8. Sweden
The exploration of Sweden's digital PoA infrastructure reveals a complex environment characterized by both advancements and challenges.
Sweden's digital landscape for PoAs shows varying levels of integration, with advanced platforms in some sectors like healthcare, via Läkemedelskollen, but only partial digital solutions in areas such as business affairs. The recently launched Mina ombud PoA platform solution exemplifies Sweden’s strive towards a holistic digital approach, seeking to unify PoA management across multiple domains.
Authentication and verification mechanisms are robust within national boundaries, anchored by eIDs that tie into a strong level of trust. Yet cross-border PoA recognition and validation present significant stumbling blocks, with eIDAS alignment and cross-border solutions still under development. Sweden anticipates amendments to its digital identity infrastructure following EU directives and ongoing national assessments.
Legal frameworks such as the Swedish Agreement Act, alongside sector-specific acts, govern the PoAs validity and administration. However, data on PoA liabilities remains limited, with Sweden often aligning with broader Nordic norms. Sweden is currently in the pilot phase or has already party implemented key EU initiatives, such as OOTS, EUDIW and SDGR, while being in the planning phase for eIDAS 2.0.
Inclusion efforts are evident, with strategies to address the needs of individuals with impairments and those lacking Swedish personal identifiers. Multilingual options and support systems are in place to expand digital inclusiveness; nonetheless, access to digital PoAs for non-Norwegian speakers and representation for individuals needing assistance in PoA activities are areas that need further enhancement.
Sweden's commitment to evolving its PoA frameworks, while aiming to align with European legal standards, reflects a wider ambition to facilitate a seamless digital transition. Moving forward, Sweden must navigate the complexities of integrating technology with legal requirements and inclusivity to provide a comprehensive and accessible digital PoA system.
8.1 Digital and process
This section examines the maturity of technical standards and barriers across access, authentication, verification, and integration of digital PoAs in Sweden.
8.1.1 Technical Standards and ID Infrastructure: Advantages and Disadvantages
The following describes the maturity for technical standards and barriers regarding access, authentication, verification, and integration, alongside cross-border interoperability to highlight advantages and disadvantages in Sweden.
Digital | Basic | Intermediate | Advanced | Fully integrated |
Access to handle PoAs |  | |||
Verification | | |||
Authentication | | |||
Integration | | |||
Cross-border interoperability | |
Table 36. Sweden’s maturity for technical standards and barriers
Access to handle PoAs
Läkemedelskollen offers multiple options for establishing a PoA, either fully digitally through its website or in person at any pharmacy. Similarly, the Swedish Tax Agency allows for the creation, modification, or termination of a PoA entirely online. A common theme across all these examples is that specific PoAs can be established digitally. However, the degree of digitalization in other areas varies. For example, the Swedish Companies Registration Office's PoA solution is only partially digital. In their services, the assignor must scan a PDF and upload it to their e-service, which differs from the fully digital PoA processes offered by the Swedish Tax Agency and the Swedish eHealth Agency.
One of the more interesting initiatives that came across in the interviews is the development of Mina ombud, in English ‘My representatives’. It is a platform that aims to standardize and fully digitalize PoAs across sectors in one single platform. The Platform was launched October 2024. It is a platform where it is possible to hand out PoAs, see if they are distributed and to get an overview of the current PoAs a person holds. Digital PoAs can be distributed and used through Mina ombud for PoAs by municipalities, authorities and other organisations that have joined ‘mina ombud’.
See the joined parties here: https://minaombud.se/info/anslutna-parter
A public entity can join Mina ombud, so that users can create a PoA with the entity. The public entity then creates a PoA template, where a template contains one or more permissions that can be assigned to a PoA assignee. The template forms the basis for what a PoA looks like. An affiliated party is responsible for creating PoA templates and their permissions. Mina ombud store the PoA templates and offer a service where the assignor can create them. An affiliated party owns the PoA templates that they create. When a company, an association or a private individual wants to distribute a PoA to an assignee, the service minaombud.se will present the PoA templates that are available from those who are connected to Mina ombud. The Assignor can then choose from the permissions available in a template and decide on the permissions to be assigned.
