Digital Government · CAD · Once Only
Once only, ANPR and PDND: the principle is 58 years old. The news is the infrastructure.
From 1 July, all public bodies and public service operators automatically access the National Registry of the Resident Population through the National Digital Data Platform. A “revolution”, says the Department for Digital Transformation. In truth, the law had been promising it since 1968. What changes — at last — is the how.

From 1 July 2026, public administrations and public service operators can automatically acquire citizens’ registry data directly from ANPR, the National Registry of the Resident Population, for the performance of their institutional activities. The channel is the National Digital Data Platform (PDND), the interoperability system enabling the secure, standardised exchange of information between public bodies. The legal basis is Art. 62(3-bis), Legislative Decree 82/2005 — the Italian Digital Administration Code.
For citizens, the promise is concrete: no more requests for the same certificates at different counters. It is the European once-only principle — data is provided to the administration a single time, and administrations exchange it among themselves — moving from paper to automated execution.
The Department for Digital Transformation speaks of a revolution. Understandably so: on the operational level, it is one. But on the legal level it pays to be precise, because the history of this principle in Italian law is long — and instructive.
The real news is not the legal principle: it is the availability, for the first time, of a national infrastructure enabling its concrete, automated, large-scale application.
A principle the law has known since 1968
The idea that citizens should not act as couriers between one administration and another was not born today, nor with the European digital agenda. It was born almost sixty years ago, and since then the legislator has reaffirmed it — with growing intensity — at least three times.
Legislative timeline
58 years of once only on paper
1968
Law no. 15 of 4 January 1968
Introduces self-declarations in lieu of certificates and affidavits: citizens can self-certify, and the administration is supposed to trust (and verify).
1990
Law no. 241 of 7 August 1990 — Art. 18
The law on administrative procedure strengthens the obligation of public bodies to accept self-certifications and to acquire ex officio the documents already in their possession.
2011
Law no. 183 of 12 November 2011 — “de-certification”
From January 2012 public bodies may no longer request or accept certificates issued by other administrations (save for strict exceptions): ex officio acquisition or self-certification, with sanctions for non-compliance.
1 July 2026
ANPR × PDND — Art. 62(3-bis) of the Digital Administration Code
All public bodies and public service operators automatically access ANPR data via the National Digital Data Platform. The principle becomes infrastructure.
Why it has not worked so far
If the legal framework was so clear — and from 2012 even backed by sanctions — why did citizens keep collecting certificates for years? The answer lies not in the law, but in its execution. The rules of 1968, 1990 and 2011 were applied in a partial, bureaucratic way, with chronic delays: in substance, many administrations kept asking for certificates, in open conflict with obligations that had been in force for decades.
The knot was structural: absent true interoperability between public databases — historically fragmented, sadly marked by inaccuracies and duplications — ex officio acquisition remained a manual, slow, often impracticable burden. The legal obligation was there; the technical means were not. And an obligation without means tends to degrade into evasive practice.
The general opening of ANPR via PDND is, in this sense, a necessary manoeuvre to break a festering deadlock: it does not introduce a new citizens' right, but removes — at least in theory — the technical alibi that for decades prevented its effective exercise.
Governance and accountability: what stays with the entities
The new arrangement does not centralise data ownership. On the contrary: ownership of documents and data remains with the individual administrations feeding the platform, while the Ministry of the Interior monitors access to ANPR services used via PDND and, more generally, the correct population of the registry database.
This means that responsibility for the processing carried out and for data quality stays with the individual entities involved. Interoperability is not a delegation of responsibility: it is a multiplier. An inaccurate record that once stayed confined to a municipal archive can now propagate automatically, in real time, to every entity that queries it. The stakes of data quality grow in the same measure as circulation grows.
The Tomato Blue take — what entities must oversee
- Accuracy and consistent population of the database: registry errors now travel at API speed. Structured verification and rectification processes are needed (Arts. 5 and 16 GDPR).
- Legal basis and purpose of access: access via PDND is allowed for the performance of institutional activities. Every use must be traced back to a specified purpose, documented in the interoperability agreements.
- Security and accountability: access logs, controls over who queries what and why, records of processing activities updated to reflect the new flows.
- Clear privacy roles: distributed ownership requires precisely mapping who is the controller of which processing along the chain: providing entity → PDND → consuming entity.
These are the facts
The “revolution” of 1 July is not a legal one: Italian law has prohibited administrations from requesting certificates that other administrations already hold for fourteen years, and has preached self-certification for fifty-eight. The revolution — if it turns out to be one — is infrastructural: for the first time there is a national platform that makes technically possible, at scale and in an automated way, what the law had been demanding in vain for decades.
The hardest work remains — the work no platform does on its own: ensuring data accuracy, consistent population of the databases, security of the flows and protection of personal data. Because interoperability distributes information — but responsibilities stay exactly where they were.
This article is for informational and educational purposes and does not constitute legal advice, nor does it replace professional consultancy calibrated to the specific case. The positions expressed reflect Tomato Blue RegTech's analysis. © 2026 Tomato Blue.
Interoperability multiplies data. And responsibilities.
Tomato Blue supports public bodies and public service operators on PDND access agreements, legal bases for data access, updating records of processing activities and registry data governance — so that data circulating at API speed stays accurate, secure and traceable to those accountable for it.
Talk to us →Sources
Art. 62(3-bis), Legislative Decree no. 82 of 7 March 2005 (Digital Administration Code); Law no. 15 of 4 January 1968; Law no. 241 of 7 August 1990, Art. 18; Law no. 183 of 12 November 2011; Arts. 5, 16, 28 and 32 Reg. EU 2016/679 (GDPR); Department for Digital Transformation, communication on generalised access to ANPR via PDND (July 2026).