What it has not yet built is the layer that turns those foundations into a state that serves the citizen unbidden. This is that architecture, division by division—what exists right now, where it is slow and fragmented, and what each layer becomes when agents are first-class workers.

For twenty years the Czech Republic built the foundations of a digital state and then stopped one layer short. The country has the base registers—ROB for people, ROS for organizations, RÚIAN for addresses, RPP for the rights and obligations of every agenda. It has a national identity in NIA and the widely used BankID, and since 2024 mobile documents in eDoklady. It has data mailboxes in the ISDS, Czech POINT counters, the Portál občana, and a legally enabled connected data fund, the propojený datový fond, with its reference interface ISZR and eGSB/ISSS. Since 2023 it even has a single owner of the digital agenda, the Digitální a informační agentura (DIA), gestor of 21 agendas and active in 54 more, operator of more than 41 public information systems. The foundations are real, and most countries envy them. The missing piece is not another register or another portal. It is the orchestration layer that makes the state assemble itself around the citizen—and the citizen stop being the integrator of the state. This article describes that architecture in twelve divisions.

The first division is Identity. Today a Czech citizen proves who they are through NIA, BankID, the Mobile Key, or eDoklady—a real, working identity layer, if a fragmented one. The agentic state extends it to the European identity wallet and, crucially, to the agents themselves, so the state can tell its own sovereign agent from an impostor and a citizen’s agent from a stranger’s.

The second division is The Registers. ROB, ROS, RÚIAN, and RPP are the country’s authoritative sources of truth—a genuine asset. But the Informační koncepce itself admits there is no unified data model and no data stewards for all entities. The agentic state makes the registers the single, governed source every agent queries—and never copies.

The third division is The Data Fund. The propojený datový fond, with ISZR and eGSB/ISSS, is the plumbing that lets agencies query one another instead of demanding the same fact twice. It exists in law and in part in practice. The agentic state turns it into the real-time query fabric on which “ask once, never copy” becomes architecture, not aspiration.

The fourth division is The Agenda Model. RPP—the register of rights and obligations—already encodes every agenda and service of the Czech state in machine-readable form. It is the country’s most underused asset. The agentic state makes RPP the law the agent reasons over, the formal model of what the state may and must do for a citizen in any situation.

The fifth division is The Channels. Datové schránky, Czech POINT, the Portál občana, and eDoklady are the front doors of the digital state—but they are doors the citizen must find, open, and walk through in the right order. The agentic state collapses them into one continuous conversation on any surface: voice, text, app, counter.

The sixth division is The Orchestration Layer. This is the piece that does not exist yet, and the reason the others underperform. There is no layer that composes agents dynamically across the 75 agendas the DIA touches to serve a single life event. Building it is the central act of the agentic state—the difference between a digital state and an agentic one.

The seventh division is The Runtime. The Czech state runs no production AI agents at scale today; it has a National AI Strategy 2030, a draft implementing law, and the EU AI Act to transpose. The agentic state gives it a sovereign, EU-hostable, inspectable model runtime, AI-Act-conformant by construction—cognition the state owns and can audit.

The eighth division is The Approval Layer. The správní řád requires that a human official decide matters of a citizen’s rights. This is not an obstacle—it is the architecture’s keystone. The agentic state keeps the official holding the pen: the agent prepares, the official approves, and the system runs inside existing law.

The ninth division is Decision and Audit. Today an administrative decision produces a file; an agentic decision must produce a reason and a record. This division builds the reason traces, decision logs, and appeal paths that make every agentic decision contestable—the SCHUFA principle rendered as infrastructure.

The tenth division is Governance and Mandate. The DIA, the Digitální Česko program, and Act 12/2020 on the right to digital services already define who owns the digital agenda. The agentic state adds the founding act—a government resolution—and the expert center to execute it, turning a fragmented mandate into a delivery engine.

The eleventh division is Infrastructure. The eGovernment cloud and the CLOUDIA private cloud are where Czech public IT already runs. The agentic state turns this into the sovereign compute and hosting floor on which the model runtime stands—because a state that cannot host its own cognition does not own it.

The twelfth division is Resilience. The current state is fragmented but, precisely because it is fragmented, it fails locally. The agentic state must not trade that accidental resilience for a brittle monoculture. This division guarantees the manual fallback, model diversity, data stewardship, and data quality that keep the whole architecture trustworthy.

This article is a field guide to the architecture of the Czech Agentic State. It describes twelve divisions, and dissects each one identically—the Layer it defines, its Current state in the Czech Republic right now, the Gap that holds it back, the seven properties of the agentic target, three patterns of how it works, ten components, the four “from → to” shifts it makes, the concrete moves to build it, and an honest ledger of advantages and risks. It closes with a phased Action Plan anchored to the DIA and the existing Czech stack, and a named deliverable: the Czech Agentic State Architecture Charter.

Summary

01 :: Identity

• The layer: who the citizen—and the agent—is.

• What exists now: NIA, BankID, Mobile Key, eDoklady (2024).

• The gap: fragmented identity means; no identity for agents.

• The agentic target: the EU wallet plus verifiable identity for agents.

02 :: The Registers

• The layer: the authoritative sources of truth.

• What exists now: ROB, ROS, RÚIAN, RPP under the DIA.

• The gap: no unified data model, no data stewards for all entities.

• The agentic target: one governed source every agent queries, never copies.

03 :: The Data Fund

• The layer: the exchange fabric between agencies.

• What exists now: the propojený datový fond, ISZR, eGSB/ISSS.

• The gap: partial implementation; uneven real-time query.

• The agentic target: the live fabric that makes “ask once, never copy” real.

04 :: The Agenda Model

• The layer: the machine-readable rights and obligations of the state.

• What exists now: RPP encodes every agenda and service.

• The gap: RPP is underused as a reasoning substrate.

• The agentic target: the formal law the agent reasons over.

05 :: The Channels

• The layer: the citizen’s front door to the state.

• What exists now: datové schránky, Czech POINT, Portál občana, eDoklady.

• The gap: many doors the citizen must find and sequence.

• The agentic target: one continuous conversation on any surface.

06 :: The Orchestration Layer

• The layer: dynamic composition of agents across agendas.

• What exists now: nothing—this is the missing piece.

• The gap: no cross-agenda orchestration exists today.

• The agentic target: the layer that assembles the state around a life event.

07 :: The Runtime

• The layer: the model cognition the state runs on.

• What exists now: strategy and draft law; no production agents at scale.

• The gap: no sovereign, inspectable runtime.

• The agentic target: EU-hostable, AI-Act-conformant cognition the state owns.

08 :: The Approval Layer

• The layer: the human decision on a citizen’s rights.

• What exists now: the správní řád requires an official to decide.

• The gap: no agent-to-official preparation workflow.

• The agentic target: the official holds the pen; the agent prepares.

09 :: Decision and Audit

• The layer: reasons, records, and recourse.

• What exists now: administrative files, limited machine reasons.

• The gap: no reason traces or contestability for automated steps.

• The agentic target: every decision carries a reason and an appeal.

10 :: Governance and Mandate

• The layer: who owns and authorizes the transformation.

• What exists now: DIA, Digitální Česko, Act 12/2020.

• The gap: fragmented delivery; lagged statutory deadlines.

• The agentic target: a founding resolution and an expert delivery center.

11 :: Infrastructure

• The layer: the compute and hosting floor.

• What exists now: eGovernment cloud, CLOUDIA private cloud.

• The gap: not yet a sovereign runtime host.

• The agentic target: the sovereign compute floor under the cognition.

12 :: Resilience

• The layer: the guarantees that keep the architecture trustworthy.

• What exists now: accidental resilience from fragmentation.

• The gap: weak data quality, no manual-fallback guarantee for agents.

• The agentic target: manual fallback, diversity, stewardship, quality.

The Twelve Divisions

01 :: Identity

The Layer

The Identity division establishes, beyond doubt, who the citizen is and—newly—who an agent is, so that every action in the agentic state is bound to an authenticated person and an authenticated agent acting on their behalf.

It functions as the root of trust of the whole architecture: nothing above it can be trusted further than the identity beneath it.

Current state :: what exists now in the Czech Republic

1. NIA (Národní bod pro identifikaci a autentizaci)—the national identity broker, operated by the DIA.

2. BankID—bank-issued identity, the most widely used real-world means of proving who you are.

3. The Mobile Key (Mobilní klíč eGovernmentu) and eObčanka—state-issued electronic identity.

4. eDoklady (2024)—mobile identity and documents, the newest and fastest-growing channel.

5. eIDAS cross-border recognition, with the EU Digital Identity Wallet on the horizon.

The gap :: where we are slow or fragmented

• Identity is fragmented across several means with uneven coverage and user experience.

• There is no identity for agents at all—the state cannot yet authenticate a software actor acting for a citizen or for itself.

• Authentication failure has no guaranteed graceful fallback designed for an agentic flow.

