The critical services addressed in the audit – rapid assistance to people who need help, emergency public warning, interbank payments and the coverage of expenses financed from the State Treasury – are generally accessible also in the event of a data outage, but the services would be seriously impaired. When using alternative solutions designed to operate independently of data communications, additional time consumption and inconvenience must be taken into account.

It is possible to arrange for ambulance, police and rescue services to reach the person in need of help even when the emergency number 112 is not working, but this is much more inconvenient for the person and is likely to increase the time it takes for help to arrive.

People can be informed about threats independently of the data transmission service only by public radio. The responsible authorities are working on improving the continuity of other channels (e.g. sirens or public TV).

Interbank payments and payments through the State Treasury can be made without the data transmission service, but the speed of payments would be significantly reduced in the event of a data outage.

Main observations of the National Audit Office

The Ministry of Justice and Digital Affairs has proceeded from the requirements of the Emergency Act in the organisation of the continuity of the vital data transmission service, but there are some serious shortcomings.

• The Ministry has considered blackouts as the scenario with the greatest impact on data transmission services when preparing the emergency response plan and coordinating risk analyses and business continuity plans for telecommunications companies. However, the Ministry and the telecommunications companies do not address the dependence of the data transmission service on other relevant vital services, such as the supply of fuel to telecommunications companies, in their plans. The plans do not outline the risks that such dependence poses to continuity and how these risks can be mitigated.
• The crisis plans of the Ministry and the telecommunications companies provide guidance on how to act should problems with international data connections arise. However, the plans do not describe how the continuity of cable-based data transmission inside the country will be ensured, i.e. the extent to which telecommunications companies need to be prepared to deal with breakdowns and how they plan to do this.
• The Ministry has carried out exercises on the continuity of data transmission services. However, actions to remedy the shortcomings highlighted by the exercises have not always been implemented. As the Ministry has not always documented its analyses of the results of the exercises, it is not possible to see the basis on which the implemented corrective actions were selected.

The Ministry of Justice and Digital Affairs has formulated the key principles of data transmission continuity in its emergency response plan but does not explain how telecommunications companies should implement them.

• For example, the Ministry considers it important to restore communication services (including data transmission) first of all in the regional centres of the Emergency Response Centre, which is responsible for receiving and processing emergency calls. Restoring data transmission at sites that ensure the continuity of other vital services, comprehensive national defence and internal security should also be a priority. However, neither the emergency response plan nor the risk assessments and business continuity plans of the telecommunications companies explain how communication services in the regional centres of the Emergency Response Centre will be restored and what resources are needed for this.
• As a matter of policy, the Ministry has stated that the data transmission service should be restricted, if necessary, to ensure that at least making calls and sending messages remains possible. However, neither the Ministry nor the telecommunications companies explain in their plans how the data transmission service will be restricted.

If the data transmission service is down as a result of an incident, this affects the functioning of essential services for the state and its residents. This is why, in the opinion of the National Audit Office, the ministries and agencies responsible for the services must ensure that essential services are always available.

The audit indicated that in the event of a data outage, rescuers, ambulances and the police may reach the people who need help later than usual, as reaching the Emergency Response Centre in the event of a data outage is more difficult, as it may also experience delays in processing emergency calls, assigning assistance and communicating with the responding units.

• People may not be able to reach the Emergency Response Centre directly in the event of a data outage, as it will also lead to an outage in phone services. In this case, people should contact a police station, a rescue unit or an ambulance service provider.
• In the event of a data outage, the Emergency Response Centre will not be able to use the information systems that normally speed up the processing of emergency calls. Events have to be recorded on paper, and the procedural steps that are otherwise automated by the information system have to be done differently. However, this means that it takes longer than usual for the Emergency Response Centre to process each emergency call.
• In the event of a data outage, communication with the responding units driving to the scene will also be disrupted, as data-dependent means of communication are ordinarily used to keep in contact.
• Although the Emergency Response Centre has practised handling emergency calls in the event of breakdowns in information systems, the Emergency Response Centre has not practised the situation resulting from a data outage during exercises.

