Romania’s business infrastructure has been shaken by a widening anti-corruption investigation into a €38 million ($44.6 million) IT project at the National Trade Registry Office (ONRC), following weeks of operational paralysis, data security concerns, and mounting audit findings that suggest systemic mismanagement.

The case, now under review by Romanian anti-corruption prosecutors, centers on a digital overhaul launched in the summer of 2024 that was intended to modernize the country’s company registration system. Instead, the platform reportedly blocked more than 130,000 business registration applications for weeks, disrupting commercial activity nationwide and undermining public trust in a system responsible for maintaining official records for more than 1.7 million individuals and companies.

The €38 million IT system was conceived as a modernization milestone for ONRC, the agency overseen by the Ministry of Justice. However, draft audits conducted by Romania’s Court of Accounts and the Justice Ministry revealed serious technical and procedural deficiencies.

Auditors concluded that the system was launched prematurely, without comprehensive testing of its functionality or cybersecurity safeguards. Crucially, they reported that the registry had never received the platform’s source code-a foundational component necessary for independent maintenance, review, and security verification.

The absence of source code access raises profound governance and security concerns. In public-sector IT procurement, failure to secure intellectual property rights or escrow arrangements can render an agency dependent on external contractors for even routine system adjustments. This dependence can create operational vulnerabilities and expose public institutions to undue leverage by vendors.

Investigators further estimated financial losses exceeding 12 million lei (approximately $2.7 million), citing failure to enforce contractual penalties for delays and incomplete testing. The audits also suggested that certain financial benefits were improperly granted during the project’s implementation phase.

The operational consequences were immediate and severe. Upon launch,........

© Blitz