The agentic target :: 7 properties of the layer done right

1. Unified — one coherent identity experience across NIA, BankID, and eDoklady.

2. Wallet-based — built on the EU Digital Identity Wallet (eIDAS2) as the default.

3. Agent-aware — verifiable credentials authenticate agents, not only humans.

4. Delegable — a citizen can authorize an agent to act, revocably and provably.

5. Selective — minimal disclosure; the agent learns only the attribute it needs.

6. Inclusive — a guaranteed non-digital path for those who cannot authenticate.

7. Auditable — every authentication and delegation is logged and inspectable.

Three patterns of how it works

1. Authenticate → delegate → act

   • The citizen authenticates

   • They delegate authority to an agent, provably

   • The agent acts within that mandate

2. Human identity → agent identity → bound action

   • The person is identified

   • The agent is identified

   • Each action is bound to both

3. Request → minimal disclosure → log

   • An attribute is requested

   • The minimum is disclosed

   • The disclosure is logged

Ten components :: the building blocks

1. NIA (the national identity broker)

2. BankID (bank-issued identity)

3. Mobile Key / eObčanka (state electronic identity)

4. eDoklady (mobile documents)

5. The EU Digital Identity Wallet (eIDAS2)

6. Verifiable credentials for agents (DIDs/VCs)

7. A delegation registry (who authorized which agent)

8. Selective-disclosure protocols (minimal attributes)

9. A guaranteed non-digital fallback (inclusion)

10. Authentication and delegation logs (audit)

The shift :: four “from → to” moves

1. From fragmented means to a unified wallet

   • One coherent identity built on eIDAS2.

2. From human-only to human-and-agent identity

   • Agents are authenticated actors too.

3. From implicit to provable delegation

   • A citizen’s authorization of an agent is explicit and revocable.

4. From all-or-nothing to selective disclosure

   • The agent learns the minimum, nothing more.

How to build it

A. Make the EU wallet the spine, not a parallel track

• Converge NIA, BankID, and eDoklady onto the EU Digital Identity Wallet rather than adding a fifth silo.

• Example: issue agent-delegation credentials through the same wallet a citizen already uses for eDoklady.

B. Give agents verifiable identity

• Issue every sovereign and citizen agent a credential the state can check.

• Example: a state benefits-agent carries a credential that an agency can verify before accepting its request.

C. Guarantee the fallback in design

• Ensure no right depends on a successful authentication; a human path always exists.

• Example: a Czech POINT counter remains a full, non-digital route to every agentic service.

Advantages and risks

Advantages

1. A single, trustworthy root for the whole architecture.

2. Agents that can be authenticated and held to a mandate.

3. Provable, revocable delegation from citizen to agent.

4. Minimal disclosure as a built-in privacy property.

Risks

1. Converging existing means is politically and technically hard.

2. Agent identity is an immature standard with real attack surface.

3. Delegation, if abused, lets an agent overreach a citizen’s intent.

4. Wallet dependence concentrates risk in one credential store.

What needs to be done :: implementation backlog

The work to implement (current → future):

1. Converge NIA, BankID, the Mobile Key, and eDoklady behind one identity experience aligned to the EU Digital Identity Wallet (eIDAS2)—stop adding silos.

2. Issue the EU Digital Identity Wallet to citizens and make it the default credential for agentic flows.

3. Build an agent-identity scheme—verifiable credentials (DIDs/VCs) for every state agent and every citizen agent.

4. Stand up a delegation registry recording which agent a citizen authorized, with provable, revocable mandates.

5. Implement selective disclosure (minimal-attribute requests) across all identity means.

6. Define and deploy a guaranteed non-digital fallback (the Czech POINT route) so authentication failure never denies a right.

7. Centralize authentication and delegation logging, citizen-visible.

8. Certify the layer against eIDAS2 and the AI Act wherever identity feeds a decision.

Principles to apply:

• Inclusive Legibility — everyone recognized; the fallback is a right.

• Sovereign-European Runtime — the EU wallet, not a foreign credential broker.

• Minimization Is the Privacy Firewall — selective disclosure by default.

• The Citizen Is No Longer the Integrator — delegation is what lets an agent act for a citizen at all.

The architecture state change:

• Today: four-plus separate identity means, no identity for agents, no provable delegation. → Future: one wallet-based identity, verifiable agent credentials, provable and revocable delegation, minimal disclosure, a guaranteed human fallback.

The advantages of getting there:

1. A single, trustworthy root of trust for the entire architecture.

2. Agents can lawfully and revocably act for citizens—unlocking every higher division.

3. Privacy improves (minimal disclosure) even as capability grows.

4. eIDAS2 alignment delivers cross-border, EU-interoperable identity.

5. No citizen is excluded—the fallback is guaranteed in design.

02 :: The Registers

The Layer

The Registers division holds the authoritative facts of the state—who exists, which organizations exist, where places are, and what every agenda may and must do—so that the whole agentic state reasons from one governed source of truth rather than a thousand drifting copies.

It functions as the source of truth of the architecture: the ground on which every agent’s decision stands.

Current state :: what exists now in the Czech Republic

1. ROB (Registr obyvatel)—the authoritative register of residents.

2. ROS (Registr osob)—the authoritative register of organizations and businesses.

3. RÚIAN—the register of territorial identification, addresses, and real estate.

4. RPP (Registr práv a povinností)—the register of agendas, rights, and obligations.

5. The base registers are operated by the DIA through the reference interface (ISZR, eGSB/ISSS).

The gap :: where we are slow or fragmented

• The Informační koncepce admits there is no unified data model and no systematic categorization of data across agendas.

• Data stewards are not established for all data entities, and there is no systematic data-quality monitoring.

• Many agendas still do not keep data as the law requires, weakening the authority of the source.

The agentic target :: 7 properties of the layer done right

1. Authoritative — one designated, legally binding source per class of fact.

2. Modeled — a unified data model spanning agendas, not per-system silos.

3. Stewarded — a named data steward accountable for every entity.

4. Quality-monitored — systematic, continuous data-quality measurement.

5. Queryable — readable in real time through the reference interface.

6. Governed — purpose-bound, logged access to every fact.

7. Never copied — agents read the source; they do not shadow it.

Three patterns of how it works

1. Designate → steward → maintain

   • One register is authoritative

   • A steward owns its quality

   • It is maintained as the source

2. Query → use → forget

   • An agent queries the register

   • Uses the fact

   • Retains no copy

3. Model → categorize → govern

   • Data is modeled uniformly

   • Categorized by agenda

   • Access is governed

4. (patterns held to three)

Ten components :: the building blocks

1. ROB (residents)

2. ROS (organizations)

3. RÚIAN (addresses and real estate)

4. RPP (agendas, rights, obligations)

5. The reference interface (ISZR, eGSB/ISSS)

6. A unified data model (the missing piece)

7. Designated data stewards (accountable owners)

8. Data-quality monitoring (systematic, continuous)

9. Purpose-binding and access logs (governance)

10. A no-copy policy (query, never shadow)

The shift :: four “from → to” moves

1. From siloed data to a unified model

   • One model spans agendas instead of per-system fragments.

2. From unowned data to stewarded data

   • Every entity has an accountable steward.

3. From unmeasured to quality-monitored

   • Data quality is measured systematically.

4. From copies to queries

   • Agents read the authoritative source and never duplicate it.

How to build it

A. Appoint data stewards before building agents

• Make the registers trustworthy by naming accountable owners for every entity.

• Example: the Informační koncepce’s own diagnosis—missing data stewards—becomes the first thing the agentic program fixes.

B. Build the unified data model

• Replace per-system data definitions with one model spanning agendas.

• Example: a single, governed model that ROB, ROS, RÚIAN, and RPP share, so an agent reasons consistently across them.

C. Forbid the shadow copy

• Mandate that agents query the registers and never maintain duplicates.

• Example: a benefits-agent reads the resident’s address from ROB at decision time rather than caching it.

Advantages and risks

Advantages

1. One consistent truth for the entire state.

2. Accountable stewardship and measurable quality.

3. Minimization—no shadow copies to leak.

4. A reliable substrate for cross-agenda composition.

Risks

1. A wrong fact in a register propagates everywhere instantly.

2. Establishing stewardship across agencies is politically hard.

3. Real-time query availability becomes mission-critical.

4. A unified model is a large, slow undertaking that must not stall delivery.

What needs to be done :: implementation backlog

The work to implement (current → future):

1. Appoint named data stewards for every data entity across ROB, ROS, RÚIAN, and RPP—close the Informační koncepce’s own diagnosed gap.

2. Build the unified data model spanning agendas, replacing per-system definitions.

3. Stand up systematic, continuous data-quality monitoring with published metrics.

4. Bring every agenda’s data into legal compliance with record-keeping requirements.

5. Designate one legally authoritative source per class of fact.

6. Enforce a no-copy policy—agents query the registers, never shadow them.

7. Add purpose-binding and access logging at the register level.

8. Build identity resolution linking a citizen reliably to the authoritative record.

Principles to apply:

• The Register Is the Single Source of Truth — one governed source, not many copies.

• Ask Once, Never Copy — the registers are read, not duplicated.

• Build on What We Already Have — the registers exist; fix their governance.

• Minimization Is the Privacy Firewall — no shadow hoards to leak.

The architecture state change:

• Today: authoritative registers but no unified model, no stewards, weak quality, some non-compliant data. → Future: one governed data model, accountable stewards, measured quality, a single source per fact, query-not-copy enforced.

