Text consolidated by Valsts valodas centrs (State
Language Centre) with amending laws of:
14 October 2021 [shall come
into force on 1 December 2021].
If a whole or part of a section has been amended, the
date of the amending law appears in square brackets at
the end of the section. If a whole section, paragraph or
clause has been deleted, the date of the deletion appears
in square brackets beside the deleted section, paragraph
or clause.
|
The Saeima 1 has adopted and
the President has proclaimed the following law:
Law on Electronic Identification
of Natural Persons
Chapter I
General Provisions
Section 1. Terms Used in this
Law
The following terms are used in this Law:
1) authentication - an electronic process during which
an electronic identification service provider conducts the
verification of the electronic identification data of a natural
person in order to ensure the electronic identification of the
relevant person;
2) electronic identification - a process of using the
electronic identification data of a person in order to verify the
identity of a natural person in the electronic environment;
3) electronic service provider - such private
individual that performs economic activity and provides the
electronic service in the Republic of Latvia or performs economic
activity outside the Republic of Latvia and provides the
electronic service in the Republic of Latvia through an
authorised representative or a public person that uses the
electronic identification service for the purpose of providing
the electronic service;
31) electronic service - a service of the
electronic service provider which is fully or partly provided by
electronic means through the use of electronic
identification;
4) means of electronic identification - material and
immaterial units that include the electronic identification data
of a person and that are used in order to identify himself or
herself for the electronic service;
41) national means of electronic identification
- means of qualified or qualified increased security
electronic identification which has been issued by a State
administration institution authorised by laws and regulations and
which has been included in the identity card, or the means of
electronic identification ensured in accordance with the
assignment of the Cabinet which has been included in the notified
identification scheme of the Republic of Latvia in accordance
with Regulation (EU) No 910/2014 of the European Parliament and
of the Council of 23 July 2014 on electronic identification and
trust services for electronic transactions in the internal market
and repealing Directive 1999/93/EC (hereinafter - Regulation No
910/2014/EU);
5) electronic identification data of a person - a set
of data at the disposal of a natural person and an electronic
identification service provider, enabling the clarification of
the identity of a natural person.
[14 October 2021]
Section 2. Purpose and Scope of
Application of This Law
(1) The purpose of the Law is to prescribe requirements
for:
1) electronic identification in order to ensure a possibility
for a natural person to request or receive the electronic
service;
2) procedures for the registration and supervision of the
electronic identification service provider, as well as qualified
and qualified increased security electronic identification
service provider;
3) types of electronic identification that are equivalent to
on-site verification of the identity of a natural person by
presenting a personal identification document.
(2) A qualified or qualified increased security electronic
identification service provided by the qualified or qualified
increased security electronic identification service provider
shall apply only to the natural persons who are included in the
Register of Natural Persons. If the natural person has not been
included in the Register of Natural Persons, the electronic
identification thereof shall take place in accordance with the
laws and regulations governing the relevant electronic
service.
[14 October 2021]
Chapter II
Provision of Electronic Identification
Section 3. Electronic
Identification
(1) The identity of a natural person in the electronic
environment has been verified if the natural person is identified
by using the means of electronic identification, and electronic
identification has taken place in accordance with the
requirements of the laws and regulations in respect of the
provision and use of the electronic identification service.
(2) The electronic identification service shall include the
issuing of the means of electronic identification and termination
of the operation thereof, the issuing of an authentication
certificate, creation and maintenance of the electronic
identification data of a person, as well as maintaining the
electronic identification supplies.
(3) The electronic identification shall be regarded as
completed and shall be equated to on-site verification of the
identity of a natural person, presenting a personal identity
document, in one of the following cases:
1) if it has been conducted with the means of qualified or
qualified increased security electronic identification and it
complies with the requirements laid down in this Law;
2) if it has been conducted in the case when the electronic
identification service provider and electronic service provider
have agreed in written form regarding electronic identification
and the type of electronic identification without using qualified
or qualified increased security electronic identification;
3) if it has been conducted in the case when the electronic
service provider and natural person have agreed in written form
regarding the verification of the identity of the natural person
in the electronic environment without using qualified or
qualified increased security electronic identification.
