Text size:

Security Authorities Act

Back to wordings

Legend:
RedRemoved
GreenAdded

Issuer:Riigikogu
Type:act
In force from:15.03.2023
In force until: In force
Translation published:24.03.2023

Chapter 1 GENERAL PROVISIONS  

§ 1.  Scope of regulation

 (1) This Act provides for the functions and competence of security authorities in ensuring national security and constitutional order, and the procedure for the exercise of supervision over the activities of security authorities.

 (11) This Act provides for the bases for the processing of personal data, including special categories of personal data, and the restriction of the scope of the rights of data subjects by security authorities and the procedure for the exercise of supervision over compliance with the requirements for personal data processing.
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]

 (2) The provisions of the Administrative Procedure Act apply to administrative proceedings prescribed in this Act, taking into account the specifications provided in this Act.
[RT I 2002, 61, 375 – entry into force 01.08.2002]

§ 2.  Objective of activity of security authorities

 (1) The objective of the activity of security authorities is to ensure national security by the continuance of constitutional order through the application of non-military means of prevention, and to collect and process information necessary for formulating the security policy and for national defence.

 (2) Achievement of the objectives specified in subsection 1 of this section takes place in the Defence Forces according to the rules provided in this Act unless otherwise provided by the Estonian Defence Forces Organisation Act.
[RT I 2008, 35, 213 – entry into force 01.01.2009]

§ 3.  Principles of activity of security authority

 (1) A security authority collects and processes information, including personal data, insofar as this is necessary for performing its functions, considering the following principles:
 1) the manner and scope of collection and processing of information and the organisational and technical safeguards applied may not excessively adversely affect the fundamental rights of a person compared to the objective pursued by the security authority;
 2) the collection and processing of information may not endanger the life or health of a person, unnecessarily endanger property or the environment or unnecessarily infringe other personal rights;
 3) information is processed and retained for as long as necessary for the performance of the security authority’s function and in accordance with the objective of the activity of the security authority;
 4) information is collected and processed in a manner which ensures its security, including protects against unauthorised or unlawful processing and accidental loss or destruction thereof or damage thereto by applying appropriate technical or organisational measures.
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]

 (2) A security authority is to only use measures necessary for performing its functions. In the case there are several possible measures, the security authority is to use the measure which restricts the fundamental rights of persons as little as possible in connection with the performance of a function of the security authority. A measure which does not restrict the fundamental rights of an individual excessively compared to the objective pursued by the security authority may be used.

§ 4.  Combating criminal offence

  For the purposes of this Act, combating a criminal offence means prevention of a criminal offence in any lawful manner before the offence is committed.

Chapter 2 ORGANISATION AND FUNCTIONS OF SECURITY AUTHORITIES  

§ 5.  Security authorities

  The security authorities are the Estonian Internal Security Service and the Estonian Foreign Intelligence Service.
[RT I, 05.05.2017, 1 – entry into force 01.07.2017]

§ 6.  Functions of Estonian Internal Security Service

  The functions of the Estonian Internal Security Service are:
 1) prevention and combating of changing the constitutional order or territorial integrity of the state by force, and collection and processing of information necessary for such purpose;
[RT I, 29.06.2012, 2 – entry into force 01.01.2013]
 2) prevention and combating of intelligence activities directed against the state, including protection of state secrets and classified information of foreign states in the cases and according to the rules prescribed in the State Secrets and Classified Information of Foreign States Act (counter-intelligence), except in the cases specified in clauses 2 and 3 of subsection 1 of § 7 of this Act;
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]
 21) prevention and combating of terrorism and terrorist financing and support, and collection and processing of information necessary for such purpose;
[RT I 2008, 3, 21 – entry into force 28.01.2008]
 22) prevention and combating of corruption endangering national security, and collection and processing of information necessary for such purpose;
[RT I, 29.06.2012, 2 – entry into force 01.01.2013]
 3) combating of those criminal offences the pre-trial investigation of which is within the competence of the Estonian Internal Security Service, except in the cases specified in clauses 2 and 3 of subsection 1 of § 7 of this Act;
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]
 4) pre-trial investigation of criminal offences in the cases prescribed by law.

§ 7.  Functions of Estonian Foreign Intelligence Service

  [RT I, 05.05.2017, 1 – entry into force 01.07.2017]

 (1) The functions of the Estonian Foreign Intelligence Service are:
[RT I, 05.05.2017, 1 – entry into force 01.07.2017]
 1) collection and processing of information concerning foreign states, or foreign factors or activities, which is necessary for the state in formulating the foreign, economic and national defence policy and for national defence;
 2) conduct of counter-intelligence for the protection of the foreign missions of the state and such structural units or staff of the Defence Forces which are outside the territory of the state;
[RT I 2008, 35, 213 – entry into force 01.01.2009]
 3) conduct of counter-intelligence for the protection of the staff of the Estonian Foreign Intelligence Service, persons recruited for co-operation, and property in the possession of the Estonian Foreign Intelligence Service;
 4) organisation and verification of INFOSEC.
[RT I, 31.12.2022, 2 – entry into force 10.01.2023]
 5) [repealed – RT I 2003, 23, 147 – entry into force 01.04.2003]

 (2) In the collection of information by electronic means, the Estonian Foreign Intelligence Service provides professional assistance to the Estonian Internal Security Service.
[RT I, 05.05.2017, 1 – entry into force 01.07.2017]

 (21) Upon conduct of military intelligence, the Estonian Foreign Intelligence Service provides professional assistance to the Defence Forces.
[RT I, 05.05.2017, 1 – entry into force 01.07.2017]

 (3) [Repealed – RT I, 31.12.2022, 2 – entry into force 10.01.2023]

§ 71.  Special communications services

  [Repealed – RT I, 31.12.2022, 2 – entry into force 10.01.2023]

§ 8.  Number and composition of posts in security authority

 (1) The limit on posts in a security authority is established by the minister in charge of the policy sector.

 (2) Considering the limit established on the basis of subsection 1 of this section, the minister in charge of the policy sector or the head of a security authority authorised thereby establishes the composition of posts in a security authority.
[RT I, 27.05.2022, 2 – entry into force 01.07.2022]

§ 9.  Organisation and harmonisation of work of security authorities

 (1) The Prime Minister and the ministers who head the ministries in whose area of government the security authorities are must constantly co-operate with each other to organise and harmonise the work of the security authorities.

 (2) The Government of the Republic establish, by an order, for each year a plan regarding the obtaining and analysis of state security information. The plan regarding the obtaining and analysis of state security information must provide for the functions set for the security authorities and the Defence Forces upon conduct of military intelligence and a list of information to be collected, in the order of relevance.
[RT I 2008, 35, 213 – entry into force 01.01.2009]

§ 10.  Security Committee of Government of Republic

 (1) The Security Committee of the Government of the Republic (hereinafter Security Committee) must:
 1) co-ordinate the activities of the security authorities;
 2) analyse and assess the security situation in the state;
 3) determine the state’s need for security-related information;
 4) perform the functions imposed on the Security Committee by the National Defence Act and other Acts and the Government of the Republic.

 (2) The government authorities are required to give assessments of threat and other information related to the security of the state and national defence to the Security Committee, the Government of the Republic, relevant government authorities, the President of the Republic, the President of the Riigikogu and relevant committees of the Riigikogu. Where necessary, the Security Committee organises the communication of information related to national defence to the persons and authorities specified in this subsection.

 (3) The composition of the Security Committee is determined and the statutes thereof are established on the basis of the National Defence Act.
[RT I, 12.03.2015, 1 − entry into force 01.01.2016]

§ 11.  Co-operation between security authorities

 (1) The security authorities co-operate with each other through mutual assistance and exchange of information.

 (2) Exchange of information between the security authorities takes place on the basis of the plan regarding the obtaining and analysis of state security information.
[RT I 2008, 35, 213 – entry into force 01.01.2009]

§ 111.  Possession of state assets

 (1) In the state immovable property register specified in subsection 1 of § 95 of the State Assets Act may not be entered information specified in subsection 2 of the same section concerning immovable property in the possession of the security authorities, or it must be entered using shadow information.
[RT I 2009, 57, 381 – entry into force 01.01.2010]

 (2) A separate register which has been established by and the statutes on the maintenance of which aree established by the Government of the Republic is maintained concerning state assets in the possession of the security authorities.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

Chapter 3 SERVICE IN SECURITY AUTHORITY  

§ 12.  Specifications concerning service in security authority

 (1) The Civil Service Act applies to an official of a security authority with the specifications arising from this Act. The Employment Contracts Act applies to an employee of a security authority with the specifications arising from this Act.

 (11) The provisions of § 41 of the Civil Service Act governing rest time do not apply to an official of a security authority where such a specification is included in the official’s job description and working does not harm the health or safety of the official.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (2) The Police and Border Guard Act applies to a police officer of the Estonian Internal Security Service with the specifications arising from this Act.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (21) When an active serviceman is referred to a security authority, the term provided in subsection 21 of § 119 of the Military Service Act is applied.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (3) A probationary period of up to one year is applied to an official of a security authority.
[RT I, 27.05.2022, 2 – entry into force 01.07.2022]

 (4) Sections 17–19 of this Act do not apply to a police officer of the Estonian Internal Security Service.
[RT I, 26.03.2013, 2 – entry into force 01.04.2013]

§ 13.  Specifications concerning service in Government Office

  Specifications provided for an official of a security authority apply to an official of the Government Office whose function is to co-ordinate the work of the security authorities.
[RT I, 06.07.2012, 1 – entry into force 01.04.2013]

§ 14.  Employment in service

 (1) A citizen of the Republic of Estonia who has at least secondary education and full active legal capacity, and who is proficient in Estonian to the extent provided by law or on the basis of law may be employed in service or employed as an official and an employee of a security authority.
[RT I, 06.07.2012, 1 – entry into force 01.04.2013]

 (2) It is prohibited to employ in service and employ in a security authority a person:
 1) who receives a pension, remuneration or other regular compensation from a state which is not a state within the European Economic Area or Switzerland or which does not belong to the North Atlantic Treaty Organisation;
 2) who lacks a Personnel Security Clearance for access to a state secret of a required level or a Personnel Security Clearance Certificate for access to classified information of a foreign state of a required level if this is a prerequisite for working in a position of an official or of an employee.
[RT I, 06.07.2012, 1 – entry into force 01.04.2013]

 (3) An official of a security authority may be appointed to a position without competition.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

§ 15.  Appointment of head of security authority to position

  [RT I, 19.03.2015, 2 – entry into force 29.03.2015]
The Government of the Republic appoints a head of a security authority to office for a period of five years at the proposal of the relevant minister, after having heard the opinion of the Security Authorities Surveillance Committee of the Riigikogu. The head of a security authority is not appointed to office for more than two consecutive terms.

