Millions in the Clouds: State Audit Criticizes Chaos in Digital Transformation of the State 0 20

Cloud technologies allow for the optimization of information and communication technology (ICT) resources, enhance security, and reduce costs. Ilze Bādere, a member of the board of the State Audit Office, emphasizes that cloud solutions are an important part of the digital transformation of public administration. Investments in this area can create a secure, efficient, and cost-effective environment for providing public services. However, to achieve tangible returns, a unified strategy, clear actions, and practical support from institutions are necessary. The key role in this belongs to both the relevant ministry — the Ministry of Environmental Protection and Regional Development (VARAM) — and individual institutions.

The audit revealed that over the past five years, state institutions' spending on ICT has more than doubled — from €147 million in 2020 to €352 million in 2024. Spending on IT services and equipment directly related to cloud solutions has tripled, reaching €258 million. In other European countries, the implementation of cloud solutions has allowed companies to reduce costs by 10–20%, but in Latvia, such calculations are not conducted. Therefore, institutions are more focused on enhancing security and optimizing resources than on potential savings.

Although the need to consolidate the state's ICT resources has been emphasized in various documents for over a decade, VARAM has still not ensured sufficiently targeted and coordinated actions. Only four institutions submitted plans for the migration of ICT resources and data, of which only one was approved. In a survey, nearly half of the institutions (48%) indicated that they had assessed the possibilities for implementing cloud solutions or had prepared plans but did not submit them to VARAM. As a result, digital transformation is occurring in a fragmented manner, without a unified state vision and oversight.

The creation of a state cloud infrastructure currently relies on four centers — the Latvian State Radio and Television Centre, the National Library of Latvia, the Information Centre of the Ministry of the Interior, and the Ministry of Agriculture (specifically, the Rural Support Service). According to auditors' estimates, half of the information systems used in public administration are located in these centers. However, with the current capacity and funding (€12.5 million until 2026), the state cloud infrastructure alone is insufficient to meet all needs. For example, institutions forecast that the volume of disk arrays should increase by 48% over two years, while the projects only account for a 20% increase. A possible solution may be to engage private cloud service providers.

VARAM has changed its approach to the use of cloud services from private providers over time — sometimes allowing it, sometimes prohibiting it. However, there are still no clear criteria for when to use foreign or local providers. Meanwhile, 44% of institutions already use services from foreign providers, and 11% use Latvian private cloud providers, which creates risks for security and transparency.

The audit showed that 86% of institutions already use some cloud services, and more than half plan to expand their use. A significant obstacle is the uncertainty surrounding security issues. Relevant regulations were supposed to be developed by April 2025. The Ministry of Defence is still working on unified security requirements for data centers. These requirements are an important condition for creating a reliable and secure state IT infrastructure, as well as for selecting cloud providers that meet security requirements. Only 57% of institutions know which specific security aspects need to be assessed when choosing services. Quality indicators for services and the distribution of responsibility in case of incidents have also not been defined, which hinders the creation of a reliable and transparent environment.

The survey results also showed that many institutions lack knowledge and practical support. Only 36% are fully familiar with VARAM's recommendations for selecting cloud services, another 36% are partially familiar, while 28% were completely unaware of them. Additionally, one-fifth of institutions (19%) do not know where to find information about providers and their usage conditions, and another 29% admitted that they only know about this partially. According to auditors, these results indicate the need to create a unified information space and provide practical assistance to institutions so that they can make informed decisions.

The State Audit Office recommends strengthening VARAM's role as a coordinator of reforms by ensuring a clear strategy and a coordinated transition to cloud technologies. Bādere emphasizes that institutions have varying levels of resources and experience in ICT, so a unified operational environment is a necessary condition for balanced ICT development in public administration, allowing for the elimination of the gap in capabilities between institutions. Such an environment is essential for ensuring compatibility, quality, and security, as well as for providing institutions with access to information and support — including methodological materials and contract templates — in one place.

Four recommendations were given to VARAM, the implementation of which will help improve the adoption of cloud services in public administration. The ministry was advised to assess the necessary resources and facilitate a targeted and coordinated transition to cloud solutions throughout the management system. Consistency in the state cloud platform and service provision, as well as a unified understanding of implementation policy and available support, must be ensured. Institutions should have access to information about policies, regulations, and practical recommendations for selecting and implementing services in one place. It is also necessary to ensure monitoring of service quality and costs so that cloud solutions align with state goals.