Ref.

Ares(2023)491135 - 23/01/2023

Management Plan 2023

DIGIT
Contents

Introduction................................................................................................................................................................ 3
PART 1. Delivering on the Commission’s priorities: main outputs for 2023 ............................ 5
A. General Objective 7 – A modern, sustainable and high-performing European public
administration ..................................................................................................................................................... 5
B. General objective 2: A Europe fit for the digital age .......................................................... 12
PART 2. Modernising the administration: main outputs for 2023 .............................................. 14
A. Human resource management ...................................................................................................... 14
B. Sound financial management ........................................................................................................ 17
C. Fraud risk management .................................................................................................................... 19
D. Digital transformation and information management ...................................................... 19
E. Sound environmental management ............................................................................................ 21
F. Initiatives to improve economy and efficiency of financial and non-financial
activities .............................................................................................................................................................. 24
ANNEX – Performance tables .................................................................................................................. 25

2
Introduction

The Directorate General for Informatics (DIGIT) drives the Commission’s digital
transformation by providing modern, secure and user-centric IT services and solutions.
DIGIT enabled the ‘digital acceleration’ that the Commission experienced over the past
years. It paved the road for the changes in the way the Commission works and delivers on
its political priorities.
The fast-paced evolution of digital technologies and their impact on business processes
require the right operational setting. To this end, the new corporate strategy for a Next
Generation Digital Commission of June 2022 (1) sets a framework for DIGIT’s activities.
The new strategy builds on the achievements of the previous digital strategy, takes stock of
lessons learned, and reflects the new digital trends and political priorities in the post-
pandemic landscape. A set of five strategic objectives will drive the shift from ‘doing
digital’ to ‘being digital’. In line with the EU strategic priority of a ‘Digital Decade’, the
new corporate strategy posits a digital transformation journey on the basis of the
European core values of human centricity, digital inclusion, digital sovereignty, trust and
ethical use of technologies. Moreover, the strategy sets out a new role for DIGIT centred
around its strategic capacity to advise and support its stakeholders (2). This is crucial
to ensure the delivery of digital-ready policies (3) by the Commission overall. To achieve
these goals and to better support DIGIT’s mandate to become the Strategic Advisor
to the Commission on all matters digital, DIGIT has launched an internal reflection
process on how to improve its processes and organisational setup.

While the new digital strategy sets a long-term direction for the full digital transformation
of the Commission, DIGIT will also rely on other relevant strategic frameworks to deliver on
existing commitments and priorities.
As defined in the Strategic Plan (4) in use for the current Commission mandate, DIGIT is
supporting the transition towards a modern, sustainable and high-performing
European public administration (General Objective #7), and is also contributing to the
objective of making Europe fit for the digital age (General Objective #2). DIGIT’s
2023 Management Plan identifies key initiatives that will contribute to the achievement of
these goals (in line with the headline ambitions of the Von der Leyen College), and
addresses the challenges and principles also identified in the new digital strategy.

(1) People First – Digitalising the Commission | European Commission (europa.eu)

(2) Commission Corporate Governance bodies, Commission departments, EU Institutions, EU Public
Administrations.
(3) Digital-ready policymaking refers to the process of designing policies and legislation by
considering digital aspects from the very beginning to ensure that they are ready for the digital
age, future-proof and interoperable. Policies (and legislative acts) are digital-ready if they
enable smooth policy implementation through best use of technologies and data.
(4) Strategic plan 2020-2024 – Informatics | European Commission (europa.eu)

3
Protecting the Commission’s IT assets and staff from cyber-threats is a crucial
priority and represents a growing challenge, especially in light of more and more
sophisticated security incidents (a trend started with the pandemic and that reached even
wider proportions following the Russian aggression in Ukraine). The new digital strategy
addresses these challenges with the vision of a next generation digital Commission
supported by a trusted environment that applies the overarching principles of digital
security and resilience. Cybersecurity represents the fil rouge that interconnects the
different objectives of the digital strategy, and the Commission has recognised its critical
importance in ensuring the protection of corporate assets, services, systems and accounts.
The flexible working environment of the new HR strategy, which introduced the alternation
between physical office presence and remote working - combined with the increased use of
cloud computing – has reshaped the cybersecurity needs of the institution. Through the new
digital strategy, the flexible working environment also benefits from a strengthened
cybersecurity culture and an awareness programme that ensures appropriate
resilience and protection of the digital landscape of the administration. This is part of a
broader ‘mindset shift’ of the institution’s working culture, which is ultimately another
important enabler of digitalisation. The digital transformation journey envisaged by the
new strategy needs to cope with greater exposure to risks and brings new challenges for
the overall security of the Commission. As central IT provider, DIGIT must operate in a
heterogeneous environment shaped by a multitude of potential attack scenarios and
reduced resources (in particular, due to shortage of domain experts).
Other key deliverables for 2023 are focused on the provision of customised IT services
to different Commission departments. When delivering flagship digital solutions
addressing human resources, document management, decision making and procurement,
DIGIT will apply the ‘re-use first’ principle. Fulfilling its digital leadership, DIGIT will keep
improving the Commission’s digital workplace (with a focus on user experience) by
finalising key processes initiated in 2022 (such as the migration of staff to the new and
more secure WELCOME environment, the IT Butler service, and the exploration of new IT
support channels adapted to the flexible working environment). In light of current economic
and geo-political circumstances, DIGIT could face in the next year potential supply chain
disruptions when procuring high-performing IT equipment for Commission staff. This could
lead to a shortage of new IT devices, and consequently demand a stronger rationalisation
of resources, including the extension of the lifecycle to existing equipment.
DIGIT will also play a crucial role in supporting the digital transformation of European
Public Administrations through interoperable digital public services. Following the
adoption of the REFIT initiative on ‘EU Governments Interoperability Strategy’, in 2023
DIGIT will focus on the political negotiations of the ‘Interoperable Europe Act’. This
newly proposed regulation puts forward a structured cooperation framework for the
Member States and the Commission.

4
PART 1. Delivering on the Commission’s priorities: main outputs for
2023

A. General Objective 7 – A modern, sustainable and high-performing

European public administration

Specific Objective 7.1 – A portfolio of secure, state-of-the-art corporate digital

solutions developed in partnership supports the Commission’s political priorities

The digital transformation of core corporate business processes is crucial to shape a digital
Commission fit for the digital age. This implies strong business rationalisation,
simplification and streamlining to support and empower all Commission services. It is
possible by exploiting fully the capabilities offered by digital technologies, while unlocking
the potential of the Commission’s data.

A successful digital transformation demands close cooperation with partner DGs whose
core business processes are at the forefront of the Commission’s decision-making system.
To facilitate this process, DIGIT has agreed with key partners a set of annual work plans
which focus on delivering and operating flagship digital solutions in the domain of
human resources, document management, decision making, procurement, grants, etc.

In particular, in 2023:

 In the human resources management domain, DIGIT will continue the HR

Transformation programme in partnership with HR, PMO and EPSO. This is part of a
large-scale digital transformation programme implementing the new HR Strategy,
which proposes a client-centric and data-driven rethinking of HR services and
processes. In 2023, the programme will move towards the first wave of
implementation, delivering business value in the areas of service desk, health care
services, pre-selection, selection, recruitment and on-boarding of staff.

 In the Document Management domain, DIGIT will further focus on the

development of the Hermes-Ares-NomCom platform (HAN), which will be made
available to additional European Institutions (including the European Council),
agencies and bodies. To support the platform’s expected growth, measures to
optimise its performance, scalability and resilience will be put in place, and relevant
support services will be adapted. The further improvement of security measures,
including data protection is also a key part of this process. Improvements to
NomCom and the retention list management (5) will be implemented to better

(5) The Common Retention List is a regulatory document in the form of a retention schedule that
sets the retention periods for the different types of Commission files.

