Law on Management of State Information Resources


Published: 0000-00-00

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$20 per month, or Get a Day Pass for only USD$4.99.
 
 
Republic of Lithuania
Law on
MANAGEMENT OF STATE INFORMATION RESOURCES
 
15 December 2011 No XI-1807 Vilnius
CHAPTER I
GENERAL PROVISIONS
 
Article 1. Scope, Aim and Purpose of the Law
1. The aim of this Law shall be to ensure proper creation, management, disposal, use, supervision, interaction, planning, financing, and protection of the state information resources.
2. This Law shall establish:
1) types of the state information resources;
2) formation and implementation of the state information resources policy;
3) activities of the State Information Resources Management Council and authorised persons of data management;
4) rights, duties, and responsibility of the managers of registers and state information systems, administrators of registers and state information systems, natural and legal persons of the Republic of Lithuania, natural and legal persons of the EU member states and (or) European Economic Area states, entities not having the status of a legal person, their branches and representative offices providing data, information, documents and (or) their copies to and receiving it from the registers and state information systems;
5) main principles for creation and management of the state information resources;
6) planning of creation and management of the state information resources;
7) interaction platform of the state information resources;
8) assessment of management and protection of information technology tools used to process information managed by the institution while performing its statutory functions;
9) financing of expenses incurred during the creation, management and supervision of the state information resources.
3. This Law shall be applicable to the state institutions, state agencies, state enterprises, public establishments, which establish, create and (or) manage state registers (cadastres) (hereinafter referred to as a “state register“), departmental registers, state information systems and other information systems, are financed from the state budget, the State Social Insurance Fund budget, the Compulsory Health Insurance Fund budget and other state monetary funds, and are authorized to perform public administration in accordance with the procedure provided for in the Republic of Lithuania Law on Public Administration. Articles 8, 10, and 11 (with the exception of subparagraphs 2 and 3 of paragraph 3 of Article 11 of this Law), 1 paragraph of Article 12, Articles 13, 14, 30–37, 39–44 shall be applied to state and municipal institutions, municipal agencies and public establishments, which create other information technology tools used to process information managed by the state and municipal institutions, municipal agencies and public establishments performing functions set forth to them by legal acts, provided that expenses incurred while creating such information technology tools are financed from the state budget, the State Social Insurance Fund budget, the Compulsory Health Insurance Fund budget and other state monetary funds, or in case of processing information with information technology tools through the interaction of the state information systems or registers, it is necessary to receive data from the state information systems and (or) registers. Institutions, agencies and enterprises indicated in this paragraph shall hereinafter in this Law be referred to as institutions.
4. Institutions creating and managing information systems meant for internal administration shall be applied Article 3, paragraph 3 of Article 9, Article 10, subparagraphs 2 and 9 of paragraph 2 of Article 11, and Article 41.
5. Natural and legal persons of the EU member states and (or) European Economic Area states, entities not having the status of a legal person, their branches and representative offices providing data, information, documents and (or) their copies to and receiving it from the registers and state information systems shall be applied this Law in the same way as natural and legal persons of the Republic of Lithuania.
6. Personal data shall be processed in accordance with the Republic of Lithuania Law on Legal Protection of Personal Data (hereinafter referred to as the “Law on Legal Protection of Personal Data”).
7. State information resources regulated according to the special laws of the Republic of Lithuania and European Union legal acts shall be applied this Law to the extent the laws of the Republic of Lithuania and European Union legal acts do not provide otherwise.
8. This Law shall not be applied in cases when the state information resources are managed for the purposes of state security and defence, when it is necessary to safeguard the basic interests of the state security.
9. Prohibition of agreements regarding issuing exclusive rights is provided for in this Law in accordance with the European Union Directive referred to in the Annex to this Law.
 
Article 2. Definitions
1. E-government shall mean the part of public administration aimed at improvement of public administration processes by applying information and communication technologies.
2. Management of information, data, documents and (or) their copies shall mean any actions performed with information, data, documents and (or) their copies: collection, recording, accumulation, storage, protection, classification, grouping, connecting, changing (supplementation or correction), provision, publication, logical and other operations, search, destruction and (or) other actions.
3. The integral system of registers (hereinafter referred to as the system of registers) shall mean the totality of interconnected registers.
4. Classifier shall mean the systematized list of the register or state information system objects or their groups (classes) that includes the names of these objects or their groups (classes), codes made according to a certain structure and definitions of features.
5. Reuse shall mean the use of information by persons for commercial or non-commercial purposes.
6. Register shall mean the totality of legal, organisational, technical and software measures intended for the registration of the register object and register data, register information, documents submitted to the register and (or) management and use of their copies.
7.  Register data shall mean the data associated with the register object collected from the data, information, documents and (or) their copies submitted to the register for the object registration, supplemented with the identification code of the register object, data of the associated register, and data of the registration procedures.
8. Register information shall mean the information associated with the register object and collected from the data, information, documents and (or) their copies (with the exception of the register data) submitted to the register.
9. Register object shall mean a registered person, activity, item, location of the item, the right in rem, restriction of the right, legal fact, document, territory, natural resources, cultural property, intellectual (industrial) property, communication measure and (or) other object.
10. Registration of the register object shall mean the assessment of data, information, documents and (or) their copies submitted for the object registration, taking of the decision to register the object, granting the identification code to the object of the register, compilation and recording of the register data and register information into the register data basis, supplementing the register data and register information with the data of the registration procedures and the data transmitted by the associated register, and issuing of the document , if such document is to be issued, confirming the registration fact of the register object in the register according to the cases and procedure provided for in the legal acts.
11. Administrator of the register shall mean the legal person which according to the regulations of the register is authorised to register the register object, administrate the register data, register information, documents and (or) their copies submitted to the register and be responsible for the protection of the register data and register information.
12. Manager of the register shall mean the ministry or another state institution or state agency within which sphere of management or area of activity the register is assigned and which methodologically directs the administrator of the register and coordinates the functioning of the register.
13. State information system shall mean the totality of legal, organisational, technical and software measures processing information necessary for the state institution (institutions) or the state agency (agencies) to perform their functions provided for in the legal acts, except for internal administration.
14. Manager of the state information system shall mean the ministry or another state institution or state agency that identifies the aims of the state information system and manages the state information system.
15. Administrator of the state information system shall mean the legal person authorised according to the regulations of the state information system to manage the data of the state information system and be responsible for their protection.
16. State information resources shall mean the totality of information managed by the institutions in performing their functions provided for in the laws and information technologies measures for processing this information.
17. Management of the state information resources shall mean identification of the aims of the state information resources creation, management, and development, organisation and control of their management and supervision, organisation and supervision of the activity of civil servants and (or) persons working under employment or professional military service contracts and processing information, documents and (or) their copies with information technology tools.
18. Interaction of the state information systems or registers shall mean reciprocal operation of state information systems or registers, i.e. transmission and use of data.  
 
Article 3. Types of the state information resources
State information resources shall be:
1) state information resources of critical importance. They are made up of information important for the entire State processed by the state information systems and the main state registers and of the state information systems and the main state registers processing this information;
2) important state information resources. They are made up of information important for several institutions processed by the state information systems and state registers and of the state information systems and state registers processing this information;
3) state information resources of departmental importance. They are made up of information important for one institution processed by the state information systems and departmental registers and of the state information systems and departmental registers processing this information;
4) other state information resources. They are comprised of information managed by the institution when performing internal administration functions and processed by other information systems as well as the information system processing this information. The procedure of establishment, creation, modernization and liquidation of the information systems referred to in this subparagraph shall be established by the institutions authorized by the Government of the Republic of Lithuania (hereinafter - the Government).
 
CHAPTER II
SHAPING AND IMPLEMENTATION OF THE INFORMATION RESOURCES POLICY
 
Article 4. Government Competence
The Government shall:
1) define the priorities of the state information resources activities, development trends, performance targets and ways to achieve them;
2) determine improvement and development directions of information and communication technologies, recommended technical requirements (standards);
3) approve the description of information protection requirements, guidelines on the content of protection documents;
4) establish the importance evaluation procedure for the information indicated in paragraphs 1, 2, and 3 of Article 3 of this Law that comprises state information resources and approve the guidelines for the state information systems, registers and other information systems classification;
5) decide on a centralized purchase and application of information and communication technologies and (or) their services, grant the permission to an institution to perform the functions of the central contracting authority.
 
