⚡ Event-Driven Service Bus

National infrastructure for real-time life and business event orchestration

What It Is

An Event-Driven Service Bus is a national messaging infrastructure that broadcasts significant life and business events to subscribed government agencies and authorized service providers. Instead of citizens manually notifying each organization about changes (address, employment, family status), events flow automatically to systems that need to react.

Core Paradigm Shift: From "notify-by-default" (citizen tells everyone) to "subscribe-and-react" (agencies listen for relevant events). Birth, marriage, company formation—these trigger cascading workflows across the ecosystem without human intervention.

This isn't just pub/sub messaging. It's a semantic event mesh with standardized event schemas (linked to interoperability vocabularies), consent management, audit trails, and choreographed service orchestration. Think Kafka meets W3C Event Streams meets GDPR.

Technical Architecture

Core Components

Component Technology Role
Event Broker Apache Kafka, Azure Event Hubs, AWS EventBridge Durable, scalable event streaming platform
Schema Registry Confluent Schema Registry, JSON Schema + SHACL Centralized event schema definitions (versioned)
Event Catalog AsyncAPI, CloudEvents spec Documentation + discovery for subscribers
Consent Engine OAuth 2.0 scopes, GDPR consent logs User-controlled event sharing permissions
Audit Log Immutable append-only log (Kafka compacted topics) Track all event publications/subscriptions for compliance
Dead Letter Queue Retry logic + alerting Handle failed deliveries (e.g., subscriber system down)
Event Gateway REST API + WebSocket (for real-time consumers) Subscribers connect via HTTP or persistent connections

Event Mesh Architecture

┌────────────────────────────────────────────────────────────────────┐ │ National Event-Driven Service Bus │ └────────────────────────────────────────────────────────────────────┘ ┌───────────────────┐ │ Event Producers │ │ (Authoritative │ │ Data Sources) │ └─────────┬─────────┘ │ ┌─────────────┼─────────────┐ │ │ │ ┌────────▼───────┐ ┌──▼──────┐ ┌───▼────────┐ │ Hospital │ │ PRH │ │ Tax Office │ │ (Birth Event) │ │ (BizReg)│ │ (Income) │ └────────┬───────┘ └──┬──────┘ └───┬────────┘ │ │ │ └─────────────┼─────────────┘ │ ┌────────▼─────────┐ │ Event Broker │ │ (Kafka Topics) │ │ - life.birth │ │ - biz.formation │ │ - tax.income │ └────────┬─────────┘ │ ┌─────────────┼─────────────┐ │ │ │ ┌────────▼───────┐ ┌──▼─────────┐ ┌▼──────────┐ │ Population │ │ Kela │ │ Daycare │ │ Registry │ │ (Benefits) │ │ System │ │ (Subscriber) │ │ (Auto-App) │ │ (Enroll) │ └────────────────┘ └────────────┘ └───────────┘ Data Flow: 1. Hospital publishes "birth" event → Kafka topic 2. Population Registry subscribes → auto-registers child 3. Kela subscribes → calculates benefit eligibility, pre-applies 4. Daycare system subscribes → adds to waiting list 5. Parent sees: "4 services updated automatically" Privacy: Event contains minimal PII (encrypted personal ID + event type) Full data fetched via API only by authorized subscribers (with consent)

Event Design Patterns

Event Types

Pattern Description Example
State Change Event Entity transitioned to new state "PersonAddressChanged", "CompanyDissolved"
Domain Event Significant business occurrence "ChildBorn", "EmploymentStarted", "PropertySold"
Notification Event Informational (no action required) "DocumentViewed", "ServiceAccessed"
Command Event Request for action (CQRS pattern) "CancelBenefit", "ScheduleInspection"

Event Schema (CloudEvents Standard)

{ "specversion": "1.0", "type": "fi.dvv.person.address.changed", "source": "https://dvv.fi/population-registry", "id": "A234-1234-1234", "time": "2026-03-15T14:30:00Z", "datacontenttype": "application/json", "dataschema": "https://tietomallit.suomi.fi/model/PersonAddress/v1", "subject": "urn:person:010186-900C", // Finnish personal ID (hetu) "data": { "personId": "010186-900C", "oldAddress": { "street": "Mannerheimintie 5", "city": "Helsinki", "postalCode": "00100" }, "newAddress": { "street": "Käpylänkuja 3", "city": "Oulu", "postalCode": "90100" }, "effectiveDate": "2026-03-20", "consentScope": "address-change-notification" }, "consent": { "givenBy": "urn:person:010186-900C", "authorizedSubscribers": ["kela.fi", "vero.fi", "posti.fi"] } }