5
 support long-term preservation. Long-term preservation actions also include
continuing the replacement of the Commission’s archives management system that
started in previous years, as well as the development of additional solutions to
support digital preservation.

 In the Legislative lifecycle management domain, DIGIT will continue the

development of EdiT/LEOS (Legislation Editing Open Software), a flagship open-
source project that facilitates the drafting of legislative texts. This innovative tool
increases the efficiency of the legislative process, enhances interoperability and
fosters the seamless cooperation between different actors in the EU Institutions and
in Member States. The integration of EdiT in Decide (the legislative platform of the
Commission) will continue in 2023, and its user interface will be modernised. DIGIT
will also reach out to Member States to explore the use and co-design/co-
development of LEOS which is made available to public administrations across
Europe who can adapt it to their specific needs.

The delivery of these initiatives is also fully aligned with the corporate digital
strategy: programmes such as HRT, HAN, EdiT and LEOS support the strategic objective of
empowering business-driven digital transformation, by advising DGs and assisting
them in their digital journeys.

Fostering reuse is another key enabler of digital transformation, and the Reusable
Solution Platform (RSP) addresses this need within the Commission by driving reuse,
enabling common user experiences, bringing standardisation, reducing redundancy,
reinforcing security and increasing interoperability. In 2023, the RSP will be enhanced
according to the work plan endorsed by the Information Technology and Cybersecurity
Board (ITCB). The success and the added value brought by the RSP is regularly measured in
terms of cost avoidance of Full Time Equivalents (FTEs) and shows how reusing existing
solutions can speed up delivery time and lower development costs for all DGs.

6
Specific objective 7.2 - The Commission exploits the potential of data, information,
knowledge and content management for policy shaping, communication, citizens and
staff engagement

To become a modern, more efficient and user-centric institution, the Commission needs to
exploit the potential deriving from data management. The correct use of data is a
powerful enabler of collaborative working, communicating and engaging with staff, citizens
and stakeholders. For this reason, DIGIT has been contributing to the development of a
corporate ecosystem and technical platforms that can fully unleash the potential
behind data, information, knowledge and content management.

The implementation of platforms to support the data, information, knowledge and

content ecosystem represents the major outcome of this objective. The priority in 2023
will be on improving a set of established digital platforms that are already supporting the
presence of the Commission at internal and external level. Namely, these include:

 the EC corporate data platform (as implementation of the DataStrategy@EC for

the set-up of the EC data ecosystem),

 the Europa Web Publishing Platform – the Commission’s web-presence platform,

 the Future of Europe online platform and solutions such as EU Survey to enable
the engagement with EU citizens. In particular, the ‘Have Your Say’ portal will be
enriched with the provision of a support service for a number of citizens’
assemblies, based on the Future of Europe online platform. This will become integral
part of the Commission’s consultation mechanisms. DIGIT will be responsible to
maintain and run this platform.

 the EC Collaborative platform (Single Integrated Framework for Collaboration)

that ensures collaboration and engagement with staff – M365, CIRCABC and Wikis,
combined with the internal communication platform (My IntraComm), and

 EU Academy - the e-learning platform created together with the JRC to address
knowledge-building needs of professional audiences and citizens by delivering
tailored training programmes, courses and events in a cooperation mode between
‘course owners’ and ‘learners’.

The above-mentioned technical platforms play a key role as enablers for the digital
transformation of the Commission, and facilitate the use of emerging technologies within
the digital innovation framework (governance, enablers, procedures) whose
implementation will become operational in 2023.

7
Specific Objective 7.3 – A digital delivery model supports the Commission as a
world-class agile and collaborative ‘open administration’

The Commission will become a digitally transformed, user-focused and data-driven

administration only if its digital delivery model evolves to foster agility, co-creation and
innovation. This delivery model should be based on an inclusive approach, incorporating
contributions from all DGs to make IT development more consistent across the institution.

The endorsement of the Dual Pillar Approach (DPA) in 2022 paved the way for a
simplified and more coherent delivery of corporate digital solutions. In the upcoming year,
DIGIT will focus on shaping the services needed to build and maintain a modern IT portfolio
based on the DPA principles. Importance will be given to the complementary role played by
the Reusable Solutions Platform (RSP) (6) in promoting re-use and leveraging ready-made
market solutions as first choice. DIGIT’s Service Catalogue will also evolve in order to be
better aligned with the requirements of the DPA.

To improve the Commission’s security posture, and reduce the technical debt while
accelerating the delivery of features to the business, DIGIT will also modernise the platform
supporting the delivery of information systems (DevSecOps), and define a corporate
pipeline to facilitate the on-boarding of new DGs. To improve the management of large
portfolio for system owners, DIGIT will also promote the scaled agile methodology.

DIGIT will strengthen the advisory services it provides to other DGs, e.g. concerning the
analysis of IT portfolios and tailored roadmaps for increasing the maturity of solutions and
technical components.

Finally, DIGIT will continue to implement the open source strategy of the Commission.
The actions expected in 2023 include the implementation and delivery of a set of tools
enabling a stronger culture of sharing and openness across the Commission.

(6) More details about the RSP are available in the chapter 7.1, as the Reusable Solution Platform
represents a key initiative driving this objective.

8
Specific Objective 7.4 - A Commission resilient to ever evolving digital security
threats

Securing the evolving digital working environment of the Commission remains one of the
key challenges that DIGIT faces. As a consequence, the constant improvement of the
corporate cybersecurity posture is one of the top priorities of DIGIT’s mission.

DIGIT is responsible for strong IT security management and cybersecurity rules that protect
the digital identities, the digital information and the IT assets of the administration against
increasing and more complex cyber-threats. This is critical to ensure a smooth transition
towards the next generation digital Commission.

However, a broader digital transformation comes with an increased attack surface which
exposes the institution to an ever-evolving threat landscape. The adoption of innovative
technologies and process automation changes the way in which information is accessed
and processed across the Commission, leading to new vulnerabilities. Attackers are also
exploiting new technologies which escape the traditional types of detection, for instance by
using automation. Therefore, the key challenge is to adapt our security solutions to
new work patterns that take into consideration our collaboration methods, mobility
(which implies access to applications and information from multiple devices at work, at
home and on the go), and the cloud.

In 2023, the areas of priority will therefore be the following:

 Support the IT Security Governance – by revising the corporate IT Security

Strategy, creating periodic reports for key stakeholders, and introducing an IT
security risk and maturity assessment framework to reinforce the IT security
governance in the Commission. The application of this framework will improve the
current reporting capability to the ITCB. This will enable the identification of areas
requiring particular attention, and facilitate decisions at corporate level. Additionally,
DIGIT plans to increase the cybersecurity situational awareness of the
institution by presenting the evolution of cybersecurity threats and by sharing
technical knowledge and expertise. The delivery of one annual and two interim IT
Security and Risk Reports (ITSRR) will also ensure adequate communication on the
status of IT security within the Commission.

 Drive the implementation of Cybersecurity Regulation in the Commission

(once adopted by the co-legislators, possibly in 2023). The regulation will stimulate
the interinstitutional cooperation in the area of cybersecurity, and DIGIT intends to
play a key role in maintaining and further developing the engagement of EU
Institutions, Bodies and Agencies in this domain.

9
 Enforce Cybersecurity Culture (awareness, training and exercises) – by
implementing the Cyber Aware Programme. In 2023, DIGIT will launch four phishing
exercises at corporate level, and offer cybersecurity awareness raising sessions to
all Commission staff, aiming to reach at least 30%.

 Deliver an IT Security continuous improvement approach – by offering a

centralised service which supports DGs in implementing lessons learnt from IT
security incidents, and offering advisory and consultation services to DGs in view of
improving their IT security posture. In addition, DIGIT will offer Commission
Departments that use the c-LISO service periodic tailored reports that will provide
information on IT security threats, risks, incidents and ongoing actions.