Article 5. Shaping of the state information resources policy
1. The state information resources policy shall be formulated by the Ministry of Transport and Communications of the Republic of Lithuania (hereinafter – the Ministry of Transport and Communications), Ministry of Justice of the Republic of Lithuania (hereinafter - the Ministry of Justice) and Ministry of the Interior of the Republic of Lithuania (hereinafter - the Ministry of the Interior) within their competence.
2. The Ministry of Transport and Communications shall form the state information resources development policy and within its competence shall:
1) prepare and submit proposals to the Government on the priority activities in the area of state information resources, development trends, intended results and ways to achieve them, directions for information technologies improvement and development, recommended technical specifications (standards);
2) coordinate shaping of the state information resources policy;
3) coordinate institutions’ interdepartmental actions in their process of state information resources policy implementation;
4) carry out other functions prescribed by the laws and other legal acts of the Republic of Lithuania.
3. The Ministry of Justice shall be responsible for the register policy shaping and within its competence:
1) coordinate draft laws and other legal acts of the Republic of Lithuania regulating legal basis of register establishment;
2) coordinate provisions of draft register regulations related to the register object, its registration, register data, register information, management of documents and (or) their copies submitted to the register;
3) consult register managers, register administrators and other institutions regarding establishment of the registers;
4) submit proposals regarding the expediency of register establishment;
5) carry out other functions prescribed by the laws and other legal acts of the Republic of Lithuania.
4. The Ministry of the Interior shall form the policy of state information resources protection and information technologies application in the areas of public administration (e-Government) and within its competence shall:
1) organize the assessment of information technologies management and protection;
2) collect and analyze information on the protection of the state information resources managed by institutions and funds used for that purpose, submit to the Government and institutions proposals on the state information resources protection and required funding for protection of state information resources, as well as more efficient use of them;
3) prepare information protection requirements, guidelines on the content of protection documents;
4) perform the supervision of the compliance with the protection requirements;
5) coordinate draft legal acts on the state information systems, register data and register information protection, draft documents on protection;
6) coordinate provisions of draft regulations on state information systems and registers related to data and information protection;
7) advise managers of the state information systems and registers, administrators of the state information systems and registers, other institutions on the issues of state information resources protection;
8) establish the criteria for the information importance assessment, state information systems, registers and other information systems classification according to the importance of information processed by them and the procedure for their attribution to the appropriate category;
9) carry out other functions prescribed by the laws and other legal acts of the Republic of Lithuania.
 
Article 6. Implementation of the state information resources policy
1. State information resources policy shall be implemented by the institution authorized by the Ministry of Transport and Communications and the State Data Protection Inspectorate.
2. The institution authorized by the Ministry of Transport and Communications shall be responsible for the functional compatibility, creation, management and development of state information resources and within its competence shall:
1) coordinate draft legal acts regulating establishment of state information systems, creation of state information systems and registers, functioning of state information systems and registers;
2) coordinate draft regulations of registers and state information systems, calendar schedules of register creation works, compliance of technical descriptions (specifications) with regulations, investment projects for creating and developing the registers technical and software tools;
3) plan disbursement of funds for state information resources development;
4) perform monitoring of establishment, creating and functioning of state information systems;
5) coordinate the processes of registers and state information systems creation and functioning, submit proposals regarding functionality of registers, state information systems and improvement of their interaction;
6) coordinate draft plans of information technologies development, collect and analyze information about the implementation of the plans, creation, development and management of information resources managed by the institutions, and the funds used for that purpose;
7) analyze the reports submitted in accordance with the procedure provided for in paragraph 6 of Article 19 and paragraph 3 of Article 31, submit summary information to the state information resources development policy making institution;
8) coordinate the creation of information technology tools allowing access to the state information resources;
9) analyse how the state information resources are used for state governance and public and administrative services provision, prepare and submit proposals in this regard;
10) consult the institutions regarding the issues of state information resources functional compatibility, development and management, managers of registers and state information systems, administrators of registers and state information systems, other institutions regarding the issues on establishment of state information systems, creation and functioning of registers and state information systems and registers system development, hardware and software maintenance and delegation of data processing functions;
11) carry out other functions prescribed by the laws and other legal acts of the Republic of Lithuania.
3. The State Data Protection Inspectorate shall be responsible for the implementation of personal data protection requirements and monitoring of the compliance with them, and within its competence shall:
1) coordinate draft laws and other legal acts of the Republic of Lithuania regulating legal basis for establishment of registers meant for processing personal data;
2) coordinate the draft laws and other legal acts of the Republic of Lithuania regulating establishment of state information systems meant for processing personal data;
3) coordinate draft regulations on registers and state information systems meant for processing personal data;
4) according to the procedure provided for by the Law on Legal Protection of Personal Data individuals examine complaints and reports, check the legitimacy of personal data processing in the registers and state information systems, and take decisions regarding violations of personal data processing;
5) consult managers of the registers and state information systems, administrators of the registers and state information systems, other legal and natural persons on the issues of personal data protection;
6) carry out other functions prescribed by the laws and other legal acts of the Republic of Lithuania.
 
CHAPTER III
STATE INFORMATION RESOURCES MANAGEMENT FUNCTIONS
 
Article 7. The State Information Resources Management Council
1. The State Information Resources Management Council shall be a collegial advisory body comprising representatives of the institutions formulating the state information resources policy, the Prime Minister's Office, the Office of the Seimas of the Republic of Lithuania (hereinafter referred to as Seimas), the Office of the President, the State Courts Administration, the Lithuanian Association of Local Authorities and other representatives, competent in the area of information and communications technologies. The number of members of the State Information Resources Management Council, its composition and rules of procedure shall be approved by the Government.
2. The State Information Resources Management Council shall:
1) prepare proposals and recommendations to the Government on the proposals submitted by the institutions formulating the state information resources policy regarding priority activities in the area of state information resources, development trends, intended results and ways to achieve them, directions for information technologies improvement and development, recommended technical specifications (standards), protection requirements, guidelines on the content of protection documents, establish the criteria for the information importance assessment, state information systems, registers and other information systems classification according to the importance of information processed by them and the procedure for their attribution to the appropriate category, centralized purchase and application of information technology tools, information and communication technologies and (or) their services, granting the right to an institution to perform the functions of the central contracting authority, other state information resources management and development issues;
2) perform other functions set by the Government.
3. The representative to the State Information Resources Management Council shall be appointed for a period of four years, however, can be replaced by the decision of the Government upon the receipt of a reasoned recommendation from the head of the appointing institution.
4. The State Information Resources Management Council shall be provided economic and technical service by the institution authorized by the Government.
5. The State Information Resources Management Council in carrying out their activities shall cooperate with social partners and experts in the field of the information and communication technologies.
 
Article 8. Authorised person for data management
1. Authorised person for data management shall be the head of a structural unit of the manager or the administrator of the state information system or register in charge of the institution functions provided for by the legal acts, and in case such a structural unit does not exist, the employee in charge of the institution functions provided for by the legal acts.
2. Authorised person for data management, in accordance with the information technologies development plan, other institution’s planning documents shall:
1) implement the development of the state information system, functionally independent component thereof (hereinafter - subsystem), register, or functionally independent component thereof;
2) directly supervise the development and management of the state information system, subsystem, register or its functionally independent component, installation of software, use of investments;
3) prepare draft budgets of the state information system or register;
4) ensure that the information, data, documents and (or) their copies are provided, disclosed and (or) transmitted in accordance with the requirements of legal acts;
5) submit proposals regarding rights and duties of the staff members that are assigned to manage data, information, documents and (or) their copies;
6) perform other functions prescribed by legal acts.
3. Authorised person for data management shall be appointed by the manager or administrator of the state information system or a register.  Authorised person for data management must be appointed for each register, state information system or its subsystem. Upon the decision of the manager or administrator of the state information system or register the same person can be appointed data management representative of several registers, state information systems or subsystems.
 
