Digital Government Review of Biscay, Spain

Data is a strategic asset for governments, enabling evidence-based policies and user-centred services. Its value depends on coherent governance, interoperability, and safeguards that ensure trust. As a subnational government, the Provincial Council of Biscay is well placed to leverage data for proximity services and innovation, drawing on the historical role in tax collection, within an evolving national and EU policy landscape that calls for ongoing co-ordination.

Subnational governments are in a strategic position to maximise the benefits of data access, usage, and sharing. Providing infrastructure and services that are closer to people, regional and local authorities are uniquely situated to collect data, for example traffic data from sensors deployed on roads that they manage directly. At the same time, these governments are more closely scrutinised and held politically accountable by voters.

In the 2025 OECD Digital Government Index (OECD, 2026[1]), Spain scored 0.82 on the data-driven public sector dimension, which assesses governments’ capacity to govern, access, share and re-use data as a strategic asset across the public administration. This score, above the OECD average of 0.74, reflects the presence and quality of data strategies and the legal, organisational, and technical enablers at the national level. For Biscay, a subnational administration with resources and ambition, this represents an opportunity to operationalise a coherent data strategy, embed data stewardship across departments, and institutionalise mechanisms for ethical and interoperable data use, in line with national priorities.

Data governance refers to the institutional arrangements, roles, processes, and standards that enable the effective management, sharing and use of data across government. The OECD’s framework for data governance in the public sector (OECD, 2019[2]) identifies six elements of public-sector data governance across the three phases of strategy, tactics, and delivery. The 2021 OECD Recommendation on Enhancing Access to and Sharing of Data calls on governments to establish coherent governance frameworks, promote interoperability, and safeguard data ethics (OECD, 2021[3]). Biscay’s efforts to formalise data governance align with this agenda and reflect growing recognition of data as a strategic asset for public value creation.

A comprehensive data strategy and a recognised leadership at political and senior management level are fundamental to ensure a whole-of-government approach to data governance across all departments of government. Box 3.1 shows examples of data strategies from subnational governments in other OECD member countries.

Spain’s digital strategy recognises data as a strategic asset for economic transformation and public sector innovation (Government of Spain, 2025[4]). The national Plan to Promote Sectoral Data Spaces reinforces this by prioritising secure, interoperable data sharing across sectors and regions (Ministry for Digital Transformation and the Civil Service, 2024[5]). Biscay’s efforts to institutionalise data governance and develop interoperable infrastructures position it to contribute directly to these national goals, particularly through regional data spaces

The Data Statute adopted in 2024 sets out a comprehensive data governance framework for the Provincial Council (Provincial Council of Biscay, 2024[6]). It aligns with national, European, and international frameworks, and frames data as a fundamental asset to enhance transparency, improve public service delivery, and support economic development. The Statute is complemented by a Data Governance Model, which defines roles, responsibilities, and co-ordination mechanisms across strategic and operational levels (Provincial Council of Biscay, 2024[7]). A roadmap provides guidance for implementation of the strategy and the translation of the Statute’s principles into practice.

Clearly identified leadership is essential to implement the data strategy across the Provincial Council and ensure political accountability. The Data Statute and the Data Governance Model establish a governance structure led by a Chief Data Officer (CDO) responsible for developing data governance in the DFB (Provincial Council of Biscay, 2024[6]; Provincial Council of Biscay, 2024[7]). A Data Governance Manager supports the CDO with implementing the strategy, and the Data Office (Oficina del Dato) is also charged with assisting in defining the strategy. An interdepartmental committee for data governance, chaired by the CDO, oversees the implementation of the Data Strategy and the Data Governance Model across the DFB. In the committee are also seating the Data Governance Manager and one Data Lead (Responsable del dato) for each department of the Provincial Council.

The CDO and Data Governance Manager are appointed from among senior officials, which gives both roles the authority needed to steer data initiatives effectively. At the same time, as these leaders also hold other responsibilities, there is a risk of competing priorities which should be actively managed. The Data Office’s mandate bridges strategic governance within the DFB and delivery of projects in the departments. Implementation will also show how the Data Office can co-ordinate the various actors involved. The role of Lantik in the implementation of data projects will also have to be defined through practice, in order to avoid overlap and ensure accountability.