Data outages also have a significant impact on the use of the channels planned for emergency warnings. The audit indicated that, in the event of a data outage, public radio is the only national emergency warning channel that works without delays and problems. Other channels function with restrictions.

• Transmitting emergency warnings by public radio, i.e. through the Vikerraadio channel of Estonian Public Broadcasting, is possible also when data transmission is down.
• It is not possible to send emergency warning messages (location-based SMS) to mobile phones in the event of a complete data outage, as sending messages requires data transmission. If the data outage only affects one part of the messaging chain, for example the Emergency Response Centre, there are alternative ways to initiate messaging.
• The crisis hotline (KRIT 1247) only works as a crisis information channel if the errors in the data transmission service have not caused an outage in the mobile phone service. The Emergency Response Centre has reduced the service’s dependence on a single telecommunications company, i.e. duplicated the data connections.
• Since 2025, the Government Office can manage the national crisis information website kriis.ee through a cloud both in Estonia and abroad. This has improved the continuity of the website, but users still need the data transmission service to access the website and get information.
• On television, i.e. via the ETV and ETV+ channels of Estonian Public Broadcasting, it is only possible to broadcast emergency warning messages on screen if data transmission is available. Estonian Public Broadcasting has not yet finished the solution which will make it possible to broadcast warning messages via free-to-air television in the event of a data outage.
• Siren devices cannot be centrally activated in the event of a date outage. This imposes significant limitations on informing people in public spaces of an imminent threat. There is an alternative way of triggering the sirens, but the Rescue Board has not tested it in practice.

In order to ensure that the payment service functions even in the event of a data outage, Eesti Pank has developed and agreed with the commercial banks on a method of transmitting payment information and making payments that can be used in the event of a data outage. Developments that ensure the functioning of card payments are ongoing.

• Each commercial bank itself is responsible for intrabank payments. Eesti Pank, as the institution that organises the payment service, is ready to provide the information necessary for making interbank payments even in the event of a data outage. This has also been tested in exercises, but only partially. Making payments will become considerably slower when the solution is used.
• Card payments are not guaranteed in the event of a complete data outage. However, commercial banks and their partners are working on developments that will help to solve the problem. Card payments can only be made to a certain limited extent if the data outage affects only a part of the card payment chain. Whilst the developments that ensure the functioning of card payments are underway, the alternative in the case of a data outage is to use cash. The National Audit Office did not assess its accessibility.

A data outage would seriously disrupt making payments through the State Treasury. The Ministry of Finance has thought of alternatives, but they mean that making payments would take more time.

• Usually, the e-State Treasury application is used to obtain payment information from public authorities and to transmit it to commercial banks. When e-State Treasury works (i.e. can be connected to), the Ministry of Finance can use satellite data to ensure that its users have access to it even in the event of a data outage.
• If the e-State Treasury is not working, the Ministry of Finance will have to transmit payment information outside the e-State Treasury to organise the payments received and made by the state. For example, the Ministry of Finance has considered using email or paper. However, this requires state agencies to provide correct and verified information on the payee and the amounts. Sending payment information like this means that making payments takes more time.
• The Ministry of Finance, in cooperation with Eesti Pank, has also practised issuing cash to state agencies. This will allow the agencies to perform their obligations even in the event of a complete data outage. The accessibility of cash was not assessed in this audit.

Main recommendations of the National Audit Office and responses of the auditees

The National Audit Office recommended that the Minister of Justice and Digital Affairs specify in the emergency response plan how to ensure the continuity of the cable-based transmission service, the implementation of strategic principles and manage the risks arising from the interdependence of vital services. The National Audit Office also recommended establishing a work process to further address the observations and results of the exercises (e.g. what should be changed as a priority).