Why The EU Should Look To Estonia To Achieve Its Vision For A Digital Europe

by Ayesha Bhatti 

April 17, 2024

Estonia achieved full independence in 1991, when a referendum declared the termination of the illegal Soviet occupation. In subsequent years, this country of only around 1.3 million people has made incredible headway in its digital transformation, cultivating a pro-innovation environment that has resulted in the output of ten $1 billion tech companies. This includes unicorns like the videoconferencing company Skype and the ride-sharing Uber-competitor Bolt. There is also ID.me, a digital ID company with an Estonian Chief Technology Officer which was recently valued at between $1.4 and $1.6 billion. Estonia is a trailblazer within the EU, with the World Economic Forum labelling it “the most entrepreneurial country in Europe”, and its path to a digital world establishes guidelines for how the rest of Europe should embrace technological innovation.

From Soviet Communism to Pro-Free Market

Following independence, Estonian resources were largely depleted, leaving the country with the big task of kickstarting its economy. In fact, by 1993, inflation was at 90 percent. To tackle this, it took the leap into capitalism by adopting pro-free market policies to liberalise trade, let natural market competition dictate interest rates, and open itself to the Western world. Mort Laar, Estonia’s Prime Minister from 1992 to 1994 and again from 1999 to 2002, led this reform, bringing a fast reformer view welcomed by Estonians dealing with the fallout of the slow-moving false promise of the Soviets. Laar was later recorded attributing the drive of this quick start “shock therapy” of the Estonian economy to Margaret Thatcher’s own “just do it” attitude, marking the first steps towards its digital renaissance. Taking this approach meant that as early as 1995, inflation dropped by 68 percent to 29 percent, and 10,000 new companies had been established, introducing the wave of start-up culture that Estonians are familiar with today.

Building From The Ground Up

This quick reform attitude, coupled with a largely blank canvas to work from, presented a unique opportunity to drive tech growth, spearheading Estonia’s assertion of freedom and pursuit of digital rights. This began with the first draft of the Principles of Estonian Information Policy in 1994, allowing for the allocation of a percentage of GDP specifically for information technology. This policy was subsequently adopted by Parliament in 1998 and led to the transformation of public services to increase efficiency. As public services became more accessible, it laid the groundwork for the introduction of other services, such as the transition to e-banking that ultimately led to the infamous e-ID, a digital ID that creates seamless digital experiences for Estonian citizens. The e-ID is issued upon birth and reduces the number of identity checks required to access private and public resources.

As of February 2024, the government has issued approximately 1.4 million ID cards, in part because the push for digitalisation focused more on the collective advantages it would bring rather than the associative privacy concerns of sharing personal data with government. Even more so, this latter point was later addressed during the development process of the digital ID, opting for a forwarding thinking decentralised system, and opportunities for individuals to view who has accessed their data, and why.

The success of the e-ID shows why ranking pro-collectivism over pro-individualism leads to better long-term societal well-being. One study published by the National Bureau of Economic Research found that Europe’s aggressive privacy agenda is killing app innovation, showing a correlation between the introduction of the General Data Protection Regulation (GDPR) in 2018 and the exit of around one-third of available apps from the EU. The study concluded that factors reducing entry costs into Europe deliver large welfare benefits. Estonia’s free market approach from the early 90s clearly demonstrates that it is possible to better balance the risks and opportunity from new technology.

Similarly, Estonia is known for X-Road and the derived X-tee instance, a distributed data exchange layer acting as the backbone of Estonia’s digital infrastructure that assists with national integration and reduces data leaks from unsecured databases. X-Road is a free and open-source technology that facilitates data transfers between the public and private sector. It streamlines data exchange processes, enhances security, and facilitates interoperability, enabling organisations to derive greater value from their data assets. Because of X-Road, 99 percent of public services are accessible online 24/7. Estonia first began development of its X-Road framework in 2001. By contrast, the new European Data Act, which seeks to achieve a similar goal as X-Road of data accessibility, interoperability, and data-driven innovation, was introduced in 2022, showing how future-forward Estonia’s policymakers were to bet on open data exchange.

An Economy Fit For The Digital Age

At the start of its digital journey, Estonia had a GDP per capita of $3,134. By 2022, it had a GDP per capita of $28,247. This represents an over 800 percent increase in under 30 years. Of course, this figure comes with certain caveats, including Estonia’s much smaller starting point compared to other EU countries, and the fact that Estonia’s digital transformation is not entirely responsible for its economic growth. It does, however, make a strong case for how embracing technology can build an economy fit for the digital age.

Estonia’s success comes from a combination of forward thinkers, open-minded citizenry, and proactively embracing the future whilst still paying attention to present-day concerns. It is why Estonia has garnered the title of “the most advanced digital society in the world.” The current EU mandate is poised to disrupt its wider ambitions of a digital Europe, with recent regulations including the Artificial Intelligence Act, the Digital Markets Act, and the Digital Services Act curtailing technological innovation in the same way GDPR did, through an increasingly complex regulatory framework creating high barriers for entry. European policymakers would do well to embrace the same ideas underpinning Estonia’s own digital transformation, facilitating global innovation to support its citizens, and making policy that treats technology as an enabler, not an inhibitor.

Photo by Nikola Johnny Mirkovic on Unsplash.

Editor’s Note: We updated this article on April 25, 2024 to include additional information about X-Road and X-tee.

Resorce: Center of data of information

How Estonia, the PISA leader, is solving the shortage of ICT specialists

May 5, 2024 by Laura Põldma

As digitalisation has reshaped economies worldwide, it has also resulted in a shortage of skilled ICT specialists. However, Estonia – the country ranking 1st in Europe in OECD’s international survey PISA – has yielded excellent results in resolving the shortage with the right educational policies in place.

Estonia’s success derives from comprehensive strategies that spark young people’s interest in IT education and enable lifelong ICT retraining in society. The country’s success has set an example for many other countries.

Starting from an early age

To attract more young people to ICT fields and introduce them to future possibilities in the area, Estonia launched a programme called ProgeTiger in 2012. The programme encourages preschool, general, and vocational education teachers to use technology – including programming and robotics – more widely in their teaching. „In 9 years we have reached a point where 99% of Estonian kindergartens and 98% of comprehensive schools have taken part in ProgeTiger’s activities in one way or another,“ reports Kristi Salum, the Program Manager at ProgeTiger. However, she points out that it does not mean that 99% of kids are participating in the program; rather, it marks that most institutions have created a chance to learn ICT. Moreover, the learning processes are always adjusted to the age of the children. “If we give children at an early age the knowledge and skills to understand, use and create technology themselves, they will be much more prepared for the future,“ Salum says. She also explains that starting with ICT education at such an early age has made education professionals think more about future education. „When kids start to learn IT at such a young age, we also have to think about what our education system has to offer them at the higher education level,“ explains Salum, bringing up discussions with universities.