Executing the strategy and achieving the intended policy goals requires building necessary capacities within the administration, across all departments. Clear rules and standards can provide necessary guidance and ensure that the strategy is implemented at the local level.

The Interdepartmental Technical Committee for Data Management acts as a collaborative network to support projects related to data quality and use. Operational delivery is led by the Data Office, which co-ordinates all data-related activities across the Provincial Council. Within each department of the DFB, data stewards are responsible for implementing governance policies and procedures, maintaining data quality and integrity, and supporting analytics and cataloguing.

The inclusion of multiple roles requires clear mandates and co-ordination. In the current configuration, the Data Steward of the DFB is a fourth figure alongside the CDO, the Data Governance Manager, and the head of the Data Office. In each department, Data Stewards report to Data Leads, introducing another layer that must align with existing digital governance roles. Project implementation also requires co-ordination with the Data Office and Lantik, increasing complexity and administrative burden. The implementation of the Data Governance Model would require a clear assignment of roles and responsibilities to ensure accountability. Monitoring and feedback from civil servants would be useful for further improvements.

The challenges faced by Biscay in attracting and retaining digital talent have an impact on capacities for successful data governance. To strengthen internal skills, the Provincial Council launched the Data Academy1, a training initiative designed to promote a culture of data use across departments. This is a positive step, with several introductory and transversal trainings (for example, basic data skills, vendor‑specific tools, and introductory AI literacy). To increase impact, training should be differentiated by profession (for example, social workers, policy analysts, inspectors and finance officers) and anchored in the datasets and systems in use within the Province. A more hands‑on, use‑case‑based approach with defined learning outcomes and assessment would better support the DFB’s ambition.

Funding for data projects follows the same logic as the overall financial planning for digital transformation, with a decentralised model in which department contract services to Lantik as a provider (see Chapter 2 for a detailed discussion about digital investment models in Biscay). At the same time, the Provincial Council also undertakes cross‑cutting initiatives, such as the development of a unified registry for people and legal entities that interact with the provincial tax authority. Even so, co-ordinating budgets can make broader transversal initiatives more demanding. The creation of the Data Office introduces a mechanism for centralised implementation, but its resources depend on the organisational unit responsible for the data strategy rather than a dedicated budget line. Technical infrastructure and services will be provided through Lantik’s annual mandate, ensuring access to specialised skills but raising questions about the Office’s autonomy and ability to prioritise projects independently.

A coherent regulatory framework is essential to enable secure and efficient data use and sharing across the public sector while safeguarding privacy and trust. Biscay operates within a multi-layered system combining European, national, regional, and provincial provisions. While EU and Spanish instruments set overarching principles, the most relevant operational rules for Biscay can be found in Basque and provincial legislation.

Data protection regulation illustrates this multi-layered approach. At an overarching level, it is governed by the EU General Data Protection Regulation and Spain’s Organic Law on Protection of Personal Data and Guarantee of Digital Rights (Kingdom of Spain, 2018[10]). In the Basque Country, implementation is regulated by a regional law that establishes oversight and enforcement mechanisms (Basque Country, 2023[11]). This law also created the Basque Data Protection Authority, one of only three regional authorities in Spain, which supervises compliance and provides guidance to public bodies.

Interoperability is similarly framed by national and regional regulations. The National Interoperability Scheme established in 2010 sets governance principles and technical standards for data exchange (Kingdom of Spain, 2010[12]). The Basque law on public sector strengthens these requirements, providing a rationale for implementation at the local level and the development of shared infrastructure (Basque Country, 2022[13]). These provisions are also referenced in Biscay’s Data Statute.

Open data is governed by a provincial decree, in alignment with EU principles on re-use of public sector information and national requirements to make public sector data open by default (Provincial Council of Biscay, 2020[14]). The decree explicitly frames open data as a tool for transparency, innovation, and inclusive development, drawing inspiration from OECD guidelines on open government, and mandates the creation of a unified catalogue. This approach positions open data as a strategic enabler for better governance and economic value creation in Biscay.

