National registry data: scope and new controls
The executive bylaw to the National Registers Law establishes strict controls governing the exchange, protection, and continuity of national registry data, officials said. Issued under Decision No. 84/2026 by the Inspector General of Police and Customs, the regulation defines core data sources and sets mandatory timelines and safeguards for agencies that produce or use this information.
The rule applies to personal and corporate records, residential and non-residential property units, and geographic datasets. It also introduces notification duties, technical integration windows, and confidentiality requirements designed to support digital transformation while securing sensitive information.
Key data sources and categories defined
The bylaw lays out detailed categories that form the basis of the national registry data. For natural persons, the list includes official documents and records, family relationships, employment and workplace details, residence information, health and education records, income and social benefits, financial and tax data, judicial records, access logs to government e-systems, and communication contacts such as phone numbers and email addresses.
For legal persons the bylaw includes official and commercial documents, geolocation and site data, financial and tax information, judicial records, employee data, licenses and permits, investor and capital information, export and import records, lease agreements, and electronic access credentials. Meanwhile, property units are documented by title deeds, survey maps, land and building records, utility accounts and consumption, addressing and geolocation, lease agreements, and permit histories.
Geographic datasets specified by the regulation cover international borders, approved administrative divisions, satellite imagery, roads and infrastructure networks, land and building inventories, agricultural and natural resource data, geolocations of people and entities, and topographic maps. These categories are intended to provide a unified, authoritative foundation for government operations and planning.
Obligations for agencies on data exchange and continuity
Under the new rules, agencies must notify the central registry authority at least 60 days before developing or updating database systems or operational processes that affect national registry data. This advance notice is intended to allow system alignment and interoperability work, officials said.
Agencies that experience system outages or interruptions are required to notify the center within 12 hours and to take immediate corrective measures. They must then supply a report within 48 hours after systems are restored detailing the data that was not exchanged and the steps taken to prevent recurrence. Furthermore, the center itself is required to alert affected agencies within six hours of any interruption in registry-dependent services.
To guarantee continuity, the bylaw obliges entities to implement measures that ensure uninterrupted electronic data flows for datasets they hold or generate. Therefore, data continuity plans, redundancy arrangements, and failover procedures are expected to form part of agency compliance activities.
Access rules, approvals and integration timelines
The regulation restricts access to national registry data to uses within an agency’s lawful remit, for services or projects the agency provides, or for direct requirements of digital transformation initiatives. Agencies must prepare their electronic systems to receive and accommodate registry data and ongoing updates, according to the bylaw.
Access requests must be submitted to the center using a prescribed form that specifies the data needed and the purpose for use. The center will evaluate requests to confirm legitimate need, alignment with digital transformation goals, and compliance with data protection policies. The center’s director is mandated to decide on requests within 14 days of submission.
If a request is approved, the center aims to complete technical and operational integration with the requesting agency within 30 working days. If a request is refused, the requesting agency may appeal to the Cabinet. Other entities identified by the same provision may submit the matter to the Inspector General of Police and Customs for review.
Standards, data protection and documented exchanges
The bylaw requires agencies to follow central policies on data structure, handling, and exchange protocols. This includes adherence to standardized schemas and documented interfaces to reduce friction in data sharing and to improve data quality across government systems. Additionally, agencies must protect data confidentiality and secure any registry-derived information according to established data protection practices.
All exchanges must be fully documented, with metadata and provenance information recorded to ensure traceability. Using the national registers as a primary operational reference is encouraged to achieve integration between agency datasets and national-level information, thereby supporting interoperability and more coherent public services.
Related implications for digital transformation and service delivery
By codifying access limitations, integration timelines, and notification duties, the bylaw aims to accelerate digital transformation while reducing risks associated with fragmented data sharing. Furthermore, the regulation creates a predictable framework for agencies to modernize their systems and align with national standards, which could improve service delivery and policy planning.
However, agencies will need to invest in compliance measures, cybersecurity, and system resilience to meet the new requirements. Officials indicate that capacity-building and technical support may be necessary to achieve consistent implementation across government bodies.
Conclusion and next steps to watch
The new executive bylaw provides a detailed blueprint for managing national registry data, emphasizing protection, controlled access, and uninterrupted data flows. Interested agencies should prepare requests using the prescribed form and plan system updates with the 60-day notification requirement in mind.
Observers should watch how quickly the center processes requests within the 14-day decision window and how integration timelines of 30 working days are met in practice. The next expected developments include issuance of implementation guidelines by the center and potential capacity-building initiatives to help agencies meet data protection and continuity obligations.