 Protect and defend the institution – by extending and developing services in the
area of IT security monitoring, detection and incident response. In particular, the
corporate capability to manage cybersecurity incidents will be reinforced by
implementing playbooks in the security orchestration, automation and response
platform (SOAR). Automation of detection rules will play a bigger role in improving
and accelerating the corporate Cyber Incident Response capability. In the area of
threat intelligence, DIGIT will explore new strategies to exploit the threat intelligence
feeds currently provided by CERT-EU. A mature Red Team service offering will be
established to test the Commission’s own cyber defences.

10
Specific Objective 7.5 – The Commission is a resilient public administration with a
performing digital infrastructure and a fit-for-purpose Digital Workplace

An efficient, flexible and high-performing working environment depends on a secure,

functional and reliable digital infrastructure. Part of DIGIT’s mission is to ensure the
continuous improvement of the corporate working environment by focusing on two strands:
the Digital Workplace (DWP) – which defines and implements the Commission’s working
setup – and the corporate infrastructure, which represents the backbone of the
Commission’s operational and functional capability.

With regard to the Digital Workplace, DIGIT will in 2023 complete a number of
initiatives launched during 2022. This concerns in particular the migration of core
corporate IT (backend) services to the WELCOME domain. While the past years have
been dedicated to the actual rollout of the DWP, the near future will focus more on running
the corporate backend services and processes in a smooth way. In parallel, DIGIT plans to
introduce improvements in the WELCOME domain (for instance by including user-friendly
settings applications for all users, and a transparent proxy authentication that would
replace the internet password) and will drive the last wave of migration to WELCOME
for all eligible users who are still working in NET1.

To adapt the Digital Workplace to new ways of working remains a key commitment,
in line with a more user-centric approach of IT service provision. DIGIT will invest in user
experience by revamping the “EC Store” and making it user-oriented instead of device-
oriented. This goes hand in hand with the promotion of alternative IT support channels
such as walk-in IT hubs and will take into account existing logistic set-ups (buildings and
office space policies such as Dynamic Collaborative Spaces). The IT Butler service for
VIPs launched in 2022 will also reach full maturity, becoming 100% operational by the end
of 2023.

As regards the running and improvement of the digital infrastructure, in 2023 DIGIT
will continue to implement cloud services (private and on premise), building on the results
achieved in the past year. In particular, cloud transformation will be a critical initiative to
ensure a future-proof operational foundation for Commission information systems. A
number of Information Systems and corporate hosting services will be on-boarded into the
Cloud Deployment Model (CDM).

The provision of more service-centred solutions to other DGs also in the infrastructure and
cloud domain is well aligned with DIGIT’s role as a strategic advisor to boost the digital
transformation of Commission departments, as mandated by the new digital strategy.

11
B. General objective 2: A Europe fit for the digital age

Specific objective 2.1 - The Commission implements its EU-wide policies through
high-quality, trusted, borderless digital public services that facilitate free flow of
data and boost the digital single market

DIGIT can rely on well-established tools and solid know-how on the implementation of EU
policies and modernisation of administrations and businesses. In this context,
interoperability is crucial for making Europe fit for the digital age. Since 2021, the
Digital Europe Programme brings together all interoperability policies that are currently
driving and coordinating the modernisation of public administrations across Europe.

The adoption by the Commission of an Interoperable Europe Act and accompanying

communication in 2022 set the foundation for an ‘interoperable Europe’. This introduced
a common framework for secure and borderless data flows and services ensuring the
implementation of an interoperability governance at EU level. The Regulation will help make
EU policymaking "digital-ready" and "interoperable by design". It will give a mandate to
Member States and the Commission to jointly propose and develop interoperability
solutions (in a common catalogue), to run pilot projects, to stimulate public/private
GovTech experimentation, and to support policy sectors (e.g. health, education) in
their digital transformation. In addition, it requires that EU entities as well as public
sector bodies perform interoperability assessments for any change to, or introduction of, a
relevant cross-border information system or component. As such, the regulation will
contribute to the digital transformation of the Commission, EU entities and public
administrations across the EU. The focus for 2023 will be to support the work of co-
legislators when it comes to the negotiation of the Interoperable Europe Act and to
prepare its subsequent implementation.

Work will continue with the implementation of the Interoperable Europe Strategy via
the Digital Europe Programme, in partnership with main partners like the JRC and OP. In
addition, DIGIT will implement relevant actions also included in the new digital
strategy, namely:

 Digital ready policy making and interoperability assessments: methodology and

tools;
 One stop-shop for Interoperability solutions and communication: Interoperable
Europe Portal (JOINUP);
 Set up the governance structure: Interoperable Europe Board and Community;
 SEMIC Support Centre: advisory and tools for semantic interoperability, support to
Data Spaces in close coordination with the Data Spaces Support Centre.
The proposal for a regulation and supporting tools financed via the Digital Europe
Programme reinforce DIGIT’s advisory role not only vis-à-vis ICT teams but also to policy-
makers working on files in the digital domain or with a digital dimension.

12
Specific objective 2.2 - Trans-European systems deliver user-centric and reusable
digital solutions, supporting EU-wide public services.

Digital Solutions for EU-wide services are large-scale IT systems supporting the
implementation of EU policies, delivering user-centric and reusable digital solutions which
support EU-wide public services. The governance and responsibilities for the
implementation and operation of these systems are distributed and done in collaboration
between the Commission and the Member States.

In 2023 DIGIT will continue to provide TESTA services (which ensure a secure terrestrial
communication network service across public administrations and European Institutions,
Bodies and Agencies) to the participating entities. The existing service infrastructure will be
maintained and updated to prevent risks affecting the good functioning of the service.

By delivering on this objective, DIGIT will also implement solutions for digital identity
and access management. The adoption of well-established Digital Trust Services that
guarantee authentication, authorisation and signature such as EU Login, EU Access and EU
Sign will be further extended across other EU Institutions, Bodies and Agencies.

To support the Commission to meet its legal obligations, DIGIT will also work closely with
relevant policy-making departments to foster the digital public administration and the
Digital Single Market. In co-operation with JUST, DIGIT will contribute to the implementation
of the Company Law Mobility Directive for the exchange of data between business
registers, which concern companies merging, dividing or converting cross-border. The
information obtained about cross-border operations will then be available in the Business
Registers Interconnection System. In this way, the Directive will directly contribute to
borderless digital public services by enhancing more cross-border data exchanges and
thus boosting the digital Single Market.

13
PART 2. Modernising the administration: main outputs for 2023

This section of the Management Plan introduces actions and initiatives that are critical for
the execution of DIGIT’s strategic objectives, and – on a broader perspective – contribute to
the delivery of all Commission’s priorities. The Commission as modern administration
depends on efficient management of human, financial and IT resources; it relies on
effective internal control and anti-fraud framework and it makes the best use of internal
and external resources.

The internal control framework (7) supports sound management and decision-making. It
notably ensures that risks to the achievement of objectives are taken into account and
reduced to acceptable levels through cost-effective controls. DIGIT has established an
internal control system tailored to its particular characteristics and circumstances. The
effective functioning of the service’s internal control system will be assessed on an ongoing
basis throughout the year and be subject to a specific annual assessment covering all
internal control principles.

