Subject 01 – ‘‘Electronic Signature’’ (E-Signature)

The Electronic Signature Law No. 5070 was adopted on January 15, 2004, and published in the Official Gazette No. 25355 dated January 23, 2004.

Legislation Related to Electronic Signatures

Legislations

Date

Law No: 5070, on Electronic Signature

23.01.2004

“Prime Ministry Circular No. 2004/21”

6.09.2004

“Regulation on the Procedures and Principles for the Implementation of the Electronic Signature Law” 

6.01.2005

“Communiqué on Processes and Technical Criteria Related to Electronic Signatures.”

6.01.2005

“General Terms and Conditions of Mandatory Certificate Financial Liability Insurance.”

27.01.2005

“Certificate Financial Liability Insurance Tariff and Instructions”

27.01.2005

“Regulation Amending the Regulation on Processes and Technical Criteria Related to Electronic Signatures.” 

18.06.2005

“Amendment Regulation to the Regulation on Processes and Technical Criteria Related to Electronic Signatures.” 

21.01.2006

“Regulation on Amendments to the Regulation on the Implementation Procedures and Principles of the Electronic Signature Law.”

4.02.2006

“Prime Ministry Circular No. 2006/13.”

19.04.2006

“Board Decision on Procedures and Principles Regarding Secured Electronic Signature Creation and Verification Applications and Secured Electronic Signature Formats.”

1.06.2006

“Board Decision on the Determination of Fees for Certificates, Timestamps, and Related Services.”

20.12.2006

“Board Decision on the Guide for Qualified Electronic Certificate, SIL, and OCSP Request/Response Message Profiles.”

18.04.2007

“Law Number 5728”

8.02.2008

“Notification Regarding Amendments to the Regulation on Processes and Technical Criteria Related to Electronic Signature”

24.03.2020

 

“Regulation Amending the Regulation on the Implementation Procedures and Principles of the Electronic Signature Law”

15.10.2021

https://www.youtube.com/watch?v=uHp3fQV6muk

https://www.youtube.com/watch?v=jF2WJGz3foY

  • Electronic Signature

An electronic signature;

  • is electronic data attached to another electronic data or logically associated with electronic data and, 
  • is used for the purpose of identity verification

The electronic signature ensures that information is transmitted in its original form created by the transmitting party, in a secured environment inaccessible to third parties, and with the identities of the parties verified, using electronic or similar tools in a way that guarantees its integrity, composed of letters, characters, or symbols.

The electronic signature varies depending on the content of the signed document, and it is obtained by finding a unique value believed to be derived from mathematical functions. In other words, individuals do not have a single signature as in handwritten signatures; instead, they have keys used for signing.

Electronic signatures have three essential characteristics:

  • Data Integrity: Preventing unauthorized or accidental alterations, deletions, and additions to the data.
  • Identity Verification and Authentication: Ensuring the validity of the message and the sender’s identity.
  • Non-Repudiation: Preventing individuals from denying transactions they have conducted in the electronic environment.
  • Mobile Signature

A mobile electronic signature is an electronic signature created using a mobile device. The only difference between a mobile electronic signature and an electronic signature is that a mobile electronic signature uses a SIM card placed within a mobile device as the tool for generating the electronic signature. While the term “mobile signature” is not explicitly mentioned in the Electronic Signature Law, a change was made on 26.06.2008 in the Regulation on Processes and Technical Criteria Related to Electronic Signature, which added mobile signatures to this regulation. Thus, it was expressed that the legislation regarding electronic signatures also covers mobile electronic signatures. Mobile electronic signatures provide the same legal validity as secured electronic signatures in the electronic environment. Mobile signatures can be obtained from mobile network operators.

  • Electronic Certificate

According to Article 3/I of Law No. 5070 on Electronic Signature, an electronic certificate is defined as an electronic record that links the signature holder’s verification data and identity information. Electronic certificates should be obtained from electronic certificate service providers operating in accordance with the law in exchange for a specific fee.

With the addition to Article 10 of the Law in 2021, it is regulated that if the electronic certificate service provider reliably verifies the identity information of individuals to whom qualified certificates are issued through the Turkish Republic identity card remotely, they can remotely load the qualified certificate onto the identity card in a reliable manner. In this context, qualified certificates are matched with citizens’ identity cards and are intended to be actively used for identity verification.

“How to load an e-signature onto a Turkish Republic identity card?”

Electronic certificates are necessary for the verification of the authenticity of the signature placed.