Unique collaboration

For a long time, it has been a common understanding in many countries that governments are solely responsible for providing education. Signe Ambre, the Program Manager of a governmental initiative called IT Academy, explains that it is thus a challenge of its own to determine whether the ICT graduates meet the expectations of employers. Estonia has once again found an innovative solution by asking employers to contribute to shaping education. „The programme is one of a kind. Together with all the parties, we have set collective objectives that consider the needs of entrepreneurs and state on the one hand, and the abilities of the universities and vocational education institutions on the other,“ Ambre states. The results are excellent, as according to Ambre, every ninth student chooses to study ICT at the bachelor’s and applied higher education level, which she confirms to be optimal. Moreover, the share of those who choose ICT at the master’s level has grown even faster in the last 10 years: every seventh student who enters master’s studies chooses to study ICT and become ICT specialists.

Women in ICT

A well-known concern in the ICT sector is the high gender disparity, as sector young women are less likely to continue their academic path in IT or choose their career than men. According to Robert Lippin, the Deputy Secretary General responsible for secondary and adult education at the Ministry of Education and Research, roughly there are 3 men for every woman in the ICT sector. This pattern is not only perceived in Estonia but in other countries as well. Both state and non-profit organisations have decided on a collective goal to increase the number of women in tech. Several companies have additionally set up their own internal events, meet-ups, and conferences for women in IT. One of the most unique initiatives is the Unicorn Squad movement, which offers girls aged 8-12 an opportunity to participate in different hands-on activities to learn more about robotics and tech. Today, the club has more than 1600 members, more than 250 mentors, and approximately 130 clubs around Estonia – giving hope that inspiring education and training could be a game-changer. Lippin comments that 40% of students in master’s studies are women, ranking Estonia first in Europe for the share of women in master’s programmes. At the bachelor’s level, Estonia ranks fourth in the percentage of women. Highly active and successful women entrepreneurs have played a major role in introducing girls to ICT, setting a good example for young people.

Lifelong learning

„High demand for ICT specialists and the positive image that opportunities available in the field have created interest in people from various other areas as well,“ Lippin reveals. The interest in lifelong learning has inspired the creation of more opportunities for those interested. For example, short intensive courses such as Vali-IT (Choose IT) for learning basic ICT skills have been created. Many companies that are ready to offer further education to those interested, contribute to these programmes as well. ICT has also become integral to other sectors and transformed how they work. For example, Estonia’s biggest university, the University of Tartu, has even launched an Information Technology master’s program – “IT for non-experts”,” Lippin describes.

The article was originally published on the Education Estonia website. 

✈️  Can’t travel but want to hear the e-Estonia story or implement e-services in your country or company? Look at our services and contact us – we’ve got you covered!

Resource: e-estonia

10 things to keep in mind when starting to build an EdTech startup

May 15, 2024

by Märt Aro

Thousands of educational challenges can be solved with the help of technology – with an EdTech startup. You might have an excellent idea of how to solve one or more of those challenges. To support you, here is some of the most common advice experienced founders give new founders.

1. Don’t start building before you have feedback from your target audience that they would be willing to use/pay for such a tool you have in mind building. Yes, make a nice presentation/mockup, and get honest feedback. Try to make pre-agreements already.
2. Keep focus. If you are building your first EdTech startup, try to build as narrow-scope MVP (minimum viable product) as possible and scale this. Building-wide products are much harder, and going this way, there is a bigger risk that you / your team will run out of steam before getting to enough customers to sustain your team providing a high-quality service.
3. Don’t stay in the vicious cycle of “need to build this one more feature for success”. Often it isn’t true. Nordic startups continue building but forget to set up appropriate marketing/sales. But guess what, it doesn’t matter how much you build if nobody knows about your amazing product.
4. More than 50% of the world runs on 2G internet speeds and more than 50% of internet users globally are accessing it via Mobile. Let that sink in.
5. Choose a major language that is likely understood by your target audience as the base language of your system, so if you are doing updates in the system and lose a translation file, users will still be able to figure out how they can use your system.
6. Build international from the beginning. It’s OK to take a first test in one (small) country, but each country has its own specifics. Better consider them in your architecture. Otherwise, you might have a significant headache when crossing country borders as you have “built yourself stuck” in the country.
7. Business model wise. Ideally, the end user can:a) identify that your product is suitable for them,b) make the decision on their own that they benefit from your product and take it into use andc) be the budget holder (read: pay for the product for themselves without major headache).The easiest way to achieve that is by developing “microservices” instead of wide vertical services.
   There are many alternatives: your end user can identify that the product is good but needs to involve other people to decide on implementing your product; needs to involve others to implement your product; somebody else pays for the product. Those alternatives may also work but can be a headache for scaling.
8. Your product is not strategically critical.If you are a startup, it can be very difficult to prove that you are worthy of the trust of your customers. It’s easier for the customer to make a decision if it adds value but their career/life does not depend on the product.
9. Be aggressive.Building EdTech startup is hard, and there is a lot of noise. If you want to survive in this world, you need to try all doors, windows, and chimneys to get the things moving that you want to get moving. Nobody will lay red carpets for you even if you have the best product for solving a specific problem.
10.  Evidence.As soon as possible, collect as concrete evidence as possible on how much value your solution creates for your customer (e.g. my product makes this: 10x cheaper; 50% faster; 80% students feel happier, etc.). This will make proving that your product is valuable and a successful EdTech startup is much easier.
11. Mind the science.Make sure there is scientific research to back up your education-related claims and aspirations. Be thorough and unbiased; your product could potentially affect a lot of people all over the world.

Resouce: e-estonia

EdTech: Estonian thriving development cooperation

May 13, 2024

by Peeter Vihma

Education in Estonia is free for everyone, and Estonian children have scored in the top positions on PISA tests for years. Combine this with an innovation-driven mindset and autonomy of schools and teachers, and Estonia is an ideal testbed to develop new educational technologies and distribute them beyond our borders. Estonia has recently directed its efforts into development cooperation, and ed-tech plays a central role.

Small but smart 

Being a small state creates unique conditions for cooperation between private and public entities and different branches of the government.

Development cooperation is curated by The Estonian Centre for International Development (ESTDEV). It works closely with Education Technology Estonia (EdTech), an umbrella organisation for technology companies. They cooperate closely with the Ministry of Education of Estonia to better understand Estonian needs and share Estonian know-how more widely than just focusing on technology. This kind of close-knit network is beneficial both domestically and internationally.