A. Human resource management

Workforce Optimisation

DIGIT’s human resources are a crucial factor to achieving the DG’s operational and strategic
objectives. The optimisation of the DIGIT workforce must therefore be of highest priority.
Efforts will be made mainly in the following two focus areas:

 Recruitment & Vacancy Reduction

 Learning & Development

Recruitment & Vacancy Reduction

In optimising the use of its human capital, DIGIT must first and foremost maximise the use
of the relatively sparse establishment plan posts through the reduction of the DG’s high
vacancy rate. Actions to encourage this trend will include a close monitoring and
possible reallocation of idle vacant posts, a reduction of selection lead times, and
support to managers in swiftly and actively filling their vacancies, and making
optimal use of existing and forthcoming EPSO laureate lists in the field of IT. The DIGIT
HR Correspondent will collaborate closely with the relevant services in DG HR and the DIGIT
management team in implementing these measures.

Learning & Development

(7) Communication C(2017)2373 - Revision of the Internal Control Framework

14
With the rapid evolution of the IT landscape and job market, DIGIT cannot solely rely on
recruitment procedures in optimising its workforce. An equally crucial element is the
development of the skills and knowledge of its current staff. DIGIT therefore encourages
staff to make full use of the internal training catalogue and that managers support their
staff in identifying and filling learning gaps.

As announced by DG HR, 2023 will see a change in L&D budget allocation, with the
intended centralisation of local training budget. DIGIT’s HR Correspondent team will
continue to emphasise the need for external learning activities and associated local L&D
budget. Given the technical and specialised nature of our work, DIGIT staff often have to
rely on external learning to upskill and keep abreast of latest IT trends.

In terms of L&D priorities, DIGIT also focuses on management development and

professionalization. Especially junior managers are encouraged to participate in internal
development offers, complemented by targeted coaching and training support where
necessary.

Staff Engagement

Staff engagement measures the emotional connection of employees to their organisation

and is a key element in ensuring a satisfied and productive workforce. The main KPI
available to measure staff engagement in the EC is the bi-yearly Staff Survey, more
specifically the Staff Engagement Index (8), which for DIGIT has steadily increased over the
course of the past surveys (2016: 63%; 2018: 70%; 2021: 76%). As the most recent score
ranks among the highest in the EC, the realistic DIGIT target must be to maintain the score
at a high level. To this end, measures will focus on the following areas:

Internal Communication

In order to increase the visibility of DIGIT’s vacancies and to maximise our outreach to the
internal talent pool, a dedicated Vacancies Page has been created on DIGIT’s intranet, on
which all vacancies and calls for expression of interest will be published.

In the specific context of a possible reorganisation in DIGIT, it will be essential to ensure

that all HR-related information affecting staff and their work are timely disseminated via
adequate channels.

Follow-up of Staff Surveys

(8) One of the main satisfaction indicators of the Staff Survey, which takes into account a number
of key results related to emotional connection and commitment

15
Another key element to ensuring staff engagement is the follow up of the input given in the
regular staff surveys. To this end, DIGIT has analysed the results of the 2021 staff survey
in depth (9) to pinpoint areas for improvement of staff satisfaction, namely:

 Work-Life balance and flexible work environment

 Professional future: mobility and career prospects

While these topics are mainly linked to corporate policies (10), DIGIT is committed to ensure
sound implementation at local level.

Gender Equality and Diversity

Gender Equality and Diversity have been leading principles in DIGIT human resource
management in the past and will naturally continue to be in 2023. A central target linked to
this priority area of the Von der Leyen Commission is 50% female managers on all levels
by 2024. In DIGIT, this translated into the target of two additional first female
appointments to middle management by 2024. While the target has already been
surpassed in 2022, DIGIT will continue to facilitate the appointment of women to pre-
management roles of Team Leader, Head of Sector or Deputy Head of Unit as an effective
way to prepare for middle management positions. In line with the College decision on
measures to reach gender equality at all levels of management by the end of 2024, DIGIT
will work towards a quota of 50% female Deputy Heads of Unit. The internal (and external)
pool of female talent will be considered in any internal succession planning in middle
management. Further proactive efforts to this end include support through targeted
individual coaching packages and external trainings.

HR Management Culture

One of the main stakeholders and partners of the DIGIT HR Correspondent in implementing
the above HR priorities is the DIGIT Management Team. It is therefore crucial that DIGIT
managers embrace the high level of priority of a sound HR management to the functioning
of their operational work, their staff, and the DG as a whole. Some major guiding HR
principles for DIGIT management in this context include:

 Sound HR Administration:
o Swift publication of vacant posts with fit for purpose vacancy notices
o Keeping Job Descriptions in the unit up to date
o Ensuring business continuity at all times through adequate resource
planning and staff time management
 Support staff in identifying and reaching learning needs and goals (through
internal and external L&D activities)

(9) Staff Survey 2021 : DIGIT Results Analysis

(10) New Working Time Decision ; New HR Strategy

16
  Appraisal & Promotion: Fair, thorough, transparent and timely execution of the
exercises
 Equal treatment
 Communication: ensure that all relevant information (on HR related matters or
otherwise) is disseminated to staff in a thorough and timely matter

The DIGIT HR Correspondent will continue to provide managers with guidance and support
to uphold these principles, with a special focus on newly appointed managers.

DIGIT is strongly committed to exploit the potential that digital technologies can release for
building a more inclusive, equal and diverse workplace. Following the endorsement of
a DIGIT Equality Action Plan in 2021, in 2023 DIGIT will keep implementing new initiatives
for guaranteeing accessibility and user experience through adequate digital tools, delivering
on the key actions embedded in the DIGIT Equality Action Plan.

Objective: DIGIT employs a competent and engaged workforce and contributes to

gender equality at all levels of management to effectively deliver on the Commission’s
priorities and core business.
Main outputs in 2023:
Output Indicator Target
First female appointments to +2 first female appointments
middle management positions (since baseline)
Number and percentage of first
female appointments to middle
management positions.
Baseline: 01.02.2020

Staff engagement index in latest Maintain staff engagement index

staff survey above EC average
DIGIT staff engagement

Baseline: Staff Survey 2021, 76%

B. Sound financial management

DIGIT has set up internal control processes aimed at ensuring the adequate management
of the risks related to the legality and regularity of the underlying transactions,
taking into account the multiannual character of programmes as well as the nature of the
payments concerned. The objective remains to ensure that the DG has reasonable
assurance that the total amount of any financial operation authorised during the reporting
year which would not be in conformity with the applicable contractual or regulatory
provisions does not exceed 2% of the total expenditure. DIGIT also set up internal control
processes aimed at ensuring the adequate management of the risks relating to the
17
revenues of DIGIT which concern services provided internally to other Commission
departments and services, and those provided externally to other institutions, agencies and
bodies. This process consists essentially of a series of sub-processes such as delivery of
services, cost calculation and charge back.

Regarding the safeguarding of assets, DIGIT is the Commission’s ‘management centre’

(centre de gestion) for all IT equipment installed in the premises of the Commission in
Brussels, Luxembourg, Strasbourg and Dublin (Grange). The general policy is that all PCs,
laptops, screens, printers, photocopy machines, scanners, servers, network devices,
smartphones and tablets have to be in the inventory. All steps from ordering to
decommissioning of a good are recorded and managed through ABAC Assets modules.
ABAC Assets is linked with SAP for accounting purposes (valuation and depreciation). The
operational risks are limited as many inventory actions are automated.

Controls aim to safeguard the assets DIGIT purchases and manages on behalf of all the
DGs and services of the Commission, such as:

 Physical check of all assets and non-assets;

 Itemised checks when writing off obsolete, lost or damaged goods, as well as
ongoing registration in ABAC Assets of all logistical movements (deliveries, moves,
swaps, withdrawals, etc.);
 (In)tangible assets and inventories follow formal procedures for disposal of assets

Furthermore, a number of controls are in place to ensure the safeguarding of information.

In order to avoid sensitive information being “lost” (abused, made public) or its integrity
breached (data altered), DIGIT makes sure that internal rules on data protection in line with
Commission’s rules, and internal rules on treatment of sensitive information are met.