CHAPTER IV
PLANNING, CREATION AND MANAGEMENT OF THE STATE INFORMATION RESOURCES
 
SECTION ONE
GENERAL PROVISIONS
 
Article 9. Planning
1. The institution managing the state information resources of critical importance shall prepare a draft plan of information technologies development, which with regard to the planning documents approved by the Government or the Seimas, directions of information and communication technology improvement and development, and technical requirements (standards) provided for and recommended by the Government as well as upon coordination with other planning documents of the institution, sets objectives and tasks of creation and use of information technology tools intended for managing information, data, documents and (or) their copies, defines state information systems and registers to be created or modernized, priorities of their establishment and modernization, planned to be introduced electronic services, necessary financial and human resources, organizational and legal measures, qualification requirements for personnel, staff training needs, their activity organization and control.
2. Information technology development plan shall be a document covering the planning of not more than 3 years. The draft plan of information technology development shall be coordinated with the institution responsible for the functional compatibility of information resources, their creation, management and development in accordance with the procedure established by this institution. The plan of information technology development shall be approved by the head of the institution.
3. Institutions managing state information resources shall include the information specified in paragraph 1 of this Article in the draft strategic activity plan and annual activity plan prepared according to the procedure established by the Government.
4. Monitoring of the implementation of information technologies plans, creation, management, and development of information resources managed by institutions, monitoring of funds used for that purpose shall be carried out by the institution responsible for the functional compatibility of the state information resources, their creation, management and development.
Article 10. Principles
While creating and processing the state information resources, institutions in their activities shall be guided by the following principles:
1) information completeness, which means that institutions have sufficient information that enables them to carry out their functions;
2) exchange of information, which means that effective information communication is being developed between institutions, allowing the institution to have access to all state information resources in addressing management tasks and improving services to individual persons;
3) information fairness, which means that information, including internal administration information, processed by information technology tools, is true as long as it is not contested according to the procedure established by the laws of the Republic of Lithuania and the European Union legal acts;
4) planning, which means that establishment, creation, and management order, terms, financial and human resources and necessary legal, organizational, software and hardware tools related to the state information resources are planned;
5) information protection, which means that it is ensured that information, as well as internal administration information processed by information technology tools, is not illegally destroyed or altered, damaged, misappropriated, published, submitted or otherwise used;
6) technological neutrality, which means that there is no promoting or discrimination of the use of particular information technologies, as well as that their use is assessed in accordance with the functionality, protection, reliability, validity and performance criteria;
7) accessibility of state information resources, which means that the state information resources are created in a way that they are accessible to all individuals regardless of gender, race, nationality, language, origin, disability, social status, belief, convictions or views, age, sexual orientation, ethnic origin or religion;
8) openness of the information resources, which means that favourable conditions for natural and legal persons are created for re-use of information managed by the institutions when carrying out statutory functions independently of the natural and legal persons legitimate operating objectives and legal form thereof;
9) state resources functional compatibility, which means that information technology tools are designed in a way as to satisfy the needs of the institution functions performance and appropriate to provide services as to satisfy the needs of other institution functions performance;
10) convenient use, which means that natural and legal persons are ensured easy access to the electronic services provided, possibility to provide opinions and proposals for their improvement and receive answers.
 
Article 11. Rights and duties of an institution when creating and managing state information resources
1. When creating and managing the state information resources, an institution shall:
1) have the right to use the information managed by other institutions and information technology tools created to the extent necessary for carrying out statutory functions;
2) exercise the rights provided in other legal acts.
2. When creating and managing the state information resources, an institution must:
1) plan financial and human resources, technical, organizational, software and legal measures;
2) achieve that information, including internal administration information, is processed by state information systems, other information systems and registers;
3) plan creation and management of the state information resources in accordance with the procedure laid down in Article 9 of this Law;
4) describe information processed by information technology tools in the regulations of state information systems and registers;
5) seek functional compatibility of the state information resources;
6) collect from other sources and process information required for performance of the statutory functions only;
derive the required data primarily from the state information systems and registers and collect from other sources only the data that is not processed by other state information systems and registers, and, therefore, can not be obtained through the state information systems or registers interaction;
ensure required qualifications of the employees managing information, data, documents and (or) their copies;
seek that while creating the state information systems, other information systems and registers existing information technology solutions of other institutions would be re-used;
10) enable institutions, other natural and legal persons use its managed information in accordance with the conditions laid down in the legal acts and information delivery methods used by the institution, and gratuitously use available information technology solutions;
install only those hardware, software, legal and organizational tools that do not impose exclusive data provision conditions or unjustified restrictions reducing the possibilities of data use;
12) constantly record opinions of the information beneficiaries or users of electronic services and on the basis of the latter improve the managed information systems and (or) registers;
13) perform actions prescribed by other legal acts.
 
Article 12. Intellectual property rights
1. An institution, without prejudice to the copyright holder or third party intellectual property rights, shall be transferred according to the contract all copyright holder property rights to the commissioned software and prepared project documents, including but not limited to, the right for an indefinite period and at no extra cost use the software created for an institution, the right to create copies of the software, the right to modify and further develop the software created, the right to transfer the software to another technology platform, to issue rights to use this software to other institutions and third parties, the right to use and modify the source code (machine language source code) of the software created for it.
2. If in the commissioned software another software of the copyright holder or a third-party is used, which is integrated into the commissioned software, or otherwise associated with work orders, the author's economic rights to this software are granted to this institution such as it is necessary to allow proper use of the commissioned software.
3. The institution shall not have restrictions on the right to transfer maintenance and further development of the commissioned register or state information system software to another service supplier including access to source code tools.
4. Transfer of the author's economic rights to the created software, prepared design documents to the institution that commissioned to create the software and to develop design documents shall not restrict the transferor's rights, without separate consent, of the institution to further develop, improve and perform other necessary actions with the software created or design documents prepared, except the cases when the institution that ordered to create the software or prepare design documentation reasonably requires otherwise.
 
Article 13. Information technologies management
When managing information technologies (their setup, changes, activity continuity, operation problems, and other processes) it is recommended to consider methodological documents on information technologies services management approved by the institution responsible for state information resources functional compatibility , their creation, management and development, and prepared according to generally recognized national and international information technology standards or other equivalent documents.
 
Article 14. Assessment of information technology tools management and protection
1. When assessing management and protection of the state information systems which processes the institution’s managed information important for the entire state, and the main state registers, as well as state information systems and registers for the creation or modernization of which the amount of funding set by the Government or its authorized institution has been exceeded, the audit of information technologies is carried out at least once in a three years.
2. Information technologies audit shall be carried out by the certified information systems auditors of the universally recognized international organizations.
 
SECTION TWO
REGISTERS
 
Article 15. Registers system and general principles of registers interaction
1. The basis of the registers system shall be the main state registers, which process register data used in the associated registers. Registers combined into the registers system can use the data processed not only by the main state registers. Registers and data obtained from them shall be indicated in the register regulations. When establishing interaction between registers it is necessary to coordinate it with the manager of associated register, unless the manager of the register is the same ministry, state institution or state agency.
2. The basis of the register system functioning shall be registers interaction. Registers interaction shall be established in the register regulations and supported by the regulations of the associated register and procedure established by the register data provision agreements and conditions for transmitting and updating via electronic communications networks register data, encrypting the data received from the associated register using the object identifying code provided by that register.
3. The register data must be appropriate for using in other registers and state information systems, including registers and information systems managed by the European Union member states and (or) the European Economic Area countries.
4. It shall be prohibited for register administrator to collect and record into the register the data transmitted by the associated register from the primary sources or revise them in any other way. A register object registered in the register shall not be re-registered in other registers.
5. Register data and register information shall be deemed to be true as long as they are not contested according to the procedure provided for in the laws of the Republic of Lithuania and legal acts of the European Union.
6. The register administrator shall be responsible for ensuring that data from the register provided to the associated register corresponds with his administered register data.
7. The administrator of the register having noticed a mistake in the data received from the associated register shall report this immediately to the administrator of the register who submitted these register data; having considered the indicated shortcomings the administrator shall correct the erroneous register data according to the terms and procedure established in the register regulations and forward without delay the corrected register data to the associated registers and state information systems and inform the persons who were sent the erroneous register data.
8. Registries must use international and national classifications recognized in accordance with the procedure established in the legal acts. If recognized classifications necessary for register operation do not exist, specific classifications for that register shall be created. Created registers classifications shall be an integral part of the register data, therefore, they are transmitted to associated registers and state information systems, provided to persons together with the register data. Classifications shall be managed in accordance with the procedure established by the Government or an institution authorised by it.
9. When a stable natural or anthropogenic object on the land surface shall be registered, the object spatial data shall be accumulated and managed in the register. Spatial data shall be compiled and entered into the register by using data of the georeference basis cadastre.
 
Article 16. The main registers
The main registers shall be state registers registering:
1) legal entities;
2) residents;
3) real property and rights of ownership to it;
4) addresses of the objects, the geographic position of which does not change;
5) legal acts;
6) mortgage of rights in rem and property rights shall be registered.
Article 17. The basis for register establishment
1. Register shall be established when regulating social relations originating from execution of economic, social, law enforcement or other tasks, the fact of the register object registration is required in order to use it against a third party or initiate other legal consequences, if necessary.
2. When at least one of the following reasons exists, the state register shall be established:
1) the fact of the register object registration is required for regulating social relations indicated in Paragraph 1 of this Article at national level in the Republic of Lithuania;
2) register is a component of the state registers or information systems administered in the European Union Member States or the European Economic Area countries;
3) register data are necessary in exercising the statutory functions of the Republic of Lithuania state institutions and state agencies from several management areas.
3. When the register object registration fact is necessary in exercising the statutory functions of one management area of the Republic of Lithuania state institutions and public bodies, the departmental register shall be established.
 