“Interest in Estonian expertise is quite big not only among individual countries but also among the World Bank and organisations such as Global Partnership for Education. But since we do not have ample resources, we must think carefully about what expertise we can offer and how to utilise the private sector’s know-how,” says Kristi Kulu, Programme Manager for Education at ESTDEV.

“So, instead of flooding them with resources, we think with the recipient countries about their needs and the steps to achieve them. We want our projects to solve real problems in recipient countries.”

One of the most important outcomes of this kind of cooperation is the sustainability of development cooperation results and the systematic implementation of technologies. For example, ESTDEV led the building of a kindergarten in Ukraine and then supported the capacity building of the teachers. This included introducing the well-used Estonian-made teacher-parent digital interface Eliis. Instead of using it in just one kindergarten, thanks to cooperation with local authorities, it has been implemented in 16 kindergartens in Ukraine.

Support for teachers is the key to success domestically and abroad

According to a recent survey, at least 75% of Estonian teachers use digital tools. Besides Elliis, which is used in most kindergartens, among the most widespread are eKool, a platform through which students, teachers and parents communicate, and Opiq, a cloud-based learning environment.

“We see two drivers for implementing new technologies in education,” says Sabina Sägi, Head of research cooperation at EdTech Estonia.

“The demand comes from the children. They are well versed with technology and recognise that digital skills are necessary for getting a good job.”

“But the immediate driver for supply is the support that EdTech offers teachers. With so many technological solutions on offer, this makes the difference. Even the best gadgets will gather dust without proper and continuous schooling.”

Similar tendencies are visible also globally. According to Ms Kulu, the most successful projects are the ones which have a high-level framework and address the educational system as a whole.

For example, the history of cooperation between Estonia and Kenya dates back many years and is formalised in an agreement between the two countries’ ministries. This has allowed us to focus on harnessing Estonian know-how in the context of reforming the Kenyan education system.

“We are addressing the teacher’s competencies on many levels, from cooperation between universities to exchanging talented IT students to implementing specific software,” says Ms Kulu.

Specifically, in the Digital Explorers talent exchange program, 10 out of 20 Kenyan talents in Estonia are interning in education technology companies.

Success stories in Kenya

Cooperation between Estonia and Kenya is visible on many levels. For example, 60 school directors recently visited Estonia to see how technologies are used in the classroom. In April 2024, an Estonian trade mission to Kenya focused on intelligent solutions for education innovation.

Regarding specific ed-tech solutions, two of our most successful ones in Kenya are the Opiq, as mentioned above, a cloud-based learning environment, and Triumf.Health, a mobile game promoting children’s mental health and socioemotional learning.

Cloud-based learning in Kenyan schools

Founded in 2014 in Estonia, Opiq offers digital study materials and a learning environment that facilitates teachers’ work. Its success in Kenya is notable, given its size and cultural heterogeneity. Today, Opiq contains fully digital textbooks from Kenya’s leading educational publishers and hosts over 120 study kits. Opiq even has its headquarters in Kenya to ensure the environment is constantly developed and improved.

According to Antti Rammo, CEO of Star Cloud and the developer of Opiq, the main challenge in expanding to Kenya was finding the initial partners.

“The Estonian honorary consul, with an impressive network, significantly contributed to finding partners. The development cooperation project initiated by the Ministry of Foreign Affairs also played a key role. Once initial relationships were established, identifying potential partners in Kenya was not difficult,” says Mr Rammo.

Addressing mental health in the education system

Another internationally recognised technology, Triumf Health, has been targeting the mental health of children aged 7-12 through severe evidence-based gaming in the context of education. In their subscription-based game environment, children are guided through a fun journey through Triumfland to empower them and teach them skills to build mental resilience.

Recognising their evidence-based method, Triumf Health was the world’s best tech in the health and wellbeing category in 2022 at the UN World Summit Award.

“The need for mental health support has grown, and we have shown that technology can relieve the problem,” says Dr. Kadri Haljas, CEO and founder of Triumf Health.

“But when we leave mental health issues to the medical system and don’t deal with them at schools or home, we are mostly focused on dealing with consequences. I am therefore pleased to see that countries all over the world are waking up to the fact that mental health needs to be addressed within the education system”

These are just two examples of successful development cooperation results. Although small, digital technologies allow Estonia to contribute to education worldwide well above its weight.

Resouce: e-estonia.com

Estonia’s digital ambassador: Nele Leosk’s journey and insights

April 17, 2024

by Justin Petrone

Nele Leosk, ambassador-at-large for digital affairs at the Estonian Foreign Ministry since 2020, reflects on Estonia and e-Governance.

Nele Leosk has led extensive digital, economic, and governance reforms in various countries around the world. Whether working in academia, as a consultant, or for the government, she has become a highly sought-after expert in e-governance.

We recently interviewed Leosk about her current role as ambassador-at-large for digital affairs, the state of e-governance, and the global role that Estonia continues to play as a pioneer and instigator.

How did you get into GovTech? Was it a personal choice, or did someone encourage you to become an expert?

I have worked developing our digital space for the past 22 years. I got my first glimpse into the area in the early 2000s when I worked at the Estonian Ministry of Economic Affairs and Communications, which is also responsible for digitalisation in Estonia. When I was looking for new opportunities, my colleagues from the digital branch introduced me to the e-Governance Academy that the Estonian government had just founded, the United Nations Development Program, and the Open Foundation. I looked it up, and it seemed interesting, though I didn’t know much about e-governance back then.

It was the time of digital identity, the time of X-Road®, and the time of laying the legal framework that enabled the development of an open, inclusive and safe digital society. In a way, digitalisation gave the impetus for modernising Estonian culture. Quite a bit was happening even before 2000. Several preparations had started earlier, such as the introduction of the eID. We all know about the Tiger Leap and Look at World – the initiatives that introduced Estonian people to the internet and digital technologies. These also happened before then.

So, I started to work at the e-Governance Academy. Initially, I worked closely with questions about digital democracy; then, I served as a program director for digital education and skills. Later, I was involved in different areas of digitalisation. I led economic and government reforms all over the globe, from Haiti to Mongolia, from Tunisia to Ukraine. It was fascinating. Implementing reforms and achieving results in different economies and political, governmental, and cultural environments was also challenging.

Since then, my career path has always involved digital technologies from different fields and regions in other organisations. I have worked with political leaders and high government officials and have been hands-on in developing services and e-participation tools. I have experience in academia, international organisations, and the private sector. After 11 years abroad, I returned to Estonia and started to work on the foreign policy aspects of digital technologies at the Ministry of Foreign Affairs of Estonia.   

What does your current job as ambassador-at-large for digital affairs entail?

Digital diplomacy has been rooted as an essential domain in foreign politics in recent years. The space and scale of technological development and the impacts of these on the economy, democracy and security are immense. For example, comparing current developments to the 2000s is a very different scale. 