Objective: The authorising officer by delegation has reasonable assurance that

resources have been used in accordance with the principles of sound financial management
and that cost-effective controls are in place which give the necessary guarantees
concerning the legality and regularity of underlying transactions.
Main outputs in 2023:
Output Indicator Target
Effective controls: Legal and Risk at payment remains < 2 % of relevant
regular transactions expenditure
Estimated risk at closure remains < 2 % of relevant
expenditure

18
Output Indicator Target
Effective controls:
Safeguarded assets (In)tangible assets and inventories Ensure correct imputation in
follow formal procedures for accounting system and compliance
disposal of assets with regulatory provisions

Safeguarded information
Data breaches reported to the 100% data breaches reported
EDPS within the 72 hours deadline within the 72 hours deadline from
from detection detection

Efficient controls Timely payments remains 95% of payments (in

value) made on time

Economy of controls Overall estimated cost of controls remains < 1% of funds managed

C. Fraud risk management

DIGIT contributes to the implementation of the Commission Anti-Fraud Strategy (AFS),

notably as Lead DG for action 30 of the AFS action plan: “Regularly revise and update the
corporate IT security strategy and monitor its implementation. Optimise the systems of the
Commission and the executive agencies for secure operation of e-procurement, e-grants
and other channels of e-governance.” In 2023, DIGIT will participate in the process of the
revision of CAFS Action Plan, led by OLAF.

In addition, DIGIT implements its own anti-fraud strategy (AFS), which focuses on
measures to prevent fraud in its procurement activity, implementation of the contracts and
management of external service providers, which are considered as domains embedding
some fraud risks. DIGIT’s anti-fraud strategy covering the period 2022-2022 is currently
being revised, and the revision, for covering the next three years, is planned to conclude in
early 2023. The action plan accompanying DIGIT AFS will be reviewed accordingly, taking
the DG’s main fraud risks into consideration. The action plan will also be implemented and
updated as needed.

19
Objective: The risk of fraud is minimised through the application of effective anti-fraud
measures and the implementation of the Commission Anti-Fraud Strategy (CAFS) (11)
aimed at the prevention, detection and correction (12) of fraud.
Main outputs in 2023:
Output Indicator Target
Identify and assess fraud risk Update the risk register, Yearly completion
considering the risk of fraud
Raise fraud awareness Number of anti-fraud 1 session/year
training/information sessions
Strengthen fraud prevention in the Review that the preventive actions Yearly completion
procurement process have been followed
Strengthen ex post controls to Implement the ex-post controls Yearly completion
detect potential fraud procedure

D. Digital transformation and information management

As the central IT department, DIGIT has been the major driving force – in close
collaboration with other Horizontal Services ([1]) – of the digital transformation of the
Commission. DIGIT internal strategic priorities for 2023 are shaped on the several aspects
and enablers needed to advance in the digital transformation journey, in a public
administration as complex and diverse as the Commission, and are well reflected in the
first section of this Management Plan. Key initiatives planned for 2023 are well
aligned with the new corporate digital strategy, and they include the provision of up-
to-date digital solutions, the implementation of a reusable solutions platform, the
continuous improvement of the ‘digital workplace’ which modernises the Commission’s
working environment, the strengthening of a cyber-secure digital infrastructure exploiting
the benefits of private and public cloud, and the use of corporate data ecosystem for the
successful achievement of the Commission’s administrative and policy goals. DIGIT
remains the actual driver of the Commission’s digital transformation, and has the
precise task of monitoring and supporting the implementation of the new digital strategy at
corporate level. The State of Digital Commission Report – which DIGIT will prepare by
the first quarter of 2023 – will provide a first overview of the progress done at corporate
level in meeting relevant key performance indicators. An important novelty for 2023 will
also consist in the implementation of a central digital advisory function within DIGIT. It
aims to support Commission’s departments in the planning and implementation of their
Digital Transformation initiatives in line with the strategic objectives of the corporate digital
strategy and provides tailored and holistic advice and strengthens the collaboration

(11) Communication from the Commission ‘Commission Anti-Fraud Strategy: enhanced action to protect the EU
budget’, COM(2019) 196 of 29 April 2019 – ‘the CAFS Communication’ – and the accompanying action plan,
SWD(2019) 170 – ‘the CAFS Action Plan’.
(12) Correction of fraud is an umbrella term, which notably refers to the recovery of amounts unduly spent and
to administrative sanctions.
([1] DIGIT benefits from the close collaboration with SG and HR for the implementation of the ‘digital Commission’.

20
between Commission departments addressing similar needs and challenges. The
development of this new function will support DIGIT’s mandate to be the
strategic advisor to the Commission on digital matters.

Information Management: DIGIT is actively involved in the implementation of the data,

information and knowledge management strategy included in the Rolling Action Plan 2022-
2024 steered by the Information Management Steering Board. In fact, one specific
objective of DIGIT’s Strategic Plan is also partially covering this area, and relevant outputs
falling under this domain are listed in the output table linked to the Specific Objective #7.2
of the present Management Plan. DIGIT will also actively maintain the inventory of DIGIT
key data assets and the DIGIT data management process (roles and responsibilities).

Data Protection remains a crucial area of interest for DIGIT, in particular given the
implications related to the compliance of personal data processing when linked to the
acquisition of new software and IT products.

In 2023, priority will be given to the following actions which will support the enhanced level
of data protection compliance across the DG:

 Continuation of efforts to ensure DIGIT’s access to international IT services in

compliance with the Schrems-II requirements.
 Trainings/Awareness-raising: Review of material, inclusion of security-specific
aspects and organising sessions (probably VC).
 Creation of a wiki for easy access to informative material and templates, FAQ etc.
 After a general review of Service Level Agreements with other institutions, focus will
now be laid on Memoranda of Understanding with DGs/Services, as well as free-of-
charge services not systematically covered by an agreement.

Objective: DIGIT is using innovative, trusted digital solutions for better policy-shaping,
information management and administrative processes to forge a truly digitally
transformed, user-focused and data-driven Commission
Main outputs in 2023:
Output Indicator Target
Percentage of implementation of
Implementation of the corporate by 2023: 100% application of
the corporate principles for data
principles for data governance for corporate principles on 50% of
governance for DIGIT’s key data
DIGIT’s key data assets DIGIT datasets
assets

21
Output Indicator Target

Implementation of the new digital First State of Digital Commission

Availability of first State of Digital
strategy at corporate level – Report will be delivered by first
Commission Report
Delivery of first Digital quarter of 2023
Commission Report. It will provide
an overview of the digital Digital Strategy Annual Rolling
transformation journey by Preparation and monitoring of
action plan available by end 2023
focusing on progress achieved in a internal annual rolling action plan
and regularly updated
set of corporate-approved KPIs

Availability of a dashboard that

Dashboard available by first
regularly monitors progress of a
quarter of 2023.
set of KPIs

Creation of a new central digital

advisory function within DIGIT, to New digital advisory function is
Availability of a new digital
better support business needs of well established (following internal
advisory function in DIGIT
other DGs in digital matters. re-organisation) and running by
end of Q1 2023.

Number of sessions 12

Trainings and awareness raising

sessions on data protection within Percentage of DIGIT colleagues
DIGIT receiving a training/awareness
raising session (over 12 months)
20%

E. Sound environmental management

A crucial component of the Commission’s digitalisation process cannot be ignored: the

increasing use of digital technology has introduced considerable benefits and facilitated the
overall core business processes of the Commission, providing smarter solutions and
enabling new working features which were unthinkable until few years ago. ‘Green and
digital’ undergo a twin transition and they really are two faces of the same coin:
Information technology supports emission savings (if we look at the way digital documents
and processes are steadily replacing the use of paper and paper-based processes, for
instance), but at the same time, within IT itself further improvements are possible as well.
In this respect, the Commission has carefully considered the impact of digitalisation in
terms of carbon emissions, and DIGIT – as IT domain leader – is moving to enforce
more sustainable, environment-friendly solutions via its procurement practices to
contribute to the reduction of the institution’s environmental footprint. The new Digital
Strategy embeds green principles and reflect the conclusions of the recently-adopted
Communication on Greening of the Commission that aims at making the institution
carbon-neutral by 2030.

