Internet freedom is generally robust in Estonia, a consolidated democracy and European Union (EU) Member State widely known for its pioneering approach to e-government. Protections for user rights and media freedom are strong, as the Estonian government places few limits on online content. However, a number of Russian websites remained blocked during the coverage period in response to EU sanctions. Cyberattacks that targeted governmental websites generally had limited impact, in part due to countermeasures taken by Estonian cybersecurity officials.
Estonia’s democratic institutions are generally strong, and both political rights and civil liberties are widely respected. However, about five percent of the population remains stateless and cannot participate in national elections. Far-right and Eurosceptic forces have become increasingly vocal in Estonian politics in recent years.
- The availability of fifth-generation (5G) mobile service expanded as the government continued to make infrastructural and connectivity investments under Estonia’s Recovery and Resilience Plan (RRP), though concerns about the affordability of faster internet service packages persisted (see A1 and A2).
- Amid ongoing efforts to counteract pro-Kremlin disinformation, Estonian authorities continued to block a number of Russian media outlets in line with EU sanctions (see B1 and B5).
- Following parliamentary elections in March 2023, the new coalition government drafted a proposal to implement stronger penalties for hate speech. It remained pending at the end of the coverage period (see C2).
- Estonian government agencies continued to suffer cyberattacks following Russia’s invasion of Ukraine, though cybersecurity measures helped to limit the impact of the attacks (see C8).
|Do infrastructural limitations restrict access to the internet or the speed and quality of internet connections?||6.006 6.006|
In general, there are no infrastructural limitations to internet access in Estonia. According to data from Statistics Estonia, the state statistics agency, 93.2 percent of households had internet connections in 2023.1 According to the EU’s Digital Economy and Society Index (DESI), 83 percent of households had fixed-line broadband connections in 2021, above the EU average, while mobile broadband penetration reached 87 percent, in line with the EU average.2
Internet speeds are reliable in Estonia. According to Ookla’s Speedtest Global Index, the median fixed-line broadband download speed stood at 71.64 megabits per second (Mbps) in May 2023, while the median mobile download speed stood at 82.80 Mbps.3
The government continues to enhance information and communication technology (ICT) infrastructure. The Estonian RRP allotted €24.3 million ($25.2 million) to launching very high-capacity networks (VHCNs) in rural areas. These funds are part of a €208 million ($215.5 million) investment project to improve ICT services between 2021 and 2026.4
Public Wi-Fi connections are commonplace,5 including at cafés, hotels, hospitals, schools, and gas stations.6 According to Economist Impact’s 2022 Inclusive Internet Index, third-generation (3G) mobile networks cover 100 percent of Estonia’s population, while fourth-generation (4G) mobile networks cover 99 percent.7 The distribution of radio frequencies for 5G mobile services was launched at a public auction after the Electronic Communications Act was passed by the parliament in November 2021 (see A4).8 In 2019, the government had adopted a “5G Roadmap” which envisioned the commercial rollout of 5G services in cities by 20239 —an objective that was met during the coverage period, as service providers Telia, Elisa, and Tele2 began to provide 5G networks in Tallinn and elsewhere.10
- 1“Information and communication technologies: Share of households with internet connection,” Statistics Estonia, accessed September 2023, https://www.stat.ee/en/find-statistics/statistics-theme/technology-inno….
- 2European Commission, “Estonia in the Digital Economy and Society Index: 2022 publications,” https://digital-strategy.ec.europa.eu/en/policies/desi-estonia.
- 3“Speedtest Global Index: Estonia Median Country Speeds August 2023,” Speedtest, accessed September 2023, https://www.speedtest.net/global-index/Estonia.
- 4European Commission, “Estonia in the Digital Economy and Society Index: 2022 publications,” https://digital-strategy.ec.europa.eu/en/policies/desi-estonia.
- 5The Consumer Protection and Technical Regulatory Authority, “Estonian communication coverage application,” accessed September 29, 2020, www.netikaart.ee.?
- 6“Eesti turvalised õrgud,” Public Wi-Fi Hotspot database in Estonia, accessed October 2016, https://web.archive.org/web/20161013201941/http://wifi.ee/.
- 7Economist Impact “The Inclusive Internet Index 2022,” accessed August 2022, https://theinclusiveinternet.eiu.com/explore/countries/EE/performance/i….
- 8“Second 5G license auction in Estonia starts Friday, “ ERR News, June 10, 2022, https://news.err.ee/1608625831/second-5g-license-auction-in-estonia-sta…; “Estonia revises 5G sale to include fourth licence,” TeleGeography, June 4, 2020, https://www.commsupdate.com/articles/2020/06/04/estonia-revises-5g-sale….
- 9“Eesti 5G Teekaart Aastani 2025,” Ministry of Economic Affairs and Communications, March 2019, https://www.mkm.ee/sites/default/files/eesti_5g_teekaart.pdf.
- 10“Initially patchy 5G network expanding rapidly,“ ERR News, November 19, 2022, https://news.err.ee/1608794161/initially-patchy-5g-estonian-network-exp….
|Is access to the internet prohibitively expensive or beyond the reach of certain segments of the population for geographical, social, or other reasons?||3.003 3.003|
There are no significant digital divides in the country. According to DESI, Estonia has one of the highest shares (89 percent) of e-government users in Europe, and scores 92 out of 100 points for digital public services for citizens, meaning that almost all public services have been digitized.1
In general, internet connections are affordable, though some concerns persist. During the coverage period, Estonia’s leading service providers responded to high inflation and other rising costs by implementing price increases for customers and discontinuing some cheaper service packages.2 A variety of packages offering internet connections are available at low prices, while very high-speed connections are available at somewhat higher prices. In 2022, the International Telecommunication Union (ITU) put the cost of a monthly fixed-line broadband subscription at 0.84 percent of the gross national income (GNI) per capita, while 2 gigabytes (GB) of mobile data cost 0.21 percent of the GNI per capita.3 According to the World Bank, Estonia’s GNI per capita was $27,640 as of 2022.4
According to DESI, prices for fixed-line and mobile broadband plans in Estonia are near the EU average.5 However, the pricing policies of Telia, the leading service provider, have been criticized in the media. Telia offers connections that exceed 100 Mbps, but at much higher prices than in neighboring countries where the company also operates.6 This has resulted in slower take-up of very high-speed fixed-line broadband services. As of 2021, VHCNs covered 73 percent of households, but only 20 percent of households had adopted very high-speed connections, which was well below the EU average of 41 percent.7 The Consumer Protection and Technical Regulatory Authority (TTJA), the telecommunications regulator, admits that broadband connections at the speed of 100 Mbps or more exceed the average European price range,8 and as of January 2023, was analyzing the reasons for these price discrepancies.9
There is no significant urban-rural digital divide. According to Statistics Estonia, 92.6 percent of households in urban areas had internet connections in 2022, while 92 percent of those in rural areas were connected.10
In 2022, slightly fewer men (91 percent) used the internet than women (92 percent), according to Statistics Estonia.11 There is a larger gap in usage in terms of age: 98.9 percent of 16-to-24-year-olds use the internet, while just 68.5 percent of 65-74-year-olds do, per 2022 figures.12
- 1European Commission, “Estonia in the Digital Economy and Society Index: 2022 publications,” https://digital-strategy.ec.europa.eu/en/policies/desi-estonia.