§ 151.  Release of official of security authority from service when official is appointed to position in or employed by another authority or organisation

  [RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (1) An official of a security authority, except for an active serviceman referred to a security authority, may, with their consent, be released and appointed to a position in or employed by another authority, authority governed by a government authority, legal person governed by public law, international organisation, or a position or employment established in the framework of international co-operation. The term of service or employment of an official of a security authority in another authority, authority governed by a government authority, legal person governed by public law, international organisation, or a position or employment established in the framework of international co-operation is subject to the provisions of subsection 4 of § 33 of the Civil Service Act.
[RT I, 27.05.2022, 2 – entry into force 01.07.2022]

 (2) Upon the expiry of the term provided in subsection 1 of this section, the official of the security authority is appointed back to the same position or another position of the same official rank. If no such positions are vacant, the official of the security authority may, with their consent, be appointed to another position or an employment contract may be concluded with them.

 (3) An official of a security authority appointed to a position or employed as an employee by another authority, authority governed by a government authority, legal person governed by public law, international organisation or a position established in the framework of international co-operation on the basis and for the period of time provided in subsection 1 of this section is paid wages or remuneration which must not be less than their wages as an official of the security authority.

 (31) Where an official of a security authority is released from a position specified in subsection 1 of this section upon the expiry of the term provided in subsection 1, their annual holiday that has not been used or expired may be compensated in money.
[RT I, 27.05.2022, 2 – entry into force 01.07.2022]

 (4) The period of service in another authority, authority governed by a government authority, legal person governed by public law, international organisation or a position or employment established in the framework of international co-operation is included in the period of service in the position which the official had before appointment to or employment by another authority or organisation, provided the official of a security authority continues service in the security authority upon the expiry of the term provided in subsection 1 of this section.
[RT I, 27.05.2022, 2 – entry into force 01.07.2022]

§ 152.  Identifications of officials of security authorities and badges of office of police officers

 (1) The description and the format of the identifications of officials of security authorities and the badges of office of police officers are established by a regulation of the minister in charge of the policy sector governed by the Ministry of the Interior or the Ministry of Defence.

 (2) A list of positions in which police officers are issued with a badge of office is established by a directive of the head of the relevant security authority.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

§ 16.  Wages

  [RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (1) The basic wages or the range of the basic wages of officials of the Estonian Internal Security Service and the bases for increasing the basic wages are established by a directive of the minister in charge of the policy sector.
[RT I, 27.05.2022, 2 – entry into force 01.07.2022]

 (2) The basic wages of officials of the Estonian Internal Security Service and police officers are increased by 10–50 per cent for the performance of duties relating to security.
[RT I, 27.05.2022, 2 – entry into force 01.07.2022]

 (3) The officials and police officers specified in subsection 2 of this section are not paid additional remuneration for working overtime, nor for working at night-time or on a public holiday.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (4) The wage system of those officials of the Estonian Foreign Intelligence Service who are not in the police service or active service is governed by the Civil Service Act with the specifications provided by this Act.
[RT I, 05.05.2017, 1 – entry into force 01.07.2017]

 (5) The minister in charge of the policy sector or by the authority thereof the head of a security authority establishes the salary guide for the officials and employees of the security authority by a directive which prescribes the procedure for the payment and grant of wages, including the procedure for calculating the remuneration paid for performance of duties at night and on public holidays, for overtime and on-call time.
[RT I, 27.05.2022, 2 – entry into force 01.07.2022]

§ 17.  Compensation in case official of security authority falls ill or suffers bodily injury
[Repealed - RT I, 13.12.2014, 1 - entry into force 01.07.2016 (entry into force amended − RT I, 17.12.2015, 1)]

§ 18.  Compensation for proprietary damage

 (1) Direct proprietary damage caused to an official of a security authority or their family members in the course of performance of their functions is compensated for by the state.

 (2) The limits of and the procedure for compensation for proprietary damage are established by a regulation of the Government of the Republic.

§ 19.  Health requirements and physical condition requirements for official and employee of security authority, and verification thereof

  [RT I, 27.05.2022, 2 – entry into force 01.07.2022]

 (1) The state of health and physical condition of an official and an employee of a security authority must enable performance of their functions or duties.

 (2) The health requirements for an official and an employee of a security authority and the procedure for their medical examinations are established by a regulation of the minister in charge of the policy sector.

 (3) The posts in security authorities where an official appointed to such a post must meet the physical condition requirements, and the physical condition requirements for an official and an employee of a security authority and the procedure for verifying compliance therewith are established by a directive of the head of the security authority.

 (4) A security authority may refer a candidate for an official or an employee to a medical examination and physical condition verification before commencement of service or employment.

 (5) The expenses of a medical examination, physical condition verification and vaccination of an official and an employee of a security authority and of a candidate are covered by the security authority.
[RT I, 27.05.2022, 2 – entry into force 01.07.2022]

§ 20.  Restrictions imposed on official and employee of security authority

 (1) An official and an employee of a security authority may not:
 1) work for another employer, except with the written consent of the head of the authority;
 2) participate in a strike;
 3) be a member of a political party.
[RT I, 06.07.2012, 1 – entry into force 01.04.2013]

§ 201.  Additional holiday of official of security authority

 (1) If justified, an official of a security authority may be granted paid additional holiday up to ten calendar days a year. A claim for such an additional holiday expires after one year as of the end of the service year for which the additional holiday is calculated. Additional days of holiday which have not been used and which have not expired are not compensated for in money upon release from service.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (2)  The conditions and procedure for grant of additional holiday provided by subsection 1 of this section are established by the head of the security authority or a person authorised thereby.
[RT I, 27.05.2022, 2 – entry into force 01.07.2022]

§ 202.  Storage of information concerning official and employee of security authority

  A security authority need not present information to the database specified in § 106 of the Civil Service Act. A security authority must ensure the storage of information specified in subsection 3 of § 106 of the Civil Service Act concerning its officials and employees.
[RT I, 06.07.2012, 1 – entry into force 01.04.2013]

§ 203.  Incentive

 (1) Incentives applied to an official and an employee of a security authority for long-time impeccable work or for outstanding performance of duties of employment are:
 1) expression of thanks;
 2) grant of a service medal;
 3) grant of a monetary award;
 4) grant of a valuable gift;
 5) grant of an inscribed cut-and-thrust weapon or firearm.

 (2) Several incentives may be applied concurrently.

 (3) The right to apply an incentive is vested in the head of a security authority and the relevant minister. The right to apply the incentive specified in clauses 2 and 5 of subsection 1 of this section is vested only in the relevant minister or the Director General of the Estonian Foreign Intelligence Service.
[RT I, 05.05.2017, 1 – entry into force 01.07.2017]

 (4) The description of the service medal and the procedure for the grant and wearing thereof are established by a regulation of the relevant minister.

 (5) For outstanding services, the incentives provided in clauses 1, 2, 4 and 5 of subsection 1 of this section may also be applied to such persons who are not officials or employees of a security authority.
[RT I, 06.07.2012, 1 – entry into force 01.04.2013]

Chapter 4 POWERS OF SECURITY AUTHORITY  

§ 21.  Powers of Estonian Internal Security Service

 (1) Chapter 22 of the Police and Border Guard Act applies to the activity of the Estonian Internal Security Service with the specifications arising from this Act.

 (2) A police officer of the Estonian Internal Security Service has, in the performance of their duties, the right to apply a state supervision measure and direct coercion on the grounds and according to the rules provided in the Law Enforcement Act. Upon the exercise of state supervision the restrictions on the rights of data subjects provided in subsection 3 of § 211 of this Act may be applied.
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]

 (3) In applying that arising from the Police and Border Guard Act, the Director General of the Estonian Internal Security Service must fulfil, in deciding over a measure and actions related thereto and in applying Chapter 22 of the Police and Border Guard Act, the duties of the Director General of the Police and Border Guard Board.
[RT I, 29.06.2012, 2 – entry into force 01.01.2013]

§ 211.  Collection and processing of information and restrictions on rights of data subjects

 (1) For the performance of its functions or ensuring the performance thereof, a security authority may collect and process, among others, the following information:
 1) personal data;
 2) special categories of personal data;
 3) data rendered anonymous;
 4) data addressed to the public and available from public sources.

 (2) Information is collected and processed directly by a security authority or an authority authorised for such a purpose or a person recruited for co-operation.

 (3) Upon collecting and processing information, a security authority may restrict the rights of data subjects, including the right to:
 1) be informed of the processing of their personal data, whether or not by automated means, including which personal data is processed and the purpose and scope of and legal basis and reason for processing;
 2) be informed of the recipients of their personal data and the categories of personal data disclosed and information concerning whether their personal data is transferred to a foreign state or an international organisation;
 3) be informed of the period of retention of their personal data or the criteria for determining such a period;
 4) be informed of the technical and organisational safeguards for the processing of their personal data;
 5) access personal data collected and processed;
 6) request that the processing of their personal data be restricted;
 7) request that their personal data be transferred;
 8) object to the processing of their personal data;
 9) be informed of any violations relating to their personal data.

 (4) Under subsection 3 of this section the rights of data subjects may be restricted if not restricting may:
 1) adversely affect the performance of the functions of a security authority;
 2) prevent the combating of a criminal offence;
 3) adversely affect the rights and freedoms of data subjects or other persons.

 (5) A security authority may process collected information for the performance of a function provided in this Act or in another Act or for ensuring such performance. For the performance of obligations arising from an international agreement, legislation of the European Union or other laws, personal data obtained from a foreign state or an international organisation may be processed.

 (6) A security authority retains information collected under this or another Act for as long as necessary for the performance of its functions provided in this Act or until the need for further processing cannot be excluded.

 (7) That provided in this section may be applied by a security authority to the processing of personal data in the course of exercise of state supervision and to the employment of an official in service and employment of an employee of the security authority and during service or employment.
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]

§ 22.  Provision of assistance to security authority

 (1) State and local government authorities and officials as well as legal persons in public law provide, within the limits of their competence, assistance to a security authority in the performance of its functions. The expenses incurred by a local government authority or legal person in public law in the provision of such assistance are covered from the state budget.

 (2) In the case of a direct threat to national security, a security authority may demand a private individual to provide assistance necessary for the performance of the functions of the security authority unless other means are available.

 (3) The procedure for compensation for the expenses arising from the provision of the assistance provided in subsection 2 of this section is established by a regulation of the Government of the Republic.

§ 23.  Shadow information and covert measures

  [RT I, 05.05.2017, 1 – entry into force 01.07.2017]

 (1) For the performance or ensuring the performance of its functions a security authority may use shadow information and covert measures in order to hide from the data subject the performers of the act, the target of the act and the ownership of the rights and obligations and immovable and movable used.

 (2) The transactions related to the activities specified in subsection 1 of this section are deemed to be transactions made by the security authority.

 (3) The security authority is responsible for the accuracy of a database entry related to the activities specified in subsection 1 of this section.

 (4) The procedure for maintaining records of the acts related to the activities specified in subsection 1 of this section is established by a directive of the head of the security authority.
[RT I, 05.05.2017, 1 – entry into force 01.07.2017]

§ 231.  Use of legal person in private law

 (1) A security authority may use a legal person in private law for the performance or ensuring the performance of its functions on the basis of a resolution of the head of the security authority, using shadow information or covert measures pursuant to the procedure specified in § 23 of this Act.

