X-ROAD

X-Road interoperability platform is a technology that provides all necessary components for the integration of government organizations using e-services. X-Road allows organizations to provide services to each other. Organizations can connect their information systems via X-Road core and exchange data via e-services.

X-Road has several key advantages:

• Robust and simple Service Oriented Architecture (SOA) for the development of e-services which allows reduced development costs and rapid time-to-market.

High scalability of e-services. Other public and private institutions can be added to the platform seamlessly using the same e-services development infrastructure.

High security and traceability based on highly tested and proven security architecture. Operational X-Road systems have survived several cyber-attacks in recent years without complications for their users or government organizations.

High availability without a single point of failure.

X-Road is a platform-independent data exchange layer enabling agencies, legal persons, and natural persons to search and exchange data from national databases over the internet. The X-Road infrastructure consists of software, hardware, and organizational procedures.

The technical solution of X-Road is based on the creation of unified service interfaces for different information systems. The existing information systems remain unchanged, they are only connected to X-Road by a special service interface. X-Road core provides all necessary security features, including user authentication and authorization, secure communication channels, traceability, and auditability.

X-Road also provides certain services directly to end-user via portals:

• Citizens can obtain and submit information within their limits of authority

• Civil servants can use all national databases in the decision-making process within their limits of authority

• Companies can use the information from national databases for carrying out business within their limits of authority.

All end-users must pass authentication and authorization. For authentication, existing PKI infrastructure and external authentication providers can be used. The authorization system guarantees that a citizen can never access the data of another citizen and a civil servant can never access data not related to his/her work tasks.

Watch a video by the Estonian Information System Authority: