When election administrators consider moving to a digital or hybrid format, the first question is rarely about cost or accessibility. It is almost always about security.

The format you choose for an election determines not just who can participate, but whether the result will be trusted. And a result that can be credibly challenged is not a valid result, regardless of how efficiently it was produced.

Security in digital elections is a topic we cover in depth in our elections format guide. But it is worth unpacking here because it shapes every other decision in the format conversation.

The difference between security and the perception of security

Digital voting systems can be technically secure and still fail to generate trust. This is one of the most important distinctions in the elections world, and one that is often overlooked in conversations about format.

Switzerland is the most cited example. The country paused its internet voting programme in 2019 after public penetration testing uncovered security vulnerabilities. The system was not being actively exploited. But the discovery that vulnerabilities existed was enough to pause the entire programme for four years.

The Swiss Federal Chancellery took the decision that public confidence in the process was as important as the technical integrity of the system itself. Internet voting trials only resumed in June 2023 once those concerns had been fully addressed. That standard, where both security and the perception of security must be maintained, is the right one for any organization running a digital election.

A result that can be credibly challenged is not a valid result, regardless of how efficiently it was produced

What good security actually looks like

Security in digital elections is not a single feature. It is a set of requirements that work together to protect the integrity of the process from start to finish.

The four non-negotiable requirements are:

  1. Voter authentication: Only eligible voters can participate, and each voter can only vote once. This requires robust identity verification that is both secure and accessible.
  2. Ballot secrecy: Where required, individual votes must not be traceable to individual voters. This is both a legal requirement in many contexts and a fundamental principle of democratic elections.
  3. End-to-end verifiability: Voters should be able to confirm that their vote was recorded as cast. Independent observers should be able to verify the overall result without compromising ballot secrecy.
  4. Resistance to manipulation: The system must be protected against both external attack and insider threats. Not all platforms meet this standard, which is why platform selection is one of the most consequential decisions in running a digital election.

Process design matters as much as platform security

A technically secure platform running a poorly designed process is still a vulnerable election. Platform security is only one component of trust.

How voters are identified and credentialed before the election opens, how disputes and technical issues are handled during it, and how results are communicated and documented afterwards all affect whether the election is accepted as legitimate. These are process design questions, not technology questions, and they deserve the same level of attention as the platform itself.

Organizations that run credible digital elections typically do three things well beyond choosing the right platform:

  1. They communicate clearly with voters in advance about how the process works, how their vote is protected and what to do if they encounter a problem. Familiarity with the process builds confidence in it.
  2. They seek legal sign-off before the election opens, particularly where the result could be challenged. Proceeding without the appropriate legal grounding creates organizational risk that no platform can mitigate.
  3. They publish a full audit trail after the election to any party with a legitimate right to review the process. Transparency after the fact reinforces trust in the process before the next one.
What this means for the format decision

None of this means digital elections are inherently riskier than in-person ones. In-person elections have their own security vulnerabilities, including ballot stuffing, counting errors and chain of custody issues that digital systems can actually reduce.

What it means is that the security conversation needs to happen before the format decision is made, not after. Organizations that approach digital elections with security as a primary consideration, selecting platforms that meet the verifiability standard, designing robust processes around them and communicating clearly with voters, consistently run elections that are both secure and trusted.

Estonia has been offering online voting since 2005 and in its 2023 parliamentary elections, 51% of all votes cast were submitted online. The first time in Estonian history that online votes outnumbered paper ballots.

That level of adoption and trust did not happen by accident. It was built through consistent investment in platform security, transparent processes and clear voter communication over two decades. It is the model for what digital elections can look like when security is treated as the foundation rather than an afterthought.

Are you working out the right format for your next election? Our guide covers the full picture: the trade-offs between in-person, hybrid and digital, the regulatory picture across key markets, a dedicated section on security and what good looks like, and a framework to help you work out what fits your specific situation.

Download the elections format guide

Also planning AGMs, investor events or member meetings? Our companion meeting format guide covers the same ground for governance teams.

Download the meeting format guide