A conversation with Petteri Kivimäki on X-Road®

17 August 2021

Author: Giulia Guadagnoli

This story was originally published in the article for the Open Source Observatory (OSOR), a European Commission’s project aiming at providing trustworthy FOSS expertise and information. OFE is a regular contributor to the Observatory.

Petteri Kivimäki, CTO at the Nordic Institute for Interoperability Solutions (NIIS), agreed to be interviewed on the history and the impact of X-Road®, the open source data exchange layer solution.

Could you give us an overview of X-Road, in your own words?

X-Road is a decentralised data-exchange layer that provides a secure and unified way to exchange data between organisations. X-Road is published as open source under the MIT licence, so it is free for any individual or organisation. Originally, X-Road was developed in Estonia twenty years ago, in December this year it will be its 20th birthday. Since then, X-Road has spread all over the world. In Europe, Estonia, Finland and Iceland are using X-Road, whereas outside of Europe we have 20 additional countries using it. Currently, X-Road has been deployed in South America (e.g. Brazil, Mexico, Argentina) as well as in Asia (e.g. Vietnam, Japan, Cambodia). During the last 20 years X-Road has really grown from an Estonian solution to a truly international open source solution and open source community. 

And what is the connection between the Nordic Institute for Interoperability Solutions (NIIS) and X-Road?

When NIIS was established in 2017, taking over the development and management of X-Road was its first responsibility. But the scope of NIIS goes beyond X-Road. Our mission is to develop digital government solutions to our members, that are currently Estonia, Finland and Iceland. X-Road is our first product, and we are in charge of its maintenance and development, but in the future there will probably be other solutions as well. When it comes to X-Road, you can consider NIIS as the software vendor of X-Road. Even though we are not selling it, since X-Road is open source and free of charge, this solution still requires an organisation to be responsible for coordinating the developments, the activities and the main needs of the source code – as it usually happens with open source projects. NIIS is therefore responsible for all the aspects of X-Road software: the development, the documentation as well as the facilitation of the collaboration between our members and the worldwide X-Road community.

Speaking of the community, have you noticed a large participation from the global open source community in X-Road?

At the moment, we have received some contributions from the global community. However, most of the development is currently carried out by our own developers, but we are looking for ways on how we could activate the global community. We are definitely open for contributions, but I think that one of the challenges is that its security related features together with the distributed architecture make X-Road very complex. It takes time for new developers to onboard and learn the system. This is why it is not so easy to get new developers on board and to contribute. Additionally, X-Road exists for a long time, so the source code has been written many times over the years, and the current version, which was released in 2015, is quite mature. This means that there are not many big bugs there. What is left to develop and improve tends to be pretty complex and the developers who want to contribute need to have a deep knowledge of the solution. Overall, the contributions from the global community are still low. We hope to change that in the future and to receive more contributions from the community.

Going back to the Nordic Institute for Interoperability Solutions, is it considered a public organisation? What is the state? Where does the funding come from?

Officially we are a non-profit association with three members: Estonia, Finland and Iceland. Therefore, when it comes to our operations, we are not a governmental agency. However, all our funding is public. It comes directly from the Ministries of our different member countries. Namely, from the Finnish Ministry of Finance, the Estonian Ministry of Economic Affairs and Communications and the Icelandic Ministry of Finance and Economic Affairs. 

Could you tell us the story behind X-Road? What was the need that these countries tried to fulfil?

In the very beginning, when Estonia started to develop X-Road (back in 2000), they were looking for a secure solution to connect different government information systems and databases. There were several commercial solutions available, but the licences were very expensive and most of the solutions were based on a centralised architecture. Instead, Estonia was looking for a decentralised solution whose implementation was feasible with more limited resources. This is how they ended up developing their own solution, releasing the first version of X-Road in 2001. Over ten years later, in 2013, the Prime Ministers of Estonia and Finland, signed the Memorandum of Understanding initiating formal cooperation between the two states in respect of “developing and maintaining a software environment enabling secure connectivity, searches and data transfers between various governmental and private databases” – X-Road. Finland started their own implementation project in 2014 and the Finnish X-Road environment, Data Exchange Layer, was launched in November 2015. Now, it is important to understand that even though both Finland and Estonia use X-Road (the same version of the software), their implementations are a little bit different. On the one hand, Estonia has built their digital infrastructure on top of X-Road. In 2001 they started from scratch since they did not have a large legacy in place. This is why nowadays most of the information systems in Estonia – especially in the public sector – are connected to X-Road and they communicate using X-Road. On the other hand, when the implementation project was starting in Finland in 2014, there were already a lot of legacy systems as well as connections between the systems. However, what was missing was a unified way between different governmental organisations and administrative sectors to communicate and exchange information, and X-Road was a very good fit for that. Therefore, Finland did not have the chance to start building its own national data exchange infrastructure on top of X-Road only, but they made X-Road roll in the existing infrastructure. They selected the most relevant public-sector information systems and registers and connected them to X-Road first, and step-by-step they have been increasing the number of systems that are connected to X-Road. Nonetheless, other ways of integration and connections still exist and will exist in the future as well. So this is the story.

