Legal regulation of information processes within the framework of preventive SMART monitoring

Ostroushko Aleksandr Vladimirovich ORCID: 0000-0003-0595-9205 PhD in Law Associate Professor, Department of International and Public Law, Financial University under the Government of the Russian Federation 38 Shcherbakovskaya Lane, office 805, Moscow, 109542, Russia ostroushko@mail.ru Other publications by this author

The introduction of intelligent financial monitoring in the accounting and reporting system has become a trend in the modern developed information society. In the Russian Federation, this is being implemented in the form of the project "Electronic Smart Control (controlling) and accounting of public finances for management decisions"^[1], which the Ministry of Finance of the Russian Federation has been implementing since the beginning of 2023. During the implementation, the phased implementation of the project tasks is planned until December 1, 2027. SMART control is considered as a tool with which the digital transformation of public relations in the field of control over the targeted and effective spending of budget funds will be carried out.  In its implementation, technologies based on algorithms of interpretive structural modeling are used, and represent intelligent procedures for analysis, observation and control monitoring (this term is a novelty for legislation) of subjects of the financial and budgetary sphere.

The introduction of proactive SMART control allows for effective intelligent financial supervision, increased transparency of information in financial reports, the ability to compare the performance of organizations with intelligent financial supervision, the ability to verify functional data and prevent the creation of fabricated data, the ability to exchange information between governments, supervisors, stakeholders and citizens, and improve the quality of accountability. These procedures are related to the processing of large amounts of information, the use of telecommunication technologies, the use of state, municipal and other information systems. Machine learning and artificial intelligence may be one of the possible solutions to facilitate supervision of the financial sector. In addition, artificial intelligence can help regulatory and supervisory authorities in making decisions, developing, changing and establishing new rules for financial supervision^[2].

Of course, in accordance with the basic tenets of the Russian legal doctrine, these operations must be carried out with strict observance of the principle of legality. At the same time, the information legislation has recently undergone significant changes. This imposes certain difficulties and requires studying the mechanism of legal regulation of information processes related to SMART control.

The purpose of this study is to analyze the legal problems that arise during information procedures during the implementation of preventive SMART control in the financial and budgetary sphere, identify conflicts and develop recommendations on the correct application of legal norms during preventive smart control. We will not consider the general requirements for state information systems and procedures for collecting and processing information established by financial legislation, legislation of the Russian Federation on information, information technology and information protection, legislation on security, legislation of the Russian Federation on state and other legally protected secrets. The study will focus on aspects of regulating the procedures for collecting and processing information used directly during the preventive SMART control.

The subject of the study is both the current legal norms and legislative initiatives on amendments to the Budget Code of the Russian Federation, as well as the information procedures themselves that exist during SMART control.

The first issue that needs to be understood from a legal point of view is the indication of the limits of the information space of the Electronic Smart Control project. Currently, public administration focuses on the use of digital platforms. This approach is becoming increasingly important both from a practical point of view and from a theoretical one. It fully corresponds to the directions of achieving the national goals and strategic objectives of the development of the Russian state provided for by the federal project "Digital Public Administration" of the National Program "Digital Economy of the Russian Federation", which pays special attention to the digital transformation of public administration.

The development of digitalization of financial legal relations in the modern period takes place within the framework of the implementation of normative documents of strategic planning, which have consolidated the main approaches to the introduction of innovations in all spheres of public administration^[3]. The List of instructions for the Implementation of the President's Address to the Federal Assembly, approved by the President of the Russian Federation on 30.03.2024 N Pr-616, states that it is necessary to "complete the formation of digital platforms in all key sectors of the economy and social sphere, as well as in the field of public administration by 2030."

I would like to note positively that when creating the project "Electronic Smart control (controlling) and accounting of public finances for management decisions", the directions of state policy in the information sphere and the requirements of strategic planning documents were taken into account, and it is indicated that the project will work on the basis of a single digital budget platform - GIS "Electronic Budget"^[4]. On its basis, within the framework of the project under study, the Ministry of Finance of the Russian Federation intends to create by 2027 a Unified Electronic Data Generation System (SFAD) for accounting and reporting of state finances, as well as a unified SFAD environment for automated controlling, analysis and accounting of state finances for state/municipal bodies and public sector organizations^[5].

