THE KEY TO SECURITY IN THE DIGITAL WORLD: ELECTRONIC SIGNATURE
1. Introduction
With the advancement of technology, communication and transactions have moved to the digital environment, and the concept of electronic signature (‘e-signature’) has emerged as a natural result of this process. In order to determine the legal nature of transactions carried out in the electronic environment and to ensure their validity, the Electronic Signature Law No. 5070 (‘EİK’) was adopted and entered into force in our country.
2. Definition of E-Signature
There are multiple definitions of e-signature in national and international regulations. In this context,
- the EIS defines e-signature as ‘electronic data added to or logically linked to another electronic data and used for the purpose of authentication.’
- The Electronic Commerce Coordination Board (ETKK) defines e-signature as ‘a set of letters, characters or symbols that guarantees, by electronic or similar means, that information has been transmitted in an environment closed to third parties, without its integrity being compromised and with the identities of the parties being verified.’ [1]
- The European Union’s Directive 1999/93, Article 2, also defines ‘electronic signature’ as ‘an electronic form of data which is logically linked to other electronic data to which it relates and which is created, using an authentication method, with the intention of creating a legal obligation for the signatory.’ [2]
Within the scope of all this information, an e-signature can be defined as an electronic authentication method consisting of letters, characters or symbols that enables information to be transmitted in an environment closed to third parties, without its integrity being compromised and with the identities of the parties being verified. Within this scope, it is possible to determine that an electronically signed document was created by the e-signature holder, and the approval given in the digital environment is secured.
3. Regulations in Turkey
The EIS was adopted on 15 January 2004 and entered into force on 23 July 2004. With this law, it was determined that e-signatures have the same legal validity as wet signatures, and the principles for the use of secure e-signatures were established. Additionally, the introduction of the Electronic Certificate Service Providers system has enhanced the reliability of e-signatures.
In 2011, with the amendments made to the Notification Law No. 7201, public institutions and private legal entities transitioned to the electronic notification (‘e-notification’) system. Furthermore, the Regulation on Procedures and Principles for Official Correspondence has expanded the use of electronic signatures among public institutions.
The Registered Electronic Mail (‘KEP’) system, which came into force in 2013, has given legal evidence status to official correspondence conducted electronically, and this system has provided significant convenience, especially in commercial and legal transactions, where there is an increasing need for electronic documentation.
The more active use of e-signatures in commercial life has also brought innovations in tax legislation. In 2015 and thereafter, the Revenue Administration (‘GİB’) made applications such as e-invoicing, e-archiving and e-ledgers mandatory; the use of financial seals or e-signatures was made mandatory in these applications, thereby ensuring digitisation in tax audits.
In recent years, e-signature systems supported by new technologies such as mobile signatures and biometric identity verification have been developed. With the amendments made to the EİK in 2022 and thereafter, the use of remote identity verification and e-signatures has been widespread in areas such as e-Government and banking. In our country, digital identity and secure e-signature applications continue to be developed in compliance with the European Union Electronic Identification Authentication and Trust Services Regulation (‘eIDAS’).
4. Types of E-Signatures in Turkey
- Simple E-Signature: A simple e-signature only has the function of protecting the integrity of the data. It is extremely practical to use and is carried out by transferring a signature previously created in a physical environment to a digital environment via a scanner. During this process, the signature is integrated into electronic documents while data integrity is protected and no corruption occurs.
- Advanced E-Signature: Advanced e-signature has a structure that includes additional security elements compared to simple e-signature. In addition to protecting the integrity of the data, it also verifies the identity of the signer, thereby increasing reliability. Additionally, it includes mechanisms to prevent identity fraud and fraud, thereby elevating the legal and technical security of transactions conducted in electronic environments to the highest level.