To use the functionality on minaombud.se, the user needs to identify themselves with an e-ID at trust level 3, such as BankID. Mina ombud is part of a larger project for Sweden's digital government where a number of authorities are responsible for the parts that are being developed right now. It is the Swedish Company Registration Office that is responsible for the development, administration and technical operation of Mina ombud. The work is funded by the European Union through NextGenerationEU.
Almost all respondents referred to "Mina ombud" when asked questions about cross-border PoAs, with the expectation that it will address most of the challenges raised regarding cross-border PoAs.
Verification
Verification happens for health through official documents like passports, ID cards, or electronic identification methods as: BankID, Freja eID or Foreign eID, which has a Trustlevel 3 (a Swedish standard for e-identificaiton
For taxation it happens through BankID, FrejaID plus or AB Svenska Pass with a Trust level 3 as mentioned above. A smaller proportion of the authorizations established at the Swedish Tax Agency (Skatteverket) are submitted on paper. For these, a manual identity check is carried out, which may include verification of attached documents, among other things. And lastly for business matters it happens through BankID, Freja eID plus, Telia or Foreign eID, with Trust level 3.
The eID are connected to following attributes: Family Name, First Name, Date of Birth, Person Identifier. For all sectors, the verification process supports the digital access to PoAs to a strong degree.
Authentication
Following authentication options are available for health, taxation, and business matters, but does not work across borders: BankID, Freja eID Plus, Foreign eID including authentication services e.g. authenticator app.
The process for verifying a PoA varies depending on the context. When a private individual accesses the services of the Swedish eHealth Agency (via Läkemedelskollen or a pharmacy’s e-commerce platform) to register or utilize a PoA, they must log in using e-identification. The system verifies whether the logged-in individual's personal number is authorized to act.
Integration
For health, taxation, and business matters, there are APIs for Läkemedelskollen/ Skatteverket/ Bolagsverket PoA-handling, machine-to-machine-integration grows fast. However, all the above mentioned PoA platforms use different IT infrastructure.
It is uncertain when the OOTS is going to be implemented in Sweden. As of this moment, DIGG (Agency for Digital Government in Sweden) is waiting for a governmental investigation of the technical conditions. The aim is that the OOTS will become active in the second part of 2025.
Cross-border interoperability
Verification and authentication do not happen for cross-border identities. There are not any cross-border solutions for PoAs now but there are ongoing discussions regarding solutions.
For eIDAS within health, it is not possible at this moment. The system for taxation is prepared for eIDAS and Skatteverket is adding new applications to allow eIDAS for authorization using PoA. But so far there has not been a very big demand from other countries (if any). For business matters, if the PoA has been signed with an EU certified eID in another country and want to use it in Sweden, The National Courts Administration can validate the PoA manually.
The greatest challenges in connection to cross-border solutions now are in connection to individuals that do not have a social security number or individuals who has a secure identity, cannot use the services. Authorizing individuals that do not have a Swedish social security number, is a challenge at the moment, which The National Courts Administration do not think they have any authority over, as it needs to be solved at a higher level.
In June 2024, the Governmental investigation "A Secure and Accessible Digital Identity" presented several proposals for implementing the eIDAS regulation in its final report. This is the same government investigation that previously developed proposals for a national e-ID. The report suggests that Digg should be responsible for providing and managing digital identity wallets for both individuals and legal entities in Sweden. It also proposes that Digg handle personal data management for these wallets, while the Swedish Companies Registration Office (Bolagsverket) should manage data for legal entities.
The report is now being reviewed by the Government Offices before a decision is made on how the digital identity wallet will function in Sweden and which authorities will oversee its implementation. The proposed regulations are expected to take effect on 1 October 2025.
8.1.2 PoA Process
Access & verification
Access to health PoAs happens through Läkemedelskollen, by logging in with either BankId, Freja EID Plus or Foreign eID. For taxation it is through skatteverket by logging in with either BankID, FrejaID plus or AB Svenska Pass. Lastly for business matters it happens via Verksamt or The National Courts Administration 's website by logging in with same verification types as mentioned for health (Through BankID, Freja eID plus or Foreign eID).
Create PoA
PoAs being created for health are done through Läkemedelskollen where an individual can change the duration of the PoA, and the pharmacy you will get registered. For a legal guardian the PoA is registered automatically through the population registration. E.g. A parent or guardian can automatically see the child’s information and act on the child’s behalf.
