From Consent to Explicit Request: Legal Engineering in the Single Digital Gateway

The Single Digital Gateway (SDG) Regulation (EU) 2018/1724 aims to simplify cross-border administrative access in the EU through a unified Digital Gateway, centered around the Once-Only Principle (OOP), in which users provide data only once [1]. In accordance with Article 14(3)(a) and (4) of the SDG Regulation, the implementation of the Once-Only Technical System (OOTS) enabling automated cross-border exchange of evidence under the OOP is subject to an explicit user request, except where specific legal provisions provide otherwise [1]. In Germany, the former § 5(2) of the E-Government Act (EGovG) allowed such exchange with user consent [2]. It was questionable whether the expression of request in Article 14(3)(a) and (4) of the SDG Regulation could be understood as consent under the General Data Protection Regulation (GDPR) for the processing of personal evidence. Section 5(2) of the old EGovG was seen as a violation of the prohibition of repetition, since Article 6(1)(a) of the GDPR already requires consent as the legal basis and does not provide any opening clauses [2]. On the other hand, this could lead to a contradiction with regulated exceptions under Article 14(4) of the SDG Regulation [1], which allows data transfer without explicit user request if mandated by national law — introducing consent would undermine this mechanism. The EGovG amendment adopted in 2024 resolves the aforementioned conflicts by defining evidence exchange in the new §§ 5 and 5a on the basis of Article 6(1)(e) GDPR — public interest [3]. The "Explicit Request" under Article 14(3)(a) and (4) SDG Regulation remains a legal requirement for technical implementation, but not as a consent [1]. How does the "Explicit Request" under the SDG Regulation differ legally and technically from prior consent under the OOP? Figure 1 shows the requirements for the "Explicit Request"