- 2“Telecoms firms in Estonia either hiking tariffs or considering doing so,“ ERR News, June 29, 2022, https://news.err.ee/1608643525/telecoms-firms-in-estonia-either-hiking-…; “Estonian telecom companies to raise prices from next year,” ERR, December 21, 2022, https://news.err.ee/1608833116/estonian-telecom-companies-to-raise-pric….
- 3International Telecommunications Union, “ICT Prices: historical data 2008-2022,” accessed May 2023, https://www.itu.int/en/ITU-D/Statistics/Pages/ICTprices/default.aspx.
- 4The World Bank, “GNI per capita, Atlas method (current US$),” accessed September 30, 2023, https://data.worldbank.org/indicator/NY.GNP.PCAP.CD.
- 5European Commission, “Estonia in the Digital Economy and Society Index: 2022 publications,” https://digital-strategy.ec.europa.eu/en/policies/desi-estonia.
- 6Mikk Salu, “Telia Eesti imeline internet: kuus korda aeglasem, aga see-eest poole kallim” [Telia Estonia’s wonderful internet: six times slower, but half as expensive],” Eesti Ekspress, May 27, 2020, https://ekspress.delfi.ee/kuum/telia-eesti-imeline-internet-kuus-korda-….
- 7European Commission, “Estonia in the Digital Economy and Society Index: 2022 publications,” https://digital-strategy.ec.europa.eu/en/policies/desi-estonia.
- 8Consumer Protection and Technical Regulatory Authority (TTJA), “Overview on telecommunications market in Estonia 2021” (in Estonian), https://www.konkurentsiamet.ee/sites/default/files/Dokumentide-failid/k….
- 9“TTJA uurib, miks Eestis on kiire internet nii kallis [TTJA to explore the prices for high-speed internet],” ERR News, January 19, 2023, https://www.err.ee/1608855638/ttja-uurib-miks-eestis-on-kiire-internet-….
- 10Statistics Estonia, “IT20: Households having a computer and internet connection at home by type of household and place of residence,” accessed May 2023, https://andmed.stat.ee/en/stat/majandus__infotehnoloogia__infotehnoloog….
- 11Statistics Estonia, “IT32: Computer and internet users aged 16-74 by group of individuals,” accessed May 2023, https://andmed.stat.ee/en/stat/majandus__infotehnoloogia__infotehnoloog….
- 12Statistics Estonia, “IT32: Computer and internet users aged 16-74 by group of individuals,” accessed May 2023, https://andmed.stat.ee/en/stat/majandus__infotehnoloogia__infotehnoloog….
|Does the government exercise technical or legal control over internet infrastructure for the purposes of restricting connectivity?||6.006 6.006|
The government does not exercise technical or legal control over the domestic internet, although the Cyber Security Act,1 which implemented the EU’s Network and Information System Directive,2 gives it limited powers to restrict the use of or access to information systems in the event of a cybersecurity incident. As an exceptional and temporary measure, the government can also restrict internet connections in “emergency situations”3 and “states of emergency,”4 though this would not necessarily entail a total shutdown of internet connections. There were no government-imposed restrictions or disruptions to connectivity during the coverage period.
- 1Riigi Teataja, “Cybersecurity Act,” May 9, 2018, https://www.riigiteataja.ee/en/eli/523052018003/consolide.
- 2“Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union,” European Union Law, 1–30, July 19, 2016, https://eur-lex.europa.eu/eli/dir/2016/1148/oj.
- 3Riigi Teataja, “Emergency Act,” February 8, 2017, https://www.riigiteataja.ee/en/eli/ee/513062017001/consolide.
- 4Riigi Teataja, “State of Emergency Act,” accessed September 29, 2020, https://www.riigiteataja.ee/en/eli/ee/530122013002/consolide.
|Are there legal, regulatory, or economic obstacles that restrict the diversity of service providers?||6.006 6.006|
There are no undue legal, regulatory, or economic restrictions on Estonia’s ICT market. The Electronic Communications Act aims to develop and promote a free market and fair competition in telecommunications services.1 Information society services, meaning economic or professional activities involving the processing, storing, or transmitting of information by electronic means upon a recipient’s request, are regulated by the Information Society Service Act (see B3).2
There are over 200 operators offering telecommunications services, including six mobile service providers and numerous internet service providers (ISPs) in Estonia. The ICT market is relatively diverse with no significantly dominant companies, and competition remains strong.3 Sweden’s Telia continues to be the largest fixed-broadband and mobile service provider in Estonia, according to its annual report.4
Legally, service providers are required to register with the TTJA. There is a registration fee depending on the service provided; the amount is regulated by the State Fees Act.5
The distribution of radio frequencies for 5G mobile services was launched at a public auction in May 2022 after the parliament passed the Electronic Communications Act in November 2021 (see A1).6 The act, which came into force in March 2022,7 bans the use of Huawei technology in Estonian networks and harmonizes consumer rights regulations.
- 1Riigi Teataja, “Electronic Communications Act,” December 12, 2004, https://www.riigiteataja.ee/en/eli/ee/Riigikogu/act/521082017008/consol….
- 2Riigi Teataja, “Information Society Services Act,” April 14, 2004, https://www.riigiteataja.ee/en/eli/504112013008/consolide.
- 3Karin Koppel, “Konkurents kiire internetiteenuse turul kasvab [Competition in the high-speed internet service market is growing],” ERR News, June 1, 2022, https://www.err.ee/1608616081/konkurents-kiire-internetiteenuse-turul-k….
- 4Telia Company, “2022 Annual and Sustainability Report,” 2022, p. 7, https://www.teliacompany.com/en/investors/annual-and-sustainability-rep….
- 5Riigi Teataja, “State Fees Act,” December 10, 2014, https://www.riigiteataja.ee/en/eli/507012020005/consolide.
- 6“Estonia to put three 5G frequency authorizations up for auction,” ERR News, December 16, 2021, https://news.err.ee/1608438140/estonia-to-put-three-5g-frequency-author….
- 7“Long-awaited 5G tender auctions begin Tuesday,” ERR News, May 3, 2022, https://news.err.ee/1608585583/long-awaited-5g-tender-auctions-begin-tu….
|Do national regulatory bodies that oversee service providers and digital technology fail to operate in a free, fair, and independent manner?||4.004 4.004|
The main regulatory bodies for the Estonian ICT sector are the TTJA and the State Information System Authority (RIA). Both operate under the Ministry of Economic Affairs and Communications. The TTJA monitors the fixed-line and mobile broadband markets,1 ensuring compliance with EU Regulation 2015/2120,2 which outlines open-internet access requirements and user rights relating to electronic communications networks and services. Meanwhile, the RIA manages state ICT resources.3 Both have a reputation for professionalism and independence. There were no reported cases of undue interference in the ICT sector or abuse of power by these bodies during the coverage period.
