Implementing digitisation policy
Implementing digitisation policy
In her letter on the main points of digitisation policy, State Secretary Van Huffelen, together with the other ministers involved, gives further substance to the contours outlined in the coalition agreement. A letter of 20 pages, indicating that there is still a lot of work to be done!
From the perspective of CIO Platform Nederland, the association of business users of digital technology, the following themes have the highest priority, perhaps some inspiration for action:
A better functioning market:
Restoring competition in digital markets that are not working properly. For example, because, after making a choice for a certain digital technology and implementing it, switching to the technology of a competing provider is virtually impossible. This lack of competition has consequences for the quality of digital products and services, their cyber security, access to and use of data, the ability of users to comply with legislation and many other aspects.
A better functioning of the market is therefore fundamental for many of the topics in the State Secretary’s letter. Increasing interoperability and looking beyond competition between providers (but also into the behaviour of providers towards users once a first purchase has been made) are concrete points to address. These make switching easier and therefore improve fair market dynamics.
In addition, the Cabinet should develop activities that ensure that digital technology that is placed on the market in the Netherlands (and Europe) demonstrably complies with Dutch/European regulations and also enables its (business) users to comply with them: compliance-by-design.
Responsibility where it can have an effect
Proper attribution of responsibilities and liability with parties (suppliers, business users, end users and others) is very important and is not always laid down in law very well. If the responsibility is not properly attributed, for example with a party that cannot influence the compliance with a rule, a 'leak' arises in compliance with the regulations, which is not desirable.
The inability to comply is caused, for example, because one party cannot control the software code (because of encryption), may not change it (due to intellectual property rights of another party), cannot have it changed (due to lack of negotiating power), or because the party has no influence on how the technology is used or for what purpose.Especially with new regulations, this attribution must be paid close attention to, such as European regulations on AI and Data that are currently being developed. Subsequently, existing regulations, such as the GDPR, should be adapted to attribute responsibilities properly.
Cybersecurity and resilience
Cybersecurity and cyber resilience are important topics. The Cyber Security Council, the Dutch Safety Boardand others have already made important suggestions about this. For example, focusing on the role of the government, better coordinating policies and measures in different branches of industry. And also on strengthening autonomy, especially with regard to powerful geopolitical competitors of the Netherlands / Europe and technology providers that have become too powerful. Cyber security is a matter for companies and public organisations themselves, but also a socially versatile subject, which requires attention from the police, the judiciary and the ministry of Defence.
Cooperation between public and private parties is crucial to create a barrier against criminals, saboteurs and other malicious individuals and organizations. Cooperation, for example, on sharing knowledge and insights for the protection of the organisation’s own systems and those of partners in the chain, because one's own safety is partly dependent on that of others. The government itself has an important information position in the field of vulnerabilities and incidents. That knowledge and information must be made available to others as quickly and smoothly as possible, to enable them to protect themselves.
It is also important that suppliers of digital products and services pay even more attention to the development of digital technologies that are basically secure; secure-by-design and secure-by-default.
At the same time, we see that the importance of investing in cyber security and resilience is not yet a top priority for all boards. It is still too easy to look at others, inside or outside your own organization. The Government should further promote investment in cyber security and the resilience of all organisations. For example, by making it easier to hold parties that fail to invest in adequate cyber security liable. Or by having cost-benefit research carried out into the optimal place to invest in cyber security (should investments be made by the developer/supplier of digital technology, or with business users or elsewhere) and by involving even more organisations in cyber resillience exercises.
Knowledge about digitization, talent development and diversity
Lack of knowledge is a broader problem than just in the field of cybersecurity, both among (supervisory) board members, as well as among other groups of employees and individuals. Recent research has shown that knowledge about digitization among executive directors and supervisory board members at companies and government institutions still leaves much to be desired. This means, among other things, that such a board will easily make a wrong assessment of the opportunities that digitization offers for the organization, or a wrong assessment of the risks faced and also of the impact of digitization on the organization. Educating people is a task for the government as an employer of its own civil service and top management. For the business community, too, there lies a task to educate its directors and employees.
Another aspect, no less important, is that the number of vacancies for employees with specialist knowledge of the use of digital technology is unprecedentedly high. More young people should be encouraged to opt for education or training focused on specific digital knowledge, such as programming, functioning in multidisciplinary teams, cyber security, data analysis, etc. All educators should be encouraged to include more digital knowledge in their training programmes. After all, every future entrepreneur or employee must be able to handle digital tools and data to be successful.
A third relevant aspect is the diversity of employees within the departments dealing with digital technology. In most organizations, it is not very diverse (at all). We need to increase the group of people with knowledge of digital technology and data. And we need to make more use of the knowledge, insights and experiences of people from different genders and cultural backgrounds to develop better products and services. Policies are needed that will greatly increase the diversity and number of people trained in the application and development of digital technology in the short term.
Coordinating digitization is crucial
Finally, and perhaps most importantly, it should be acknowledged that digitization is not a goal, but an autonomous development. A development that affects almost all aspects of our society and the individuals and organizations within it. It affects the democratic process, the economy and innovation, health care, education and training, infrastructures and use of space, labour market opportunities, well-being and social cohesion, fair treatment of people, justice and security, diplomacy, dependence on suppliers, competing economic and geopolitical powers and opportunities for cooperation.
This means that not only is a lot of policy needed that focuses on digital technology and its impact on a specific policy area. It also requires applicable regulation, expert implementation and supervision.
This also means that new policies, in whatever field, are no longer acceptable without explicitly indicating the impact of digitization on this policy. A digitization paragraph in each policy document is needed. It should describe the opportunities to use digital technologies or data to promote the purpose of the policy, implementation prospects, what risks this entails and how these can be mitigated. Just as every policy should undergo an administrative burden test, a digital opportunity and risk assessment should become standard.
Ultimately, all this – the broad impact on society, democracy, economy, security, healthcare, education, infrastructures, autonomy and so many other aspects that affect the people of this country – means that digitalisation is a chefsache and should be treated as such; an area of focus under the direct interest and responsibility of the Prime Minister. Given the current constellation, perhaps not in this government term, but certainly under a next Cabinet. Nevertheless, above we’ve stated the most important actions that could and should already be set in motion. CIO Platform Nederland will gladly help further operationalise these actions.