AD7 Data management competition as EPSO’s Second Attempt with TAO: A ‘Leyenda’ Yet to be Born (?)

Administrators, EPSO, Hidden, Newsletter-2026-05-29 Print This Post

***UPDATE / EDITORIAL NOTE
Following a productive and constructive meeting with EPSO, we have updated a few details in this article to ensure the highest accuracy. These updates concern the exact financial breakdown of the framework contract, the specific roles of the subcontractors, and the continuity of EPSO’s official communication with candidates. Generation 2004 welcomes this dialogue, as our shared goal remains full transparency and a reliable selection system.***

Leyenda (Legend) is the subtitle of Isaac Albéniz’s famous guitar piece, Asturias, that ‘lucky’ candidates could ‘enjoy’ even for an hour or more while waiting for the Portuguese helpdesk during EPSO’s recent Data Management (EPSO/AD/426/25) competition. Under the new TAO system, it seems a glitch-free exam experience is indeed becoming something of a legend itself. 

Despite this humorous start, it is important to clarify that the purpose of this article is to provide structured feedback, not further attacks.  

For thousands of EU citizens, the selection process is their first – and often only – direct interaction with the Union’s governance. It is the vital window through which the public directly witnesses and judges the efficiency, fairness, and professionalism of European administration. For this very reason, EU institutions cannot afford to project an image of technical instability or operational inefficiency to the world. Protecting the integrity of this process is not just an IT issue; it is about safeguarding the credibility of the European project. 

We recognise that digital transition and rigid bureaucracy place EPSO in a difficult position regarding system selection and contract enforcement. However, candidates’ careers must not suffer during this “learning curve.”  

Before unpacking the technical problems, let’s look at the full story. This review covers a vast array of topics, from legal clauses to IT specifications. While certain chapters may appear overly detailed, every single component is required to see how the entire puzzle fits together. 

1. The 17-Million-Euro Contract and the TAO Platform  

On 20 June 2025, EPSO signed a framework contract with the Luxembourgish company Open Assessment Technologies (OAT) S.A. (contract number: EC-EPSO/2024/OP/0016). The total maximum value of the framework contract is 16,734,850 EUR for a maximum duration of four years. Within this framework, the contract value for the primary winner, OAT, is approximately 11.27 million EUR. Under this “cascade” system, the second-place bidder, Prometric, acts as an official backup (Plan B) with a contract value of 15.2 million EUR. This setup allows EPSO to invoke the backup provider only if the primary contractor fails to meet contractual requirements or delivers unsatisfactory service.

According to official procurement documents, the primary contractor must have the capacity to deliver a minimum threshold of 30,000 tests and a maximum of 80,000 tests per 12 months. However, EPSO has clarified that this volume range is flexible in practice, meaning that no issues are expected regarding capacity limitations. Furthermore, the contract specifications strictly state that at least 85% of the total invigilated testing volume must be delivered via automated AI proctoring, while live remote proctoring is limited to a maximum of 15%. These substantial public funds were intended to implement a highly secure, scalable, and modern remote testing ecosystem.

However, the exact error margins and stability rules set in the contract remain unclear. This raises two critical questions: 

At what point does the provider’s performance officially become “unsatisfactory”?  Under what specific conditions of technical failure can the backup provider (Prometric) be called in to take over? 

The system’s first major debut took place shortly after: the first live application of the contracted TAO platform was the AD7 Building Management exam (EPSO/AD/425/25). While EPSO issued an official statement on the preliminary results the very next day, this transparency proved short-lived, as the report subsequently vanished from their website.  The communication is available again since 1 June.

2. What the Previous Communication Reveals 

We welcome the open communication regarding the Building Management exam, and we hope for a similarly transparent update for the Data Management exam (EPSO/AD/426/25) soon. While the earlier report on the Building Management exam was temporarily unavailable, we are glad to note that it has been restored on the institution’s website following the publication of our article. Furthermore, EPSO management assured us that a similarly clear and correct update concerning the Data Management competition will be published in the near future. It is worth recalling the exact data from that original report posted on 28 January 2026:

  • The Exam Details: The AD7 Building Management exam on 27 January 2026 served as the first live test for the new TAO platform. 
  • Applicants vs. Participants: Out of 3,170 applicants – with a “no-show” rate of around 30% – 2,249 candidates connected to sit the tests. 
  • Failure Rate: Around 91% of those were able to complete all three tests, while 9% did not finish. The number of candidates who had to retake the test was also around this figure.
  • EPSO’s Assessment: While EPSO stated they were reviewing these cases to distinguish ‘prohibited behaviour’ from technical issues, they officially called the project a ‘step in the right direction‘ instead of addressing the glitches. “ 

If we project this 9% rate onto the 170,000 applicants for the AD5 competition, it suggests more than 15,000 incomplete or repeated exams. Maintaining transparency regarding this data is crucial for learning from these experiences.

