5. Latvia

The key impressions from the analysis of the digital infrastructure for Powers of Attorney (PoA) in Latvia underline a nationwide solution that handles technical standards, verification processes, and cross-sector integration, including health, tax, and business sectors, with ongoing development towards full integration and cross-border functionality.

In the healthcare sector, the use of PoA requires access to the e-veseliba platform, while for tax matters access to the relevant tax platforms is necessary. Digital identification via EU-notified national eIDs support access and legitimates users across these platforms in Latvia. In the business sector, PoAs are managed through the company register platform, which allows for powers to give access and manage company profiles and transactions.

Across borders, Latvia faces challenges in validating PoAs due to a lack of coherence in the practices of different sectors and identification systems, complicating the potential for international interoperability. Meanwhile, there are ongoing initiatives, such as eIDAS, which is yet to be technically implemented, and the pilot project involved in EUDIW, indicating a shift towards the consolidation of digital PoA structures and improved data exchange in line with European norms.

The legal basis for PoAs in Latvia is spread across the sectors and influenced by specific legislation governing patient rights, tax, and business, as well as notary and civil laws. These regulations determine the extent of liabilities and ensure conformity with Latvia's legal principles related to agency and contractual agreements.

Socially, Latvia is actively working to make digital PoA services accessible to individuals with disabilities and has introduced mechanisms for manual PoAs. This is complemented by bilingual support features on digital platforms, aiding users who may not speak Latvian, and ensuring representation for those requiring assistance with PoA engagements.

As Latvia improves its digital PoA landscape, it becomes necessary to balance technological progress with social equity, ensuring the digital transition includes proper support for all citizens in order to promote an inclusive, electronically supported legal environment.

This section examines the maturity of technical standards and barriers across access, authentication, verification, and integration of digital PoAs in Latvia. 

The following describes the maturity for technical standards and barriers regarding access, authentication, verification, and integration, alongside cross-border interoperability to highlight advantages and disadvantages in Latvia.

Table 24. Latvia’s maturity for technical standards and barriers

In Latvia, each sector has separate platform solutions for handling PoAs.

To grant or request PoAs in the healthcare sector, such as for picking up prescribed medicine or to make treatment-related decisions for patients, citizens must access the e-veseliba (e-veseliba.gov.lv) platform solution and log in through one of various ID methods. Here, the patients can set the PoA scope and determine the time duration of the PoA. 

For taxation matters, citizens and companies must access the platform solution, EDS (Electronic Declaration System) and log in using one of various ID solutions. Additionally, a citizen can use the platform solution, DigiNotārs, using the same ID infrastructure, as well as other ID-solutions, to log in through the national platform latvija.lv. This platform also provides a service to check the validity of the PoA and verify whether it has been revoked. In all cases, taxation PoAs can be handled in the platform solutions, but the creation itself involves uploading a self-created, digitally signed PoA, in some cases involving a notary, which is then validated manually by the authorities. This makes the access to handle PoAs less standardized both across and within each sector and thereby the maturity less advanced.

Moreover, the infrastructure solutions for accessing tax related PoAs implies an administrative burden on the SRS. Since there are no predefined scope of PoAs, the content differs widely and there is no automation. Further, the necessary notarization for the citizens PoA is not handled within the EDS platform. However, the lack of structure in scope allows for specific and complex PoAs, while users do not have to search to find the adequate PoA.

For business matters, the most activities related to PoAs are carried out through the platform solution of the Enterprise Register (registrs.ur.gov.lv). For companies to grant a PoA to an individual person to access and handle a company’s profile, an existing representative of the company (e.g., a board member) can delegate full or restricted access and set the duration. Then, the assignee can login to perform tasks within the scope of the PoA. 

In other PoA cases, companies can either grant a procuration or commercial PoA for individual persons to conclude transactions or perform commercial activities on behalf of the company. For procuration, the PoA must be applied for through the publicly available commercial register with a wide scope of authorization. For third parties, the scope is determined by law. The application for a procuration PoA must be submitted by the board or a person authorized by the board on the Enterprise Register platform or by post (notarized approval is required for the latter).