 (2) Every six months the head of the security authority submits to the relevant minister information concerning the activities of a legal person in private law specified in subsection 1 of this section.
[RT I, 05.05.2017, 1 − entry into force 01.07.2017]

§ 232.  Undercover staff official and employee of security authority

 (1) A security authority may appoint on a post or recruit an undercover staff official or employee of the security authority on the basis of a resolution of the head of the security authority.

 (2) For the purposes of this Act, an undercover staff official or employee of the security authority is an official or employee of the security authority whose employment or service relationship with the security authority is not known to a third person and who collects information covertly or helps to ensure that the collection of information is covert.

 (3) The personal data and employment and service relationships with the security authority of an undercover staff official or employee of the security authority are also kept secret after termination of the covert collection of information if the disclosure of personal data may endanger the life, health, private life or property of an undercover staff official or employee or the persons connected with them or their further activities as an undercover staff official or employee of the security authority.

 (4) The procedure for maintaining the records of the acts related to the activities of the undercover staff official or employee of the security authority is established by a directive of the head of the security authority.
[RT I, 05.05.2017, 1 − entry into force 01.07.2017]

§ 24.  Manner of collection of information

  [Repealed – RT I, 13.03.2019, 2 – entry into force 15.03.2019]

§ 241.  Recruitment of person to secret co-operation

 (1) A security authority has the right to recruit a person with active legal capacity to secret co-operation with the person's consent.

 (2) For the purposes of this Act, a person who has been recruited to secret co-operation is a person whose co-operation with the security authority is not known to a third person.

 (3) Covert collection of data or making an act on the assignment of the security authority is deemed to be co-operation with the security authority of a person recruited to secret co-operation, taking into account the provisions of § 23 of this Act. Being present at the act performed by the security authority is not secret co-operation.

 (4) A person who is recruited to secret co-operation is remunerated from the budget of the security authority.

 (5) A person who is recruited to secret co-operation is required to refrain from knowingly forwarding false or defamatory information and maintain the confidentiality of the co-operation with the security authority, the data which they have become aware of in the course of secret co-operation, as well as the means, methods and tactics used upon collection of data.

 (6) A person who is recruited to secret co-operation has the right to refuse to perform an act with regard to a person who is connected with them.

 (7) The procedure for recruitment of a person to secret co-operation is established by a directive of the head of the security authority.
[RT I, 05.05.2017, 1 − entry into force 01.07.2017]

§ 242.  Compensation in case person recruited to secret co-operation gets killed, dies or work ability decreases

 (1) If a person who is recruited to secret co-operation is killed or dies due to the performance of tasks related to secret co-operation as a result of an accident or an attack against them or prevention of an offence or countering of a threat by them, their child, parent, widow, widower or partner in a relationship resembling marriage and, for the purposes of the Family Law Act, another person who was maintained by them are paid a lump-sum benefit.
[RT I, 27.05.2022, 2 – entry into force 01.07.2022]

 (2) If due to an injury sustained or an illness developed as a result of an accident related to secret co-operation or an attack against them or combating of an offence or countering of a threat by them a person who is recruited to secret co-operation is established to have partial or no work ability or temporary loss of work ability which did not result in partial or no work ability, the person who is recruited to secret co-operation is paid a benefit.
[RT I, 27.05.2022, 2 – entry into force 01.07.2022]

 (3) In the cases specified in subsection 1 and 2 of this section the lump-sum compensation is paid pursuant to the same grounds and rules which are prescribed upon payment of compensation in the cases provided in §§ 49 and 491 of the Civil Service Act, taking into account the specifications provided in this section.

 (4) The calculation of the compensation specified in subsections 1 and 2 of this section is based on:
 1) the basic wage rate corresponding to the lowest wage grade or the lowest basic wages of an official of the Estonian Internal Security Service, except the police officer, if a contract on recruitment of a person to secret co-operation has been entered into with the Estonian Internal Security Service;
 2) the lowest basic wages of an official of the Estonian Foreign Intelligence Service if a contract on recruitment of a person to secret co-operation has been entered into with the Estonian Foreign Intelligence Service.
[RT I, 05.05.2017, 1 − entry into force 01.07.2017]

§ 25.  Restrictions on right to confidentiality of messages

 (1) In the cases provided in this section, a security authority is permitted to restrict a person’s right to the confidentiality of messages sent or received by them by post, telegraph, telephone or other commonly used means.

 (2) A security authority may, within the limits of its competence, restrict a person’s right to the confidentiality of messages in order to combat a criminal offence if there is sufficient information to indicate that a criminal offence is being prepared or committed.

 (3) A person’s right to the confidentiality of messages is restricted by:
 1) examination of a postal item;
 2) wire-tapping, observing or recording a message or other information transmitted over an electronic communications network;
 3) wire-tapping, observing or recording information communicated by any other means.
[RT I 2004, 87, 593 –entry into force 01.01.2005]

§ 26.  Restrictions on right to inviolability of home, and family or private life

 (1) A security authority may restrict a person’s right to the inviolability of home, and family or private life in the cases provided in this section.

 (2) An official of a security authority may, within their competence and in order to combat a criminal offence, enter or search a person’s premises, building, enclosed area, vehicle or computer system without the consent of the person on the order of the head of the security authority in order to ensure national security or if there is sufficient information to indicate that a criminal offence is being prepared or committed and if collection of information is necessary for combating the criminal offence.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (3) A person’s right to the inviolability of home, and family or private life is restricted by:
 1) collection and processing of personal data;
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]
 2) covert surveillance;
 3) covert establishment of identity;
 4) collection of information on the fact, duration, manner and form of transmission of messages over an electronic communications network, and on the personal data and location of the sender or receiver of such messages;
 5) covert entry in the person’s premises, building, enclosed area, vehicle or computer system for the purposes of covert collection or recording of information or installation and removal of technical aids necessary for such purposes;
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]
 6) covert examination of an item and, if necessary, covert alteration of the item, damage to the item or replacement of the item.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (4) On the basis of a written agreement entered into with a security authority and within the competence of the security authority, a person recruited for secret co-operation may also restrict a person’s right to the inviolability of home, and family or private life pursuant to the procedure provided in § 27 of this Act.
[RT I 2004, 87, 593 – entry into force 01.01.2005]

§ 27.  Procedure for restriction of right to confidentiality of messages and right to inviolability of home, and family or private life

 (1) In the case of a need to restrict a person’s right to the confidentiality of messages or to the inviolability of home, and family or private life in the manner specified in clause 5 of subsection 3 of § 26 of this Act, the head of a security authority submits to the chairman of an administrative court or an administrative judge appointed by the chairman a reasoned written application for the corresponding permission. The application must set out the manner of restriction of the corresponding right.

 (2) Grant, extension and revocation of a permission and declaration as justified of restriction of a person’s right to the confidentiality of messages or to the inviolability of home, and family or private life in the manner specified in clause 5 of subsection 3 of § 26 of this Act are decided without a delay and without holding a court session, pursuant to the provisions of the Code of Administrative Court Procedure concerning granting permission for administrative measure. Permission may be granted for a period of up to two months or extended for the same period at a time.

 (21) In emergencies if there is a threat to the national security or if there is sufficient information to indicate that a criminal offence is being prepared or committed and the act specified in subsection 1 of this section is necessary to combat a criminal offence and it is impossible to apply for the permission specified in subsection 2 of this section, the act may be performed with the permission of the administrative court, which is issued in a manner which can be reproduced. The head of the security authority submits a reasoned application which can be reproduced as a basis for the permission to the chairman of an administrative court or an administrative judge appointed by the chairman at the first opportunity but no later than on the day following the day of commencing the act. The application sets out the manner and duration of the restriction of the specified right. The chairman of an administrative court or an administrative judge appointed by the chairman decides on the continuation of the act with the permission specified in subsection 2 of this section.
[RT I, 05.05.2017, 1 − entry into force 01.07.2017]

 (22) The permission which is issued in an emergency in a manner which can be reproduced must include the following data:
 1) the name of the person who issued the permission:
 2) the date and time of issue of the permission;
 3) the act for performing of which the permission is issued;
 4) the name of a person with regard to whom the act is performed if it is known;
 5) the term of the permission.
[RT I, 05.05.2017, 1 − entry into force 01.07.2017]

 (3) Restriction of a person’s right to the inviolability of home, and family or private life is decided by the head of a security authority or an official authorised thereby in case of an action specified in clauses 2–4 and 6 of subsection 3 of § 26 of this Act. The decision is valid for the term indicated therein but for no longer than two months.
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]

 (4) The acts specified in clause 2 of subsection 3 of § 25 and in clause 4 of subsection 3 of § 26 of this Act are performed in accordance with the relevant provisions of the Electronic Communications Act.
[RT I 2004, 87, 593 –entry into force 01.01.2005]

§ 28.  Methods and means of covert collection of information

  The methods and means to be used by a security authority in covert collection of information are established by a regulation of the relevant minister. The regulation is submitted to the Security Authorities Surveillance Committee of the Riigikogu for information purposes.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

§ 29.  Notifying persons of act

  [RT I, 26.05.2020, 1 – entry into force 05.06.2020]

 (1) A person in respect of whom an act referred to in subsection 3 of § 25 or clause 2, 5 or 6 of subscetion 3 of § 26 of this Act was performed or whose fundamental rights or freedoms were significantly restricted by said act and who was identified in the course thereof is notified by a security authority of the time and type of the act promptly after the declassification of information collected by the act.

 (2) A security authority need not notify a person of the time and type of an act referred to in subsection 1 of this section if notification may:
 1) significantly harm another person’s rights and freedoms guaranteed by law or put another person at risk;
 2) endanger the confidentiality of the security authority’s means, methods or tactics;
 3) endanger the source of information or a person recruited to secret co-operation;
 4) harm exchange of information between security authorities or co-operation with a foreign state or an international organisation.

 (3) By a resolution of the head of the security authority which performed an act or a resolution of an official authorised thereby, a person need not be notified until the basis for not notifying of the act as provided in subsection 2 of this section ceases to exist.

 (4) If one year has passed from the declassification of information collected by an act and the basis for not notifying of the act as provided in subsection 2 of this section has not ceased to exist, the head of the security authority or an official authorised thereby decides to never notify the person, except in the event provided in subsection 5 of this section.

 (5) If one year has passed from the declassification of information collected by an act provided in subsection 3 of § 25 or clause 5 of subsection 3 of § 26 of this Act and the basis for not notifying of the act as provided in subsection 2 of this section has not ceased to exist, the head of the security authority which performed the act or an official authorised thereby applies, no later than 15 days before the end of said time limit, to the president of the relevant administrative court or an administrative court judge designated thereby for a permission to never notify the person. Grant or refusal of permission is decided under the provisions of the Code of Administrative Court Procedure that govern granting permission for an administrative measure.
[RT I, 26.05.2020, 1 – entry into force 05.06.2020]

§ 30.  Storage of information

  Information collected in the manner provided in § 25 or § 26 of this Act is stored in information files. A separate information file is opened for each individual case. The procedure for keeping and storing files is established by a regulation of the minister in charge of the policy sector governed by the Ministry of the Interior or the Ministry of Defence.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

§ 31.  Communication of information to security authority

 (1) For the performance of its functions, a security authority has the right to obtain personal data and other information from:
 1) a state authority;
 2) a local authority;
 3) a legal person in public law;
 4) a holder of office in public law;
 5) a person performing administrative duties upon the performance of public law functions;
 6) a natural person or legal person in private law.