3. The Third-Party Risk: Who Supervises Proctorio? Data and Permissions  

The TAO platform is merely the engine; the “eyes” of the exam are provided by the Proctorio third-party plugin. This setup raises serious legal and security concerns. While candidates are expected to grant administrative permissions to a plugin that can access all their browser data, it remains unclear how much oversight EPSO actually has over Proctorio’s operations.  

Even more concerning is the requirement for candidates to manually disable their computer’s built-in security layers -including firewalls and antivirus software- to ensure the plugin functions. This practice forces candidates to choose between sitting their exam and maintaining their system’s integrity, leaving their personal devices vulnerable to external threats for the duration of the test. 

During our meeting, EPSO clarified that this plugin is continuously evolving. They argued that this web-based solution is a better alternative than heavy, installable exam software -like the system used previously- which also takes complete control over the user’s machine.

Who monitors the plugin’s security integrity? Where and for how long is the data stored? If the plugin fails due to incompatibility or crashes, does EPSO have direct means to fix it, or are they dependent on the external provider? Is EPSO fully aware of the cybersecurity risks? 

4. AI-Driven Invigilation and EU Compliance 

The EPSO Director previously stated that artificial intelligence is currently strictly limited to anti-cheating monitoring (invigilation). However, delegating behavioural analysis to algorithms raises fundamental technical and legal dilemmas. Automated flaggings of “suspicious behaviour” (such as eye movements or background noise) are notoriously prone to false positives, risking the unfair disqualification of innocent candidates. 

This practice faces a heavy legal hurdle under the EU AI Act, which explicitly classifies AI systems used in recruitment, selection, and candidate evaluation as High-Risk AI systems. This classification imposes strict institutional obligations: 

Does EPSO have direct, unhindered access to Proctorio’s algorithmic logs and automated decision-making trails? How does EPSO audit the quality assurance indicators and bias-mitigation metrics managed by the primary contractor (OAT)? 

Regarding these concerns, EPSO explained during our meeting that a three-layer review process is in place, meaning that the full material is reviewed twice by humans to prevent any automated disqualifications. Furthermore, they stated that the plugin does not collect biometric data from any candidates.

While this human oversight is a reassuring step, broader technical and legal questions remain. It is a fundamental expectation that the contract includes clear guarantees regarding damages or privacy incidents caused by third-party software – such as Proctorio – and defines who exercises direct technical supervision over these tools during exams. 

5. The Subcontracting Chain and the Accountability Gap 

During our meeting with EPSO, a minor inaccuracy in our initial analysis became clear: Konectanet is actually a subcontractor for Prometric, not OAT. This misunderstanding arose because OAT’s partner was missing from the initial framework contract documentation. As we learned, their subcontracting agreement with Intelcia (epsotest.support@intelcia.com) was signed at a later stage.

This raises fundamental questions regarding the Service Level Agreement (SLA) and the oversight mechanisms in place: 

How does EPSO monitor the real-time availability and performance of the active helpdesk subcontractor (Intelcia)? What reporting obligations does OAT have concerning the performance and failure rates of its helpdesk partner? Given that internal staff often have to manage the fallout of technical issues, what mechanisms are being used to enforce penalties or service credits against the prime contractor for these service difficulties?

6. Modern Interface, Functional Challenges: Aligning Design with Reliability  

At first glance, the new interface introduced by EPSO appears modern, clean, and highly user-friendly. The navigation is logical, and the design meets contemporary digital expectations. However, for the system to fully realise its potential, this visual renewal must be accompanied by consistent technical stability. 

Based on experiences shared on social media – the analysis of which will be key to future improvements – the most common observations concern the following functional areas: 

  • “The calculator is useless: hitting Enter often clears the display instead of performing the operation.” 
  • “My timer froze during the written test. I had no clue how much time I had left, and I was constantly afraid the test would suddenly finish mid-sentence.”  
  • “I could not access the source document during the written test – an error message was displayed instead.”  
  • “I was pressing the Ctrl button and all my written text suddenly disappeared.” 
  • “I finalised my assignment, had 2 minutes left for proof-reading and out of the sudden ALL THE TEXT that I wrote disappeared.“ 
  • “In the middle of the test, the screen went blank with a ‘No connection to the service’ message and wouldn’t reload despite several attempts.” 