If the company wants to grant a PoA to perform specific legal activities, this must be specified in a commercial PoA, which is not recorded in the Commercial Register. This must be done on a digitally signed paper (which requires notarization for some services). The commercial PoA will thus not be carried out in the Enterprise Register solution. 

Generally, the different gateways and processes around gaining access to handle PoA solutions varies from basic (e.g. digitally signed PoAs through notarization and send by post) and intermediate levels of maturity (e.g. e-veseliba and EDS allows for PoA overview and basic handling for health and taxation matters separately). Due to the existing infrastructure with dedicated platform solutions the level of maturity can be considered intermediate.

In Latvia, the national infrastructure for ID is built around the eID card, which works as a personal identification document used to sign documents through the built in eParaksts (eSignature) function. The eParaksts card is a smart card that contains eParaksts certificates for both signing documents and identity proof (eID) in a digital environment. Moreover, some platforms accept ID methods such as eParaksts Mobile, while others also accept SMART-ID and internet bank methods. The eParaksts, eParaksts Mobile, and eID card are all EU-notified and thus valid across the EU, which showcases an advanced verification infrastructure. However, as of 1 November 2022, the eParaksts card is not issued, but instead eParaksts mobile or eID card is suggested to be used. Lastly, other than the mentioned ID-cards, EDS accepts signing in using Latvija.lv (the unified authentication solution of the State Digital Development Agency) or EDS local username and password. 

The mandatory attributes for the eID card include family name, name or names, personal code, citizenship or legal status in the Republic of Latvia, gender, date of birth, as well as the height of the person in centimetres.

Authentication methods includes eID card, eParaksts, eParaksts mobile, and SMART-ID. When submitting a PoA, additional authentication is not necessary. Since the national personal code is used as credentials to authenticate the identity of an individual person, it does not work across borders.

For health care, citizens can authenticate through the "delegations" attribute (WS protocol, WS-security). Rights are delegated through SAML token as XML. All system activity is protected in the same way by a token that is attached to each of the platform’s messages and is controlled at several levels. 

For authorizing into the service portal of the Enterprise Register, authorization standards apply to Latvija.lv (WS-Federation or OAuth 2.0) or eParaksts (OAuth 2.0 user authorization and authentication standard).

Generally, Latvia has various authentication methods in play, providing a rather complex setup. However, strong authorization standards have been reported, and with an EU-notified eID, used for authentication, the maturity level can be considered advanced. 

Generally, all PoAs are bundled by sectors, and mostly the assignor or assignee is responsible for the PoA and for informing the relevant institutions about the agreement. No third-party can thereby access a PoA unless it is shared by one of the actors. Further, there are currently several challenges to integrate and link data with other institutions, as each sector uses its own platforms, systems, and databases.

For business PoAs, the Enterprise Register is integrated with other platforms through an API to ensure the availability of data, but it is usually not related directly to procurations. There is, however, a project (DAGR) to create a unified platform at the state level, where it is expected that state institutions will connect their information systems and then each institution will receive the information they need through this platform. Moreover, integrations with the Enterprise Register checks the right of representation in the company.

Some integration aspects of the digital PoA landscape in Latvia can thus be characterized as basic, given the manual processes and lack of data exchange between systems or third parties, while no advanced integrations have been detected. Due to the integrated ID infrastructure and important integrations, e.g. with the Enterprise Register, integrations reach an intermediate level of maturity. 

In Latvia, the PoA practices differ widely throughout the sectors at the national level. Some interviewees state that for the country to facilitate or partake in cross-border PoAs, these practices must be streamlined. For instance, there are several challenges identified in linking the information across different state institutions, which is perceived to further increase complexity for cross-border PoAs.

For one, the e-veseliba platform is only available for individual persons with a national personal code. Hence, no cross-border PoA practices can performed within the healthcare sector. Moreover, the EDS platform only accepts Latvian authentication methods. Currently, non-Latvian citizens can create an account by generating password and username by applying to the SRS. Yet, this option will be phased out due to security concerns, while foreign authentication methods are not supported by the platform. Moreover, without a Latvian personal code, the EDS solution cannot link the individual persons with other data sources. For example, different public authorities, banks, etc. utilize differentiated identification methods, such as banks specifying information about birth data, name, and surname, which cannot be integrated with EDS.

