The tax authority has once again raised the issue of authentication procedures in the State Revenue Service’s (“SRS”) Electronic Declaration System (“EDS”), in line with national information system security policies and digital transformation guidelines.
This article discusses the proposed amendments to the Cabinet Regulation No. 7 “Regulations on the State Revenue Service’s Electronic Declaration System” of 9 January 2024 (“Cabinet Regulation No. 7”).
Currently, Cabinet Regulation No. 7 permits authentication in the EDS using a username and password, which does not meet modern security requirements or national policy on the use of qualified authentication tools.
According to paragraph 18.2 of Cabinet Regulation No. 400 Regulations on the State Administration Services Portal, an end user may access the user workspace on the portal using qualified or qualified high-security electronic identification means, or electronic identification tools that comply with the secure user authentication requirements set out in Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market.
Therefore, as of 1 January 2025, access to the end-user workspace on the Latvian State Administration Services Portal (Latvija.gov.lv) is allowed only through qualified electronic identification means. Accordingly, SRS, as an electronic service provider, must implement the necessary protective measures to prevent potential unlawful actions against authentication credentials and ensure that users authenticate using electronic identification tools that meet secure authentication standards.
This change presents a risk that certain groups of EDS users may lose access to the system, as not all service recipients have access to qualified authentication tools, or they choose not to use them.
The draft amendments to Cabinet Regulation No. 7 propose clarifying the authentication procedure by establishing that, going forward, access to the EDS using a username and password will be permitted only for persons who are unable to obtain and use qualified authentication tools, such as:
Digitally and electronically inactive individuals, as well as the most vulnerable segment of society, will be able to authorise another EDS user, who possesses qualified tools, to sign and submit documents, like the current practice.
The current draft of the amendments provides for a transitional period until 1 September 2025. Until that time, EDS users who are using a username and password will have the opportunity to obtain a qualified authentication tool or authorise another EDS user. After the deadline, authorising another EDS user will only be possible in person at the State Revenue Service (SRS) customer service centres.
Additionally, the amendments provide the option to authenticate in the system using secure authentication tools issued, maintained, or approved by payment service providers.
The draft amendments were available for public consultation until 18 April 2025. In response to the feedback received, the Latvian Taxpayers' Rights Association (LTRA) has proposed reconsidering the strict limitation on the use of usernames and passwords for users who also have access to qualified authentication tools, effective from 1 September 2025, given the convenience of the current solution. Therefore, LTRA urges that equal options be offered to all EDS users, allowing them to continue using usernames and passwords for authentication, provided this is specifically indicated during the transitional period.
We will continue to monitor the progress of the amendments, as they may impact a large number of users. We recommend that taxpayers evaluate their authentication options in advance and prepare for any potential changes to ensure uninterrupted access to EDS services.
If you have any comments on this article please email them to lv_mindlink@pwc.com
Ask question