22
Objective: DG DIGIT takes account of its environmental impact in their actions and
actively promotes measures to reduce the related day-to-day impact of the administration
and its work, with the support their respective EMAS Correspondents/EMAS Site
Coordinators.
Main outputs in 2023:
I. More efficient use of resources (energy, water, paper):
Output Indicator Target (2019 as baseline, as
appropriate)
Priority action to support the Greening the Commission Communication and action plan
DIGIT’s premises located in L107
will be part of the following
Number of DG/service's buildings energy saving measures (centrally
Participation in corporate energy participating in: promoted by OIB, as the premises
saving actions, by closing down are shared with other DGs):
- end of year energy saving action
DG/service’s buildings during the - End of year energy saving
- summer energy saving action
Christmas and New Year’s / action
summer holiday period, and/or - optimisation of comfort hours - Summer energy saving
optimisation of the temperature in and/or comfort temperature action
EC buildings.
- Optimisation of comfort
hours and comfort
temperature

II. Reducing CO2, equivalent CO2 and other atmospheric emissions

Output Indicator Target (2019 as baseline)
Priority action to support the Greening the Commission Communication and action plan

23
Output Indicator Target (2019 as baseline)
DIGIT commits to sign the EC DG Signed the EC DG Travel Pledge DIGIT signed the Travel pledge in
Travel Pledge to reduce CO2 2022.
emissions deriving from
missions (13)

Reduce DG/service’s CO2

Analysis of DG/service’s missions CO2 (t) emissions from
emissions from missions
trends / patterns (based on DG/service’s missions
corporate EC-staff’s and experts'
professional trips (missions);

Optimise and gradually reduce

CO2 emissions (e.g. by reducing
At least 2 internal communication
the number of participants in the Promotion of more sustainable
campaigns addressing DIGIT staff
same mission, promoting more travel options via internal
on sustainable travel options
sustainable travelling options, communication channels
promoting videoconferencing/
virtual events as an alternative).
Other recommended actions
Staff awareness actions on digital Number of events organised At least 2 events per year, possibly
pollution and gradual change of involving 2 different DGs
behaviours avoiding heavy emails,
encouraging the use of ICT
platforms, avoiding unnecessary
storage of data.
III. Reducing and management of waste
Output Indicator Target (2019 as baseline)
Priority action to support the Greening the Commission Communication and action plan
Implementation of the EC % of green events 100%
Guidelines for sustainable
meetings and events, e.g.
sustainable catering,
reduce/eliminate single-use
plastics, gadgets/gifts.
Other recommended actions

(13) Important information: DIGIT is a ‘Trans-Ardennaise’ Directorate General, with a Headquarter in

Luxembourg and other central premises in Bruxelles. This means that by default some relevant missions
cannot be avoided (particularly at the level of Senior Management staff). Promoting actions such as car-
sharing, hybrid meetings and videoconferences will support the achievement of the pledge and thus the
actual reduction of CO2 emissions, as highlighted in the output table.

24
Output Indicator Target (2019 as baseline)
Staff awareness actions about % of staff informed/participated 100% of DIGIT staff informed via
waste reduction and sorting in the internal communication channels
framework of EMAS corporate
campaigns and/or staff awareness
actions about DG/service’s waste
generation in collaboration with
OIB/OIL where appropriate (for
example, promote and label the
waste sorting schemes in place).
IV. Promoting green public procurement (GPP)
Output Indicator Target
Priority action in line with the Greening the Commission Communication and action plan
Gradual introduction of GPP % of contracts with "green" Increase in the % of contracts with
criteria in (relevant) contracts and provisions "green" provisions when applicable
starting to monitor the process. (note: DIGIT contracts for the
purchase of IT equipment often
run for multiple years, therefore it
is only possible to change terms
and conditions of such contracts
when a new tender is open.)

F. Initiatives to improve economy and efficiency of financial and non-

financial activities

DIGIT’s Reusable Solutions Platform (RSP) is a good example of how the DG is

committed to improving economy and efficiency of operations at corporate level. The RSP is
one of the key features of a modern and digital Commission. It enriches the corporate
business architecture with a portfolio of reusable digital enablers; it goes hand in hand with
the principle of fostering reuse across the institution; and it ultimately allows the
Commission to benefit from corporate cost avoidance (namely, budget that each DG
would save by simply reusing a corporate solution that provides a certain capability, which
the DG should have otherwise bought). The RSP includes already a set of proven and robust
reusable building blocks (14) for identity management (EU-Login), for notification (Corporate
Notification Systems), for search (Corporate Search Service), for workflows (Compass
Corporate), for electronic signature (EU-Sign), etc. Four new reusable solutions were
implemented in 2022: Corporate e-Forms, Corporate Audit Trail, Corporate Speech-to-Text
and EU Captcha. The savings deriving from the implementation of RSP solutions at
the end of 2021 exceeded the expectations set and equal approximately EUR
20.75 Million (corresponding to the budget normally allocated to 173.2 Full Time
Equivalents). The cost avoidance expected for 2022 corresponds to 250 Full Time

(14) The full list of Reusable Solutions is accessible in the RSP Portal

25
Equivalents (detailed figures will be available in DIGIT’s Annual Activity Report 2022), and is
estimated to reach 300 FTEs by end of 2023.

26
ANNEX – Performance tables

General objective 7: A modern, high-performing and sustainable European Public

Administration
Specific objective 7.1: A portfolio of secure, state-of-the-art corporate digital
solutions developed in partnership supports the Commission’s political priorities
Main outputs in 2022:
Other important outputs
Output Indicator Target

- Registration of Affiliates Pilot Population registered by

end of Q2 2023
Co-delivery with PMO on the - General Practitioner digital
Digital Transformation attestations and automatic
reimbursement requests Launch a Pilot by end of 2023
programme in the domain of
Health Care Services
- Foster the digitalisation
of health services for
JSIS affiliates and their
family members by - Digital transfer of hospital
integrating JSIS to the invoices to JSIS in LUX
Belgium Healthcare
o PDFs only - manual By Q3 2023
Network (MyCareNet)
assignment to
- Integration of JSIS with beneficiaries
o Electronic data – By end of 2023
the National
automatic assignment
Healthcare Network in
of beneficiaires
Luxembourg

Co-delivery with HR, PMO and Preparatory phase completion

EPSO of the HR Transformation By end of 2023 (Wave 1 will
Programme phase 1 Wave 1 of implementation start with span between 2023 and 2024)
focus on the digital transformation:
- pre-selection,
- selection and
- recruitment
- HR Family Service Desk,

Full operationalisation of the HR By end of 2023

Domain architect office
Co-delivery with the SG in the
domain of document
management.
- Enhance integration of Number of information systems New major corporate
services offered by the integrated with the document information systems added to

27
 corporate document management platform through HRS the list of HRS clients in 2023.
management platform,
List of European Institutions which
- extend use of Additional EIs, among those the
adopted HAN as their document
Document management system European Council, have migrated
Management solutions to HAN platform before end of
to additional European 2023.
Institutions, including
the European Council,
Completion of the study on the future Deliverables of the study
- modernise and of Corporate Document Management presented to the management
standardise the Platform. before end of 2023.
solutions constituting
the platform

Co-delivery with the SG in the

domain of legislative lifecycle
management
- Modernise the user
experience of drafting New user interface and enhanced Completed by the end of 2023
legislation for the EC document repository for EdiT
and member states

- Continue the
integration of EdiT in 5 OLPs by end of 2023
Decide and extend the Number of OLP drafted under pilot
use of EdiT in drafting projects in EdiT/Decide
Ordinary Legislative By end of 2023
Proposals (OLP)

- Contribute to the
Digital Transformation Complete the solution design for the
led by SecGen future Decide architecture

Delivery according to the work-plan RSP wave 5 fully operational by

Design, deliver and manage the endorsed by the RSP Steering Q4 2023
Reusable Solutions Platform. Committee (ITCB).

