Regulations
The regulatory framework governing the development of public software, including key references to guide technical and design decisions.
The Governing Principles
Software development for the public administration is governed by European and national regulations that define common rules and obligations.
In Italy, these provisions are incorporated into the Digital Administration Code (CAD) and other laws governing the use of technology in the public administration. Guidelines, directives, and technical standards adopted by the relevant agencies, including the Agency for Digital Italy (AgID), specify how these regulations must be applied in the design and development of digital services.
Comparative Evaluation
Before developing software from scratch or purchasing proprietary solutions, public administrations must check whether open-source or reusable solutions are already available. The decision must be supported by a technical and economic assessment.
Reuse and Open Source
Software developed for the public administration must be released under an open license and made available for reuse. The source code and documentation must be published on accessible public platforms so that they can be reused and adapted by other government agencies.
Interoperability
Public administration information systems must be designed to communicate with one another. They must adopt reuse and open-source strategies, enable the secure exchange of data, and integrate with national infrastructures.
Accessibility
Public administration websites, mobile applications, and digital services must be designed and developed so that they are accessible to everyone, without discrimination, providing a full and satisfying experience, regardless of any disabilities that may require the use of assistive technologies or specific system configurations.
Privacy by Design
The protection of personal data must be built into the design of the digital service from the outset and by default. The collection, management, storage, and access to data must comply with the principles of data minimization, security, and purpose limitation. Compliance with privacy regulations is a responsibility that also affects architectural and functional decisions.
Cybersecurity by Design
Cybersecurity must be integrated from the very beginning of a digital service’s design and throughout the entire software lifecycle. It is not a final check, but rather an ongoing process that encompasses design, development, vulnerability management, and incident response.