For procuration registered in the Enterprise Register solution, the procurator can be a foreign person. However, since there are difficulties in registering with the existing methods for foreigners, the e-signed format must be recognized in Latvia. In such cases, paper format is used.

Generally, Latvian specialists are not confident about how to technically implement cross-border PoAs, since ongoing initiatives, e.g. eIDAS, face various challenges. These are related to identity matching and to regular updates and configuration systems across EU-countries. Moreover, each sector-specific platform can assign the same non-Latvian individual with differing identification codes. For instance, for a company, a personal code assigned in the Enterprise Register starts with 38, while it starts with 32 for an individual person when assigned in the Office of Citizenship and Migration Affairs. Consequently, the same person could have two separate personal codes which cannot be linked within the databases. Further, some are sceptical about the possibility of creating an integrated system among different countries with respect to where the data is stored on Latvia's side. According to these interviewees, this is likely to only be relevant for a small group individual people working in Latvia. Thus, it is by some perceived to be easier and more economically feasible to handle this individually by country rather than creating a new system.

While the Latvian eIDs incl. eParaksts are valid in EU countries, there are situations in practice where other countries cannot verify an e-signed document. Moreover, there are still situations where representatives from Latvia are not able to open e-signed documents from Scandinavian countries. Through Diginotārs, PoAs are valid in all EU countries where eParaksts can be read. Ultimately, these e-signed solutions can be characterized as basic or intermediate, which increases complexity digitally enabling integrated, cross-border solutions for PoAs.

The implementation of OOTS has been initiated, however, there is no information on how PoAs can benefit from this. The main challenge regarding this solution is that different countries store different types of data, e.g. the information in birth certificate may differ between the countries which hinders linking the data.

Furthermore, the current pilot project for EUDIW with Denmark, Germany, Iceland, Italy, and Norway has raised challenges related to difficulties in mapping the information on how and which institution will process the data, and which attributes will be stored.

Citizens and businesses can access the separate platforms (e-veseliba, EDS, and Enterprise Register) by logging in using one of various eID methods.

The identity is in most cases verified and authenticated when logging in with an eID method. For digitally signed PoA documents, the validity of the signature can be validated by the institution’s notary online at eParakst.

Generally, the creating of PoAs varies across the sectors. For health, the assignor either informs the medical institution about an authorization or makes a corresponding entry of the authorization in the e-veseliba, which makes it available for health care workers. No specific authorization is necessary when submitting the PoA on the platform. To grant a PoA for picking up medicine, the assignor (patient) can set the scope of the PoA and determine the duration.

For tax matters, PoAs can neither be created, nor handled, but only submitted via the “Communication” section in EDS, which passes the information to State Revenue Service (SRS). For citizens, the PoA to view taxation data, the PoA is created through a notary, which is digitally signed. These can contain various aspects as there is no structured format, which means every case is individual. For companies, the general practice is to attach a digitally signed PoA via the “Communication” section in EDS.

Business PoAs are mostly created by an authorized person, delegating access via the Enterprise Register platform. Procuration PoAs require application through the commercial register, submitted by an authorized person on the Enterprise Register platform or by post (post requires notarization). Commercial PoAs are outlined specifying the scope and signed digitally on paper (which requires notarization).

In cases involving notarization, there will be a cost for the notary (e.g. £20–120).

Generally, it is the responsibility of the assignor to pass the digitally signed document to the assignee. For taxation, both can view active PoAs in EDS. For healthcare, the assignor can see a list of people who have viewed the information in e-veseliba, but the assignee is not required any additional actions. For some business matters, the assignee is notified by e-mail that a PoA has been granted, but the person is not required any actions. Assignee never has to accept PoAs. 

When picking up medicine on behalf of someone else, the first and last name of the assignor must be given, and the identity document must be presented by the assignee. When purchasing medicine for the minor child, it is necessary to also state the child's name and surname. Representatives of medical institutions and pharmacy branches have accesses to the health information system to check the validity and verify the identity through e-veseliba which is connected to the pharmacy checkout system. 

For taxes, the assignee can add the PoA in EDS (when notarized). The SRS receives the PoA within the EDS and evaluates its validity; however, no additional interactions happen if everything is correct. If there are any ambiguity in the PoA, the SRS communicates in writing within the EDS or by phone.