The Estonian Internet Foundation, which represents a broad group of stakeholders in the Estonian internet community, manages Estonia’s top-level domain (.ee).4
- 1The Consumer Protection and Regulation Authority, “Ameti tutvustus” [Introduction to the Agency], accessed March 1, 2022, https://www.ttja.ee/
- 2“Regulation (EU) 2015/2120 of the European Parliament and of the Council of 25 November 2015,” European Union Law, November 26, 2015, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32015R2120.
- 3Information System Authority, “Introduction and structure,” accessed March 1, 2022, https://www.ria.ee/en/information-system-authority/introduction-and-str….
- 4Estonian Internet Foundation, “Public portal,” accessed March 1, 2022 http://www.internet.ee/en/.
|Does the state block or filter, or compel service providers to block or filter, internet content, particularly material that is protected by international human rights standards?||4.004 6.006|
There are very few blocked websites in Estonia, and the vast majority of political, social, and cultural content is freely available to users. However, during the coverage period, almost 200 websites remained blocked due to EU sanctions imposed in response to Russia’s brutal invasion of Ukraine, which targeted Russian broadcasting activities and licenses.1 According to information provided by the TTJA, 195 domains and 51 television channels remained blocked in Estonia as of April 2023.2
In March 2022, the EU issued Regulation 2022/350, ordering member states to “urgently suspend the broadcasting activities” of RT, RT France, RT Germany, RT Spanish, and RT UK, and Sputnik, and block their websites because they “engaged in continuous and concerted propaganda actions targeted at civil society.”3 In June 2022, the EU adopted another package of sanctions, which suspended the distribution of five Russian news outlets, including Rossiya RTR/RTR-Planeta, Rossiya 24/Russia 24, and TV Centre International.4
The primary restriction on internet content remains a ban of online illegal gambling websites (see B3). As of May 2023, the Tax and Customs Board (MTA) had more than 1,800 URLs on its list of illegal online gambling sites that Estonian ISPs are required to block.5
- 1European Council, EU sanctions against Russia explained, accessed June 15, 2023, https://www.consilium.europa.eu/en/policies/sanctions/restrictive-measu…
- 2“Eesti keerab Vene telekanalite leviku täielikult kinni [Estonia completely shuts down the distribution of Russian TV channels],” BNS, April 5, 2023, https://majandus.postimees.ee/7747479/eesti-keerab-vene-telekanalite-le….
- 3“COUNCIL REGULATION (EU) 2022/350 of 1 March 2022 amending Regulation (EU) No 833/2014 concerning restrictive measures in view of Russia's actions destabilising the situation in Ukraine,” Official Journal of the European Union, Volume 65, March 2, 2022, https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L:2022:065:F….
- 4European Commission, “Russia's war on Ukraine: EU adopts sixth package of sanctions against Russia,” June 3, 2022, https://ec.europa.eu/commission/presscorner/detail/en/IP_22_2802.
- 5Tax and Customs Board, “Blokeeritud hasartmängu internetileheküljed” [Blocked gambling internet pages], accessed May 18, 2023, https://www.emta.ee/ariklient/registreerimine-ettevotlus/hasartmangukor…
|Do state or nonstate actors employ legal, administrative, or other means to force publishers, content hosts, or digital platforms to delete content, particularly material that is protected by international human rights standards?||3.003 4.004|
Online content is sometimes removed following a court order, although this is not a widespread issue. Comments on news websites and discussion boards are also sometimes removed by website administrators. Most popular websites have codes of conduct for the responsible and ethical use of their services and enforcement policies that allow certain content to be taken down.
At times, social media content is removed. Between January and June 2022, Facebook restricted access in Estonia to 163 items that violated EU sanctions on Russian state-controlled media sources.1 Google received three government requests to remove content in 2022—two for privacy and security and one for hate speech—and removed 27 of the 29 items requested.2
Russian social media platforms Odnoklassniki and Vkontakte are also popular in Estonia, but their parent companies do not release data about content removal requests.
- 1Facebook Transparency Report, “Content restrictions based on local law: Estonia,” accessed March 13, 2023, https://transparency.facebook.com/content-restrictions/country/EE
- 2Google Transparency Report, “Government requests to remove content: Estonia,” accessed March 13, 2023, https://transparencyreport.google.com/government-removals/government-re….
|Do restrictions on the internet and digital content lack transparency, proportionality to the stated aims, or an independent appeals process?||4.004 4.004|
Restrictions on online content are generally transparent and grounded in the law. The Gambling Act, one of the few laws that imposes restrictions, requires domestic and foreign gambling websites to obtain a special license.1 Unlicensed websites are subject to blocking by the MTA (see B1). The MTA’s list of blocked websites is transparent and available to the public.
Under the Information Society Service Act and pursuant to the EU’s E-Commerce Directive, service providers are generally not liable for illegal content transmitted by users.2
However, in 2015, the European Court of Human Rights (EctHR) upheld a controversial 2009 Estonian Supreme Court decision in the case of Delfi v. Estonia, which established intermediary liability for third-party defamatory comments on news sites.3 The EctHR confirmed that holding intermediaries responsible for third-party content published on their website or forum is not against Article 10 of the European Convention on Human Rights (ECHR) guaranteeing freedom of expression.
In December 2021, the EU Directive on Copyright in the Digital Single Market was adopted into Estonian law.4 The directive, among other things, establishes ancillary copyright for digital publishers and makes “online content sharing service providers” partially liable for copyright violations on their platforms.5
Similarly, the EU Audio-Visual Media Services Directive (AVMSD)6 was adopted in March 2022.7 The AVMSD requires “video-sharing platform services” to take “appropriate measures” to protect minors from content “which may impair their physical, mental or moral development” and the general public from content involving child sexual abuse, racism, or xenophobia as well as content inciting hatred, terrorism, or violence.8 According to the AVMSD, service providers must apply for a license to operate, submit reports on the structure of the program, and disclose their ownership structure. The regulatory changes mainly affect Estonian audiovisual media service providers.9
The Information Society Service Act, originally enacted in 2004, allows the government to impose unspecified restrictions on information society services. Under the law, restrictions on such services are allowed in cases “justified by morality, public order, national security, public health and consumer protection.”10 The law places further conditions on these restrictions, including that they be imposed on a specific service, are “proportionate to its purpose,” and in the case of foreign-based services, that Estonian authorities appeal to the applicable country to impose a restriction before doing so themselves.