Speaking about the concept of data centralization and management in SFAD, the director of the Department of Budget Methodology and Financial Reporting in the Public sector, S. V. Romanov, identified several stages that differ from each other by the use of digital innovations. Thus, during the transition to digital transformation, it is planned that the processes of information accumulation, processing and decision-making will be performed by an intelligent platform^[6].

The use of the existing and well-proven digital GIS platform "Electronic Budget" during operation allows us to talk about a certain degree of legal regulation of the procedures for collecting and processing information. The effect of the norms regulating the specified state information system will automatically be transferred to the procedures of preventive SMART control in the financial and budgetary sphere. By the time the project is created, there is already a ready-made legal mechanism for working with data on a digital platform, which will have a positive impact on the development of this project.

I would like to note the most important approaches to regulating information relations in the collection and processing of information, which are specified in the Decree of the Government of the Russian Federation dated 30.06.2015 N 658 "On the State Integrated Information system for Public Finance management "Electronic Budget" (together with the "Regulation on the state integrated information system for public Finance management "Electronic Budget"), are relevant for the project SMART warning control:

· all information contained in the Electronic Budget system is subject to protection in accordance with the legislation of the Russian Federation on information, information technologies and information protection, as well as in accordance with the legislation of the Russian Federation on state secrets and the legislation of the Russian Federation regarding trade secrets and other protected secrets.

· requirements for technological, software and linguistic means of the Electronic Budget system, including subsystems (components, modules) of the Electronic Budget system, are established by the Ministry of Finance of the Russian Federation;

· when forming and exchanging documents in the Electronic Budget system, electronic document formats are used, which are established by the Ministry of Finance of the Russian Federation and other federal state bodies within their powers to establish the forms of relevant documents;

· The Electronic Budget system uses unified reference books, registers and classifiers used by participants of the Electronic Budget system, the list and procedure for the formation and maintenance of which are established by the Ministry of Finance of the Russian Federation.

· the information contained in the Electronic Budget system is stored in accordance with the procedure established by the legislation of the Russian Federation on archival affairs and on state secrets.

At the same time, the development of modern information technologies requires some improvement of existing information systems. With regard to the subject of our research, I would like to point out that the main stages of designing and creating the Electronic Budget system were carried out earlier than the issues of using identification and authentication procedures on the Internet of a new generation were legally regulated. At the moment, legal regulation in this area solves the tasks of improving the security and durability of user accounts, as well as personalization and accounting for remote access to information systems, including government ones. We believe that this practice should be transferred to the SMART control subsystem.

At the moment, access to information in the subsystems of the GIS "Electronic Budget" is carried out using the federal state information system "Unified Identification and Authentication System in the infrastructure providing information technology interaction of information systems used to provide state and municipal services in electronic form" and (or) a certificate of the key verification of an enhanced qualified electronic signature or other certificate of the electronic signature verification key.

ESIA has not lost its relevance, its distinctive feature is simplicity and widespread use, but the processes of modern remote interaction are gradually being transferred to technologies using identification and authentication of individuals using biometric personal data.

In our opinion, the Ministry of Finance of the Russian Federation needs to develop legal mechanisms for the implementation of identification and authentication procedures in the GIS "Electronic Budget" using data from a Single Biometric System, guided by the provisions of Federal Law No. 572-FZ of December 29, 2022 "On the identification and (or) Authentication of Individuals using Biometric Personal Data, on amendments to certain legislative acts of the Russian Federation and invalidation of certain provisions of legislative acts of the Russian Federation", Federal Law No. 152-FZ dated July 27, 2006 "On Personal Data", Order of the Ministry of Finance of the Russian Federation No. 453 dated 05/12/2023 "On the procedure for processing Biometric personal data and vectors of a single Biometric system in a single Biometric System and in the information systems of accredited government agencies, the Central Bank of the Russian Federation in case of accreditation, organizations that authenticate on the basis of biometric personal data of individuals," etc.

Despite the fact that the Unified Biometric System is currently under formation and is mainly used to receive some financial services, but after full-scale implementation it will become a national digital platform providing citizens with access to state information resources of public administration. It is planned that biometric identification will be used instead of an electronic signature in the provision of public services and the performance of functions^[7]. Accordingly, when forming a Unified Environment for automated controlling, analysis and accounting of state finances, as well as a mechanism for legal regulation of this activity, this must be taken into account.