Digital technologies do not recognise borders. They bring along opportunities and globalisation. Estonia has benefitted from these. It is not an understatement that digitalisation put Estonia on the world map, with our digital services and startup scene. Estonia is looked up at around the globe, and rightly so. 

But, increasingly, digital technologies bring along risks. Privacy is being violated, and cyber-attacks and technological interdependencies are increasing. What is also a concern is that technological developments are concentrated in very few countries, and big tech and their platforms have increased influence. There is quite a race for digitalisation. 

So, how can we globally ensure technologies are used for good and not for bad? How do we make sure they are used democratically and not autocratically? How do we ensure that everybody benefits from technology, not just a few? How do we make sure that everyone has the necessary skills and capacity to use these technologies: countries, towns, companies, universities, schools, people, also public officials and diplomats? Finding answers to these questions unites diplomats working on tech issues.

But aside from these global issues, I also have the pleasure of representing Estonia globally, our developments, companies, and interests. We recently adopted our digital diplomacy concept paper, which includes several main work streams. Besides global technology governance, it also covers digital cooperation and economic diplomacy. As part of Estonia’s digital diplomacy, e-Estonia still has a substantial role. This is how Estonia is known to the world, and maintaining and increasing Estonia’s global position is one part of Estonia’s digital diplomacy.

Are there special conferences or forums for digital diplomats and cyber attaché where you talk about these issues?

Increasingly so, both in the EU and globally. There is an active network of EU digital ambassadors. We work closely with the European External Action Service, like the European Ministry of Foreign Affairs, and other EU and international organisations, such as the UN. Increasingly, big tech companies are at the table. We have a very close network that I am very grateful for, as this is where we share our views, discuss different topics, and support each other. 

We also gather globally and often attend events around digital and technology governance.

Is Estonia still seen as a pioneer when it comes to GovTech?

Estonia still has a strong global position and is known as a digital leader. And rightfully so. I have not come across a society where everything comes so holistically together. We can conduct most of our public and private business digitally and conveniently. Digital signatures, for example, have made my life so much easier, especially when living abroad, from selling my car to voting via the internet. Still, we also need to be mindful that though Estonia leads in the public sector in digitalisation, we also have to take our industry and companies to higher levels and complexity of the use of technologies. The other aspect we need to understand is that it is increasingly challenging to keep up with the technological developments and investments in infrastructure, as the need for computing power is increasing. But Estonia has always been an intelligent adopter and a brave implementer of technologies, and further investments are needed to keep this going. 

Of course, global expectations for Estonia are high, too. In my field, there are several areas that we need answers for. Estonians are expected to have many answers to these common issues that technology brings. AI governance, data governance, and cross-border data sharing require a lot of resources to understand the problems and what is at stake. 

Estonia has influenced several EU developments, such as the European Interoperability Act and European eIDAS, as Estonia had prior experience here. 

You have advised governments in Europe, Asia, Central Asia, Africa and the Middle East. What sets them apart or makes them similar?

Now that we are many years into digitalisation, we have come to realise that despite our differences, there are so many similarities, joint problems and solutions to these problems. For example, all countries need digital identity, data-sharing solutions, registries, and payment systems. This has put co-creation, sharing and re-use of digital solutions on the global agenda. Digital public infrastructure, digital public goods, and digital commons – these trends support openness, sharing, and building on existing experiences. 

Estonia’s X-Road is a perfect example of a global public good that has been re-used in many countries. GovStack – an initiative that Estonia co-leads with Germany, the International Telecommunication Union, and DIAl, is another excellent example of global cooperation that builds on similarities. Amidst these trends, we should not forget that digitalisation is much more than technology, and solutions comprise only a tiny part of the whole. 

But, of course, there are also differences. Differences in economic level, income, and size of a country influence our digital paths. We see countries in the Middle East moving fast, using cutting-edge technologies. However, some countries must consider illiteracy issues and require more electricity when designing digitalisation programs. 

Still, cooperation is essential, regardless of where we stand. Several of the emerging topics are common to all of us. There are challenges that Estonia, or any country alone, may need help to solve. We must find ways to fight disinformation, protect our citizens’ privacy, and regulate tech companies. The EU has been a pathfinder here, and I am glad that some of what we have done in Estonia or the EU could benefit others and the other way around. 

Resouce: e-estonia

GovTech for sustainable development goals

April 17, 2024 by Peeter Vihma

Governments worldwide are attempting to do their part to fulfill sustainable development goals. How can GovTech help?

Not just any “public good”

The world faces enormous challenges of unsustainable energy and material use, degradation of biodiversity, and crumbling of democracy and global justice. Governments are tackling this by, for example, setting up missions to solve problems in cooperation with the private sector. However, until recently, little attention has been paid to understanding GovTech solutions about the Sustainable Development Goals. This is a gap that Alena Labanava, PhD student at the Institute of Software Science at Tallinn University of Technology, is aiming to fill.

Educational gaps for public sector administrators

One of the first tasks that Ms Labanava set herself was assessing the role of an e-government education programme of TalTech in achieving SDGs. It is the study program where most current and future public administrators in Estonia come in close contact with the potential of GovTech. Her research was done on a cohort of students consisting of current mid-career public sector professionals.

The most significant finding from this research is the growing interest in the contribution of digital government to affordable and clean energy (SDG 7), reduced inequalities (SDG 10), responsible consumption (SDG 12), and climate action (SDG 13). 

“The results show that it is not just any solutions dubbed as “public good” that the administrators are interested in, but they are actively seeking solutions in specific areas,” says Ms Labanava. These areas of digital government education have the potential to improve. }

Evaluating GovTech by SDG-s

Ms. Labanava’s next step in her research is to create a catalogue of GovTech solutions and place them on the map. 

“Inspiration came from the GovTech Catalogue designed by the GovTech Connect project, but I think this can be improved,” says Ms Labanava. “It currently shows only labs and accelerators, but not individual solutions. We also want to classify them by SDGs so that public administrators can easily track what problem they solve.” 

Having assembled a small team, the work on the catalogue has just begun. The plan is to collect a list of companies and check how and where their solutions have been used (success stories and use cases) so that it would become a handy tool.

“The market for GovTech is global. Public sector employees need to know what solutions are being produced not only in their own country, Europe, and elsewhere,” says Ms Labanava.

A global picture is essential for accelerating the adoption of already well-working solutions across geographies and helping public sector procurers make better-informed purchasing decisions.

Addressing the bottleneck of implementation 

Providing a comprehensive overview is crucial, but implementing any solution requires cooperation. This is why governments in Europe and elsewhere are setting up InnovationLabs, Bootcamps, and Accelerators. Their main aim is to catalyse innovation between the private and public spheres. 