Foster reuse through the Cost avoidance resulting from reuse of By December 2023, cost
Reusable Solution Platform RSP avoidance equivalent to 300
FTEs

28
General objective: A modern, high-performing and sustainable European Public
Administration
Specific objective 7.2: The Commission exploits the potential of data, information,
knowledge and content management for policy shaping communication, citizens
and staff engagement
Main outputs in 2023:
Other important outputs
Output Indicator Target
EC data ecosystem (DataStrategy@EC - EC data platform)
EC data ecosystem 2023 IMSB Rolling Action Plans 100% of 2023 DIGIT IMSB RAP
DataStrategy@EC deliverables: milestones deliverables produced
data platforms; data analytics;
data catalogue; data policies and 2023-2025 DataStrategy@EC Q2 2023
governance; data skills and Action Plan milestones
trainings. established

Q2 2023
2023 BI@EC action plan
miilestones established

AI@EC Communication released,

internal guidance for the ethical
Q2 2023
use of trustworthy AI systems
established.

Elaboration of the corporate

AI@EC action plan 2023
Q4 2023
EC data platform 2023 Data Platform milestones 2 releases of the data platform

Use of ready-to-use data 10% increase of the ready-to-use

environments by customers cloud data environment instances
implemented

Implementation of the ready-to- 1 ready-to-use data environment

use data environments on on sovereign cloud: 2023
sovereign cloud milestones realised

EC Collab – Single Integrated Framework for Collaboration

Single Integrated framework for Number of sites/groups/intranet 40% of MyIntracomm collaborative
Collaboration (EC Collab): toolset instances sites integrated/migrated/phased-
of corporate integrated integrated/migrated/phased-out out
collaborative solutions built
around M365
100% Connected groups
integrated/migrated/phased-out

29
Collaboration solutions (CIRCABC, Availability of collaboration Collaboration solutions SLA
Connected, Yammer, Wikis) solutions to staff and other users availability

Phase-out of Connected 100% phase-out implemented

Communication Platform (Intranet)
My IntraComm: development of Availability of MyIntraComm to MyIntraComm: SLA availability
the intranet platform and staff and other users
provision of technical support
(current MyIntracomm platform
based on SharePoint on Number of intranet instances Support provided to ensure at least
transitioned in the new intranet 5 DGs intranets transitioned
premises until it is phased out,
platform
and future new intranet
platform)
Availability of the new intranet Core functionalities of the new
platform intranet platform available
Europa Web Platform
Web Presence of the Availability of the Europa web Europa platform: SLA availability
Commission and EU Institutions presence
Corporate web supporting service:
SLA availability

Engagement Platforms and solutions

EU Survey: EC survey tool Availability of the service SLA availability target

95% critical issues solved

Number of critical issues solved

New features implemented

2 releases incorporating new
features
EU Academy Availability of the EU Academy SLA availability target
platform

Number of on-line training Increase according to business

courses provided owners target

Number of users Increase according to business

owner target
Data, information and knowledge management
IMSB Rolling Action Plans Number of IMSB monitoring DIGIT contributions to 2 IMSB
implementation - Monitoring report monitoring reports produced
Innovation

30
ICT innovation Use of ICT innovation framework Innovation framework in place
3 innovation initiatives registered

General objective: A modern, high-performing and sustainable European Public

Administration
Specific objective 7.3: A digital delivery model supports the Commission as a
world-class agile and collaborative ‘open administration’
Main outputs in 2023:
Other important outputs
Output Indicator Target

Establish a solid foundation for a Delivery according to the Mobile Actions for 2023 fully
corporate approach for Mobile Applications Action plan endorsed implemented by December 2023
Applications in the European by the ITCB
Commission.
Establish a solid foundation for a Delivery according to the action Actions for 2023 fully
corporate working culture based plan endorsed by Commission as implemented by December 2023
on open source principles (as part of the Open Source Strategy
described in the Open Source
Strategy)
Establish a solid foundation for a Number of initiatives which 4 initiatives by Q4 2023
corporate user experience (UX) received advisory services related
practice in the European to User Experience Practice
Commission across the Commission

Evolve the DIGIT catalogue of Number of initiatives which 3 initiatives by Q2 2023

services to align them with the received advisory services related
requirements of the Dual Pillar to ServiceNow and SAP
Approach
Improve the DevSecOps service to Number of DGs using the 2 DGs by Q4 2023
enable more DGs to fully DevSecOps Service
automate their software delivery
process (production faster, more
efficiently and with less costs)

Roll-out of a Strategic Portfolio SPM (Strategic Portfolio Q4/2023

Management) layer rolled out as
layer to improve the management
a corporate service, and linked
of large programmes
with Scale agile initiative
Provide advisory services for - Analysis of other DGs IT 2 DGs by Q4/2023
Digital inventories;
Transformation/Modernisation to - Provision of a tailored
other DGs roadmap that would
support the DGs to
increase the level of
maturity of their IT
solutions.

31
Output Indicator Target

Enrich DIGIT Service Catalogue Supporting Services published in Q2/2023

with advisory services for Digital DIGIT Service Catalogue.
Transformation/Modernisation
roadmap guidance

32
General objective: A modern, high-performing and sustainable European Public
Administration
Specific objective 7.4: A Commission resilient to ever evolving digital security
threats
Main outputs in 2023:
Other important outputs
Output Indicator Target
Awareness of staff regarding  Number of staff By Q4 2023:
cyber threats is increased through participated to the  At least 30% of staff
the Implementation of Cyber programme participated in Cyber
Aware Programme (the  Delivery of the phishing Aware training sessions
programme covers safe online exercises  4 phishing exercises
behaviour and safe use of digital
tools) Knowledge assessment score of Knowledge assessment score of
the Commission staff 85%
Internal customers are assisted in Availability of the new services
improving their IT security posture
through the creation of additional
IT security services:
Services (i, ii) available by Q2
I. Security Plan as a service 2023
II. Technical Compliance
Attestations Services (iii, iv) available by Q4
III. Security Design and IT 2023
Security Architecture
IV. IT Security Post-Incident –
Follow-Up &
Improvement
The status of IT security within Availability of 1 annual and 2 Annual 2022 report available by
European Commission is intermediate ITSRR reports Q1 2023
communicated, through 1 annual
and two intermediate IT Security 1st intermediate 2023 report
and Risk (ITSRR) reports. ITSRR available by Q2 2023
covers all Commission
2nd intermediate 2023 report
Departments and reflects several
available by Q4 2023
dimensions of maturity including
the compliance status.
Commission Departments that use Number of reports delivered per 2 reports per DG by Q4 2023
the c-LISO service are informed department
about the IT security threats, risks,
incidents and ongoing actions,
through tailored periodic reports.