Modern and resilient infrastructure is a key enabler for the successful digital transformation of Biscay. The province benefits from Lantik’s long experience in managing data, thanks to the local tax system, and from successful integration of databases across levels of government. However, current arrangements remain fragmented and rely on bilateral agreements, limiting agility and broad re-use. Future efforts must strengthen interoperability and adopt shared infrastructure to support the objectives of the digital strategy and the Data Statute. The Data Office’s mandate includes actions towards these goals. In parallel, the Provincial Council participates in the Atlantic Data Infrastructure (ADI), a public-private data‑centre initiative in the Basque Country. For the administration, any recourse to ADI should be justified by specific, high‑value use cases that existing Lantik‑supported platforms cannot meet; otherwise, additional capacity risks duplication rather than added value.

Open Data Bizkaia and GeoBizkaia underpin data sharing and re-use in the province. Since 2018, the CKAN-based Open Data Bizkaia portal aggregates datasets from provincial institutions and municipalities, offers API access, and is harvested by the national and European portals. GeoBizkaia, the geographical data infrastructure, provides a map viewer, APIs and map services, and INSPIRE-compliant datasets. Despite the mature infrastructure, the involvement of data producers largely ends at publication, and standardisation gaps reduce re-use, ultimately limiting the value of data held by the province.

Re-use of open government data by third parties is not measured systematically beyond portal analytics. The Provincial Council runs co-creation events with civil society and academia, such as datathons or data-driven journalism challenges. Further involvement of stakeholders could broaden the scope to the private sector and formalise feedback loops to ensure that data producers benefit from use cases. Beyond individual events, limited structured engagement with re-users limits the impact of data and does not provide opportunities and incentives for improving data quality. Main digitalisation projects are not designed for data to be open by default and re-used by third parties. Fostering data re-use could unlock value for both public services and the private sector, enabling innovation in areas such as mobility, health, and GovTech.

A data interoperability node is operated by the Provincial Council, to enable secure data exchange between provincial institutions and municipalities. The node aligns with the national interoperability scheme and is connected with the Basque (NISAE) and the Spanish (PID) ones. While reliable, the system depends on SOAP-based services, which constrain flexibility. Moving towards an API-first approach could simplify processes and accelerate exchanges, though these changes require co-ordination with regional and national infrastructure.

The Provincial Council has invested in the creation of data inventories, in particular in the field of spatial data with the Bilaka project. The planned creation of a unified data catalogue is a critical enabler for better governance and interoperability. This project falls under the mandate of the new Data Office and is essential to reduce silos and improve data quality. However, its scope and purpose remain undefined, while re-use of data within the provincial council is currently minimal. Without clarity on objectives, the catalogue risks evolving into a costly technical exercise rather than a driver of value.

The catalogue could serve as a strategic tool for interoperability and re-use within the province. Its focus on managing metadata rather than consolidating data would help maintain security and respect varying levels of openness. The catalogue will integrate existing repositories, such as open data, geospatial and tax datasets, while prioritising high impact use cases and involving all provincial entities. A phased approach could help demonstrate value and align with the overall vision.

Artificial intelligence (AI) offers governments opportunities to improve productivity and responsiveness by enhancing internal operations and service delivery. Its adoption requires careful attention to context-specific challenges, including skills gaps, fragmented governance, and accountability. The OECD Framework for Trustworthy AI in Government highlights three pillars that governments should seek to put in place: strengthening enablers such as data exchange and skills, establishing guardrails to manage risks, and engage with stakeholders to build trusts (OECD, 2025[15]). Biscay’s current approach reflects these dynamics, but scaling pilots responsibly will require clearer governance, strong safeguards, and continuous engagement.

Biscay is gradually adopting artificial intelligence to improve public services and internal processes. The Provincial Council is using robotic process automation (RPA) for mundane tasks such as creating PDFs, downloading files, and checking duplicates across databases. Lantik operates a platform, BOTere, to develop and run these automations across departments. While RPA can yield short‑term time savings for administrative staff, it merely mimics human interaction with legacy interfaces, delaying needed service redesign. Unattended bots developed by a third party also widen the cyberattack surface and raise operational risks. BOTere should be used as a temporary solution, while administrative processes get redesigned, and secure APIs for data processing are developed.

Current efforts for the development of machine learning (ML) and generative AI (genAI) focus on practical use cases emerging from departments rather than broad transformation driven by a central mandate. This approach prioritises experimentation and validation, by testing what works before codifying rules or proposing systemic change. While this flexibility promotes innovation and responsiveness, it also underscores the need for stronger co-ordination and safeguards to ensure public trust, accountability, and alignment with long-term objectives.