In Estonia, one promising initiative is Grab2Go, which aims to improve the health and well-being of vulnerable areas by developing automated pharmacies. For them, the main challenge is not technological but legislative. This is what their cooperation with Accelerate Estonia is focused on.

Grab2Go solution optimizes resources by enabling a single pharmacist to assist patients from any corner of Estonia through video consultations, breaking geographical barriers. It also grants pharmacists more time for face-to-face consultations, allowing them to apply their expertise effectively.

However, even testing automated pharmacies in rural areas requires amendments to the Medicines Act.  “We set up a test machine in one of the rural areas in Estonia, but due to legislative constraints, we were only able to operate it during the opening hours of the actual pharmacy,” says Olari Püvi, head of Accelerate Estonia. “This did not provide us with the necessary advantage nor the data that we required, and that would not bring out the benefits of an automated system.”

Hence, besides conducting risk analyses with mitigation strategies, the collaboration between Accelerate Estonia and Grab2Go is focused on legal changes. It would bring Estonia’s sustainable goals a step closer.

Resouce: e-estonia

Madis Tapupere: the evolution towards a more personalised, complex, and integrated digital state

April 17, 2024

by Peeter Vihma

Article content

Rare is a glance into the head of the Chief Technology Officer of Estonia. Having been in office for three months, Madis Tapupere agreed to share his ideas on some of the country’s challenges. We discussed the “personal state”, the EU integration and the development of systemic capabilities of a digital state of growing complexity.

The challenges for the state as a whole

How have the first three months in the public sector been?

I am settling in. In some respects, a country is unlike a big company with a complex digital system. What is new compared to the private sector is understanding how many activities are rooted in laws. In a private company, the board can decide instantly and move on. Important changes in the whole country, however, need regulation change. And it takes a lot of energy to change a big system. I am trying to get a feel for the suitable methods for driving change. Finding a balance between autocracy and collaboration is the key. I follow the “narrow waistline” principle: I try to focus on the most important things instead of controlling everything.

What is your vision for your time in office?

Although it is still in formation, I see multiple areas where we need to address the bigger challenges for the state as a whole: first, further development of general state capabilities, such as advancing the “personal state”; second, EU integration and, third, developing systemic capabilities to address business, data and technology management challenges, including cybersecurity.

And then, there is the task of finding a suitable approach to dealing with these topics. For example, the “personal state” aim can be tackled using a startup mindset, but several other challenges are like those of large companies. How can we innovate in the face of growing complexity and backlog? The existing must be preserved and renewed at the same time.

Therefore, in some areas, we need streamlining, but in other areas, we need to simplify the business and the process side, and hopefully, this will free up hands to deal with new capabilities.

Taking the idea of a “personal state” to the next level

What is your attitude towards the idea of a “personal state” – event-based, invisible, personalised, and integrated digital services for the citizen?

As a strategic goal, a “personal state” is valuable. It relies on principles such as citizen-centred and easy-to-use state services and the once-only principle of data clarity and findability prevalent in several countries. However, while some countries focus on goals we have already achieved, such as information exchange between databases, we should take it to the next level by improving the user experience.

I also recognise that the “personal state” idea goes a long way for Estonia. I have already mentioned that good information exchange between state systems is the foundation of our digital state. Event-based and as invisible as possible services have also been in the works for several years. The added values resulting from data usage are more future-looking and, therefore, blurrier. The challenge is providing a cross-country service within a distributed organisation like our country. And this is not a technology challenge, at least initially, but a governance challenge. Each register in Estonia has its own responsibility, as specified in the law. A citizen-centred view requires changing these basic principles.

In short, the “personal state” is the vision and the direction along which we are going, and our immediate task is to understand where the low-hanging fruit is. The criterion for finding them is the value to the citizen.

Giving people more control

What are the main challenges for developing the “personal state”?

The privacy control mechanism is one of the central questions in developing a more person-centred and invisible service. The more personal the state services become, the more means of control must be given to the person. Otherwise, there is a risk of growing resentment, because we already see that the digital state is not universally accepted by everyone. This tendency must not be exacerbated. Rather, we must find ways to ensure citizens are in control when interacting with the digital state. This can be done by developing consent services and data trackers.

Do you feel you understand things when you go to FB privacy settings? Using data in a large system is difficult for developers and users. How do you convey this info to people? How do you empower people to go along with it? These are the pressing challenges we need to address.

We have been taking the first steps in constructing consent management in Estonia. For example, everyone will have an overview of the use of their data at the Eesti.ee level. However, as we develop our personal state further, the consent service must also be developed to make the complex world understandable and manageable for people.

Innovators dilemma in integration with the EU

Where do you see the challenges and opportunities for EU digital integration?

I would phrase our biggest issue here as the “innovators dilemma”: what brought us here may not take us further. The prerequisites for Estonia’s success may not be applicable in the wider world, and vice-versa — the solutions of the wider world may not fit well with our digital society. My task is to maintain the prerequisites for our success, such as tightly integrated registries, and fit in other solutions and work methods that address the needs and situations of other European countries.

The Digital Identity Wallet is a good case in point. We have used eID and direct system-to-system integration in Estonia to handle personal data. The wallet introduces a new one whereas the data is carried along in the wallet as certificates. You ask for data directly from the register or transfer them through the wallet certificate. Adopting the Wallet logic in Estonia poses some challenges that must be addressed.

Estonia is developing a wallet as a nationally approved and functional authentication and identity verification method. The next step is to develop its capacity as a platform. We are developing a strategy along with the use cases for this.  We know, for example, that Estonia already supports using a digital driver’s license in the EU and elsewhere. However, making a comprehensive road map of the additional possibilities is too early.

In the bigger picture, I see an analogy with open banking. After forcing the banks to open their APIs, a whole ecosystem of certified startups and fintechs emerged. I suspect a similar pattern will also emerge in conjunction with the Wallet.

Estonia: an evangelist with a sense of empathy

What is Estonia’s role in these developments in the interoperable EU?

Regarding data interoperability at the EU level, we must distinguish between two options. First, where there are specific needs, such as stemming from regulations, the data exchange is built up specifically based on these needs.

Secondly, we are also building the foundation of a more general data exchange.  We are supporting the emergence of a broader data exchange ecosystem in the form of “data spaces”. It is a structured description of workflows, data exchange, and how data is agreed upon and monetised. Estonia is involved in the experiments at the EU level, and the future version of our X-road will integrate in this direction. It is an interesting time of emerging standards and proofs-of-concept, so we are closely monitoring this.

