The Information Technologies and Communication Authority (ITCA), through an announcement published on its website on 28 July 2021, opened the Draft Regulation (“Draft Regulation“) Amending the Regulation regarding the Procedures and Principles on Implementation of the Law on the Electronic Signature (“Regulation“) to public consultation, which was drafted with the ITCA’s Decision No. 2021/İK-BTD/192 of 13 July 2021. The Draft Regulation will be accessible through the ITCA’s website for public consultation for a period of 30 days. The Draft Regulation is available here (in Turkish).
The Draft Regulation intends to update the Regulation in line with recent regulations, such as the Identity Verification Regulation and the Electronic Identity Verification System Regulation (“EKDS Regulation“). Accordingly, the Draft Regulation provides new provisions on electronic identity authentication and the qualified electronic certificate upload process for identity cards.
A new Chapter 4 titled “Qualified Electronic Certificate Upload to the Identity Cards, their Renewal and Annulation” is foreseen to be included under the Regulation. Accordingly, the electronic certificate service provider (ESHS) will be entitled to remotely upload qualified electronic certificates or different electronic certificates using similar infrastructures in identity cards, and to renew or revoke these certificates from identity cards. To carry out these operations, the ESHS will need to do the following:
– make an application before the ITCA to obtain a role and to secure the communication certificate
– provide necessary information and documentation to the ITCA about the card access device (the KEC) to be used while remotely uploading, renewing or annulling qualified electronic certificates in identity cards
Identity authentication via an identity card will have to be completed as per paragraph (h) of Article 30(1) of the EKDS Regulation. Information required to be included in the identity authentication notification (the KDB) that will be created for identity authentication is listed in prospective Article 17 of the Regulation. Pursuant to Article 17, the ESHS will be able to remotely upload the qualified electronic certificate to the identity card after the identity authentication is complete. Prospective Articles 19 and 20 regulate the terms of the renewal and annulment of the qualified electronic certificates, respectively.
Lastly, the ESHS’ obligation to store certain data and documents for 20 years has been extended accordingly with other amendments of the Draft Regulation. In this respect, subject to security, confidentiality and integrity requirements, the ESHS will be obliged to store all information related to remote qualified electronic certificate management through identity cards, including information on the timing of these transactions and the appointed personnel, for a period of 20 years, along with other records.
The Draft Regulation sets forth essential changes in terms of electronic identity authentication procedures. Industry stakeholders will be able to review the Draft Regulation through the website of the ITCA until 28 August 2021 and submit their opinions from a commercial perspective.