33
Output Indicator Target
Commission cyber defences are Number of large-scale red team 3 exercises by Q4 2023
tested through a mature Red exercises, with at least one
Team service offering, which is distributed information system,
based on the relevant EC covering cloud and on-prem
framework and takes into account infrastructure
the evolving threat landscape.
The cybersecurity situational Combined indicator: Combined target:
awareness of the institution is (Number of EC cybersecurity (2 presentations of the EC
increased: by presenting the threat and incident landscape cybersecurity threat and incident
evolution of the cybersecurity presentations delivered to the DSF landscape delivered to the DSF
threat and incident landscape; and community, community in 2023,
by sharing the technical
knowledge and expertise of DIGIT Number of cybersecurity exercises 1 DIGIT cybersecurity exercise is
that are successfully realised in organised in 2023)
DIGIT)
The efficiency in the management Number of threat intelligence 2 cyber threat intelligence feeds
of threat intelligence information feeds that are consolidated with are consolidated with CERT-EU by
is improved by consolidating the CERT-EU Q4 2023
acquisition of cyber threat
intelligence feeds with CERT-EU
The corporate capability to Number of playbooks available on At least 2 cybersecurity incident
manage cybersecurity incidents is the SOAR platform for response playbooks are fully
reinforced through the cybersecurity incident response automated by Q4 2023
implementation of playbooks in
the security orchestration,
automation and response (SOAR)
platform
The protection of the endpoint Number of ESS service customers All production customer tenants of
devices is further reinforced that benefit from new detection the ESS service benefit from new
through the deployment of rules detection rules by Q4 2023
increased levels of cybersecurity
incident detection capabilities in
the Endpoint Security Solutions
(ESS) service of DIGIT
The maturity of the protection % of documented data sources* 33% of the data sources in the
offered by the corporate *the reference list of the data reference list is documented by Q4
cybersecurity capabilities is sources will be established by the 2023
reinforced through the end of 2022
identification and the
documentation of the on-premise
and of the cloud-based data
sources that are relevant to DIGIT
operational services. The
documentation will indicate how
and where these data sources are
collected and become searchable.

34
General objective 7: A modern, high-performing and sustainable Public
Administration
Specific objective 7.5: The Commission is a resilient public administration with a
performing digital infrastructure and a fit-for-purpose Digital Workplace (DWP)
Main outputs in 2022:
Other important outputs
Output Indicator Target
Cloud transformation – ensure Number of Information Systems 40 Information Systems migrated
future proofing of the operational onboarded into the Cloud to the Cloud Deployment Model.
foundation for Commission Deployment Model (CDM).
Information Systems, both existing
and future.
This comprises the onboarding of
DGs into the Cloud Deployment
Model (CDM) which is targeted for
release as a new corporate service
by end-2022.
Cloud adoption – increase Number of corporate hosting 5 corporate hosting services
availability of corporate hosting services delivered through the delivered using the Cloud
services founded on cloud delivery Cloud Deployment Model (CDM). Deployment Model.
principles.
This encompasses building and
sourcing of services both on-
premises and in the public cloud.
Cloud adoption – Data Integration Availability of corporate Data Use of corporate Data Integration
Services enabling migration to Integration Service as a proof-of- Service for two pilot use cases:
public cloud for systems requiring concept. (1) Access to data on
access to data across cloud premises from the public
providers, including access to on- cloud
premises data as well as (2) Migration of data from on
migration of data between cloud premises to the public
environments. cloud
Cloud security – availability of Number of cloud providers where Managed landing zone available
managed service for landing zone the managed landing zone service for the 2 most used cloud
to enhance security for public is available providers
cloud providers
Adaptation of Digital Workplace Continue shift to a new IT support Progressive adaptation of Digital
support to new ways of working: model with promoting alternative Workplace support to new ways
support channels, (walk -in IT of working – in line with OIB
Hubs, on-demand, self-service, buildings and office space policy
automation)

Maturing the IT butler service for IT Butler Service fully operational,

VVIPs increasing quality of VVIP
customer feedback
35
Output Indicator Target
Phase-out of legacy tools Service Now Proof of Concept for
operated at Front Desk tickets handling available Q1 with
(MyITsupport and Service full production in Q3
Management Tool)

Phase out of legacy tools for IT Proof of Concept for IT Asset

Asset Management (logistics Management available in Q1 with
services) full production in Q2

Further transformation of the on

premise/proximity support in line Continuous improvement in line
with the new ways of Working, with OIB buildings/office space
adapting IT support to Dynamic policy
Collaborative Spaces
At least 85 % user satisfaction (IT
Maintaining user satisfaction at Survey/flash surveys)
high level for all Digital Workplace
Services

36
General objective 2: A Europe fit for the digital age
Specific objective 2.1: The Commission implements its EU-wide policies through
high-quality, trusted, borderless digital public services that facilitate free flow of
data and boost the digital single market
Main outputs in 2023:
Other Important Outputs
Output Indicator Target
Design and pilot a Digital-ready Availability of a draft report Q4 2023
policymaking service: delivery of summarising the results of the
a draft report on pilot’s results pilot.
which include feedback on the
digital-ready checks methodology
Signature of the specific grant Q2 2023
Govtech Incubator agreement, under Digital Europe
for a budget of EUR 3 Million
Calls launched under the Digital Ultimate target date for launching
Implementation of Digital Europe
Programme - Interoperable Europe Europe Work Programme 2023- calls under DEP WP: Q4 2024
Strategy and support the 2024 – Interoperable Europe DEP programme implemented
implementation of Interoperable chapter (depending on actual adoption and
Europe Act availability of funds).
Cooperation with Member States Number of Expert Group meetings At least 3 by Q4 2023
central digital transformation called by Commission
offices in Government
Interoperability Expert Group
Initiatives linked to regulatory simplification and burden reduction
Output Indicator Target
( ) Regulation Interoperable
15 Agreement of the co-legislators Estimated Q1 2024
Europe Act - preparation for
adoption by EP and Council,
adoption of General Approach
External communication actions
Output Indicator Target
Organisation of SEMIC conference Number of participants SEMIC will be organised in the 2nd
half of 2023, to continue the
promotion and awareness raising
of semantic interoperability,
aiming at 300 participants.

(15) This initiative is linked to the Commission Work Programme 2022

37
 General objective 2: A Europe fit for the digital age
Specific objective 2.2: Trans-European systems deliver user-centric and reusable
digital solutions, supporting EU-wide public services
Main outputs in 2023:
Other important outputs
Output Indicator target
Portfolio of reusable solutions EU Building Blocks continue to By end of 2023:
and platforms of services in increase their offering and - Full EBSI service is in
Digital Trust domain, aimed to customer base across the EU production.
reduce cost and fast-track
implementation of information - EU Verify service offering is
available
systems across policy domains
- Launch OOTS common
in a Trans-European context, in
services platform by the
support of the Digital Europe
Programme (EU Building Blocks) legal deadline.

Increase EU Login, EU Access By end of 2023:

and EU Sign adoption across the Digital Identity@EU governance
EUIBA ecosystem structure is operational.
Digital Trust Services EU Login is officially provided as a
(Authentication, Authorization service to at least two EUIBAs.
and Signature services) for EC,
EU Institutions, Agencies and EU Sign signs up two new Connector
Bodies. customers.
EU Access onboards at least two
new applications.

Terrestrial secure Continue to provide TESTA Service infrastructure is maintained

communication network service services to the agreed service up-to-date to ensure that there is no
across public administrations level targets risk to the service
and EUIBA's: TESTA
Co-deliver with JUST on the Implementation of a new By Q4 2023
Company Law Mobility Directive message exchanges in line with
for the exchange of information legal obligations regarding
on mobility events across cross-border company
Members States business conversion, division and merging.
registers
Delivery of the Reporting By end of Q2 2023
Co-deliver with MOVE and EMSA
Interface Module allowing
the Reporting Interface Module
standardised and secured
(RIM) in the context of the
communication between
European Maritime Single
Maritime economic operators
Windows Environment
and Member States

38
Electronically signed on 23/01/2023 09:31 (UTC+01) in accordance with Article 11 of Commission Decision (EU) 2021/2121