AmCham Digital Society Committee meeting with Minister of Economic Affairs and Information Technology Tiit Riisalo

On October 3, 2023 AmCham Digital Society had a meeting with the Minister of Economic Affairs and Information Technology Tiit Riisalo. 

The following questions were asked:

What is your vision about Estonia’s role as a Digital Frontrunner? 

• Estonia aims to build the best business environment in the world. We have had the most competitive tax system in the OECD for the past 6 years in a row. We focus on services that are not bureaucratic so that companies can focus on their actual goals instead of administrative burden. We use digitalisation to be efficient.
• Currently, Estonia has about 130 000 active companies, meaning roughly every tenth Estonian has their own company. Our business environment has produced 10 unicorns, which places us first in Europe in terms of unicorns per capita. 
• Setting up a business is easy; we hold the world record at 15 minutes and 33 seconds. Everything from opening the company to declaring taxes is fully online. However, the services are still spread across different information systems. So, we are bringing services together to eesti.ee, so that everything from opening up a company to applying for licenses and government support to looking at export opportunities to shutting down the company could be done from one single-point-of-contact. 
• We are also very keen to reduce administrative and regulatory burden coming from the EU level. We need to regulate once only and regulate better. Additionally, we need to support our companies in their expansion within the EU. Any tools that work cross-border would be helpful. Currently, our companies buy expansion plans from the regulatory perspective from law offices, and they cost roughly 200 000 apiece. 
• Concrete proof of the favourable business environment is the number of e-Residents (105 000) and companies they have opened (27 000). We have e-residents from 183 countries around the world and 42% of e-Residents are from the EU, indicating that while they can already open fully functional companies in the EU, they prefer the Estonian business environment. There was a spike in application of e-Residency and opening up companies during COVID when it became especially clear that managing a company fully online is necessary. 20% of all new companies in Estonia are opened by e-Residents.
• The role of government has changed a lot during the last decade. It’s not only about fixing the market failures but acting as enabler of new technologies and (digital) solutions. Public sector as a reference client to companies helps to scale up business globally and foster innovation. Three main ingredients has helped us to become successful: strong trust between public and private sector, short and fast iterations in development and very transparent and honest approach in terms of our failures (lessons learnt).

 

The EU is currently regulating AI. What can Estonia do to ensure that the regulation strikes the right balance so that it doesn’t go too far and prevents Estonia and the wider EU from innovating with AI? 

• The AI ecosystem is developing rapidly. The AI Act therefore needs to be flexible and future–proof. Ensuring a risk-based approach is the key – we have been standing behind this principle from the beginning. 

• Requirements for high-risk AI systems must be proportionate and realistic. We have to make sure that we do not set up walls for our start-ups and SMEs – many of them are struggling to understand and follow constantly growing regulatory requirements. 
• It is also essential to achieve a fair and innovation-friendly distribution of responsibilities in the complex AI value chain [this is especially tricky in the context of general purpose AI systems or foundation models – how to regulating these kind of systems is one of the questions we are trying to solve during the ongoing trilogues]. 

• Achieving a balanced approach is not an easy task because discussions often focuses only on risks. But risks should be considered alongside benefits and added value that AI offers across sectors. 

 

Cybersecurity and the importance of resilience is a key discussion and priority in the EU which is being regulated. What opportunities do Estonia see to further influence the discussion, ensuring the resilience of the EU by not excluding like minded allies from the internal market? 

• Given the evolving nature of cybersecurity threats and regulations, Estonia has historically advocated for a collaborative and a rather open-minded approach to cybersecurity within the EU and the broader international community. By contributing expertise and sharing best practices, Estonia can help shape EU policies and regulations that align with its values and priorities. 
• We believe the EU’s efforts in digital policy should help to stimulate the uptake of state-of-the-art technologies. This is why we should avoid creating additional legal obstacles as it is proposed in the EU Cloud Certification (EUCS) scheme. Elements of data localization and ownership controls are not proven to improve the security posture of cloud services. In contrary, the example of Ukraine demonstrates the importance of cloud (in its status quo) helping to secure the continuity of the state.

 

What is the role and potential of like-minded cooperation on this, such as with the D9+ group and NB6 (Nordic-Baltic countries)? 