For business, in cases where third parties interact, it is either checked in the Enterprise Register (e.g. if the person is a procurator), or a digital signature is validated in eParaksts.

For most PoAs, the assignor can set the duration of validity (fixed or indefinite) and can revoke it at any time. In some cases, the assigned delegation can be edited on the portal, where it is also possible to edit the deadline for the delegation. For case-by-case business PoAs, the PoA usually ends with mutual agreement, completion of the given task, or expiration of the PoA.

The following section will first present an overview of legal topics, followed by a review of EU initiatives.

In Latvia, PoAs varies from sector to sector. The main within the health sector being picking up medicine or decision and viewing power. For taxation PoAs are primarily used for viewing power (to look in taxation data) and for business the uses of PoAs relate to the viewing-, execution- and decision power, such as applying for a permit or establishing a subsidiary. The legal basis for the health sector is regulated by the Law of the Rights of Patients. Taxation and business are both regulated by the Notarial- and Civil Law, and taxation is supplemented by basic contract customs, while business is supplemented by the commercial law. Regarding liability the assignor is fully liable for PoAs, however the specific details are unclear due to insufficient data. Barriers to granting PoAs include age restrictions within the sectors, however additional barriers such as mental health is unclear due to insufficient data. Lastly, the implementation of the different EU initiatives in Latvia is doing well with the EUDIW, but still in the planning phase with some of the other initiatives.

This section covers the legal topics also included in the main report: semantics, types of PoAs, legal basis, liability, and legal barriers.

Table 25. Role description for various sectors

Within the health sector, the PoA used for decision and viewing power (treatment-related decisions for the patient and receiving medical information) is the general PoA. When picking up medicine, the PoA used is specific or limited.

In the taxation sector in Latvia, there are general and specific or limited PoAs which is used for viewing power (access to look in taxation data) for natural persons.

For PoAs in the business sector, specific or limited PoAs are used for viewing power (checking a company’s data in a register), execution power (applying for a permit) or decision power (e.g. establishing a subsidiary).

The legal basis for PoAs within the health sector is regulated by the Law on the Rights of Patients.

Taxation is regulated by the law (Notarial Law and Civil Law) establishing the rules of types of PoA and how a notary verifies persons. Additionally basic contracts customs are used when requiring, e.g. sufficient clarity and consent in agreements.

Within the business sector, the commercial law sets the general principles on the procuration, while Notarial Law and Civil Law establishes the rules of the types of PoAs and how a notary verifies persons. Furthermore, the overall functions of the Enterprise Register – Law on the Enterprise Register of the Republic of Latvia.

Within all of the three sectors, the assignor is fully responsible for PoA, including informing about the PoA assignee, as well as third parties. When a PoA is notarized additional vulnerability aspects are taken into consideration. If the assignee exceeds the limits of the PoA, the assignor can commence legal action in accordance with the Civil Law.

The Civil Law states that a person under the age of 18 lack the capacity to act. However, at age 14 the person can start to act legally, e.g. to receive eParaksts, to pick up their prescribed medication. For other health PoAs, the assignee and assignor must have to capacity to act – at least age 18. In the business and taxation sectors there are barriers regarding employment, the person can be employed from age 15 (before that the person needs permission from one of the parents). A person under age 18 cannot start a business, and there may be some exceptions, with the earliest being age 16.   

For business matters, according to the Commercial Law, board members and the auditor of the company, and board members of the dominant undertaking in a group of companies may not be board members (or procurators).

Regarding mental health, it is limited if the person lacks the capacity to act. However, it can be possible for someone with limited capacity to pick up medication with a delegation, this is if the assignor has delegated this person (with limited capacity).

The table below summarises the implementation status for each regulative in the Latvian context. The content is unfolded in the section below.

Table 26. The implementation status of each regulative in Latvia

The score of eIDAS 2.0 for Latvia is fairly uncertain. There is no information regarding this in the data collection. The revised version of eIDAS is being implemented towards 2026. It is therefore assumed that Latvia must be at least in the planning implementation stage because the full implementation is time consuming. The score is therefore set at 2, but this is an assumption and with a level of uncertainty.