 (2) In the case of subsection 1 of this section, the authority and person who provided information may apply the restrictions provided in subsection 3 of § 211 of this Act when processing information which contains personal data.
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]

§ 311.  Access to databases

  For the performance of their functions imposed by law, security authorities have access, free of charge, to information held in databases established on the basis of the Public Information Act.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

§ 32.  Communication of information by security authority

 (1) Information which is received in the performance of the functions of a security authority must be communicated to another state authority if it is necessary for the performance of the functions imposed on the state authority and it does not harm the performance of the functions of the security authority.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (2) Information which is received in the performance of the functions of a security authority must be communicated to another state authority and to a natural or legal person if it is necessary for combating a crime of terrorism or if it is related to a threat of commission of a crime of terrorism and it does not harm the performance of the functions of the security authority.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (3) Information which is received in the performance of the functions of a security authority may be communicated to a company with state participation if it is necessary for the performance of its functions and it does not harm the performance of the functions of the security authority.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (31) Information which is received in the performance of the functions of a security authority may be transferred to another person or authority if it is necessary for the performance of the functions of the security authority. For the performance of obligations arising from an international agreement, legislation of the European Union or other laws, information which is received in the performance of the functions of the security authority may also be transferred to a foreign state or an international organisation.
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]

 (4) An authority or a person who has received information under subsections 1–31 of this section may apply the restrictions on the rights of data subjects provided in subsection 3 of § 211 of this Act when processing information which contains personal data.
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]

§ 33.  Organisation of protection of communications

  [Repealed – RT I, 31.12.2022, 2 – entry into force 10.01.2023]

§ 34.  Exchange of information with foreign state and international organisation

  [Repealed – RT I 2007, 16, 77 – entry into force 01.01.2008]

§ 341.  General conditions of application of special measures

 (1) The right to apply a special measure provided in §§ 342–348 of this Act upon the performance of their duties lies with an official of a security authority who is not a police officer, provided they have completed relevant training.

 (2) Direct coercion may be applied upon the application of a special measure provided in §§ 344–348 of this Act in accordance with the rules provided in §§ 76–78 of the Law Enforcement Act and as long as this is indispensable for achieving the objective.

 (3) Application of a special measure provided in §§ 344–348 of this Act is allowed until the arrival of the police.
[RT I, 31.12.2022, 2 – entry into force 10.01.2023]

§ 342.  Processing of personal data by using monitoring equipment

  In order to monitor events taking place in the territory of a security authority and its immediate vicinity, the security authority may use monitoring equipment transmitting or recording images where this is necessary for preventing, ascertaining or countering an imminent threat to the premises or staff of the security authority or for stopping an attack against them.
[RT I, 31.12.2022, 2 – entry into force 10.01.2023]

§ 343.  Questioning and requiring of documents

 (1) A security authority may stop a person who is in the territory of the security authority or its immediate vicinity and question them and require them to present their identity document where there is reason to believe that the person has information necessary for ascertaining or countering an imminent threat to the premises or staff of the security authority or for stopping an attack against them.

 (2) Recording such questioning and requiring of presentation of documents in a report is subject to the provisions of subsections 2 and 4 of § 30 of the Law Enforcement Act.
[RT I, 31.12.2022, 2 – entry into force 10.01.2023]

§ 344.  Establishment of identity

  A security authority may establish the identity of a person who is in the territory of the security authority or its immediate vicinity on the basis of their valid identity document or, where this is not possible, in another lawful manner and verify through a database the authenticity of information entered on the document or provided by the person where this is necessary for ascertaining or countering an imminent threat posed by the person to the premises or staff of the security authority or for stopping an attack against them.
[RT I, 31.12.2022, 2 – entry into force 10.01.2023]

§ 345.  Detention of person

 (1) A security authority may detain a person who is in the territory of the security authority or its immediate vicinity by locking them to a room or a vehicle or by restricting their physical liberty in another manner to a significant extent if:
 1) they force or have forced themselves in the territory of the security authority or they are there without an appropriate authorisation or other legal basis;
 2) there is a suspicion that they have committed an offence against the premises or staff of the security authority;
 3) they pose a threat to the premises or staff of the security authority or other persons in the territory of the security authority.

 (2) A person detained is to be informed of the reason for their detention.

 (3) A person may be detained until the basis for the detention ceases to exist but for no longer than six hours.

 (4) A person detained under clause 1 of subsection 1 of this section whom there is no reason to suspect of commission of an offence is to be showed out of the territory of the security authority and released.

 (5) A person detained under clause 2 or 3 of subsection 1 of this section is to be handed over to the police at the first opportunity.
[RT I, 31.12.2022, 2 – entry into force 10.01.2023]

§ 346.  Security check

 (1) A security authority may check a person or their clothing by way of observation and feeling or by means of a technical device or a service animal with relevant training in order to ensure that the person does not possess items or substances by which they may endanger themselves or other persons or the premises of the security authority or hurt the performance of the functions of the security authority when the person:
 1) enters or leaves the territory of the security authority;
 2) is in the territory of the security authority or its immediate vicinity if checking is necessary for ascertaining an imminent serious threat to the premises or staff of the security authority or for countering an immediate serious threat;
 3) is detained under § 345 of this Act.

 (2) Security checks are subject to the provisions of subsection 2 of § 47 of the Law Enforcement Act.
[RT I, 31.12.2022, 2 – entry into force 10.01.2023]

§ 347.  Examination of movable

 (1) A security authority may, without the consent of the possessor, check a movable sensuously or by means of a technical device or a service animal, including open doors and eliminate other obstacles if:
 1) it is carried by a person entering or leaving the territory of the security authority;
 2) it is carried by a person who may be subjected to a security check on the basis of § 346 of this Act;
 3) it is necessary for ascertaining an imminent serious threat to the premises or staff of the security authority or for countering an immediate serious threat and the person is in the territory of the security authority or its immediate vicinity.

 (2) Examination of a movable is subject to the provisions of subsections 2–4, 51 and 6 of § 49 of the Law Enforcement Act.
[RT I, 31.12.2022, 2 – entry into force 10.01.2023]

§ 348.  Taking movable into storage

 (1) A security authority may take a movable into storage:
 1) for countering an immediate threat to the premises or staff of the security authority or for stopping an attack against them;
 2) if the item is possessed by a person detained under § 345 of this Act and there is a risk that the person will use the item to kill or injure themselves or another person or to damage another person’s item or to escape;
 3) if in the course of a security check carried out on the basis of § 346 of this Act an object which is not prohibited by law but which may endanger the person themselves or another person or hurt the performance of the functions of the security authority is detected;
 4) if the movable is permitted to be examined on the basis of § 347 of this Act and taking it into storage is necessary in order to take a sample or measurements of the movable or give an expert assessment on the movable.

 (2) Taking a movable into storage is subject to the provisions of subsections 2–4 of § 52 of the Law Enforcement Act.
[RT I, 31.12.2022, 2 – entry into force 10.01.2023]

§ 35.  Special equipment and weapons of official of security authority and use thereof

  [RT I, 31.12.2022, 2 – entry into force 10.01.2023]

 (1) Special equipment allowed for an official of a security authority is:
 1) handcuffs;
 2) binding means;
 3) a service animal.

 (2) Weapons allowed for an official of a security authority are:
 1) a firearm;
 2) a gas weapon;
 3) a cut-and-thrust weapon;
 4) an electric shock weapon.

 (3) An official of a security authority may use special equipment and a weapon, provided they have completed relevant training:
 1) for applying direct coercion;
 2) for countering a threat on the conditions provided in subsections 4 and 5 of this section.

 (4) An official of a security authority has the right to use special equipment, a gas weapon and a cut-and-thrust weapon for countering a significant and a serious threat, and a firearm and an electric shock weapon for countering a serious threat where countering the threat by other means harming a person less is not possible or is not possible in a timely manner, and with the consideration that in using special equipment or a weapon every effort is made in order not to jeopardise another significant benefit.

 (5) A firearm and an electric shock weapon may only be used with regard to a person as a last resort to make them incapable of attacking, offering resistance or escaping if it is necessary to counter an immediate threat to the life or physical inviolability of an official of a security authority or another person and if it is not possible to achieve this objective by using the same weapon against an animal or a thing or by using physical force or special equipment.
[RT I, 31.12.2022, 2 – entry into force 10.01.2023]

§ 351.  Handling of explosives

 (1) In the performance of their duties, an official of the Estonian Internal Security Service may handle explosives.

 (2) The procedure for handling explosives by the Estonian Internal Security Service is established by the Director General of the Estonian Internal Security Service.
[RT I, 14.03.2023, 21 – entry into force 15.03.2023]

Chapter 5 SUPERVISION  

§ 36.  Security Authorities Surveillance Committee of Riigikogu

 (1) The Security Authorities Surveillance Committee of the Riigikogu is a select committee of the Riigikogu which exercises supervision over authorities of executive power in matters relating to the activities of the security authorities and surveillance agencies, including compliance with requirements for personal data processing, guarantee of fundamental rights and efficiency of the work of the security authorities and surveillance agencies, and also in matters relating to supervision exercised over the security authorities and surveillance agencies.
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]

 (2) The Prime Minister and a relevant minister inform the Committee of the activities of the security authorities and surveillance agencies and of supervision over their activities, including submit an overview of such matters at least once in every six months.

 (3) In order to perform functions related to the work of the Committee, the Committee has the right to summon persons and require documents for examination.

 (4) The Committee deliberates the draft budget of a security authority concurrently with the deliberation of the draft state budget in the Riigikogu.

 (5) The Committee submits an overview of the activities and the results of the Committee to the Riigikogu at least once a year.

 (6) If an offence is discovered, the Committee is required to forward the relevant materials to an investigative body or the Chancellor of Justice.

 (7) The members and officials of the Committee are required to maintain the confidentiality of a state and personal secret as well as classified information of a foreign state which have come to their knowledge in the course of their work.
[RT I 2007, 16, 77 – entry into force 01.01.2008]

§ 37.  Restrictions of communication of information to the Security Authorities Surveillance Committee

  [Repealed – RT I 2007, 16, 77 – entry into force 01.01.2008]

Chapter 6 IMPLEMENTING PROVISIONS  

§ 38.  Transformation of select committee of Riigikogu formed for verification of lawfulness of activity of Estonian Internal Security Service and of surveillance activities

  The select committee formed by a resolution of the Riigikogu of 29 April 1999 for the verification of the lawfulness of the activity of the Estonian Internal Security Service and of surveillance activities is transformed into the Committee provided in § 36 of this Act.

§ 39. – § 47. [Omitted from this text.]

§ 48.  Entry into force of Act

  This Act enters into force on 1 March 2001.

