Every few years a European government rediscovers Estonia, holds it up as the future, and then quietly goes back to its paper forms. I understand the temptation in both directions. The headline is genuinely impressive. Since January 2025, effectively all of Estonia's public services are available online around the clock, with online divorce filing closing one of the last gaps. A country of roughly 1.3 million people files its taxes in minutes, signs legally binding documents on a phone, and votes online. The Estonian state estimates that digital signatures alone save around 2% of GDP a year, and that e-governance saves close to 1,400 years of working time annually. Those are Estonia's own figures, and worth treating as the optimistic end, but the direction is not in doubt.
So the question is not whether the model works. It plainly does. The question is what actually travels to a country ten or fifty times the size, and what does not.
The three things Estonia got right
First, it chose interoperability over one giant system. Estonia did not build a single all-seeing government database. It built X-Road, a secure data-exchange layer that lets hundreds of separate public and private registers talk to each other. Each agency keeps its own data, and the layer moves authorised requests between them. This is the part big countries keep getting wrong. They reach for one enormous system, spend a fortune, and watch it collapse under its own weight. You do not need to centralise everything. You need a common spine that connects what you already have.
Second, the once-only principle. In Estonia, by law, you give the state a piece of information once. After that, agencies ask each other for it rather than asking you again. This is the bit I would fight hardest for, because it is what turns digitisation into genuine relief rather than the same queue moved onto a screen. It is also a legal and cultural rule before it is a technical one.
Third, a single trusted digital identity. The mandatory ID card, now joined by its mobile versions, gives every resident one verified identity that unlocks every service and carries a signature with full legal weight. Without trusted identity, the rest falls over. Everything else is built on that foundation.
Why it pays off, and not only in money
The return compounds, and it runs wider than cost-cutting. There is the obvious efficiency, less administrative overhead, fewer queues, faster decisions. There is an economic dividend: the e-Residency programme, launched in December 2014, let Estonia export its own administrative system and pull in company formation from abroad. There is a transparency dividend that I think the cynics miss. Because every data request is logged and citizens can see who has looked at their records, the system can build trust rather than erode it, which is the opposite of the surveillance fear people reasonably bring to this. And there is resilience. Forced by the 2007 cyberattacks, Estonia built serious national cyber-defence capacity, NATO's cyber centre now sits in Tallinn, and pioneered data embassies that hold state data safely abroad. Going digital made it a target, then made it harder to knock over.
Where "just copy Estonia" falls apart
Here is the honest part, because I am suspicious of anyone who sells this without it. A single identity and a connected data layer concentrate risk. A 2017 cryptographic flaw forced Estonia to suspend and re-issue certificates on hundreds of thousands of ID cards, and a 2018 leak of schoolchildren's data dented public confidence. Build the spine, and you also build a higher-value target. Open it to the world and you import new problems too: the e-Residency scheme drew fair criticism for enabling shell-company and money-laundering abuse.
Then there is scale, which is the real barrier and the one boosters skate over. Estonia is small, administratively compact, and started almost from scratch in the 1990s with no legacy systems to dismantle. Germany, France, Italy and Spain carry decades of incompatible legacy IT, federal or regional fragmentation, procurement rules built for caution rather than speed, and far larger bureaucracies with people whose jobs depend on the old way. This is path dependence in textbook form: the cost of changing course rises with every year you do not.
Trust matters too. Estonians accept a single state identity and extensive data linkage. Germans, with their history, are far more cautious, and they are right to be. The once-only principle rests on a social contract you cannot simply legislate into existence overnight. And a fully online state will abandon the elderly, the poorly connected and the digitally unconfident unless analogue routes are kept open on purpose. That last point is not a footnote for me. A reform that quietly writes off the people least able to absorb it is not a reform I want my name near.
What this means for us now
The lesson, then, is not "become Estonia". It is copy the architecture, not the scale. The European Union has effectively conceded the point. Under the revised eIDAS2 regulation, in force since May 2024, every member state must offer its citizens a digital identity wallet by December 2026, with a target of 80% active adoption by 2030. That is Estonia's identity-and-once-only logic exported across a continent that distrusts central databases, which is why it leans on interoperable wallets rather than one shared register.
Three things will tell us whether this is real. Whether the December 2026 deadline holds or quietly slips, which measures the political will behind the press releases. Whether the larger states finally clear their legacy-IT and procurement bottlenecks, because that, not the technology, is the binding constraint. And whether public trust survives the first serious breach of a national wallet, since one bad incident in a big country could set the agenda back a decade.
For Malta, I would put it more bluntly. We are the size of country where this is supposed to be easy. Estonia did it with 1.3 million people and a standing start. We have the scale advantage they had, and fewer excuses. The transferable core is not exotic: a secure data-exchange layer, the once-only principle written into law, one trusted digital identity, and a deliberate plan for security, inclusion and the people who will never go online. The technology is the easy part. The will, the legal groundwork and the discipline to see it through are where it is won or lost. Efficiency in the public sector is not a technical detail. It is other people's money and other people's time, and squandering either is a breach of trust.
Sources: e-Estonia (X-Road; e-services and registries); PR Newswire, "Estonia Becomes a Fully Digital Nation", January 2025; Fintech Baltic, "Estonia Digitised 99% of Its Public Services"; NATO StratCom COE, "2007 Cyber Attacks on Estonia"; Utimaco, "eIDAS 2.0 and the EU Digital Identity Wallet". The 2% of GDP and 1,400 working-years figures are the Estonian state's own estimates.