Go to content

Methodology

This section provides a definition of a PoA and describes the methodology for the analysis, including data-collection, and strategy for mapping the current PoA landscape in the Nordic and Baltic Region.

Definition of a PoA

In the following section we will summarise the characteristics of a PoA. The examples used below are illustrative and the same principles apply to business using PoAs for other actions, e.g. establishing subsidiaries, managing taxes, etc.
A PoA describes a process where an assignor, the legal or natural person, assigning rights to the assignee with the purpose of obtaining a service from a third party, e.g. a sick person in need of medicine from a pharmacy. The assignee is a legal or natural person acting on behalf of the assignor, e.g. a family member picking up medicine. Third parties are other entities interacting with the assignee, e.g. the pharmacy providing medicine.
The data collection has not shown signs of formal requirements for legally binding PoA’s. A PoA constitute an agreement, and verbal agreements are as a starting point equally as binding as written agreements. However, written agreements are obviously easier to document than verbal agreements. Similarly, in practice, PoA’s should be in written form, as they would be difficult to utilise towards a third party in verbal form.
Digital PoAs vary in their structure and functionality and can be characterised by different degrees of digital maturity. One country could for example have digital formulars to create a PoA, where it is still necessary to interact physically with an institution to obtain it. Other countries may have digital PoAs that requires digital ID, authentication, and a digital signature to create. In both cases, the PoA would be considered being digital, however at different levels of advancement.
The definition of a PoA is for the purpose of this report interpreted in a broad scope, including – in addition to the definition described above – the rights by parents to act on behalf of their children until a certain age as well as any rights for employees to act on behalf of their employer companies.

Data collection strategy

The as-is analysis is based on data from interviews and desk research collected in the Nordic and Baltic Countries.
The data collection has been guided by a data collection tool package consisting of an analytical framework including an interview guide and a format for documenting and delivering the collected data to the core delivery team. The data collection tool package has been developed centrally to ensure that the data being collected is streamlined and comparable across countries.  The data has then been collected by national experts from the respective countries of scope allowing for context-specific data collection in local language and a higher degree of cultural and national understanding of the given country, timing of interviews etc.
While the country experts were free to decide how to best answer the questions in the framework, the core delivery team recommended prioritizing interviews and desk research to obtain more detailed data. 
4-6 stakeholders have been interviewed per country, and the following types of stakeholders have been interviewed:
  • The NOBID contacts in each country.
  • Ministries or agencies in sectors like digitization, health, taxation, or business, with digitization agencies.
  • Representatives from municipalities or regions.
  • Professional bodies, such as organizations representing citizens’ interests in PoA-related areas.
  • Relevant private actors, such as financial institutions (e.g., banks).
Additionally, a workshop with participants from the member countries was held with the objective of discussing future needs and potential gaps to close. The workshop was utilized to secure key insights to ensure further alignment and cross-border interoperability. The outcomes of the workshop will be used in the to-be analysis.

Strategy for mapping the current PoA landscape in the Nordic-Baltic Region

To highlight country-specific solutions, as well as similarities and differences across countries, Ramboll has developed a framework to aid mapping the current PoA landscape of each country’s strengths and weaknesses across digital, legal and equality aspects. The framework aims to present the current as-is status per topic (i.e. digital, legal, and equality) by country, and afterwards synthesize the findings to compare the as-is situation across all countries examined.
The following section elaborates on the models for each topic area.