Issuer:Riigikogu
Type:act
In force from:15.03.2023
In force until: In force
Translation published:24.03.2023

Chapter 1 GENERAL PROVISIONS  

§ 1.  Scope of regulation

 (1) This Act provides for the functions and competence of security authorities in ensuring national security and constitutional order, and the procedure for the exercise of supervision over the activities of security authorities.

 (11) This Act provides for the bases for the processing of personal data, including special categories of personal data, and the restriction of the scope of the rights of data subjects by security authorities and the procedure for the exercise of supervision over compliance with the requirements for personal data processing.
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]

 (2) The provisions of the Administrative Procedure Act apply to administrative proceedings prescribed in this Act, taking into account the specifications provided in this Act.
[RT I 2002, 61, 375 – entry into force 01.08.2002]

§ 2.  Objective of activity of security authorities

 (1) The objective of the activity of security authorities is to ensure national security by the continuance of constitutional order through the application of non-military means of prevention, and to collect and process information necessary for formulating the security policy and for national defence.

 (2) Achievement of the objectives specified in subsection 1 of this section takes place in the Defence Forces according to the rules provided in this Act unless otherwise provided by the Estonian Defence Forces Organisation Act.
[RT I 2008, 35, 213 – entry into force 01.01.2009]

§ 3.  Principles of activity of security authority

 (1) A security authority collects and processes information, including personal data, insofar as this is necessary for performing its functions, considering the following principles:
 1) the manner and scope of collection and processing of information and the organisational and technical safeguards applied may not excessively adversely affect the fundamental rights of a person compared to the objective pursued by the security authority;
 2) the collection and processing of information may not endanger the life or health of a person, unnecessarily endanger property or the environment or unnecessarily infringe other personal rights;
 3) information is processed and retained for as long as necessary for the performance of the security authority’s function and in accordance with the objective of the activity of the security authority;
 4) information is collected and processed in a manner which ensures its security, including protects against unauthorised or unlawful processing and accidental loss or destruction thereof or damage thereto by applying appropriate technical or organisational measures.
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]

 (2) A security authority is to only use measures necessary for performing its functions. In the case there are several possible measures, the security authority is to use the measure which restricts the fundamental rights of persons as little as possible in connection with the performance of a function of the security authority. A measure which does not restrict the fundamental rights of an individual excessively compared to the objective pursued by the security authority may be used.

§ 4.  Combating criminal offence

  For the purposes of this Act, combating a criminal offence means prevention of a criminal offence in any lawful manner before the offence is committed.

Chapter 2 ORGANISATION AND FUNCTIONS OF SECURITY AUTHORITIES  

§ 5.  Security authorities

  The security authorities are the Estonian Internal Security Service and the Estonian Foreign Intelligence Service.
[RT I, 05.05.2017, 1 – entry into force 01.07.2017]

§ 6.  Functions of Estonian Internal Security Service

  The functions of the Estonian Internal Security Service are:
 1) prevention and combating of changing the constitutional order or territorial integrity of the state by force, and collection and processing of information necessary for such purpose;
[RT I, 29.06.2012, 2 – entry into force 01.01.2013]
 2) prevention and combating of intelligence activities directed against the state, including protection of state secrets and classified information of foreign states in the cases and according to the rules prescribed in the State Secrets and Classified Information of Foreign States Act (counter-intelligence), except in the cases specified in clauses 2 and 3 of subsection 1 of § 7 of this Act;
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]
 21) prevention and combating of terrorism and terrorist financing and support, and collection and processing of information necessary for such purpose;
[RT I 2008, 3, 21 – entry into force 28.01.2008]
 22) prevention and combating of corruption endangering national security, and collection and processing of information necessary for such purpose;
[RT I, 29.06.2012, 2 – entry into force 01.01.2013]
 3) combating of those criminal offences the pre-trial investigation of which is within the competence of the Estonian Internal Security Service, except in the cases specified in clauses 2 and 3 of subsection 1 of § 7 of this Act;
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]
 4) pre-trial investigation of criminal offences in the cases prescribed by law.

§ 7.  Functions of Estonian Foreign Intelligence Service

  [RT I, 05.05.2017, 1 – entry into force 01.07.2017]

 (1) The functions of the Estonian Foreign Intelligence Service are:
[RT I, 05.05.2017, 1 – entry into force 01.07.2017]
 1) collection and processing of information concerning foreign states, or foreign factors or activities, which is necessary for the state in formulating the foreign, economic and national defence policy and for national defence;
 2) conduct of counter-intelligence for the protection of the foreign missions of the state and such structural units or staff of the Defence Forces which are outside the territory of the state;
[RT I 2008, 35, 213 – entry into force 01.01.2009]
 3) conduct of counter-intelligence for the protection of the staff of the Estonian Foreign Intelligence Service, persons recruited for co-operation, and property in the possession of the Estonian Foreign Intelligence Service;
 4) organisation and verification of INFOSEC.
[RT I, 31.12.2022, 2 – entry into force 10.01.2023]
 5) [repealed – RT I 2003, 23, 147 – entry into force 01.04.2003]

 (2) In the collection of information by electronic means, the Estonian Foreign Intelligence Service provides professional assistance to the Estonian Internal Security Service.
[RT I, 05.05.2017, 1 – entry into force 01.07.2017]

 (21) Upon conduct of military intelligence, the Estonian Foreign Intelligence Service provides professional assistance to the Defence Forces.
[RT I, 05.05.2017, 1 – entry into force 01.07.2017]

 (3) [Repealed – RT I, 31.12.2022, 2 – entry into force 10.01.2023]

§ 71.  Special communications services

  [Repealed – RT I, 31.12.2022, 2 – entry into force 10.01.2023]

§ 8.  Number and composition of posts in security authority

 (1) The limit on posts in a security authority is established by the minister in charge of the policy sector.

 (2) Considering the limit established on the basis of subsection 1 of this section, the minister in charge of the policy sector or the head of a security authority authorised thereby establishes the composition of posts in a security authority.
[RT I, 27.05.2022, 2 – entry into force 01.07.2022]

§ 9.  Organisation and harmonisation of work of security authorities

 (1) The Prime Minister and the ministers who head the ministries in whose area of government the security authorities are must constantly co-operate with each other to organise and harmonise the work of the security authorities.

 (2) The Government of the Republic establish, by an order, for each year a plan regarding the obtaining and analysis of state security information. The plan regarding the obtaining and analysis of state security information must provide for the functions set for the security authorities and the Defence Forces upon conduct of military intelligence and a list of information to be collected, in the order of relevance.
[RT I 2008, 35, 213 – entry into force 01.01.2009]

§ 10.  Security Committee of Government of Republic

 (1) The Security Committee of the Government of the Republic (hereinafter Security Committee) must:
 1) co-ordinate the activities of the security authorities;
 2) analyse and assess the security situation in the state;
 3) determine the state’s need for security-related information;
 4) perform the functions imposed on the Security Committee by the National Defence Act and other Acts and the Government of the Republic.

 (2) The government authorities are required to give assessments of threat and other information related to the security of the state and national defence to the Security Committee, the Government of the Republic, relevant government authorities, the President of the Republic, the President of the Riigikogu and relevant committees of the Riigikogu. Where necessary, the Security Committee organises the communication of information related to national defence to the persons and authorities specified in this subsection.

 (3) The composition of the Security Committee is determined and the statutes thereof are established on the basis of the National Defence Act.
[RT I, 12.03.2015, 1 − entry into force 01.01.2016]

§ 11.  Co-operation between security authorities

 (1) The security authorities co-operate with each other through mutual assistance and exchange of information.

 (2) Exchange of information between the security authorities takes place on the basis of the plan regarding the obtaining and analysis of state security information.
[RT I 2008, 35, 213 – entry into force 01.01.2009]

§ 111.  Possession of state assets

 (1) In the state immovable property register specified in subsection 1 of § 95 of the State Assets Act may not be entered information specified in subsection 2 of the same section concerning immovable property in the possession of the security authorities, or it must be entered using shadow information.
[RT I 2009, 57, 381 – entry into force 01.01.2010]

 (2) A separate register which has been established by and the statutes on the maintenance of which aree established by the Government of the Republic is maintained concerning state assets in the possession of the security authorities.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

Chapter 3 SERVICE IN SECURITY AUTHORITY  

§ 12.  Specifications concerning service in security authority

 (1) The Civil Service Act applies to an official of a security authority with the specifications arising from this Act. The Employment Contracts Act applies to an employee of a security authority with the specifications arising from this Act.

 (11) The provisions of § 41 of the Civil Service Act governing rest time do not apply to an official of a security authority where such a specification is included in the official’s job description and working does not harm the health or safety of the official.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (2) The Police and Border Guard Act applies to a police officer of the Estonian Internal Security Service with the specifications arising from this Act.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (21) When an active serviceman is referred to a security authority, the term provided in subsection 21 of § 119 of the Military Service Act is applied.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (3) A probationary period of up to one year is applied to an official of a security authority.
[RT I, 27.05.2022, 2 – entry into force 01.07.2022]

 (4) Sections 17–19 of this Act do not apply to a police officer of the Estonian Internal Security Service.
[RT I, 26.03.2013, 2 – entry into force 01.04.2013]

§ 13.  Specifications concerning service in Government Office

  Specifications provided for an official of a security authority apply to an official of the Government Office whose function is to co-ordinate the work of the security authorities.
[RT I, 06.07.2012, 1 – entry into force 01.04.2013]

§ 14.  Employment in service

 (1) A citizen of the Republic of Estonia who has at least secondary education and full active legal capacity, and who is proficient in Estonian to the extent provided by law or on the basis of law may be employed in service or employed as an official and an employee of a security authority.
[RT I, 06.07.2012, 1 – entry into force 01.04.2013]

 (2) It is prohibited to employ in service and employ in a security authority a person:
 1) who receives a pension, remuneration or other regular compensation from a state which is not a state within the European Economic Area or Switzerland or which does not belong to the North Atlantic Treaty Organisation;
 2) who lacks a Personnel Security Clearance for access to a state secret of a required level or a Personnel Security Clearance Certificate for access to classified information of a foreign state of a required level if this is a prerequisite for working in a position of an official or of an employee.
[RT I, 06.07.2012, 1 – entry into force 01.04.2013]

 (3) An official of a security authority may be appointed to a position without competition.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

§ 15.  Appointment of head of security authority to position

  [RT I, 19.03.2015, 2 – entry into force 29.03.2015]
The Government of the Republic appoints a head of a security authority to office for a period of five years at the proposal of the relevant minister, after having heard the opinion of the Security Authorities Surveillance Committee of the Riigikogu. The head of a security authority is not appointed to office for more than two consecutive terms.

