Secure data exchange with X-Road “one of the best things in GovTech in years”

Ville Sirviö – chief executive of the Nordic Institute for Interoperability Solutions (NIIS) 

Estonia employs a data exchange solution that is championed for both its security and its cohesion.

Its ability to unify multiple public bodies towards a far more interconnected leadership effort is “one of the best things in GovTech” the CEO of the organisation overseeing its development has said.

The open source software is called X-Road, and it’s just over twenty years old. It was launched in Estonia in 2001, during a busy period in the country’s journey to become one of Europe’s most tech-proficient nations.

The primary goal is to enable organisations to exchange data with each other in a way that’s safe, that respects GDPR, and that produces a streamlined public development effort.

The data exchange capabilities it provides are “simpler and more unified,” according to Ville Sirviö, chief executive of the Nordic Institute for Interoperability Solutions (NIIS) – a non-profit set up exclusively to continue the development of the initiative.

“X-Road is an ecosystem solution in the background,” he said. “Unlike what some people have thought, it’s not for individual citizens to use digital services. Instead, it’s a tech solution working in between the information systems, so it provides a secure and unified data exchange for them.”

Inside X-Road

Those behind X-Road regularly describe the initiative as an “ecosystem.” At the back end, it is quite a complex network of interlocking capabilities, but at the front end, the main output is trusted and secure data, feeding multiple organisations at the same time.

Within that ecosystem is information that can be used by a vast array of government departments and private companies. Transport, energy, business registries, healthcare, libraries, social services, academic registries, tax departments, bank, vehicle registration offices – the list goes on.

X-Road processes this information while allowing users to carefully follow the “once-only principle” – the e-government concept that if a citizen or business needs to submit information to government authorities, they should only need to do so once. From there, they can be safe in the knowledge that this information will be shared only when necessary and through secure channels.

This enables a new kind of pre-emptive action for public bodies, because such a seamless exchange of information gives them the clearest picture possible of what’s going on, and enables governments to plan ahead.

“For example, when a child is born, there could be another information system, listening to the register of births,” Sirviö explained.

“From there, the focus can turn to new services, like finding a place for childcare, ensuring a place in kindergarten, beginning preparations for that person’s healthcare or social care needs, whatever might be needed.”

He described this way of working as “life-event-based proactive services,” – that is already a reality in some countries, including Estonia where it has “thrived.”

“I think proactive life-event based services are one of the best things that has happened in GovTech for years,” Sirviö said.

The tech fuelling unity and security

X-Road’s architecture links service “consumers” and “providers.” In any given data transaction, consumers are requesting the information, and providers release it to them securely.

X-Road’s member organisations can be “consumers” or “providers” or both, depending on the circumstances, but the system maintains a strict onboarding process to determine which organisations can become members of its platform. 

Once in, they are linked together through a “Security Server”, described as the “access point” to the X-Road ecosystem. The server does much of the heavy digital lifting, managing data requests, establishing trust, time-stamping, and logging.

Each server can host one or multiple organisations’ at the same time. X-Road’s “Central Services” which keeps records of all ecosystem members, certification authorities, time-stamping authorities, and configuration parameters.

The ecosystem fits well in a digitally advanced country like Estonia, Sirviö said – given the country’s established reputation in the technology sector since re-gaining independence in the early 90s.

“It’s maybe 95% of society – and the different organisations within society – that are covered by X-Road,” he said. “So when they [the Estonian government] start building a new digital service, it’s very easy when the organisations are already connected into the X-Road ecosystem.”

“They don’t have to build new point-to-point integrations every time. It’s one of the key benefits.”

X-Road and GDPR

Such a thorough sharing of information between public bodies may, to some, raise questions of data protection. This is particularly true in a European context. The EU is arguably the most ambitious jurisdiction on earth when it comes to safeguarding the right to data privacy.

So how does X-Road fit into all of that?

“The idea behind X-Road is that data always belongs to its normal legal owner,” Sirviö stressed. “And it is the organisation which has the legal basis for being the “handler” of that data.”

X-Road – Sirviö described – did not and would never require for data to be sharedbetween organisations by storing it in one centralised location. One organisation would never send a piece of information to a central hub or broker, that could then be stored, passed on, go out of date, or potentially fall victim to a cyber-attack.

Rather the system allows the data to be “read directly from the owner,” where necessary. It opens a window for the consumer, to securely read specific information for a set purpose, and then close that window again.

The expansion of X-Road?

X-Road began exclusively as an Estonian project. Over time, it has amassed enough interest from Finland and Iceland to become their national data exchange solution and a subject of cross-border cooperation.

This is why the NIIS was brought into existence; to foster the development of X-Road on an international level. Currently, X-Road is in operation in more than 20 countries worldwide, but many of the deployments are outside Europe, which leaves room for improvement, Sirviö suggested.

The reason for this lies in the pursuit of open-source software – such as X-Road.

European governments are too focused on the idea that if they are to develop a new tech initiative, it must be published as open source, he indicated. 

“Every government is talking about open source,” he said. “And all of this discussion is only related to publishing and sharing – not reusing, which would be the more important thing.”

“What is happening right now in most of the European countries is that they have been, and still are, building their own solutions without looking the market for existing ones.”

“There’s plenty of talk about open source, plenty of talk about how sharing is caring, but in the end, it’s about reusing the open-source solutions, and the governments aren’t very good at doing it yet.”

Sirviö stressed that the countries which have adopted X-Road have shown demonstratable success, showcasing the value of collaboration across international borders.

“This global community is working on open-source, discussing X-Road, and supporting its development,” he said. “It’s a big resource for us, to have lots of people around the world, sharing their opinions, experiences and knowledge. So I think that’s one of the most wonderful things in open-source software.”

Together, he said, the NIIS member countries have been focusing on topics like software sustainability.

“We have a goal of making X-Road the most sustainable product available for digital government data exchange.”


More Posts

Send Us A Message

© Univmedia Ltd

t/a Universal Media
360 North Circular Road, Phibsborough, Dublin 7

© Univmedia Ltd

t/a Universal Media
360 North Circular Road, Phibsborough, Dublin 7