The advantages of getting there:

1. A trustworthy substrate—every higher division stands on reliable facts.

2. One consistent truth across the whole state, ending contradictory records.

3. Minimization by construction—no duplicate stores to breach.

4. The precondition that makes cross-agenda composition safe.

5. Legal compliance for data the law already governs.

03 :: The Data Fund

The Layer

The Data Fund division is the live exchange fabric that lets any agency—and any agent—query an authoritative fact from another agency at the moment of decision, so the citizen is asked for nothing the state already knows.

It functions as the circulatory system of the architecture: the channel through which truth moves between registers and agents without ever being copied.

Current state :: what exists now in the Czech Republic

1. The propojený datový fond (PPDF)—the connected data fund, legally enabled as the mechanism for once-only data sharing.

2. ISZR—the information system of the base registers, the reference interface to ROB, ROS, RÚIAN, RPP.

3. eGSB/ISSS—the shared services bus for agency-to-agency data exchange beyond the base registers.

4. The legal basis exists in the register and right-to-digital-services laws; sharing is mandated, not optional.

5. The DIA operates the reference interface as part of its base-register responsibility.

The gap :: where we are slow or fragmented

• Implementation is partial and uneven: many agendas still do not publish or consume data through the fund.

• Real-time, decision-time query is not yet the default; batch and manual exchange persist.

• Without the unified data model and stewardship of Division 02, the fund moves data of uncertain quality.

The agentic target :: 7 properties of the layer done right

1. Real-time — facts are queried at the moment of decision, not synced in batches.

2. Universal — every agenda publishes and consumes through the fund.

3. Once-only by default — the citizen is never asked for a held fact.

4. Purpose-bound — each query is tied to a stated, lawful purpose.

5. Logged — every exchange is recorded and citizen-visible.

6. Minimal — only the needed attribute crosses the fabric.

7. Resilient — the fund is treated as critical infrastructure.

Three patterns of how it works

1. Need → query → deliver

   • An agent needs a fact

   • It queries the fund

   • The authoritative source delivers it

2. Publish → discover → consume

   • Agencies publish authoritative data

   • Consumers discover the source

   • They consume it on demand

3. Bind → log → minimize

   • Each query is purpose-bound

   • Logged for audit

   • Minimized to the needed attribute

4. (patterns held to three)

Ten components :: the building blocks

1. The propojený datový fond (the fabric)

2. ISZR (base-register reference interface)

3. eGSB/ISSS (shared services bus)

4. Real-time query APIs (decision-time access)

5. A service/data catalog (what is available)

6. Purpose-binding (lawful query)

7. Access logging (citizen-visible)

8. Selective disclosure (minimal attributes)

9. Quality gating (no bad data moves)

10. Resilience and availability (critical infrastructure)

The shift :: four “from → to” moves

1. From batch sync to real-time query

   • Facts move at decision time, not on a schedule.

2. From partial to universal participation

   • Every agenda joins the fund.

3. From asking the citizen to asking the source

   • Once-only becomes the default behavior.

4. From opaque to logged, purpose-bound exchange

   • Every movement of data is recorded and constrained.

How to build it

A. Make real-time query the default

• Move agendas from batch and manual exchange to decision-time query through the fund.

• Example: an agent resolving a benefit queries income and address live through ISZR/eGSB rather than requesting documents.

B. Onboard every agenda

• Drive universal publication and consumption so no fact stays trapped in a silo.

• Example: complete the PPDF connection for the agendas behind the first life-event service before launching it.

C. Gate on quality and log on access

• Let no low-quality data move, and make every exchange citizen-visible.

• Example: a citizen dashboard showing which agency queried which fact, for what purpose.

Advantages and risks

Advantages

1. The architectural basis for “ask once, never copy.”

2. Real-time consistency across the whole state.

3. Minimization and auditability by construction.

4. A reusable fabric every life-event service stands on.

Risks

1. A central exchange fabric is a high-value attack target.

2. Real-time availability becomes mission-critical.

3. It moves only data as good as the registers beneath it.

4. Universal onboarding is slow and politically contested.

What needs to be done :: implementation backlog

The work to implement (current → future):

1. Make real-time query the default through ISZR and eGSB/ISSS; retire batch and manual exchange for onboarded agendas.

2. Onboard every agenda to publish and consume through the propojený datový fond.

3. Build a service/data catalog of everything queryable, with its authoritative source.

4. Implement purpose-binding and citizen-visible access logs on every exchange.

5. Add selective disclosure (minimal attribute) at the fabric level.

6. Add quality gating so low-quality data cannot move.

7. Harden the fund as critical infrastructure—availability, redundancy, security.

8. Ship a citizen data-access dashboard showing who queried what, and why.

Principles to apply:

• Ask Once, Never Copy — the fund is the channel that makes once-only real.

• Minimization Is the Privacy Firewall — purpose-bound, minimal, logged.

• The Register Is the Single Source of Truth — the fund moves authoritative facts only.

• The Manual Fallback Never Dies — the fund is treated as critical, with resilience.

The architecture state change:

• Today: the PPDF is legally enabled but partially implemented; batch and manual exchange persist. → Future: universal real-time query, once-only by default, every exchange logged, minimal, and quality-gated, hardened as critical infrastructure.

The advantages of getting there:

1. “Ask once, never copy” becomes architecture, not aspiration.

2. Real-time consistency across every agency.

3. Auditability and privacy built into every data movement.

4. A reusable fabric every life-event service stands on.

5. The citizen sees and controls how their data is used.

04 :: The Agenda Model

The Layer

The Agenda Model division is the machine-readable formalization of what the Czech state may and must do—every agenda, right, obligation, and service—so that an agent can reason over the law itself rather than over a developer’s re-interpretation of it.

It functions as the rulebook of the architecture: the formal model of state authority the agent consults to know what is permitted, required, and owed.

Current state :: what exists now in the Czech Republic

1. RPP (Registr práv a povinností) already encodes the agendas of the state, their legal basis, and the data they may process.

2. RPP defines who may do what to whose data under which agenda—a genuine formal model of authority.

3. The catalog of services under Act 12/2020 enumerates the digital services the state owes citizens.

4. RPP is maintained as a base register under the DIA.

5. It is, today, primarily an access-control and registration instrument, not a reasoning substrate.

The gap :: where we are slow or fragmented

• RPP is underused: it governs access but is not exposed as a model an agent can reason over.

• The catalog of services has lagged its statutory deadlines under Act 12/2020; many services are not yet delivered digitally end-to-end.

• The link between the formal agenda model and executable service logic is weak or absent.

The agentic target :: 7 properties of the layer done right

1. Reasoned-over — the agent consults RPP to know what it may and must do.

2. Complete — every agenda and service is modeled, not just registered.

3. Executable-linked — the model connects to the logic that delivers the service.

4. Authoritative — the model is the single source of “what the state owes.”

5. Versioned — changes in law update the model traceably.

6. Bounded — the agent cannot act outside the modeled agenda.

7. Auditable — every action maps to a modeled right or obligation.

Three patterns of how it works

1. Situation → agenda → permitted action

   • A citizen’s situation is identified

   • The relevant agenda is found in RPP

   • The permitted and required actions follow

2. Model → bound → execute

   • The model defines the bounds

   • The agent acts within them

   • Execution is constrained by the model

3. Law changes → model updates → behavior updates

   • The law changes

   • The model is updated

   • Agent behavior follows automatically

4. (patterns held to three)

Ten components :: the building blocks

1. RPP (the register of rights and obligations)

2. The agenda model (formal authority)

3. The service catalog (what is owed, under Act 12/2020)

4. Legal-basis links (each action to its statute)

5. Executable service logic (the delivery layer)

6. Versioning (law-change traceability)

7. Bounding rules (the agent’s permitted envelope)

8. Obligation triggers (what the state must do, when)

9. Mapping to registers (which data each agenda may use)

10. Audit mapping (action → modeled right)

The shift :: four “from → to” moves

1. From access control to reasoning substrate

   • RPP becomes a model the agent reasons over.

2. From registered to executable

   • The agenda model links to the logic that delivers.

3. From developer interpretation to formal law

   • The agent consults the model, not a coder’s paraphrase.

4. From lagging catalog to delivered services

   • The Act 12/2020 catalog is realized end-to-end.

How to build it

A. Expose RPP as a reasoning model

• Turn the access-control register into a model the agent can query to know its permitted envelope.

• Example: before acting, an agent checks RPP for the agenda, its legal basis, and the data it may use.

B. Close the Act 12/2020 catalog

• Deliver the digital services the law already mandates, end-to-end, starting with the first life event.

• Example: the birth-of-a-child bundle realizes the catalog entries it touches, paying down the statutory backlog.

C. Link the model to executable logic

• Connect each modeled obligation to the service that fulfills it.

• Example: an “obligation to offer” in the model triggers the proactive offer in Division 05.

Advantages and risks

Advantages

1. The agent reasons over the law, not a paraphrase of it.

2. Actions are bounded and auditable against modeled rights.

3. Law changes propagate to behavior traceably.

4. The Act 12/2020 catalog finally gets delivered.

Risks

1. Formalizing the full agenda model is a large undertaking.

2. A wrong model causes wrong action at scale.

3. Law is ambiguous; not everything formalizes cleanly.

4. Over-formalization can ossify discretion the law intends to preserve.

What needs to be done :: implementation backlog

The work to implement (current → future):

1. Expose RPP as a queryable reasoning model—permitted and required actions per agenda, not just access control.

2. Link each modeled agenda to its legal basis and to executable service logic.

3. Implement bounding rules so an agent can act only within its modeled agenda.

4. Add versioning so a change in law updates the model traceably.

5. Encode obligation triggers—what the state must do, and when—as the basis for proactive offers.

6. Map each agenda to the register data it may use.

7. Deliver the Act 12/2020 service catalog end-to-end, starting with the first life event.

8. Build audit mapping—every agent action maps to a modeled right or obligation.

Principles to apply:

• Within Today’s Law First — the model encodes existing law the agent obeys.