(4) [Paragraph shall come into force on 1 February 2023 and
shall be included in the wording of the Law as of 1 February 2023
/ See Paragraph 8 of Transitional Provisions]
Section 4. Certificate for
Authentication of Qualified or Qualified Increased Security
Electronic Identification
(1) If a natural person has been identified in the process of
a qualified or qualified increased security electronic
identification, the electronic identification service provider
shall issue a certificate for authentication to the electronic
service provider.
(2) The following information shall be included in the
certificate for authentication:
1) a reference to whether this is a certificate for
authentication of qualified or qualified increased security;
2) the name of the electronic identification service provider,
registration number, legal address or in the case of a natural
person - the given name, surname, personal identity number (if
the person does not have a personal identity number - the date of
birth, number of the personal identification document and the
date of issue of the document, country and institution that has
issued the document);
3) the given name, surname and personal identity number of the
identified natural person; and
4) the date and time of issuing the certificate for
authentication.
Section 5. Issuing the Means of
Qualified or Qualified Increased Security Electronic
Identification
(1) A natural person shall lodge a submission to an electronic
identification service provider in order to receive the means of
qualified or qualified increased security electronic
identification.
(2) Prior to issuing the means of qualified or qualified
increased security electronic identification, the electronic
identification service provider shall ascertain regarding the
identity of the natural person in the presence thereof, based on
the personal identification document presented by the natural
person.
(3) The means of qualified electronic identification shall be
issued to a natural person by a qualified electronic
identification service provider.
(4) The means of qualified increased security electronic
identification shall be issued to a natural person by a qualified
increased security electronic identification service
provider.
(5) By retaining the responsibility laid down in this Law, a
qualified or qualified increased security electronic
identification service provider may entrust the performance of
activities laid down in Paragraphs two, three and four of this
Section to another legal or natural person on the basis of a
contract by informing the supervisory authority thereof in
writing.
Section 6. Termination of Operation
of the Means of Qualified or Qualified Increased Security
Electronic Identification
(1) If operation of the means of qualified or qualified
increased security electronic identification is terminated, it
cannot be restored.
(2) A qualified or qualified increased security electronic
identification service provider shall immediately terminate
operation of the means of electronic identification in the
following cases:
1) a natural person demands termination of operation of the
means of electronic identification;
2) information regarding the death of the natural person has
been received from the Population Register;
3) information regarding the change of the given name, surname
or personal identity number has been received from the Population
Register, and such data have been included in the means of
electronic identification issued by the electronic identification
service provider;
4) a natural person has submitted false or deceiving
information regarding the identity thereof;
5) upon executing a court adjudication regarding the
termination of operation of the means of electronic
identification;
6) in the cases laid down in the contract on the provision of
the electronic identification service.
[14 October 2021]
Chapter III
Qualified or Qualified Increased Security Electronic
Identification Service Provider
Section 7. Requirements for a
Qualified or Qualified Increased Security Electronic
Identification Service Provider
Any private person or public sector body may become a
qualified or qualified increased security electronic
identification service provider if it provides one or several
electronic identification services and complies with the
following requirements:
1) it uses such information systems and products for the
provision of an electronic identification service that, upon
assessing the potential risks, are protected against unauthorised
access or alterations;
2) it maintains sufficient financial resources in order to
meet the requirements of this Law, and insures professional third
party liability in accordance with the procedures laid down in
Section 12 of this Law;
3) it has been registered in the Register of Qualified
Electronic Identification Service Providers (hereinafter - the
Register) in accordance with the procedures laid down in this
Law;
4) it immediately ensures termination of operation of the
means of qualified or qualified increased security electronic
identification in the cases laid down in this Law or the contract
on the provision of the electronic identification service;
5) it ensures that the date and time of the commencement and
termination of operation of the means of qualified or qualified
increased security electronic identification may be established
at any time;
6) it uses systems that ensure preservation of the certificate
for authentication of qualified or qualified increased security
and information related to an unsuccessful authentication
attempt, as well as it ensures:
a) that only a qualified or qualified increased security
electronic identification service provider or an authorised
person thereof presents or issues the verification data of a
certificate for authentication of qualified or qualified
increased security and an unsuccessful authentication
attempt,
b) registration of changes in the personal electronic
identification data at the disposal thereof, and control and
supervision of such changes,
c) that technological changes are registered and conducted
under the supervision thereof;
7) it ensures that the personal electronic identification data
at the disposal thereof do not allow the creation of copies of
the personal identification data at the disposal of the natural
person;
8) it ensures verification in respect of the consistency of
the personal electronic identification data with the data of a
natural person of a period not longer than 24 hours prior to
electronic identification and have been included in the Register
of Natural Persons.
