The introduction of access monitoring to data in Diia is a new level of transparency for Ukrainians

The transformation of the state into a digital platform has already become a reality for Ukrainians. The “Diia” program, which in a few years has evolved from an electronic cabinet into the main channel of communication between citizens and the government, opens a new era in the field of personal data protection. In October 2025, the Cabinet of Ministers approved the implementation of a data access monitoring subsystem in “Diia”, thanks to which every Ukrainian will have the right to know who, when, and for what purpose accessed their information in state registers.
This step carries profound meaning: the state openly demonstrates that access to data is not a privilege of an administrator or official, but a dialogue between the citizen and the digital system, which is controlled by the person themselves.
How the new monitoring option will work
The essence of the innovation is simple and extremely transparent. Every time a government agency or another entity (depending on the level of access) makes a request for a citizen’s data, this is recorded by the Diia system. The user will receive a push notification: time, name of the institution, purpose of the request. Thus, even in cases of standard government procedures (passport issuance, certificates, subsidies, etc.), a person will be able to track what government mechanisms are launched in relation to them.
The function is implemented on the basis of the “Trembita” system, which ensures interaction between registers – so register interaction, which was previously outside the citizens’ view, will become visible to everyone.
Pitfalls: exceptions, oversight, and balance
However, digital maximalism has its limitations. As noted by the Minister of Digital Transformation Mykhailo Fedorov, in exceptional cases the system will not send notifications: investigations of crimes, counterintelligence activities, anti-terrorism, pretrial processes. Similar directives are in effect in EU countries under GDPR. This approach is associated with the need to protect investigations and counter threats to national security.
At the same time, control over unauthorized access is strengthened, since even special services must justify their requests. Providing most institutions with transparent information about the legal basis for accessing sensitive data increases trust in state institutions.
Personal data, legislation, and European trends
The government’s decision harmonizes with a major update of data protection policy – draft law No. 8153 “On Personal Data Protection”. This document is aimed at the broadest possible implementation of GDPR standards. The draft law provides for the appointment of a Data Protection Officer (DPO), clear requirements for transparency, consistency, notification, and liability for leaks.
Main principles:
clearly expressed and voluntary consent for processing;
notification about the purpose and ways of use;
notification about data leaks within 72 hours;
large fines for violators (up to UAH 20 million or 8% of annual turnover).
In the context of “Diia”, these mechanisms become technological reality: everyone can control their data trail, and the state undertakes to reveal the details of this circulation.
Social effects: transparency, security, and trust
The launch of this feature is not just a technological upgrade. It demonstrates the maturity of society and government structures, recognizes the citizen’s right to privacy and control of their information. The state becomes an equal player in relations with society—while previously data circulation happened “in the kitchen”, without citizens’ tangible involvement, now this process is documented from the start, explained, and can be contested if necessary.
Such steps are key for building trust: the fewer “blind spots”, the fewer risks, abuses, and corruption in the administrative apparatus.
New risks – new approaches to protection
It is important to remember the other side: cybersecurity, prevention of leaks, and advanced audit of the entire state IT infrastructure. Opening new access channels is both an asset for citizens and a challenge for defenders of state systems against cyberattacks and insider threats.
That is why the monitoring system must be complemented by advanced technical protocols for access restriction, logging journals, and responses to hacking attempts.
Ukraine as a global digital experiment site
The strategy of Ukraine’s government is to keep pace with Western practices, considering local specifics (large number of state registers, weak digital culture in some social categories, high level of cyber threats). Several years ago, the idea that the state would be obliged to explain any access to your data seemed futuristic. Now this is Ukraine’s new digital standard.
This practice could become an example even for other countries seeking the highest balance between openness, security, and citizens’ interests protection.
Conclusion: control returns to the citizen
The introduction of notifications in “Diia” is not just another upgrade of a government application. It is a technological breakthrough that changes the paradigm of the relationship between the state and the individual. Ukrainians will no longer be passive “consumers” of electronic services, but full-fledged subjects of the digital space, where the degree of transparency, trust, and mutual control defines new rules for the entire state.

Author: Ihor Yasko, Managing Partner of “WINNER” Law Firm, PhD in Law.

If you have additional questions or need expert advice on this topic, please contact us for a consultation! Our specialists will help you find the best solution for your situation, taking into account current legislative changes and practice.
Submit a request or contact us in any way convenient for you — and receive professional support today.
Sincerely, WINNER company.