Show the Thing 3: Taiwan's T-Road - an integrated data transfer platform

This is the third of a series of blog posts for Show the Thing. Hosted by Public Digital and supported by the Rockefeller Foundation, Show the Thing brings together government digital teams from around the world. This month, we heard from experts in Taiwan's digital service on their creation of an integrated data transfer platform.

Few places are as synonymous with technology and innovation as Taiwan. From its electronic giants like Acer and ASUS, to its semiconductor industry(TSMC), Taiwan has long been a technological powerhouse. Unsurprisingly, it embraced the internet-era, achieving rapid connectivity and early adoption of e-government programmes.

However, Taiwan’s digital sophistication and geopolitics have made it a target for cyber-attacks and disinformation campaigns. As a result, Taiwan's MODA is prioritising cybersecurity. To develop its next generation of smart governance and infrastructure, Taiwan drew inspiration from Estonia, an established leader in digital government and top-ranked in global digital services in the UN’s e-government surveys.

To talk about Taiwan’s introduction of a standardised data transfer platform - T-Road - and its supporting security architecture, we were delighted to welcome two MODA experts to share their experiences. Scott Chen (Section Chief of Department of Digital Service) talked through the slideshow, whilst his colleague Andrew Wang (Senior Analyst) was on hand to address any questions.

Scott and Andrew showcased an initiative that has promoted a cross-governmental approach to digital data governance and public services. This is exactly the kind of story that exemplifies our aims for Show the Thing.

Digital intersections

Estonia introduced its secure and decentralised data exchange solution, X-Road, in 2000. It became the backbone of the country’s digital infrastructure, enabling seamless information exchange between government agencies, businesses, and citizens. Recognised for its security, interoperability, and scalability, it has been widely adopted by many countries.

In Taiwan, individual agencies had been negotiating their own transmission mechanisms creating a fallible legacy of varying data formats, transmission methods, and concerns over the security of private data.

To address the challenges, Taiwan took inspiration from X-Road to develop a unified government data transfer platform named T-Road.

T-Road Capabilities

T-Road centres around many of the fundamental strengths and capabilities of X-Road, whilst innovating to cater for key preoccupations of Taiwan’s digital agenda.

This includes:

Data security and privacy: T-Road uses an internal VPN network specifically for government use. This differs from the open internet-based architecture of X-road and means T-Road data is not accessible on the internet.

Interoperability: The original agency stores T-Road data and is accessible by authorised agencies only when needed.

Scalability: T-Road has interconnected over 30 agencies, which have produced over 130 API services. Average monthly data transfers over the past three months have exceeded 1.2 million. The Ministry will ensure the interface is adopted by 47 government agencies within two years

Accountability: T-Road has adopted the Data Protection Impact Assessment (DPIA) mechanism as well as international certifications such as ISO 27001 and ISO 27701 for Privacy Information Management. This helps build accountability and sustainability through standardisation.

To help introduce the necessary changes and overcome barriers such as complexity, resistance to change, and a lack of necessary skills, T-Road is supported by a team of implementation experts and benefits from a top-down approach of policy dissemination.

Benefits to citizens

It is not only the government that benefits from T-Road. Citizens will also see improvements to the efficiency of government services and reduced administrative requirements, whilst having great confidence in the safety of their personal data.

To demonstrate this, MODA presented two use cases.

T-Road-Use-Case-1.webp
T-Road-Use-Case-2.webp

Zero Trust Architecture (ZTA)

ZTA provides enhanced security by assuming no inherent trust within networks or users. This reduces the risk of breaches, protects sensitive data, and enables secure access controls.

Many governments have identified the value of ZTA and have begun adopting its principles. Taiwan has gone further than most, though has decided to do so within their own network. In 2023, the Taiwan government mandated agencies handling nationally significant personal data to adopt T-Road and ZTA.

Taiwan’s adoption of ZTA has been informed by the US Government’s guidance. It specifically references the National Institute of Standards and Technology’s (NIST) Special Publication 800-207 (2020).

Its own ZTA involves the use of an access gateway. This gateway serves as a mandatory checkpoint for users, requiring them to verify their device and user identities. Advanced authentication methods (like FIDO2) are employed for this purpose. The primary goal is to establish a robust trust inference mechanism before granting access to information systems.

Thank you

Taiwan is an excellent example of how an outward-facing digital agenda can drive efficiency in government and build better citizen services. Its work on T-Road and ZTA demonstrates how the country continues to innovate and collaborate to remain at the forefront of smart government.

We are extremely grateful to Scott for presenting this information and to Andrew for sharing his insight and perspective on the work. We would also like to thank our excellent hosts Andrew Greenway and Amanda Smith and our wonderful translators Bing and Lulu who ensured the smooth running of the event.

Finally, we would like to thank all attendees for their active participation and engagement and very much hope you benefited from this session.