In July 2022, the Estonian parliament amended the Information Society Service Act to explicitly permit authorities to block online content in certain circumstances, particularly in the context of Russia’s invasion of Ukraine. The amendments, which took effect in August 2022, empower the TTJA to order service providers to block domains that incite “hatred, violence or discrimination” or “incites or justifies war crimes” when such measures are necessary for national security and no other avenues to counter the spread of the information exist.11 According to a government press release, the amendments are meant to “ensure the existence of domestic measures” to restrict content that “is used to shape the attitudes of people living or staying in Estonia as part of informational influence activities directed against Estonia.”12 The law also amended the Cyber Security Act to update Estonia’s cybersecurity framework (see C8).
- 1Riigi Teataja, “Gambling Act,” October 15, 2008, https://www.riigiteataja.ee/en/eli/ee/Riigikogu/act/507122016002/consol…
- 2Swiss Institute of Comparative Law, “Comparative Study on Blocking, Filtering and Take-Down of Illegal Internet Content,” December 20, 2015, https://rm.coe.int/CoERMPublicCommonSearchServices/DisplayDCTMContent?d….
- 3Columbia University: Global Freedom of Expression, “Delfi AS v. Estonia,” accessed September 30, 2020, https://globalfreedomofexpression.columbia.edu/cases/delfi-as-v-estonia/.
- 4“Directive (EU) 2019/790 of the European Parliament and of the Council of 17 April 2019,” European Union Law, May 17, 2019, https://eur-lex.europa.eu/eli/dir/2019/790/oj; “Autoriõiguse seaduse muutmise seadus (autoriõiguse direktiivide ülevõtmine),” State Gazette (Riigi Teataja) https://www.riigiteataja.ee/akt/128122021001
- 5“Directive (EU) 2019/790 of the European Parliament and of the Council of 17 April 2019,” European Union Law.
- 6“Directive (EU) 2018/1808 of the European Parliament and of the Council of 14 November 2018,” European Union Law, November 28, 2018, https://eur-lex.europa.eu/eli/dir/2018/1808/oj.
- 7State Gazette (Riigi Teataja), https://www.riigiteataja.ee/akt/127022022001.
- 8“Directive (EU) 2018/1808 of the European Parliament and of the Council of 14 November 2018,” European Union Law.
- 9Introduction of regulation proposal at the Parliament, accessed May 30, 2022, riigikogu.ee/tegevus/eelnoud/eelnou/4ba650d7-565f-425c-960b-2ed72b05857c/Meediateenuste%20seaduse%20muutmise%20ja%20sellega%20seonduvalt%20teiste%20seaduste%20muutmise%20seadus.
- 10Infoühiskonna teenuse seadus [Information Society Service Act], Parliament of Estonia, revised August 16, 2022, https://www.riigiteataja.ee/akt/InfoTS.
- 11Küberturvalisuse seaduse ja teiste seaduste muutmise seadus [Act to amend the Cyber Security Act and other Acts], Parliament of Estonia, July 19, 2022, https://www.riigiteataja.ee/akt/106082022002.
- 12“The Riigikogu adopted 12 laws,” Parliament of Estonia, July 19, 2022, https://www.riigikogu.ee/istungi-ulevaated/riigikogu-vottis-vastu-12-se….
|Do online journalists, commentators, and ordinary users practice self-censorship?||4.004 4.004|
In general, self-censorship is not prevalent, and online debates are active and open.
Estonians value freedom of speech highly. According to a Eurobarometer survey conducted in March 2023, Estonians believe that protecting freedom of speech should be one of the most important priorities of the European Parliament.1
Reporters Without Borders’ 2023 Press Freedom Index ranks Estonia as the eighth freest country out of 180 measured. Press freedom is guaranteed in both legal and political spheres. However, journalists may self-censor in response to cyberbullying or because of potential penalties from anti-defamation legislation (see C2). According to the report, online threats by private individuals have increased, with the most serious cases being reported to and investigated by the police.2
- 1Eurobarometer, “EP Spring 2023 Survey: Democracy in action - One year before the European elections: Estonia,” published June 2023, https://europa.eu/eurobarometer/surveys/detail/3093.
- 2Reporters Without Borders, “Estonia”, accessed May 18, 2023, https://rsf.org/en/country/estonia.
|Are online sources of information controlled or manipulated by the government or other powerful actors to advance a particular political interest?||3.003 4.004|
Manipulation of the online information landscape continued during the coverage period, especially concerning Russia’s full-scale invasion of Ukraine. Soon after the invasion, false information about Ukrainians attacking Russians in Estonia was shared across Facebook and Instagram.1 In August 2022, Estonian authorities acknowledged that the spread of disinformation, which often sought to stigmatize Ukrainian refugees living in the country, had increased significantly since the invasion, particularly on Telegram.2
Russian information campaigns have historically sought to manipulate public opinion in Estonia.3 An April 2020 report from the cybersecurity company Recorded Future identified an apparent Kremlin-backed disinformation operation aimed at undermining Estonia’s relationship with the EU, including by disseminating forged government communiqués.4
Generally, disinformation is evident in online channels. In September 2020, the Global Disinformation Index (GDI) found that one quarter of Estonian media sites presented a high risk of disinforming their online readers. Some of these sites were based in Russia, and they were not part of Estonia’s mainstream media market.5
- 1Silver Tambur and Sten Hankewitz, “Fake news about Ukrainians attacking Russians in Estonia circulate in social media, while Russia warns the Baltics,” Estonian World, March 5, 2022, https://estonianworld.com/security/fake-news-about-ukrainians-attacking….
- 2Ervin Hainla, “Police in Estonia fending off info operations targeting Ukrainian,” ERR, August 27, 2022, https://news.err.ee/1608697378/police-in-estonia-fending-off-info-opera….
- 3Estonian Internal Security Service (KAPO), “Annual Review 2019/20,” accessed September 30, 2020, https://www.kapo.ee/sites/default/files/public/content_page/Annual%20Re….
- 4“Inent to Infekt: ‘Operation Pinball’ Tactics Reminiscent of ‘Operation Secondary Infektion’,” Recorded Future, April 8, 2020, https://www.recordedfuture.com/operation-pinball-tactics/.
- 5“The Online News Market in Estonia ,” Global Disinformation Index, September 30, 2020, https://www.disinformationindex.org/country-studies/2020-9-30-the-onlin….
|Are there economic or regulatory constraints that negatively affect users’ ability to publish content online?||3.003 3.003|
There are few economic or regulatory barriers to posting content online. News websites do not need to register with the government to operate.1
In line with the EU, Estonia supports net neutrality. Providers found to be in violation can be fined up to €9,600 ($9,947).2 Estonia has not implemented separate rules on net neutrality and follows the EU’s regulatory framework on open internet access and user rights relating to electronic communications networks and services.3 The TTJA regularly analyses the ICT market for zero-rating plans that may violate net neutrality, along with other net neutrality infractions; in the TTJA’s latest report, in 2022, it did not identify any violations.4
- 1Halliki Harro-Loit and Urmas Loit, “Estonia,” Centre for Media Pluralism and Freedom, December 2016, http://cmpf.eui.eu/media-pluralism-monitor/mpm-2016-results/estonia/.