Article 18. Register establishment
1. The legal basis for the state register establishment shall be provided for in the general law of the Republic of Lithuania regulating a separate public life area that shall define the state register to be established, the registered object (objects), the state register manager, authorization to the Government to appoint the state register administrator (administrators) and (or) other information associated to the state register to be established, or the European Union legal act. The legal basis for the establishment of the state register can be defined in a separate law of the Republic of Lithuania when the regulation of the activities of the register requires establishment of a special legal regulation or adoption of specific legal rules related to provision of data, information, documents and (or) their copies for object registration, this register object registration, rights and duties of persons providing data, information, documents and (or) their copies set in the legal acts (hereinafter - the provider) to this register, persons receiving the data from this register, the register information, documents and (or) their copies submitted to the register (hereinafter - the recipient), rights and duties of this register manager and this register administrator, management of this register data and information, documents and (or) their copies submitted to the register, procedures and (or) restrictions of their transmission to associated registers and state information systems and provision to recipients.
2. Register regulations shall be approved and starting date of the register activity shall be set by the Government, except the cases when a departmental register is being established by a state institution or state agency that is not accountable to the Government (hereinafter - institution or agency not accountable to the Government). When a departmental register is being established by an institution or agency not accountable to the Government, this institution or agency shall approve the departmental register regulations and set the starting date of the departmental register activity.
3. Register regulations shall specify register purpose, its object (objects), register manager register administrator (administrators), their rights and duties, register data, register information, management of the register documents and (or) their copies, interaction of the register with the associated register (associated registers), protection of register data and register information, conditions and procedure of register information and data reuse, funding of the register and other information set out by the Government. Draft register regulations shall be prepared and coordinated in accordance with the procedure set by the Government. The register regulations on data protection shall contain register category, set according to the guidelines on the state information systems, registers and other information systems classification approved by the Government, information protection objectives, priority areas for protection ensuring and other information related to the established register. Draft register regulations shall be prepared, coordinated and approved in accordance with the procedure set by the Government.
4. State register regulations shall be approved within one year after the entry into force of the Republic of Lithuania law or European Union legal act establishing the legal basis for register establishment, unless these legal acts specify another term. The register shall be considered established from the moment of the approval of the register regulations.
5. The register manager must notify the administrator of the Registers and State Information Systems Register about the approved register regulations in accordance with the procedure provided for in the Regulations of Registers and State Information Systems Register.
 
Article 19. Registers creation
1. Register creation shall be started when the Government or institution or agency not accountable to the Government approves the register regulations and sets up the starting date of the register activity.
2. Register creation shall be organized, creation process shall be monitored, and register creation performance shall be assessed by the register manager. Register administrator and (or) supplier selected (appointed) according to the procedure provided for in the legal acts which may be authorized by the register manager to process the data during the register creation period shall create the register and install the software. The register creator must ensure the safety of the data processed according to the procedure provided for in the laws and other legal acts of the Republic of Lithuania.
3. According to the register regulations, the register technical description (specification) shall be drawn up. Register technical description (specification) and other design documents shall be prepared, coordinated and approved in accordance with the procedure set by the Government and methodology approved by the institution responsible for the state information resources functional interaction, their creation, management and development. The register installation documents and other design documents, with exception of register technical description (specification), shall be confidential and disclosed only in the case if the laws or other legal acts of the Republic of Lithuania require to disclose information contained therein.
4. The register shall be created pursuant to the register technical description (specification), other design and security documents. The register may have functionally independent components for providing electronic services and developing register activities only.
5. The register or its functionally independent components corresponding to the requirements set in the register regulations, design documents and security documents shall be considered developed and shall be validated when the register manager approves the certificate of acceptance and suitability for use of the register or its functionally independent component.
6. The register manager shall prepare progress reports of the state register creation and submit them to the institution responsible for the state information resources functional interaction, their creation, management and development.
7. The register shall be developed and validated before the starting date of the register activity.
8. The register manager shall notify the administrator of the Registers and State Information Systems Register about the technical description (specification) and approved acceptance and suitability for use certificate  in accordance with the procedure of set in the regulations of the Registers and State Information Systems Register.
9. Only validated register or its functionally independent component shall be used.
 
Article 20. Reorganisation of the registers
1. The register shall be reorganized by merging, splitting the registers, by changing the register manager and (or) register administrator, by restructuring the state register into the departmental register or the departmental register into the state register.
2. The register shall be reorganized when, considering the register reorganization basis, provisions embedded in the law of the Republic of Lithuania or European Union legal act regulating the legal basis of the register establishment and related to the register to be reorganized are changed respectively.
3. The register reorganization order shall be established by the Government or departmental register manager in case the departmental register was established by the institution not accountable to the Government.
4. When reorganizing the register, register reorganization end date, rights and duties of the register manager and register administrator during the reorganization period, legal acts to be amended, procedure and terms of the transfer of register data, register information, documents and (or) their copies, validity of the documents and (or) their copies issued by the register, notification procedure of suppliers and recipients, measures ensuring registration continuity of the register object in the register and (or) other register reorganization conditions shall be set.
5. If during the register reorganization the register manager or register administrator is changed, the register reorganization shall be performed by the newly appointed register manager or register administrator.
6. The register manager or his authorized register administrator not later than within five working days after the enforcement of the legal act providing for the register reorganization procedure shall notify the manager of the Registers and State Information Systems Register about the adopted legal act in accordance with the procedure set in the regulations of the Registers and State Information Systems Register.
 
Article 21. Liquidation of the registers
1. The register shall be liquidated when the register establishment basis ceases to exist.
2. After the legal basis of register establishment ceases to exist, the register liquidation order shall be set up by the Government or departmental register manager when the departmental register was established by the institution not accountable to the Government.
3. When liquidating the register, register liquidation end date, transfer procedure of register data, register information, documents and (or) their copies to the state archives or another register or security and (or) destruction measures and terms of the mentioned data, information and documents and (or) their copies, legal acts to be amended, suppliers and recipients notification procedure and (or) other register liquidation measures shall be established. Transfer procedure of the register data, register information, register documents and (or) their copies to the state archives or their destruction measures and terms shall be set in accordance with the Republic of Lithuania Law on Documents and Archives (hereinafter referred to as the Law on Documents and Archives) and the procedure set by the Chief Archivist of Lithuania.
4. Information about the liquidated register shall be published on the websites of the register manager and register administrator.
5. The register shall be liquidated until the set register liquidation date. The register manager or his authorized register administrator not later than within five working days after the enforcement of the legal act providing for the register liquidation procedure shall notify the administrator of the Registers and State Information Systems Register about the adopted legal act in accordance with the procedure set in the regulations of the Registers and State Information Systems Register.
 
Article 22. Registers and State Information Systems Register
1. The Registers and State Information Systems Register shall be a state register.
2. Registers and state information systems shall be registered, data about their establishment, creation, reorganisation or modernisation, liquidation and functioning shall be processed in the Registers and State Information Systems Register.
3. The register data shall be processed according to the procedure set in the regulations of the Registers and State Information Systems Register.
4. The Ministry of Transport and Communications shall be the manger of the Registers and State Information Systems Register. The administrator of the Registers and State Information Systems Register shall be appointed by the Government.
 
Article 23. Appointment of the register manager and register administrator
1. The register manager shall be appointed by the law of the Republic of Lithuania laying down the legal basis of register establishment and the register administrator (administrators) shall be appointed by the legal act adopted by the Government and approving the state register regulations. The register manager shall be appointed by the legal act adopted by the Government and approving regulations of the state register where the establishment of the state register is provided for by the European Union legal act. The manager and the administrator (administrators) of the departmental register shall be appointed by the legal act by which the departmental register regulations are approved.
2. The manager of the state register shall be appointed the ministry or state institution or state agency not accountable to the ministry, another legal person, if its manager is the allocations manager. When the ministry is appointed the manager of the state register, state institution or state agency accountable to the ministry, another legal person which owner’s rights and duties are realized by the ministry may be appointed the administrator of the state register. When the state institution or state agency not accountable to the ministry, another legal person is appointed the manager of the state register, it may be appointed the state register administrator as well. The manager of the departmental register shall be appointed the ministry, another state institution or state agency.  The administrator of the departmental register may be appointed another state institution or state agency, or another legal person accountable to the register manager. The ministry may be appointed the state or departmental register administrator only in cases provided for in the laws of the Republic of Lithuania and for the set period of time.
 
