Estonia may perhaps be the earliest adopter of distributed ledger technology at a governmental level. As early as 2007, even before the publication of the Bitcoin white paper, the Estonian government was already testing blockchain applications as part of a resolution to be resilient to outsider cyberattacks. e-Estonia, a government policy to facilitate citizen interactions with the state through the use of electronic solutions, has been testing and implementing blockchain in relation to public services for many years. So much so that blockchain is has been tested across a wide range of government services and data registries, such as the national health, judicial, legislative, security and commercial code systems, with plans to extend its use to other spheres such as personal medicine, cyber-security and data embassies. The Estonian government has harnessed the power of blockchain, which, by the very way it functions, is helping to save millions of lives and resources, while mitigating the potential manipulation of sensitive data (such as health data, intelligence information, legislation-related records, etc.) or smart devices (such as military machinery, hospital equipment, intelligent cars etc.).
X-Road and KSI Blockchain
While not based on blockchain technology, key to Estonia’s highly sophisticated digital infrastructure is the ‘X-Road’, an open-source platform upon which the country’s entire digital infrastructure runs. First put into practice in 2001, it allows the nation’s various public and private sector e-service information systems to link up and function in harmony. Estonia’s e-solution environment includes a full range of services for the general public, and since each service has its own information system, they are all able to use the common infrastructure of X-Road. To ensure secure transfers, all outgoing data from X-Road is digitally signed and encrypted, and all incoming data is authenticated and logged. X-Road connects different information systems that may include a variety of services. It has developed into a tool that can also write to multiple information systems, transmit large data sets and perform searches across several information systems simultaneously. X-Road was designed with growth in mind, so it can be scaled up as new e-services and new platforms come online (26).
Complementing the X-Road is KSI, a blockchain technology designed in Estonia in 2007, that provides high-speed, real-time authentication for all the world’s networked digital assets. In Estonia, KSI is used for independent verification of all government processes and protecting e-governance services offered to the public. In other words, with KSI Blockchain deployed in Estonian government networks, history cannot be rewritten by anybody and the authenticity of the electronic data can be mathematically proven. It means that no-one, not hackers, not system administrators, and not even government itself, can manipulate the data and get away with it. This protects Estonian e-services such as the e-Health Record, e-Prescription database, e-Law and e-Court systems, e-Police data, e-Banking, e-Business Register and e-Land Registry.
A revolutionary domestic use-case for blockchain is in Estonia’s health sector. In order to keep health information completely secure and at the same time accessible to authorised individuals, the electronic ID-card system used by the Estonian e-Health Record uses blockchain technology to ensure data integrity and mitigate internal threats to the data. In this way every occurrence of data use and misuse is detectable and major damages to a person’s health can be prevented (such as the wrong medicine or the wrong dose).
Cryptocurrency and ICOs
As far as cryptocurrencies and Initial Coin Offerings (ICOs) are concerned, Estonia’s regulatory framework suggests a relatively supportive approach to such business models. While there is no ICO-specific regulation in Estonia, tokens may be considered securities, depending on their design and scope of issue. In assessing whether or not securities laws apply, the Estonian Financial Supervision Authority (EFSA) states that substance should be considered over form. ICOs may also be governed by the Credit Institutions Act if they are akin to loans. Every ICO is unique and should be assessed on its own characteristics i.e. on a case-by-case basis.
Further, trading cryptocurrencies as a business activity corresponds to services of alternative means of payment following a judgement of the Estonian Supreme Court. This means that they are regulated by the Anti-Money Laundering Act and Terrorism Finance Act and in order to operate in cryptocurrency exchange, an applicant must obtain an authorisation (known as a Provider of Alternatives Means of Payments) from the Financial Intelligence Unit. As the Act does not specify which type of blockchain technology would be considered a ‘virtual currency’, ICO tokens that bear a value can be classified as a virtual currency. Exchange of fiat currencies into ICO tokens therefore can be at least partially covered by the Anti-Money Laundering Act and Terrorism Finance Act.
Interview with Siim Sikkut, Government CIO of Estonia
Has Estonia introduced any specific regulations or initiatives to deal with blockchain/DLT?
We have not considered regulatory initiatives necessary to deal with blockchain. This is because we have not seen a use of blockchain in the public sector that warrants regulation. If we look at some specific uses of blockchain, such as cryptocurrencies, then of course there are some regulatory concerns and requirements, but not in the public sector. We are not addressing blockchain as a specific niche. Any blockchain companies are welcome just like any other tech-based businesses, and this does not require specific regulation.
Is there one particular Estonian minister appointed to lead on this issue? Would that be a good idea?
No, there is no specific Estonian minister. The way we work in terms of the public sector is each Ministry has a mandate to improve the technology within their own Department. There is no specific Department to lead on this issue.
Wider adoption / Use cases
Which specific use cases/applications are being implemented in Estonia’s public sector? What benefits have been seen so far, if any?
We have been relying on blockchain-based technologies for specific uses in Estonia, such as to make sure that the core data processed between vendors, consumers and the government has not been tampered with. Any databases that handles sensitive data, such as health records, can be complemented by this technology indirectly in order to ensure secure use. We have not actually used blockchain to directly store any data but we can employ it to ensure more data integrity.
Do you see any major political or ethical challenges preventing wider adoption?
For us, the challenge with blockchain adoption is technology agnostic i.e. remaining constantly on the lookout for the potential use cases and benefits of blockchain application. It is about asking ourselves at what point it makes sense to move from a traditional data infrastructure to this new system. Beyond experimentation, we have not seen enough that justifies switching to blockchain.
‘The challenge really is assessing the use cases that merit the use of blockchain’
Data integrity is certainly a major blockchain use that Estonia is looking into. But beyond this, we remain agnostic. There must always be an economic rationale behind using the technology. As far as ethical concerns, such as the handling of personal data on distributed ledgers, there are ways to solve this from a technical point of view, such as with private blockchains.
What is the plan in the short to medium term (next 5 years)?
Five years is too long on the horizon from our point of view. We are looking at the next 3 years, which in terms of blockchain means being on the lookout and ready to experiment. We have been looking at testing different types of blockchain in certain areas, such as real estate. Blockchain is in fact not our priority when it comes to new technologies. As we have limited resources, we are putting more focus into other areas, such as artificial intelligence. This is because we see clearer use cases for applying these. If future experiments are successful, we will certainly put more resources towards the blockchain space.
Relation with other countries
What lessons or transferable experiences can you share to help other countries follow your lead?
While our experiences in the blockchain space are limited, we at this stage believe data integrity is a key area where blockchain experimentation should focus, as we see a lot of potential there. We do not have much experience beyond this. However, what sets us apart from other jurisdictions is that we have been assessing these new technologies for longer. We therefore have had more time for trial and error. Secondly, Estonia has had a very pragmatic approach to the digitalisation of our society and making a lasting change rather than simply trying out a few projects. This means actually assessing at how to scale technologies and enforce good practice across the public sector. Finally, partially through luck and partially through strategy, I would argue we have some of the strongest technical foundations for government services, such as the national identity system and the X-Road.
Our government services actually function and bring value to citizens, which is key for a successful digital public sector.