Government Decision No. 211 din 03.04.

2019 on the
Interoperability Platform (MConnect)

[google translate]

HGO211 / 2019
Unique internal ID: 379993 The record of the legal document
Версия на русском

Republic of Moldova

GOVERNMENT

DECISION No. 211

of 03.04.2019

regarding the interoperability platform (MConnect)

Published: 12.04.2019 in the Official Gazette no. 132-138 art Nr: 254 Entry into force:
12.05.2019

Pursuant to art. 6 paragraph (1) and (2) of Law no. 142/2018 regarding data exchange and
interoperability (Official Gazette of the Republic of Moldova, 2018, no. 295-308, art. 452),
the Government DECIDES:
1. The Regulation on the use of the interoperability platform (MConnect) is approved
(attached).
2. Establish:
1) the interoperability platform (MConnect), owned by the state, as a technical solution to
ensure the exchange of data between the information systems owned by the participants in the
data exchange, in accordance with Law no. 142/2018 on data exchange and interoperability;
2) governmental electronic data access service (MAccess), state-owned, part of the
interoperability platform (MConnect).
3. The public institution "Electronic Governance Agency" is designated as the holder and
holder of the interoperability platform (MConnect) and competent authority for ensuring data
exchange and interoperability (hereinafter - competent authority ), in accordance with Law
no. 142/2018 on data exchange and interoperability.
4. The public authorities and institutions, the autonomous administrative authorities, the
central administrative authorities subordinate to the Government and the organizational
structures within their area of competence (the subordinate administrative authorities,
including the deconcentrated and subordinated public services, as well as the public
institutions in which the ministry, the Chancellery, State or other central administrative
authority has the status of founder), who hold state information systems, as well as legal
persons under private law who, on behalf of public authorities and institutions, manage or
hold state information systems:
1) if they have not integrated the information systems they have with the interoperability
platform (MConnect), within 6 months from the date of entry into force of this decision, they
will identify the data exchange flows that need to be realized through the platform, they will
elaborate and approve plans to connect to it, after coordination with the competent authority;
2) will integrate, on behalf of their own financial means, the information systems they have
with the interoperability platform (MConnect), according to the connection plans coordinated
with the competent authority;
3) in case of necessity, they will plan financial means necessary for the integration of the
information systems they have with the interoperability platform (MConnect), for the
development and technical maintenance of the data supply or consumption services,
according to the respective connection plans;
4) will terminate the bilateral agreements / contracts concluded directly with the holders of
data sources, which have as their object the provision / consumption of data, from the
moment of the exchange of data through the interoperability platform (MConnect), with the
exceptions established by law;
5) will ensure the maintenance of the connection made and of the necessary infrastructure,
according to the provisions of the normative framework regarding data exchange and
interoperability;
6) will review the regulatory framework related to the process of providing services to
citizens, to exclude the need for further presentation of documents, once the administrative
data contained in these documents are available, consumed or provided through the
interoperability platform (MConnect);
7) when developing new information systems, they will ensure that they are interconnected
and integrated with the interoperability platform (MConnect).
5. The legal persons of private law carry out the data exchange through the interoperability
platform (MConnect) under the conditions established by the Law no. 142/2018 on the data
exchange and interoperability and this decision.
6. For public participants in the data exchange, the data exchange through the
interoperability platform (MConnect) is free of charge.
7. Public participants in the exchange of data, data providers / holders of information
systems, will review, within 6 months, their own procedures and tariffs regarding the
provision of information services in order to adjust them to this decision.
8. The competent authority will annually evaluate the costs necessary for the
administration and continuous development of the interoperability platform (MConnect) and
will submit proposals for requesting the financial means to be included in the draft law of the
state budget for that year.
9. The competent authority will periodically present to the participants data providers
(holders of information systems) statistical data on the number of calls made in the context of
data exchange through the interoperability platform (MConnect), with the involvement of
their information systems. The participants in the data exchange, holders of information
systems, will use the data presented by the competent authority in order to evaluate the
capabilities of the information systems, their efficient functioning and to provide the financial
resources necessary for the maintenance and development of the information systems,
necessary for the data exchange and interoperability.
10. The control over the execution of this decision is the responsibility of the State
Chancellery.

PRIM-MINISTRU Pavel FILIP

 Contrasemnează:
Ministrul finanţelor Ion Chicu

Nr. 211. Chişinău, 3 aprilie 2019.