Article 24. Rights and duties of the register manager and register administrator
1. The register manager shall methodologically govern the register administrator and coordinate functioning of the register.
2. The register manager shall have:
1) the right to prepare and adopt legal acts associated to the management of register data, register information, documents and (or) their copies submitted to the register, security of register data and register information;
2) the right to solve register development issues;
the right to transfer to the service provider provided for in Article 41 this law the maintenance of the register hardware and software and (or) management functions of the register data, register information, documents and (or) their copies submitted to the register, except functions associated to decisions on the register object registration, decisions on register information, register documents and (or) their copies provision and transfer, and establishment of rights and duties of persons who manage the register data, register information, register documents and (or) their copies;
4) other rights set in the register regulations and other legal acts.
3. The register manager must:
1) coordinate work of the register administrator and service provider provided for in Article 41 of this law, supervise their activities according to the set procedure;
2) perform supervision of compliance with the security requirements of register data and register information;
3) plan the annual register budget, monitor its performance;
4) consider the register administrator’s proposals regarding improvement of register activity performance and decide on them;
5) ensure that the register is maintained pursuant to this law, register regulations and other legal acts;
6) provide information about the register activities;
7) perform other actions set in the register regulations and other legal acts.
4. The register administrator shall register the register object (objects), manage the register data, register information, documents and (or) their copies submitted to the register and is responsible for the protection of register data and register information.
5. The register administrator shall have:
1) the right to require from the suppliers provided for in paragraph 1 of Article 18 of this Law that data, information, documents and (or) their copies submitted by them would be properly written, timely submitted, and would correspond to the data of the associated register;
2) the right to prepare and implement the plans of creating and developing register technical and software tools, investment projects;
3) other rights set in the register regulations and other legal acts.
6. The register administrator must:
1) establish the deadline for suppliers provided for in paragraph 1 of Article 18 of this Law to eliminate the shortcomings, if it identifies that the register data, information, documents and (or) their copies are inaccurate or do not meet the requirements provided for in the legal acts;
2) establish principles and procedures for register work organization;
ensure continuous register operation;
4) ensure that the register data and registry information correspond to the data given in the documents submitted to the register administrator;
5) ensure that the register data would be constantly updated;
6) ensure that false, inaccurate, incomplete register data and register information would be immediately corrected, updated or supplemented;
7) ensure that recipients who were provided incorrect, inaccurate, incomplete register data, register information, documents and (or) their copies submitted to the register would be informed about rectification of inaccuracies;
8) ensure that the register is maintained pursuant to register regulations and other legal acts;
9) perform other actions set in the register regulations and other legal acts.
7. If personal data is processed in the register, the register manager shall be the personal data manager and the register administrator shall be the personal data administrator as well.
 
Article 25. Register object registration
1. The register object shall be registered, when the register data and register information are recorded in the register database and the register object identification code is granted.
2. Register data and registry information shall be recorded, modified, or deleted from the registry based on the data, information, documents and (or) their copies submitted for register object registration, registry data and (or) register information modification or register object removal from the register. After the register object removal from the register, register data, register information, register documents and (or) their copies shall be kept in the register for the period specified in the register regulations.
3. According to the procedure established by the Republic of Lithuania Law on Fees and Charges a state fee may be collected for the register object registration (when the register administrator registering the register object is a state institution or agency) or a charge set by the Government (when the register administrator registering the register object is a state enterprise).
4. When calculating a charge for the register object registration, administrative expenses together with a reasonable return on investment must be considered. The charge amount must be based on the work time consumed for the registration procedure by the staff registering the object, return on investment into the implementation of information technologies solutions used and expenditure incurred from the use of these information technologies solutions.
 
Article 26. Use of register data, register information, documents and (or) their copies submitted to the register
1. The recipient must use the received register data, register information, documents and (or) their copies for legitimate and clearly defined goals only.
2. Personal data of natural persons shall be used in accordance with the Law on Legal Protection of Personal Data.
3. Recipients having received the register data, register information, documents and (or) their copies submitted to the register may use them only for that purpose, to such extent and that way which were indicated upon the receipt. Received register data, register information, register documents and (or) their copies shall be provided to third parties in accordance with the procedure established in the register regulations. This provision shall not be applied when natural and legal persons use the register data concerning them.
4. The registry data and registry information used by the recipients must comply with the data and information of the register in which the register object is registered.
5. The recipient may not change the data obtained from the registry and the registry information and must indicate the data source when using them.
6. In order to avoid unfair competition, the register administrators and service providers provided for in Article 41 of this Law who are engaged in commercial activities according to the procedure provided for in the legal acts, for the legitimate performance of which register data, register information, register documents and (or) their copies are used, shall receive the managed and associated register data, register information, documents and (or) their copies under the same conditions as other recipients.
 
Article 27. Provision and transfer of register data, register information, documents and (or) their copies submitted to the register
1. The register data, register information, documents and (or) their copies submitted to the register shall be public and, depending on the register establishment objectives, according to the procedure provided for in the laws of the Republic of Lithuania, European Union legal acts and (or) register regulations, shall be transferred through the state information systems or registers interaction to the associated registers and state information systems, provided to the recipients, if the laws of the Republic of Lithuania or European Union legal acts do not provide otherwise. Personal data of natural persons shall be transmitted to the associated registers and state information systems and provided to the recipients in accordance with the Law on Legal Protection of Personal Data.
2. The register administrator may:
1) transfer the extracts from the register and extracts from the register database covering all register data and (or) register information stored in the register database or part of it, and changes of register data and (or) register information;
2) issue certificates prepared according to the register data and register information attesting the legal facts, extracts and other documents prepared according to the register data and register information;
3) provide summarised, systematised or otherwise processed information prepared according to the register data or register information;
4) provide documents and (or) their copies submitted by the register supplier.
3. Extracts, certificates, other documents and (or) their copies, information may be:
1) provided for review through the authorised access on Internet or other electronic communications networks;
2) transmitted automatically through electronic communication networks;
3) provided in writing, orally, and (or) by the electronic means of communication;
4) provided in other ways provided for in the laws of the Republic of Lithuania, the European Union legal acts and (or) regulations of the registry.
4. The register administrator and persons provided for in paragraph 7 of this Article acting under the agreement for exclusive rights only shall have the right to provide extracts, certificates, other documents and their copies.
5. According to the request of the recipient, register data and register information, except for personal data submitted in accordance with the conditions set in the Law on Legal Protection of Personal Data, shall be submitted for persons using the register data and register information in order to provide information services to a third party in an extract from the database and (or) a register extract. This extract must comply with the agreement specified in paragraph 8 of this Article between the register administrator and the recipient. This agreement shall cover registry database and (or) a register extract format, content and payment procedure.
6. Register data, register information, register documents and their copies transmission to associated registers and state information systems, provision to recipients may be restricted only in accordance with the Republic of Lithuania laws and (or) European Union legal acts. Register data, register information, register documents and (or) their copies transmission to associated registers and state information systems, provision to recipients may be restricted only in accordance with the Republic of Lithuania laws and (or) European Union legal acts, if this adversely affects or can affect:
1) state security or defence;
investigation of an offense, criminal offense or administrative offense;
public policy;
state control and supervision;
state economic, social, law enforcement or other interests;
protection of data subject or another person's rights and freedoms.
7. It shall be prohibited to conclude agreements with the Republic of Lithuania natural and legal persons, the European Union member states and (or) the European Economic Area countries natural and legal persons, entities not possessing the status of a legal person, their branches and representative offices regarding the exclusive rights to provide register data, register information, documents and (or) their copies submitted to the register, and (or) use them, except when it is necessary to conclude the agreements regarding provision of public and (or) administrative services. Granting of exclusive rights should be periodically reviewed at least every three years. Agreements on granting exclusive rights and review of these agreements should be transparent and information about them must be made public on the website of the register administrator.
8. Register data shall be transmitted to the associated registers and state information systems according to the agreements concluded by the register administrators or register administrator and the state information system manager, except the cases when the register administrators or register administrator and the state information system manager are the same legal entity. The register data, register information, documents and (or) their copies submitted to the recipients granted the right to receive them in accordance with the Republic of Lithuania laws and (or) other legal acts shall be provided them in accordance with the agreements concluded by the register administrator and the recipient (when the data are provided in multiple cases), or applications (when the data are provided once).
9. The register shall provide the data transmitted by the associated register together with its own data and according to the procedure set in the register’s regulations only.
 
Article 28. Provision of the register data, register information, documents and (or) their copies submitted to the register to other states
1. Register data, register information, documents and (or) their copies submitted to the register shall be provided to the European Union member states and (or) the European Economic Area states natural persons, legal entities, entities not possessing the status of a legal person, their branches and representative offices according to the same procedure as the natural persons and legal entities of the Republic of Lithuania.
2. Register data, register information, documents and (or) their copies submitted to the register shall be provided to the third countries natural persons, legal entities, entities not possessing the status of a legal person, their branches and representative offices according to the same procedure as the natural persons and legal entities of the Republic of Lithuania, if this does not contradict the laws of the Republic of Lithuania, international agreements and other legal acts.
 
