Two key committees of the Estonian parliament, the Riigikogu, have recently backed revisions to a contentious bill popularly known as the money laundering “superdatabase law,” designed to expand the data-gathering powers of Estonia’s Financial Intelligence Unit (FIU). This move comes after the president refused to sign the bill into law earlier this summer due to concerns over constitutional compliance and the protection of personal data rights. The revised bill aims to balance enhanced crime-fighting capabilities with the safeguarding of citizens’ informational self-determination, representing a careful legislative effort amid public and institutional debate about privacy and security.
Background and Initial Controversy
The original bill, formally an amendment to the Money Laundering and Terrorist Financing Prevention Act and the International Sanctions Act, was passed by the Riigikogu in June 2025. It sought to strengthen the FIU’s strategic and profile analysis, as well as text- and data-mining abilities, creating a comprehensive “superdatabase” of financial and related data to detect and prevent money laundering and terrorism financing more effectively. Oversight of the expanded data powers was to be handled by the Data Protection Inspectorate (AKI), with annual reporting to the Riigikogu’s Security Authorities Surveillance Select Committee.
However, President Alar Karis declined to sign the legislation in July, citing substantial concerns about the legislation’s impact on constitutional rights, particularly regarding limits placed on informational self-determination. His criticism focused on how the law allowed extensive discretion to the FIU with insufficient targeted safeguards, risking excessive invasion of privacy. Chancellor of Justice Ülle Madise echoed these concerns, warning that the law might be unconstitutional, potentially requiring adjudication in the Supreme Court if enacted without amendment.
Parliamentary Response and Committee Actions
Following the presidential veto, two Riigikogu committees—the Finance Committee and the Constitutional Committee—acted swiftly to revise the bill. The Finance Committee chair, MP Annely Akkermann of the Reform Party, emphasized the law’s necessity to reinforce measures against money laundering and terrorism while clarifying the FIU’s duties and personal data handling to meet constitutional standards.
The Constitutional Committee convened an extraordinary sitting to deliberate on the amendment, ultimately voting in favor of revising the bill to address the president’s concerns. The revised legislation is expected to implement clearly defined control mechanisms ensuring that data collection and use by the FIU are narrowly tailored, with robust external oversight to prevent arbitrary or excessive data processing.
President Karis has publicly underscored the delicate balance between effective crime-fighting and protecting citizens’ privacy rights as central to this legislative process. He acknowledged the practical need for transparency and control mechanisms within security laws to foster public trust in law enforcement and intelligence agencies. His stance reflects a societal dialogue on maintaining privacy without undermining the state’s capacity to combat serious financial crimes.
Importance of the Law and Broader Context
The money laundering “superdatabase law” represents a critical tool in Estonia’s strategy against increasingly sophisticated financial crimes. As a member of the European Union and the Financial Action Task Force (FATF), Estonia’s legislative updates align with global efforts to strengthen anti-money laundering (AML) and counter-terrorism financing (CTF) frameworks. Expanding the FIU’s capabilities addresses emerging threats such as complex money laundering schemes and the financing of terrorism, which exploit technological advancements and cross-border financial flows.
The amended law also fits into a broader legislative pattern focusing on regulatory transparency and effective oversight. Similar discussions have recently surrounded other legislative acts, such as the Churches and Congregations Act, where control over legal means rather than general aims has been emphasized to ensure constitutional compliance.
Oversight and Safeguards
A vital feature of the proposed changes is enhancing external oversight. The Data Protection Inspectorate’s role in supervising FIU activities ensures that data is collected and used strictly for legitimate purposes with periodic reporting to parliamentary committees. This oversight aims to prevent mission creep and protect citizens’ rights, fostering confidence in Estonia’s institutions.
The annual reporting to the Riigikogu’s Security Authorities Surveillance Select Committee will create a transparent framework to scrutinize the FIU’s expanded powers continually. Control mechanisms will specify which data types may be accessed, under what conditions, and include safeguards against unnecessary retention or misuse.
Statements from Key Figures
- MP Annely Akkermann (Finance Committee chair): Highlighted the amendment’s necessity for preventing money laundering and terrorism financing while ensuring constitutional respect for personal data rights.
- President Alar Karis: Stressed the importance of targeted legal limits and robust control mechanisms to avoid excessive invasion of privacy and maintain public trust in state security institutions.
- Chancellor of Justice Ülle Madise: Warned of possible unconstitutionality of the initial bill and recommended constitutional review if passed without adequate safeguards.
AML Editor’s article was originally published in news.err on Sep, 8 2025