Aprobat
prin Hotărîrea Guvernului nr. 211/2019

REGULAMENT
privind modul de utilizare a platformei de interoperabilitate (MConnect)
Secțiunea 1
Dispoziții generale
1. The regulation on the use of the interoperability platform (MConnect) (hereinafter -
the Regulation ) establishes the procedure for connecting state information resources and
private information resources to the interoperability platform (MConnect) (hereinafter -
MConnect platform ), including of granting access to data through it, how to use the
MConnect platform, the procedure for monitoring and controlling the use, suspending the use
of the MConnect platform, as well as the attributions and responsibilities of the participants
in these processes.
2. This Regulation applies to ensure the interconnection and interoperability of state
information resources, as well as to facilitate their interoperability with private information
resources through the MConnect platform.
3. For the purpose of this Regulation, the notions and their definitions provided in art. 3 of
Law no. 142/2018 on data exchange and interoperability, as well as the following concepts:
1) the government electronic data access service (MAccess) (hereinafter - the MAccess
service) - SaaS service (software as a service), part of the MConnect platform, which serves
as an interface, portal for access to authentic and retrieved data, upon request, in real time
from the administrative data sources, within the limits of rights and legal basis. ;
2) connection - stage of the data exchange process, which starts with the request for data
exchange and ends with granting access to the data requested by the participant on the basis
of its legal mandate;
3) integration- technological process for the elaboration of the consumption services or the
provision of data through the interoperability platform, in accordance with the legal
requirements formulated by the participant to the data exchange and the technical parameters
agreed with the competent authority, and to ensure the availability of the data in the
interoperability platform ;
4) technical annex- a document that describes from a technical point of view each data
exchange flow realized through the MConnect platform. The technical annex necessarily
indicates the participants in the data exchange and their quality (supplier / consumer), the
information system / resource involved, the responsible persons designated by the
participants, the methods of authentication and authorization applied, the methods of
questioning (input parameters, availability characteristics) ), the data structures that are
subject to data exchange and other technical details, as the case may be;
5) approved level of services - set of specific parameters and indicators based on which the
availability, performance and quality of data exchange through MConnect platform are
determined;
6)scale incident - a situation in which the number of incidents found in a time interval
exceeds at least three times the average number of incidents for the same time period in
previous periods;
 7) security incident- operation by which unauthorized access to an information system is
attempted or realized, an attack on the integrity and / or confidentiality of the information
within an automated information system. This includes unauthorized examination or
browsing, service interruption or cancellation, altered or destroyed data, processing, storage
or retrieval of information, modification of system information regarding the characteristics
of IT equipment (hardware), software products (firmware or software), with or without the
knowledge or user's intention.
4. Data exchange through the MConnect platform is performed exclusively on the
telecommunications network of public administration authorities, through a dedicated and
secure channel.
Secțiunea a 2-a
Drepturile, atribuțiile și responsabilitățile participanților
la schimbul de date prin intermediul platformei MConnect
5. The competent authority for data exchange and interoperability (hereinafter referred to
as the competent authority ) has the following responsibilities and responsibilities:
1) regulates the specific procedures for submitting and examining the requests for
connection to the MConnect platform, for authorizing the exchange of data through through
the MConnect platform, sets the standard model of the connection request to the MConnect
platform;
2) regulates the procedures of technical connection (integration) to the MConnect platform
and the agreed level of services, including the availability period, the levels of availability
and accessibility of the MConnect platform;
3) creates the legal, organizational and financial conditions for ensuring the smooth
functioning of the MConnect platform;
4) submit proposals to improve the normative framework in the field of data exchange and
interoperability;
5) receives, examines within the deadline established by law and approves or rejects the
requests for connection to the MConnect platform, submitted by the participants to the data
exchange;
6) suspend the exchange of data through the MConnect platform in the cases provided by
law and by this Regulation;
7) decide on the cases in which the participants to the data exchange are to be disconnected
from the MConnect platform;
8) ensures the retrieval of data from the data provider under the conditions of the agreed
technical parameters;
9) ensures the transmission of data to the data consumer in accordance with his legal rights
and the agreed technical parameters;
10) according to the needs of the consumers that derives from the law, it submits the data
received from the supplier to an adaptation process, as appropriate, using the functionalities
of the MConnect platform;
11) notifies the competent bodies in case of detection of the violations committed by the
participants in the exchange of data in the context of using the MConnect platform;
12) conclude with the private participants in the data exchange contracts data exchange
through the MConnect platform, according to the approved model;
13) elaborates and approves the standard model of the data exchange contract through the
MConnect platform;
14) monitors the compliance with the participants in the data exchange of the procedures
for connecting, suspending and disconnecting from the MConnect platform and the way of its
use by the participants in the data exchange, observing the agreed level of services, including
according to the contracts concluded with the participants private;
15) intervenes, according to the agreed level of services, for investigating, solving,
removing errors identified or communicated by the participants in the data exchange;
16) ensures the functioning, administration and continuous development of the MConnect
platform in accordance with the agreed level of services and within the limits of the allocated
budget;
17) ensures the information security of the MConnect platform;
18) informs the participants in the exchange of data about security vulnerabilities and
incidents when using the MConnect platform, immediately or within no more than two
working days from the moment of their detection;
19) ensures the recording, investigating, monitoring, solving and removing within the
established deadlines of the errors communicated by the participants, of the vulnerabilities
and of the detected incidents;
20) requests from the participants in the data exchange the details and information
necessary to resolve the errors, the recorded incidents, with their involvement, as the case
may be;
21) ensures, if necessary, the methodological and technical assistance to the participants in
the exchange of data in the process of connecting them to the MConnect platform and, as the
case may be, to installing and configuring components of the MConnect platform within the
participants' infrastructure;
22) ensures the protection of personal data and the security of the data transmitted through
the MConnect platform, on its competence segment, in accordance with the provisions of
Law no. 133/2011 regarding the protection of personal data and other normative acts;
23) ensures the logging of the exchange of personal data through the MConnect platform;
24) notifies the data providers of the connection of the new data consumers, indicating the
legal basis of access to the data made available;
25) if the information systems owned by the consumer, part of the integration projects,
process personal data - check the appropriate registration of the respective systems in the
Register of records of personal data operators, in accordance with the requirements of Law
no. 133/2011 regarding the protection of personal data and the Regulation of the Register of
records of the operators of personal data, approved by the Government Decision
no. 296/2012;
26) organizes activities of promotion, training and exchange of experience regarding the
use of the MConnect platform.
6. The data provider has the following responsibilities and responsibilities:
1) implements the organizational and technical measures necessary to provide the data
from the information systems it owns and ensures their connection to the MConnect platform,
from its own financial resources;
2) mandates the competent authority to ensure the transport of data from its information
systems, connected to the MConnect platform, including adapting them, as the case may be,
and to transmit them accordingly to the requests of the data consumers, in accordance with
the provisions of the legislation, and to monitor the access to these data. ;