Another positive point that we can note when using the Electronic Budget system as a digital SMART control platform is the possibility of ensuring compliance with the principle of transparency of the budget system by providing access to information posted on the Internet information and telecommunications network on the unified portal of the budget system of the Russian Federation^[8]. This requirement follows from the provisions of the Concept of Openness of Federal executive authorities, approved by Decree of the Government of the Russian Federation dated January 30, 2014 No. 93-r and Order of the Ministry of Finance of the Russian Federation dated February 6, 2014 No. 26 "On the organization of work on the implementation of the principles of openness of the Ministry of Finance of the Russian Federation".

In many ways, the principle of openness is implemented by publishing publicly available information on official websites, including posting open data on the Internet – data on the activities of state bodies and local governments posted on the Internet in the form of data arrays in a format that ensures their automated processing for reuse without prior human modification (machine-readable format), and on the terms of its free (free) use.

Currently, the Ministry of Finance has a fairly extensive list of open data from 193 positions (according to the official website https://minfin.gov.ru/ru/opendata/registry / 134 and 59 archival ones are valid). We consider it necessary to supplement the Order of the Ministry of Finance of the Russian Federation No. 625 dated December 31, 2014 "On approval of the Regulations for the Formation, Updating and Decision-making on the termination of updating Open Data Sets of the Ministry of Finance of the Russian Federation" regarding the entry of information on SMART control into the Register of Open Data of the Ministry of Finance of the Russian Federation, as well as the frequency of posting of specified information and the timing of its update, ensuring the timely implementation and protection of users' rights and legitimate interests.

Another direction of implementing the principle of openness is not only to provide information about the activities of the Ministry of Finance during SMART control, such as interim and reporting data, projects, forecasts, but also to make clear to all interested parties the logic of decision-making, the functioning of algorithms and other features of the project. It is necessary to solve the problem of ensuring citizens' trust in the digital environment of SMART control. Building an environment of trust is a very complex and complex process, and not only a technical one^[9].  We support the opinion of N. Khramtsovskaya that in order to ensure trust, it is necessary to apply various combinations of measures, including legal ones^[10].

The growing digital transformation of public relations in various spheres of life is also accompanied by a number of side effects, including citizens' distrust of innovation. This is proved by the fact that society has formed the opinion that the danger today is not individual false messages, but entire information systems, digital platforms and services that operate on the basis of deliberately unreliable information^[11].

Unfortunately, there are problems with the reliability of information in the GIS "Electronic Budget". So, after the appeals of the Accounts Chamber, the Ministry of Finance of the Russian Federation instructed the Federal Property Management Agency to update the RFI data and verify with respect to real estate objects that are federally owned with the data of the Unified State Register of Legal Entities and other information systems, including those included in the GIS "Electronic Budget". The Ministry of Finance of the Russian Federation, in accordance with the letter of the Accounts Chamber, instructed the Federal Property Management Agency to update the RFI data and verify with respect to federally owned real estate objects with the data of the Unified State Register of Legal Entities and other information systems, including those included in the GIS "Electronic Budget". The Federal Treasury has confirmed the presence of errors that occurred when uploading data on expenditures of regional budgets within the framework of national projects to the Electronic Budget system^[12]. The Ministry of Finance was forced to provide an explanation about the incorrect filling in by institutions of certain indicators of reports in the GIS "Electronic Budget" in a Letter from the Ministry of Finance of the Russian Federation dated March 1, 2023 N 02-15-07/16845 "On incorrect filling (non-filling) by institutions of certain indicators of information."

The creation of legislative bases for the formation of a unified digital environment of trust and electronic civil turnover, including the systematization and harmonization of information in state information resources, is indicated as one of the main activities of the Government of the Russian Federation during the implementation of the National Project "Digital Economy".

The Federal Treasury has declared its task to ensure the reliability and relevance of the information on the site bus.gov.ru . Final goal: Institutions should systematically update information. After all, these electronic data will become the basis for SMART control^[13]. Therefore, one of the main tasks is the need to form and normalize strict requirements for data, algorithms and information systems used to ensure reliability, verifiability, the possibility of operational intervention in the operation of such systems and correction of possible errors^[14]. Such norms should be enshrined in the by-laws of the Ministry of Finance.

We also consider it necessary to introduce additional measures of legal liability for officials in the Administrative Code of the Russian Federation for violations in providing information to the GIS "Electronic Budget", similar to those fixed in Art. 13.19.4. "Violation of the procedure for submitting information to the federal register of Persons with disabilities and posting specified information in this register."