Article 29. Charge for provision and transfer of register data, register information, documents and (or) their copies submitted to the register
1. The register data, register information, documents and (or) their copies submitted to the register shall be provided for a charge, except for the exemptions provided for in this law and other laws of the Republic of Lithuania, European Union legal acts and the register regulations.
2. The data and information from the register in which legal acts are registered shall be provided free of charge, except derogations stipulated in the legal acts of the Republic of Lithuania.
3. Register data, register information, register documents and (or) their copies free of charge shall be:
1) once a year according to the request provided to natural persons, when data about these persons are processed in the register;
2) transmitted to the associated registers, state information systems according to the agreements, except for the derogation stipulated in paragraph 8 of Article 27 of this Law;
3) submitted to the tax administration, law enforcement institutions and courts when exercising the statutory functions in accordance with the application and (or) agreement.
4. Expenses incurred by the register administrator due to the preparation, provision and transmission of extracts, certificates and other documents, copies of documents and (or) information to the associated registers, state information systems, tax administration, law enforcement institutions and courts shall be financed from the state budget funds allocated to this register administrator and (or) other sources of funding provided for in the legal acts.
5. The charge amount and payment procedure for provision of register data information, documents and (or) their copies submitted to the register and evaluation principles of register administration expenses and return on investment indicated in paragraph 6 of this Article shall be established by the Government. In cases when register data, register information, register documents and (or) their copies are submitted under the Republic of Lithuania laws, other legal acts to the persons who are entitled to receive them and have the purpose to provide information services to the third parties according to the register data, register information, documents and (or) their copies submitted to the register, the Government shall set a different procedure of charge amount evaluation.
6. The charge for provision of register data, register information, documents and (or) their copies submitted to the register shall not exceed the register administration costs together with the reasonable return on investments. The charge amount should be based on the fixed costs of the register administrator and differentiated considering the amount of register data, register information, register documents and (or) number of copies and information technology solutions used.
7. The charge amount for provision of register data, register information, documents and (or) their copies submitted to the register shall be approved by the Government or the manager of the departmental register, when the departmental register was established by the institution not accountable to the Government. The charge amount shall be made public on the website of the register administrator.
 
SECTION THREE
STATE INFORMATION SYSTEMS
 
Article 30. Establishment of the state information systems
1. An institution shall establish a state information system with a view to process information necessary to perform the statutory functions, except internal administration, by the information technology tools. In cases when the state information system is being established, which is planned to process information relevant for the entire state or several institutions, or if, before the establishment of the state information system it is not entirely clear which statutory functions of an institution can be computerized, or when creating or developing the state information system it is planned to exceed the funds limit approved by the Government or the authorized institution, the institution shall prepare a feasibility study, in which objectives and necessity of the state information system are identified, the institution statutory functions planned to be computerized are defined and investment, financing sources are assessed, potential benefit from the state information system is described, the state information system creation method is selected, control stages of the creation of the state information system are set and other relative information on the state information system to be established is given. The feasibility study shall be prepared in accordance with the methodology approved by the institution responsible for the functional compatibility, creation, management and development of the state information resources.
2. When establishing state information system, the institution shall prepare the draft state information system regulations and draft state information system data protection regulations. Draft state information system regulations shall be prepared, coordinated and approved in accordance with the procedure set by the Government. Draft state information system data protection regulations shall be prepared, coordinated and approved in accordance with the procedure set by the Government.
3. Draft  state information system regulations shall indicate the objectives, tasks of the state information system, the manager of the state information system, administrator (administrators) of the state information system, interaction with other state information systems and registers, data planned to be received from them and other information describing the state information system to be established, the information describing data and information re-use conditions and procedures. Draft state information system data protection regulations shall contain the state information system category set according to the guidelines on classification of the state information systems, registers and other information systems  approved by the Government, information security objectives, priority areas for ensuring security and other information related to the state information system to be established.
4. The state information system shall be considered established from the approval of state information system regulations.
 
Article 31. Creation of the state information systems
1. The creation of the state information system shall be started after the approval of the state information system regulations. The state information system creation is organized and supervised by the state information system manager. The state information system shall be created and the software shall be installed by the state information system administrator and (or) the supplier which is selected (appointed) according to the procedure provided for in the legal acts and which may be granted the right by the state information system manager to process data during the state information system creation period. The creator of the state information system must ensure protection of the data processed according to the procedure provided for in the laws and other legal acts of the Republic of Lithuania.
2. The state information system shall be created according to the creation method indicated in the technical description (specification) of the state information system. The creation method of the state information system shall be selected in accordance with the methodology approved by the institution responsible for the functional compatibility, creation, management and development of the state information resources. The state information system technical description (specification) and other design documents shall be prepared, coordinated and approved in accordance with procedure established by the Government and methodology approved by the institution responsible for the functional compatibility, creation, management and development of the state information resources. The state information system installation documents and other design documents, except the state information system technical description (specification) shall be confidential and disclosed only in case laws or other legal acts of the Republic of Lithuania require to disclosure the information contained therein.
3. Manager of the state information systems shall prepare progress reports on establishment of the state information system, which is planned to process information important for the entire state or several institutions, and submit them to the institution responsible for the functional compatibility of the state information resources, their creation, management and development.
4. During the creation of the state information system, the manager of the information system shall have the right via the state information systems or registers interaction to receive data from other state information systems and registers indicated in the regulations of the state information system according to the procedures provided for in the Republic of Lithuania laws and other legal acts.
5. The state information system or its subsystem corresponding to the requirements of the regulations of the state information system, design documents and protection documents, shall be considered created and validated after the manager of the state information system or its subsystem signs the acceptance and suitability for use certificate.
6. Only validated state information system or its subsystem shall be used.
 
Article 32. Modernization and liquidation of the state information systems
1. The state information system shall be modernized when the institution’s statutory functions change and the information necessary for their execution is processed by the state information system or during the use of the state information system additional information processing needs originate that essentially change the implemented information processing processes. The state information system shall be liquidated, when the statutory functions for performance of which the state information system was established are abolished.
2. The state information system manager shall take the decision to modernize or liquidate the state information system. When modernizing the state information system, provisions of paragraphs 2 and 3 of Article 30 and Article 31 shall apply mutatis mutandis. When liquidating the state information system, rights and duties of the state information system manager and the state information system administrator, the legal acts to be amended, the procedure of data transfer to other public information systems or state archives, tools and terms of data destruction, notification procedure of institutions continuously providing data from other state information systems, registers (hereinafter – the data suppliers), institutions, other persons receiving data of the state information system (hereinafter - the data recipients) and other liquidation conditions shall be set for the liquidation period of the state information system.
3. When liquidating the state information system, which processes information important for the entire state or several institutions, the data collected in it may not be destroyed except for the cases provided for in the Republic of Lithuania laws or European Union legal acts, and must be transferred to another state information system or state archives in accordance with the Law on Documents and Archives.
 
Article 33. Appointment of the state information system manager and state information system administrator
1. The state information system manager and the state information system administrator (administrators) shall be appointed by a legal act approving the state information system regulations.
2. The managers of the state information systems by which information important for the entire state or several institutions is processed may be institutions which managers are allocation managers. The institution appointed the state information system manager may also be the state information system administrator.
 
Article 34. Rights and duties of the state information system manager and state information system administrator
1. The state information system manager shall methodologically direct the state information system administrator and coordinate functioning of the state information system.
2. The state information system manager shall have:
1) the right to prepare and adopt legal acts relating to the data management and data protection;
2) to solve the issues of the state information system development;
3) the right to transfer to the service provider provided for in Article 41 of this Law the functions of the state information system hardware and software maintenance and (or) information management, except the functions related to the decisions on the provision and publishing of information, and the adoption of the rights and duties set for persons managing the information;
4) other rights provided for in the regulations of the state information system and other legal acts.
3. The state information system manager must:
1) coordinate work of the state information system administrator and service provider referred to in Article 41 of this Law, perform their monitoring according to the set procedure;
2) perform supervision of compliance with the data security requirements;
3) examine proposals of the state information system administrator on the improvement of the state information system performance and decide on them;
4) ensure that the state information system would be handled in accordance with this Law, regulations of the state information system and other legal acts;
5) perform other actions provided for in the regulations of the state information system and other legal acts.
4. The state information system manager shall manage the data and be responsible for their safety.
5. The state information system administrator shall have:
1) the right to require from data suppliers to submit their data in a proper and timely manner;
2) the right to prepare and implement the plans of hardware and software tools creation and development, investment projects;
3) other rights provided for in the regulations of the state information system and other legal acts.
6. The state information system administrator must:
1) ensure that the data are correct, accurate, comprehensive and constantly updated;
2) ensure that incorrect, inaccurate, incomplete data would be immediately corrected, updated or supplemented;
3) protect data against accidental or unlawful destruction, alteration, disclosure, and also from any other unlawful processing;
4) establish and implement measures minimizing data disclosure and loss risk and ensuring lost data recovery and data protection against counterfeiting;
5) ensure that register data are appropriate for using in other registers and state information systems, including registers and information systems managed by the European Union member states and (or) the European Economic Area countries;
6) ensure that the state information system operates continuously;
7) ensure that data provided to the recipients comply with their data processed;
8) ensure that data recipients who were provided incorrect, inaccurate, incomplete data would be immediately informed about the inaccuracies corrected;
9) set the time limit for the data supplier to correct deficiencies, if he determines that the data are inaccurate or do not meet the statutory requirements;
10) determine organization principles and procedures of data processing;
11) when engaged in commercial activities according to the procedure provided for in the legal acts, for the performance of which the data processed in the state information system are legitimately used, receive the said data under the same conditions as other recipients;
12) ensure that data would be processed in accordance with the regulations of the state information system and other legal acts;
13) perform other actions provided for in the regulations of the state information system and other legal acts.
5. It shall be prohibited for the state information system administrator to collect and record into the state information system the data transmitted by the associated register from the primary sources or revise them in any other way.
6. If personal data are managed in the state information system, the state information system manager shall be a personal data manager, and the state information system administrator shall be a personal data administrator.
 