[14 October 2021]
Section 8. Registration of a
Qualified or Qualified Increased Security Electronic
Identification Service Provider
(1) The following documents shall be submitted to the
supervisory authority in order to register an electronic
identification service provider in the Register:
1) a written submission;
2) rules for the provision of the electronic identification
service;
3) a description on the security of the information systems
and procedures for the provision of electronic identification
service;
4) an opinion regarding the security verification of the
information systems and procedures for the provision of
electronic identification service provided by an expert included
in the list of experts approved by the supervisory authority;
5) a document attesting fulfilment of the requirements laid
down in Section 7, Clause 2 of this Law;
6) certification that it complies with technical and
organisational requirements laid down in Section 13 of this
Law;
7) the information referred to in Section 14, Paragraph one,
Clause 7 of this Law.
(2) The supervisory authority shall verify whether the
electronic identification service provider and the electronic
identification service provided by it comply with the
requirements of this Law and shall register it in the Register or
shall take a reasoned decision to refuse registration within one
month after the receipt of the documents referred to in Paragraph
one of this Section.
(3) If the verification is not completed within one month, the
supervisory authority shall inform the electronic identification
service provider thereof, specifying the reasons for delay and
the time limit for completing the verification. The supervisory
authority may prolong the verification term for a period that
does not exceed two months.
(4) If the electronic identification service provider has not
submitted all documents referred to in Paragraph one of this
Section or the information indicated therein is incomplete or
imprecise, the supervisory authority shall inform the electronic
identification service provider thereof in writing, specifying
the term by which the relevant documents or information must be
submitted, and shall respectively prolong the time limit for
taking a decision.
(5) The supervisory authority shall take a decision to refuse
registration in the following cases:
1) the electronic identification service provider or the
electronic identification service provided by it does not comply
with requirements of this Law;
2) the electronic identification service provider has not
submitted the requested information and documents within the time
limit laid down in Paragraph four of this Section.
(6) The supervisory authority shall, within three working days
after taking the decision referred to in Paragraph five of this
Section, inform the electronic identification service provider
thereof in writing.
(7) The electronic identification service provider shall
become a qualified or qualified increased security electronic
identification service provider and may provide a qualified or
qualified increased security electronic identification service
starting from the day when it is registered in the Register as a
qualified or qualified increased security electronic
identification service provider.
[14 October 2021]
Section 9. Rules for the Provision
of the Qualified or Qualified Increased Security Electronic
Identification Service
(1) Rules for the provision of the qualified or qualified
increased security electronic identification service shall
include the following:
1) information regarding the electronic identification service
provider - the firm name or the given name and surname,
registration number or personal identity number, address,
telephone number and electronic mail address;
2) information regarding the information systems, equipment,
technologies, software used for the provision of the electronic
identification service, and the documents attesting user rights
thereof;
3) a sample of the contract on the provision of the electronic
identification service;
4) information regarding the procedures for issuing the means
of electronic identification and measures for ensuring the
security thereof;
5) information regarding the electronic identification
possibilities;
6) information regarding terminating the operation of the
means of electronic identification;
7) information regarding technical and technological
possibilities that ensure protection of the means of electronic
identification, the personal electronic identification data at
the disposal of the electronic identification service provider,
as well as of the electronic identification.