For taxation the PoAs are created by the assignor, who can create and customize the PoA inside of the platform skatteverket.
For creation of PoAs for business matters it depends on the specific PoA. Swedish Companies Registration Office has no authority over how the PoA is established, as it is not fully digital. After a Business has signed a PoA physically, they can then upload it in the e-service where it gets stored by Bolagsverket.
For court cases it can be created fully digitally though their website (The National Courts Administration) or written by paper and scanned in.
Accepting health PoAs is done by either identifying yourself as the assignor at any pharmacy or registration of the PoA online. The assignee accepts by ether identifying yourself at any pharmacy or accepting the terms via the e-service. For a PoA registered digitally, the assignee awaits consent from the assignor for up to seven days. For legal guardians the acceptance is done automatically through the population registration. Notifications happens through governmental- or secure message platform.
For taxation, accepting a PoA happens by logging into the platform with the verified login method (Through BankID, FrejaID plus or AB Svenska Pass). Lastly for business matters it is by signing the PoA physically, and for court cases it is done by logging into the platform with the verified login method (Through BankID, Freja eID plus or Foreign eID), and notifications happens through governmental or secure message platform.
Use PoA
The PoAs for health are used mainly to collect pharmaceuticals on the assignee’s behalf or for a child. The third-party interactions happen by having PoAs registered in their pharmacy systems and validating them through id card at the pharmacies. Same happens for taxation, as it concerns managing the assignors tax declaration, and where Skatteverket goes through each PoA and verifies its validity. And lastly for business matters it depends on the specific PoA or court case.
Terminate PoA
Changes is updated in Läkemedelkollen's systems as well as the pharmacy's systems. A child under the age of 18 can't terminate a PoA that is created by the guardian.
If changes happen to the PoA within Skatteverket's system, the assignor and assignee will be notified. Termination can be made through Skatteverket's system.
The assignor must notify the Swedish Companies Registration Office where they can terminate it or change the contents of the PoA digitally. Regarding changing a court case PoA, it is done by either setting up a new PoA or contacting the specific court, asking to make changes or to terminate it.
8.2 Legal Aspects
The following section will first present an overview of legal topics, followed by a review of EU initiatives.
In Sweden, Powers of Attorney (PoA) are used within health and taxation sectors, with typical ones including permissions to pick up medicine and handling tax returns. The Swedish Agreement Act governs the legality of PoAs, with specific acts for health and tax matters. Assigning a PoA can be done in person at a pharmacy or online for health-related matters, and through specific systems or agencies for taxation and business matters. There is limited data on PoA liability in Sweden, but it is assumed to be similar to the Nordic standard. Legal barriers exist for minors and obtaining a Swedish eID requires a social security number, registration at a Swedish address, and permission for those over 13. Sweden is currently in the pilot phase or has already party implemented key EU initiatives, such as OOTS, EUDIW and SDGR, while being in the planning phase for eIDAS 2.0.
8.2.1 Legal Topics
This section covers the legal topics also included in the main report: semantics, types of PoAs, legal basis, liability, and legal barriers.
Semantics
Health sector | Taxation sector | Business sector | |
Assignor | Individual person or a child | Individuals, sole proprietorships, companies, partnerships, limited partnerships, and economic associations can use the e-service “Ombud och behörigheter” (Agents and Authorizations). Companies where the firm is signed by multiple people jointly can also use it. | An individual or a company wanting to create a PoA. |
Assignee | Individual persons, legal guardians, and employees at healthcare providers | Individual person & companies | An individual or company who has been given the right to be the assignee or anyone that the PoA is assigned to, e.g. family member, partner etc. |
Table 37. Role descriptions for various sectors
A third party in Sweden within the health and taxation sectors could be a Pharmacy, The Swedish eHealth Agency, Swedish Tax Agency. In the business sector, it could be anyone according to Swedish Companies Registration Office. It depends on the specific PoA and where it is being used.
Types of PoAs
In Sweden, the typical PoAs are PoAs to pick up medicine and parent guardian. Within the taxation sector the most frequently used PoAs are regarding tax return, and for businesses PoAs regarding company signatory.