The implementation of OOTS has already started, and the testing will soon be launched, there is no information on how PoA benefits from this. Described in the European Commission’s June 2024 version of the ”Once-Only Technical System Acceleratormeter as ”Production ready”, more specifically that “The services are rolled out and ready to be used by citizens and/or businesses. The main challenge regarding this solution is that different countries store different type of data.

No grade included above, as sufficient data was not available to the country expert.

Latvia is participating in the NOBID consortium, a project where to aim is to deliver a large-scale pilot project of the EU Digital Identity Wallet together with Denmark, Iceland, Norway and others. The focus of the project is especially on the cross-border payment use case. EUDIW are currently facing challenges related to difficulties in mapping the information on how and which institution will process the data, which attributes will be stored etc.

Grades for the implementation of EHDS and UDCL are not included, cf. paragraph 3.3.2 above.

Latvia offers mixed options for PoA management across various sectors. In the health and tax realms, individuals can complete PoA processes via paper forms, while digital-only PoA submissions are increasingly standard in the business sector due to the Enterprise Registry's transition to online services. Regarding language accessibility, e-health services are available solely in Latvian on E-veselība.lv, whereas public services on Latvija.lv offer both Latvian and English, covering PoA services.

In compliance with EU accessibility standards EN 301 549 and WCAG 2.1, Latvia strives to make digital services including PoAs accessible to individuals with disabilities. While the e-veseliba portal requires a secure digital ID for complete access, support is provided for citizens through phone or email to navigate the system and manage PoAs.

The responsibility of holding and distributing a PoA lies solely with the creator, keeping with strict confidentiality norms that prevent notaries from sharing such sensitive documents. To support this system, the National Health Service, via Unified customer service centers and latvija.lv’s helpdesk, aids those with limited digital skills. Although no specific PoA educational resources are available, general system guidance is provided by various sectors and detailed PoA information can be found through the Council of Sworn Notaries of Latvia and their notary events.

Table 27. Status of efforts in ensuring digital inclusion

In the health and taxation sectors, options for establishing a physical PoA are available, allowing individuals to fill out and submit paper forms as required. Contrarily, within the business sector, as the Enterprise Registry shifts fully to digital operations, all actions must be undertaken via digital means, leaving no room for physical PoA processes.

The website, E-veselība.lv, administrates national e-health services for medical treatment institutions and pharmacies is only available in Latvian. Whereas the platform Latvija.lv, administrating public services electronically is available in both Latvian and English, which also includes PoA services.

As an EU member state, the EN 301 549 and WCAG 2.1 regulations are implemented for public websites. These standards are part of Latvia’s commitment to accessibility under the European Union directives, and they set guidelines for making websites, mobile applications, and ICT products accessible to people with disabilities. Both standards are essential for public sector organizations and increasingly apply to private sector services as well.

To access the e-veseliba system, users must authenticate using a qualified electronic identification tool, as this is required to perform tasks such as managing PoAs. Without proper authorization, only the public section of e-veseliba is accessible, where PoA functions are not available. Citizens can contact the support service by phone or email for assistance with using the e-veseliba system, including completing procedures related to PoA. Support staff will guide users through the necessary steps to ensure proper access and completion of tasks within the system.

The creator of a PoA bears full accountability for its management, which involves relaying it to other individuals or entities as needed. Notaries are bound by confidentiality and are not permitted to disseminate this document or its details to any third parties. Thus, the dissemination of a PoA to others can only occur through direct provision from its originator, ensuring that the PoA is obtained exclusively from the person who formulated it.

The National Health Service has enhanced support for citizens with limited digital skills, especially regarding the use of the e-veseliba platform, by collaborating with Unified customer service centers. These centers facilitate assistance in managing authorizations and delegations of rights among other services.

They offer consultations both in person and remotely, complementing the direct phone and email support from latvija.lv’s service desk. While educational materials specific to the PoAs are not available, each sector provides resources for system use overall, such as the State Revenue Service's guides on various system components. For comprehensive PoA guidance, the Council of Sworn Notaries of Latvia provides fundamental information. Additionally, the annual 'Notāru dienas' event offers an opportunity for free consultations on diverse matters, including PoAs.