The use of the National Blockchain Infrastructure to support the E-Residency Initiative in Estonia

This article is based on insights gathered from an interview with Katrin VAGA, Head of International Public Relations for e-Residency, and Liina Suvi RISTOJA, Head of Estonian Public Relations for e-Residency.

Over the last decades, public administrations have marked significant steps towards building a more efficient, transparent and citizen-centric public sector with the aid of digital innovation. Since the 1990s Estonia began building a publicly owned digital infrastructure to support the country’s democratic transition and promote the national economic and social development by implementing a whole-of-government digitalisation approach. Today, almost every public service in Estonia is digitalised: the initiative, known as “e-Estonia”, includes all the public services, from digital identities (i.e., the e-Identity programme) and health registers (e.g., e-Health) to electronic voting (i.e., e-Governance), all now deployed in a fully digital format.

In 2007, Estonia was however subject to the largest organised cyberattack against a single country to date. In response, Estonia developed a blockchain-based technology designed to secure the whole national digital infrastructure from future attacks and breaches. The solution developed allowed the Estonian government to ensure the integrity of national data, as well as the accountability and authenticity of the information related to all the e-services provided by the Estonian public administration. Stronger digital infrastructure is able to protect the e-Estonia programme from data breaches and sudden failures of the systems, that can disrupt the flow of data such as financial transfers, email, etc. across public administrations. Such secure digital infrastructure is the basis for the implementation of safe and reliable public services for citizens and businesses, as in the case of the e-Residency programme.

To strengthen the public digital infrastructure, the Estonian Government and Guardtime began developing in 2008 the Keyless Signature Infrastructure (KSI) technology, a blockchain mechanism that allows to increase public administration’s data security and at the same time ensure the authenticity of information with time‑proof stamping. Given the levels of safety and scalability of the solution, the Estonian bureaucracy was able to achieve an almostfull digitalisation across all public services. Such solution has been deployed also outside Estonia by national governments and agencies (e.g., Dutch Judicial Information Service or in the United States Federal Agencies, among others). 

The development of the KSI blockchain-based technology by Guardtime significantly strengthened and expanded the scope of “e-Estonia”, that was initiated in the years following the country’s independence in 1991, by complementing the X-Road data-exchange platform and the national e-ID card systems that were launched in 2001 and 2002. Together, these technologies represent the country’s cybersecurity ecosystem and embody the 'security by design' principle.

The first application of KSI to a governmental service has been the Succession Registry, which was digitised through blockchain in 2012. Other relevant applications of the KSI blockchain technology encompass services such as health records, school management systems, identity verification like e-ID, taxation and property registries, as well as online voting mechanisms.

The functioning of the KSI blockchain mechanism is the same for each Estonian digital public service:

• Firstly, every public record (e.g., birth certificate, property title) is converted into a hash value: every document has a digital, encrypted version that cannot be altered, distinguished with another one, or “reverse-engineered” to obtain original information.

• Secondly, single hashes from all the different records in the system are combined together on the simple basis of when they are created, regardless of who generated them, and form a tree-shaped data encryption structure (a “Merkle tree”) with a base called “single root hash”. This shape allows efficient verification, since the presence of a specific record can be proven by checking the root. Also, it guarantees tamper evidence, since if only one hash is modified, also the root will change, because every element of the Merkle tree is built upon the previous hash values, and the root is the sum of every value of the tree.

• Thirdly, every root is added to the KSI blockchain overall Estonian public infrastructure, that runs through a network of secure nodes.

• Lastly, a KSI signature is generated for every record that is encrypted, which includes its hash value, the path to the Merkle root and the timestamp. Anyone can publicly verify the record’s integrity, without the need of private keys, by using the KSI signature in the public blockchain infrastructure.

E-Residency, one of the KSI use cases under the e-Estonia framework, was launched in 2014 with the goal of providing secure access to Estonia’s digital services to individuals from around the world. While it is open to anyone, the program primarily targets entrepreneurs, enabling them to start and run their business with public and private clients completely digitally and remotely. 

As stated by the e-Residency team, the government department responsible for the management and implementation of the e-Residency program, or, as they defined themselves, an “atypical governmental startup”, by setting up the program,

“Estonia was truly pioneering something that no other government had done before: offering state services in the form of e-governance to people outside its borders.”

The e-Residency provides access to all the Estonian digital services related to business entities and allows to complete online operations such as registering a company, signing documents, as well as paying corporate taxes and accessing a range of business banking and payment systems, without the need to travel to Estonia. The application process is the same for EU citizens and non-EU ones, it does not grant any citizenship or residency in the traditional way, and it is not a travel document. 

E-Residents, whose ID is secured through a KSI blockchain-based, can rely on the safety and interoperability of all the e-services provided by the Estonian government, making the public services for businesses safe and fast. In fact, their documents’ digital version is stored in a KSI-based decentralised database that runs through the governmental nodes, allowing quick verification of information. Additionally, it also provides a further layer of security through biometric verification (digital fingerprint), strengthening the perception of legal and operational security for foreign investors establishing businesses in Estonia.

E-Residency and Estonia’s KSI-based e-services offers a wide range of benefits, especially:

• Ensure efficient, scalable and future proof business processes. Building on pre-existing Estonia’s digital infrastructure, the e-Residency programme is inherently interoperable with all the other e-Government services, such as e-Banking or e-Tax. Businesses benefit from a cohesive digital ecosystem that fastens business operations, thanks to a reduced administrative burden. Moreover, because interoperability allows new services to be added quickly to the ecosystem without breaking compatibility, organisations benefit from continuous innovation.

• Allow global accessibility to the Estonian and European business environment. The KSI-based system allows the e-Residency programme to provide applicants with high standards for data security and integrity, safeguarding sensitive information and ensuring trust in digital transactions. Moreover, it opens the door for borderless business creation and operation, giving the possibility

• Enhance Estonia’s international recognition in the business sector. By offering a government-issued identity to businesspeople coming from more than 180 different countries, the e-Residency program has been recognised as a pioneering cross-border digital identity framework. Besides having a considerable direct impact on the Estonian economy, by sharing the country’s technologically innovative capabilities, it also improves its reputation and influence on the global scale.

As it was highlighted by the project members, some future improvements can be identified: 

• Barrier-free access to the e-Residency biometric verification. The current reliance on a limited number of physical biometric verification points (approximately 50, primarily at Estonian consulates) creates a geographical barrier for many potential e-residents. It is a challenge to adopt new technologies like remote biometrics, while maintaining at the same time state-level security.

• External trust toward the e-governance systems. Estonia started its digital transformation by ensuring widespread access to the internet and digital literacy among the whole population. Globally, however, awareness and maturity around digital governance vary widely and might affect the level of trust towards this e-government service.

The e-Residency program’s functioning relies on decisions coming from several and diverse institutional bodies, such as ministries, police departments, and compliance agencies. Therefore, in order to produce an outcome that satisfies these different actors, the e-Residency Team needs to operate a synthesis of the varied inputs. While this supports inclusivity and provides a broader scope of action to the program, specific improvements to e-Residency are often subject to wider governmental decisions, which could affect the pace of such changes.

Useful links:

• E-Residency’s website: https://www.e-resident.gov.ee/

• KSI Blockchain description and its applications: https://e-estonia.com/solutions/cyber-security/ksi-blockchain/

Project contact: 

• Katrin Vaga, Head of International Public Relations, Katrin.Vaga@eis.ee.

• Liina Suvi Ristoja, Head of Estonian Public Relations, Liina.Ristoja@eis.ee.