Subscription Model

# Subscriber registration (e.g., Kela subscribes to birth events) POST /api/subscriptions Authorization: Bearer {agency-token} { "subscriberId": "kela.fi", "eventTypes": ["fi.dvv.person.birth"], "filter": { "data.parentResidency": "Finland" // Only Finnish residents }, "webhook": "https://kela.fi/api/event-handler", "consent": { "requiredScopes": ["birth-notification", "benefit-eligibility"], "purpose": "Automatic child benefit processing" } } Response: { "subscriptionId": "sub-kela-birth-001", "status": "active", "eventsDelivered": 0, "createdAt": "2026-01-01T00:00:00Z" }

Real-World Life Event Flows

Event 1: Birth of a Child

Traditional Flow (Manual):
  1. Parent receives paper birth certificate at hospital
  2. Parent visits population registry → registers child
  3. Parent contacts Kela → applies for child benefit (form)
  4. Parent contacts daycare → enrolls in queue (separate form)
  5. Parent updates health records → separate system
Time: 2-4 weeks, 5+ forms, repeated data entry
Event-Driven Flow (Automated):
  1. Hospital publishes event: "fi.health.birth" (child ID, parent IDs, birthdate)
  2. Population Registry subscribes → auto-registers child, issues personal ID
  3. Kela subscribes → calculates eligibility, pre-fills benefit application, sends to parent's wallet
  4. Daycare system subscribes → adds child to municipal waiting list
  5. Tax office subscribes → updates parent's tax card (child deduction)
  6. Parent receives notification: "5 services updated. Review and confirm benefit application."
  7. Parent confirms → benefit payment starts automatically
Time: 24 hours, 1 confirmation, zero forms

Event 2: Starting Employment

Event Flow:
  1. Employer publishes: "fi.employment.started" (employee ID, employer ID, start date)
  2. Tax office subscribes → adjusts prepayment (no more unemployment deduction)
  3. Kela subscribes → terminates unemployment benefit
  4. Pension fund subscribes → enrolls employee
  5. Employee's wallet subscribes → receives tax card update notification
Result: No manual filing, automatic compliance

Event 3: Company Formation

Event Flow:
  1. PRH publishes: "fi.business.registered" (company ID, industry, founders)
  2. Tax office subscribes → opens tax account, issues VAT number
  3. Statistics Finland subscribes → adds to business register
  4. Pension authority subscribes → creates employer account
  5. Chamber of Commerce subscribes → sends onboarding materials
  6. Company wallet receives: Registration certificate + VAT number as VCs
Time: Same-day registration, all IDs issued automatically

Governance & Compliance

Privacy & Consent

Requirement Implementation
GDPR Article 6 (Lawful basis) Events published under legal obligation (population registry law) or explicit consent
Consent Management Users control which agencies receive their events (via consent dashboard)
Data Minimization Events contain minimal PII; full details fetched via API (need-to-know)
Right to Object Users can block specific subscriptions (e.g., marketing-related)
Audit Trail Every event access logged (who, when, purpose) for 5+ years
Encryption Events encrypted in transit (TLS) and at rest (AES-256)

Access Control

# Example: Kela authorized to subscribe to birth events 1. Kela registers as authorized subscriber: - Provides organization DID (did:web:kela.fi) - Declares legal basis (Social Security Act §15) - Specifies data usage purpose (benefit eligibility) 2. Event Bus validates: - Kela in Trust Registry as authorized agency - Purpose aligns with declared event type - Required security certifications (ISO 27001) valid 3. Subscription approved → Kela receives events 4. Each event delivery logged for audit 5. If citizen revokes consent → subscription filtered (unless legal obligation overrides, e.g., tax reporting)
Legal Challenge: Balancing automation with user control. Not all events can be "opt-out" (e.g., tax reporting is mandatory). Clear legal framework needed to define which events are consent-based vs. obligation-based.

Technology Stack Recommendation

Layer Options Rationale
Event Broker Apache Kafka (on-prem/cloud) Battle-tested, scales to millions of events/sec, strong ecosystem
Schema Management Confluent Schema Registry + JSON Schema Versioning, compatibility checks, integrates with Kafka
Event Gateway Kong Gateway, AWS API Gateway Rate limiting, authentication, subscriber management
Streaming Processing Apache Flink, Kafka Streams Real-time event transformation, filtering, enrichment
Monitoring Prometheus + Grafana, ELK stack Track event throughput, delivery failures, latency
Consent Store PostgreSQL + Redis cache Fast consent lookups (cached for performance)

Deployment Roadmap

Phase Timeframe Scope
Pilot 2025 Single event type (e.g., address change) across 3 agencies
Core Life Events 2026 Birth, death, marriage, address, employment (national rollout)
Business Events 2027 Company formation, dissolution, ownership changes
Private Sector Integration 2027-2028 Banks, insurers, utilities subscribe to relevant events (with consent)
Cross-Border 2028+ EU-wide event federation (e.g., Finnish birth recognized in Germany)

Technical References

Back to Overview