- 2Ali Al-Awadi, Andreas Czák, Ludger Benedikt Deffaa, Benedikt Gollatz, Cornelia Hoffmann, Thomas Lohninger, and Erwin Ernst Steinhammer, “The Net Neutrality Situation in the EU: Evaluation of the First Two Years of Enforcement,” Epicenter Works, January 29, 2019 https://epicenter.works/sites/default/files/2019_netneutrality_in_eu-ep….
- 3European Commission, “Annual country reports on Open internet from national regulatory authorities – 2022,” September 22, 2022, https://digital-strategy.ec.europa.eu/en/library/annual-country-reports….
- 4European Commission, “Annual country reports on Open internet from national regulatory authorities – 2022”
|Does the online information landscape lack diversity and reliability?||4.004 4.004|
A diverse range of content is available online. While journalists have raised concerns that media ownership in Estonia remains concentrated, which could limit the diversity of online content, they have also noted that Estonia’s information landscape remains robust for a country of its size.1
Knowledge of foreign languages among Estonians is high, which facilitates access to diverse content.2
- 1Maxence Grunfogel, “Feature: Estonian media landscape and freedom of the press over the years,” ERR News, June 22, 2022, https://news.err.ee/1608636865/feature-estonian-media-landscape-and-fre….
- 2“Estonia Ranks High for English Proficiency,” Study In Estonia, November 9, 2015, https://web.archive.org/web/20180411095606/http://www.studyinestonia.ee…
|Do conditions impede users’ ability to mobilize, form communities, and campaign, particularly on political and social issues?||6.006 6.006|
Estonians use social media platforms to share news and information, as well as to generate public discussion about current political issues. No restrictions to online mobilization tools were put in place during the coverage period.
In 2014, the official platform Rahvaalgatus.ee was launched, enabling people to compile petitions, send them to the parliament if they gather at least 1,000 digital signatures, and monitor lawmakers’ responses.1 As of March 2023, 355 petitions had been launched, out of which 169 gathered the necessary support to be sent to the parliament.2 The platform also accepts and facilitates petitions to local governments. By law, the petition needs to gather signatures from at least 1 percent of residents in a given locality to warrant the official procedure in the local council.3 By March 2023, close to 500,000 authenticated digital signatures had been collected in support of petitions.4
- 1“Sul on mõte, kuidas ühiskonnaelu parandada? [Do you have an idea how to improve society?],” Rahvaalgatus, accessed March 1, 2023, https://rahvaalgatus.ee/.
- 2“Sul on mõte, kuidas ühiskonnaelu parandada? [Do you have an idea how to improve society?],” Rahvaalgatus, accessed March 1, 2023, https://rahvaalgatus.ee/.
- 3Kohaliku omavalitsuse korralduse seadus, https://www.riigiteataja.ee/akt/130122015082
- 4Rahvaalgatus, accessed March 1, 2023, https://rahvaalgatus.ee/.
|Do the constitution or other laws fail to protect rights such as freedom of expression, access to information, and press freedom, including on the internet, and are they enforced by a judiciary that lacks independence?||6.006 6.006|
All citizens have the constitutional rights to freely obtain information and to freely disseminate ideas, beliefs, and facts.1 There are no obstacles to people exercising their right to freedom of expression online.
The judiciary in Estonia is independent, and there have not been any instances of political interference with the judiciary. According to a 2022 survey, 60 percent of Estonians trust the independence of the judiciary.2
In June 2023, after the coverage period, the Estonian Supreme Court ruled that it was unconstitutional for an Estonian detention center to ban detained asylum seekers from using personal communications devices, confirming a March 2023 administrative court decision. The Estonian Human Rights Centre, which initiated the case, argued that the restrictions on internet access violated the asylum seekers’ rights to freedom of expression and access to information.3
In March 2022, the parliament adopted amendments to the Public Sector Information Act submitted by the Ministry of Justice. The amendments align Estonian law with the EU’s revised Public Sector Information Directive, which governs public access to state data.4
Protections for journalists, which include the right to the confidentiality of sources, are strong.5
- 1“Constitution of the Republic of Estonia,” Republic of Estonia, accessed February 7, 2022, https://www.president.ee/en/republic-of-estonia/the-constitution/.
- 2European Commission, “The 2022 EU Justice Scoreboard,” 2022, https://commission.europa.eu/system/files/2022-05/eu_justice_scoreboard….
- 3Kertu Tuuling, Mari-Liis Vähi, and Uljana Ponomarjova, “Fundamental rights must be ensured for international protection applicants,” Estonian Human Rights Centre, June 20, 2023, https://humanrights.ee/en/2023/03/fundamental-rghts-must-be-ensured-for….
- 4Parliament of Estonia, ”Avaliku teabe seaduse muutmise seadus 409 SE", 2021, https://www.riigiteataja.ee/akt/110032022004?leiaKehtiv; Riigi Teataja, “Public Sector Information Act,” November 15, 2000, https://www.riigiteataja.ee/en/eli/ee/514112013001/consolide/current; “Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019,” European Union Law, June 26, 2019, https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1561563110433&uri=C….
- 5Ieva Azanda, Mogens Blicher Bjerregård, Jüri Estam, Ilze Jaunalksne, Allen-Illimar Putnik, “Of the Rights and Responsibilities of the Journalist,” Re:Baltica and the Centre for Media Studies of the Stockholm School of Economics, 2018, https://www.sseriga.edu/sites/default/files/inline-files/estonian_legal….
|Are there laws that assign criminal penalties or civil liability for online activities, particularly those that are protected under international human rights standards?||3.003 4.004|
On paper, there are few limits on freedom of expression online. Speech that publicly incites hatred, violence, or discrimination on the basis of nationality, race, color, gender, language, origin, religion, sexual orientation, political opinion, or financial or social status, and results in danger to the life, health, or property of a person, is punishable by a fine of up to €3,200 ($3,316) under the penal code.1 Such speech is also punishable by up to three years in prison if it leads to the “death of a person or results in damage to health or other serious consequences.”
Following Estonia’s March 2023 parliamentary elections, the new governing coalition said that it planned to implement stronger legal repercussions for hate speech as part of its coalition agreement.5 The Ministry of Justice had reportedly drafted a legislative proposal, but it had not yet been presented to the parliament by the end of the coverage period.6
- 1Riigi Teataja, “Penal Code,” Article 151, June 6, 2001, https://www.riigiteataja.ee/en/eli/ee/Riigikogu/act/519012017002/consol….
- 2The amended penal code was adopted in 2001 and entered into force in 2002.
- 3Riigi Teataja, “Law of Obligations Act,” September 26, 2001, https://www.riigiteataja.ee/en/eli/524012017002/consolide.
- 4Cases from the Estonian Supreme Court are available here: http://www.nc.ee/?id=194.
