On June 11, 2026, the Estonian Business and Innovation Agency (EIS) opened a public procurement worth up to €4.6 million over three years to build a unified digital self-service platform for entrepreneurs. According to ERR News, the environment will let businesspeople access all EIS services, submit applications, manage their data, track the status of proceedings, and receive recommendations tailored to their profile — in one place. The contract covers the full cycle, "from analysis and design to software development, integrations, testing, information security, documentation, and deployment."
It is easy to read this as a routine government IT tender. It is more interesting as a window into how a mature digital state grows — and into the kind of procurement discipline that pro-innovation policy should reward.
Buying the storefront, not rebuilding the warehouse
The key fact is what EIS is not doing. It is not building a new data-exchange backbone. Estonia already has one: X-Road (X-tee), the decentralized interoperability layer maintained by the Information System Authority (RIA). X-Road lets databases query one another over a secure, federated network rather than pooling citizen data in a central store. The numbers are substantial: per e-Estonia, X-Road carries roughly 2.2 billion transactions a year, links some 52,000 organisations as indirect users, underpins over 3,000 e-services, and saves an estimated 1,345 years of working time annually.
The EIS portal sits on top of that plumbing. What the agency is procuring is the storefront — the customer-facing service layer — while reusing the interoperability rails the state already owns. That separation matters. It is the difference between a tender that risks reinventing national infrastructure and one scoped to deliver a usable product. EIS communications manager Kasper Elissaar was careful to frame the headline figure as a ceiling, telling ERR the €4.6 million "reflects the maximum possible volume of orders, not a sum that will necessarily be spent," with the aim of "creating increasingly measurable economic value for the Estonian state."
Steelmanning the caution
The strongest case against this kind of project is real and worth stating plainly. Concentrating every interaction an entrepreneur has with the state into one portal, built by a single multi-year development partner, raises legitimate concerns: vendor lock-in, a widened security surface, and the risk that a glossy self-service skin masks unreformed processes underneath. A three-year framework with one supplier can ossify; cost ceilings have a way of becoming cost floors; and "personalized recommendations" built on aggregated business data invite scrutiny over how that profiling is governed. Skeptics who remember failed government IT mega-projects elsewhere are not being unreasonable.
Those risks deserve mitigation, not dismissal. But Estonia's architecture answers several of them by design.
Why the architecture blunts the risk
First, X-Road's federation avoids the central-honeypot problem. Data stays in its source registries and is fetched on demand under access controls and an audit log; the portal is a consumer of services, not a new master database. A breach of the storefront is not a breach of the nation's records.
Second, the core is open source and jointly governed. The X-Road software is developed by the Nordic Institute for Interoperability Solutions (NIIS), a joint body of Estonia and Finland. When NIIS procured X-Road core development in 2018 — a €2.5 million, three-year contract — its CEO stressed the work would "continue as open source." Open code and shared governance are the most durable insurance against lock-in at the layer that matters most.
Third, the once-only principle does the regulatory heavy lifting. Estonian law bars the state from asking a person for data it already holds, and the EU's Single Digital Gateway Regulation ((EU) 2018/1724) extends a comparable obligation across the bloc. That principle is what turns a portal from a glorified web form into genuine simplification: the entrepreneur supplies information once, and the service layer composes the rest from existing registries.
The proportionate lesson for other governments
The instinct in many capitals confronting digital-government ambitions is to legislate platforms into existence or to commission monolithic systems that try to own data, identity, and interface at once. Estonia's sequencing is the better template: build durable, open, federated interoperability as a public good first; codify data-minimisation and once-only obligations in statute; then buy modular, replaceable front-ends through competitive procurement scoped to deliver value, with spending ceilings rather than blank cheques.
That is proportionate regulation in practice — rules that constrain how the state handles citizen data, paired with market procurement for the software that sits on top. It keeps the public sector in control of the layer that confers sovereignty (interoperability and identity) while leaving the fast-moving, user-facing layer open to competition and iteration.
The EIS tender is modest in isolation. But as a test case for how Estonia extends its e-state, it models a discipline worth exporting: don't keep rebuilding the rails. Own them, govern them openly, and compete the storefronts. The €4.6 million question is whether the winning partner delivers a service entrepreneurs actually use — and on that, Estonia's track record, and its architecture, are reasons for optimism rather than alarm.