Digital aspects and PoA processes

To fully grasp the current state of the PoA landscape and effectively compare national PoA structures, it is necessary to describe the general PoA processes. Thus, each country report outlines the national PoA processes as-is on a general level with a focus on the following steps:
  1. Access PoA (incl. verification and authentication)
  2. Create PoA (incl. acceptance, storage, and costs if relevant)
  3. Use PoA (incl. third party interactions)
  4. Terminate PoA (incl. implications of changes to PoA if relevant).
The digital aspects of the PoA landscape per country is showcased in table 1. The model depicts horizontal maturity levels ranging from Basic to Fully integrated, focusing on four key technical categories to distinguish between different variations of digital PoAs. Moreover, it focuses on cross-border readiness of the digital infrastructure. The model will be used to categorise the maturity level for each technical category for the digital PoAs in each country and across.
Table 1. Maturity of Categories for Digital PoAs
Low
Maturity level
High
Category/Level
Basic
Intermediate
Advanced
Fully integrated
Access to PoA
PoA sent via e-mail or other simple service.
Accessed via shared digital public inbox or similar.
Access via a single platform solution to one or multiple sector-specific PoAs (e.g. Health PoAs).
Access is gained via a platform solution providing access to all relevant PoAs for assignor, assignee and third-party actors.
Verification
Digital document, e.g., PDF signed electronically using basic electronic signature (scanned signatures, a typed name, or a clicked checkbox.).
Secure website or App service where documents can be signed digitally using advanced electronic signature (basic e-sign, e.g., Docusign, Adobe Acrobat sign).
Signature secured using qualified electronic signature with proof of identity, e.g., national eID or provided manually, e.g., passport.
Signature secured digitally using qualified electronic signature with proof of identity, e.g., national eID. Digital identity proven automatically.
Authentication
Password or email used for authenticating identity or accessing the service.
Two-factor authentication, (e.g. requires password and a code sent to a mobile device to access to the service and confirm identity.)
Multi-factor or single sign on, includes biometrics or security tokens via authenticator app or similar (e.g. Microsoft or google authenticator).
-
Integration
Used for individual day-to-day services and agreements. Data is not interconnected with systems outside the platform.
Used for public sector or for few selected services. Data is not interconnected with systems outside the sector.
Fully used for public sector or for a single private sector (e.g. health, business, taxation etc.). Data is integrated with some systems outside the sector.
Fully integrated into all digital PoA services. Data fully integrated across sectors, interconnected data exchange to all relevant stakeholder/agency systems automatically
Cross-border interoperability
Infrastructure for foreign access to PoAs in development.
Infrastructure ready for foreign access to PoAs, but not yet fully implemented.
Foreign natural or legal persons from selected EU countries have access to specific PoAs, e.g., via national eID.
All EU natural and legal persons have access to selected PoAs via EUDIW or EU approved eID.
General description of maturity level
Analogue process to sign document digitally and hand over digital power of attorney. Not particularly secure or integrated with other systems.
A digital service for signing documents and handing over digital power of attorney, that provides a more integrated and secure system. Often used for more than one service or the whole public sector.
More integrated digital PoA service with the most secure solution available for electronic signatures. Generally used across a sector such as health or the whole public sector.
Fully integrated digital PoA service used for all confirmations and electronic signatures across all digital services in both public and private sector. As well as verified using a digital ID.
This enables as-is descriptions to differentiate between the components of the national infrastructure and setup, and thus allows for better comparison with other countries. This is important, as the PoA landscape in one country may have a strong level of verification, while PoA solutions are scattered across sectors or are not integrated across (or vice versa).
Each level is defined in the model to guide the assessment and ensure a common language for the readers of this report.
Moreover, general descriptions can be related to each level:
Basic: Analogue/manual processes, e.g., to sign document digitally and hand over digital PoA. Not particularly secure or integrated with other systems.
Intermediate: A digital service for signing documents and handing over digital PoA, that provides a more integrated and secure system. Often used for more than one service or the whole public sector.
Advanced: More integrated digital PoA service with the most secure solution available for electronic signatures. Generally used across a sector such as health or the whole public sector.
Fully integrated: Fully integrated digital PoA service used for all confirmations and electronic signatures across all digital services in both public and private sector. As well as verified using a digital ID.

Legal Aspects

The legal aspects outlined below are important to the cross-border use of PoAs, as they outline the basics of if and when PoAs are legally binding or not as well the consequences thereof. Without such overview, countries would risk legal uncertainty for their citizens acting on behalf of others in other Nordic-Baltic countries.
The as is description regarding legal aspects – for each country – consists of a description of:
  1. Selected legal topics
  2. The status for implementation of relevant EU initiatives.
Detailed below the countries will only receive scores with regard to the status for implementation of relevant EU initiatives.

Selected legal topics

The description of legal topics include:
  1. Semantics
  2. Types of PoAs
  3. Legal basis
  4. Liability
  5. Legal barriers.
The Nordic-Baltic countries have different approaches to regulation of these topics, but the countries will not receive scores in this regard. The reason being that regarding PoA different regulations cannot be viewed as “better” than others, e.g. an age barrier of 18 for using PoAs is not necessarily “better” than an age barrier of 15.
The exhaustive method for preparation of a legal description is by the use of the legal methodology entailing identification and description of the legal sources relevant to the use of PoAs. Legal sources are not necessarily easily available and may require extensive interpretation. For the purpose of this project the described legal methodology has been modified, as the respondents from each country have been used as the source for the description of the above-mentioned legal topics, and it has in many instances been challenging for country experts to find legal specialists available for interviews. Consequently, the focal points, quantity and quality of the data on legal topic may vary from country to country.