- 5“Läbirääkijad tahavad karmistada vaenukõne ja konkurentsireegleid [Negotiators want to tighten the rules on hate speech and competition],” ERR News, March 13, 2023, https://www.err.ee/1608913613/labiraakijad-tahavad-karmistada-vaenukone….
- 6“Vaenukõne seaduse mõju selgub kohtupraktikas [The impact of the hate speech law is revealed in case law],” ERR News, May 12, 2023, https://www.err.ee/1608976136/vaenukone-seaduse-moju-selgub-kohtuprakti…; “Government approves hate speech draft bill,” ERR News, June 8, 2023, https://news.err.ee/1609001696/government-approves-hate-speech-draft-bi….
|Are individuals penalized for online activities, particularly those that are protected under international human rights standards?||6.006 6.006|
There were no criminal prosecutions or detentions for online activities during the coverage period.
In April 2022, two Eesti Ekspress journalists, Tarmo Vahter and Sulev Vedler were fined €1,000 ($1,036) each for publishing an article about alleged money laundering conducted by managers of a major Swedish bank. Eesti Ekspress was also fined.1 Though the case generated a wider public discussion about press freedom, then Justice Minister Maris Lauri insisted that leaking information about ongoing investigations can potentially help criminals conceal crimes and is thus not protected by laws related to press freedom.2 The decision prompted pushback from both private and public media organizations in Estonia, as well as Prime Minister Kaja Kallas, former president Kersti Kaljulaid, and current president Alar Karis.3 In June 2022, the fines were dismissed by an appeals court,4 a decision that was later upheld by the Supreme Court in January 2023.5
A previous defamation case concerning two journalists in 2018 prompted the Estonian Data Protection Inspectorate (AKI) to call for “all authors operating in the public sphere,” including social media users, to abide by journalistic principles “when publishing current, social or other public interest texts.”6
- 1“Journalists fined over Swedbank piece raises Estonia press freedoms worries,” ERR News, May 5, 2022, https://news.err.ee/1608587308/journalists-fined-over-swedbank-piece-ra….
- 2“Justice minister: Media must not impinge on the workings of fair justice,” ERR News, May 5, 2022, https://news.err.ee/1608587500/justice-minister-media-must-not-impinge-….
- 3“Journalists fined over Swedbank piece raises Estonia press freedoms worries”, ERR News, May 5, 2022, https://news.err.ee/1608587308/journalists-fined-over-swedbank-piece-ra…; “Kallas: the press must be able to work freely” [in Estonian], ERR News, May 5, 2022, https://www.err.ee/1608587611/kallas-ajakirjandus-peab-saama-vabalt-too….
- 4Committee to Protect Journalists, “Two Estonian journalists fined over article on money laundering,” May 18, 2022 (updated June 14, 2022), https://cpj.org/2022/05/two-estonian-journalists-fined-over-article-on-….
- 5”Riigikohus keeldus Ekspressi ajakirjanike trahvimisest [Supreme Court refuses to fine Ekspress journalists],” Eesti Ekspress, January 31, 2023, https://ekspress.delfi.ee/artikkel/120136226/riigikohus-keeldus-ekspres….
- 6“Kohtuotsus sõnavabaduse vastutusest” [Judgment on liability for freedom of expression], Data Protection Inspectorate, November 19, 2019, https://www.aki.ee/et/uudised/kohtuotsus-sonavabaduse-vastutusest.
|Does the government place restrictions on anonymous communication or encryption?||4.004 4.004|
There are no governmental restrictions on anonymous communication or encryption, and no SIM card registration requirements.1
Some major news sites have limited anonymous commenting on their articles in reaction to the establishment of intermediary liability for third-party defamatory comments on internet news portals (see B3).
- 1Privacy International, “Timeline of SIM Card Registration Laws,” June 11, 2019, https://privacyinternational.org/long-read/3018/timeline-sim-card-regis….
|Does state surveillance of internet activities infringe on users’ right to privacy?||6.006 6.006|
Historically, government surveillance has not been intrusive, and the constitution guarantees the right to the confidentiality of messages sent or received.1
Parliament’s Security Authorities Surveillance Select Committee oversees surveillance and security agencies. The committee monitors the activities of these bodies to ensure conformity with the constitution, the Security Authorities Act,2 and other regulations, which include necessity and proportionality requirements.
The prosecutor's office monitors surveillance activities and reports regularly to the parliamentary select committee. In its annual report for 2022, the prosecutor’s office disclosed that cases where law enforcement bodies had been granted permission to use surveillance tools had decreased by approximately 10 percent compared to 2021; of all 1,228 cases, 44 percent were granted by courts and 56 percent by the prosecutor’s office. Wiretapping was authorized in 526 cases.3
Chancellor of Justice Ülle Madise, who serves as the state ombudsperson, verifies whether state agencies that organize the interception of phone calls and conversations, surveil correspondence, and otherwise covertly collect, process, and use personal data operate lawfully. In the chancellor’s 2022 annual report, she stated that her office had reviewed surveillance files from 2018 to 2021 and found that “surveillance authorizations contained the requisite reasoning as to the circumstances why surveillance measures were needed in a particular case,” noting that applications for surveillance “were reviewed in substance and competently.”4 Madise reported that, with the exception of one delayed instance, individuals were informed about their surveillance in line with legal requirements.5
In May 2020, the Riigikogu adopted the Act Amending the Defense Forces Organization Act, the Security Authorities Act, and the Chancellor of Justice Act, which allow the military to access private data and surveil citizens under certain emergency circumstances.6
- 1“Constitution of the Republic of Estonia,” Republic of Estonia.
- 2Riigi Teataja, “Security Authorities Act,” December 20, 2000, https://www.riigiteataja.ee/en/eli/522032019003/consolide.
- 3Dilaila Nahkur-Tammiksaar, Helina Uku, “Kriminaalmenetluste statistika” [Statistics of criminal proceedings], 2022, https://aastaraamat.prokuratuur.ee/prokuratuuri-aastaraamat-2022/krimin….
- 4Chancellor of Justice, “Chancellor*s Year in Review 2021/2022: Security”, accessed March 13, 2023, https://www.oiguskantsler.ee/annual-report-2022/security.
- 5Chancellor of Justice, “Chancellor*s Year in Review 2021/2022: Security”, accessed March 13, 2023, https://www.oiguskantsler.ee/annual-report-2022/security.
- 6Riigi Teataja, “Estonian Defence Forces Organisation Act,” accessed September 2022, https://www.riigiteataja.ee/en/eli/512062020001/consolide.
|Does monitoring and collection of user data by service providers and other technology companies infringe on users’ right to privacy?||4.004 6.006|
Estonia has strong laws protecting citizens’ personal information, although service providers are mandated to retain user data. The General Data Protection Regulation (GDPR), which came into force in all EU member states in May 2018,1 puts limits on how interested parties can use and store Estonians’ data.