(2) If the rules for the provision of the electronic
identification service change, the electronic identification
service provider shall immediately submit to the supervisory
authority amendments to the rules for the provision of the
electronic identification service. The electronic identification
service provider may provide the electronic identification
service pursuant to amendments submitted to the supervisory
authority only after the referred to amendments are published on
the Internet website of the supervisory authority.
Section 10. Description of the
Security of the Information Systems, Equipment and Procedures for
the Provision of the Qualified or Qualified Increased Security
Electronic Identification Service
(1) The information to be indicated in the description of the
security of the information systems, equipment and procedures for
the provision of the qualified or qualified increased security
electronic identification service shall be determined by the
Cabinet.
(2) If the description of the security of the information
systems, equipment and procedures for the provision of the
qualified and qualified increased security electronic
identification service changes, the qualified or qualified
increased security electronic identification service provider
shall immediately submit amendments to the description of the
security of the information systems, equipment and procedures to
the supervisory authority.
Section 11. Security Verification of
the Information Systems, Equipment and Procedures for the
Provision of the Qualified or Qualified Increased Security
Electronic Identification Service
(1) The security of the information systems, equipment and
procedures for the provision of the qualified or qualified
increased security electronic identification service shall be
verified and an opinion thereon shall be provided by an expert
who is included in the list of experts approved by the
supervisory authority.
(2) An expert, who complies with the following requirements,
shall be included in the list of experts approved by the
supervisory authority:
1) the expert has technical capabilities to determine the
compliance of the security of the information systems, equipment
and procedures for the provision of the electronic identification
service with requirements laid down in laws and regulations;
2) it is legally and financially independent from the
qualified and qualified increased security electronic
identification service providers, as well as from the supervisory
authority;
3) it or the personnel employed thereby has the necessary
knowledge in the field of security audit of the information
systems;
4) it is not involved in the manufacturing and supply of the
information systems and other information technologies for the
provision of the electronic identification service.
Section 12. Third Party Liability
Insurance
(1) The qualified or qualified increased security electronic
identification service provider must insure the potential risk of
losses related to the operations thereof.
(2) The qualified or qualified increased security electronic
identification service provider shall conclude the insurance
contract prior to submitting the documents referred to in Section
8, Paragraph one of this Law to the supervisory body, and it
shall remain effective throughout the entire period of provision
of electronic identification service.
(3) If losses incur due to action or inaction of the qualified
or qualified increased security electronic information service
provider, the insurance company, based on the insurance contract,
shall cover the relevant losses from the insurance compensation
of the qualified or qualified increased security electronic
identification service provider.
(4) The minimum insurance amount and time period of the
qualified or qualified increased security electronic
identification service provider, as well as exceptional cases
when the insurance company does not cover the losses caused by
the qualified or qualified increased security electronic
identification service provider shall be determined by the
Cabinet.
Section 13. Technical and
Organisational Requirements
The Cabinet shall determine technical and organisational
requirements to which the qualified and qualified increased
security electronic identification service provider must comply,
authentication, means of electronic identification, as well as
the procedures for ensuring terminating the operation of the
means of the qualified and qualified increased security
electronic identification is ensured, carrying out a safe
verification of electronic identification, issuing and preserving
a certificate for authentication and information related to
unsuccessful authentication attempts, as well as the procedures
and time limits for the security verification of the information
systems, equipment and procedures of the electronic
identification service provision.