  • Qualified Electronic Certificates

For an electronic certificate to be considered a “qualified electronic certificate,” it must carry the following information as specified in Article 9 of the law:

  1. a) an indication that the certificate is a “qualified electronic certificate”,
  2. b) the identity information of the Electronic Certificate Service Provider and the country in

which it is established,

  1. c) the identity information by which the Signature Owner can be identified,
  2. d) Signature-Verification Data which correspond to Signature-Creation Data,
  3. e) the date of the beginning and the end of the validity period of the certificate,
  4. f) serial number of the certificate,
  5. g) the information regarding the authorization of the certificate holder if the holder acts on behalf of another person,
  6. h) when the certificate holder so requests, occupational and other personal information,
  7. i) information related to conditions of the usage of the certificate and limits on the value of transactions, when applicable,
  8. j) the Secured Electronic Signature of the electronic certificate service provider that verifies the information in the certificate.

The Regulation Amending the Regulation on the Implementation of the Electronic Signature Law of February 4, 2006, specifies that the validity period of qualified electronic certificates will be determined through contracts and/or agreements.

In Article 8 of Law No. 5070 on Electronic Signature, it is stated that electronic certificate service providers are public institutions and organizations as well as natural or legal persons in the private sector who provide services related to electronic certificates, timestamp, and electronic signatures. An electronic certificate service provider becomes operational two months after the notification made to the Authority.

A timestamp, on the other hand, is defined as a record electronically verified with an electronic signature by an electronic certificate service provider for the purpose of determining the time when an electronic data is created, modified, sent, received, and/or recorded.

  • Secured Electronic Signature

A Secured Electronic Signature can only be provided through a qualified electronic certificate. Places where one can apply to obtain a Qualified Electronic Certificate, which are Electronic Certificate Service Providers, are published on the website of the Information Technologies and Communication Authority.

The characteristics of a secured electronic signature are as follows:

  • It is exclusively linked to the signatory.
  • It is generated only with the secured electronic signature creation device in the possession of the signatory.
  • It verifies the identity of the signatory based on a qualified electronic certificate.
  • It allows for the detection of any subsequent changes made to the signed electronic data.
  • The Legal Consequences and Scope of Secured Electronic Signatures

According to Article 5 of the Electronic Signature Law:

⛤ A secured electronic signature has the same legal effect as a handwritten signature.

⛤ Legal transactions subject to the formal requirements or special formalities of laws and security contracts cannot be executed with a secured electronic signature.

For example, real estate sales under the Turkish Civil Code, official wills, and similar legal actions are subject to specific formal requirements. Marriage, on the other hand, involves special ceremonial formalities. Therefore, these transactions cannot be conducted using a secured electronic signature.”

Electronic signatures are regulated in other laws as follows:

  • Contracts that require written form can also be made with a secured electronic signature.

According to Article 14 of Turkish Code of Obligations (Act No. 6098) “contracts that are expected to be made in writing must bear the signatures of the parties assuming the obligations. Unless otherwise specified in the law, signed letters, telegrams signed by the parties assuming the obligations, fax messages with confirmation, or similar communication tools, or texts that can be sent and stored with a secured electronic signature, are considered equivalent to written form.”

  • A secured electronic signature also has all the legal consequences of a handwritten signature.

In accordance with Article 15 of Turkish Code of Obligations (Act No. 6098), “the signature must be handwritten by the person assuming the obligation. A secured electronic signature also has all the legal consequences of a handwritten signature.”

  • Among individuals engaged in trade, notifications such as default of deptor, termination of contracts, and withdrawal from contracts to a non-compliant party can also be made using a secured electronic signature, in addition to notary, mail with return receipt requested, or telegram.

According to Article 18/3 of Turkish Commercial Code No. 6102, notifications or warnings related to putting the other party in default, terminating the contract, or withdrawing from the contract among traders are made through a notary, mail with return receipt requested, telegram, or using the registered electronic mail system with a secured electronic signature.

  • Closing a current account can be done with a secured electronic signature.

According to Article 94/2 of Turkish Commercial Code No. 6102, unless there is a contract or commercial custom regarding the account cycle, the last day of each calendar year is considered the day when the account is closed by the parties. If the party receiving the statement showing the determined excess amount does not raise an objection within one month from the date of receipt, through a notary, mail with return receipt requested, telegram, or a document with a secured electronic signature, they are deemed to have accepted the balance.

  • Promissory notes, bills of exchange, checks, receipt warrants, warrants, and similar instruments cannot be issued with a secured electronic signature.