3) ensures the availability of data from the information systems it owns and its provision in
the MConnect platform in accordance with the legislation;
4) it ensures the sustainability of its information systems that are connected to the
MConnect platform;
5) ensures the truthfulness, authenticity and integrity of the data provided through the
MConnect platform;
6) ensures the updating of the data provided through the MConnect platform, in the manner
established by the legislation;
7) in case of modification of the form or the mode of data provision through the MConnect
platform, inform the competent authority, which, in turn, informs the data consumer in the
established way;
8) initiates the process of disconnection from the MConnect platform in the cases provided
by this Regulation;
9) in the case of the private participant data provider, conclude data exchange contracts
through the MConnect platform with the competent authority;
10) obtain and manage, on their own account, the digital certificates for each owned
information system to be integrated with the MConnect platform;
11) notify the competent authority about the new digital certificates obtained for the
information systems integrated with the MConnect platform, at least 10 working days before
the expiration of the ones currently used;
12) in case of necessity, it ensures the installation and configuration of some components
of the MConnect platform within its infrastructure in order to develop interfaces for data
exchange;
13) ensures the recording, investigation, monitoring, solving and removal within the
established deadlines of the errors communicated by the participants, of the vulnerabilities
and of the detected incidents;
14) informs the competent authority about the errors occurring in the data exchange
process, the vulnerabilities, including the security incidents of the information systems
connected to the MConnect platform, immediately, and if this is not possible, within no more
than two working days from the moment of their detection;
15) unconditionally submit to the competent authority the information necessary to remove
errors and vulnerabilities, as well as to resolve security incidents;
16) implements the necessary measures to ensure the security and protection of data,
including personal data, in its information systems integrated with the MConnect platform;
17) designates contact persons responsible for the implementation of the integration
projects, and in case of their change, announces the competent authority within five working
days;
18) informs the competent authority about the data exchange requests received at its
address and redirects them to the competent authority in order to provide the requested data
through the MConnect platform;
19) does not disclose to a third party information regarding the method of authentication
and / or authorization, the technical way of connection, data exchange and monitoring, as
well as any other information regarding the data exchange through the MConnect platform,
which may compromise security and smooth operation of data exchange through MConnect
platform;
20) terminates the bilateral data supply agreements, concluded with other data consumers,
from the moment of the data exchanges concerned through the MConnect platform.
7. The data provider is not responsible for the way the data consumer uses the data
obtained through the MConnect platform.
8. The data consumer has the following responsibilities and responsibilities:
1) consults the semantic catalog and identifies the data sets they intend to consume
according to the competence assigned by law;
2) requests the connection to the MConnect platform, for the purpose of data consumption,
in compliance with the provisions of this Regulation, addressing to the competent authority a
request for connection of the established model;
3) mandates the competent authority to ensure the request, retrieval, adaptation, as the case
may be, and the transmission of data from the information systems of the providers connected
to the MConnect platform, in accordance with the provisions of the legislation;
4) justify the purpose, the volume and the way of using the information consumed through
the MConnect platform, as well as respect the appropriate regime of confidentiality and
security of the information;
5) ensures the consumption of data in strict accordance with the legal provisions regarding
the protection of personal data;
6) apply the necessary measures in order not to admit the transmission (publication,
dissemination) and / or the unsanctioned use by third parties of the information received;
7) ensures the technical and organizational capacity for data consumption, according to the
technical annexes agreed with the competent authority;
8) develops the integration projects with the MConnect platform from its own financial
resources, taking into account its functional competences and service needs, for the purposes
according to the law;
9) test the information service of data consumption made available through the MConnect
platform;
10) initiates the disconnection process from the MConnect platform in the cases provided
by this Regulation;
11) in the case of the private participant data consumer, conclude contracts for data
exchange through the MConnect platform with the competent authority;
12) obtains and manages, on its own, the public key certificates for each owned
information system to be integrated with the MConnect platform;
13) notify the competent authority about the certificates of the new public keys, obtained
for the information systems integrated with the MConnect platform, at least 10 working days
before the expiration of the ones currently used;
14) ensures control of access to information systems and / or databases, using the
functionality of MConnect platform and / or internal audit systems;
15) implements internal policies regarding the security and the access and use of the data
consumed through the MConnect platform by its employees;
16) in case of necessity, it ensures the installation and configuration of components of the
MConnect platform within its infrastructure, in order to develop interfaces for data
exchange;
17) ensures the recording, investigating, monitoring, solving and removing within the
established deadlines of the errors communicated by the participants, the vulnerabilities and
the detected incidents;
18) informs the competent authority about the errors that occurred in the data exchange
process, the vulnerabilities and security incidents of the information systems connected to the
MConnect platform immediately, and if this is not possible, within a maximum of two
working days from the moment of their detection;
19) unconditionally submit to the competent authority the information necessary to remove
errors and vulnerabilities and to resolve security incidents;
20) implements, through its information systems, the organizational, semantic and
technical measures necessary for the consumption of data made available through the
MConnect platform;
21) ensures the data consumption through the MConnect platform only under the law, for
the purpose of exercising its legal duties and using them, on its own responsibility, within the
limits and in accordance with the competences established by law;
22) respects the obligation not to modify the data consumed;
23) implements the necessary measures to ensure the security and protection of data,
including those of a personal nature, in its information systems integrated with the MConnect
platform;
24) does not disclose to a third party information regarding the authentication and / or
authorization method, the technical way of connecting, data exchange and monitoring, as
well as any other information related to the data exchange through the MConnect platform;
25) designates contact persons responsible for the implementation of the integration
projects, and in case of their change, announces the competent authority within five working
days;
26) terminates bilateral data consumption agreements, concluded directly with data
providers, from the moment of data exchange through the MConnect platform.
9. The competent authority has the following rights in the data exchange process:
1) to request from the participants additional data in order to ensure the availability of
generic information services;
2) to adapt the data available / transmitted through the MConnect platform in accordance
with the provisions of this Regulation and the legal needs of the participants in the data
exchange;
3) to reuse the data available / transmitted by the providers through the MConnect platform
in order to exercise the legal rights and obligations of the data consumers;
4) to ask participants reference information (feedback) regarding the use of the MConnect
platform.
10. The participants in the data exchange have the following rights:
1) to request the competent authority to initiate the integration projects in order to be able
to consume or provide a different set of data or with other technical parameters than those
previously established in the agreed technical annexes;
2) to request methodological assistance from the competent authority in the proposed
integration projects and, if necessary, assistance with the installation and configuration of
components of the MConnect platform within its infrastructure;
3) to request the support of the competent authority in investigating, resolving and
removing errors arising in the data exchange process;
