Empowerment and representation in the digital environment

Authorization and representation in the digital environment are an essential part of enterprise risk management and business continuity. A well-organized access and authorization system helps avoid legal issues, security incidents, and downtime.

Digitalization has significantly changed the way companies cooperate with state or local government institutions, credit institutions, cooperation partners and often also with customers. Issues of authorization and representation have become a critical part of commercial activities, as more and more often the conclusion of contracts, submission of reports, payment of taxes and other processes are increasingly carried out electronically, and the company's  operations can be paralyzed if  such rights are not ensured in a timely manner.

It is important for a company to determine who is allowed to sign tax returns, make bank transfers, not to mention access to sensitive data of employees and customers. The right to access the systems of various institutions and companies does not always mean the right to legally perform specific actions. Therefore, it is important to be familiar with powers of attorney and know how to properly organize the representation of individuals in the digital environment.

What is a power of attorney and when is it necessary?

A power of attorney is a legal instrument by which one person (the principal) grants another person (the agent) the right to act on their behalf to a certain extent. It is necessary whenever the action cannot or is not expedient for the person with the right to sign, for example, a member of the board of a commercial company. In the digital environment, the role of authorization is particularly important, as access to systems is often granted to a specific individual, not a position in a company. In commercial activities, this most often means the right to: sign documents; represent the company in state and local government institutions, for example, when submitting reports to the State Revenue Service (SRS), the Central Statistical Bureau, etc. in institutional systems;

• conclude contracts in an electronic or e-environment;
• access and manage e-services - for example, view a company's profile in an e-address or view bank account statements, make payments.

Authorization is also necessary if an accountant, lawyer or an external service provider is engaged to perform specific functions, there is a change in management in the company or the continuity of the company's operations needs to be ensured during absence.

Basics of company representation in digital services

Company representation is based on legal representation, which determines which officials are entitled to represent the company (for example, an entry in the company's Articles of Association or in the commercial registers of the Enterprise Register) and contractual representation, which extends or delegates representation rights to other persons (by issuing a power of attorney).

Digital services often provide internal authorization mechanisms within the systems that automatically provide access to specific e-services. For example, when connecting to the unified state services portal Latvija.lv, data on the person entitled to represent is read from the Enterprise Register. A member of the board of a commercial company is automatically granted all rights for activities on the portal. This happens similarly in the SRS Electronic Declaration System, Internet banking, etc. In turn, a member of the board can delegate specific rights to individual company employees or external service providers (for example, an employee of an accounting office) to access the systems of state institutions on behalf of the company. These access rights often have to be activated separately and representation is often realized with an e-signature, online banking identification or official delegation functions on the specific platform.

The difference between legal representation and practical access to e-services

In the digital age, representation of a company is not only about who has the rights, but also about who has access and how thoughtfully it is managed.

Legal representation means the right to make decisions, act and assume obligations on behalf of the company in accordance with the law or a power of attorney. Accordingly, the signing rights are held by the persons specified in the company's statutes - the members of the board of directors. In addition, separate or joint representation rights can be determined for the members of the board of directors, for example, it can be provided that a contract only enters into force if it has been signed by all members of the board of directors. This also applies to activities in the electronic environment.

The authorized person also has the right to act to a certain extent, for example, from January 1, 2026, an accountant needs a power of attorney to be able to electronically sign and submit company reports and tax returns to the SRS Electronic Declaration System (EDS).

Practical access means an actual opportunity to connect to a specific system and perform actions. Often, employees also have access to the systems and their e-services, but  do not have legal authorization to submit a document in the electronic environment. Such a situation arises, for example, when an accountant has practical access to the Internet bank to prepare payments, but does not have legal representation (signature rights) to approve them without the involvement of the manager. Also, to fill out a project competition application, which nowadays most often takes place in the electronic environment, it is necessary to determine who has the right to write, correct, supplement the forms, and who has the right to submit the application on behalf of the legal entity. In such situations, the company manager may have to submit a list of the company's authorized employees to the e-service provider. 

The most common situations in which problems with authorizations arise

Problems usually arise when practical access does not match legal representation and vice versa. When the company's board changes, representation rights in the e-service provider's systems are not changed, because not all of them have read the information about the changes made in the Enterprise Register. Former board members, for example, can still access the SRS EDS, but new board members cannot do this, because  access to the system has not been activated.

This also applies to employees with whom employment relationships have been terminated - their access to company systems, such as e-mail, and also access to e-services in state systems in which they were authorized, has not been canceled. 

It is also important to check the terms of the authorizations issued to employees, because they often end with the new calendar year. Likewise, authorizations should be revoked in a timely manner if cooperation with external service providers, such as an accounting office, is terminated.

It is also important to determine the scope of the specific authorization – to which digital activities the authorization applies.

In such problem situations, the submission of reports may be delayed, which in turn may result in penalties. There are also security risks that information and databases may be deleted or otherwise compromised, which in turn may lead to disputes and even litigation.

The importance of authorizations for service continuity

Digital representation requires regular audits and a clear division of roles, otherwise, without an organized authorization system, the company becomes a hostage to one person. For example, in the absence of the company manager, payments may stop and the conclusion of contracts may be disrupted. This situation would be resolved if a deputy with limited signing rights were delegated.

The same applies to cases when an accountant falls ill or goes on vacation - reports to state institutions are delayed, so it is necessary to take care of a substitute accountant in a timely manner, who has been granted the appropriate authorization for activities in the SRS EDS.

The company manager must ensure that there is a transparent distribution of responsibility for activities in the digital environment and  dependence on the presence of one specific employee does not develop. This is especially important in small and medium-sized enterprises, where one employee often performs several functions. His unexpected absence can significantly affect the company's operations if authorizations are not arranged in a timely manner.

Security and liability aspects

Today's digital environment is convenient, but also insecure and full of risks. More than once we have heard of cases where company accounts are emptied as a result of criminal activities because they were accessed due to the careless attitude of the accountant. Therefore, the ability to authorize employees to act in the digital environment is not only a convenience, it is also a delegation of responsibility. At the same time, the practice of multiple employees using the same manager's authentication data should be avoided. Such shared profiles are insecure and legally dangerous. Weak passwords for accessing e-services also pose a risk of data leakage. Therefore, it is recommended to: divide responsibility when each action in the system is audited. If an employee performs an unauthorized action with their authorization, it is clearly visible who did it:

• requirement for individual authorization so that other people's authentication tools are not used. The person whose e-signature was used will be responsible for the signed document, not the person who physically pressed the button;
• grant the employee only those accesses that are necessary for the specific task;
• regularly review accesses, especially after personnel changes;
• document the accounting of authorizations, clearly defining the scope and term;
• revoking powers in a timely manner if cooperation is terminated.

Authorizations and representation in the digital environment are an essential part of a company's risk management and business continuity. An orderly access and authorization system helps to avoid legal problems, security incidents and downtime.

The creation of the platform is being implemented within the framework of the European Union Recovery and Resilience Mechanism investment 2.1.2.1. "Digital Services Platform business.gov.lv", in close cooperation with state institutions and business representatives.
Its development is taking place gradually - by testing solutions, improving usability and adapting the platform to the real needs of entrepreneurs. Special attention has been paid to user experience in the development process – entrepreneurs are actively involved in testing and provide feedback on the ease of use of the platform.
The project “Digital Services Platform for Promoting Business Development” is implemented with funding from the European Union's Recovery and Resilience Mechanism (NextGenerationEU).