Status for implementation of relevant EU initiatives

The description includes the scale below consisting of four different levels for scores.
Table 2. Maturity of Categories for EU initiatives
Legal
Have not started
Planning implementation
Pilot phase or partly implemented
Fully implemented
EU initiatives
This is given if the Member State have not started the implementation yet
This is given if the Member State is planning how to implement the regulation
This is given if the Member State is participating in pilot projects or have finished implementing the regulation within a given sector
This is given if the Member State has implemented the regulation completely
The EU initiatives being scored for each country include:
  1. Electronic, Identification, Authentication and Trust Services (eIDAS 2.0)
  2. Once Only Technical System (OOTS)
  3. EU Single Digital Gateway Regulation (SDGR)
  4. EU Digital Identity Wallet (EUDIW)
  5. The European Health Data Space (EHDS)
  6. Upgrading Digital Company Law (UDCL)
The scoring of the Nordic-Baltic countries on the parameters above is based on the collected data and supplementary desk research. Naturally, the further in the process with implementing the different EU initiatives the country is, the higher their score will be.
The initiatives EHDS and UDCL are not yet adopted at an EU level, and data regarding the implementation of the initiatives have not been available in most of the Nordic-Baltic countries. However, some countries have already started implementing the EHDS initiative and will receive scores accordingly. However, due to the initiatives not being adopted yet, any score given for the initiatives have not been included in the total score for each country.
Please note, that other regulations – not mentioned above – maybe have relevance to the use of PoA’s depending on the circumstances, including the Interoperable Europe Act which entered into force on 11 April 2024. However, in order to focus the scope of the analysis, such other regulations are not given further considerations in this report.

Social inclusion

Different kinds of vulnerable users have been identified across the countries of scope. Yet, across countries it is in general elderly people, people with cognitive challenges, immigrants and non-native speakers that are highlighted as particularly vulnerable when it comes to digitalization and digital PoAs.
To promote digital inclusivity for all citizens, the Nordic and Baltic countries have implemented a range of measures to strengthen digital PoAs. Additionally, countries that have advanced inclusion measures are better positioned for cross-border collaboration, as many of these measures align with EU regulatory guidelines and allows for flexibility when using digital platforms.
The social inclusiveness scale consists of six different parameters to assess the country’s degree of social inclusivity:
  1. Options for physical PoAs: In cases where the user is prevented from making a digital PoA e.g. due to the lack of digital skills, ID/credentials, etc. there is a possibility to generate a physical PoA that often will be followed by an online registration. The parameter for inclusion is to some extent ambiguous as the solution for being digitally inclusive is going back to a physical and analogue format. However, the solution is rather handhold, thus time consuming, allowing it to include more people.         
  2. English language options available: PoAs and websites to obtain the PoAs are available in several languages incl. English. This provides increased accessibility for non-native speakers.
  3. Information Systems are adapted to people with impairments: This includes accessibility features such as screen readers, high contrast modes, or keyboard navigation. These measures are included in the European best practice standards EN 301 549 and WCAG 2.1.
  4. Alternative access to digital ID: The measure includes alternative digital ID provisions and/or alternative authentication methods for people otherwise unable to obtain a digital ID. This could be due to the lack of digital skills and/or lack of opportunities to obtain a digital ID, e.g. due to another citizenship, missing documentation or similar.
  5. Spokesperson/ representation of other people to obtain a PoA: In cases where a person is hindered in creating a PoA, e.g. due to neurodiversity or lacking capabilities to understand the consequences of creating PoAs, a spokesperson or representant can create the PoA on behalf of the assignor.
  6. Education, support-service and facilitators to obtain a digital PoA: The provision of education and trainings to support citizens in generating digital PoAs. This is especially relevant for citizens with lacking digital skills.
Table 3. Maturity of Categories for social inclusion
Social inclusion
Have not started
Planning implementation
Partly implemented
Fully implemented
Indicators
No measures or systems are currently in place to address the respective need or issue.
Strategies are being developed and plans are being considered to introduce a solution or system to meet the respective requirement.
The solution or system has been introduced and is operational in some capacity, but it is not yet complete or widely available.
The solution or system has been fully deployed, is operational across all intended scopes, and effectively addresses the respective need or challenge.
Nordic Council of Ministers I www.norden.org/publications I pub@norden.org