• D9+ countries have much in common: digital and general economic characteristics and we believe this should prompt them to foster digital openness further and certainly be far more ambitious in promoting Europe’s digital competitiveness.
• The same goes with Nordic-Baltic countries – they face similar threats in the cyber domain, have a fair amount of shared infrastructure, and are as a region prone to cross-border cyberattacks.  Currently, negotiations are taking place among the Nordic-Baltic countries ( DK, SE, NO, FI, LT, LV, EE and ICL ) regarding the establishment of a cross-border SOC (regional security operative centre). The overall purpose is to create increased trust and awareness between authorities and companies in the Nordic-Baltic region to better detect and mitigate the cyber threat across national borders. 
• Nordic-Baltic regional cross-border platform in a shared setup between public and private actors could be numerous. A strong regional detection of cyber threats can be achieved through pooling and sharing of data, use of cyber threat intelligence (CTI) and analytic capacity, which will benefit authorities, companies, and citizens in the region.

Sea cables

• Estonia sees the need to increase the density of its submarine cable connectivity. It would give our market resilience and we see that it would also help bring new investments now that everything is going through digitalization and data volumes are increasing. 
• In that matter we have good cooperation with the Nordic states.  In fact, we hope that we will be part of C-Lion2 project that the Finns are researching at the moment. C-Lion2 is a new submarine connection from Germany to Finland. If we could be part of that, we see a possibility to have a better connection to US as well, since Cinia  is also in charge of Far North Fiber – a submarine cable from Finland to Alaska (USA) and Asia (Japan).

 

What can Estonia do nationally to further advance its frontrunner position, such as on 5G, cloud adoption etc? 

5G adoption: we had a late start in auctioning off our core 5G spectrum bands arising from a legal challenge to our spectrum auctions that had to be decided in our supreme court. However, we have now autioned off all core 5G spectrum bands and see that the rollout of coverage by our telecom operators is progressing quickly. We are also currently finalizing discussions with the European Commission on the state aid conditions for our plans to support the development of end-to-end 5G coridors on major highways and railroad lines. 

The most important driver of 5G availability will be consumer demand for new services.  

Cloud adoption:  For public sector use of cloud, we see that we are moving in the right direction. In the private sector, we are worried by the modest rate of cloud adotion on the part of many smaller enterprises. I would be glad to hear your thoughts on what we could do. 

A particular point of concern for cloud adoption for larger service providers, especially for vital service providers (banks, telcos, hospitals, power companies, etc) is our dependence on maritime cables for connectivity with the outside world. The legal requirements we currently place on vital service providers to ensure the connectivity of their services has been a hurdle toward their adoption of public cloud. We are currently reviewing these requirements to see if we could tweak them to make them more cloud friendly. 

AI. We are currently renewing our national AI strategy to update it for the rapid technological development we have seen in the last twelve months. We have succesfully run 100+ trials of AI in public institutions, we must now ensure their sustainability and make the use of AI in the public sector a core part of how we work.

But it is clear that what really matters is how quickly our private sector can adopt and benefit from new AI-based tools and how quickly the skills of our workforce can adopt. Figuring out a strategy for this broader question of AI adoption will be our main challenge for the new strategy. 

 

What is the intention with the upcoming cloud bill in Estonia? Have Estonia considered a cloud first policy to utilize the benefits of modern technologies for your public services? 

Public sector cloud adoption has thus far been hampered by perceived legal uncertainty surrounding the use of public cloud for sensitive information, both personal data and official information. The cloud bill establishes clear criteria for the use of public cloud for all public services and information not classified as state secrets. Public bodies are required to conduct a risk assessment of a cloud service provider against their business requirements – similar to what any responsible private sector cloud customer would do.  

We believe the cloud bill will allow more capable public bodies to use cloud services across their activities. In order to support a broader adoption of public cloud across the public sector, our State ICT Centre (RIT) is developing a national public cloud strategy that will look at the full range of organizational, budgetary and talent measures needed to increase public cloud use, and we see RIT turning into a competence center to support public cloud use.

What are the challenges and opportunities Estonia is facing being the Digital Frontrunner and how can our technologies support Estonia to keep your frontrunner position? 

There are still several challenges how to increase the digitalization/digital maturity of SMEs in industry and increase their productivity through efficiency. Also how to transform data collected by different machines and software into commercial value and use this data to make better management decisons. It still needs constant awareness raising amoung decision makers, toolbox and goverment support to invest into digital technologies etc.  

Perhaps the biggest challenge is adoption and demand in the private sector.  

USA global companies

Estonia puts great effort into maintaining already good relations with various US/Global players in the digital field, such as Apple, AWS, MS, Google. They play an important role in executing our roadmaps for AI implementation, developing a national virtual assistant (Bürokratt) as well as in working on the cloud migration strategies. Furthermore as we are moving towards mobile voting in the next EU Parliament elections in 2024, it is vital that the ongoing cooperation maintains and even deepens.