Content from 2015-10
Each organisational unit gets one defined key space, which is designated in the issued keys via a natural language identifier.
For this document, let's use the Ministry of Funny Walks (MFW) and the Ministry of Silly Hats (MSH) as examples of organisational units.
Each organisational unit uses public keys to sign their documents. Keys are compartmentalised by year (or possibly smaller time frames) and possible subsections of the top organisational unit.
Citizens create their own key and register it with the MFW and other units. Registering means that the MFW will verify the identity of the requester (via ID card) and then sign the requesters key with current signing key of the MFW.
Communication between citizens and the MFW will be done against the current public keys of citizens and the MFW. Emails and other documents will be signed by individual employees of the MFW as appropriate, or with special multi-user keys in order to protect the identities of employees; there might be a case of signing with employee keys but not distributing their public keys to the general public in order to maintain a notion of identity. That said, this bears the risk of accidental disclosure at a later point, meaning that it doesn't provide perfect forward secrecy.
Citizens may verify public key hashes via web sites, newspapers and publicly displayed information in government offices.