However, the creation of a legal basis for the functioning of information systems does not completely solve the issue of trust in them. It is necessary to additionally create a mechanism for distributing information about the innovations being introduced, the degree of their protection, tools that prevent violation of the rights of subjects using this system, and in the case of SMART control, additionally being subjects of controlling. We believe that information issues must necessarily be included in the activity plans of the responsible departments of the public authority.

It should be noted that with the warning SMART control, institutions will not know about the verification, since the controlling algorithms are planned to be used in a fully automatic mode, when no one will be distracted from the performance of their main duties^[15].

Compliance with laws and regulations is a priority of the state in the implementation of its activities, which determines the requirement for the elements of preliminary SMART control being developed using information systems of strict functioning in the legal field. Therefore, there is a need for additional legal regulation of methods (procedures) related to preventive SMART control.

The first method is an analysis – based on its results, the control authorities will draw up a conclusion with conclusions and suggestions on how to improve the efficiency of activities^[1]. The analysis is always based on certain data. In our opinion, there are two areas that should be further regulated by law.

First, it is necessary to establish the conditions under which this procedure is initialized and its main parameters.  In the draft Federal Law No. 532893-8 "On Amendments to the Budget Code of the Russian Federation", analysis for the purpose of state (municipal) financial control is understood as the study of individual parties, properties, components of the subject and activities of the object of control (group of objects of control), systematization of research results, as well as the causes and consequences of violations (deficiencies) identified within the competence of the state (municipal) financial control body. At the same time, this legislative initiative does not allow us to understand by whom the analysis procedures are initiated, in relation to which subjects, what are the terms of analysis, methodology, algorithms and sources of information when conducting SMART procedures, as well as it is carried out on a regular, planned basis or as an operational (mandatory for certain subjects) activity.  We consider it necessary to amend the above-mentioned provisions in the course of finalizing the draft law.

Secondly, it was stated that the analysis of information will be carried out using an intelligent platform and machine learning procedures. This clearly indicates that the Ministry of Finance plans to involve artificial intelligence systems in these events.  Despite the fact that in 2019 the National Strategy for the Development of Artificial Intelligence for the period up to 2030 was adopted, which removed certain administrative and legal barriers that prevented the introduction of artificial intelligence technologies, including in the field of public administration, this area is still poorly regulated by Russian law.  The system of regulation of public relations in the field of artificial intelligence is carried out through the publication of acts of a recommendatory nature ("soft law").

In our opinion, this state of affairs does not fully meet the objectives and principles of public administration in the financial sector. At the moment, when using artificial intelligence in any field, there is a threat that the program will continue its uncontrolled independent existence or, conversely, fall into the hands of intruders, since it is available to hacker attacks^[16].

The reduction of human control over the process of using artificial intelligence systems, the not fully transparent decision-making process require regulatory restrictions on the use of artificial intelligence systems^[17] and/or clear regulation of the limits of the use of these technologies.

The experience of the European Union is quite interesting, where the Law on Artificial Intelligence (The EU AI Act) was adopted in 2024. In accordance with this act, artificial intelligence systems used in public administration belong to high-risk systems (only systems that are prohibited are considered more dangerous). Before using them, a number of mandatory procedures must be followed, and the operation process itself is subject to strict rules in which exceptions are regulated.  The Artificial Intelligence Act introduces transparency obligations for all general-purpose artificial intelligence models to ensure a better understanding of these models, as well as additional risk management obligations.

Based on the above, we consider the involvement of artificial intelligence systems in solving the tasks of preventive SMART control without an adequate system for their assessment and detailed regulatory regulation of use procedures, risk minimization activities, issues of ensuring a high level of reliability, safety and accuracy to be a high-risk act and a very controversial decision.  The study of the available materials of the project "Electronic Smart control (controlling) and accounting of public finances for management decisions" Direction (subprogram) "Improving the quality of budget process management and efficiency of public finance management" 2022-2027 did not reveal any tasks regarding improving the legal support for the use of modern technologies (AI, neural networks, big data). We consider it necessary to supplement these acts with the necessary provisions.

