As of 1 September 2017, members of the Estonian X-tee can exchange data with the members of the Finnish version of the X-tee. The data exchange layer set up in Finland is called Kansallinen palveluväylä and its centre is managed by the Finnish Population Register Centre (Väestörekisterikeskus, abbreviated as VRK, firstname.lastname@example.org).
Data exchange takes place in both directions – Estonian organisations can inquire data from Finland and vice versa. As the option of joining local versions of X-tee has been built into the technology, inquiries between countries take place identically to inquiries within a country. Palveluväylä members can be all organisations registered in Finland, regardless of the location of their information systems!
A prerequisite for cross-border data exchange is being a member of the Estonian X-tee!
Data can be exchanged with the Palveluväylä members regardless of the way of using X-tee.
The trust federation contract concluded between the Estonian and Finnish X-tee and its annexes:
can be found here!
The role of local X-tee centres in data exchange is the following:
- When all the necessary agreements have been concluded between cross-border data exchangers, the X-tee centres (RIA and Väestörekisterikeskus) will not interfere with the data exchange and a separate permission does not have to be asked from them. Legal details as well as correct data processing and storage is the liability of the data exchangers!
- In case of problems and questions, it is necessary to turn to the local X-tee centre where you will be directed to the partner centre, if necessary. Support services are provided and more information on cross-border data communication is given in Estonia by the Information System Authority (email@example.com). In case of discovering a security incident related to data communication, the X-tee member shall immediately notify the local centre! CERT contact: firstname.lastname@example.org.
- The federation between X-tee centres ensures that the cross-border data exchange does not reduce the confidentiality, integrity, or quality of the data in any other way.
- The Finnish and Estonian centres ensure the identity and authenticity of their members. The Finnish centre ensures that the information of their members in Palveluväylä is in accordance with the state registers.
When exchanging data with a Palveluväylä member, it is necessary to keep in mind the following:
- A contract has to be concluded between the data service provider and the user. The contract is concluded in the jurisdiction of the service provider.
- Before the X-tee member opens data services to a Palveluväylä member, they must make sure that the integrity and availability of the shared data will be continued to be ensured at the required level also in the future. This also includes a possible permission or the lack of permission to share data to third persons. VRK does not have information regarding the specific role of the Palveluväylä members in exchanging data and with whom the members share data! It is advisable to specify all circumstances in the contract between the provider and the user.
- Before a Palveluväylä member opens their data services to an Estonian party, they too are obliged to make sure that the integrity, availability, and other privacy requirements of the shared data are ensured. A Palveluväylä member may set additional requirements for using their data services. In case of requirements related to information security, the Palveluväylä members are guided by the VAHTI instructions regarding the security of information systems (referred to in Annex 1 to the UF contract). It is advisable to specify all circumstances in the contract between the provider and the user.
- Legislation may provide special requirements on exporting specific data from the country. In such a case, the data exchangers must take into account the Estonian and Finnish legislation. A list of important Finnish and Estonian legislative acts has been provided in Annex 2 to the UF contract.
- Evaluating the integrity of messages received from a Palveluväylä member must be based on the validity period of the OSCP enacted in the Palveluväylä environment (provided in Annex 3 to the UF).
Most important differences between the Estonian and Finnish X-tee ecosystems have been provided in the following table.
All information systems and data services of members must be described in the X-tee Self-Service portal
There is no central member auditing before and after becoming a member. It is presumed that the members follow the membership contract and legislation.
All content of messages is digitally stamped. This enables to verify the integrity of the data included in the message at all times.
By default, only the header of the message has a digital stamp. In such a case, the integrity of the data included in the message cannot be verified. Should they wish to do so, the Finnish members can switch on complete digital stamping.
X-tee members cannot keep their security server outside of the borders of the Republic of Estonia. This is possible only in exceptional cases, provided that RIA has granted permission.
Members can keep their information systems outside of the borders of the Republic of Finland.
Palveluväylä does not provide technical assistance to its members. VRK does not provide MISP for Palveluväylä members. Implementing a data service requires integrating its information system.
X-tee test environment includes all members and data services.
All members have joined the Palveluväylä test environment, but the availability of all data services in the test environment is not required.
Differences in the functioning of technical components have been provided in Annex 3 to the UF contract. Precise information on the Palveluväylä data services has been provided in the API catalogue (Liityntäkatalogi http://api.suomi.fi).