Section 14. Obligations of the
Qualified or Qualified Increased Security Electronic
Identification Service Provider
(1) The qualified or qualified increased security electronic
identification service provider (in respect of the qualified or
qualified increased security electronic identification
service):
1) shall ensure the electronic service provider with a
possibility to use the electronic identification service of the
electronic identification service provider free of charge for the
purpose of the provision of such electronic service that is
provided by a public person when performing the functions and
tasks assigned thereto;
2) assessing the potential risks, shall use the information
systems, equipment and procedures that guarantee proper security
of the electronic identification service for the purpose of the
provision of the electronic identification service;
3) shall take the necessary measures to guarantee the personal
electronic identification data protection against illegal
processing and use thereof;
4) shall ensure the protection of the means of electronic
identification against counterfeiting until the issuing thereof
to the person;
5) shall ensure the compliance of the information systems,
equipment and procedures for the electronic identification
service provision with this Law and the requirements of the laws
and regulations in respect of the provision, use of the
electronic identification service and personal data
protection;
6) shall ensure that the means of electronic identification is
issued to the person on site:
a) if a contract on the provision of the electronic
identification service has been entered into with the person,
b) in accordance with the Personal Identification Documents
Law, if the means of electronic identification has been included
in the identity card;
7) shall ensure that prior to the entering into the contract
on the provision of the electronic identification service or
prior to the issuing the identity card with information, which is
required for electronic verification of the identity of the
holder of the identity card, included therein in electronic form
the following publicly available information is provided
regarding:
a) the rules and requirements applying to the use of the means
of electronic identification, including information regarding
restrictions for using the means of electronic identification
laid down by the electronic identification service provider,
b) the procedures for reviewing complaints and disputes,
c) responsibility of the electronic identification service
provider,
d) potential risks related to the use of the issued means of
electronic identification,
e) obligations and responsibility of the person laid down in
Section 18 of this Law,
f) cases in which termination of operation of the means of
electronic identification takes place;
8) shall comply with the laws and regulations applying to the
provision, use of the electronic identification service and
personal data protection, description of the security of
information systems, equipment and procedures for electronic
identification service provision, as well as rules for the
provision of the electronic identification service included in
the Register;
9) shall immediately inform the supervisory authority
regarding all circumstances delaying the observance of laws and
regulations, rules for the provision of the electronic
identification service included in the Register or description of
the security of information systems, equipment and procedures for
the electronic identification service provision;
10) shall immediately inform the natural person regarding
terminating the operation of the means of electronic
identification, except for the cases when operation of the means
of electronic identification is terminated based on Section 6,
Paragraph two, Clause 2 of this Law;
11) shall maintain information regarding the personal
electronic identification data and the issued means of electronic
identification, as well as keep information related to the means
of electronic identification in accordance with the laws and
regulations applying to the provision, use of the electronic
identification service and personal data protection;
12) shall carry out complete accounting of the procedures for
issuing and terminating the operation of the means of electronic
identification;
13) shall record all measures related to the issuing a
certificate for authentication and an unsuccessful authentication
attempt in log files. The log files shall be kept for a period of
five years. The physical and logical protection shall be ensured
for the log files as laid down in the laws and regulations
applying to the provision, use of the electronic identification
service, personal data protection and security of national
information systems and other information systems;
14) shall provide information regarding the issuing and
terminating the operation of the means of electronic
identification, personal electronic identification data,
certificates for authentication and unsuccessful attempts of
authentication to court, prosecutor's office and investigative
institutions according to the procedures laid down in the laws
and regulations;
15) shall provide information to the supervisory authority in
conformity with the laws and regulations applying to the
provision, use of the electronic identification service and
personal data protection;
16) shall inform a data subject regarding the intended
personal data processing and comply with the laws and regulations
governing the security of information systems and personal data
protection;
17) shall immediately inform the supervisory authority,
supervisory authority of personal data and the person regarding
any infringement of data protection and security influencing the
electronic identification service provider and personal data
processed by it;
18) shall ensure consultancy for persons and 24-hour support
in respect of receipt of the electronic identification
service;
19) shall provide on its website information to electronic
service providers on the cases where the operation of the
electronic identification service is disrupted if the
availability of the electronic identification service is below
the service availability time specified in the laws and
regulations regarding technical and organisational requirements
for the qualified or qualified increased security electronic
identification service provider.
(2) The national electronic identification service provider
shall ensure the possibility for the electronic service provider
and a natural person to use the national means of electronic
identification service free of charge.