Social services deployed a predictive model to estimate the risk of institutionalisation for dependent persons, helping prioritise support to caregivers and extend home care. The model achieves high accuracy and is reviewed regularly, while decisions remain with social workers and families. Transport services apply machine learning to predict bus occupancy and optimise fleet allocation based on variables such as weather, events, and flight schedules. Other pilots include route optimisation for waste collection and AI-assisted classification of citizen queries in call centres.

AI initiatives are supported by Lantik, providing technical capacity, but in the absence of a dedicated AI governance function within the provincial council, unlike data governance. A dedicated AI strategy is currently being worked on, and at the time of writing there is no systematic risk assessment, though compliance with EU AI Act requirements is being prepared. Ethical considerations, such as explainability and bias detection, are addressed in specific projects, often in collaboration with academic partners. These steps provide a foundation for more structured governance without constraining innovation.

Robust and secure infrastructure is essential for scaling up AI in public service. Biscay relies on Lantik’s centralised technology model, which provides secure data centres and platforms for the departments of the Province and the municipalities. The social security institution of Finland, Kela, adopted a similar approach: an on-premises cloud using modular open-source components, enabling scalability while preserving control and maintaining trust (OECD, 2025[16]). Both cases show that infrastructure choices must anticipate future needs, without compromising security.

Skills challenges faced by the Provincial Council remain significant for trustworthy AI deployment. To address this, the annual provincial training plan for civil servants for 2026 includes training activities focused on artificial intelligence. These are implemented also through the Data Academy. In addition, the Provincial Council participates in AMAIA, an initiative in collaboration with academia and the private sector, which provides hands‑on exposure to applied AI for organisations in the territory. The DFB is also running targeted trainings for civil servants on specific third-party genAI chatbots. Collaboration with the Basque Artificial Intelligence Centre (BAIC) complements these efforts through capacity‑building activities and access to the regional AI ecosystem. These initiatives show the increased relevance of AI training across the Provincial Council, but risk being overly dependent on proprietary tools, leading to vendor lock-in, limited auditability of solutions, and reliance on opaque models.

Current practices do not include a public inventory of AI systems, systematic disclosure of algorithmic use, or publication of source code. Broader transparency measures, such as an algorithmic registry, could strengthen trust and accountability without imposing excessive burdens.

The AI pilots deployed so far are considered by Lantik to be low risk because they do not automate decisions, but this assumption may not hold as applications expand. There are no formal processes for algorithmic impact assessment or audits, and no clear accountability for the outcomes of AI systems. The Provincial Council is working with the Basque Data Protection Authority to develop risk-management methodologies for trustworthy use of AI in the public sector. Establishing such guardrails will help anticipate risks without curbing innovation, and building confidence among citizens and civil servants while supporting compliance with regulation.

Consultation with citizens and workers on AI initiatives is limited. Projects are designed internally, with feedback collected during a piloting phase with civil servants. The current degree of involvement of citizens and users beyond the public sector in the design and implementation of AI projects is still limited, but this is likely to change: Biscay is committed to open government and participatory design of public services, as underlined by the provincial strategy for citizen experience.

[11] Basque Country (2023), Ley 16/2023, de 21 de diciembre, de la Autoridad Vasca de Protección de Datos, https://www.euskadi.eus/web01-bopv/es/bopv2/datos/2024/01/2400036a.shtml (accessed on 20 November 2025).

[13] Basque Country (2022), Ley 3/2022, de 12 de mayo, del Sector Público Vasco, https://www.boe.es/eli/es-pv/l/2022/05/12/3 (accessed on 20 November 2025).

[17] Etxanobe Landajuela, E. and Diputación Foral de Bizkaia (2023), Bizkaia Denontzat. Plan de mandato 2023-2027, https://www.bizkaia.eus/documents/842933/17352503/BIZKAIA+DENONTZAT.+PLAN+DE+MANDATO+2023-2027act2.pdf/ff783acf-17db-f9d1-3e5c-b90da58c231f?t=1736843963953 (accessed on 2 July 2025).

[9] Government of New South Wales (2021), NSW Government Data Strategy, https://data.nsw.gov.au/nsw-government-data-strategy (accessed on 11 February 2026).