The Personal Data Protection Act (PDPA) was amended in 2018 and entered into force in January 2019.2 The law contains the provisions left by the GDPR to EU member states' legislation, which includes certain exceptions like those identifying instances when the media can use personal data if it is in the public interest. Laws regulating databases and data collection by public and private registries were also updated during this process. The AKI is the supervisory authority for the PDPA.3 A February 2023 assessment by the National Audit Office found that officials’ access to two databases operated by the Social Insurance Board, which oversees social security benefits, was too broad, creating potential for misuse.4
Service providers are required to collect and retain a substantial amount of metadata. These requirements were established under the Electronic Communications Act, which aligned with EU legislation. They were cast into doubt by the Court of Justice of the European Union (CJEU) in 2014, when the court found the European Data Retention Directive (2006/24/EC) to be invalid.5
Article 111 of the Electronic Communications Act outlines various restrictions on how this data can be stored and used.6 Data shall be kept for one year, unless there are special circumstances determined by the government that justify keeping it longer, such as maintaining public order and national safety. Article 112 regulates how requests by law enforcement authorities or other agencies can be made in relevant situations, such as criminal investigations, as provided by law. Judicial approval is not always required. These requests for data are kept by the requesting agency for two years. Article 112 also stipulates that operators shall inform the TTJA of requests made and measures undertaken. The Electronic Communications Act has been criticized for allowing requests for metadata in too many situations. While Estonia’s Chancellor of Justice has found that the system does not contradict constitutional guarantees, the office has questioned the proportionality of the law.7 Pursuant to the Electronic Communications Act, the Cyber Security Act also requires companies to monitor communications, mainly to ensure the security of their own systems; companies are required to inform the RIA of “actions or software compromising the security of the system.”8
The Chancellor of Justice can make suggestions regarding data protection. In her 2022 annual report, the Chancellor of Justice noted that her office’s earlier proposals to better protect the fundamental rights of Estonians during surveillance operations had been implemented by authorities (see C5).9
In November 2018, Estonia’s Supreme Court made a referral for a preliminary ruling to the CJEU to find out whether EU law, such as the Charter of Fundamental Rights, prevents the state from using people’s metadata during investigations into crimes other than serious crimes and whether this process should include judicial review.10 The CJEU’s preliminary ruling outlined that the tracking of movement and communication through metadata from telecommunication providers is permissible only in cases of terrorism or serious crime.11 This preliminary ruling affected many ongoing criminal proceedings as this type of evidence may be considered inadmissible.
In June 2021, the Supreme Court ruled that neither the prosecutor’s office nor the court can request communications data from companies in certain criminal investigations, following an October 2020 ruling from the CJEU in the La Quadrature du Net case, which held that “indiscriminate” collection and retention of communications data in cases involving non-serious crimes does not align with the EU’s ePrivacy Directive. However, under the Estonian ruling, “surveillance and security authorities” still have the right to access communications data, so long as the measure is within the scope of the law.12
- 1Riigi Teataja, “Isikuandmete katise seadus” [Personal Data Protection Act], December 12, 2018, https://www.riigiteataja.ee/akt/104012019011.
- 2Publications Office of the European Union, “Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016,” April 27, 2016, https://publications.europa.eu/en/publication-detail/-/publication/3e48…
- 3Republic of Estonia: Data Protection Inspectorate, “1 year GDPR – taking stock,” accessed September 30, 2020, https://www.aki.ee/en.
- 4“Riigikontroll: ametnikud saavad SKA andmekogudes liiga vabalt surfata [National Audit Office: officials can surf SKA datasets too freely],” ERR News, February 9, 2023, https://www.err.ee/1608878741/riigikontroll-ametnikud-saavad-ska-andmek….
- 5European Court of Justice, “Digital Rights Ireland Ltd (C-293/12) and Kärntner Landesregierung (C-594/12),” InfoCuria Case-law, April 8, 2014, http://curia.europa.eu/juris/document/document.jsf?docid=150642&doclang….
- 6Riigi Teataja, “Electronic Communications Act,” December 8, 2004, https://www.riigiteataja.ee/en/eli/ee/Riigikogu/act/521052020003/consol….
- 7Chancellor of Justice, “Elektroonilise side seaduse § 1111 alusel sideandmete töötlemise põhiseaduspärasus” [Constitutionality of processing of communications data under § 1111 of the Electronic Communications Act], April 22, 2016, https://www.oiguskantsler.ee/sites/default/files/field_document2/elektr….
- 8Riigi Teataja, “Cybersecurity Act,” May 9, 2018, https://www.riigiteataja.ee/en/eli/523052018003/consolide.
- 9Chancellor of Justice, “Chancellor*s Year in Review 2021/2022: Security,” accessed March 13, 2023, https://www.oiguskantsler.ee/annual-report-2022/security.
- 10Riigikohus, “Kohtuasja number I-16-6179 [Case number I-16-6179],” November 12, 2018, https://www.riigikohus.ee/et/lahendid?asjaNr=1-16-6179/85.
- 11”Euroopa Kohus lubab sideandmeid süütõenditena kasutada ainult erijuhul [European Court permits the use of metadata in limited cases],” ERR, March 2, 2021, https://www.err.ee/1608127735/euroopa-kohus-lubab-sideandmeid-suutoendi….
- 12“Supreme Court: State cannot demand telephone communication data,” ERR News, June 18, 2021, https://news.err.ee/1608251514/supreme-court-state-cannot-demand-teleph….
|Are individuals subject to extralegal intimidation or physical violence by state authorities or any other actor in relation to their online activities?||5.005 5.005|
There have been no registered physical attacks against users or online journalists, though online discussions are sometimes inflammatory. Both critics and supporters of the far-right Conservative People’s Party of Estonia (EKRE) have faced online harassment, including threats of violence, for their views.1 Online harassment can be reported to the social media administrators or to the police, which has a designated web patrol unit with a presence on Facebook.2
In recent years, several defamation cases have incited public debate on the accepted code of conduct in the digital space and the appropriate sanctioning for breaches such as verbal threats, intimidation, and harassment.3
In October 2020, the European Commission launched infringement proceedings against Estonia, as the country had not opted for the criminalization of public incitement to violence or hatred directed at vulnerable groups and had not defined adequate penalties for this offense.4 Proposals to enact more severe penalties for hate speech remained under consideration during the coverage period (see C2).
- 1Shaun Walker, “Racism, sexism, Nazi economics: Estonia's far right in power,” Guardian, May 21, 2019, https://www.theguardian.com/world/2019/may/21/racism-sexism-nazi-econom…; “Police: We take threats very seriously,” ERR News, 21 November 2019, https://news.err.ee/1005278/police-we-take-threats-very-seriously.
- 2Council of Europe, “Reporting in Estonia: National reporting procedures for cyberbullying, hate speech and hate crime,” accessed September 30, 2020, https://rm.coe.int/estonia-nationalreporting-en/pdf/16808a36c3.
- 3“Court to hear radio presenter's slander claim against petition organizer,” ERR News, August12, 2020, https://news.err.ee/1123055/court-to-hear-radio-presenter-s-slander-cla….