4) request the competent authority to adapt and / or reuse the data available / transmitted
through the MConnect platform;
5) to request information from the competent authority regarding the agreed level of
services according to the indicators set out in the technical annexes;
6) to request from the competent authority information regarding the participants who
request the data from the information resources they have.
Section 3
Procedure for connecting to the MConnect platform
of the data consumer
11. The request for connection to the MConnect platform is made on the basis of a request
by the model established by the competent authority. The request for the modification of an
existing data exchange is made according to the norms established by this Regulation for the
procedure for connecting to the MConnect platform.
12. In order to submit the request for connection to the MConnect platform, the data
consumer consults the semantic catalog to identify the semantic assets and data sets they
intend to consume through the MConnect platform. Until the establishment and operation of
the semantic catalog, the identification and description of the data sets and the methods of
performing the data exchange are carried out jointly with the competent authority and the
participants in the data exchange.
13. The request for connection to the MConnect platform must contain the following
information:
1) identification of the data set to be consumed according to the semantic catalog
classifiers;
2) the legal basis for data consumption, which must include the express references to the
legal norms in the normative acts mandating access to data and / or the processing of the
respective data by the participant;
3) if the data consumption includes personal data - indicating the registration number of the
participant and the respective information system in the Register of records of the personal
data operators;
4) if the data consumption includes information with limited accessibility, other than those
mentioned in point 3) - the express reference to the legal norms that give the participant the
right to access and use such information in his activity;
5) information (including name, first name, position held, contact telephone, e-mail)
regarding the participant's contact persons responsible for the technical and legal issues
related to the process of connecting to the MConnect platform;
6) the participant's own responsibility statement regarding the responsibility for how the
data will be consumed by its employees.
14. The competent authority may request the submission of additional information to those
mentioned in point 13, in order to detail the data exchange aspects and to identify the optimal
method in this regard, as well as for a better examination of the connection request to the
MConnect platform.
15. When examining the application, the competent authority identifies the participants in
the data exchange, analyzes the legislative framework under which data consumption is
requested and verifies the technical possibility of connection, compliance with the security
and confidentiality requirements, as well as the availability of data in the MConnect platform.
16. If the application submitted corresponds to the form requirements established, if it is
complete in terms of the information indicated and if it meets the conditions established by
Law no. 142/2018 regarding data exchange and interoperability, the competent authority,
within 30 working days from the date of receipt, following the examination, adopts the
decision regarding the data exchange through the MConnect platform, with the information
of the participants.
17. The decision regarding the exchange of data through the MConnect platform must
contain:
1) confirmation of the eligibility of the applicant from a legal point of view to consume
data, as well as the possibility of providing the respective data through the MConnect
platform;
2) references to the legal basis and purpose under which the data exchange is authorized,
including the legal powers of the applicant to consume the respective data;
3) identification of the data set according to the semantic assets in the semantic catalog;
4) the description, in the technical annex, of the methods of interpellation in order to
provide or consume data (input parameters), of the data structures concerned, of the technical
characteristics of the data exchange (maximum number of calls, particularities of
performance and availability), of the particularities of journaling;
5) specifying the technical method of data exchange applied: web services, data access
interface through the MAccess service;
6) the term for signing the data exchange contract or, as the case may be, for modifying an
existing contract - in the case of private participants;
7) notifying the data provider / providers about the data exchange to be performed through
the MConnect platform, in order to ensure the technical and organizational capacity required
to provide the requested data.
18. Based on the data exchange decision, the competent authority signs with the
participants in the data exchange the technical annex describing the data exchange flow and
initiates a project to integrate the applicant's information system with the MConnect platform,
as well as the direct development of services. consumption or data provision.
19. If the data for which access is requested are not available on the MConnect platform,
but are available to potential data providers in a compatible digital format, the competent
authority shall issue a decision regarding the exchange of data, following the procedure set
out in this section, and o sends it to the applicant and the holder of the information system in
which the requested data are available. In addition to those specified in point 17, the decision
must contain the following information:
1) the initiation of the process of obtaining data from the relevant providers;
2) the term of development of data provision services, of integration and ensuring their
availability in the MConnect platform.
20. Based on the decision of the competent authority on data exchange through the
MConnect platform, the owner of the information system in which the requested data is
available initiates the development of the data provision services and the integration of the
respective information system with the MConnect platform. If the information system is of a
private participant, until the beginning of the integration process with the MConnect platform
the competent authority and the private participant conclude a data exchange contract.
21. If access to information with limited accessibility is requested, the competent authority
shall verify whether the applicant, under the law and for the purpose of exercising the powers
established by law, has the right to consume the requested data and expressly states this fact
in the decision.
22. If the access to data containing personal data is requested, the competent authority
verifies the existence of the corresponding registration of the respective systems in the
Register of records of the personal data operators, in accordance with the requirements of
Law no. 133/2011 regarding the protection of personal data and the Regulation of the
Register of records of the operators of personal data, approved by the Government Decision
no. 296/2012.
23. After ensuring the availability of the requested data in the MConnect platform, the
public participant data consumer initiates the technical connection (integration) with the
information service providing the data provided through the MConnect platform.
24. If the data consumer is a private participant in the data exchange, until the initiation of
the technical connection (integration) he / she signs with the competent authority the data
exchange contract through the MConnect platform.
25. The contract for data exchange through the MConnect platform must contain at least
the following information:
1) the parts of the contract;
2) the object of the contract, which consists in the efficient exchange of data between
different participants in the exchange of data through the MConnect platform, for the
purposes according to the law;
3) the term of the contract;
4) the rights, obligations and responsibilities of the competent authority and the private
participant in the data exchange;
5) the technical conditions and parameters in which the data exchange takes place;
6) contact information regarding the responsible person / persons responsible for the
interaction with the competent authority and vice versa;
7) the mode of interaction between the competent authority and the private participant;
 8) the agreed level of services;
9) the details regarding the setup fee and the applied data fee, as well as the payment
conditions;
10) technical annex, which describes the flow of data exchange;
11) the mode of dispute resolution.
26. The integration process is finalized once the data consumer, by the competent
authority, has made available the information (access credentials) necessary to access the
requested data.
27. The participants in the data exchange, including the competent authority, carry out all
the necessary tests regarding the connection of supply and / or consumption of data, only on
the test environment. The access credentials for the information service on the production
environment are made available to the participant in the exchange of data by the competent
authority following the notification regarding the participant performing all the necessary
