Digital ID the Estonian way: what the UK can learn about freedom over surveillance

In our latest interview, Andres Raieste, Senior Vice President and Global Head of Public Sector at Nortal, explains how Estonia’s democratic mindset and public–private collaboration have shaped one of the world’s most trusted digital identity systems.

 

Raieste, who leads Nortal’s global public sector strategy and advises governments across Europe, North America, and the Middle East, says the key difference lies in intent: democracies use technology to empower citizens, not to control them. He shares lessons for the UK on building trust, ensuring interoperability, and communicating digital identity as a tool for public value and freedom, not surveillance.

There is a fundamental difference we observe between democratic and authoritarian societies in their adoption of technology. Democratic societies tend to adopt technology for the benefit of their citizens, which creates trust. If we want to build a high-trust democratic society, we must view technologies such as digital ID as enablers of public value, rather than as control mechanisms. In Estonia, digital ID was adopted primarily to provide efficiency, and this approach created both trust and uptake. Without that mindset, I don’t think we’d have a digital society like we have today in Estonia.

For nationwide adoption, trust in the solutions on the market is key, whether provided by the government or the private sector. Digital identity must, in essence, be so secure and trusted that it is more secure than a paper passport or handwritten signature equivalent. National regulations are needed to ensure that the various digital identity and signature mechanisms available in the market are legitimate, qualified, and auditable. Because the digital identity topic involves a significant amount of computer science, cryptography, standards, and regulations, specialised organisations with expertise in these areas are needed to qualify such solutions. If done well, this creates a transparent chain of trust for the public. As confidence grows over time, digital identity can also be considered for highly sensitive processes, such as parliamentary elections. In Estonia, i-Voting has now achieved more than 50% uptake and is often considered the best example of the security and trust in digital public infrastructure.

Sharing information is crucial for delivering better public services and enhancing efficiency. Still, the UK and really any other country is right to be fearful or sceptical of the centralisation of information. Strong checks and balances ensure the balance of trust in a democracy, meaning a government authority should only have access to information that is necessary for it to fulfil its mission. Centralisation of too much information provides means and incentives to stray from that mission, eventually eroding public trust. We must remember that “digital government = government,” meaning that if we create a centralised digital government, we also risk ending up with a centralised government. The “democratic way” of sharing information for public value is through strong and regulated checks and balances (which government authority can access to which information and what they can do with it) and a digital public infrastructure that allows it to do so securely and transparently, so it can be audited to ensure that this trust has not been compromised. This is also the approach Estonia took, by strongly regulating which government authority can collect or access what information for what purpose, and then providing means to do so through its digital public infrastructure, such as X-Road for data sharing and various interoperable identity solutions for both public and private sectors. I think the key lesson to learn from Estonia is that there is no need to compromise strong democratic safeguards or trust in pursuit of efficiency – it just requires the right mindset.

In global comparison, the UK has strong and modern procurement regulations and approaches. From a collaborative perspective, a good practice in Estonia (and perhaps further in the Nordic region) is the application of public-private partnerships to government technology programs. Generally, a strong, local, interoperable ecosystem is preferred over a top-down, single solution. This is particularly true for the digital public infrastructure, which has been developed in collaboration with the private sector and academia. For example, in the case of digital identity, there is a government-owned identity mechanism utilising a national ID card. Then there is an app-based private sector identity provision mechanism (Smart ID). These solutions are all interoperable due to the same standards, and as a result, anyone can provide more cost-effective or innovative solutions. This creates a free market, which ultimately drives down the cost of transactions and ensures that solutions are secure and modern. So, the government’s role is primarily to ensure an interoperable and secure ecosystem and get the private sector to compete for the best solutions rather than to provide a top-down single solution – in essence, a “whole-of-society” approach.

Communications is the key here to drive uptake. When Estonia adopted a mandatory ID card, the entire communications was generally very “for the citizen value” centric, instead of enforcement centric. Back then, a law was adopted that required every government authority to accept digitally signed documents and may not require a paper copy, for the benefit of citizens, who no longer need to make a physical visit. The entire narrative was around the idea that “citizens deserve a better way”. Meaning that a narrative such as “Elderly or vulnerable citizens can now apply instantly to government benefits, saving time and cost”, is much better than “we now have better means to check for fraud”. It really makes a difference, and you can see in different societies how communication narrative makes or breaks it.

First, it’s essential to recognise that government services are not the most frequently used by citizens. Yes, it’s essential that you can pay taxes easily and receive social benefits and register/manage your company online for the benefit of the public and the economy, but citizens’ daily interactions are paying utility bills, bank transfers, getting a prescription, looking up children’s grades at school etc. These services should be easily accessible online, and the government, in providing digital identity solutions and standards, should work with the parties with which citizens primarily interact. This is also the experience from Estonia and some other Nordic countries. In Estonia, banks and telecommunications companies initially began cooperating with the government to provide citizens with better and more secure means to pay bills and conduct online banking. Therefore, it was crucial to capture citizens’ full daily interactions online, not just from the government. Today, for example, government-issued ID cards are also used by many retailers as their loyalty cards. Only this broad collaboration and ecosystem approach has created a “digital society” where everything can be done online, driving significant efficiency.

Looking ahead, I think living in a world where you often cannot believe your eyes or what you read on the internet due to fake AI-generated content, digital identity may be one way to create a somewhat more trusted information space and chain of trust. Maybe – we don’t know yet.