[4] Government of Spain (2025), España Digital 2026, https://espanadigital.gob.es/sites/espanadigital/files/2025-06/Espa%C3%B1a%20Digital%202026.pdf (accessed on 10 November 2025).

[10] Kingdom of Spain (2018), Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales, https://www.boe.es/eli/es/lo/2018/12/05/3 (accessed on 20 November 2025).

[12] Kingdom of Spain (2010), Real Decreto 4/2010, de 8 de enero, por el que se regula el Esquema Nacional de Interoperabilidad en el ámbito de la Administración Electrónica, https://www.boe.es/eli/es/rd/2010/01/08/4/con (accessed on 20 November 2025).

[5] Ministry for Digital Transformation and the Civil Service (2024), Plan de impulso de los Espacios de Datos Sectoriales, https://espanadigital.gob.es/sites/espanadigital/files/2025-05/Plan%20de%20Impulso%20de%20los%20Espacios%20de%20Datos%20Sectoriales%202024.pdf (accessed on 10 November 2025).

[8] Ministry of Citizens’ Services (2023), Provincial Data Plan, Government of British Columbia, https://www2.gov.bc.ca/assets/gov/data/provincial_data_plan_handout_-_v11_2023-11-09_1.pdf (accessed on 8 July 2025).

[1] OECD (2026), “Digital Government Index and Open, Useful and Re-usable Data Index: 2025 Results and Key Findings”, OECD Working Papers on Public Governance, No. 90, OECD Publishing, Paris, https://doi.org/10.1787/6347ec74-en.

[15] OECD (2025), Governing with Artificial Intelligence: The State of Play and Way Forward in Core Government Functions, OECD Publishing, Paris, https://doi.org/10.1787/795de142-en.

[16] OECD (2025), “Harnessing AI in Social Security: Use Cases, Governance, and Workforce Readiness”, https://doi.org/10.1787/b52405c1-en.

[19] OECD (2024), “2023 OECD Digital Government Index: Results and key findings”, OECD Public Governance Policy Papers, No. 44, OECD Publishing, Paris, https://doi.org/10.1787/1a89ed5e-en.

[3] OECD (2021), Recommendation of the Council on Enhancing Access to and Sharing of Data.

[2] OECD (2019), “Data governance in the public sector”, in The Path to Becoming a Data-Driven Public Sector, OECD Publishing, Paris, https://doi.org/10.1787/9cada708-en.

[20] Provincial Council of Biscay (2024), Agenda Digital de Bizkaia 2027.

[7] Provincial Council of Biscay (2024), DECRETO FORAL 98/2024, de 12 de septiembre, de la Diputación Foral de Bizkaia, por el que se crea y regula el Modelo de Gobierno para la gestión de los datos de la Diputación Foral de Bizkaia, https://www.bizkaia.eus/es/bob/resultados?p_p_id=IYBIWBCC&p_p_lifecycle=0&p_p_state=normal&p_p_mode=view&_IYBIWBCC_mvcRenderCommandName=%2Fdetail&_IYBIWBCC_bdate=20240923&_IYBIWBCC_bnum=183 (accessed on 12 November 2025).

[6] Provincial Council of Biscay (2024), DECRETO FORAL 99/2024, de 12 de septiembre, de la Diputación Foral de Bizkaia, por el que se aprueba el Estatuto del Dato en la Diputación Foral de Bizkaia para la gestión de la información y el uso de los datos, https://www.bizkaia.eus/es/bob/resultados?p_p_id=IYBIWBCC&p_p_lifecycle=0&p_p_state=normal&p_p_mode=view&_IYBIWBCC_mvcRenderCommandName=%2Fdetail&_IYBIWBCC_bdate=20240923&_IYBIWBCC_bnum=183 (accessed on 12 November 2025).

[14] Provincial Council of Biscay (2020), DECRETO FORAL 106/2020, de 1 de diciembre, de la Diputación Foral de Bizkaia, por el que se regula la apertura de datos en el portal de datos abiertos de la Diputación Foral de Bizkaia Open Data Bizkaia.

[18] Walravens, N. et al. (2021), “Data Ownership and Open Data: The Potential for Data-Driven Policy Making”, in SpringerBriefs in Applied Sciences and Technology, https://doi.org/10.1007/978-3-030-63693-7_2.