Insights

The Cybersecurity Act is in force, but the market is still looking for answers Information security

On 1 January 2026, amendments to Estonia’s Cybersecurity Act entered into force, transposing the NIS2 Directive into Estonian law. According to the Estonian Information System Authority (RIA), this increased the number of companies and institutions required to comply with cybersecurity obligations from around 3,500 to nearly 6,500.

Artti Aston

| 8 min read | 19 May 2026

Grant Thornton Baltic proposes partial privatisation of RIA to the Ministry of Justice Information security

Grant Thornton Baltic announced on 1 April that it has proposed considering the partial privatisation of the Estonian Information System Authority (RIA) and, in cooperation, creating a new information system, MinuKüTS. The aim is to help companies finally understand which cybersecurity and information security requirements actually apply to them and what obligations they must fulfil.

Artti Aston

| 3 min read | 01 Apr 2026

When trust becomes a threat: how Google and Microsoft are being exploited in cyberattacks Information security services

In this article, we’ll explore how attackers are misusing trusted technologies - like OAuth and DKIM (more on these in a moment) - and why everyone should be cautious when a message or application requests access to user accounts.

Artti Aston

| 6 min read | 21 May 2025

Services

Audit and other assurance services

Corporate accounting and outsourcing

Payroll

Legal advisory

Business advisory

Financial advisory

Tax

Mergers and acquisitions

Business risk services and internal audit

Information security services

Sustainability services

Human resources and recruitment services

Digital services

Services for crypto companies

Starting business in Estonia?

Virtual AI assistants

Search dialog

CONNECT

ABOUT

LEGAL

Search dialog

Read our insights, reports and more