• The Official Holds the Pen — the model bounds what the agent may even prepare.

• Predict, Then Offer — obligation triggers are what make proactivity lawful.

• Contestability with a Named Defendant — every action traces to a modeled rule.

The architecture state change:

• Today: RPP is an access-control register, underused; the Act 12/2020 catalog lags its deadlines. → Future: RPP is a reasoning substrate, executable-linked and versioned, and the service catalog is delivered.

The advantages of getting there:

1. The agent reasons over the law itself, not a developer’s paraphrase.

2. Actions are bounded and auditable against modeled rights.

3. Changes in law propagate to behavior traceably.

4. The Act 12/2020 backlog is finally paid down, service by service.

5. Proactive offers rest on a lawful obligation, not a guess.

05 :: The Channels

The Layer

The Channels division is the citizen’s front door to the state—collapsing the many portals, mailboxes, and counters into one continuous conversation that follows the citizen across voice, text, app, and counter.

It functions as the interface of the architecture: the surface where the agentic state meets the human, on the human’s terms.

Current state :: what exists now in the Czech Republic

1. Datové schránky (ISDS)—data mailboxes, now active for businesses and, since 2023, far more individuals.

2. Czech POINT—the network of assisted, in-person counters at post offices and municipalities.

3. Portál občana and Portál veřejné správy—the citizen and public-administration web portals.

4. eDoklady (2024)—the mobile app for identity and documents, growing quickly.

5. Each channel is a separate door the citizen must find, log into, and navigate.

The gap :: where we are slow or fragmented

• The channels are disconnected: the citizen must know which door to use for which need.

• There is no conversational, natural-language entry to the state; everything is forms and portals.

• Uptake lags the infrastructure—DESI 2024 shows strong skills but below-average use of digital public services relative to potential.

The agentic target :: 7 properties of the layer done right

1. Conversational — natural language, not form codes, is the interface.

2. Any-surface — voice, text, app, and counter, interchangeably.

3. Continuous — one conversation that resumes across device and time.

4. Channel-adaptive — the state fits the citizen’s surface, not the reverse.

5. Accessible — voice and plain language include those portals exclude.

6. Assisted-and-self-service — Czech POINT remains a full human path.

7. Identity-bound — every channel ties to the citizen’s authenticated identity.

Three patterns of how it works

1. Speak → understand → act

   • The citizen states a need in natural language

   • The agent understands intent

   • It acts across the state

2. Begin → persist → resume

   • A conversation begins on one surface

   • Context persists

   • It resumes on another

3. Self-service → assisted → human

   • The citizen self-serves where able

   • Assisted where needed

   • A human path always remains

4. (patterns held to three)

Ten components :: the building blocks

1. A conversational agent front end (the new door)

2. Datové schránky (official communication)

3. Czech POINT (assisted human channel)

4. Portál občana (the existing web door)

5. eDoklady (mobile identity and documents)

6. Voice and natural-language understanding

7. Persistent conversation state (continuity)

8. Channel-adaptive rendering (fit the surface)

9. Accessibility features (inclusion)

10. Human handoff (escalation to an official)

The shift :: four “from → to” moves

1. From many doors to one conversation

   • The citizen states a need, not a destination.

2. From forms to natural language

   • The interface is speech and text.

3. From the state’s channel to the citizen’s

   • Access happens on the citizen’s surface and time.

4. From sessions to continuity

   • Context follows the citizen across devices.

How to build it

A. Put a conversational agent in front of the existing portals

• Add a natural-language front door that reaches the existing channels, rather than a sixth portal.

• Example: a citizen says “I’m starting a business” and the agent drives the živnost, tax, and insurance registrations behind the existing systems.

B. Keep Czech POINT as a guaranteed human path

• Preserve the assisted counter as a full route to every agentic service.

• Example: the same birth-of-a-child bundle is completable at a Czech POINT counter, not only in an app.

C. Bind every channel to one identity and one conversation

• Make the conversation continuous across datové schránky, web, app, and counter.

• Example: begin a request in eDoklady and complete it via datová schránka without restarting.

Advantages and risks

Advantages

1. One front door instead of many the citizen must sequence.

2. Natural language includes those portals exclude.

3. Continuity across channels and time.

4. Higher uptake of services the state already offers.

Risks

1. A conversational layer can obscure what the state is doing.

2. Voice and natural language introduce recognition errors.

3. Cross-channel continuity widens the security surface.

4. A new front end must not become yet another disconnected door.

What needs to be done :: implementation backlog

The work to implement (current → future):

1. Build a conversational (voice + text) agent front door over the existing portals—one entry, not a sixth silo.

2. Integrate datové schránky, Portál občana, eDoklady, and Czech POINT into one continuous conversation.

3. Persist conversation and identity context across devices and channels.

4. Add natural-language understanding and voice, with channel-adaptive rendering.

5. Guarantee Czech POINT as a full human path to every agentic service.

6. Build accessibility—plain language and assistive features—as first-class.

7. Implement human handoff to a named official with the full context attached.

8. Bind every channel to the citizen’s authenticated identity.

Principles to apply:

• Any Surface, One Continuous Conversation — the citizen’s channel, not the state’s.

• The Manual Fallback Never Dies — Czech POINT remains a complete route.

• The Citizen Is No Longer the Integrator — one stated need, not many doors.

• Inclusive Legibility — voice and plain language include those portals exclude.

The architecture state change:

• Today: disconnected portals and mailboxes, form-driven, the citizen must find the right door; uptake lags the infrastructure (DESI 2024). → Future: one conversational front door over the existing systems, any surface, continuous, with a guaranteed human path—and higher uptake.

The advantages of getting there:

1. One front door instead of many the citizen must sequence.

2. Natural language includes the digitally excluded.

3. Continuity—context follows the citizen across devices and time.

4. Higher take-up of services the state already offers.

5. The dignity of a state that comes to the citizen.

06 :: The Orchestration Layer

The Layer

The Orchestration Layer is the piece the Czech state does not yet have: the layer that composes agents dynamically across the dozens of agendas to serve a single life event—and the layer whose absence is the reason the foundations underperform.

It functions as the engine of the architecture: the difference between a digital state that holds the pieces and an agentic state that assembles them.

Current state :: what exists now in the Czech Republic

1. Nothing composes across agendas today. Each agenda runs its own system; the citizen is the integrator.

2. The DIA touches 75 agendas and operates 40-plus information systems—but as a portfolio, not an orchestra.

3. The data fund can move facts, but no layer decides which agents to assemble for a given need.

4. Services are per-agenda, not per-life-event.

5. This is the single largest gap between the Czech digital state and an agentic one.

The gap :: where we are slow or fragmented

• There is no orchestration layer at all—it must be built, not improved.

• Cross-agency coordination today is manual, sequential, and citizen-driven.

• Without orchestration, every other division remains a disconnected capability.

The agentic target :: 7 properties of the layer done right

1. Composing — assembles agents across agendas for one request.

2. Dynamic — composition is formed per request, not hard-wired.

3. Life-event-shaped — organized around human moments, not agendas.

4. Discovery-driven — finds the right agents from a capability registry.

5. Verifying — checks every inter-agent handoff (the failure point).

6. Observable — composed services are monitored end-to-end.

7. The moat — the topology of composition is the state’s hardest-won asset.

Three patterns of how it works

1. Life event → decompose → compose

   • A life event is declared

   • It is decomposed into agenda tasks

   • The relevant agents are composed

2. Registry → discover → assemble

   • Agents register capabilities

   • The orchestrator discovers them

   • It assembles them dynamically

3. Handoff → verify → continue

   • One agent hands off to another

   • The handoff is verified

   • The composition continues safely

4. (patterns held to three)

Ten components :: the building blocks

1. The orchestrator (the composer)

2. An agent capability registry (what each agent does)

3. Life-event-to-agenda mappings (the bundles)

4. Discovery and routing (find the right agents)

5. Inter-agent protocols (how agents hand off)

6. Handoff verification (the critical check)

7. The data fund (the shared substrate)

8. Composition policies (which agents may compose)

9. End-to-end monitoring (observe the whole)

10. Versioning (replace agents without breaking the whole)

The shift :: four “from → to” moves

1. From portfolio to orchestra

   • The state’s systems are composed, not merely owned.

2. From per-agenda to per-life-event

   • Service is organized around human moments.

3. From citizen-driven to state-driven coordination

   • The orchestrator integrates, not the citizen.

4. From static integration to dynamic composition

   • Compositions form per request.

How to build it

A. Build the orchestrator as the program’s core

• Treat the orchestration layer, not another portal, as the central deliverable.

• Example: the DIA builds one orchestrator that composes its 75 agendas, rather than 75 disconnected apps.