tests and the express request regarding the migration of the service to the production
environment.
28. The performance, functionality, security tests of the information systems that consume
/ provide data through the MConnect platform, which refers to the testing of connections to
the MConnect platform, are performed by the data exchange participant according to a test
plan agreed with the authority. competence.
29. Consumers of data that do not have information systems capable of consuming data
automatically through the MConnect platform access the data using the MAccess service.
30. The competent authority rejects the request for connection to the MConnect platform
by reasoned decision in the following cases:
1) there is no legal basis for data consumption;
2) the purpose of the data consumption indicated in the application contravenes the
legislation or this Regulation;
3) it is impossible to integrate with the MConnect platform from a technical point of view,
either the information system of the data provider or the information system of the data
consumer;
4) the security and confidentiality requirements arising from the legal regime of the data
are not respected, and the connection to the MConnect platform will endanger its
functionality or the security of the data in the information systems of the participants in the
data exchange.
31. The competent authority shall inform the applicant of the reasons for rejecting his
request.
Section 4
Procedure for connecting to the MConnect platform of the data provider
32. Data providers, holders of information resources, based on the decision of the
competent authority, connect their information systems to the MConnect platform,
developing generic information services in order to ensure the availability of the data held. In
these cases, the competent authority issues the decision ex officio or at the request of the data
provider.
33. The connection of the participating private data providers to the data exchange is made
at their request, based on the decision of the competent authority.
34. In the connection process, the data provider submits to the competent authority the
responsibility statement regarding the veracity of the data provided through the MConnect
platform.
35. The competent authority shall provide the methodological assistance necessary for the
provider to ensure the development and exposure in the MConnect platform of generic
information services.
36. The competent authority issues the decision regarding the connection of the data
provider to the MConnect platform and:
1) in the case of the public participant data provider, jointly agrees to the term of
accomplishing the works of integrating the information system with the MConnect platform;
2) in the case of the private participant data provider, sign the data exchange contract
through the MConnect platform with the respective data provider and agree the deadline for
carrying out the integration works of the information system with the MConnect platform.
37. Based on the decision of the competent authority regarding the exchange of data
available in the MConnect platform, the data provider is obliged to review the data supply
capabilities to ensure the availability of data.
38. Based on the decision of the competent authority regarding the data exchange, the
public participant data provider starts the procedure for connecting to the MConnect
platform, with the elaboration of the informational web service for data provision, and the
private participant data provider, until the connection procedure is started, signs with the
competent authority the data exchange contract through the MConnect platform.
39. The decision of the competent authority regarding the exchange of data which is not
available in the MConnect platform, but which are available in an information system of a
private participant, is adopted following its coordination with that participant.
40. The data provider ensures the connection to the MConnect platform of its information
systems, as data sources, within a maximum of 45 days from the date of receipt of the
decision of the competent authority regarding the data exchange through the MConnect
platform.
Section 5
Using the MConnect platform
41. The provision of the data or their consumption by the public participants in the data
exchange is performed exclusively in accordance with the law and the provisions of this
Regulation, and by the private participants - and on the basis of the data exchange contract
through the MConnect platform concluded with the competent authority.
42. When using the MConnect platform, the data provider may have the same quality of
data consumer, and the data consumer - the quality of data provider.
43. The MConnect platform cannot be used:
1) for purposes contrary to the law;
2) when it involves information security risks both for the MConnect platform and for the
data exchange participants;
3) for purposes that may jeopardize the image and the legal interests of the competent
authority or of the participants in the data exchange;
4) abusively and contrary to the technical parameters agreed with the competent authority.
44. The exchange of personal data through the MConnect platform is logged. The logging
of the exchanges of personal data, carried out through the MConnect platform, includes at
least, but is not limited to, the following data (at the HTTP or SOAP level):
1) the user who processes the personal data;
2) the legal person of the user who processes the personal data or who manages the
information system;
3) the date and time of processing;
4) the legal basis for the processing of personal data;
5) the purpose of the processing of personal data;
6) the categories of personal data processed.
Section 6
 Particulars of using the MAccess service
45. Data consumers who do not have information systems capable of consuming data
automatically through the MConnect platform can access the respective data using the
MAccess service. The connection of these data consumers is made according to the general
procedure for connecting the data consumers, established by this Regulation, with the
particularities established in this section.
46. The data consumption through the MAccess service is made by accessing the URL
https://maccess.gov.md, a web interface for data access, made available by the competent
authority.
47. The authentication of the data consumers through the MAccess service is performed
using the devices for creating and / or verifying the electronic signature in accordance with
Law no. 91/2014 regarding the electronic signature and the electronic document, through the
government electronic service of authentication and access control (MPass).
48. In addition to the tasks regulated in point 5, the competent authority has the following
responsibilities regarding the data exchange through the MAccess service:
1) ensures the functioning of the MAccess service in accordance with the established
technical conditions and parameters, including the agreed level of services;
2) ensures the availability through the MAccess service of the data sets intended for the
consumer, in accordance with its legal mandate and according to the method set out in the
technical annexes;
3) ensures the functioning of the electronic signature mechanisms of the PDF documents
generated by accessing the MAccess service;
4) performs the necessary configurations in the MPass government service for defining the
role of technical administrator of the MAccess page destined to the data consumer and
assigns the role of technical administrator to the person responsible for the management of
the users, designated by the data consumer;
5) Provides information and methodological assistance to the data consumer regarding the
operation and use of the MAccess service.
49. As a data consumer through the MAccess service, the data exchange participant, in
addition to the responsibilities listed in point 8, has the following obligations:
1) accessing and using the MAccess service in accordance with the provisions of the
legislation;
2) obtain and manage, on their own account, the electronic signatures required to access
the MAccess service;
3) designates the person responsible for the management of the users of the page created in
the MAccess by the competent authority, with the transmission of the IDNP to the
responsible person to the competent authority, for its registration as a technical administrator;
4) informs, in writing, immediately or at the latest within four hours, the competent
authority about the change of the person designated as being responsible for the management
of the users, with the transmission of the confirmatory documents in this regard, including for
the newly appointed person;
5) performs, on their own responsibility, the correct management of the concrete users
within the data consuming entity (which involves, but is not limited to: assigning roles,
adding / deleting as technical administrator, adding / deleting as consultant / operator ), who
have access to data, depending on the assigned role;
6) ensures the implementation of the requirements and mechanisms of information security
in the process of using the MAccess service and the protection of personal data;
7) is responsible for the way of accessing and using the data, as well as for taking measures
to prevent unauthorized access of third parties.
 Section 7
Particularities of data exchange with special legal regime (art. 2 paragraph (4)
and art. 6 paragraph (3) of Law no. 142/2018 on data exchange and interoperability)