I see Estonia’s role in adding pressure to increase ambition. We have real-life experience of how a well-designed digital state can function. Sure, we must accept that everyone’s ability is not the same, but we can be the ones who say that things are possible if done well. Sort of evangelists in what we believe, but also with a sense of empathy.

Technology as an asset

How to deal with the common problem of all systems: legacy?

We must ensure we direct enough active interest towards managing the legacy. In Estonia, we constantly deal with legacy systems, and it is an accepted justification for current investments. However, there is little cross-national management information on the situation.

One of the sources of difficulties is that “a legacy system” does not have a clear definition. It is at least partly subjective. For example, a way to define a legacy system is “system that works”.

However, legacy needs to be addressed because this allows a country to be clear about its limitations. Strategic choices can be made when there is an understanding of what can and cannot be done. This allows meaningful portfolio management and directing of resources. Instruments for dealing with legacy are diverse: technological innovation, cutting the system into smaller pieces and changing them, or even completely rewriting the business process. In the end, we may even have to shut a system down. We need to ensure the pile of stones is not allowed to get too big so it can no longer be stacked around.

The principle I would like to establish is that technology is an asset. Technology is not only an investment that does something new. It is an asset with characteristics, risks, and costs; therefore, it must be managed so that the risks do not become too high and the costs do not become too high. In this way, we can get the maximum out of our portfolio.

Has digitalisation gone too far?

What is your attitude towards the “twin transitions” approach of aligning digital and sustainable transitions?

We need to take the turn to sustainability as one of the parameters of technological development. Some aspects we already share with it, such as optimisation and resource efficiency.

If we accept that all technology management has a cost and creates complexity, then we can clearly see that, in some places, digitisation has gone too far. We should start at the business process level and pressure our operations to optimise.

This capacity could be improved on the national level. The beginnings are there as the capabilities of service management and service portfolio management are already in place. Activities in this field will continue in the context of the green transition. Having a clear map of the scene is its prerequisite.

Resouce: e-estonia

A year of advanced threats and global tensions: Estonia’s cybersecurity scene in 2023

April 9, 2024

by Blessing Oyetunde

Last year, Estonia’s cybersecurity scene was heavily tested, with the Estonian State Information Authority(RIA) documenting 3,314 cyber incidents that impacted their annual assessment. The report details the growing complexity of threats Estonia faces, including an uptick in DDoS attacks and sophisticated phishing efforts, while reflecting on the nation’s ongoing efforts to bolster its cyber defences.

A year of unrelenting cyber storms

2023 witnessed an alarming surge in Distributed Denial-of-Service (DDoS) attacks, with Estonia grappling with a staggering 484 incidents – 182 more than the previous year. These attacks aimed to cripple critical digital services by flooding servers with excessive requests. A notable case targeted Ridango, disrupting the state-owned Elron train service’s ticket sales system for nearly a day.

Ransomware attacks also emerged as a grave concern, targeting diverse sectors, from healthcare to manufacturing. The Asper Biogene data breach was a particularly high-profile incident where the medical and personal data of approximately 10,000 individuals was compromised. This breach occurred when attackers, exploiting weaknesses in cyber hygiene, illegally accessed and downloaded sensitive information from the genetic testing company’s systems.

Global tensions ripple through cyberspace.

Exacerbating the cyber threats faced by the nation were the ripple effects of global crises, including Russia’s aggression in Ukraine and the Hamas-Israel military conflict. As Gert Auväärt, RIA’s Director of Cyber Security, stated, “Besides Russia’s continuing aggression in Ukraine, 2023 brought an outbreak and escalation of the military conflict between Hamas and Israel. We saw – and will continue to witness – a growth in ideological ‘hacktivism’ expressed in denial-of-service attacks against the government, financial, transport, and media sectors.”

Among others, one incident points to the far-reaching impact of these global tensions. In November, as Estonia grappled with a cold snap, cyberattacks targeting Israeli-made heating controllers disrupted the Estonian district heating network, demonstrating the vulnerability of local infrastructure to digital threats from distant conflicts.

Furthermore, the cyber threats of 2023 exhibited an advanced level of sophistication. For one, DDoS attackers engaged in dual-phase operations, initially probing defences with short attacks followed by more aggressive and sustained assaults. Many of which were, again, politically motivated, linked to Estonia’s support for Ukraine and the imposition of sanctions against Russia.

8.3M euros lost to fraud

The report also revealed a sharp increase in cyber fraud, inflicting financial damages of at least 8.3 million euros, with telephone fraud alone accounting for 3 million euros. This uptick signalled a strategic shift in cybercriminal tactics targeting individuals and corporate organisations. Prevalent schemes included sophisticated phishing emails, deceptive calls pretending to be from trusted authorities, and complex Business Email Compromise (BEC) attacks.

Meanwhile, cybercrime has transitioned from bare, deceptive acts to highly organised, sophisticated operations. Using cutting-edge technologies like AI and machine learning, criminals fine-tuned traditional fraudulent methods while innovating new strategies to exploit their targets effectively. The rise of BEC schemes further complicated the threat scene, where fraudsters executed carefully orchestrated plans to redirect corporate funds.

Proactive defence: Estonia’s cyber resilience strategy

Taking a proactive stance, Estonia reinforced its cybersecurity defences with several key initiatives. The RIA’s Red Team, established to test and enhance the security of information systems, engaged in sophisticated simulations, including phishing emails and physical penetration testing, to uncover vulnerabilities within governmental and corporate infrastructures. This proactive approach proved critical in preempting potential cyberattacks and ensuring the resilience of vital services.

Likewise, the RIA Red Team’s services were offered to government departments and companies aiming to fortify their cyber defences. Over the past year, the team conducted phishing attempts targeting more than 14,000 individuals across central and local government bodies and the private sector, revealing a 30% susceptibility rate among recipients. This, in turn, reiterated the need for continuous cybersecurity awareness and risk mitigation.

Complementing its security measures, Estonia launched comprehensive prevention campaigns to enhance cybersecurity awareness among businesses and the general populace. Additionally, implementing the Estonian Information Security Standard (E-ITS) across approximately 3,500 organisations highlighted a systematic approach to safeguarding the nation’s digital ecosystem.

The global cyber battlefield

As for the broader view, international cyberspace in 2023 was heavily influenced by geopolitical tensions, particularly Russia’s invasion of Ukraine and the escalating conflict between Israel and Hamas. These tensions manifested in a range of cyber activities, from state-sponsored groups engaging in espionage to widespread ransomware attacks disrupting critical infrastructure and businesses globally.

At the same time, the cybercrime scene continued to evolve, with financial motives driving sophisticated schemes like BEC attacks and ransomware campaigns. Notably, attacks on crypto trading platforms showcased the intersection of cybercrime and state funding, while hacktivism sparked DDoS attacks against various sectors in countries engaged in geopolitical disputes.