Legal basis
In Sweden, the legal basis for agreements and PoA is very similar to the Danish since the contract law in the Nordic countries are very similar to each other. However, in Sweden it is the Swedish Agreement Act (“Lag 1915:218 om avtal och andra rättshandlingar på förmögenhetsrättens område”) that includes sections on PoAs and when they are legally binding.
The data collected from Sweden also shows that regarding health PoAs the Act (2018:1212) on the National List of Medicinal Products is applicable, and regarding taxation matters, the Tax Procedure Act (2011:1244) (“Skatteförfarandelag”) and Administrative Procedure Act (2017:900) (“Förvaltningslag”) is applicable. For business matters there is no other relevant regulation stated in the data collection.
If an assignor wants to grant an assignee a PoA within the health sector, it can either be done by identifying yourself and the assignee at any pharmacy or register the PoA online. If the PoA is made online, the assignee has to accept the terms via the e-service. In case a child under the age of 18 wants to terminate a PoA which is created by its guardian, it is not possible to terminate the PoA at this point.
Within the taxation sector, it is possible to terminate, revoke or change a PoA by changing it manually through “Skatteverkets” systems.
Within the business sector, the assignor has to notify “Bolagsverket” if they want to terminate the PoA. This can be done by either logging in to the e-service or contacting the specific court.
Liability
In general, there is a lack of data available to our country expert regarding the liability in PoAs in Sweden. However, since the legal basis seem very similar in the Nordic countries, there is reason to assume that liability regulation is similar, as well. Thus, the paragraph on liability regulation in Denmark may provide useful information on liability in Sweden.
Furthermore, in Sweden, it is stated that regarding taxation PoAs, Skatteverket goes through each PoA and verifies its validity.
Legal barriers
In Sweden, it is only possible for adults (currently 18 years old) who can request/apply to have a representative registered for them. For example, for minors, it is the parents (guardians) who have the right to sign.
In order to receive an eID in Sweden, the data collected is insufficient, but you must have a Swedish social security number and must be registered in a Swedish address. Moreover, the citizen applying for a Swedish eID must be over the age of 18. If the citizen is over the age of 13 it is possible to have the eID if a guardian grants permission to this.
8.2.2 Status of implementation of relevant EU initiatives
The table below summarises the implementation status for each regulative in the Swedish context. The content is unfolded in the section below.
Legal | Have not started | Planning implementation | Pilot phase or partly implemented | Fully implemented |
Electronic, Identification, Authentication and Trust Services (eIDAS 2.0) | | |||
Once Only Technical System (OOTS) | | |||
EU Single Digital Gateway Regulation (SDGR) | | |||
EU Digital Identity Wallet (EUDIW) | | |||
The European Health Data Space (EHDS) | | |||
Upgrading Digital Company Law (UDCL) | N/A | |||
Table 38. The implementation status for each regulative in Sweden
Electronic, Identification, Authentication and Trust Services (eIDAS 2.0)
The revised version of eIDAS is being implemented towards 2026 according to Myndigheten för digital förvaltning. According to the data collected, most of the respondents are already affected by the eIDAS and will be even more in the implementation of the EU-wallet. There is a possibility that the platform "Mina ombud" will be affected the most because of the work that is being done at the moment, as described above.
Once Only Technical System (OOTS)
The once-only principle became operational in Sweden in December 2023. However, in the European Commission’s “June 2024 version of the OOTS Acceleratormeter” it is currently in a production ready phase, where the configuration needs to be finalized and it needs to be connected to the Evidence Provider or Requester before making the first transactions.
EU Single Digital Gateway Regulation (SDGR)
Missing data regarding the implementation of this regulation, but according to Myndigheten för digital förvaltning, it will be implemented in H2 2025
EU Digital Identity Wallet (EUDIW)
Sweden is involved in two pilot projects regarding the EUDIW including the Digital Credentials for Europe (DC4EU) and EU Digital Identity Wallet Consortium (EWC). Sweden expects to have regulations regarding the EUDIW ready and taking effect on 1 October 2025.
The European Health Data Space (EHDS) and Upgrading Digital Company Law (UDCL)
Grades for the implementation of EHDS and UDCL are not included, cf. paragraph 3.3.2 above. However, according to the data collected, significant work is underway concerning the EHDS, including efforts related to enabling a national digital infrastructure for health data. In this regard, the Swedish eHealth Agency is closely monitoring these developments and maintains an ongoing dialogue with the investigation. The investigation is set to deliver its final report on 1 April 2026, and as of today, there is therefore no clear answer on how the eHealth Agency's authorization services will be affected by the EHDS.
