Computing Applications News

Estonia: A Model For E-Government

Over the next decade, the population of Estonia is expected to soar more than 600% as the country becomes the first in the world to open its borders to an influx of e-residents.
Estonia's capital Tallinn
  1. Introduction
  2. Why Estonia?
  3. Elsewhere in the World
  4. Guidance
  5. Security Risks
  6. Further Reading
  7. Author
  8. Figures
Estonia's capital Tallinn

Over the next decade, the population of Estonia is expected to increase more than 600%, from 1.3 million to 10 million.

No, a flood of immigrants is not likely to invade the tiny Baltic republic. This year, Estonia becomes the first country in the world to open its borders to e-residents—people who sign up for digital identification cards and digital signatures for access to a wide array of national electronic services and databases. The idea is to provide a gateway by which people outside of Estonia can make investments in Estonia, establish businesses there and, eventually, use the country as a bridge to commerce elsewhere in the European Union.

The bold plan is a logical step forward in an unprecedented roll-out of e-government services that began in 2000, when Estonia introduced a public system for electronic tax filing. In 2002, Estonia introduced a universal electronic identification card with digital signatures, which every citizen gets at the age of 15. The ID cards and signatures have become the keys to nearly universal access to government information and services as well as private-sector services in health care, banking and education, and law. In the years since, the Estonian government and industry have put more and more functions online, all connected by a nationwide data backbone called X-Road.

Digital signatures in Estonia are so widely used and trusted that they are now preferred to signatures on paper, says Siret Schutting, managing director of e-Estonia Showroom. She estimates digital signatures save the country 2% of GDP, or $500 million a year. “We can use it everywhere,” she says. “It’s legally the same as a handwritten signature.”

The Estonian e-tax system, along with X-Road’s access to multiple government and private sector databases, has made tax filing unimaginably simple, at least by U.S. standards. “No one even considers paper as a possibility anymore,” says Siim Tuisik, an Estonian citizen lobbyist for open data and digital rights. “If you are a private citizen, you make five or six clicks. All the data is already there; everything is prefilled, so unless something is wrong, you don’t need to add anything.”

Other countries, especially in Europe, are eyeing Estonia’s successes with envy. “Estonia is way ahead of other countries, really a model,” says Clare Sullivan, a cyber-lawyer and professor at the University of South Australia School of Law. “They are where we are all going to be in five to 10 years.” Estonia has the most advanced e-society in the world, with the government offering some 600 e-services to citizens and 2,400 to businesses, she says.

Back to Top

Why Estonia?

Sullivan says Estonia’s progress is due in part to a strong commitment to Information Technology (IT) on the part of the prime minister and other senior government officials, stemming from the country’s independence from the Soviet Union in 1991. “It was very poor, and struggling to establish its own identity and own economy,” she says. “They had few resources otherwise, so they decided to go with IT.”

“Information technology allows us to achieve beyond our natural means as a small government and country,” said Prime Minister Taavi Rõivas in an interview. “That is why we have implemented a trusted national identity scheme, universal data exchange layer X-Road, various digital services and initiatives in all walks of life.” He said he is deeply involved in the roll-out of Estonia’s digital services as chairman of the E-Estonia Council, which “steers the making and execution of national digital agenda in the country.”

Cultural and environmental factors have also driven Estonia’s remarkable progress into digital services. The public puts a great deal of faith in the integrity of the systems and databases linked by X-Road. “The idea of people not trusting government is, if I may say so, a very American thing,” Sullivan says. “In Europe, distrust is centered more on business than on government, and in Estonia, it’s become part of the culture. They have been doing this since the early 2000s, and they are hooked on the convenience of it.”

Estonia is smaller than West Virginia, and the third-poorest of the 28 countries in the EU. Not surprisingly, a number of high-tech start-ups in the country have focused on cross-border flows. For example, Skype for voice and video communications, and TransferWise for moving money, have their origins in Estonia.

“Nordic countries strongly believe in the inclusion of different social groups, and the digital solutions help do that,” Schutting says. “Access here is not a privilege, it’s a right.” Indeed, she says, even the poorest citizens have free Internet access at libraries, banks, post offices, and other places. A project begun in 2009, called EstWin, aims to bring 100 Mbit/s Internet access to every citizen of Estonia by the end of this year. By 2018, the speed for many users is due to be boosted to 2.5 Gbit/s.

Back to Top

Elsewhere in the World

Estonia may be a world leader, but it is hardly alone in its moves to public e-services. Last year, Estonia joined with the United Kingdom, South Korea, Israel, and New Zealand to establish an initiative called D5. At the first annual D5 Summit in London last December, the five countries drafted a charter pledging to work together and share ideas to develop and integrate electronic public services.

D5 emerges from the wreckage left by the U.K.’s failed rollout of a national identity card system several years ago. The huge, and hugely expensive, card project, along with a proposed National Identity Register, were scrapped in 2010 in the face of strong opposition from the public and from some quarters in government over concerns about an erosion of civil liberties and privacy. Estonia was made a charter member of the D5 by other members looking for guidance on these kinds of efforts, according to citizen activist Tuisik. “We get about 400 official visits each year that concentrate on digital matters,” he says.

A big challenge in developing governmental e-services is keeping them decentralized for security, while preserving cross-application compatibility.