§ 151.  Release of official of security authority from service when official is appointed to position in or employed by another authority or organisation

  [RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (1) An official of a security authority, except for an active serviceman referred to a security authority, may, with their consent, be released and appointed to a position in or employed by another authority, authority governed by a government authority, legal person governed by public law, international organisation, or a position or employment established in the framework of international co-operation. The term of service or employment of an official of a security authority in another authority, authority governed by a government authority, legal person governed by public law, international organisation, or a position or employment established in the framework of international co-operation is subject to the provisions of subsection 4 of § 33 of the Civil Service Act.
[RT I, 27.05.2022, 2 – entry into force 01.07.2022]

 (2) Upon the expiry of the term provided in subsection 1 of this section, the official of the security authority is appointed back to the same position or another position of the same official rank. If no such positions are vacant, the official of the security authority may, with their consent, be appointed to another position or an employment contract may be concluded with them.

 (3) An official of a security authority appointed to a position or employed as an employee by another authority, authority governed by a government authority, legal person governed by public law, international organisation or a position established in the framework of international co-operation on the basis and for the period of time provided in subsection 1 of this section is paid wages or remuneration which must not be less than their wages as an official of the security authority.

 (31) Where an official of a security authority is released from a position specified in subsection 1 of this section upon the expiry of the term provided in subsection 1, their annual holiday that has not been used or expired may be compensated in money.
[RT I, 27.05.2022, 2 – entry into force 01.07.2022]

 (4) The period of service in another authority, authority governed by a government authority, legal person governed by public law, international organisation or a position or employment established in the framework of international co-operation is included in the period of service in the position which the official had before appointment to or employment by another authority or organisation, provided the official of a security authority continues service in the security authority upon the expiry of the term provided in subsection 1 of this section.
[RT I, 27.05.2022, 2 – entry into force 01.07.2022]

§ 152.  Identifications of officials of security authorities and badges of office of police officers

 (1) The description and the format of the identifications of officials of security authorities and the badges of office of police officers are established by a regulation of the minister in charge of the policy sector governed by the Ministry of the Interior or the Ministry of Defence.

 (2) A list of positions in which police officers are issued with a badge of office is established by a directive of the head of the relevant security authority.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

§ 16.  Wages

  [RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (1) The basic wages or the range of the basic wages of officials of the Estonian Internal Security Service and the bases for increasing the basic wages are established by a directive of the minister in charge of the policy sector.
[RT I, 27.05.2022, 2 – entry into force 01.07.2022]

 (2) The basic wages of officials of the Estonian Internal Security Service and police officers are increased by 10–50 per cent for the performance of duties relating to security.
[RT I, 27.05.2022, 2 – entry into force 01.07.2022]

 (3) The officials and police officers specified in subsection 2 of this section are not paid additional remuneration for working overtime, nor for working at night-time or on a public holiday.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (4) The wage system of those officials of the Estonian Foreign Intelligence Service who are not in the police service or active service is governed by the Civil Service Act with the specifications provided by this Act.
[RT I, 05.05.2017, 1 – entry into force 01.07.2017]

 (5) The minister in charge of the policy sector or by the authority thereof the head of a security authority establishes the salary guide for the officials and employees of the security authority by a directive which prescribes the procedure for the payment and grant of wages, including the procedure for calculating the remuneration paid for performance of duties at night and on public holidays, for overtime and on-call time.
[RT I, 27.05.2022, 2 – entry into force 01.07.2022]

§ 17.  Compensation in case official of security authority falls ill or suffers bodily injury
[Repealed - RT I, 13.12.2014, 1 - entry into force 01.07.2016 (entry into force amended − RT I, 17.12.2015, 1)]

§ 18.  Compensation for proprietary damage

 (1) Direct proprietary damage caused to an official of a security authority or their family members in the course of performance of their functions is compensated for by the state.

 (2) The limits of and the procedure for compensation for proprietary damage are established by a regulation of the Government of the Republic.

§ 19.  Health requirements and physical condition requirements for official and employee of security authority, and verification thereof

  [RT I, 27.05.2022, 2 – entry into force 01.07.2022]

 (1) The state of health and physical condition of an official and an employee of a security authority must enable performance of their functions or duties.

 (2) The health requirements for an official and an employee of a security authority and the procedure for their medical examinations are established by a regulation of the minister in charge of the policy sector.

 (3) The posts in security authorities where an official appointed to such a post must meet the physical condition requirements, and the physical condition requirements for an official and an employee of a security authority and the procedure for verifying compliance therewith are established by a directive of the head of the security authority.

 (4) A security authority may refer a candidate for an official or an employee to a medical examination and physical condition verification before commencement of service or employment.

 (5) The expenses of a medical examination, physical condition verification and vaccination of an official and an employee of a security authority and of a candidate are covered by the security authority.
[RT I, 27.05.2022, 2 – entry into force 01.07.2022]

§ 20.  Restrictions imposed on official and employee of security authority

 (1) An official and an employee of a security authority may not:
 1) work for another employer, except with the written consent of the head of the authority;
 2) participate in a strike;
 3) be a member of a political party.
[RT I, 06.07.2012, 1 – entry into force 01.04.2013]

§ 201.  Additional holiday of official of security authority

 (1) If justified, an official of a security authority may be granted paid additional holiday up to ten calendar days a year. A claim for such an additional holiday expires after one year as of the end of the service year for which the additional holiday is calculated. Additional days of holiday which have not been used and which have not expired are not compensated for in money upon release from service.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (2)  The conditions and procedure for grant of additional holiday provided by subsection 1 of this section are established by the head of the security authority or a person authorised thereby.
[RT I, 27.05.2022, 2 – entry into force 01.07.2022]

§ 202.  Storage of information concerning official and employee of security authority

  A security authority need not present information to the database specified in § 106 of the Civil Service Act. A security authority must ensure the storage of information specified in subsection 3 of § 106 of the Civil Service Act concerning its officials and employees.
[RT I, 06.07.2012, 1 – entry into force 01.04.2013]

§ 203.  Incentive

 (1) Incentives applied to an official and an employee of a security authority for long-time impeccable work or for outstanding performance of duties of employment are:
 1) expression of thanks;
 2) grant of a service medal;
 3) grant of a monetary award;
 4) grant of a valuable gift;
 5) grant of an inscribed cut-and-thrust weapon or firearm.

 (2) Several incentives may be applied concurrently.

 (3) The right to apply an incentive is vested in the head of a security authority and the relevant minister. The right to apply the incentive specified in clauses 2 and 5 of subsection 1 of this section is vested only in the relevant minister or the Director General of the Estonian Foreign Intelligence Service.
[RT I, 05.05.2017, 1 – entry into force 01.07.2017]

 (4) The description of the service medal and the procedure for the grant and wearing thereof are established by a regulation of the relevant minister.

 (5) For outstanding services, the incentives provided in clauses 1, 2, 4 and 5 of subsection 1 of this section may also be applied to such persons who are not officials or employees of a security authority.
[RT I, 06.07.2012, 1 – entry into force 01.04.2013]

Chapter 4 POWERS OF SECURITY AUTHORITY  

§ 21.  Powers of Estonian Internal Security Service

 (1) Chapter 22 of the Police and Border Guard Act applies to the activity of the Estonian Internal Security Service with the specifications arising from this Act.

 (2) A police officer of the Estonian Internal Security Service has, in the performance of their duties, the right to apply a state supervision measure and direct coercion on the grounds and according to the rules provided in the Law Enforcement Act. Upon the exercise of state supervision the restrictions on the rights of data subjects provided in subsection 3 of § 211 of this Act may be applied.
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]

 (3) In applying that arising from the Police and Border Guard Act, the Director General of the Estonian Internal Security Service must fulfil, in deciding over a measure and actions related thereto and in applying Chapter 22 of the Police and Border Guard Act, the duties of the Director General of the Police and Border Guard Board.
[RT I, 29.06.2012, 2 – entry into force 01.01.2013]

§ 211.  Collection and processing of information and restrictions on rights of data subjects

 (1) For the performance of its functions or ensuring the performance thereof, a security authority may collect and process, among others, the following information:
 1) personal data;
 2) special categories of personal data;
 3) data rendered anonymous;
 4) data addressed to the public and available from public sources.

 (2) Information is collected and processed directly by a security authority or an authority authorised for such a purpose or a person recruited for co-operation.

 (3) Upon collecting and processing information, a security authority may restrict the rights of data subjects, including the right to:
 1) be informed of the processing of their personal data, whether or not by automated means, including which personal data is processed and the purpose and scope of and legal basis and reason for processing;
 2) be informed of the recipients of their personal data and the categories of personal data disclosed and information concerning whether their personal data is transferred to a foreign state or an international organisation;
 3) be informed of the period of retention of their personal data or the criteria for determining such a period;
 4) be informed of the technical and organisational safeguards for the processing of their personal data;
 5) access personal data collected and processed;
 6) request that the processing of their personal data be restricted;
 7) request that their personal data be transferred;
 8) object to the processing of their personal data;
 9) be informed of any violations relating to their personal data.

 (4) Under subsection 3 of this section the rights of data subjects may be restricted if not restricting may:
 1) adversely affect the performance of the functions of a security authority;
 2) prevent the combating of a criminal offence;
 3) adversely affect the rights and freedoms of data subjects or other persons.

 (5) A security authority may process collected information for the performance of a function provided in this Act or in another Act or for ensuring such performance. For the performance of obligations arising from an international agreement, legislation of the European Union or other laws, personal data obtained from a foreign state or an international organisation may be processed.

 (6) A security authority retains information collected under this or another Act for as long as necessary for the performance of its functions provided in this Act or until the need for further processing cannot be excluded.

 (7) That provided in this section may be applied by a security authority to the processing of personal data in the course of exercise of state supervision and to the employment of an official in service and employment of an employee of the security authority and during service or employment.
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]

§ 22.  Provision of assistance to security authority

 (1) State and local government authorities and officials as well as legal persons in public law provide, within the limits of their competence, assistance to a security authority in the performance of its functions. The expenses incurred by a local government authority or legal person in public law in the provision of such assistance are covered from the state budget.

 (2) In the case of a direct threat to national security, a security authority may demand a private individual to provide assistance necessary for the performance of the functions of the security authority unless other means are available.

 (3) The procedure for compensation for the expenses arising from the provision of the assistance provided in subsection 2 of this section is established by a regulation of the Government of the Republic.

§ 23.  Shadow information and covert measures

  [RT I, 05.05.2017, 1 – entry into force 01.07.2017]

 (1) For the performance or ensuring the performance of its functions a security authority may use shadow information and covert measures in order to hide from the data subject the performers of the act, the target of the act and the ownership of the rights and obligations and immovable and movable used.

 (2) The transactions related to the activities specified in subsection 1 of this section are deemed to be transactions made by the security authority.

 (3) The security authority is responsible for the accuracy of a database entry related to the activities specified in subsection 1 of this section.

 (4) The procedure for maintaining records of the acts related to the activities specified in subsection 1 of this section is established by a directive of the head of the security authority.
[RT I, 05.05.2017, 1 – entry into force 01.07.2017]

§ 231.  Use of legal person in private law

 (1) A security authority may use a legal person in private law for the performance or ensuring the performance of its functions on the basis of a resolution of the head of the security authority, using shadow information or covert measures pursuant to the procedure specified in § 23 of this Act.

