating the digital transformation initiatives within the State Secretariat of Social Security. As part of its responsibilities, the Committee developed an action plan for the digital transformation of the State Secretariat, in order to comply with Laws No. 39/2015 and No. 40/2015. The plan provided for initiatives in specific areas such as: digital notifications; authorisation of representatives; public servant registry; normalisation of administrative procedures; electronic registry and organisational change management.  

The Secretary of State for Digitisation and Artificial Intelligence aims to promote the digital transformation of society, in order to achieve a prosperous, safe, reliable, inclusive growth respecting the rights of citizens, as well as the digital transformation of public administration bodies through the Secretariat-General for Digital Administration.  

Article 8 of Royal Decree No. 403/2020 includes the detailed functions and organisation of the Secretary of State. The Secretariat of State fulfils the functions of promoting and regulating digital services and the digital economy and society, engaging in dialogue with the professional, industrial and academic sectors, encouraging the digitisation of the public sector, as well as coordinating and cooperating with ministries and other public administrations on these matters. In also fulfils the functions of Chief Data Officy. 

The Secretary of State for Telecommunications and Digital Infrastructure is responsible for the promotion and the regulation of the telecommunications and audio-visual services sectors and the Information Society. Moreover, it deals with the professional, industrial and academic sectors, and inter-ministerial coordination and cooperation with other public administrations on these matters. It includes regulation and coordination with European and international programmes to promote the regulation, standardisation and certification of digital and telecommunications infrastructures.  

Article 10 of Royal Decree No. 403/2020 includes the detailed functions and organisation of the Secretary of State. 

The Secretariat-General for Digital Administration (SGAD), having the rank of Undersecretary, is a governing body under the authority of the Secretary of State for Digitisation and Artificial Intelligence. It is responsible for the management, coordination and performance of the powers attributed to the department in the field of digital transformation of administration, including the technical development and application of Law No. 39/2015 of 1 October 2015 on the Common Administrative Procedure of Public Administrations and Law No. 40/2015 of 1 October 2013 and its regulatory rules regarding the electronic operation and functioning of the public sector.  

It also has the competence for national security and interoperability schemes, the rationalisation of information and communication technologies within the General State Administration and its public bodies, the management of the Cybersecurity Operations Centre and the definition of common digital means and services, including those declared as shared and, where appropriate, their provision, operation and management for the general government as a whole. 

Moreover, in coordination with the other ministerial departments, it is responsible for the implementation of all actions arising from the action plans for the implementation of national and international strategies in the area of digital transformation.  

In July 2020, the Ministry of Economic Affairs and Digital Transformation established the Artificial Intelligence Advisory Council whose objectives are:

• To advise and inform the Secretary of State for AI and Digital in the proposal and execution of the Governments policy on Artificial Intelligence;
• To evaluate observations and comments, as well as to formulate proposals on the National Artificial Intelligence Strategy, in order to draw conclusions that will allow the approval of new versions of the Strategy;
• To advise on the evaluation of the impact of Artificial Intelligence on the industry, administration and society.

In line with the National Security Strategy and the Cybersecurity Strategy, on 15 February 2019, the Council of Ministers adopted an agreement to create the Cybersecurity Operations Centre for the General State Administration with the objective of providing cybersecurity services and improving response capacity in case of any attack.  

Furthermore, the agreement signed by the Secretariat-General for Digital Administration (SGAD) and the National Cryptologic Centre contributed to the creation of the Cybersecurity Operations Centre (Official Gazette, 1 January 2019).  

The National Cryptologic Centre (CCN) is part of the National Intelligence Centre (CNI). It was set up in 2002 to guarantee ICT security in different public administration entities and security for systems that process, store or send out classified information. 

The CCN-CERT is the Information Security Incident Response Capacity of the National Cryptologic Centre, CCN, attached to the National Intelligence Centre, CNI. This service was created in 2006. The Spanish National Government CERT and its functions are set out in Law No. 11/2002 regulating the CNI; Royal Decree No. 421/2004 regulating the CCN, and in Royal Decree No. 311/2022 of 3 May 2022 regulating of the National Security Framework (ENS). 

The functions of the CCN-CERT are listed in Chapter IV of Royal Decree No. 311/2022 of 3 May 2022. Its mission is to contribute to the improvement of Spanish cybersecurity, being the national alert and response centre that cooperates and helps to respond quickly and efficiently to cyber-attacks and to actively address cyber threats, including coordination at the State level of the different incident response capabilities or existing cybersecurity operations centres according to Royal Decree-Law No. 12/2018. 

The FNMT–RCM (Fábrica Nacional de Moneda y Timbre) is the public entity which, in the field of eGovernment, develops its activities as a Qualified Trust Service Provider according to Regulation (EU) No. 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market.  

In February 2019, the Ministry of Finance formalised an agreement with the FNMT–RCM to provide trust services to the general State administration, and continuing the work first started in the late 1990s. This agreement included the following trust services: 

• Electronic signature (natural persons, legal persons);
• Electronic seal;
• Website authentication; and
• Qualified electronic time stamps.  

Currently, the number of active electronic certificates exceeds eight million. The FNMT-RCM processes more than 166 million validations each month and issues more than 17 million time stamps each month.  

The Court of Auditors is tasked with controlling the collection and use of public funds. In addition, it performs a jurisdictional function which entails auditing the entities tasked with handling public funds and goods. 

The Data Protection Agency (AEPD) is the public law authority overseeing compliance with legal provisions on the protection of personal data. As such, it enjoys absolute autonomy from public administration. It undertakes actions specifically aimed at enhancing citizens' capacity to effectively contribute to such protection.  

Regional eGovernment initiatives are led and coordinated by the respective Autonomous Communities where a specific body, department, or entity is usually in charge of coordination.  

The actor for each regional government can be checked in the list of members in the Sectorial Commission for eGovernment. . 

The Spanish Federation of Municipalities and Provinces (FEMP) is a Spanish association of local entities that groups municipalities, provincial councils, and island councils. It promotes the development of digital transformation, among other issues, in local entities and it takes part in the Sectorial Commission of eGovernment.