These glitches prove that an aesthetically pleasing interface is worthless if the underlying code and server capacity are not up to the task. In a competitive exam, tools should support the candidate, not serve as an additional source of stress. 

7. “Is the Candidate Always at Fault?” – Voices from the Black Box 

While EPSO and the provider often blame the candidates’ local settings, social media has been flooded with accounts that point to fundamental system instability rather than “wrong configurations.” These stories highlight a recurring pattern of failure: 

  • “The timer simply froze during the hardest part of the reasoning test.”   
  • “My welcome screen stayed on for almost 30 minutes displaying a waiting time of 1 minute.” 
  • “I got kicked out exactly 8 minutes before the test was supposed to end due to an ‘unstable connection,’ even though my WiFi signal was perfect.”  
  • “Technical support was unreachable; I listened to Portuguese fado for 10 minutes on the phone while my exam slipped away.”

8. Legal Self-Defence: Your Right to the Log Files

Many candidates are unaware that under EU data protection rules (GDPR and Regulation 2018/1725), they have a legal right to access all data processed about them, including the technical log files generated during the exam. However, as discussed in our meeting with EPSO, processing these files creates a huge administrative burden for EPSO. Therefore, Generation 2004 advises using this option only as a last resort in strongly justified cases -specifically if EPSO claims the technical issue was on your side, but you disagree, and your official complaints have been repeatedly rejected.

If you find yourself in this specific situation after exhausting all regular channels, here are the steps you can follow:

How to take action: 

  1. Subject Access Request (SAR): Formally request your technical logs from EPSO (the Data Controller) to clarify the exact technical timeline of your exam session.
  2. Requesting Evidence: If the system claims your connection was “unstable,” you have the right under Article 15 of the GDPR to request the server-side data that supports this conclusion.
  3. Final Accountability: If you believe the error was unfairly blamed on your equipment and standard procedures failed to resolve the issue, these datasets can help find the facts. If access is unjustly denied, candidates ultimately have the right to lodge a complaint with the European Data Protection Supervisor (EDPS).

True transparency requires EPSO to perform independent verifications of the technical logs when disputes arise, rather than solely relying on the provider’s assessment. To ensure a genuinely fair process, whenever a candidate’s complaint is rejected due to alleged local technical issues, EPSO should carefully review these raw logs internally to objectively confirm where the error actually occurred.

9. The Price of Uncertainty: The Retesting Timeline 

A technical failure does not end with the closing of the exam screen; for candidates, that is when the true test of patience begins. If we look at the AD7 Building Management competition, the timeline is deeply discouraging after the original exam in January 2026, it took 43 days just to announce the retest, and another 36 days to hold it. This results in nearly 80 days of limbo between the first attempt and the actual retest. 

Such massive delays not only disrupt candidates’ preparation but also push the announcement of the results into the distant future. In such a system, the promise of “fast and efficient selection” remains a mere pipe dream. 

When does EPSO plan to announce and conduct the Data Management retests, and by how many months will this delay the originally planned publication of the reserve lists? 

10. Load Testing: Theory vs. 170,000 Candidates 

Was a Real-World Simulation Conducted? Testing a software “empty” is never enough. It is a fundamental requirement that a system of this calibre be validated against the expected load (originally 50-60k, now 170k for AD5) and the actual complexity of the questions (computational needs, interactive elements, calculator). It is highly questionable whether EPSO conducted load tests where tens of thousands of users simultaneously ran the resource-heavy Proctorio plugin alongside the TAO interface. If the AD7 exam with only 2,300 people resulted in the previously mentioned failure rate, it shows that the system is already breaking under the weight of simultaneous users. 

Furthermore, official procurement documents show that the contract explicitly limits the system to a maximum volume of 80,000 tests per 12 months. This creates a massive contractual contradiction for the upcoming AD5 Graduate competition, which has 170,000 applicants. This volume is more than double the annual limit permitted under the current contract framework. 

This massive number of applicants also creates a serious dilemma for equal opportunity. If EPSO attempts to test everyone at once, current experiences suggest a guaranteed system collapse. However, if the exams are not held simultaneously, how will equal opportunities be guaranteed? Using different questions at different times would require mathematical proof that the difficulty and style of the tests are completely identical. 