B. Start with one life-event composition

• Prove the layer on a single bundle before generalizing.

• Example: the birth-of-a-child service is the first composition—registry of birth triggers health, social, and benefit agents together.

C. Verify every handoff

• Make inter-agent handoff verification a first-class requirement, since it is where agentic systems fail.

• Example: the flood-response composition verifies that the insurance, housing, and permit steps each completed before reporting success.

Advantages and risks

Advantages

1. The missing layer that makes the state genuinely agentic.

2. Cross-agency services that match real life.

3. A compounding orchestration moat unique to the state that builds it.

4. Reuse—new life events recombine existing agents.

Risks

1. It concentrates enormous power and failure in one layer.

2. Inter-agent handoffs are the most common agentic failure mode.

3. It requires cross-agenda cooperation, which is politically hard.

4. A composed service is only as reliable as its weakest agent.

What needs to be done :: implementation backlog

The work to implement (current → future):

1. Build the orchestrator as the program’s central deliverable—not another portal.

2. Build an agent capability registry—what each of the agencies’ agents can do.

3. Define life-event → agenda bundles (birth, job loss, business, flood).

4. Implement discovery, routing, and inter-agent protocols for dynamic composition.

5. Implement handoff verification on every boundary—the agentic failure point.

6. Add end-to-end monitoring of each composed service.

7. Add composition policies governing which agents may compose.

8. Add versioning so agents are replaced without breaking compositions.

9. Ship the first composition (birth-of-a-child) and generalize from it.

Principles to apply:

• Agents Compose Across Ministries — composition is the product and the moat.

• The Life Event Is the Unit of Service — bundles, not agendas.

• The Citizen Is No Longer the Integrator — the orchestrator integrates, not the human.

• Resilient Pluralism — verified handoffs and modular, replaceable agents.

The architecture state change:

• Today: a portfolio of 75 agendas and 40-plus information systems with no layer composing them; the citizen is the integrator. → Future: an orchestra—dynamic, per-life-event composition across agendas, with verified handoffs and the state doing the integration.

The advantages of getting there:

1. The single missing layer that makes the state genuinely agentic.

2. Cross-agency services that match how people actually live.

3. A compounding orchestration moat unique to the state that builds it.

4. Reuse—new life events recombine existing agents.

5. The end of the citizen as the state’s unpaid clerk.

07 :: The Runtime

The Layer

The Runtime division is the model cognition the state runs on—the inspectable, EU-hostable, AI-Act-conformant models that power every agent—so that what the Czech state’s institutions may conclude and say is owned and auditable, not rented opaquely from a foreign power.

It functions as the mind of the architecture: the layer that reasons, drafts, and decides-in-preparation, beneath the orchestration that directs it.

Current state :: what exists now in the Czech Republic

1. The Czech state runs no production AI agents at scale; this layer is largely greenfield.

2. It has a National AI Strategy 2030 (approved 2024) and a 2026 action component within Digitální Česko.

3. A draft AI implementation law (2025) and the EU AI Act (2024/1689) define the coming legal frame.

4. There is no sovereign model-hosting capability dedicated to public administration.

5. Public bodies experiment with foreign commercial models, mostly outside any sovereign, inspectable runtime.

The gap :: where we are slow or fragmented

• There is no sovereign, inspectable runtime the state owns and can audit.

• AI use is ad hoc and ungoverned, risking exactly the vendor-dependence the agentic state must avoid.

• The legal frame (AI Act transposition, draft law) is arriving, not yet in force.

The agentic target :: 7 properties of the layer done right

1. Sovereign — the state owns and can replace its models.

2. Inspectable — open-weight or auditable, not an opaque API for core decisions.

3. EU-hostable — run on infrastructure the state controls.

4. AI-Act-conformant — the high-risk regime met by construction.

5. Bounded — the runtime acts only within the agenda model and approval layer.

6. Observable — every inference is logged for audit.

7. Revocable — no punitive lock-in to any single provider.

Three patterns of how it works

1. Host → audit → govern

   • The state hosts inspectable models

   • It audits their behavior

   • It governs what they may do

2. Conform → certify → deploy

   • Systems are built AI-Act-conformant

   • Certified

   • Deployed into agents

3. Reason → prepare → defer

   • The runtime reasons over a case

   • Prepares a determination

   • Defers the rights decision to the official

4. (patterns held to three)

Ten components :: the building blocks

1. Inspectable, EU-hostable models (the cognition)

2. Sovereign inference infrastructure (where they run)

3. AI-Act conformance (the high-risk regime)

4. Model audit and red-teaming (inspection)

5. The agenda model (the bounds on reasoning)

6. Inference logging (audit)

7. Evaluation and quality gates (is it good enough)

8. Provenance and bills-of-materials (supply-chain integrity)

9. A national capability (skills to run and modify)

10. A revocability plan (no lock-in)

The shift :: four “from → to” moves

1. From rented to sovereign cognition

   • The state controls the model that reasons for it.

2. From opaque to inspectable

   • Behavior is auditable and modifiable.

3. From ad hoc to governed AI

   • Use is bounded, conformant, and logged.

4. From lock-in to revocability

   • Dependence is always reversible.

How to build it

A. Stand up a sovereign, inspectable runtime

• Host EU-hostable models the state can audit, for any rights-relevant reasoning.

• Example: run the official-facing agent of Division 09 on an inspectable model under the EU AI Act, not an opaque foreign API.

B. Make AI-Act conformance the build standard

• Treat the high-risk regime as the design baseline, turning compliance into trust.

• Example: the draft Czech implementing law and the AI Act define the conformance the runtime meets from day one.

C. Bound the runtime by the agenda model

• Let the runtime reason only within what RPP permits, and defer rights decisions upward.

• Example: the model prepares a benefit determination but cannot issue it—the official does.

Advantages and risks

Advantages

1. The state’s institutions decide what they may conclude and say.

2. Auditable, governable cognition.

3. Conformance turned into trust.

4. A sovereign capability exportable to other EU states.

Risks

1. Sovereign hosting is costlier and slower than renting frontier APIs.

2. EU-hostable models may trail the global frontier in capability.

3. Compute and chip access remain partly externally constrained.

4. Building the capability requires scarce skills and sustained funding.

What needs to be done :: implementation backlog

The work to implement (current → future):

1. Stand up a sovereign, EU-hostable, inspectable model runtime for public administration.

2. Build AI-Act conformance into the runtime (the high-risk regime) by construction.

3. Bound the runtime by the agenda model and the approval layer—it reasons, it does not decide rights.

4. Implement inference logging and evaluation/quality gates.

5. Add provenance and AI bills-of-materials, with continuous red-teaming for poisoning.

6. Build national capability—the skills to run, evaluate, and modify models.

7. Define a revocability and exit plan—no punitive lock-in to any provider.

8. Transpose the EU AI Act and pass the implementing law as the legal base.

Principles to apply:

• Sovereign-European Runtime by Construction — owned, inspectable cognition.

• Within Today’s Law First — start on internal, official-facing use.

• The Official Holds the Pen — the runtime defers every rights decision.

• Resilient Pluralism — diversity, provenance, fail-soft from day one.

The architecture state change:

• Today: no production agents at scale, ad hoc use of foreign commercial models, ungoverned. → Future: a sovereign, inspectable, AI-Act-conformant runtime the state owns, governs, logs, and can revoke.

The advantages of getting there:

1. The state’s institutions decide what they may conclude and say.

2. Auditable, governable cognition rather than a rented black box.

3. AI-Act conformance turned into a trust asset.

4. A sovereign capability exportable to other EU states.

5. No vendor lock-in—models are replaceable.

08 :: The Approval Layer

The Layer

The Approval Layer is the human decision on a citizen’s rights: the agent prepares the case, a named official approves it, and the decision-maker of record remains the official—exactly as the správní řád requires today—so the whole architecture runs inside existing law.

It functions as the keystone of the architecture: the layer that makes everything beneath it lawful and accountable without changing a statute.

Current state :: what exists now in the Czech Republic

1. The správní řád (Administrative Procedure Code) requires that a human official decide matters affecting rights.

2. Officials today decide manually, assembling cases by hand across systems.

3. There is no agent-to-official preparation workflow; the agent does not yet exist to prepare.

4. The legal principle—a human decides—is exactly what lets the agentic state start without new law.

5. Accountability for a decision already attaches to a named official, a property to preserve.

The gap :: where we are slow or fragmented

• Officials spend effort on case assembly that an agent could do.

• There is no tooling for an official to review and approve an agent-prepared case.

• Without designed approval, automation risks degrading into rubber-stamping.