According to Article 1526/1 of Turkish Commercial Code No. 6102, promissory notes, bills of exchange, checks, receipt warrants, warrants, and similar instruments cannot be issued with a secured electronic signature. Transactions such as acceptance, endorsement, and endorsement on these instruments cannot be performed with a secured electronic signature.

  • A bill of lading and an insurance policy can be prepared with an electronic signature.

According to Article 1526/2 of Turkish Commercial Code No. 6102, the signature on a bill of lading, a bill of exchange, and an insurance policy can be made by hand, facsimile print, stapler, stamp, mechanical or electronic means, or any other method. To the extent permitted by the laws of the country in which they are issued, records on these instruments can be handwritten, telegraphed, telexed, faxed, or created and transmitted through other electronic means.”

  • Individuals and legal entities engaged in trade (merchants) can perform all their transactions using an electronic signature.

According to Article 1526/3 of Turkish Commercial Code No. 6102, as for commercial companies and other natural and legal persons engaged in trade, all transactions required by this Law can also be carried out with a secured electronic signature in an electronic environment. The documents underlying these transactions can also be prepared electronically in the same manner. In cases where the determination of the time element is necessary and regulated in the regulations, the date of the timestamp added to the secured electronic signature is taken as the basis, while in other cases, the date in the central database system is considered.

  • Individuals authorized to sign on behalf of the company can also use an electronic signature.

According to Article 1526/4 of Turkish Commercial Code No. 6102, individuals with signature authority on behalf of the company can sign with the secured electronic signature generated in their own name on behalf of the company. In this case, the name of the legal entity represented by the certificate holder is included in the certificate holder field along with the name of the certificate holder. This information is registered and announced.

  • Documents signed with an electronic signature are considered conclusive evidence.

According to Article 205 of Law on Civil Procedure No. 6100, promissory notes acknowledged in court or accepted by the court as being from the party denying them, are considered conclusive evidence unless proven otherwise. Electronic data created with a secured electronic signature in accordance with the procedure is considered as a promissory note. The judge shall examine whether the electronically signed document presented to the court was created with a secured electronic signature or not, ex officio.

  • If anyone claims that data created with a secured electronic signature is incorrect, fake, or altered, the party denying the data is heard by the judge. If a conclusion is not reached, an expert examination is requested.

According to Article 210 of Law on Civil Procedure No. 6100, in case of denial of data created with a secured electronic signature, after hearing the party denying the data, if no conclusion is reached, an expert examination is requested.

  • Within the scope of the National Judiciary Network (UYAP), lawsuits can be filed, fees and advances can be paid, and case files can be reviewed using an electronic signature. All minutes and documents must be created with an electronic signature in UYAP.

According to Article 445 of Law on Civil Procedure No. 6100, lawsuits can be filed, fees and advances can be paid, and case files can be reviewed using a secured electronic signature in electronic media. Minutes and documents that are physically prepared under this Law can be created and sent in electronic media with a secured electronic signature. Records and documents created with a secured electronic signature are not sent physically, and no copies of the documents are required.

  • In all types of execution and bankruptcy procedures, the National Judiciary Network Information System is used, and all data, information, documents, and decisions are processed, recorded, and stored through the National Judiciary Network Information System.

According to Article 8/a of Law No. 2004 on Execution and Bankruptcy, the National Judiciary Network Information System is used in all types of execution and bankruptcy procedures, and all data, information, documents, and decisions are processed, recorded, and stored through the National Judiciary Network Information System. Electronic data created with a secured electronic signature in accordance with the procedure are considered as a promissory note. A secured electronic signature has the same evidentiary power as a handwritten signature. A secured electronic signature can be used in place of a handwritten signature, except for transactions explicitly excluded by law from being performed with a secured electronic signature. Provisions requiring the preparation of multiple copies and sealing in laws do not apply to documents and decisions created with a secured electronic signature. Documents or decisions prepared physically due to compelling reasons are signed with a secured electronic signature by authorized persons, transferred to the National Judiciary Network Information System, and, when necessary, transmitted to the relevant units through the National Judiciary Network Information System. The originals of these documents and decisions, once transferred electronically and transmitted to the relevant units, are stored at the sending execution and bankruptcy office and are not sent physically. However, exceptions are made for cases where it is mandatory to examine the original document or decision.

  • In criminal proceedings, all procedures are conducted through UYAP (National Judiciary Network Information System). In case of a conflict between an electronically signed document and a manually signed document, the electronically signed document registered in UYAP is considered valid.