8.3 Social inclusion
In the table below, the strategies employed by Sweden to improve digital inclusion are outlined. The narrative elucidates the options for individuals including those with impairments or without Swedish personal numbers, detailing both digital and physical alternatives for accessing PoA and participating in digital life. Notably, while the Swedish eHealth Agency's services are chiefly in Swedish, measures are in place to cater to those needing assistance, highlighting a blend of implementation levels across these provisions. Sweden's commitment to these inclusivity initiatives, as mandated by the EU Directive and national laws, reflects a concerted effort towards broad digital accessibility.
However, when asking about vulnerable groups in interviews, interviewees indicated that while the topic has been discussed, it is not actively addressed in the PoA process. Issues often arise with foreign identification, but there are no standardized solutions, and each case is handled individually. To strengthen Sweden’s work with digital inclusion, the Swedish eHealth Agency regularly conducts usability tests, which have included elderly participants with varying levels of digital literacy. Also, tests with other vulnerable groups are performed.
Social | Have not started | Planning implementation | Partly implemented | Fully implemented |
Options for physical PoAs | | |||
English language options available | | |||
Information Systems for people with impairments | | |||
Alternative access to digital ID | | |||
Spokesperson/ representation of other people to obtain a PoA | | |||
Education, support-service and facilitators to obtain a digital PoA | |
Table 39. Sweden’s strategy to improve digital inclusion
8.3.1 Options for physical PoAs
In certain situations, using a digital PoA is either not feasible or inappropriate. For example, individuals with protected personal information cannot use digital PoAs due to concerns about traceability; instead, they must use paper forms, which must be presented each time the PoA is needed. The Swedish eHealth Agency is not involved in these cases, and if an individual receives protected personal data, any previously registered digital authorization is deleted. Digital PoAs are only available to individuals with a Swedish personal number and are not designed for those without one, including individuals with coordination numbers. Importantly, a digital PoA is not required for collecting medications from a pharmacy, as the Swedish eHealth Agency does not mandate that PoAs be registered in their PoA system.
8.3.2 English language options available
In general, PoA forms are translated into English, but no other languages are currently supported. The Swedish eHealth Agency’s website is available in several languages; however, the services are available in Swedish only.
8.3.3 Information Systems for people with impairments
The European standard EN 301 549 is implemented in Sweden. It sets accessibility requirements for ICT products and services and is used to ensure compliance with the European Union's Web Accessibility Directive. This directive mandates that public sector websites and mobile applications be accessible to all users, including individuals with disabilities. In Sweden, the relevant legislation supporting this is the Act (2018:1937) on accessibility to digital public services, which integrates EN 301 549 into its framework. The Agency for Digital Government (DIGG) oversees compliance with these accessibility standards. The law applies to public sector bodies, and while private entities may adopt these guidelines voluntarily, public sector compliance is mandatory.
8.3.4 Alternative access to digital ID
Individuals without e-identification can register a PoA by submitting the necessary form and presenting valid identification. If a person is unable to physically sign the PoA but understands its significance, they can still authorize it in the presence of two witnesses. In such cases, either the principal or the agent may for example visit a pharmacy to complete the registration of the PoA.
8.3.5 Spokesperson/ representation of other people to obtain a PoA
An assignee can register a PoA on behalf of the individual they represent, both with healthcare providers and private entities. This must be done using a physical form, which can be submitted, for example, at any pharmacy. The assignee must provide identification and a certificate proving their legal status as the principal’s guardian. The certificate must specifically state that the assignment includes "caring for the person," thereby authorizing the guardian to issue a PoA for pharmacy-related matters on the principal's behalf.
8.3.6 Education, support-service and facilitators to obtain a digital PoA
There is no national standard for training people who are not familiar with digital services, even when it comes to e-identification. There are good examples of training programs for people who are not familiar with IT and digital services, but there is no national standard. For example, there are several examples of municipalities, counties and private companies offering IT training for the elderly. The courses are often free and held at regular intervals.