In a recent blog, Sullivan called D5 an important development because it is an international acknowledgment of the importance of e-government. “[It] formally acknowledges the need for international collaboration to … develop common standards and procedures,” she says.

However, notes Sullivan, although the D5 calls itself “a group of the world’s most digitally advanced governments,” its membership roster is conspicuously missing Singapore, India, Australia, other European countries, Canada, and the U.S. “Wider membership could facilitate greater exchange of experience and cooperation as well as development and implementation of international standards,” she says.

Separately, Finland is marching to Estonia’s drum and is now building an electronic identification system and a national data exchange layer for electronic services based on Estonia’s X-road concepts.

India has embarked on a massive project to collect biometric data—including a photograph, 10 fingerprints, and two iris scans—from each of its 1.3 billion residents. The government will use the data to build a giant “identity database,” then use that in a companion project that assigns citizens 12-digit ID numbers and chip-based identity cards. The stated intent of the two projects is to better serve the public with a suite of government services and programs but, like the U.K.’s aborted project, the effort is controversial because some believe it will lead to violations of privacy rights.

Back to Top


Tuisik says no effort has been spared to give users control over their own data. For example, patients can limit access to their electronic medical records to specific named individuals, and they can see at any time an audit trail of those who have accessed their records. “Doctors violating the rules will be sacked,” he says.

A big challenge in developing governmental e-services is keeping them decentralized for security, while still preserving cross-application compatibility and data-sharing, Tuisik says. “Quite often in other countries, the main problem is that different parts of the government each offer their own services and gather their own data. There is no common backbone of data like X-Road, and no common ID numbers for users.” Consequently, citizens see a government that is fragmented, rather than unified, he says.

Asked what advice he’d give a country like the U.S., Prime Minister Rõivas said, “I do not like to offer advice or teach others. Each country and government has different settings and context. However, I can reiterate and share the lessons we have learned, and it is up to U.S. readers and colleagues to see if they have relevance in that great country.

“We made a very conscious choice to build shared platforms, like joint digital identity and the whole-of-government data exchange layer X-Road, rather than allow diverse development. The idea was also to put in place the right conditions so that digital innovation can flourish in all parts of the public sector and society—bottom-up. If some area falls behind, we try to lead by example and kick-start things top-down, too. Despite such a rather decentralized approach, we make an effort to ensure common standards and procedures are in place, so that in the end even bottom-up innovations are secure, interoperable, and convenient to use.”

Back to Top

Security Risks

Nevertheless, government officials and users alike admit there are risks associated with X-Road and its attached databases and applications. “Everything is online,” Schutting says. “What if something happened to our data? Our government wouldn’t function anymore.”

Something did happen, in 2007. A series of denial-of-service attacks brought down the websites of the Estonian parliament and other government agencies, banks, newspapers, and broadcasters. Estonia accused Russia of the attacks, and today global fears of state-sponsored cyber-warfare trace their origins in part to these network intrusions. Russia denied responsibility, and a year later an ethnic Russian man was fined for participating in the attacks.

Because X-Road and its applications form a highly decentralized system, the attackers could be isolated and then “snipped off” the X-Road before doing much damage, Schutting says. “But it was a wake-up call. It led to a real public discussion about data integrity and data protection.” She says the attacks had a silver lining as they led to the creation of the NATO Cooperative Cyber Defence Centre of Excellence, based in the Estonian capital Tallinn, and to the Tallinn Manual on the application of international law to cyber-conflicts.

Despite these defensive moves, fears of another attack, including possibly a physical attack by Russia in the wake of its moves into Crimea and Ukraine, have prompted a plan by Estonia to put its e-government services “in the cloud,” with its databases outside of Estonia in “data embassies” in friendly countries. However, that idea has prompted fears of breeches of data privacy by the law enforcement and intelligence agencies of those friendly countries.

In any case, the e-residency system for non-Estonians is moving ahead rapidly. It is in beta test mode now, and will go live sometime this year. At first non-residents will have to travel to Estonia to sign up, but sometime this year they will be able to do so at Estonian embassies anywhere in the world.

“This is literally pushing boundaries,” Schutting says. “We are building a country without borders.”

Back to Top

Further Reading

Aasmäe, Kalev
Estonia uncovered [blog], ZDNet

Drysdale, Kirsten
Estonia offers e-residency to allow non-citizens access to government services and business online ABC News Australia, Nov. 25, 2014 [Contains video]

Rõivas, Taavi
Leveraging technology in turbulent times (video), Stanford University Libraries, Dec. 10, 2014

Schmitt, Michael N. (Gen. ed.)
Tallinn manual on the international law applicable to cyber warfare, New York, Cambridge University Press, 2013

Sullivan, Clare
Digital identity’s new frontier: the political, economic, and legal ramifications of Estonian e-residency, Georgetown Journal of International Affairs, Nov. 27, 2014

Back to Top

Back to Top


UF1 Figure. The databases and other components that make up X-Road, the backbone of e-Estonia.

Back to top

Join the Discussion (0)

Become a Member or Sign In to Post a Comment

The Latest from CACM

Shape the Future of Computing

ACM encourages its members to take a direct hand in shaping the future of the association. There are more ways than ever to get involved.

Get Involved

Communications of the ACM (CACM) is now a fully Open Access publication.

By opening CACM to the world, we hope to increase engagement among the broader computer science community and encourage non-members to discover the rich resources ACM has to offer.

Learn More