The Republic's data treasure lies in the middle of Vienna Mitte

editorial staff

, on

A high-security area: In the BRZ in Vienna Mitte, new IT products for the administration and ministries are conceived and implemented I © BRZ

From ID Austria to the digital driving license – the BRZ has developed from a pure data center into a comprehensive IT service provider.

The Federal Computing Center (BRZ) has made the development of smart and secure IT solutions its mission, using innovative technologies such as big data, artificial intelligence, blockchain and robotics. On behalf of the administration and ministries, products such as ID Austria are developed and kept running in a high-security building in Vienna Mitte. But the management of prison beds is also handled by software from BRZ. Roland Ledinger, the technical director, together with Christine Sumper-Billinger, the commercial director, leads a team of around 1,800 employees who generate around 510 million euros in sales (2023).

Roland Ledinger, Managing Director of the Federal Computing Center in Vienna I © Klaus Vyhnalek

The BRZ has developed from a computing office and pure data center to the IT market leader in the public sector and a competence center for digitalization in Austria. Has a paradigm shift taken place here?
Roland Ledinger: Yes, a paradigm shift has taken place here. Today we focus on digitizing work and organizational processes. The BRZ has gone from being a pure IT organization to a supporter of digital processes. We cover the entire value chain from the idea of an innovation and the evaluation of existing processes or a proof of concept as a preliminary stage to implementation and secure operation. Ultimately, a digital service is created for the customer, the administration on the one hand, as well as for citizens and companies.

Does the BRZ also work for private customers or companies?
Ledinger: Our core market is the federal administration. This is specified by the owner. The owner of the BRZ is the Republic, represented by the Federal Ministry of Finance. As a GmbH, the BRZ is run according to market economy principles and competes with companies from the IT sector.

You are sitting on the Republic's treasure trove of data. How does that feel, or what worries and fears are going through your head?
Ledinger: We process a lot of sensitive data from people in Austria, companies and the administration itself. Of course, this is a big responsibility. Security is our top priority. This starts with our design principles, protecting privacy and ensuring security in general.

Are the BRZ servers located in Austria?
Ledinger: We operate two locations on Austrian soil.

How do you limit the collection of data to what is absolutely necessary so that you do not become a data octopus that knows every detail about Austrians?
Ledinger: We do not operate on our own initiative and do not collect data from citizens. Our customers, the public administration, have a legal mandate, which is why they need certain data. We work closely with customers when designing and implementing our services. The basic principle is always to only process the data that is absolutely necessary for each service. Across the EU, we also work according to the 'once only' principle and for many of our applications, companies and citizens only have to report data to the administration once. On this basis, the Digital Austria Data Exchange register pool, or dadeX for short, also exists, from which we only get the data that is necessary for a specific procedure. Today, the 'need to know' principle (also called the necessity principle, note) takes top priority. If three attributes are required from a data set, then only these three attributes are delivered. This can be compared to ID checks at a disco, where it is not about the name but the age. In the past, you would show a photo ID and the doorman would see your name as well as your date of birth. We have digitized this classic case of age verification with the digital age verification. This means that the doorman now only sees your age, but no longer your name or exact date of birth.

Are there legal regulations about how and whether you can link data, or is this at the discretion of the BRZ?
Ledinger: The merging of data is strictly regulated by law in Austria. We store data separately and securely by sector - depending on the customer and area. The data set for the person 'Roland Ledinger', for example, has a different identification in the financial sector than in the health sector. This prevents financial and health data from being clearly mixed and merged. If an exchange is required for a service - in Graz, for example, the application for childcare funding is made easier by automatically reporting income data to the city administration - then a specific legal regulation is required.

The tasks in IT and AI are growing every day. How do you manage to stay up to date?

Ledinger: We are in a field of tension here. On the one hand, we have to act economically and on the other hand, there are constant innovations. That is why we publish a technology radar every year in which we evaluate new technologies and classify existing technologies. What already works, where do we need to test or observe? Based on these categorizations, we try to focus on new technologies. We then also need the use case and the willingness of our customers to use it. Generative AI can do a lot, but some customers are still hesitant when it comes to using it. In our environment, where AI is often used, a chatbot has to make a correct statement because legal certainty is at stake. It is difficult in administration to deal with vague answers. That is why we are still trying to get to grips with this, although there is great potential.

Do you feel the shortage of skilled workers in the IT sector?
Ledinger: We see this too and compensate for it by hiring external workers. Of course, recruiting talent is a huge issue, but also retaining it. We compete and apply to interested people, not the other way around.

Is there a kind of digital playground at BRZ where you can try out new technologies?
Ledinger: With a small, manageable innovation budget, we try to identify innovations from within the company. Our employees know the solutions for customers and therefore know what is needed. That is also our USP. We know public administration very well and know what its needs are. Here we try to identify innovation projects that are technology-based or solution-oriented.

With ID Austria you have created a product that probably every Austrian knows. Is this a reference project?
Ledinger: ID Austria has a long history. Before that, there was the mobile phone signature, which was able to establish itself among the general public due to the corona pandemic. Thanks to the digital processes during the pandemic, the number of users rose from 500,000 to 600,000 to more than three million. The mobile phone signature became ID Austria, which is recognized in Europe. Incidentally, it is the first mobile, electronic identification at European level that is certified according to eIDAS (facilitates secure cross-border transactions by creating a framework for digital identity and authentication, note). As secure identification in the digital environment, ID Austria is now a central, critical infrastructure for legally compliant processing.

Today, more than three million Austrians use the ID Austria I
© BRZ

If ID Austria doesn't work and there is a traffic check, but the driver's license is only on the mobile phone - what should you do?
Ledinger: The system is programmed to work offline. We had to build that in, which was a major cryptographic challenge, because if data is available offline, it has to be secured accordingly. Depending on how long the driver's license holder was offline, it is up to the other party to decide whether to believe the data.

So it still requires a human decision?
Ledinger: IT should not replace, but support. We replace tasks with technical means, but we do not replace people. It is important to draw a line here with AI as well. At the point where we can no longer validate and make plausible results using humans, we would have to stop. When a notification is generated in this way, it is always the human who decides whether it is sent out in this way.

Is the development of ID Austria complete or is it being further developed?
Ledinger: There are further development steps in the expansion of services wherever new procedures are introduced. The new federal treasury or the craftsman bonus, for example, also run through ID Austria. ID Austria is the digital identity and is also used in some areas in the private sector, as otherwise identification would have to be established through laborious registration processes. It is not about simply digitizing conventional steps. You can see this with the driver's license, which is not just a copy of the pink credit card driver's license, but enables verification in an innovative way using a QR code.

The BRZ's activities mostly take place away from the public eye. Are you happy that what the BRZ does is not widely known?
Ledinger: This is not helpful for recruiting employees (laughs). We want to show the outside world what we do to attract talent. We are not bad at that either; in 2023 we were Austria's Best Recruiter (www.brz-jobs.at, note). Our products always focus on our customers, who commission us to find digital solutions. We are proud of our products because we accompany people in Austria from birth to the grave. The digital ID app can be used to report births; it covers the school sector, driving licenses, digital IDs, justice and finance, right up to inheritance. Hardly anyone knows that we are the largest provider of "hotel software" because we support prisons. Beds are just as important there as they are in tourism.