The agentic target :: 7 properties of the layer done right

1. Preparation, not decision — the agent readies the case; the official decides.

2. Within existing law — preserving the official as decider needs no statute change.

3. Empowered — the official has reasons, the power to amend, and the time to use them.

4. Named — accountability attaches to a specific human.

5. Bounded — routine actions complete autonomously; rights decisions route to a human.

6. Measured — override rates prove the approval is real, not perfunctory.

7. Auditable — preparation and approval are distinct, logged events.

Three patterns of how it works

1. Prepare → present → approve

   • The agent prepares the case

   • Presents it to the official

   • The official approves, amends, or rejects

2. Routine → autonomous; rights → human

   • Routine actions complete autonomously

   • Rights decisions route to a human

   • The boundary governs which path applies

3. Draft → review → own

   • The agent drafts

   • The official substantively reviews

   • The official owns the decision

4. (patterns held to three)

Ten components :: the building blocks

1. A preparation engine (agent casework)

2. An approval interface (where the official decides)

3. The rights/routine boundary (what needs a human)

4. Reason traces (so review is meaningful)

5. Amendment capacity (the official can change the draft)

6. Named accountability (the human owner)

7. Override metrics (proof the official decides)

8. Audit logs (preparation and approval as distinct events)

9. Escalation paths (complex cases upward)

10. Official training (supervisors of agent casework)

The shift :: four “from → to” moves

1. From manual assembly to agent preparation

   • The agent readies the case; the official decides.

2. From new law to existing law

   • Preserving the official as decider keeps the správní řád intact.

3. From rubber-stamp to empowered approval

   • The official is informed and able to change the outcome.

4. From diffuse to named accountability

   • Each decision has a human owner of record.

How to build it

A. Draw the rights/routine boundary explicitly

• Define which actions an agent may complete and which it may only prepare.

• Example: an agent may file a notification autonomously but only prepares a benefit determination for the official.

B. Build the approval interface

• Give officials the reasons, the power to amend, and the time to decide—then measure overrides.

• Example: the Czech concept’s own principle—”AI připravuje podklady, úředník schvaluje, proto není potřeba měnit správní řád”—made into a working tool.

C. Keep preparation and approval as separate logged acts

• Record what the agent prepared and what the official decided, distinctly.

• Example: an audit trail showing the draft and the human decision as two events.

Advantages and risks

Advantages

1. Due process preserved in substance.

2. Deployable within existing law—no statute change.

3. A named, accountable human for every rights decision.

4. Officials freed from case assembly for judgment.

Risks

1. Automation bias can hollow approval into rubber-stamping.

2. Case volume can pressure officials toward perfunctory review.

3. The rights/routine boundary will be contested at the edges.

4. Without real override capacity, approval becomes theater.

What needs to be done :: implementation backlog

The work to implement (current → future):

1. Define the rights/routine boundary explicitly—what an agent may complete versus only prepare.

2. Build the agent preparation engine—automated casework assembly across systems.

3. Build the official approval interface—reasons, the power to amend, and the time to use them.

4. Implement override metrics and audit, recording preparation and approval as distinct events.

5. Preserve named accountability for every rights decision.

6. Build escalation paths for complex cases.

7. Train officials as supervisors of agent casework, not form-fillers.

8. Stay within the správní řád—no statutory change required for phase one.

Principles to apply:

• The Official Holds the Pen — the keystone that keeps the system lawful.

• Within Today’s Law First — preservation of the official as decider needs no new law.

• Augmentation Over Automation — an empowered approver, not a rubber stamp.

• Contestability with a Named Defendant — accountability has a human address.

The architecture state change:

• Today: officials assemble cases by hand; no agent-to-official workflow; accountability already attaches to the official. → Future: the agent prepares, the official approves with real power to amend, overrides are measured, and the whole flow runs inside existing law.

The advantages of getting there:

1. Due process preserved in substance, not just form.

2. Deployable now—no statute must move first.

3. Officials freed from case assembly for genuine judgment.

4. A named, accountable human for every rights decision.

5. The crumple zone refused by design.

09 :: Decision and Audit

The Layer

The Decision and Audit division ensures that every action in the agentic state produces a reason and a record, and that every citizen can contest it—holding to the European principle that a computation which determines an outcome is itself the regulated decision.

It functions as the conscience of the architecture: the layer that makes power answerable and harm reversible.

Current state :: what exists now in the Czech Republic

1. Administrative decisions today produce a file and a written justification under the správní řád.

2. Appeal rights exist through established administrative and judicial review.

3. There are no machine reason traces for automated steps, because there are no agents yet.

4. Logging exists for systems, but not as citizen-facing, decision-level reasons.

5. The legal frame for automated decisions is arriving via the AI Act and the draft implementing law.

The gap :: where we are slow or fragmented

• There is no reason-trace or contestability layer designed for agentic decisions.

• Existing appeal is slow and document-heavy, ill-suited to high-volume automated steps.

• Without this layer, automated preparation risks harm without a clear, fast remedy.

The agentic target :: 7 properties of the layer done right

1. Reasoned — every decision carries an inspectable reason.

2. Recorded — decisions are logged and reproducible.

3. Contestable — an affordable appeal reaches an accountable human.

4. SCHUFA-aligned — the determining computation is treated as the decision.

5. Assisted — the citizen gets help to understand and challenge.

6. Time-bound — remedies arrive on a guaranteed timeline.

7. Transparent — citizens can see what was decided and why.

Three patterns of how it works

1. Decide → explain → contest

   • A decision is made

   • Its reasons are produced

   • The citizen can contest it

2. Appeal → human review → remedy

   • An appeal is filed affordably

   • An accountable human reviews

   • A remedy issues where warranted

3. Determine → regulate → assign

   • The determining computation is identified

   • Regulated as the decision

   • A named human is assigned responsibility

4. (patterns held to three)

Ten components :: the building blocks

1. Reason traces (for every decision)

2. Reproducible decision logs

3. Affordable appeal channels

4. An accountable human reviewer

5. The SCHUFA principle (determining computation = decision)

6. Pre-assigned liability (a named defendant)

7. Public-option assistance (to contest)

8. Explainability standards

9. Independent administrative and judicial review

10. Time-bound remedy guarantees

The shift :: four “from → to” moves

1. From file to reason trace

   • Every decision carries an inspectable reason.

2. From slow appeal to time-bound remedy

   • Recourse is fast, affordable, and effective.

3. From rubber-stamp to regulated computation

   • The determining computation is the decision.

4. From opaque to transparent

   • Citizens see what was decided and why.

How to build it

A. Generate a reason for every decision

• Make an inspectable reason trace a hard requirement of every agent action.

• Example: a benefit determination arrives with the facts queried, the rule applied, and the official who approved it.

B. Build a fast, assisted appeal

• Add an affordable, assisted appeal designed for high-volume automated steps.

• Example: a public-option agent that explains a decision and prepares the appeal, so contestability is not a privilege.

C. Adopt the SCHUFA principle in practice

• Treat any computation that effectively determines an outcome as the regulated decision.

• Example: the CJEU SCHUFA ruling (C-634/21) as the governing precedent, reaching past the stamp to the model.

Advantages and risks

Advantages

1. Power made answerable and harm reversible.

2. A named defendant and a fast remedy for every decision.

3. Trust earned through transparency and contestability.

4. Governable, auditable decision-making.

Risks

1. Reason traces can be gamed or made uninformative.

2. Appeal volume can overwhelm capacity without careful design.

3. Explainability of complex models is technically hard.

4. Assistance to contest requires sustained funding to stay real.

What needs to be done :: implementation backlog

The work to implement (current → future):

1. Mandate reason traces for every agent decision and preparation.

2. Build reproducible decision logs, reconstructable for review.

3. Build a fast, affordable, assisted appeal designed for high-volume automated steps.

4. Implement public-option assistance—an agent that explains a decision and prepares the appeal.

5. Adopt the SCHUFA principle in practice—the determining computation is the regulated decision.

6. Pre-assign liability—a named defendant—before any deployment.

7. Set explainability standards and time-bound remedy guarantees.

8. Provide citizen-visible transparency of what was decided and why.

Principles to apply:

• Contestability with a Named Defendant — always an answer, always a defendant.

• Augmentation Over Automation — a human reviews the appeal.

• Minimization Is the Privacy Firewall — logs are purpose-bound and minimal.

• Inclusive Legibility — assistance makes contestability available to all.

The architecture state change:

• Today: administrative files and written justifications, slow document-heavy appeal, no machine reasons for automated steps. → Future: a reason trace for every decision, a fast assisted appeal, the SCHUFA principle enforced, a named defendant, and time-bound remedies.

The advantages of getting there:

1. Power made answerable and harm reversible.

2. A named defendant and a fast remedy for every decision.

3. Trust earned through transparency and contestability.

4. Governable, auditable decision-making.

5. Contestability that is not a privilege of the well-resourced.

10 :: Governance and Mandate

The Layer

The Governance and Mandate division is who owns and authorizes the agentic state: the DIA as delivery owner, Act 12/2020 and the Digitální Česko program as the existing frame, and a founding government resolution as the act that turns a fragmented mandate into an engine.

It functions as the will of the architecture: the layer that decides the agentic state shall exist, and holds someone accountable for building it.

Current state :: what exists now in the Czech Republic

1. The DIA (since 2023) is the central authority for the digital agenda, gestor of 21 agendas and active in 54 more.

2. Act 12/2020 Sb. on the right to digital services is the country’s “digital constitution,” mandating a service catalog.

3. The Digitální Česko program and its 2026 implementation plan set direction and budget.

4. The National AI Strategy 2030 and the draft AI law frame the AI dimension.

5. Yet delivery is fragmented, and Act 12/2020’s catalog has lagged its statutory deadlines.

The gap :: where we are slow or fragmented

• Ownership exists but delivery is fragmented across bodies and budgets.

• The legal mandate (Act 12/2020) outran execution; deadlines slipped.

