Accessing EDS: Updated Authentication

What changes will be available in the authentication tools for accessing the State Revenue Service's electronic declaration system?

This article will explore the significant changes in the authentication procedure for the State Revenue Service's electronic declaration system (EDS), as stipulated in the Cabinet of Ministers regulations No. 7 of 9 January 2024, "Regulations on the State Revenue Service Electronic Declaration System" (hereinafter - EDS regulations). These changes are adopted to enhance system security, align it with the state's digital transformation guidelines, and ensure effective service delivery to all user groups.

What authentication methods will be available for accessing EDS?

Currently, EDS users have access to various authentication methods, including those provided by:

• The State Administration Services Portal (Latvija.gov.lv),
• Identity cards (eID cards) issued by the Office of Citizenship and Migration Affairs,
• Electronic signature smart cards and the "eParaksts mobile" app offered by the "Latvijas Valsts radio un televīzijas centrs",
• A username and password issued by the State Revenue Service.

However, the State Information Systems Security Policy stipulates that only qualified authentication tools should be used for user authentication in high-security state information systems. Some current authentication tools, such as internet banking authentication, are not considered qualified or high-security e-identification tools. Furthermore, from 1 January 2025, only qualified high-security electronic identification tools are allowed for authentication on the State Administration Services Portal Latvija.gov.lv. Additionally, the existing terminology was not fully aligned with the terminology used in the Personal Identification Act.

The aim of the adopted amendments to the EDS regulations is to clarify the authentication procedure for EDS, align terminology, and strengthen system security to meet high-security requirements and digital transformation guidelines. The aim is also to ensure widespread use of qualified e-identification tools in both the public and private sectors. Considering the above, appropriate amendments have been made to the EDS regulations:

• Subsection 11.1 has been revised, stipulating that in the future, authentication can be carried out using secure authentication tools issued, maintained, or accepted by payment service providers that meet the requirements of Commission Delegated Regulation (EU) 2018/389. This includes internet banking authentication, but only for a transition period until December 31, 2026;
• Subsection 11.2 has been amended, allowing authentication with a qualified or qualified high-security electronic identification tool. Such tools include the identity card (eID card) issued by the Office of Citizenship and Migration Affairs, the electronic signature smart card issued by the "Latvijas Valsts radio un televīzijas centrs," the "eParaksts mobile" app, and Smart-ID;
• Subsection 11.3, which previously specifically mentioned the electronic signature tools offered by the state joint-stock company "Latvijas Valsts radio un televīzijas centrs," has been deleted, as they are now included in the broader definition of Subsection 11.2.

What will be the exceptions for using a username and password for accessing EDS?

Currently, it is still possible to authenticate in EDS using a username and password issued by the State Revenue Service (SRS). Although this solution is considered insecure and does not meet modern security requirements, as the State Information Systems Security Policy calls for a transition to qualified tools, the complete abolition of this option would create significant access issues for certain EDS user groups. For example, non-residents, foreigners – customs clients, or foreign legal entities do not have the opportunity to obtain qualified electronic authentication tools issued in Latvia. Additionally, while no other solution is available, users of the Electronic Customs Data Processing System (EMDAS) rely on a username and password for submitting customs declarations using an Application Programming Interface (API), and without it, submitted documents would lose their signature.

The aim of the amendments to the EDS regulations is to clarify the exceptional cases in which EDS users will continue to be able to authenticate with a username and password issued by the SRS, ensuring access to the system for all necessary user groups, while gradually reducing the use of this insecure solution wherever possible.

To achieve this, the EDS regulations have been supplemented with a new section 11.1, which stipulates that in the future, authentication with a username and password issued by the SRS will only be possible for persons who are legally unable to obtain and use any of the qualified authentication tools. These groups include foreigners, including customs clients (foreigners and foreign legal entities) who do not have the opportunity to receive a foreigner's eID card. This option will also remain available for EMDAS users who submit customs declarations using an API. The State Revenue Service will grant a username and password only in these exceptional cases, ensuring that the person is unable to obtain and use qualified authentication tools.

It is important to note that according to the transitional provisions, this rule will come into effect on January 1, 2026.

To facilitate the transition, individuals who are inactive for objective reasons in the digital and e-environment, as well as the vulnerable section of society (seniors, persons with disabilities, persons with functional limitations), will be able to authorise another EDS user with access to qualified tools to sign and submit tax and information declarations, as well as other documents and information in EDS.

What is the transition period for EDS access changes and how will access via internet banking authentication be gradually phased out?

The amendments to the EDS regulations provide for a gradual transition from less secure authentication tools, such as internet banking authentication, to more secure qualified or qualified high-security electronic identification tools.

A transition period has been set until December 31, 2026, when the aforementioned Section 11.1 of the EDS Regulations in its new edition will lose its validity. Until this time, EDS users will have the opportunity to gradually abandon secure authentication tools issued and maintained by payment service providers (including internet banking authentication), instead transitioning to a qualified or qualified high-security electronic identification tool. After this date, internet banking authentication will no longer be available in EDS.

Until December 31, 2025, EDS users who currently authenticate with a username and password have the option to choose a further authentication method – to obtain a qualified electronic identification tool or to authorize another EDS user.

After January 1, 2026, persons who have not obtained a qualified or qualified high-security electronic identification tool (including digitally inactive persons, seniors, persons with disabilities, or functional limitations) will be able to authorize another EDS user to submit and receive documents on their behalf in person at SRS customer service centres.

These changes are part of broader efforts to improve digital security and service accessibility, encouraging EDS users to timely adapt to the new, more secure authentication methods. At the same time, flexibility and access to the system are maintained for those user groups for whom obtaining qualified tools is challenging.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.

© 2025 KPMG Baltics SIA, a Latvian limited liability company and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organization please visit https://kpmg.com/governance.