Article 35. Information transmission to other natural and legal persons
1. Information managed by the institution shall be public and shall be submitted to institutions and other legal and natural persons according to the procedure provided for in the laws of the Republic of Lithuania, European Union legal acts and (or) other legal acts  if the laws of the Republic of Lithuania and the European Union legal acts do not provide otherwise. Personal data of natural persons shall be submitted in accordance with the Law on Legal Protection of Personal Data.
2. When information is provided once it shall be submitted to the requesting authority or another legal or natural person upon request, stating the legal basis for the requested information submission and receipt, its purpose of use, way of submission, volume, ways of receipt, format of the data submitted.
3. When information is submitted several times, it shall be submitted to the requesting institution or another legal or natural person according to the agreement, which defines amount of information to be submitted, legal basis for the requested information submission and receipt, its purpose of use, ways of information submission, format of the data submitted, deadlines for submission, procedure and terms of informing about error correction, procedure for changing the contract.
4. Information to the requesting institution or another legal or natural person shall be submitted usually in the same form and content, which are already used in the institution and does not require additional data processing. In cases when the information is usually provided in the form or content that do not meet the needs of the requesting institution or the requesting authority does not have technical capacities to process incoming data properly, also in cases when the usually provided information does not meet the needs of other legal or natural persons who most often ask for such information and seek to re-use it, the information providing institution shall create the necessary additional measures.
5. The data obtained from an institution may not be changed and their source must identified when using the data. The data obtained from an institution may be submitted to third parties who are entitled to receive data only for that purpose, to such an extent and in such a way that were foreseen when receiving them, and only if such data transmission to third parties was stated in the request submitted or agreement.
6. Submission of information to institutions and other legal or natural persons may be limited only by the Republic of Lithuania laws and (or) European Union legal acts. Information submission may be limited if at least one of the legal grounds provided for in paragraph 6 of Article 27 of this Law exists.
7. It shall be prohibited to conclude agreements with the natural and legal persons of the Republic of Lithuania , natural and legal persons of the European Union member states and (or) the European Economic Area countries, entities not possessing the status of a legal person, their branches and representative offices regarding the exclusive rights to provide data and (or) use them, except when it is necessary to conclude the agreements regarding provision of public and (or) administrative services. Granting of exclusive rights should be periodically reviewed at least every three years. Agreements on granting exclusive rights and review of these agreements should be transparent and information about them must be made public on the website of an institution.
8. Information managed by an institution that is processed by the state information systems shall be submitted to the natural and legal persons of the European Union member states and (or) the European Economic Area states, entities not possessing the status of a legal person, their branches and representative offices according to the same procedure as to the natural and legal persons of the Republic of Lithuania. Information managed by an institution that is processed by the state information systems shall be provided to natural and legal persons of the third countries, entities not possessing the status of a legal person, their branches and representative offices according to the same procedure as to the legal and natural persons of the Republic of Lithuania, if this does not contradict the laws of the Republic of Lithuania, the international agreements and other legal acts.
 
Article 36. Ways of information provision
1. Considering the submitted application, the institution shall create a possibility to access its managed information through authorised access on Internet or other electronic communication networks, automatically transmit data by electronic communication networks, as well as provide the institutions managed information in written, oral form, and (or) by electronic means of communication.
2. When providing the data, it shall be forbidden for the institution to require acquisition of a special paid software. The recommended data reporting formats and standards ensuring interaction of state information systems or registers and their application shall be established by the institution responsible for the functional interaction, creation, management and development of the state information resources.
 
Article 37. Information disclosure
1. The institution shall disclose on its website the information about its managed information, terms and conditions for the use of this information. In cases when pursuant to the laws of the Republic of Lithuania and other legal acts institution shall not continue to process, update, provide or publish its managed information, it shall announce about the aforementioned on its website no later than two months in advance.
2. Information files containing information necessary for ensuring the publicity of the institution's activities, as well as information files, regarding which persons usually enquire and which contain information considered to be public according to the laws of the Republic of Lithuania and the European Union legal acts shall be published on the institution’s website according to the procedure provided for in the legal acts of the Republic of Lithuania.
3. When information files containing information managed by the institution that is important for the entire state or several institutions are published on the institution's website and the Republic of Lithuania laws and (or) other legal acts provide for special conditions of the use of such information, the institution shall establish electronic authorisation, which includes the terms of use of such information files that must be followed. Such information files shall be provided to persons after their electronically expressed consent with the terms of the electronic authorisation.
 
Article 38. Fees for information provision
1. Information processed by the state information systems shall be provided to the applying institutions, other legal or natural persons free of charge if the Republic of Lithuania laws or the European Union legal acts do not provide otherwise.
2. Any costs incurred in the result of preparation of information referred to in paragraph 1 of this Article and data provision free of charge to institutions, other legal and natural persons shall be financed from the state budget funds, the state social insurance fund budget or compulsory health insurance fund budget and other state monetary funds allocated to the institution providing the information.
3. When calculating the fee for information provision, the amount calculation and payment procedure set by the Government for the provision of register data information, register documents and (or) their copies referred to in paragraph 5 of Article 29 of this Law shall be applied mutatis mutandis.
4. The charge amount for the provision of information processed by the state information systems shall be approved by the state information systems manager. The fee amount for the provision of information processed by the state information systems shall be made public on the state information systems manager’s website.
 
CHAPTER FOUR
PLATFORM OF STATE INFORMATION RESOURCES INTERACTION AND SERVICES PROVIDED BY THE ADMINISTRATOR OF STATE INFORMATION RESOURCES INTERACTION PLATFORM
 
Article 39.   The state information resources interaction platform
1. The state information resources interaction platform shall be the state information system, the purpose of which shall be to ensure access for persons to public and administrative services provided by the institutions according to “single-window” principle and provide to the institutions services referred to in paragraph 1 of Article 40. The institution responsible for the functional compatibility of the state information resources, their creation, management and development shall establish the state information resources interaction platform, manage it and appoint its administrator.
2. Access to the services provided by the state information resources interaction platform shall be given through a single access point, namely, the services portal of the state information resources interaction platform (hereinafter referred to as “portal").
3. Portal access to institution public and administrative electronic services shall be provided to persons according to the purpose of public and administrative electronic services to residents, business and institutions, regardless of which authorities provide these services.
4. Institutions providing public and administrative electronic services must ensure the availability of these services through the portal of the state information resources interaction platform in accordance with the platform manager’s arrangements and measures.
5. The manager of the state information resources interaction platform must ensure the proper mode of services provision of the state information resources interaction platform and continuity of the platform activity.
 
Article 40.  Services provided by the administrator of the state information resources interaction platform
1. Seeking to achieve the state information resources functional, technical and semantic compatibility, the administrator of the state information resources interaction platform shall by using the state information resources interoperability platform provide to institutions the following services:
1) data exchange between the institutions;
2) person identification in electronic space;
3) payment of state fees or other charges for the provision of public and administrative services;
4) other services indicated in the regulations of the state information resources interaction platform.
2.  Using other information and communication technology tools of general use the manager of the state information resources interaction platform shall provide the services of recovery of the operation of the backup information technology tools, workstation implementation, data backup, testing environment extension and other services of information technology tools of general use set by the Government. The procedure for using the services and payment for the services shall be laid down by the Government. The list of services shall be made public on the website of the manager of the state information resources interaction platform.
3. When processing state information resources, institutions must use the services referred to in paragraphs 1 and 2 of this Article. These services shall be provided according to the mutual agreement of the institution and the manager or his authorised administrator of the state information resources interaction platform. Institutions shall be prohibited from using allocations from the state budget, the State Social Insurance Fund budget, the Compulsory Health Insurance Fund budget and other state monetary funds  for re-developing information technology tools or acquiring information technology solution for services or purchase the services if they are provided pursuant to paragraphs 1 and 2 of this Article, unless the manager of the state information resources interaction platform submits according to the Government established procedure the conclusion coordinated with the institution that they are unable to provide services of requested scope and conditions.
 
