Electronic Signature Laws & Regulations - Turkey
The use of electronic and certificate-based digital signatures in Turkey is still evolving. Even though widely used in public services, no one can be obliged to sign a contract electronically. Thus, the option for a handwritten signature should always be open.
The following laws and regulations govern the use of electronic signatures in Turkey:
- Electronic Signature Law No.5070 (“E-Signature Law”);
- Code of Obligations No. 6098;
- Regulation on the Procedures and Principles Pertaining to the Implementation of Electric Signature Law;
- Communiqué on Processes and Technical Criteria Regarding Electronic Signatures;
- Information and Communication Technologies Board’s Decision no.2006/DK-77/353 regarding security requirements for signature creation application and electronic signature format, dated 1 June 2006.
The E-Signature Law distinguishes between “simple” electronic signatures and secure electronic signatures, defining an electronic signature as electronic data which is added to or has a logical link with other electronic data and is used for identity verification purposes. “Electronic data” is defined as all records and data that are generated, carried or stored by electronic, optic or other similar means.
In order to qualify as a secure electronic signature under the E-Signature Law, an electronic signature should:
- be uniquely linked to the signatory;
- be created through means that the signatory can maintain under their sole control;
- be capable of identifying the signatory via qualified electronic certificates;
- enable determination of whether there are any changes to the electronic data signed by electronic signature afterwards.
According to the E-Signature Law, a secure electronic signature has the same legal effect and consequence as a handwritten signature. In contrast, while non-secure electronic signatures are used, they are not granted any admissibility or enforceability presumptions.
In Turkey, when a secure electronic signature is required, an Electronic Certificate Service Provider should be used. The E-Signature Law defines Electronic Certificate Service Providers as public entities or establishments or natural persons or private law legal entities that provide qualified electronic certificates, time-stamping and other services related to secure electronic signatures. In order to satisfy the above requirements, an electronic signature should be certified by:
- an electronic qualified trust services provider established in Turkey; or
- a qualified trust services provider established outside Turkey but whose certificates are accepted by an electronic certificate service provider established in Turkey.
If a secure electronic signature is created using a remote electronic signature creation device, such as for a cloud-based or remote electronic signature, certain requirements apply to Electronic Certificate Service Providers. For example, secure electronic signature creation tools should be at a minimum level EAL4+ according to ISO / IEC 15408 to ensure that:
- the electronic signature creation data they produce is unique;
- the electronic signature formation data recorded on them is never taken out of the tools and confidentiality is maintained;
- the electronic signature formation data recorded on them cannot be retrieved, used by third parties and is protected against electronic signature fraud;
- the data to be signed cannot be changed by any persons other than the signature owners and that such data can be viewed by the signature owners prior to creation of signatures.
Electronic signature forming devices and electronic certificates can only be provided by Electronic Certificate Service Providers certified by the Turkish Information and Communication Technologies Authority. Currently, the Elektronik Sertifika Hizmet Sağlayıcıları (list of authorized electronic certificate providers) includes six authorized certificate service providers in Turkey, four of which are private companies.
In general, there is no restriction in Turkish law that would prohibit the storage and processing of electronic signature data outside of Turkey. However, Turkish data protection law includes rules on data transfers which should be respected when storing and processing personal data.
Transacting with public sector entities
There are no special requirements or restrictions for using secure electronic signatures with government entities. However, the National Judicial Information System allows all litigation processes to be conducted online using secure electronic signatures and many public institutions, such as the Turkish Patent Institute, the Public Procurement Agency and the Radio and Television High Council use secure electronic signatures for day-to-day transactions. Also, E-Government applications and banks enable citizens to benefit from a broader scope of services by using secure electronic signatures directly.
Use cases that require a traditional signature
Under the E-Signature Law, electronic signatures cannot be used for documents and contracts subject to specific form or procedural requirements, and for security agreements except bank guarantees. Under the Turkish Code of Obligations, a secure e-signature as a rule bears all the legal authority of the traditional handwritten signature. However, this article does not mean that every document can be signed with an e-signature. In cases where there are special form requirements, the use of e-signatures is not permitted.
Under the Turkish Commercial Code, commercial deeds such as bills of exchange, bonds, checks, warrants and commercial bills may not be executed through electronic signature. Furthermore, transactions on these commercial deeds such as acceptance, surety and endorsement may not also be made by using a secure electronic signature. Additionally, bill of exchange, ware receipt, warrant or commercial bill and contracts for the sale of real property and deeds, certain contracts under family law, such as marriage contracts, certain contracts under inheritance law, such as wills, IP transfer agreements may not be executed through electronic signature.
Additionally, for certain transactions, Turkish legislation requires an “official form”. An official form refers to signature of the contract by or before an official authority, for example the transactions carried out by a notary public for an official testament (will) and in a land registry for purchase and sale of real estate. Due to practical obstacles, transactions that require “official form” cannot generally be executed through an electronic signature.
Disclaimer: Information on this page is intended to help businesses understand the legal framework of electronic signatures. However, Adobe cannot provide legal advice. You should consult an attorney regarding your specific legal questions. Laws and regulations change frequently, and this information may not be current or accurate. To the maximum extent permitted by law, Adobe provides this material on an "as-is" basis. Adobe disclaims and makes no representation or warranty of any kind with respect to this material, express, implied or statutory, including representations, guarantees or warranties of merchantability, fitness for a particular purpose, or accuracy.