[14 October 2021]
Section 15. Responsibility of the
Qualified or Qualified Increased Security Electronic
Identification Service Provider
(1) The qualified or qualified increased security electronic
identification service provider shall be responsible for losses
caused to a natural person who, using the means of qualified or
qualified increased security electronic identification, has
relied on the following:
1) the electronic identification service provider, upon
issuing the means of electronic identification, has complied with
the laws and regulations applying to the provision, use of the
electronic identification service and personal data protection,
as well as complies and fulfils the description of the security
of the information systems, equipment and procedures for the
provision of electronic identification service and rules
regarding the provision of electronic identification service
included in the Register;
2) at the moment of issuing the means of electronic
identification the personal electronic identification data comply
with the personal electronic identification data included in the
means of electronic identification;
3) personal electronic identification data at the disposal of
the electronic identification service provider are used
properly;
4) after the receipt of a request from the natural person to
terminate operation of the means of electronic identification,
operation thereof will be terminated, however, the termination of
operation is not registered.
(2) The qualified or qualified increased security electronic
identification service provider shall compensate losses caused to
a natural person, if operation of the means of electronic
identification of such person is terminated without legal
basis.
Section 16. Termination of the
Provision of the Electronic Identification Service of the
Qualified or Qualified Increased Security Electronic
Identification Service Provider
(1) The supervisory authority shall take a decision to
terminate the provision of the electronic identification service
of the qualified or qualified increased security electronic
identification service provider in the following cases:
1) the qualified or qualified increased security electronic
identification service provider or the qualified or qualified
increased security electronic identification service provided by
it does not comply with the requirements of this Law;
2) the qualified or qualified increased security electronic
identification service provider has not eliminated the
discrepancies established in the security verification referred
to in Section 11 of this Law within the time period laid down by
the supervisory authority;
3) the qualified or qualified increased security electronic
identification service provider has lodged a submission in
writing regarding the termination of operation or termination of
the provision of the electronic identification service.
(2) The supervisory authority shall immediately delete the
qualified or qualified increased security electronic
identification service provider from the Register after taking of
the decision referred to in Paragraph one of this Section, and
shall inform the electronic identification service provider
thereof in writing within three working days after taking of the
decision referred to in Paragraph one of this Section.
Section 17. Supervisory Authority of
the Qualified or Qualified Increased Security Electronic
Identification Service Provider
(1) The supervisory authority shall supervise the compliance
of the activity of the electronic identification service provider
with the requirements laid down in the laws and regulations
applying to the provision and use of the electronic
identification service.
(2) The supervisory authority has the right to verify the
compliance of the qualified or qualified increased security
electronic identification service provider with the requirements
laid down in the laws and regulations applying to the provision
and use of the electronic identification service at any time.
(3) If necessary, the supervisory authority has the right to
request information from the electronic service provider
regarding technical and organisational requirements applying to
electronic identification for the receipt of electronic
service.
(4) The supervisory authority shall, not less than once a
year, request an opinion on security verification of the
information systems, equipment and procedures for the qualified
or qualified increased security electronic identification service
provision. The referred to opinion shall be provided by an expert
who has been included in the list of experts approved by the
supervisory body.
(5) The supervisory authority shall maintain the Register on
its Internet website and ensure online access thereto.
(6) The supervisory authority shall post and maintain on its
Internet website information regarding qualified and qualified
increased security electronic identification service providers
and legal or natural persons to whom performance of activities
referred to in Section 5, Paragraphs two, three and four of this
Law has been assigned in accordance with Section 5, Paragraph
five of this Law, as well as information submitted by the
electronic identification service provider in accordance with
Section 8, Paragraph one, Clause 7 of this Law.
(7) The supervisory authority, as well as the functions and
obligations thereof shall be determined by the Cabinet.
