The Information Technologies and Communication Authority (ITCA) amended the Regulation regarding the Procedures and Principles on Implementation of the Electronic Signature Law. Procedures and principles on qualified electronic certificate applications and amendments regarding identity authentication procedures carried out by the Electronic Certificate Service Provider (“ESHS“) are one of the main changes.
The Regulation on the Amendment of the Regulation regarding the Procedures and Principles on Implementation of the Electronic Signature Law (“Regulation“) prepared by ITCA entered into force on 15 October 2021 after being published in the Official Gazette. The Regulation introduces updates on procedures to be followed during qualified electronic certificate applications and necessary documentation. In addition, the Regulation provides new provisions on general rules, procedures and principles as to qualified electronic certificate installation on identity cards, details of the identity authentication via identity cards and electronic identity authentication, as well as the role and secure communication certificate of ESHS. The Regulation is available here (in Turkish).
Secure electronic signature is a type of electronic signature that has the same legal effects as wet signatures. Qualified electronic certificates, on the other hand, are used as a basis to verify the identity of the signatory, while issuing qualified e-signatures. In this context, the Regulation sets forth new principles on application, installation, renewal and annulment of qualified electronic certificates by the ESHS.
Identity authentication process in the qualified electronic certificate application:
– ESHS can verify the identity of qualified electronic certificate applicants, electronically or based on identity cards, as per the provisions of the Regulation on the Process of Identity Authentication of Applicants in the Electronic Communications Sector (“Identity Authentication Regulation“), in addition to valid and photographed official documents such as national ID card, passport or driver’s license.
– Physical presence may not be required provided that the identity of the applicant is verified via the identity card in accordance with Article 13/Ç of the Regulation regarding the Procedures and Principles on the Implementation of the Electronic Signature Law and electronically in accordance with the provisions of the Identity Verification Regulation.
Installing, renewing or annulling qualified electronic certificates on identity cards:
– Qualified electronic certificates or different electronic certificates using similar infrastructures in identity cards can be installed by ESHS by taking security measures via the Card Access Device (“KEC“).
– Preliminary applications for installing a qualified electronic certificate on the identity cards can be submitted through the website of the ESHS, which will carry out the certificate installation and renewal and annulment processes uninterruptedly and accordingly with the procedures and principles stipulated in the Regulation. In cases where the identity authentication of the applicant will be based on an identity card, the minimum information set forth under Article 13/Ç of the Regulation will be required.
– ESHS will have to record the data on all transactions related to remote qualified electronic certificate processes via identity cards, including transaction periods and person/persons involved with the transaction, for a period of at least 20 years.
– The Regulation also introduces comprehensive provisions as to the role and secure communication certificate which is required for installing qualified electronic certificates and other electronic signatures with similar infrastructure. The ESHS will submit certificate execution requests and suitability of the role server to the Directorate General of Population and Citizenship under the Ministry of Interior upon ITCA approval.
The Regulation brings important changes to the Regulation regarding the Procedures and Principles on Implementation of the Electronic Signature Law in terms of the identity verification procedures of the ESHS. Also, essential updates as to the procedures and principles for installation, renewal and annulment of a qualified electronic certificate on identity cards are introduced. It is essential to consider the aforementioned issues for obtaining qualified electronic certificates.