50. Public authorities and institutions with responsibilities in the field of supervision of
entities in the financial sector, national defense, state security, maintaining public order,
countering criminality, preventing and combating corruption, acts related to corruption and
facts related to corruption can perform data exchange with special legal regime (data
attributed to state secrecy, banking secrecy, etc.) through the MConnect platform, insofar as
they express availability and intent in this regard.
51. The data exchange referred to in point 50 shall be carried out in the order established
by this Regulation, taking into account the particulars mentioned in this section.
52. The public authorities and institutions referred to in point 50, as data provider and / or
consumer, the data exchange participant (supplier and / or consumer), as well as the
competent authority conclude trilateral agreements for each data exchange flow mentioned in
point 50, stating in particular:
1) the parties to the data exchange and the role of each party;
2) the rights, obligations and specific responsibilities for ensuring the security and
confidentiality of the concrete data exchange flow;
3) the responsible persons designated by each party and their contact details;
4) the agreed level of services;
5) the technical measures applied to ensure the security of the data exchange, the
confidentiality, the integrity of the data that are the object of the data exchange;
6) the encryption / decryption mechanisms used and the way the parties communicate in
this context;
7) the details regarding the logging of the events regarding the data exchange and the
access of the parties to the respective information, according to the legal mandate of each;
8) technical annex describing the data exchange flow.
53. The public authorities and institutions referred to in point 50, as a data provider and / or
consumer, the data exchange participant (supplier and / or consumer), as well as the
competent authority shall collaborate and jointly establish the technical, legal, semantic
details. and organizational issues to ensure interoperability and data exchange with special
legal regime.
54. The public authorities and institutions referred to in point 50, as a data provider and / or
consumer, the data exchange participant (supplier and / or consumer), as well as the
competent authority ensure, each within its competence segment, continuous monitoring. and
appropriate data exchange implemented.
55. In case of errors, incidents or security risks identified, in the context of an implemented
data exchange flow, the party that found this fact informs the other parties immediately, but
not later than 24 hours from the moment of the finding, by any available means of
communication, which allows confirmation of information. The parties shall ensure the
recording of the errors, incidents and security risks identified, as well as cooperate and make
every effort and diligence necessary to remove them in an optimal manner, with minimal
impact on the security, confidentiality, availability and integrity of the data.
56. During the investigation, resolution, removal of errors, incidents and security risks, the
competent authority together with the participants in the data exchange mentioned in point 50
may decide to suspend the data exchange through the MConnect platform.
Section 8
Particularities of data exchange with private participants
 57. The exchange of data with private participants takes place in accordance with the
provisions of Law no. 142/2018 regarding the exchange of data and interoperability and of
this Regulation and is for consideration, based on the contract concluded with the competent
authority, if the normative acts do not regulate otherwise.
58. For the data exchange through the MConnect platform performed with the private
participants, a setup fee and a data exchange fee are charged. The setup fee and the data
exchange fee are transferred to the account indicated by the competent authority and, in full,
they are made to the state budget.
59. The configuration fee and the data exchange fee established by this Regulation
supersede any other payments received by the participants in the data exchange data
providers / holders of information systems for the provision of data provision services.
60. The configuration fee is the fee charged for the work of configuring the MConnect
platform for the elaboration of the informational services for the provision and / or
consumption of a certain set of data through the MConnect platform. The configuration fee
constitutes 1000 (one thousand) lei for each newly configured data set, as well as for any
modifications, additions to the already configured data sets. The setup fee is paid in national
currency, by transfer from the account of the private participant to the exchange of data to the
account indicated by the competent authority, based on the invoice issued by the competent
authority. The competent authority submits to the private participant the invoice for the
payment of the configuration fee within five days from the date of signing the technical
annex describing the agreed data exchange flow.
61. The data exchange fee is the monthly charge for the volume of data consumed and / or
provided by the private participant in the data exchange through the MConnect platform. The
data exchange fee is variable depending on the number of calls made successfully, according
to table 1 and is calculated according to the model indicated in table 2.