 (2) Every six months the head of the security authority submits to the relevant minister information concerning the activities of a legal person in private law specified in subsection 1 of this section.
[RT I, 05.05.2017, 1 − entry into force 01.07.2017]

§ 232.  Undercover staff official and employee of security authority

 (1) A security authority may appoint on a post or recruit an undercover staff official or employee of the security authority on the basis of a resolution of the head of the security authority.

 (2) For the purposes of this Act, an undercover staff official or employee of the security authority is an official or employee of the security authority whose employment or service relationship with the security authority is not known to a third person and who collects information covertly or helps to ensure that the collection of information is covert.

 (3) The personal data and employment and service relationships with the security authority of an undercover staff official or employee of the security authority are also kept secret after termination of the covert collection of information if the disclosure of personal data may endanger the life, health, private life or property of an undercover staff official or employee or the persons connected with them or their further activities as an undercover staff official or employee of the security authority.

 (4) The procedure for maintaining the records of the acts related to the activities of the undercover staff official or employee of the security authority is established by a directive of the head of the security authority.
[RT I, 05.05.2017, 1 − entry into force 01.07.2017]

§ 24.  Manner of collection of information

  [Repealed – RT I, 13.03.2019, 2 – entry into force 15.03.2019]

§ 241.  Recruitment of person to secret co-operation

 (1) A security authority has the right to recruit a person with active legal capacity to secret co-operation with the person's consent.

 (2) For the purposes of this Act, a person who has been recruited to secret co-operation is a person whose co-operation with the security authority is not known to a third person.

 (3) Covert collection of data or making an act on the assignment of the security authority is deemed to be co-operation with the security authority of a person recruited to secret co-operation, taking into account the provisions of § 23 of this Act. Being present at the act performed by the security authority is not secret co-operation.

 (4) A person who is recruited to secret co-operation is remunerated from the budget of the security authority.

 (5) A person who is recruited to secret co-operation is required to refrain from knowingly forwarding false or defamatory information and maintain the confidentiality of the co-operation with the security authority, the data which they have become aware of in the course of secret co-operation, as well as the means, methods and tactics used upon collection of data.

 (6) A person who is recruited to secret co-operation has the right to refuse to perform an act with regard to a person who is connected with them.

 (7) The procedure for recruitment of a person to secret co-operation is established by a directive of the head of the security authority.
[RT I, 05.05.2017, 1 − entry into force 01.07.2017]

§ 242.  Compensation in case person recruited to secret co-operation gets killed, dies or work ability decreases

 (1) If a person who is recruited to secret co-operation is killed or dies due to the performance of tasks related to secret co-operation as a result of an accident or an attack against them or prevention of an offence or countering of a threat by them, their child, parent, widow, widower or partner in a relationship resembling marriage and, for the purposes of the Family Law Act, another person who was maintained by them are paid a lump-sum benefit.
[RT I, 27.05.2022, 2 – entry into force 01.07.2022]

 (2) If due to an injury sustained or an illness developed as a result of an accident related to secret co-operation or an attack against them or combating of an offence or countering of a threat by them a person who is recruited to secret co-operation is established to have partial or no work ability or temporary loss of work ability which did not result in partial or no work ability, the person who is recruited to secret co-operation is paid a benefit.
[RT I, 27.05.2022, 2 – entry into force 01.07.2022]

 (3) In the cases specified in subsection 1 and 2 of this section the lump-sum compensation is paid pursuant to the same grounds and rules which are prescribed upon payment of compensation in the cases provided in §§ 49 and 491 of the Civil Service Act, taking into account the specifications provided in this section.

 (4) The calculation of the compensation specified in subsections 1 and 2 of this section is based on:
 1) the basic wage rate corresponding to the lowest wage grade or the lowest basic wages of an official of the Estonian Internal Security Service, except the police officer, if a contract on recruitment of a person to secret co-operation has been entered into with the Estonian Internal Security Service;
 2) the lowest basic wages of an official of the Estonian Foreign Intelligence Service if a contract on recruitment of a person to secret co-operation has been entered into with the Estonian Foreign Intelligence Service.
[RT I, 05.05.2017, 1 − entry into force 01.07.2017]

§ 25.  Restrictions on right to confidentiality of messages

 (1) In the cases provided in this section, a security authority is permitted to restrict a person’s right to the confidentiality of messages sent or received by them by post, telegraph, telephone or other commonly used means.

 (2) A security authority may, within the limits of its competence, restrict a person’s right to the confidentiality of messages in order to combat a criminal offence if there is sufficient information to indicate that a criminal offence is being prepared or committed.

 (3) A person’s right to the confidentiality of messages is restricted by:
 1) examination of a postal item;
 2) wire-tapping, observing or recording a message or other information transmitted over an electronic communications network;
 3) wire-tapping, observing or recording information communicated by any other means.
[RT I 2004, 87, 593 –entry into force 01.01.2005]

§ 26.  Restrictions on right to inviolability of home, and family or private life

 (1) A security authority may restrict a person’s right to the inviolability of home, and family or private life in the cases provided in this section.

 (2) An official of a security authority may, within their competence and in order to combat a criminal offence, enter or search a person’s premises, building, enclosed area, vehicle or computer system without the consent of the person on the order of the head of the security authority in order to ensure national security or if there is sufficient information to indicate that a criminal offence is being prepared or committed and if collection of information is necessary for combating the criminal offence.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (3) A person’s right to the inviolability of home, and family or private life is restricted by:
 1) collection and processing of personal data;
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]
 2) covert surveillance;
 3) covert establishment of identity;
 4) collection of information on the fact, duration, manner and form of transmission of messages over an electronic communications network, and on the personal data and location of the sender or receiver of such messages;
 5) covert entry in the person’s premises, building, enclosed area, vehicle or computer system for the purposes of covert collection or recording of information or installation and removal of technical aids necessary for such purposes;
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]
 6) covert examination of an item and, if necessary, covert alteration of the item, damage to the item or replacement of the item.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (4) On the basis of a written agreement entered into with a security authority and within the competence of the security authority, a person recruited for secret co-operation may also restrict a person’s right to the inviolability of home, and family or private life pursuant to the procedure provided in § 27 of this Act.
[RT I 2004, 87, 593 – entry into force 01.01.2005]

§ 27.  Procedure for restriction of right to confidentiality of messages and right to inviolability of home, and family or private life

 (1) In the case of a need to restrict a person’s right to the confidentiality of messages or to the inviolability of home, and family or private life in the manner specified in clause 5 of subsection 3 of § 26 of this Act, the head of a security authority submits to the chairman of an administrative court or an administrative judge appointed by the chairman a reasoned written application for the corresponding permission. The application must set out the manner of restriction of the corresponding right.

 (2) Grant, extension and revocation of a permission and declaration as justified of restriction of a person’s right to the confidentiality of messages or to the inviolability of home, and family or private life in the manner specified in clause 5 of subsection 3 of § 26 of this Act are decided without a delay and without holding a court session, pursuant to the provisions of the Code of Administrative Court Procedure concerning granting permission for administrative measure. Permission may be granted for a period of up to two months or extended for the same period at a time.

 (21) In emergencies if there is a threat to the national security or if there is sufficient information to indicate that a criminal offence is being prepared or committed and the act specified in subsection 1 of this section is necessary to combat a criminal offence and it is impossible to apply for the permission specified in subsection 2 of this section, the act may be performed with the permission of the administrative court, which is issued in a manner which can be reproduced. The head of the security authority submits a reasoned application which can be reproduced as a basis for the permission to the chairman of an administrative court or an administrative judge appointed by the chairman at the first opportunity but no later than on the day following the day of commencing the act. The application sets out the manner and duration of the restriction of the specified right. The chairman of an administrative court or an administrative judge appointed by the chairman decides on the continuation of the act with the permission specified in subsection 2 of this section.
[RT I, 05.05.2017, 1 − entry into force 01.07.2017]

 (22) The permission which is issued in an emergency in a manner which can be reproduced must include the following data:
 1) the name of the person who issued the permission:
 2) the date and time of issue of the permission;
 3) the act for performing of which the permission is issued;
 4) the name of a person with regard to whom the act is performed if it is known;
 5) the term of the permission.
[RT I, 05.05.2017, 1 − entry into force 01.07.2017]

 (3) Restriction of a person’s right to the inviolability of home, and family or private life is decided by the head of a security authority or an official authorised thereby in case of an action specified in clauses 2–4 and 6 of subsection 3 of § 26 of this Act. The decision is valid for the term indicated therein but for no longer than two months.
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]

 (4) The acts specified in clause 2 of subsection 3 of § 25 and in clause 4 of subsection 3 of § 26 of this Act are performed in accordance with the relevant provisions of the Electronic Communications Act.
[RT I 2004, 87, 593 –entry into force 01.01.2005]

§ 28.  Methods and means of covert collection of information

  The methods and means to be used by a security authority in covert collection of information are established by a regulation of the relevant minister. The regulation is submitted to the Security Authorities Surveillance Committee of the Riigikogu for information purposes.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

§ 29.  Notifying persons of act

  [RT I, 26.05.2020, 1 – entry into force 05.06.2020]

 (1) A person in respect of whom an act referred to in subsection 3 of § 25 or clause 2, 5 or 6 of subscetion 3 of § 26 of this Act was performed or whose fundamental rights or freedoms were significantly restricted by said act and who was identified in the course thereof is notified by a security authority of the time and type of the act promptly after the declassification of information collected by the act.

 (2) A security authority need not notify a person of the time and type of an act referred to in subsection 1 of this section if notification may:
 1) significantly harm another person’s rights and freedoms guaranteed by law or put another person at risk;
 2) endanger the confidentiality of the security authority’s means, methods or tactics;
 3) endanger the source of information or a person recruited to secret co-operation;
 4) harm exchange of information between security authorities or co-operation with a foreign state or an international organisation.

 (3) By a resolution of the head of the security authority which performed an act or a resolution of an official authorised thereby, a person need not be notified until the basis for not notifying of the act as provided in subsection 2 of this section ceases to exist.

 (4) If one year has passed from the declassification of information collected by an act and the basis for not notifying of the act as provided in subsection 2 of this section has not ceased to exist, the head of the security authority or an official authorised thereby decides to never notify the person, except in the event provided in subsection 5 of this section.

 (5) If one year has passed from the declassification of information collected by an act provided in subsection 3 of § 25 or clause 5 of subsection 3 of § 26 of this Act and the basis for not notifying of the act as provided in subsection 2 of this section has not ceased to exist, the head of the security authority which performed the act or an official authorised thereby applies, no later than 15 days before the end of said time limit, to the president of the relevant administrative court or an administrative court judge designated thereby for a permission to never notify the person. Grant or refusal of permission is decided under the provisions of the Code of Administrative Court Procedure that govern granting permission for an administrative measure.
[RT I, 26.05.2020, 1 – entry into force 05.06.2020]

§ 30.  Storage of information

  Information collected in the manner provided in § 25 or § 26 of this Act is stored in information files. A separate information file is opened for each individual case. The procedure for keeping and storing files is established by a regulation of the minister in charge of the policy sector governed by the Ministry of the Interior or the Ministry of Defence.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

§ 31.  Communication of information to security authority

 (1) For the performance of its functions, a security authority has the right to obtain personal data and other information from:
 1) a state authority;
 2) a local authority;
 3) a legal person in public law;
 4) a holder of office in public law;
 5) a person performing administrative duties upon the performance of public law functions;
 6) a natural person or legal person in private law.