Ransomware attacks remained a significant threat, with the Lockbit group’s attack on the UK’s Royal Mail disrupting international mail services. At the same time, data breaches posed a serious concern, with T-Mobile admitting a leak affecting 37 million customers and the UK Electoral Commission’s data breach revealing the vulnerability of personal information.

The year, we also witnessed a collaborative international push to enhance cybersecurity measures, focusing on dismantling cyberespionage tools. Alongside these efforts, there was a unified movement toward strengthening cybersecurity protocols, which included restrictions on applications like TikTok on government devices.

Cyberspace in 2024

According to the report, the cyberspace scene in 2024 will be reshaped by two major forces: the pivotal role of artificial intelligence (AI) in cybersecurity and the enduring impact of geopolitical tensions on cyber activities.

AI is emerging as a double-edged sword, with its capabilities being harnessed by both defenders and adversaries. While security experts race to develop innovative AI-driven solutions to outsmart emerging threats, cybercriminals leverage AI to craft increasingly sophisticated cyber attacks.

Concurrently, the persistent geopolitical tensions between Russia and Ukraine, coupled with the escalating Israel-Hamas conflict, continue to cast a long shadow over the global cybersecurity domain. These crises are poised to influence cyber activities on a broader scale, with potential implications for high-stakes events like the European Parliament elections slated for June 2024.

Resource: e-estonia

Cyber attaché Lauri Luht: “We aim to provide Ukraine with the assets, technology, knowledge, and training it needs.”

March 13, 2024

by Justin Petrone

Western countries, including Estonia, have supported the Ukrainian government with cyber security tools, services, and expertise for years. Last year, they decided to make that support a little more official. On 30 May 2023, representatives from Estonia, Canada, Denmark, France, Germany, the Netherlands, Poland, Sweden, Ukraine, the UK, and the US signed an agreement called the Tallinn Mechanism.

Under the Tallinn Mechanism, officially launched on 20th December, Ukraine’s cyber security needs will be systemised and coherently matched to donors. In addition to government support, tech firms and NGOs also participate in the Mechanism. For this reason, Estonia will allocate €500,000 to support it. Estonia is also running the front office for the Mechanism from its embassy in Kyiv with a specially dispatched cyber attaché to support the effort. (The back office is located in Warsaw.)

His name is Lauri Luht, and he arrived in Kyiv in September after serving as head of Eastern Partnerships for the Estonian Centre for International Development and head of the National Situation Centre for the Estonian government before that. Most of his career has been focused on cyber security and crisis management. So, naturally, when he got to his desk in Kyiv, he was first asked to set up the office printer. “It was just classic,” says Luht, who recently described his experiences in an interview. However, there are pitfalls to being a cybersecurity expert. All of his friends hit him up now and then for IT advice. Yet Luht majored in international relations. As such, he is particularly well suited for his role as a cyber attaché.

Other than setting up the office printer, what does a cyber attaché do?

I am here supporting ten donor countries for the Tallinn Mechanism, setting up routines and information exchanges, trying to manage any obstacles, and providing all the nations involved with relevant information. Estonia took the lead in this framework and the Mechanism itself, and there was a promise to send someone to work every day with Ukrainian government agencies and support their needs. The Mechanism requires someone to ensure that everyone is content with the support for Ukraine and that the Ukrainians are content with the support they receive. It’s very much a nascent position. Nevertheless, giving direct information daily is what should be done. We are just starting. When we go to implementation, I will support projects, maintain close contacts with the industry, and ensure everything goes smoothly on site.

Does every embassy have a cyber attaché?

I would say it’s quite rare. People in different embassies cover cyber, but there is usually no dedicated person only for that. I’m here specifically for the Tallinn Mechanism. In other Estonian embassies around the globe, some people cover cyber, among other related issues.

What is Kyiv like these days? Did you have to take the train from Poland?

There are different options. I prefer the train. Some delegations travel by car or minivan. But, of course, Kyiv is beautiful. It’s a big city, a great city. All the shops are open, and if you don’t mind the curfew or air alerts, you would consider Kyiv like any other city. But unfortunately, Kyiv, like all of Ukraine, is at war. Some things have gone on as before, but we shouldn’t try normalising the situation. It’s everyday life, as normal as it can be. I like to ask people, can you imagine air raid sirens, going into shelters, or being stopped at guards’ posts when you enter the city or government areas in your own country? Of course, the answer is no. Humans try to make our situations seem better or see them differently. It’s worth mentioning that Kyiv is different from many other places in Ukraine. It provides safety for a lot of Ukrainians who come here.

Various states have provided cyber security assistance to Ukraine ad hoc for years. What has Estonia been doing?

In bilateral terms, the US has been the biggest donor in terms of gross amount. From the Estonian side, we didn’t start our support for Ukraine when the full-scale invasion happened back in 2022; we were there long before. There has been a long-term partnership and cooperation between our cyber security agencies in training and capacity building. Of course, it is not comparable to the hundreds of millions invested by more prominent countries. Still, whatever we can give, and whenever we are able, given our experience and knowledge in this area, then that is what we have been doing.

But given this previous support, why was there a need for the Tallinn Mechanism?

Suppose the same or different authorities contact different countries with the same or different needs. In that case, the donors meet in Kyiv and have to ask, ‘Okay, are you already doing this or that?’ Then, it’s not as productive as planning and identifying the broader needs, such as technology support, licenses, and training, and doing it collectively so that everyone can check in.

Ukraine is huge—it is the biggest country in Europe. That is one reason for better coordination between the donors, so that they can see who can provide what and do it together and to ensure the Ukrainian side that different authorities will look at their common needs.

Certain services or technology are not needed by just one agency but might be used by several. Both options are valuable. The main objective is to make our assistance more efficient in the long term.

What do the Ukrainians need that they don’t have?

If you look at the market, some big vendors have different software, servers, and hardware that are not built in Ukraine but elsewhere. In terms of software and services development, of course, it’s something Ukraine can do. Still, some things are developed in security and can be contributed, including Ukrainian businesses. The best combination always wins. We try to accomplish this with our Ukrainian colleagues and donor countries. They agree on what services or developments are needed on site. There might be some things that can be done only on-site, and others only delivered from elsewhere.

Have the cyber security challenges changed since the start of the war? How?

They have become more intense toward critical infrastructure. If cyber attacks don’t take them down, they will be followed by bombs and rockets. It covers all spheres: banks and telecommunications. There was a huge cyber attack on Kyivstar, the biggest telecom company in Ukraine, which has more than 24 million clients. They had a total blackout for several days in December. And every new service they implement gets attacked immediately.

What does Estonia bring to the table?