The second method used in SMART control is surveillance, i.e. continuous on-line monitoring, and the control authorities will not notify about it. They will collect information from the digital environment available to the state — interdepartmental exchange, information systems, data from the Internet. A positive point is that in the draft amendments to the Budget Code, under supervision in order to implement internal state (municipal) financial control, it is proposed to understand the collection and processing of data on the object of control available to the internal state (municipal) financial control body, including data received during interdepartmental information interaction, as well as contained in state and municipal information systems, data from the Internet information and telecommunications network, and other publicly available data to identify risks and signs of violations.

From the point of view of information legislation, obtaining information from the Internet information and telecommunications network and other publicly available data sources poses a certain problem here. The main reason for using the Internet is the low cost and easy access to company information. However, if in the case of obtaining data from information systems and in the course of interdepartmental interaction we are dealing with structured sets, then the Internet is a place for storing unstructured data of huge volumes and significant diversity. Currently available big data processing technologies combined with the use of artificial intelligence systems make it possible to process them efficiently. The legal problems of using artificial intelligence were mentioned above, but at the moment, Russian law does not resolve all the problems regarding the regulation of the procedure, conditions for processing big data, as well as identifying and protecting the rights and legitimate interests of various entities involved in their processing^[18]. There is an opinion that SMART control surveillance can be correlated with analytical intelligence ^{[18, 19]}.

We believe that in order to ensure the necessary level of confidence in this procedure, it is necessary to legally regulate relations to establish rules for extracting data about the object of control from a set of publicly available information on the Internet and other information exchange and storage systems, as well as their interpretation for control purposes within the framework of using big data processing technology.

The third method of implementing SMART control is control monitoring, which implies that institutions and authorities will voluntarily disclose credentials and transfer them electronically. Monitoring is one of the tools that helps to understand the process of fulfilling the responsibility for accountability. Unfortunately, there is no general definition of monitoring in laws and regulations, as well as in the literature, and its definition varies depending on the field of implementation (for example, monitoring of law enforcement), but in a sense, this activity can be defined as an activity that compares the proper or desired state of the system with the actual one, while using a specially designed tools, assessment units and forecasts^[20].  

In the draft amendments to the Budget Code, control monitoring for the purpose of internal state financial control is understood as the interaction of the Federal Treasury and the object of control, aimed at ensuring that the object of control complies with the provisions of legal acts, including requirements and recommendations for their compliance, the terms of contracts (agreements), within the powers defined by the Budget Code (hereinafter - the subject of control monitoring), and carried out in electronic form using information systems in accordance with the legislation of the Russian Federation on information, information technologies and information protection, the legislation of the Russian Federation on state and other legally protected secrets. We consider this definition to be very successful.

The positive point is that the control monitoring is carried out in accordance with the procedure and cases established by the Government of the Russian Federation. Thus, additional normative activities of the Government are required, information about which has not yet been found.  

Summing up the research, we can draw a number of conclusions.

1. The basic relations regarding the collection and processing of information within the framework of the implementation of preventive SMART control procedures in the financial and budgetary sphere are currently regulated by information legislation and do not need further improvement.

2. Particular issues of the legal functioning of the warning SMART control system are currently provided only as certain provisions of draft laws that are at the first stage of discussion. As can be seen, the mechanism of legal regulation lags behind the plans and realities of the implementation of the new system. This creates a legal vacuum and corresponds to the legal doctrine of the Russian Federation. The law-making process needs to be accelerated and the necessary documents adopted as soon as possible.

3.        The main documents regulating the procedure for the implementation of the SMART warning control system are strategic in nature and do not have specifics. The Ministry of Finance needs to develop and submit relevant bills to the legislator for discussion, as well as adopt departmental orders in pursuance of these initiatives.

4.        Legislative work is required to improve the legal mechanism regulating the procedures for collecting and processing information as part of the implementation of preventive smart control procedures in the financial and budgetary sphere using modern intelligent technologies, especially artificial intelligence, the use of big data, the use of intelligent agents 24/7. Because the domestic legal doctrine is currently in the regulation of these relations gives priority to "soft law" as a way to improve existing tools and mechanisms for influencing legal reality, as well as to search for more effective and efficient resources for the formation of a qualitatively new state of legal certainty and stability. Priority should be given to procedures for determining the requirements for using artificial intelligence to make individual decisions. All innovations are proposed to be implemented only after a comprehensive assessment of their regulatory impact, including by testing the conditions for the use of artificial intelligence technologies in the financial sector in the experimental legal regime ("regulatory sandbox").

5.        Regulatory consolidation is required by the mechanism of openness of all elements and procedures related to preventive SMART control.