 (2) In the case of subsection 1 of this section, the authority and person who provided information may apply the restrictions provided in subsection 3 of § 211 of this Act when processing information which contains personal data.
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]

§ 311.  Access to databases

  For the performance of their functions imposed by law, security authorities have access, free of charge, to information held in databases established on the basis of the Public Information Act.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

§ 32.  Communication of information by security authority

 (1) Information which is received in the performance of the functions of a security authority must be communicated to another state authority if it is necessary for the performance of the functions imposed on the state authority and it does not harm the performance of the functions of the security authority.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (2) Information which is received in the performance of the functions of a security authority must be communicated to another state authority and to a natural or legal person if it is necessary for combating a crime of terrorism or if it is related to a threat of commission of a crime of terrorism and it does not harm the performance of the functions of the security authority.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (3) Information which is received in the performance of the functions of a security authority may be communicated to a company with state participation if it is necessary for the performance of its functions and it does not harm the performance of the functions of the security authority.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (31) Information which is received in the performance of the functions of a security authority may be transferred to another person or authority if it is necessary for the performance of the functions of the security authority. For the performance of obligations arising from an international agreement, legislation of the European Union or other laws, information which is received in the performance of the functions of the security authority may also be transferred to a foreign state or an international organisation.
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]

 (4) An authority or a person who has received information under subsections 1–31 of this section may apply the restrictions on the rights of data subjects provided in subsection 3 of § 211 of this Act when processing information which contains personal data.
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]

§ 33.  Organisation of protection of communications

  [Repealed – RT I, 31.12.2022, 2 – entry into force 10.01.2023]

§ 34.  Exchange of information with foreign state and international organisation

  [Repealed – RT I 2007, 16, 77 – entry into force 01.01.2008]

§ 341.  General conditions of application of special measures

 (1) The right to apply a special measure provided in §§ 342–348 of this Act upon the performance of their duties lies with an official of a security authority who is not a police officer, provided they have completed relevant training.

 (2) Direct coercion may be applied upon the application of a special measure provided in §§ 344–348 of this Act in accordance with the rules provided in §§ 76–78 of the Law Enforcement Act and as long as this is indispensable for achieving the objective.

 (3) Application of a special measure provided in §§ 344–348 of this Act is allowed until the arrival of the police.
[RT I, 31.12.2022, 2 – entry into force 10.01.2023]

§ 342.  Processing of personal data by using monitoring equipment

  In order to monitor events taking place in the territory of a security authority and its immediate vicinity, the security authority may use monitoring equipment transmitting or recording images where this is necessary for preventing, ascertaining or countering an imminent threat to the premises or staff of the security authority or for stopping an attack against them.
[RT I, 31.12.2022, 2 – entry into force 10.01.2023]

§ 343.  Questioning and requiring of documents

 (1) A security authority may stop a person who is in the territory of the security authority or its immediate vicinity and question them and require them to present their identity document where there is reason to believe that the person has information necessary for ascertaining or countering an imminent threat to the premises or staff of the security authority or for stopping an attack against them.

 (2) Recording such questioning and requiring of presentation of documents in a report is subject to the provisions of subsections 2 and 4 of § 30 of the Law Enforcement Act.
[RT I, 31.12.2022, 2 – entry into force 10.01.2023]

§ 344.  Establishment of identity

  A security authority may establish the identity of a person who is in the territory of the security authority or its immediate vicinity on the basis of their valid identity document or, where this is not possible, in another lawful manner and verify through a database the authenticity of information entered on the document or provided by the person where this is necessary for ascertaining or countering an imminent threat posed by the person to the premises or staff of the security authority or for stopping an attack against them.
[RT I, 31.12.2022, 2 – entry into force 10.01.2023]

§ 345.  Detention of person

 (1) A security authority may detain a person who is in the territory of the security authority or its immediate vicinity by locking them to a room or a vehicle or by restricting their physical liberty in another manner to a significant extent if:
 1) they force or have forced themselves in the territory of the security authority or they are there without an appropriate authorisation or other legal basis;
 2) there is a suspicion that they have committed an offence against the premises or staff of the security authority;
 3) they pose a threat to the premises or staff of the security authority or other persons in the territory of the security authority.

 (2) A person detained is to be informed of the reason for their detention.

 (3) A person may be detained until the basis for the detention ceases to exist but for no longer than six hours.

 (4) A person detained under clause 1 of subsection 1 of this section whom there is no reason to suspect of commission of an offence is to be showed out of the territory of the security authority and released.

 (5) A person detained under clause 2 or 3 of subsection 1 of this section is to be handed over to the police at the first opportunity.
[RT I, 31.12.2022, 2 – entry into force 10.01.2023]

§ 346.  Security check

 (1) A security authority may check a person or their clothing by way of observation and feeling or by means of a technical device or a service animal with relevant training in order to ensure that the person does not possess items or substances by which they may endanger themselves or other persons or the premises of the security authority or hurt the performance of the functions of the security authority when the person:
 1) enters or leaves the territory of the security authority;
 2) is in the territory of the security authority or its immediate vicinity if checking is necessary for ascertaining an imminent serious threat to the premises or staff of the security authority or for countering an immediate serious threat;
 3) is detained under § 345 of this Act.

 (2) Security checks are subject to the provisions of subsection 2 of § 47 of the Law Enforcement Act.
[RT I, 31.12.2022, 2 – entry into force 10.01.2023]

§ 347.  Examination of movable

 (1) A security authority may, without the consent of the possessor, check a movable sensuously or by means of a technical device or a service animal, including open doors and eliminate other obstacles if:
 1) it is carried by a person entering or leaving the territory of the security authority;
 2) it is carried by a person who may be subjected to a security check on the basis of § 346 of this Act;
 3) it is necessary for ascertaining an imminent serious threat to the premises or staff of the security authority or for countering an immediate serious threat and the person is in the territory of the security authority or its immediate vicinity.

 (2) Examination of a movable is subject to the provisions of subsections 2–4, 51 and 6 of § 49 of the Law Enforcement Act.
[RT I, 31.12.2022, 2 – entry into force 10.01.2023]

§ 348.  Taking movable into storage

 (1) A security authority may take a movable into storage:
 1) for countering an immediate threat to the premises or staff of the security authority or for stopping an attack against them;
 2) if the item is possessed by a person detained under § 345 of this Act and there is a risk that the person will use the item to kill or injure themselves or another person or to damage another person’s item or to escape;
 3) if in the course of a security check carried out on the basis of § 346 of this Act an object which is not prohibited by law but which may endanger the person themselves or another person or hurt the performance of the functions of the security authority is detected;
 4) if the movable is permitted to be examined on the basis of § 347 of this Act and taking it into storage is necessary in order to take a sample or measurements of the movable or give an expert assessment on the movable.

 (2) Taking a movable into storage is subject to the provisions of subsections 2–4 of § 52 of the Law Enforcement Act.
[RT I, 31.12.2022, 2 – entry into force 10.01.2023]

§ 35.  Special equipment and weapons of official of security authority and use thereof

  [RT I, 31.12.2022, 2 – entry into force 10.01.2023]

 (1) Special equipment allowed for an official of a security authority is:
 1) handcuffs;
 2) binding means;
 3) a service animal.

 (2) Weapons allowed for an official of a security authority are:
 1) a firearm;
 2) a gas weapon;
 3) a cut-and-thrust weapon;
 4) an electric shock weapon.

 (3) An official of a security authority may use special equipment and a weapon, provided they have completed relevant training:
 1) for applying direct coercion;
 2) for countering a threat on the conditions provided in subsections 4 and 5 of this section.

 (4) An official of a security authority has the right to use special equipment, a gas weapon and a cut-and-thrust weapon for countering a significant and a serious threat, and a firearm and an electric shock weapon for countering a serious threat where countering the threat by other means harming a person less is not possible or is not possible in a timely manner, and with the consideration that in using special equipment or a weapon every effort is made in order not to jeopardise another significant benefit.

 (5) A firearm and an electric shock weapon may only be used with regard to a person as a last resort to make them incapable of attacking, offering resistance or escaping if it is necessary to counter an immediate threat to the life or physical inviolability of an official of a security authority or another person and if it is not possible to achieve this objective by using the same weapon against an animal or a thing or by using physical force or special equipment.
[RT I, 31.12.2022, 2 – entry into force 10.01.2023]

§ 351.  Handling of explosives

 (1) In the performance of their duties, an official of the Estonian Internal Security Service may handle explosives.

 (2) The procedure for handling explosives by the Estonian Internal Security Service is established by the Director General of the Estonian Internal Security Service.
[RT I, 14.03.2023, 21 – entry into force 15.03.2023]

Chapter 5 SUPERVISION  

§ 36.  Security Authorities Surveillance Committee of Riigikogu

 (1) The Security Authorities Surveillance Committee of the Riigikogu is a select committee of the Riigikogu which exercises supervision over authorities of executive power in matters relating to the activities of the security authorities and surveillance agencies, including compliance with requirements for personal data processing, guarantee of fundamental rights and efficiency of the work of the security authorities and surveillance agencies, and also in matters relating to supervision exercised over the security authorities and surveillance agencies.
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]

 (2) The Prime Minister and a relevant minister inform the Committee of the activities of the security authorities and surveillance agencies and of supervision over their activities, including submit an overview of such matters at least once in every six months.

 (3) In order to perform functions related to the work of the Committee, the Committee has the right to summon persons and require documents for examination.

 (4) The Committee deliberates the draft budget of a security authority concurrently with the deliberation of the draft state budget in the Riigikogu.

 (5) The Committee submits an overview of the activities and the results of the Committee to the Riigikogu at least once a year.

 (6) If an offence is discovered, the Committee is required to forward the relevant materials to an investigative body or the Chancellor of Justice.

 (7) The members and officials of the Committee are required to maintain the confidentiality of a state and personal secret as well as classified information of a foreign state which have come to their knowledge in the course of their work.
[RT I 2007, 16, 77 – entry into force 01.01.2008]

§ 37.  Restrictions of communication of information to the Security Authorities Surveillance Committee

  [Repealed – RT I 2007, 16, 77 – entry into force 01.01.2008]

Chapter 6 IMPLEMENTING PROVISIONS  

§ 38.  Transformation of select committee of Riigikogu formed for verification of lawfulness of activity of Estonian Internal Security Service and of surveillance activities

  The select committee formed by a resolution of the Riigikogu of 29 April 1999 for the verification of the lawfulness of the activity of the Estonian Internal Security Service and of surveillance activities is transformed into the Committee provided in § 36 of this Act.

§ 39. – § 47. [Omitted from this text.]

§ 48.  Entry into force of Act

  This Act enters into force on 1 March 2001.

https://www.riigiteataja.ee/otsingu_soovitused.json