X-Road logo
X-ROAD INSIGHTS · Introduction
DEEN

Introduction

What is X-Road?

X-Road is the secured data-exchange layer Estonian agencies, banks and companies use to exchange data — without a central database. This site shows what actually flows across it: derived from the public operational logs for December 2025 to May 2026.

3.87 bn
requests analysed (182 days)
21.27 M
requests per day on average
1,083
connected organisations

The idea in four points

X-Road is not a central portal and not a big database, but a mediation and trust layer. Four principles define it.

🔗

Decentralised, not central

Data stays in its respective registers. X-Road only transports requests and responses — there is deliberately no central "super-database". Each organisation runs its own connection point, the Security Server.

1️⃣

Once-only

Information the state already holds should not have to be supplied again by the citizen. Instead of collecting data twice, the handling system fetches it from the responsible authority — and these very requests are what this site makes visible.

📑

Transparency through logging

Every exchange is digitally signed, time-stamped and logged on both sides. This makes it traceable who accessed which data and when — the basis of trust (and of this analysis too).

🏛️

Clear governance

Identities and certificates are managed centrally, but the data exchange runs directly between the parties. The whole thing is operated by the state, and the core is open source.

How a data request works

Example: an agency needs a person's registered address. Instead of asking for it, its case system fetches it from the population register.

Case system of the agency Security Server X-ROAD signed · encrypted Security Server Register (provider)
  1. The agency's case system sends the request to its own Security Server.
  2. The Security Server signs and encrypts the request and sends it over the public internet to the provider's Security Server.
  3. At the provider, the identity is verified, the request is passed to the register, and the response is returned the same way.
  4. Both sides log the exchange with a time-stamp — nothing is cached centrally.

Who operates X-Road?

The first version of X-Road was developed and put into operation in 2001 by Estonia's information system authority RIA (Riigi Infosüsteemi Amet). Since 2018 the open-source X-Road core has been developed by NIIS (Nordic Institute for Interoperability Solutions) — a joint body founded in 2017 by Estonia and Finland. The source code is publicly available on GitHub under the MIT licence; the "X-Road" trademark, however, belongs to RIA and is protected separately.

Which systems and services are connected to Estonia's X-Road is documented in the state catalogue RIHA (administration system for the state information system). The naming and background details on the sub-pages of this project come, where available, from RIHA and other official sources — and are marked as uncertain where they are.

What does this site show?

Three entry points, depending on your interest. All figures are derived from the public operational logs, not from the content of the queries.

Overview
Facts & Figures
Key figures for the whole system and the interactive data-flow diagram.
Data sources
Registers compared
Who supplies the data? The main registers with volume and services.
Data users
Who queries?
The organisations that request data — by sector, including the private sector.
Data basis & limits: analysis period December 2025 – May 2026 (182 days), source logs.x-tee.ee. What is visible is which organisation called which service how often — not the content of the data retrieved. The analysis and texts were produced with the help of AI and may contain errors. → Methodology & limits