SECTION FIVE
TRANSFER OF FUNCTIONS OF HARDWARE AND SOFTWARE MAINTENANCE AND DATA, INFORMATION, DOCUMENTS AND (OR) THEIR COPIES MANAGEMENT
 
Article 41. Transfer of functions of hardware and software maintenance and data, information, documents and (or) their copies management
1. Functions of the register or state information system hardware and software maintenance and (or) data, information, documents and (or) their copies management, except functions related to decisions on information submission and its publication, register object  registration, register data, register information, register documents and (or) their copies submission and acceptance of transmission, defining the rights and duties of persons managing data, information, documents and (or) their copies may be transferred to a person or group of persons (hereinafter - service provider) selected (designated) according to the procedure provided for in the Republic of Lithuania Law on Public Procurement (hereinafter - the Law on Public Procurement) or other legal acts. If personal data are processed in the state information system the service provider shall be the personal data administrator.
 
2. The manager of the register or state information system or the register or state information system administrator authorized by him shall enter into a written service purchase agreement, which in addition to the requirements of the Law on Public Procurement shall establish the following requirements for:
1) provision of additional services not related directly to the provided hardware and software maintenance service;
2) security and confidentiality of the information managed by the institution;
3) responsibility of the institution and the service provider who concluded the agreement;
4) intercommunication of the institution and the service provider who concluded the agreement;
5) audit and other control of hardware and software maintenance service provision;
6) examination of contingency cases.
3. When determining the requirements provided for in paragraph 2 of this Article, it shall be recommended to follow the generally recognized, accepted and published standards of standards organizations and standards institutions.
4. Provisions of this article shall be applied mutatis mutandis to the transfer of other information systems hardware and software maintenance and (or) data management functions.
 
Article 42.  Requirements for the performance of hardware and software maintenance and data management functions
1. The person fulfilling the functions of the register or the state information system hardware and software maintenance and data, information and documents and (or) their copies management may not be previously convicted for the offence against electronic data and information systems security and may not have any administrative penalty imposed for unlawful processing of personal data and privacy violation in the field of electronic communications, violation of the rules for the use and allocation of the electronic communication resources, damage of the electronic communications network or arbitrary access to the network or terminal equipment, which hinder the work of the electronic communication network, arbitrary access or violation of the terms and rules for the installation, use and security of the electronic communication infrastructure, if after the imposition of the penalty has passed less than one year.
2. These requirements shall also be applied to the service provider referred to in paragraph 1 of Article 41 of this Law and the authorised person for security referred to in Article 44 of this Law.
 
CHAPTER V
SECURITY OF THE STATE INFORMATION RESOURCES
 
Article 43. Security of the state information resources
1. When managing the state information resources, it shall be compulsory to implement security measures meant to ensure data and information accuracy and to protect them and register documents and (or) their copies from accidental or unlawful destruction, alteration, damage, disclosure, misappropriation, publication, submission or other use, as well as from any other unlawful processing.
2. In order to ensure safety of the state information resources in accordance with the general safety requirements for electronic information approved by the Government, the state information system or register security documents shall be prepared, coordinated and approved. The manager of the register or state information system may approve all general security documents of the registers and state information systems falling under its management. When organizing the state information resources security, it shall be recommended to follow the standards adopted and published by the recognized standards organizations and standards institutions.
3. The state information system manager and the state information system administrator shall be responsible for information security within their competence. The register manager and the register administrator shall be responsible for the register data and information security within their competence. Administrators of the register or state information systems must ensure the necessary administrative, technical and organizational data security measures and compliance with these measures in accordance with safety regulations and other safety documents.
4. Employees managing data, information, documents and (or) their copies must commit to keep data and information secret. Commitment to keep secrecy shall apply after the termination of activities related to the management of data, information, documents and (or) their copies.
5. Security of natural persons‘ personal data shall be ensured in accordance with the Law on Legal Protection of Personal Data.
6. Data between institutions shall be submitted via secure electronic communication networks. The Government shall establish security level requirements for the electronic communication network.
 
Article 44. Authorised person for security
1. A staff member responsible for implementation of safety requirements and fulfilment of other functions provided for by the legal acts shall be appointed authorised person for security .
2. The authorised person for security shall be appointed by the legal act approving the register or the state information system security regulations, or the register or the state information system manager authorises the register or the state information system administrator to appoint the authorised person for security. The authorised person for security may be appointed to several registers, state information systems or subsystems. The authorised person for safety and the authorised person for data management referred to in Article 8 of this Law may be the same person.
3. The authorised person for security shall perform the functions provided for in the register or the state information system security regulations and other legal acts.
 
CHAPTER VI
FINANCING OF EXPENSES INCURRED DURING THE CREATION, MANAGEMENT AND MONITORING OF THE STATE INFORMATION RESOURCES
 
Article 45. Sources of financing
Costs incurred when preparing for register and state information system establishment, developing, managing and maintaining the registers and state information systems, executing other activities related to the state information resources may be funded from the state budget (including the European Union funds), the State Social Insurance Fund budget, Mandatory Health Insurance Fund budget and other state monetary funds, other financing sources provided for in the legal acts of the Republic of Lithuania, funds received for the services provided. In cases when expenses are financed from other funds provided for in the legal acts of the Republic of Lithuania, the institution shall immediately inform about such used funds the institution responsible for the functional interaction of the state information resources, their creation, management and development. In determining the specific financing sources and procedures, the purpose of the register and the state information system, their exploitation possibilities shall be considered, and the most appropriate and economically beneficial method of financing shall be chosen.
 
Article 46. Financing of expenses incurred during the creation, management and monitoring of the state information resources
1. Funds allocated for preparation of the register and the state information system development shall be used for:
1) preparation of the feasibility study;
2) preparation of the draft regulations of the register and the state information system.
2. Funds allocated for the development of the register and the state information system shall be used for:
1) preparation of specification and other design documentation;
2) designing;
3) acquisition of application software, testing, installation and upgrading;
4) acquisition of hardware necessary for the functioning of the register and (or) state information system and software for its management;
5) training of staff assigned to process the data.
3. Funds allocated for the management and maintenance of the register and the state information system shall be used for:
1) data management;
2) administration of the register and the state information system;
3) maintenance and modification of hardware and software;
4) assessment of management and security measures;
5) training of staff processing information by information technology tools.
 
CHAPTER VII
FINAL PROVISIONS
 
Article 47. Liability for Violation of this Law
Persons in violation of this Law shall be held liable under the laws of the Republic of Lithuania.
 
Article 48. Entry into Force and Implementation of the Law
1. This Law, except for Article 13 and paragraphs 3 and 4 of this Article, shall enter into force on 1 January 2012.
2. Article 13 of this Law shall enter into force on 1 January 2013.
3. By 31 December 2011, the Government and other institutions shall draft and approve legal acts necessary for the implementation of this Law.
4. The institution responsible for the state information resources functional interaction, their creation, management and development shall prepare and approve methodological documents of the national and international information technology standards or other comparable methodological documents and information technologies application methodological documents by 31 December 2012.
 
Article 49. Repeal of Laws
Upon entry into force of this Law, the following legal acts shall become invalid:
1) Republic of Lithuania Law on State Registers (Official Gazette, 1996, No 86-2043);
2) Republic of Lithuania Law Supplementing the Law on State Registers with Article 51(Official Gazette, 2000, No. 47-1345);
3) Republic of Lithuania Law Amending the Law on State Registers (Official Gazette, 2004, No 124-4488  
4) Republic of Lithuania Law Amending Article 17 of the Law on State Registers (Official Gazette, 2009, No. 141-6204).
 
Article 50. Application of paragraph 1 of Article 12, Article 17, paragraphs 1 and 2 of Article 18, paragraph 1 of Article 22, Article 23, paragraph 3 of Article 40
1. Paragraph 1 of Article 12, Article 17, paragraphs 1 and 2 of Article 18, paragraph 1 of Article 22, Article 23, paragraph 3 of Article 40 of this Law shall be applied to the registers established after the entry into force of this Law.
2. Paragraph 3 of Article 40 of this Law shall be applied to the information technology tools created or information technologies solutions or services purchased after the entry into force of this Law.
 
I promulgate this Law passed by the Seimas of the Republic of Lithuania.
 
PRESIDENT OF THE REPUBLIC                                      DALIA GRYBAUSKAITĖ
                                                                                   Annex to
Republic of Lithuania                                                                                     Law on Management of
State Information Resources
 
 
EUROPEAN UNION LEGAL ACTS IMPLEMENTED BY THIS LAW
 
1. Directive 2003/98/EC of the European Parliament and of the Council of 17 November 2003 on the re-use of public sector information (OJ 2004 special edition, Chapter 13, Volume 32, p. 701).