In accordance with Article 38/A of the Criminal Procedure Code, the National Judiciary Network Information System (UYAP) is used in all types of criminal proceedings. All data, information, documents, and decisions related to these procedures are processed, recorded, and stored through UYAP. In case of a conflict between an electronically signed document and a manually signed document, the electronically signed document registered in UYAP is considered valid.

  • Actions That Can Be Performed Using a Secured Electronic Signature Without the Presence of a Notary

According to Article 6 of the Regulation on Conducting Notarial Procedures in Electronic Environment, the following actions can be performed on the TNBBS (Turkey Notary Association Information System) with a secured electronic signature, without the need for individuals to be present in front of a notary:

  1. Translation procedures,
  2. Registration procedures,
  3. Determination procedures,
  4. Providing samples,
  5. Book approvals,
  6. Warnings and notices without signature verification.

https://e-hizmet.tnb.org.tr/tespit/public/main.xhtml 

Notarial procedures conducted in an electronic environment can be processed, recorded, stored, and shared with a secured electronic signature.

  • The Legal Responsibilities of the Electronic Certificate Service Provider

In accordance with Article 13 of the Electronic Signature Law, the legal responsibilities of the electronic certificate service provider are as follows:

  • The liability of the electronic certificate service provider towards the electronic certificate holder is subject to general provisions.
  • The electronic certificate service provider is liable to compensate third parties for damages caused by the violation of the provisions of this Law or the regulations issued based on this Law.
  • The electronic certificate service provider is not obliged to pay compensation if it can prove its non-negligence.
  • If the obligation in question is based on the behavior of the individuals it employs, the electronic certificate service provider is also responsible for the damages, and even if the electronic certificate service provider proves that it has taken the necessary care to prevent the damage when selecting its employees, giving instructions related to their work, supervising and monitoring, it cannot be relieved of its liability.
  • Any terms that eliminate or limit the liability of the electronic certificate service provider towards third parties and the qualified electronic signature holder, except for limitations related to the use and material scope of the qualified electronic certificate, are invalid.
  • The electronic certificate service provider is obliged to obtain certificate financial liability insurance to cover damages resulting from its failure to fulfill its obligations arising from this Law.
  • The electronic certificate service provider is obligated to deliver the qualified electronic certificate to the electronic signature holder by insuring it.
  • Loading a Qualified Electronic Certificate onto the Identity Card

According to Article 13/A of the Regulation Amending the Regulation on the Implementation of the Electronic Signature Law, published in the Official Gazette dated October 15, 2021, and numbered 31629, the Electronic Certificate Service Provider (ECSP) can load different electronic certificates that utilize remote qualified electronic certificates and similar infrastructure onto the identity card.

The ECSP can receive pre-applications for the loading of a qualified electronic certificate onto the identity card through their internet page. If the application is deemed suitable, the ECSP can direct the applicant to the location where the loading of the qualified electronic certificate will take place, which includes the Card Access Device (CAD).

The ECSP ensures uninterrupted implementation of the following procedures performed remotely through identity cards, which involve identity verification:

  1. Loading a qualified electronic certificate,
  2. Renewing a qualified electronic certificate,
  3. Revoking a qualified electronic certificate.
  • Criminal Sanctions
  • Use of Signature Creation Data without Consent

In accordance with Article 16 of Law No. 5070 on Electronic Signatures; without the consent of the party;

  • those who obtain, deliver, copy, or recreate signature creation device  or data  in order to create electronic signature 
  • and those who create unauthorized electronic signatures using signature creation devices obtained without permission,

shall be sentenced to imprisonment for a period ranging from one to three years and a judicial fine of no less than fifty days. If the crimes mentioned in the above paragraph are committed by employees of an electronic certificate service provider, these penalties may be increased by up to half.

  • Forgery in Electronic Certificates

In accordance with Article 17 of Law No. 5070 on Electronic Signatures; 

  • those who wholly or partially create fraudulent electronic certificates or
  • who imitate or tamper with validly created electronic certificates, 
  • as well as those who knowingly use such electronic certificates, 

shall be sentenced to imprisonment for a period ranging from two to five years and a judicial fine of no less than one hundred days. 

—————————————————————————————————————————————————–

The copyrights pertaining to these lecture notes and all of their content, including the rights to reproduce, distribute, duplicate, represent, transmit via signals, and publicly communicate through any means of text, sound, and/or visual presentation, are protected by the Turkish Intellectual and Artistic Works Law and related legislation.All these intellectual and moral rights belong to Attorney and Lecturer Ozge EVCI ERALP. These lecture notes cannot be duplicated, published, or used without permission, and they cannot be published on internet websites without obtaining the necessary permissions. Ozge Evci ERALP 2023-2024