Chapter IV
Obligations and Responsibility of a Natural Person and Electronic
Service Provider
Section 18. Obligations and
Responsibility of a Natural Person
(1) By using the qualified or qualified increased security
electronic identification service, a natural person shall:
1) provide true information to the qualified or qualified
increased security electronic identification service
provider;
2) prior to the entering into the contract on the provision of
the electronic identification service or prior to issuing the
identity card with information included therein electronically
that is required for electronic verification of the identity of
the holder of the identity card, certify in writing that he or
she has become acquainted with the rules on provision of
electronic identification service included in the Register;
3) certify in writing that he or she has become acquainted
with the conditions for use thereof prior to receiving the means
of electronic identification;
4) ensure that personal electronic identification data (except
for the given name, surname and personal identity number) at the
disposal of the relevant natural person could be used only by the
natural person himself or herself;
5) store the means of electronic identification at the
disposal of him or her so that the means of electronic
identification does not become available to another person or
does not become invalid for use due to a damage;
6) immediately request the electronic identification service
provider to terminate operation of the means of electronic
identification if there is a reason to believe that the personal
electronic identification data (except for the given name,
surname and personal identity number) might be used without the
relevant person knowing it.
(2) A natural person may use only the issued means of
qualified or qualified increased security electronic
identification.
(3) A natural person cannot reveal to third persons the
personal electronic identification data at the disposal of him or
her (except for the given name, surname and personal identity
number).
(4) A natural person shall be responsible for losses caused to
another person who has relied on the means of qualified or
qualified increased security electronic identification if:
1) the natural person has provided false information to the
qualified or qualified increased security electronic
identification service provider;
2) the natural person has not taken proper care of protecting
the personal electronic identification data at the disposal of
him or her (except for the given name, surname and personal
identity number) against unauthorised use thereof;
3) there is a reason to believe that the personal electronic
identification data at the disposal of the natural person are
used without the relevant person knowing it, and the natural
person has not knowingly requested from the qualified or
qualified increased security electronic identification service
provider to terminate operation of the relevant means of
electronic identification.
Section 19. Obligations of an
Electronic Service Provider
(1) An electronic service provider in respect of qualified or
qualified increased security electronic identification:
1) shall store certificates for authentication and log files,
which include information regarding the cases related to
receiving an authentication certificate, as well as information
regarding unsuccessful attempts to receive the electronic service
requiring electronic identification, in accordance with the laws
and regulations which apply to the provision, use of the
identification service, personal data protection and security of
the national information systems and other information
systems;
2) shall carry out protective measures to prevent potential
illegal activities in relation to a certificate for
authentication at the disposal of the electronic service
provider;
3) shall provide information regarding the received
certificates for authentication to court, prosecutor's office and
investigative institutions in accordance with the procedures laid
down in laws and regulations;
4) shall comply with the laws and regulations governing
personal data protection and security of information systems;
5) shall on a regular basis verify whether qualified or
qualified increased security electronic identification service
providers have been included in or excluded from the
Register;
6) upon a request of the supervisory authority shall provide
information on technical and organisational requirements applying
to electronic identification for the receipt of the electronic
service.
(11) [Paragraph shall come into force on 1
February 2023 and shall be included in the wording of the Law as
of 1 February 2023 / See Paragraph 8 of Transitional
Provisions]
(12) [Paragraph shall come into force on 1
February 2023 and shall be included in the wording of the Law as
of 1 February 2023 / See Paragraph 8 of Transitional
Provisions]
(2) In respect of the electronic service that is provided by a
public person, when performing the functions and tasks assigned
thereto, within one year after the registration of the electronic
identification service provider in the Register, the electronic
service provider shall ensure the receipt of the abovementioned
electronic service at its own expense by using the qualified or
qualified increased security electronic identification service in
accordance with technical and organisational requirements laid
down in Section 13 of this Law.
(3) The Cabinet shall determine the technical and
organisational requirements which the electronic service
provider, upon receipt of the qualified or qualified increased
security electronic identification service, is obliged to conform
to, when providing the electronic service that is provided by a
public person, when performing the functions and tasks assigned
thereto.
(4) Public persons and public service providers shall ensure
that the means of electronic identification necessary for the
provision of electronic services can be requested and received
remotely if due to technological interoperability it is not
possible to use national means of electronic identification for
access to the electronic services provided thereby.