So the X-Road version used in Finland is not a fork? They use the same X-Road software as the Estionans?

When the Estionans handed over the source code to the Finnish, it was decided from the very beginning that Finland did not want to do a fork of X-Road. It was stated that the two countries were going to develop the source code together, so that both countries use the same source code, the same binaries, instead of forking or customising based on different kinds of needs. The way X-Road is used is slightly different, but instead of implementing the dissimilarities by forking the software, it was determined that the differences will be implemented over configurations. That is why X-Road is extremely configurable. You can implement it in different kinds of environments, using it differently, while keeping the same source code and binaries. The difference is in the configuration that the organisation responsible for operating the X-Road environment, the X-Road operator, is free to modify. Nowadays, the Nordic Institute for Interoperability Solutions is developing the software and publishing releases for all our members, and all our members use exactly the same version of the software. They do not have any customisation. All the differences are done over configuration.

And before handing over to Finland, did Estonia start the project as open source?

No, it was actually not open source initially. The source code was published after it was handed over to Finland, in two different parts over the years 2015 and 2016. Since 2016 all the source code is open.

So we can say that Estonia realised the benefits of open source. And why Finland, amongst all the other governments?

Estonia and Finland have a special relation. We are two small countries close to each other. We have always had a close relation. For instance, there are a lot of people travelling back and forth between Estonia and Finland. Consequently, it was kind of natural for Estonia to see a partner in Finland. One of the X-Road features is federation, which means joining together two X-Road ecosystems. Members of the federated ecosystems can publish and consume services with each other as if they were members of the same ecosystem. The idea was that when both countries use X-Road, their ecosystems can be connected and the countries can do cross-border data exchange through the solution. That was one of the crucial factors that led to this decision.

We can say that X-Road is one of the biggest and most successful open source projects in the world that originated in the public sector. What made it so successful?

I think that over the years Estonia has done an excellent job in marketing and promoting their digital services, and since X-Road is one of the core components in the Estonian e-Government process, it has given it a lot of good publicity. Considering that many countries are looking up to Estonia when talking about digital services and how they are implemented as well as what kind of components they have, then it is X-Road that always pops up from there. In addition, another essential element is that it is open source. The valuable background work from Estonia as well as the fact that it is available free of charge for everyone largely contributed to its final success. Finally, I believe that the NIIS development model is also one of the positive factors that have been enhancing the credibility of X-Road and make it more attractive to different countries, when they consider their e-Government infrastructure components.

What do you think is the final impact of X-Road on the public sector and, broadly speaking, on the citizens?

X-Road is an enabler. If you think about its role, it is invisible. It is there, in the background. The end users, the citizens, those who use public services, they do not see X-Road, they probably know nothing about it. That is the way how it should be. So it is an enabler for implementing different kinds of public services that make citizens’ lives easier. In the future, the goal is to go towards more automated and proactive public services. Right now, in case a citizen needs a service from the government, they have to contact the government and initiate the service process. But considering all the data that public organisations have on the population, in many cases they already know before the citizen that the citizen will need some public service. For example, when a new child is born in Finland the parents are entitled to receive a child allowance. At the moment, they have to apply, but since the government has all the required data in their registries, they could start paying it automatically based on the information. This is something that X-Road does not provide out-of-the-box, but it is still one of the key enablers there. In fact, to be able to implement something like this, many different information systems must be able to communicate and to exchange data in a secure way without storing it anywhere centrally. As a result, X-Road is definitely one of the key elements leading towards the direction where we see the public services going in the near future. 

And do you think that international cooperation between all these countries, in the case of X-Road, will help take back digital sovereignty? Do you believe that open source could be a way?

Yes, absolutely. When you use commercial solutions, you do not have access to the source code, you will get the software from the software vendor. You can certainly request changes, but, based on my previous experience, if you are working with big global software vendors and you come from a small country like Finland with its own country-specific issues (e.g. the Finnish language has some sounds and characters that do not exist in English), these vendors might not be interested in fixing them. When you have a commercial solution, there is nothing you can do about it. But with open source, you are able to make the changes by yourself and you are not locked-in to one single vendor, since the source code is open. Anyone can have access to it and can do the development for you. With open source, there is no dependency on one single vendor, and you are free to do what you want with the code. This is definitely a big plus, but at the same time it also requires know-how and resources. Taking this into account, I think it is understandable that small organisations with very limited resources might pick commercial ‘out of the box’ solutions. Nevertheless, nowadays there are enough open source solutions which provide the users with remarkable services, and that is the case with X-Road as well. There are many companies from different countries, not only from Estonia and Finland, that offer X-Road-related services. Because of that, X-Road’s users are not dependent on one company only.