Being on-site and supporting them on-site. That is very valuable for Ukraine, us, and our partners. Some countries still find it quite challenging to be here daily. It has been a long-term relationship, with long-term trust established, and even though Estonia’s monetary support cannot compare to the US, UK, or other larger countries, Estonia can contribute with support and activities on site. We also have very good solutions and good companies that can contribute to cyber security efforts. That’s not something to underestimate. However, regarding the Tallinn Mechanism, being in the front office is an Estonian contribution. We are here to work with the Ukrainians, meet their needs, and help improve things. It’s a very clear contribution. There is a back office in Poland, which is very important. They’re the ones, the cogwheels of the daily operations of the Tallinn Mechanism. Their role will be important in the implementation phase.

What should we expect out of the Tallinn Mechanism this year?

We aim to quickly provide Ukraine with the assets, technology, knowledge, and training it needs. Ukraine, of course, tells us what it needs. We don’t press them on what they need. They say what they need, and we quickly deliver. But we also aim to provide a long-term, stable mechanism for years to come, not only quick support on site. We can quickly provide what they need in a coordinated manner. And their needs are huge.

Resouce: e-estonia

Ukrainian digital journey: Estonia’s role in Ukraine’s EU integration

March 13, 2024

by Peeter Vihma

Estonia and Ukraine have cooperated on digital development for more than a decade. However, this collaboration has grown more intense and important as Ukraine integrates into the European Union.

Why Estonia?

In recent years, Ukraine has evolved into a global GovTech powerhouse. It showcases digital solutions that have yet to be developed in many EU countries, such as digital IDs or driver’s licenses. In line with Ukraine’s goal to make 100% of public services available online, almost 20 million Ukrainians already use the Diia application to access key documents and government services.

Estonia has been closely engaged with the Ukrainian digital success story. The main partner for Ukrainian-Estonian digital cooperation has been the e-Governance Academy (eGA). Why has this cooperation endured?

“eGA came to Ukraine first in 2012 to support the digital development of local government, and since these projects were successful, they led to more ambitious projects on national level,” explains Dr Oleg Burba, Senior Expert at e-Governance Academy

“Probably the most prominent was involvement in developing the Trembita data exchange system, which has Cybernetica’s UXP at its core and is similar to the X-Road. So, at least partly, trust in eGA has been based on the success and flawless operation of Trembita.”

“Ukrainians have appreciated the practical and sustainable orientation of eGA. Their projects have always included Ukrainian experts instead of acting as paratroopers who fly in and solve problems. It has always been like a symbiosis,” adds Oleksandr Kozlov, senior expert on eID at eGA.

“Although other countries can build internal systems, Estonia has the unique capacity to share its experience and know-how through the wide pool of experts at eGA, many of whom have been directly involved in developing the Estonian digital state.”

War created pressing needs

In digital cooperation between countries, it is easy to lose the development process in the cracks of short-term projects. Ukraine proves that this is not inevitable.

“War in Ukraine has created a need for continuous and fast development of Ukraine in the digital realm. We cannot afford projects after projects that end with useless reports. Rather, we see the development as a continuous process where projects are only ways of funding and focusing activities,” comments Dr Burba.

“Ukraine was lucky to have main state systems and registries before the full-scale war. This helped us develop new services quickly. For example, Trembita provides services for internal refugees, relocation and work services, and compensation for damaged properties.”

Developing an electronic ID with Estonia

The cornerstone of digital services is digital identification. EU4DigitalUA project played an important role in developing this in a country where, due to its large size and the urgency of war, the issuance of physical ID cards with sophisticated chips was not feasible.

“The project’s main focus was the development of the technical and legal aspects of digital identity, with a focus on aligning them with the EU requirements,” says Mr Kozlov.

“The Ukrainian electronic identity system is quite unique. It takes into account that many people may have their ID cards lost, damaged, or stolen. Ukrainians can still log in to the Diia ecosystem and create a digital ID based on the registry data. Everyone who has had an ID card or biometric passport issued previously can use their biometric data to prove they are actually the person they claim to be.”

Also, EU4DigitalUA project supported developing a digital signature for the Diia ecosystem. What makes it special is the opportunity to use it on mobile phones, which Ukrainians predominantly use to access digital services. The user interface and the logic are otherwise similar to Estonian Smart-ID. Interestingly, in Ukraine, you must also confirm the signature using biometrics. This includes a liveness check where a person is asked to do random small movements, such as opening and closing the eyes or smiling. A sad necessity for a country in war.

“Mission Impossible” – proofing of digital systems

The project DT4EU, with which Mr Kozlov and Dr Burba have been engaged since 2022, aims to further integrate the already advanced Ukrainian digital ID and signature systems with the EU. This is a crucial step on the road to becoming the next member state of the European Union.

“Although Ukraine has its internal standards, now we must demonstrate how these standards are implemented and how secure they are. This involves self-assessment and auditing by third parties,” says Mr Kozlov.

“For example, we are putting our biometric identification under pressure. We use advanced sensors, such as 58 DSLR cameras, that take hundreds of pictures and turn them into a 3D model to create a “digital person” for the attackers.

“And then we even created a high-quality 3D-printed silicone mask that mimics and has eye movement capacity. It’s stuff you would usually see in Mission Impossible movies. We are trying to make sure that our liveness tests are bulletproof.”

The project also involves auditing the entire information management system and Diia’s overall system based on EU standards.

Several further developments are also in the project. One pressing challenge is providing a functioning digital legal representation and document validation system. “This is like DigiDoc4 in Estonia—only in Ukraine. We are working on an easy user interface that can also be used on a mobile phone. These would also be EU-compatible to validate signatures and documents from all EU member states,” explains Kozlov.

Jumping on the moving train of EIDAS 2.0

As Europe advances with updates in EIDAS regulation, Ukraine needs to catch this moving train.

“On the one hand, Diia already meets all the functionality of the proposed electronic identity wallet – we have eID, signature, driving license, and document sharing capabilities in Diia ecosystem,” says Dr Burba,

“But as usual, the devil is in the details. So, we are working on harmonising the technical and legal requirements with the still-developing EIDAS framework. So, just like other EU countries, in 2 years, we will have a fully functional and compatible wallet.”

“We see that Estonia can support us in EU integration,” says Mr Kozlov. Estonia may not be the largest member state of the EU, but it has a strong voice inside expert groups and diplomatic talks regarding digital identity. Estonian experts have been part of building the Ukrainian digital state. It is good to have someone on the inside to explain and ask the right questions.”

Interested in Ukraine’s lessons learned in preparing to enter the EU’s Digital Single Market? Join the e-Governance Conference on 22 – 23 May 2024! Explore more at egovconference.ee/.

Recouse: e-estonia