- 4“Prosecutor general: I oppose the criminalization of hate speech,” ERR News, February 17, 2021, https://news.err.ee/1608112696/prosecutor-general-i-oppose-the-criminal….
|Are websites, governmental and private entities, service providers, or individual users subject to widespread hacking and other forms of cyberattack?||3.003 3.003|
Estonia is well regarded for its commitment to cybersecurity and has developed effective resilience strategies in recent years.1 Despite this, cyberattacks pose an ongoing threat to government agencies and private entities.
Cyberattacks originating from Russia have intensified following Russia’s full-scale invasion of Ukraine,2 though the low level of sophistication of the attacks and countermeasures taken by Estonian cybersecurity specialists have limited their impact. For example, in August 2022, the Russian hacker group Killnet claimed responsibility for a distributed denial-of-service (DDoS) attack against more than 200 public and private institutions in Estonia. Though Estonian authorities called it “the most extensive cyberattacks [Estonia] has faced since 2007,” they said the cyberattack was repelled and targeted websites remained available “with some brief and minor exceptions.”3 In April 2022, during the previous coverage period, a DDoS attack targeted websites belonging to the president, the Ministry of Foreign Affairs, and the Police and Border Guard Board (PPA), as well as the online portals for digital state services. Although the attacks persisted for almost a week, the websites were fully operational a few hours after the initial attack.4
Estonia’s cybersecurity strategy is built on strong private-public collaboration and a unique voluntary structure through the National Cyber Defense League.5 With more than 150 experts participating, the league has simulated different security threat scenarios in defense exercises, with the aim of improving the technical resilience of telecommunication networks and other critical infrastructure.6
As an additional measure to ensure the security of public electronic data, Estonia established the first of several planned “data embassies” in 2019. The first embassy, based in Luxembourg, stores public data and information systems critical to the functioning of the state, including its state gazette, land registry, and business register, in the cloud, enabling the Estonian state to function in the event of a cyberattack or other political crisis within the country.7 The bilateral agreement between the two governments to establish the embassy was signed in June 2017 and it was ratified by both parliaments. The data embassy is granted the same privileges bestowed upon traditional embassies.8
Cybersecurity incidents surrounding the Estonian e-ID infrastructure are an infrequent but lingering concern, such as the 2017 Return of Coppersmith Attack (ROCA) vulnerability, when a chip malfunction that could lead to security breaches was discovered,9 and the 2011 PIN vulnerability, which allowed the ID cards to be used without their respective personal identification numbers.10
The Cyber Security Act implements EU Directive 2016/1148 on measures for a high common level of security of network and information systems.11 It includes requirements to have a computer security incident response team (CSIRT) and a competent national network and information security (NIS) authority (which Estonia previously had) and strengthens cooperation among EU member states. Businesses identified as operators of essential services are required to take appropriate security measures and to notify serious incidents to the relevant national authority.12
In July 2022, the parliament approved amendments to the Cyber Security Act that designate the TTJA as the national cybersecurity certification authority and allow the government to implement additional cybersecurity regulations,13 including the Estonian Information Security Standard (E-ITS).14 The law, which entered into force in August 2022, also amends the Information Society Service Act to enable the TTJA to restrict online content (see B3).
The North Atlantic Treaty Organization (NATO) Cooperative Cyber Defence Center of Excellence is located in Tallinn. Since its founding, the center has supported awareness campaigns and academic research, and hosted several high-profile conferences, among other activities. The center organizes an annual International Conference on Cyber Conflict, or CyCon, bringing together international experts from governments, the private sector, and academia, with the goal of ensuring the development of a free and secure internet.
- 1”National Cyber Security Index,” e-Governance Academy, accessed May 19, 2023, https://ncsi.ega.ee/ncsi-index/?order=rank.
- 2“Luukas Ilves: Vene kübervõimekus on kõva, aga mitte võitmatu [Luukas Ilves: Russian cyber capability is strong, but not invincible],” ERR News, April 27, 2022, https://www.err.ee/1608579442/luukas-ilves-vene-kubervoimekus-on-kova-a….
- 3Andrius Sytas, “Estonia says it repelled major cyber attack after removing Soviet monuments,” Reuters, August 18, 2022, https://www.reuters.com/world/europe/estonia-says-it-repelled-major-cyb…; Pascale Davies, “Estonia hit by 'most extensive' cyberattack since 2007 amid tensions with Russia over Ukraine war,” Euronews, August 18, 2022, https://www.euronews.com/next/2022/08/18/estonia-hit-by-most-extensive-….
- 4“DDoS cyberattacks temporarily disrupt Estonian government websites”, ERR News, April 24, 2022, https://news.err.ee/1608573376/ddos-cyberattacks-temporarily-disrupt-es….
- 5Ministry of Economic Affairs and Communication, “Cyber Security Strategy 2014-2017,” 2013, https://www.mkm.ee/sites/default/files/cyber_security_strategy_2014-201….
- 6“Estonian Defense League’s Cyber Unit,” Kaitseliit (Estonian Defense League), accessed September 30, 2020, http://www.kaitseliit.ee/en/cyber-unit.
- 7e-Estonia, “Data Embassy,” accessed October 2023, https://e-estonia.com/solutions/e-governance/data-embassy/.
- 8Riigikogu, “Majanduskomisjon toetab andmesaatkonna rajamist Luksemburgi” [The Committee of Economic Affairs supports the establishment of a data embassy in Luxembourg], February 13, 2018, https://www.riigikogu.ee/pressiteated/majanduskomisjon-et-et/majandusko….
- 9Estonian Information System Authority, “ROCA Vulnerability and eID: Lessons Learned,” May 1, 2018, https://www.ria.ee/en/authority-news-and-contact/news-media-contact/stu….
- 10Mihkel Kärmas, “Declassified documents reveal ID-card crisis from decade ago,” ERR News, November 26, 2021, https://news.err.ee/1608415676/declassified-documents-reveal-id-card-cr….
- 11Riigikogu, “Küberturvalisuse seadus 597 SE” [Cybersecurity Act 597 SE], May 9, 2018, https://www.riigikogu.ee/tegevus/eelnoud/eelnou/61815f7a-1025-4aea-9b0e….
- 12“The Directive on security of network and information systems (NIS Directive),” European Commission, July 15, 2019 https://ec.europa.eu/digital-single-market/en/network-and-information-s….
- 13Küberturvalisuse seaduse ja teiste seaduste muutmise seadus [Act to amend the Cyber Security Act and other Acts], Parliament of Estonia, July 19, 2022, https://www.riigiteataja.ee/akt/106082022002.
- 14“Estonian information security standard (E-ITS),” Republic of Estonia, accessed October 2023, https://www.ria.ee/en/cyber-security/management-state-information-secur….
See all data, scores & information on this country or territory.See More
Global Freedom Score94 100 free
Internet Freedom Score93 100 free
Freedom in the World StatusFree