• There is no single founding act that names the agentic-state goal and an accountable owner.

The agentic target :: 7 properties of the layer done right

1. Mandated — a government resolution defines the goal and assigns responsibility.

2. Owned — the DIA is the named delivery owner.

3. Capable — an expert AI center gives the mandate hands.

4. Within law — phase one runs under existing legislation.

5. Accountable — public milestones make progress visible.

6. Resourced — a budget line backs the mandate.

7. Adjustable — the mandate updates as evidence arrives.

Three patterns of how it works

1. Resolution → owner → mobilization

   • A resolution issues

   • It assigns the owner

   • The administration mobilizes

2. Mandate → milestones → accountability

   • The goal is mandated

   • Milestones are set

   • Progress is held accountable

3. Pilot → evidence → targeted law

   • Pilots run within existing law

   • They produce evidence

   • Targeted legislation follows

4. (patterns held to three)

Ten components :: the building blocks

1. A founding government resolution (the mandate)

2. The DIA (delivery owner)

3. An expert AI center (capability)

4. Act 12/2020 (the right to digital services)

5. Digitální Česko (program and budget)

6. The National AI Strategy 2030 (AI direction)

7. Public milestones (accountability)

8. A budget line (resourcing)

9. The reform backlog (evidence-based law)

10. A revision mechanism (adjust to evidence)

The shift :: four “from → to” moves

1. From fragmented delivery to a named owner

   • The DIA owns the transformation end-to-end.

2. From lagging catalog to delivered services

   • Act 12/2020’s mandate is realized via pilots.

3. From statute-first to resolution-first

   • The founding is an executive act that starts now.

4. From ambition to accountable milestones

   • Progress is public and measurable.

How to build it

A. Found it by resolution and name the DIA

• Issue a government resolution defining the goal and assigning the DIA as owner.

• Example: a usnesení vlády that mandates the agentic-state program and an expert AI center at the DIA.

B. Deliver Act 12/2020 through the program

• Use the agentic program to finally realize the lagging service catalog.

• Example: each life-event bundle pays down the statutory catalog backlog it touches.

C. Legislate from evidence

• Write the targeted implementing law from working pilots, aligned with the AI Act.

• Example: the draft Czech AI law follows the pilots, enabling the next phase rather than blocking the first.

Advantages and risks

Advantages

1. A clear owner and a fast, executive founding.

2. The existing legal frame realized, not duplicated.

3. Accountable, public milestones.

4. Evidence-based, targeted legislation.

Risks

1. A resolution lacks the durability of law and can be reversed.

2. Fragmented budgets can still starve delivery.

3. Mandate without capability is empty—the expert center must be real.

4. Political turnover can break continuity across phases.

What needs to be done :: implementation backlog

The work to implement (current → future):

1. Issue a founding government resolution (usnesení vlády) naming the goal and the DIA as owner.

2. Stand up an expert AI center at the DIA as the delivery and capability home.

3. Set public milestones and a dedicated budget line.

4. Use the program to deliver the lagging Act 12/2020 service catalog.

5. Maintain an evidence-based reform backlog—the few laws the next phase needs.

6. Establish a reporting cadence and a revision mechanism.

7. Align with the National AI Strategy 2030 and Digitální Česko 2026.

8. Secure cross-ministry authority to orchestrate across agendas.

Principles to apply:

• Found It by Resolution, Not Statute — a fast executive mandate, not a new law.

• Officials Before Citizens — the sequencing the mandate enforces.

• Within Today’s Law First — phase one runs under existing legislation.

• Build on What We Already Have — the DIA, Digitální Česko, and Act 12/2020 exist.

The architecture state change:

• Today: ownership exists in the DIA, but delivery is fragmented and the Act 12/2020 catalog has slipped its deadlines. → Future: a single founding resolution, a capable owner (the DIA plus an expert center), public milestones, a delivered catalog, and evidence-based law.

The advantages of getting there:

1. A fast, executive founding that can start in weeks, not years.

2. A clear, accountable owner of the transformation.

3. The existing legal frame realized rather than duplicated.

4. Public, measurable milestones.

5. Targeted, evidence-based legislation instead of speculation.

11 :: Infrastructure

The Layer

The Infrastructure division is the compute and hosting floor beneath the cognition—the eGovernment cloud, the CLOUDIA private cloud, and the data centers on which the sovereign runtime must stand—because a state that cannot host its own cognition does not truly own it.

It functions as the ground of the architecture: the physical and operational floor that makes sovereign cognition possible.

Current state :: what exists now in the Czech Republic

1. The eGovernment cloud (eGC) is the framework for hosting public information systems.

2. CLOUDIA, the DIA’s private cloud, hosts part of the state’s systems.

3. Other systems run in state data centers and, in part, commercial clouds.

4. DESI 2024 notes a planned digital-transformation budget on the order of EUR 1.77 billion (about 0.6% of GDP).

5. There is no infrastructure dedicated to hosting a sovereign model runtime at scale.

The gap :: where we are slow or fragmented

• Hosting is split across eGC, CLOUDIA, state and commercial clouds, without a sovereign runtime floor.

• There is no strategic compute capacity earmarked for public-administration AI.

• Dependence on commercial clouds for AI risks the vendor lock-in the agentic state must avoid.

The agentic target :: 7 properties of the layer done right

1. Sovereign — compute and hosting the state controls.

2. Sufficient — capacity sized to run core governance under load.

3. Inspectable-friendly — able to host open, auditable models.

4. Resilient — redundant, with no single point of failure.

5. Consolidated — a coherent floor, not a scattered patchwork.

6. Efficient — cost-managed against real governance load.

7. Trusted-partner-extensible — able to share sovereign capacity across the EU.

Three patterns of how it works

1. Host → run → scale

   • The floor hosts the runtime

   • Agents run on it

   • Capacity scales with load

2. Consolidate → secure → operate

   • Scattered hosting is consolidated

   • Secured as critical infrastructure

   • Operated reliably

3. Reserve → provision → sustain

   • Strategic compute is reserved

   • Provisioned to agents

   • Sustained under stress

4. (patterns held to three)

Ten components :: the building blocks

1. The eGovernment cloud (eGC)

2. CLOUDIA (the DIA private cloud)

3. State data centers

4. Sovereign inference capacity (the missing piece)

5. Redundancy and resilience (no single point of failure)

6. Security and isolation (critical-infrastructure grade)

7. Capacity planning (sized to load)

8. Cost management (efficiency)

9. Trusted-partner capacity (EU sharing)

10. Energy and continuity (the power floor)

The shift :: four “from → to” moves

1. From scattered hosting to a consolidated floor

   • A coherent sovereign base, not a patchwork.

2. From commercial dependence to sovereign capacity

   • The state can host its own cognition.

3. From general cloud to inference-ready capacity

   • Capacity sized and shaped for agentic load.

4. From single-sourced to resilient and shared

   • Redundant and extensible across trusted partners.

How to build it

A. Consolidate onto a sovereign floor

• Bring AI hosting onto eGC/CLOUDIA-based sovereign capacity rather than scattered commercial clouds.

• Example: host the inspectable runtime of Division 07 on sovereign infrastructure the DIA controls.

B. Reserve strategic compute

• Earmark inference capacity sufficient to run core governance under load.

• Example: a compute reserve sized to the life-event services in the rollout, with headroom.

C. Build resilience and trusted-partner extensibility

• Make the floor redundant and able to share capacity across EU partners.

• Example: a trusted-partner arrangement for surge capacity that keeps cognition sovereign.

Advantages and risks

Advantages

1. Cognition the state genuinely owns and can audit.

2. A consolidated, resilient hosting floor.

3. Capacity sized to real governance load.

4. Extensibility across trusted EU partners.

Risks

1. Sovereign capacity is costlier than commercial cloud.

2. Building inference capacity requires scarce skills and chips.

3. Consolidation is a large migration with its own risk.

4. Underestimating load leaves the floor unable to sustain governance.

What needs to be done :: implementation backlog

The work to implement (current → future):

1. Consolidate AI hosting onto sovereign eGC/CLOUDIA-based capacity, off scattered commercial clouds.

2. Build or reserve strategic inference capacity sized to the life-event services, with headroom.

3. Make the floor inspectable-model-friendly—able to host open, auditable models.

4. Build redundancy and critical-infrastructure-grade security—no single point of failure.

5. Plan capacity against real governance load and manage cost.

6. Establish trusted-partner extensibility for surge capacity that keeps cognition sovereign.

7. Address the power and continuity floor beneath the compute.

8. Migrate scattered hosting onto the consolidated sovereign floor.

Principles to apply:

• Sovereign-European Runtime by Construction — the compute floor makes ownership real.

• Resilient Pluralism — redundancy and no single point of failure.

• Build on What We Already Have — eGC and CLOUDIA are the starting point.

• The Manual Fallback Never Dies — the floor is critical infrastructure.

The architecture state change:

• Today: hosting split across eGC, CLOUDIA, state data centers, and commercial clouds, with no sovereign inference floor. → Future: a consolidated, sovereign, inference-ready, resilient floor with a strategic compute reserve, extensible across trusted EU partners.