Table 1
Number of calls * The fee applied for interpellation
The first 10 0 lei
11-100 10 lei
101-1000 5 lei
1001-10000 1 Ron
10001-100000 0.5 lei
Over 100,000 0.25 lei

* The number of interpellations of the information exchange service, performed

successfully by the information system of the participant, within one month.

Table 2
Model for calculating the tax for data
Model for calculating the tax for data
Număr de interpelări efectuate cu succes în decurs de o lună = 756 i
Calcul sumă spre achitare:
10 i x 0 lei + 90 i x 10 lei + 656 i x 5 lei = 4180 lei
Total spre achitare: 4180 lei

62. The competent authority shall submit monthly, until the 5th of the month following the
management period, to the private data participant the acts of provision and acceptance of
data exchange services.
63. The documents for the provision and acceptance of data exchange services should
include reports on the volume and level of the services provided.
64. The private participant signs the acts of provision and acceptance of the data exchange
services or submits his claims to the competent authority. If, within five working days, the
competent authority does not receive an answer, the documents for the provision and
acceptance of the data exchange services are considered to be signed by the private
participant.
65. The cost of the data exchange services is paid by the private participant, by transfer, to
the competent authority, monthly, until the 10th of the following month, according to the
invoices issued by the competent authority, to the account indicated by the competent
authority, making an income to the state budget.
66. For the late payment of the payment for data exchange services through the MConnect
platform, a penalty of 0.1% of the outstanding amount, calculated for each day of delay, will
be charged.
67. For the non-payment within two consecutive months of data exchange services through
the MConnect platform, the competent authority orders the disconnection of the private
participant concerned from the information service of supply and / or consumption of data,
with its notice with at least ten days before disconnecting.
68. The private participant that provides data through the interoperability platform to a
public participant, in order to fulfill a legal obligation in relation to the state, which arises
from express legal provisions (reporting, monitoring, etc.) does not pay the configuration fee
and the exchange fee. data.
69. The costs for data exchange through the MConnect platform between a private
participant as a data provider and a public participant as a data consumer are jointly
determined by the participants and the competent authority, on a contractual basis.
70. The costs for data exchange through the MConnect platform between two private
participants are jointly determined by participants on a contractual basis and necessarily
include the setup fee and the data exchange fee established by this section.
71. Private participants can consume a certain set of data through the MConnect platform
in order to develop and offer technological solutions of social interest (applications,
information portals, etc., through which the interests of the company and the state are
promoted, without pursuing a lucrative purpose or obtaining an income, and which are based
on philanthropic objectives of social importance, granting people access to their own data,
without being charged taxes in this regard). In this case, the data exchange fee is not charged,
and the private participant pays only the configuration fee according to point 60. In the case
of using the data consumed for a purpose other than that provided for in this point, the
corresponding provisions of this section will be applied .
72. In the situation referred to in point 71, the data exchange contract through the
MConnect platform expressly and concretely stipulates the purpose pursued for the
consumption of data by the private participant, sets legal and technological guarantees and
responsibilities for the parties involved, in order to ensure compliance with the requirement to
use the data set strictly for the stated purpose.
Section 9
Testing the functionality of the data exchange process
73. Testing the functionality of the data exchange flow takes place in order to ensure the
delivery to participants of informational services of consumption and / or the provision of
robust data, which meet the requirements of security and protection of personal data, and to
exclude the potential incidence. damage, loss or destruction of personal data in the process of
data exchange through the MConnect platform.
74. The testing of the functionality of the data exchange flow is carried out including in
order to ensure its correspondence with the technical parameters of the interpellations and
data structures agreed by the participants and described in the technical annexes.
75. Testing the functionality of the data exchange process through the MConnect platform
between the participants in the data exchange, regarding the new information services
created, the new information systems connected to the MConnect platform will be performed
based on the test data set provided by the participant data exchange.
76. The competent authority shall expressly designate by order the persons responsible for
conducting the testing of the functionality of the data exchange process in accordance with
the purposes mentioned in this section.
77. The persons responsible for testing the functionality of the data exchange process of
the new information services created have the obligation to carry out the testing process in
strict accordance with the provisions of Law no. 133/2011 regarding the protection of
personal data and the Requirements regarding the security of the personal data when
processing them within the information systems of personal data, approved by the
Government Decision no. 1123/2010.
78. In the process of technical operations to test the functionality of the data exchange
process, for the purpose of not admitting security breaches, the responsible persons,
designated according to point 76, ensure the implementation and compliance with the same
security measures that are applied in the production environment and are obliged. :
1) to ensure the integrity of the data provided for testing;
2) to use the data provided for testing exclusively on the test environment created for this
purpose and only for the mentioned purposes of testing;
3) not to allow unauthorized access of third parties to the data provided for testing;
4) not to allow the disclosure, unauthorized transmission of data to third parties;
5) not to allow the use of the data for purposes other than those mentioned in this section or
by unauthorized persons;
6) not to admit the intentional or unintentional corruption of the data;
7) not to admit the compromise of the data source;
8) not to admit the loss or deterioration of the data;
9) following the completion of the procedures for testing the functionality of the data
exchange process, to ensure and guarantee the secure archiving of the data provided for
testing, for the purpose of traceability, by the method of using the special technical and
program means, organizational and regime measures, for a period of one year.
Section 10
Agreed Level of Services
79. The data exchange through the MConnect platform is carried out in compliance with
the agreed level of services, regarding the period of availability, the levels of availability and
accessibility of the MConnect platform, elaborated by the competent authority.
80. The agreed level of services is a mandatory part of the data exchange contracts through
the MConnect platform, concluded between the competent authority and the private
participants in the data exchange.
81. The competent authority is responsible for ensuring the quality of data transport
services at the agreed level of services for the MConnect platform.
82. The competent authority is not responsible for the quality of the data provided by the
data provider, including their availability, integrity and performance.
83. Ensuring the quality of the data provided, including their availability, integrity and
performance, is the responsibility of the data providers.
 84. When connecting to the MConnect platform the data provider communicates to the
competent authority the agreed level of services, parameters and performance indicators of
data provision, in order to ensure the quality of data exchange through the MConnect
platform. For the participating private data providers, they will be established in the data
exchange contracts through the MConnect platform.
85. The competent authority must notify the data provider of the data exchange to be
performed through the MConnect platform, in order to ensure the necessary technical and
organizational capacity to provide the requested data.
86. The competent authority monitors the performance of the data exchange process and
can provide information to the participants in the data exchange to ensure the quality of its
use.
87. The agreed level of services (availability period, availability level, level of accessibility
of data through the MConnect platform) depends directly on the availability level of the
information systems of the data providers.
88. The data provider must ensure the level of availability of the information systems it
owns, which has been notified in advance to the competent authority, and in the case of the
private participant data provider - it is part of the data exchange contract through the
MConnect platform concluded. with the competent authority.
89. Data consumers are responsible for observing the agreed level of services in the data
consumption segment.
90. The participants in the data exchange are obliged to inform immediately the competent