Does EPSO possess certified testing reports proving that the system can handle the 170,000 AD5 candidates under the full complexity of exam tasks while simultaneously running the proctoring software?  More importantly, how does EPSO legally and technically plan to test 170,000 candidates within a system explicitly capped at 80,000 tests per year? 

11. Data Management Mysteries: Who is Accountable? 

Legally, EPSO is the Data Controller, while the testing company is merely the Data Processor. The issue is that technical log files are generated on the provider’s servers. If EPSO did not specify in the contract that it must receive these in a raw, auditable, and machine-readable format (e.g., JSON or CSV), it has no way to verify the data independently.  

Does EPSO perform independent technical audits on raw log files, or does it simply take the provider’s word that the error occurred on the candidate’s side? 

12. Technical Self-Defence: Prove It Wasn’t Your Fault! 

As EPSO has stated that retesting is only offered in ‘justified cases,’ gathering technical evidence is not just an option but a prerequisite for a successful complaint. This burden of proof makes the following steps essential: 

  • Windows (Event Viewer): Press Windows + R, type eventvwr.msc. Under Windows Logs -> System, look for network events. Finding Event ID: 6062 (LSO triggered) proves your network card was active and transmitting. If there are no “Link Down” or “Disconnected” errors, your local connection was stable. 
  • Mac (Console): Open the Console app and check System Reports for the exam time. If the logs show no traces of WiFi or Ethernet drops, the error originated on the server side. 
  • Router Logs: Access your router’s admin panel (usually at 192.168.1.1) and check the WAN logs or System Logs. This data provides the ultimate proof that your Internet Service Provider (ISP) maintained a continuous connection. 

Important Note: Due to the vast variety of router brands and configurations, we cannot provide individual technical support or specific instructions for every device. We recommend searching online for your specific router model (“how to check [model] WAN logs”) or consulting an IT specialist to ensure your evidence is gathered correctly and professionally. 

13. The Single Candidate Portal: Problems Before the Exam Starts 

EPSO’s technical issues do not just happen during the test; they start during the application process. The new Single Candidate Portal was meant to make applying easier, but it has introduced several key technical and design problems for candidates: 

  • System Crashes Under Heavy Traffic: The portal cannot handle large numbers of users at the same time. During the AD5 Graduate competition in March 2026, the website crashed due to high traffic, forcing EPSO to publish an official warning about “temporary server issues.” This shows the system was not properly tested for large groups of applicants. 
  • Missing Confirmation Emails: The portal does not send automatic confirmation emails after submission. Since candidates are not warned about this missing feature, they rarely take screenshots as proof of their submission. 
  • “Vanishing” Applications: Several finalised applications have completely disappeared from the database. When candidates report this after the deadline, EPSO automatically rejects their complaints. This creates an unfair administrative burden on applicants, as there is no logical reason for someone to constantly log in to check a submission they believe was successful. 
  • Official Admission of Critical Data Loss: Official communications fully confirm these database errors. On 15 May 2026, a formal update acknowledged a technical issue that removed an application’s content at the exact moment of submission. Although IT teams initially claimed to have fixed the bug, a subsequent official update on 18 May 2026 admitted that the issue was still not fully solved. Instead of a technical fix, EPSO published a complex 9-step manual workaround, asking candidates to re-enter all fields in a single session without saving drafts. This official admission proves that the system remains unstable and shifts the burden of platform failures directly onto the applicants. 

Does EPSO thoroughly check the technical log files before responding to candidates’ complaints about missing applications? Will the institution commit to citing these specific server logs whenever an official complaint is rejected? Why does the institution shift the burden of system errors onto applicants by requiring complex manual workarounds instead of ensuring basic platform functions, such as data saving, work correctly? 

14. Conclusion: Expert Control Over Bureaucracy!  

EPSO must stop treating only the symptoms at an administrative level, where Commission staff must handle complaints instead of holding the provider accountable. What is needed now is an expert task force of meticulous data analysts, seasoned IT project managers, and sharp lawyers. This team should thoroughly audit the contract, SLAs, and log files to force efficiency from the provider. 

Most of the questions formulated in this article will be forwarded to EPSO in the form of an official Note. We will keep you updated on their response and any further developments. 

Editorial Note on Sources: The experiences cited in this article originate from various social media platforms. While these posts highlight the difficulties encountered by candidates, it is important to clarify that we cannot independently verify their factual accuracy or the specific technical background of each error. Ultimately, it is the responsibility and prerogative of EPSO and the service provider to investigate these claims and clarify the facts. 

Leave a Reply