I-voting: 20 years of progress

Last year’s Estonian election for the European Parliament went smoothly. The voting process, including internet voting and vote verification, functioned as expected, without any disruptions.

Cyber activity during the election week was relatively quiet – no attacks were detected against election systems. Although some web browsers initially flagged the voter application’s executable file as malware at the start of election week, this issue was quickly resolved thanks to effective collaboration with Google.

The i-voting platform’s reliability was further confirmed by record voter engagement with the verification app: nearly 10% of i-voters checked that their vote had reached RIA’s collection server, which is the highest rate to date.

The more voters verify their votes, the more certainty election organisers have that the system and voters’ devices are uncompromised.

Illustratsioon: mobiiltelefonis on lahti KOV valimiste hääletussedel ning ülikonnas käsi hoiab kinni ID-kaardi lugeris olevast ID-kaardist.

Six medium-level risks

Technological advancements have raised new questions about the security of Estonia’s e-services. To address these concerns, the Standing Committee on Cybersecurity at the Estonian Academy of Sciences analysed how best to ensure the security of Estonia’s e-services, publishing its findings in October.

No high or critical risks were identified in the i-voting system. However, six potential medium-level risks were found, which require ongoing mitigation efforts. These efforts should focus on:

balancing campaigns that seek to undermine trust in democratic elections,
continuously safeguarding the security and reliability of existing voting methods,
developing a method to verify the authenticity and integrity of the mobile voter application,

improving the i-voting protocol to enhance auditability and transparency,
further refining election auditing and observation processes, and
strengthening the reliability of election information systems.

The remaining 25 risks were classified as low, including concerns widely debated in the public sphere, such as the possibility of votes being deleted or altered in the e-ballot box. These scenarios are prevented by built-in system controls that make such tampering impossible.

I-voting on mobile devices

Estonia’s e-services prioritise user-friendliness and innovation, and i-voting is evolving along the same path as it expands to meet users where they are – on their mobile devices.

The prototype of a mobile voting application represents a significant step forward, making i-voting more accessible and convenient.

The technical prototype of the mobile voting application is now complete, having been tested for vote submission, transmission and reception. Ongoing collaboration with technology companies and election organisers aims to mitigate potential risks. Unlike software distribution on computer operating systems, mobile applications are distributed through app stores.

Transparency and auditability are crucial concerns, requiring close cooperation with app store providers such as Google and Apple to ensure the integrity of the application.

Ultimately, the decision on whether risks have been sufficiently mitigated or deemed acceptable rests with Estonia’s National Electoral Committee.

I-voting marks its 20th anniversary

The Estonian local government elections will take place from 13 to 19 October 2025. Preparations are in full swing to ensure a smooth and secure electoral process.

This election will be a major milestone in the history of Estonia’s i-voting system, marking two decades since its first implementation. Over this time, Estonia’s i-voting solution has become a model for the world and has shown that technology can enhance electoral processes by increasing both trust and security.

To further strengthen the security of i-voting, several technological upgrades will be introduced in the upcoming elections, such as Smart-ID for voter authentication and the implementation of elliptic-curve cryptography.

Roles in election administration

State Electoral Office – Responsible for organising elections, both at polling stations and electronically.

National Electoral Committee – Oversees elections, registers candidates, certifies final voting and election results, handles election-related complaints and violations, and ensures election integrity.

Information System Authority – Acts as a technology and innovation partner for election organisers, which includes managing election-related information systems and maintaining cybersecurity.

The other articles of "Cyber security in Estonia 2025"

Yearbook Elections

Last updated: 17.02.2025

Data exchange platforms

People-centred data exchange

Data-based governance and reuse of data

Reusing the components of the digital state

Electronic identity (eID) and trust services

State network services

Development of election information systems

Personal services

Raising public awareness about the information society

Studies and analyses

Instructions

National Cyber Security Centre NCSC-EE

Handling cyber incidents CERT-EE

Administrative and national supervision

Cyber defence of critical infrastructure

Management of the state information security measures

National Coordination Centre (NCC-EE)

International projects

Cyberspace analysis and prevention