[14 October 2021 / Paragraph four shall come into force on
1 January 2022. See Paragraph 6 of Transitional
Provisions]
Chapter V
Notification of the National Means of Electronic Identification
and Access to Electronic Services by Means of Electronic
Identification Notified to the European Commission
[14 October 2021]
Section 20. Notification of the
National Means of Electronic Identification to the European
Commission
(1) National means of electronic identification shall be
notified to the European Commission upon request of the
electronic identification service provider as the means of
electronic identification which corresponds to the assurance
level high or substantial within the meaning of Regulation No
910/2014/EU.
(2) National means of electronic identification issued in
accordance with an electronic identification scheme shall be
notified by the supervisory authority to the European Commission
if it meets the requirements of Regulation No 910/2014/EU.
(3) The supervisory authority shall ensure the fulfilment of
the obligations laid down in Regulation No 910/2014/EU for the
supervisory authority and in Article 10 of Regulation No
910/2014/EU for a European Union Member State.
[14 October 2021]
Section 21. Access to Electronic
Services by Means of Electronic Identification Notified to the
European Commission
(1) In order to request and receive from other European Union
Member States the electronic service provided by a public person
when performing the functions and tasks assigned thereto, Latvia
shall adopt the electronic identification schemes notified to the
European Commission and published in the Official Journal of the
European Union.
(2) Access to the electronic service for which all means of
electronic identification may be used in Latvia shall be ensured
by the means of electronic identification referred to in
Paragraph one of this Section which corresponds to the assurance
level low, substantial, or high within the meaning of Regulation
No 910/2014/EU.
(3) Access to the electronic service for which the means of
qualified or qualified increased security electronic
identification may be used in Latvia shall be ensured by the
means of electronic identification referred to in Paragraph one
of this Section which corresponds to the assurance level
substantial or high within the meaning of Regulation No
910/2014/EU.
(4) Access to the electronic service for which only the means
of qualified increased security electronic identification may be
used in Latvia shall be ensured by the means of electronic
identification referred to in Paragraph one of this Section which
corresponds to the assurance level high within the meaning of
Regulation No 910/2014/EU.
[14 October 2021]
Transitional Provisions
1. The Cabinet shall, not later than until 1 July 2017, issue
the regulations referred to in Section 10, Paragraph one, Section
12, Paragraph four, Section 13 and Section 19, Paragraph three of
this Law.
2. The Cabinet shall issue the regulations provided for in
Section 17, Paragraph seven of this Law by 1 March 2017.
3. Amendments to Sections 4, 5, 6, 7, 8, 9, 10, 11, 12, 13,
14, 15, 16, 17, 18 and 19 of this Law shall come into force from
1 January 2018.
4. The compliance of the qualified and qualified increased
security electronic identification service provider specified in
Section 8, Paragraph two of this Law with the requirements of
this Law shall be verified by the supervisory authority within a
time period of three months if a written application has been
submitted by 31 December 2018.
5. The notification obligation referred to in Section 20,
Paragraph one of this Law shall not apply to such national means
of electronic identification that have been notified to the
European Commission until 30 November 2021.
[14 October 2021]
6. The amendment to Section 19 of this Law regarding the
supplementation thereof with Paragraph four shall come into force
on 1 January 2022.
[14 October 2021]
7. The conditions laid down in Section 21 of this Law for the
use of the means of electronic identification notified to the
European Commission for requesting and receipt of such electronic
service that is provided by a public entity when performing the
functions and tasks assigned thereto shall be applied not later
than from 1 January 2023.
[14 October 2021]
8. The amendment to Section 3 of this Law regarding the
supplementation thereof with Paragraph four and amendment to
Section 19 of this Law regarding the supplementation thereof with
Paragraphs 1.1 and 1.2 shall come into
force on 1 February 2023.
[14 October 2021 / Paragraph four of Section 3 and
Paragraphs 1.1 and 1.2 of Section 19 shall
be included in the wording of the Law as of 1 February
2023]
This Law has been adopted by the Saeima on 5 November
2015.
President R. Vējonis
Rīga, 24 November 2015
1 The Parliament of the Republic of
Latvia
Translation © 2022 Valsts valodas centrs (State
Language Centre)