The advantages of getting there:

1. Cognition the state genuinely owns and can audit.

2. A consolidated, resilient hosting floor instead of a patchwork.

3. Capacity sized to real governance load.

4. Extensibility across trusted EU partners without losing sovereignty.

5. Lock-in avoided at the infrastructure layer.

12 :: Resilience

The Layer

The Resilience division guarantees that the agentic state, in gaining coherence, does not lose the accidental robustness of its fragmented past—preserving the manual fallback, model diversity, data stewardship, and data quality that keep the whole architecture trustworthy.

It functions as the immune system of the architecture: the layer that keeps a more powerful, more coupled state from becoming a more brittle one.

Current state :: what exists now in the Czech Republic

1. The current state is fragmented—and therefore fails locally, one agenda at a time.

2. Manual procedures still exist everywhere; the state can be, and is, run by hand.

3. But the Informační koncepce admits weak data quality, no unified model, and missing data stewards.

4. There is no agentic monoculture yet—and no guarantee one will not form carelessly.

5. Czech POINT and human offices provide a real, universal non-digital path today.

The gap :: where we are slow or fragmented

• Data quality and stewardship are weak, undermining trust in any automation built on them.

• As the state consolidates onto an orchestration layer and a shared runtime, it risks trading local failure for correlated failure.

• There is no designed manual-fallback guarantee for the agentic flows that do not yet exist.

The agentic target :: 7 properties of the layer done right

1. Manual-fallback-guaranteed — a human path always exists, by design.

2. Diverse — multiple models and vendors, no monoculture.

3. Fail-soft — services degrade gracefully and revert to humans.

4. Stewarded — data has accountable owners (closing Division 02’s gap).

5. Quality-monitored — systematic, continuous data-quality measurement.

6. Provenance-checked — models carry bills-of-materials; poisoning is caught.

7. Inclusive — those who cannot use agents are first-class citizens.

Three patterns of how it works

1. Fail → degrade → revert

   • A component fails

   • Services degrade gracefully

   • Core functions revert to human procedure

2. Diversify → isolate → contain

   • Multiple models and vendors are deployed

   • Critical subsystems isolated

   • Failures contained locally

3. Steward → measure → trust

   • Data is stewarded

   • Quality is measured

   • The architecture earns trust

4. (patterns held to three)

Ten components :: the building blocks

1. A guaranteed non-digital path (Czech POINT and beyond)

2. Preserved manual procedures (run by hand)

3. Model and vendor diversity (no monoculture)

4. Fail-soft architectures (graceful degradation)

5. Data stewards (accountable owners)

6. Data-quality monitoring (systematic)

7. Provenance and bills-of-materials (poisoning defense)

8. Decoupled critical subsystems (no cascade)

9. Institutional memory (the knowledge to run by hand)

10. Independent resilience audits

The shift :: four “from → to” moves

1. From accidental to engineered resilience

   • Robustness is designed, not a byproduct of fragmentation.

2. From weak to stewarded, quality-monitored data

   • The architecture’s trust is built on reliable facts.

3. From monoculture risk to diversity

   • No single failure takes the whole state down.

4. From digital-only to a guaranteed human path

   • No citizen is left without recourse.

How to build it

A. Fix data quality and stewardship first

• Close the Informační koncepce’s own diagnosed gaps before scaling automation on top.

• Example: appoint data stewards and stand up quality monitoring as a precondition of the first life-event service.

B. Guarantee the manual fallback in law and design

• Ensure every agentic service has a full human equivalent, and keep the staff who can run it.

• Example: the birth-of-a-child bundle remains completable at a Czech POINT counter, with trained staff.

C. Refuse the monoculture

• Mandate model and vendor diversity, provenance, and fail-soft design for critical functions.

• Example: when one model is quarantined for suspected poisoning, services revert to a second model or to human procedure without interruption.

Advantages and risks

Advantages

1. Coherence gained without brittleness imported.

2. Trustworthy automation built on stewarded, quality data.

3. No outage, failure, or exclusion leaves a citizen without recourse.

4. Resilience against monoculture and poisoning.

Risks

1. Maintaining manual capacity consumes resources that look idle.

2. Diversity raises integration cost and complexity.

3. Fixing data quality is slow and unglamorous, and may be skipped.

4. Preserved fallbacks can atrophy in practice if not exercised.

What needs to be done :: implementation backlog

The work to implement (current → future):

1. Fix data quality and stewardship first—the precondition for trusting anything built on top.

2. Guarantee a non-digital path in law and design for every agentic service.

3. Keep trained staff and documented manual procedures—the capacity to run the state by hand.

4. Mandate model and vendor diversity—refuse the monoculture for critical functions.

5. Build fail-soft architectures—revert to a second model or to human procedure on failure.

6. Implement provenance and AI bills-of-materials, with continuous poisoning red-teams.

7. Decouple critical subsystems so a failure cannot cascade.

8. Run independent resilience audits and exercise the fallback regularly so it does not atrophy.

Principles to apply:

• The Manual Fallback Never Dies — a human path always exists.

• Resilient Pluralism — diversity, provenance, and fail-soft design.

• The Register Is the Single Source of Truth — stewarded, quality-monitored data.

• Inclusive Legibility — those who cannot use agents are first-class citizens.

The architecture state change:

• Today: accidental resilience from fragmentation, but weak data quality, missing stewards, and no designed fallback for agentic flows. → Future: engineered resilience—stewarded, quality-monitored data, a guaranteed manual fallback, model and vendor diversity, fail-soft design, and provenance.

The advantages of getting there:

1. Coherence gained without importing brittleness.

2. Automation built on stewarded, trustworthy data.

3. No outage, failure, or exclusion leaves a citizen without recourse.

4. Resistance to monoculture failure and model poisoning.

5. The whole architecture earns, and keeps, public trust.

Action plan :: building the Czech Agentic State

The twelve divisions describe an architecture, not a wish. This plan sequences them onto the existing Czech stack and the realistic, within-the-law path—foundations first, then the missing orchestration layer, then life events, then guarantees and law—each step tagged to the divisions it builds. It closes with a named deliverable.

Phase 0 :: Mandate and foundations (Q3 2026)

1. Found the program by government resolution, naming the DIA as owner and standing up an expert AI center (Division 10).

2. Fix data quality and stewardship—appoint data stewards, build the unified data model, start quality monitoring (Divisions 02, 12).

3. Converge identity onto the EU wallet and design agent identity (Division 01).

Phase 1 :: Officials first, on a sovereign runtime (Q3 2026 – 2027)

4. Deploy an internal official-facing agent on one ministry, on an inspectable, AI-Act-conformant runtime (Divisions 07, 09).

5. Build the approval workflow—the agent prepares, the official approves, within the správní řád (Division 08).

6. Expose RPP as a reasoning model so the agent acts only within the modeled agenda (Division 04).

Phase 2 :: The orchestration layer and the first life event (2027 – 2028)

7. Build the orchestration layer—the missing engine—as the program’s core deliverable (Division 06).

8. Ship the birth-of-a-child service end-to-end, composing health, social, and benefit agents (Divisions 05, 06).

9. Make once-only real by querying the propojený datový fond live, never copying (Divisions 03, 02).

10. Add the channels—a conversational front door over the existing portals, with Czech POINT as the guaranteed human path (Divisions 05, 12).

Phase 3 :: Generalize, harden, legislate (2028 →)

11. Extend to job loss, business, and disaster recovery, reusing the orchestration spine (Divisions 06, 04).

12. Consolidate the sovereign compute floor under the runtime (Division 11).

13. Guarantee contestability and the manual fallback, and refuse the monoculture (Divisions 09, 12).

14. Legislate from evidence—the targeted Czech AI implementing law, aligned with the EU AI Act and the identity wallet (Divisions 10, 07).

Deliverable :: The Czech Agentic State Architecture Charter

A single governing artifact that commits the Czech Republic to the twelve-division architecture and specifies, for each division, its current baseline (the real systems—ROB, ROS, RÚIAN, RPP, NIA, BankID, eDoklady, datové schránky, the propojený datový fond, ISZR, eGSB/ISSS, eGC, CLOUDIA, the DIA), its diagnosed gap (fragmented identity, missing data model and stewards, partial data-fund implementation, an absent orchestration layer, no sovereign runtime, a lagging Act 12/2020 catalog), and its agentic target with the owner, milestones, and the within-the-law path to reach it.

The Czech Republic does not need to invent the agentic state. It needs to build one missing layer—orchestration—on foundations it already has, fix the data beneath them, keep a human holding the pen, and start within its own law. Done in that order, Czechia becomes not the country that bought the most government AI, but the first agentic state in Europe that is an architecture in service of its citizens rather than a Leviathan over them. The Charter is how it writes that architecture down—division by division, what is and what must be—and begins.

This is an analysis published by ENSI (European Nexus for Strategic Intelligence). The current-state baseline reflects real Czech systems and documents—the base registers (ROB, ROS, RÚIAN, RPP), NIA, BankID, eDoklady, datové schránky/ISDS, Czech POINT, the Portál občana, the propojený datový fond (ISZR, eGSB/ISSS), the eGovernment cloud and CLOUDIA, the DIA, Act 12/2020 Sb., the National AI Strategy 2030, Digitální Česko, DESI 2024, and the EU AI Act 2024/1689 (with the CJEU SCHUFA ruling, C-634/21). Figures are reproduced from those sources; the twelve-division architecture and the agentic targets are the author’s coinage.