Der Staat auf dem Smartphone mit der Bürger-App

Verwaltung der Zukunft: Estonia is often seen as a pioneer in digital government. What strategic goals did the government pursue when launching the Eesti app, and what problem was it primarily meant to solve for citizens? 

Kai Kallas: The main strategic goal behind the Eesti app was to bring public services closer to people’s everyday lives by making them accessible through the device people use most: their phone. Estonia already had a strong digital government ecosystem, but many services were still spread across different portals and websites. From a citizen’s perspective, that could make the digital state feel fragmented, even if the services themselves were already online. 

The Eesti app was created to solve that problem. It brings together close to 50 public services in one mobile environment, reducing the need to move between different systems and making interaction with the state simpler, faster, and more intuitive. 

Today, the app has already been downloaded by more than 208,000 users, and one of its key everyday values is also the ability to receive national hazard notifications directly to the phone. This makes the app not only convenient, but also relevant in critical situations. 

At a broader level, the launch of the app reflects a clear strategic shift: the state must move to where the user already is. People already use mobile apps every day for banking, shopping, transport, and communication, so it is only natural that the state should also provide a secure and convenient mobile channel for public services. 

VdZ: How does the Eesti app fit into Estonia’s broader digital government ecosystem, including services such as digital identity and national data infrastructure? 

Kallas: The Eesti app is not a separate digital state. It is a mobile extension of Estonia’s broader digital government ecosystem. It builds on the same foundations that support Estonian e-government more generally: trusted digital identity, secure data exchange, and interoperable public information systems. 

Users access the app through established identity solutions such as Mobile-ID, Smart-ID and EU eID. That means the app is embedded in the same trusted identity framework that people already use for other public and private digital services. 

At the data level, the app relies on Estonia’s secure national data exchange layer, X-tee. All data queries are carried out through X-tee, which is a core part of the Estonian digital state. This is important because it means the app does not create a separate data silo. Instead, it acts as a secure user-facing layer on top of existing public systems and registers. 

In that sense, the Eesti app fits naturally into Estonia’s digital government model: digital identity provides secure access, X-tee enables trusted data exchange, and the app makes those services easier to use in a mobile-first way. 

VdZ: Which institutions were responsible for developing and operating the Eesti app, and how did you coordinate between different ministries and agencies? 

Kallas: The Eesti app is developed and continuously improved by the Estonian Information System Authority, RIA. RIA is responsible for creating and operating the national mobile application as part of its broader role in developing and maintaining key digital government services. 

In practice, however, an app like this can only work through close cooperation across the public sector. RIA is responsible for the central application, shared functionality, and overall user experience, but many of the services presented in the app are connected to other ministries, agencies and public institutions that own the underlying data or service processes. 

That means coordination has taken place on several levels. There is technical coordination to ensure interoperability between systems, but also organizational and legal coordination to align responsibilities, service design, data use, communication, and user expectations. 

VdZ: What are the key architectural principles behind the Eesti app, particularly regarding interoperability with different public sector systems? 

Kallas: The Eesti app is designed as the central mobile digital gateway of the Estonian state, following the same principle as eesti.ee as the one access point to all public services. Architecturally, it functions as a unified access layer, not a standalone system. It brings services together in a single mobile environment, while the underlying data and service logic remain within the responsible public sector systems. 

A core principle is interoperability by design. The app connects to different public sector information systems via the national data exchange layer X-Road, which provides a standardized, secure way for institutions to exchange data and expose services. This ensures that each authority and system remains autonomous, yet their services can be seamlessly integrated into the app. 

Another key principle is the use of real-time data queries instead of maintaining a separate application database. The app does not store or duplicate data but retrieves it from source systems when needed. This supports up-to-date service delivery and enables users to access services anytime and anywhere directly from their mobile device. 

VdZ: Citizen trust is crucial for digital public services. What measures were important to encourage citizens to adopt the app and trust it with sensitive data? 

Kallas: Trust starts with security and transparency, and these are fundamental principles in Estonia’s digital government. The same approach applies to the Eesti app. From the beginning, the app has been designed not as a new or separate system, but as a secure channel for accessing and presenting data that already exists in official state systems. In the case of the Eesti app, citizens are not being asked to trust an unknown platform. They are using a national application built on the same trusted foundations as the rest of Estonia’s digital state. 

Access to the app is based on strong authentication. Users log in using Mobile-ID, Smart-ID or EU eID, which ensures that only the rightful user can access their data. In addition, the app offers extra protection through device-level security options such as a PIN code, biometric authentication, or both. 

All data queries are carried out securely through Estonia’s national data exchange layer, X-Road. This means the app does not retrieve data directly from databases but uses a controlled and secure infrastructure that ensures authentication, encryption, and traceability of all data exchanges. 

We have also implemented practical safeguards to reduce misuse risks. For example, it is not possible to take screenshots in the app, which helps prevent visual copying or manipulation of sensitive personal data. 

The identity verification function itself has been designed to be secure for both users and service providers. Verification is only possible via a temporary QR code, which allows the service provider to reliably compare the person in front of them with authentic document data. This ensures that the data is both accurate and linked to the correct individual. 

Finally, trust is also built through transparency and gradual adoption. The solution is voluntary for both users and service providers, giving people time to get used to it in real-life situations. As with earlier digital solutions in Estonia, trust grows over time through everyday use. 

VdZ: What were the biggest challenges during development and rollout of the app – technically, institutionally, or politically? 

Kallas: The main challenge was that this was never just a technology project. It involved technical, institutional, and legal dimensions at the same time. 

From the user’s point of view, the goal is simple: bring services together in one place on the phone. But in practice, doing that means integrating services, systems, and responsibilities across many institutions into one coherent mobile experience. 

A particularly important challenge around the identity verification feature was the legal framework. The technical readiness for the functionality existed earlier, but the rollout still depended on the necessary legal changes. That is often the reality in digital government: technology can be ready before legislation catches up. 

Another challenge is adoption. The identity verification feature is voluntary for service providers, so its practical reach depends on how many organizations decide to implement it in their own workflows. That means rollout is gradual by design. The value of the solution grows as more service providers adopt it. 

There is also an important communication challenge. It is essential to keep the distinction clear between actual identity verification and other, lighter use cases. Only QR-code-based verification allows a service provider to reliably compare the person in front of them with authentic document data. Displaying document data on screen or presenting a barcode may be useful in some situations, but that is different from identity verification.

VdZ: Germany is currently discussing the idea of a nationwide citizen app. Based on Estonia’s experience, what advice would you give to governments starting such a project today? 

Kallas: The first piece of advice would be not to think of this as just an app project. In reality, it is a governance, interoperability, and trust project with a mobile interface. The app is only the visible part. What matters most is the foundation underneath: digital identity, secure data exchange, legal clarity, and clearly defined institutional responsibilities. 

Second, start with real user needs. People do not adopt a government app because it is technologically impressive. They adopt it because it solves everyday problems. In Estonia’s case, the value comes from making useful services easier to access in one place and making interaction with the state more natural on mobile.  

For example, if someone goes to a pharmacy to pick up prescription medicine but has left their wallet at home, they can use the Eesti app to securely present their document data and prove their identity. These are simple, real-life situations where convenience matters. When people experience that kind of everyday value, adoption follows naturally. 

And finally, be patient. Adoption takes time on both sides. Citizens need time to build habits, and service providers need time to integrate new workflows. The more organizations join, the more valuable the solution becomes in everyday life.