authority about the deviations from the agreed level of services or any other detected event
that could jeopardize the good functioning of the MConnect platform or the information
systems of other participants in the data exchange.
Section 11
Suspension of data exchange through the MConnect platform
91. The data exchange through the MConnect platform may be temporarily suspended by
the competent authority, based on a well-founded decision, including at the reasoned request
of a data exchange participant.
92. The data exchange participant submits the reasoned request to suspend the data
exchange through the MConnect platform to the competent authority, which decides on the
suspension within five days from the date of receipt of the request for suspension.
93. The competent authority shall transmit to the data provider the decision regarding the
suspension of the data provision, indicating the deadline for the planned resumption of the
data provision.
94. In the event of the impossibility of resuming the data provision within the specified
period, the data provider shall immediately notify the competent authority of this fact,
specifying the term and the actions that need to be taken.
95. For the purpose of maintaining or extending the MConnect platform, the data exchange
may be suspended by a reasoned decision of the competent authority, with prior notification
of the data exchange participants whose interests may be affected by the suspension.
96. The exchange of data is immediately suspended by the competent authority, without
the prior notification of the participants to the data exchange, but with their subsequent
notification, in the following extraordinary situations:
1) incidents of scale incidents;
2) force majeure situations;
3) situations related to the nonconforming use of the MConnect platform, provided in this
Regulation and other normative acts in the field.
In the situations mentioned in this point, the competent authority shall ensure the
immediate or short term suspension of the data exchange.
97. In the cases mentioned in point 96, the exchange of data is suspended until the remedy,
removing the situations that created the necessity to operate the suspension.
98. The suspension of the data exchange through the MConnect platform is carried out
ensuring a minimum impact on the participants in the data exchange.
Section 12 of
Information security and data protection personal
in the context of the exchange of data via platform MConnect
99. The data exchange through the MConnect platform complies with the minimum
security requirements corresponding to the PaaS-type security requirements, delivered from
the MCloud governmental technology platform.
100. Data exchange through the MConnect platform must guarantee the protection of
personal data, including regarding:
1) the unique identification of the consumer;
2) specifying and limiting the purpose;
3) the adoption of technical and organizational measures in order to ensure an adequate
level of protection of personal data, in accordance with the provisions of the legislation;
4) journaling of events.
101. Access to the MConnect platform is granted exclusively through secure channels of
access and data transport.
102. The participants in the data exchange are responsible for connecting the information
systems that they have to the MConnect platform through secure channels of access and data
transport, under bilateral legal acts with the providers of electronic communications networks
and / or services, according to the recommendations and the integration procedures
established by the competent authority.
103. The rights of the personal data subjects, arising from the national legislation regarding
the protection of personal data, are ensured by the operators of personal data, who have
processed the personal data and who are responsible for the legality of the processing, to be
exercised in relation to the personal data operators concerned.
104. The competent authority, using the functionalities of the MAccess service, makes
available to the subjects of personal data audit information regarding the processing of
personal data by the participants in the data exchange, which contain at least the following
details:
1) the user who processes the data with personal character;
2) the legal person of the user who processes the personal data or manages the information
system in which the personal data were processed;
3) the date and time of the processing of personal data;
4) the legal basis for the processing of personal data;
5) the purpose of the processing of personal data;
6) the categories of personal data processed.
Section 13
Monitor and control the use of the MConnect platform
105. In order to ensure the efficient functioning of the MConnect platform and the efficient
exchange of data, within the limits of the powers assigned by law and this Regulation, the
competent authority and the participant in the data exchange:
1) constantly monitors the use of the MConnect platform;
2) permanently controls the way of respecting the agreed level of services and, as the case
may be, the execution of the clauses of the data exchange contract through the MConnect
platform;
 3) manages the risks related to the use of the MConnect platform, identified by the
implementation of the activities of prevention, management, control;
4) regularly evaluates the performance of the competent authority, from the perspective of
ensuring the quality necessary to use the MConnect platform, as well as evaluates the
participant's performance in data exchange, involved in ensuring efficient data exchange.
106. For the purpose of monitoring and controlling the implementation of the provisions of
this Regulation, the cooperation between the competent authority and the participants in the
data exchange shall be ensured by exchanging information, joint evaluation sessions,
planning, audits.
107. The competent authority is entitled to carry out the audit of the data exchange ex
officio, based on a reasoned request of the participant to the data exchange. The method of
conducting the audit is established by the competent authority.
108. The conclusions generated by the efforts of monitoring, control and systematic
evaluation serve as a basis in making corrective decisions during the use of the MConnect
platform, in planning activities at different stages of use of the MConnect platform, in
evaluating the performance of the activity of the competent authority and of the participants
in the exchange of data from the perspective of interoperability and data exchange, in the
supervision of the data exchange process and in the improvement of the regulatory
framework in the relevant fields.
Section 14
Disconnect from the MConnect platform
109. Disconnection from the MConnect platform is performed, based on the decision of the
competent authority, in the following cases:
1) the liquidation or reorganization of the registry or information system - data source;
2) liquidation of the data consumer;
3) at the request of the data consumer, if he is a private participant and is not
simultaneously a data provider, in case of termination of the data exchange contract through
the MConnect platform;
4) modification of the legislation that has the effect of the lack of legal basis for data
consumption through the MConnect platform;
5) non-use during at least six months of data from the information systems of the private
participant data provider in the exchange of data;
6) the finding by the competent state bodies of some illegalities in relation to the data
consumption in the activity of the private participant;
7) non-payment of data exchange services through the MConnect platform, within 2
consecutive months, in the case of the private participant.
110. In the case provided for in point 109 (1), the data provider whose register or, as the
case may be, information system is liquidated or reorganized shall submit a request for
disconnection to the competent authority within a maximum of five days from the date of
adoption of the decision of liquidation.
111. In the case of reorganization of the register or, as the case may be, of the information
system, the public participant, owner of the respective registry or information system,
initiates the procedure for connecting the reorganized registry or information system to the
MConnect platform in the manner established by this Regulation. The private participant may
request the connection under the same conditions.
112. In the case referred to in point 109 (2), the data consumer submits the request for
disconnection from the MConnect platform within a maximum of five days from the date of
the adoption of the liquidation decision.
113. In the cases referred to in point 109 sub-points 4) and 5), the competent authority
adopts the decision to disconnect from the MConnect platform ex officio.
114. The competent authority shall examine the cases of disconnection within a maximum
of five days from the date of receipt of the request for disconnection, the entry into force of
the changes to the regulatory framework or, as the case may be, the receipt of the act of
finding illegality in the data consumption.
115. The decision to disconnect is made known to all participants in the exchange of data
whose interests could be affected by the disconnection.
116. The competent authority performs the disconnection from the MConnect platform
within a maximum of five days from the date of the decision to disconnect or in another term
provided in the decision.
117. In the cases referred to in paragraph 109 points 4) and 6), the competent authority
shall decide, under the conditions of this Regulation, the immediate suspension of the data
exchange through the MConnect platform during the examination period of the disconnection
case.