There are limitations concerning the critical or essential services. Banking systems are one of them. For example, after the 2007 attacks, some Swedish banks wanted to take the data from Estonia and keep it in Sweden. The Estonian Parliament regulated that the data concerning banking information must also be located in Estonia. They can keep it in Sweden or other countries if they want to, of course in an encrypted way, but it must also be in Estonia so that if something happens with Internet connectivity, it doesn't affect the provision of service.
On March 22nd, 2018. See this statement in context.