- Secure Electronic Signature: Secure e-signature stands out as the most comprehensive and reliable method compared to other types of e-signature. Certain technical and legal regulations must be complied with in order to use this type of signature. Secure e-signature can only be created through qualified electronic certificates issued by certificate service providers authorised by the state. Secure e-signature includes all the elements of advanced e-signature, is based on qualified electronic certificates, and is created using secure signature creation tools. In the EİK currently in force in Turkey, the term ‘secure electronic signature’ has been adopted instead of ‘qualified electronic signature,’ and no distinction is made between advanced e-signature and secure e-signature. Article 4 of the EİK clearly sets out the basic elements that a secure e-signature must possess.
- Mobile Signature: Mobile signature is a type of e-signature that enables individuals to authenticate their identity and perform transactions in electronic environments using their mobile phones and SIM cards. It is easy to use and offers secure and fast transactions. It is widely preferred in banking and e-government services.
5. Legal Validity of Electronic Signatures
Under the law of obligations, as a general rule, a signature must be handwritten by the person entering into the obligation. However, under Article 15 of the Turkish Code of Obligations (‘TBK’), secure electronic signatures are recognised as having the same legal value as handwritten signatures. Additionally, the provision in Article 5 of the EİK states: ‘A secure electronic signature has the same legal effect as a handwritten signature.’
However, it should be noted that not all e-signatures produce the same legal effects. For an e-signature to have the same legal validity as a handwritten signature, it must possess the characteristics of a secure e-signature. This is because the reliable, widespread, and legally accepted method among e-signature types is the secure electronic signature. The EİK provides a definition of secure e-signatures based on their characteristics. According to Article 4 of the EİK, ‘It is an electronic signature that is linked to and under the control of the signatory, produced by a secure signature creation device, based on a qualified electronic certificate that enables identification, and enables the detection of subsequent changes to the signed electronic data.’
6. Methods of Obtaining E-Signatures
According to Article 3/c of the EİK, the use of e-signatures is limited to natural persons. However, natural persons may use e-signatures on behalf of legal entities. Natural persons must enter into a contract with a certificate service provider company to obtain an e-signature. Under this contract, certificate providers generate the signature key pair and deliver it to the signatory, and publicly announce through a qualified certificate that the public key corresponding to the private key belongs to the signatory. A qualified electronic certificate is issued by the certificate provider based on official documents and is issued exclusively to the signatory.
Individuals wishing to apply for an e-signature must present one of the following identity documents during the application process: a national identity card, driver’s licence, or passport containing their Turkish ID number. Additionally, the applicant must sign the Qualified Electronic Certificate Undertaking and complete the application form in full.
Individuals wishing to apply for a corporate e-signature must first obtain a Commercial Registry Certificate issued by the Trade Registry Office within the last 6 months. In addition, one of the identity documents containing the applicant’s Turkish ID number, such as a national ID card, passport or driver’s license, must also be included among the required documents. Furthermore, the application must be accompanied by a signature circular or signature declaration, a Qualified Electronic Certificate Undertaking, and the e-signature application form. The e-signature application can be submitted with these documents.
7. Areas of Use for E-Signature
In private law, secure e-signatures can be used in contracts that require written form. The parties to the contract are required to sign when they assume an obligation. If the contract imposes an obligation on both parties, both parties must sign the text and send it to the other party for the contract to be completed.[3]
According to Articles 205/2 and 3 of the Code of Civil Procedure No. 6100 (‘HMK’), an electronic data document created with a secure e-signature has the same legal effect as a written document. The judge reviews the e-signed documents submitted to the court to determine whether they were created with a secure e-signature. This review may require an expert opinion or report. Under the EİK and secondary regulations, it has been determined that an e-signature has the same legal effect as a handwritten signature and is accepted as conclusive evidence.
Electronic signatures are widely used in e-government applications to ensure that public services are provided more quickly and efficiently. For example, pursuant to Article 445 of the HMK, lawsuits can be filed, fees can be paid, and files can be reviewed through the National Judiciary Network Project (‘UYAP’) using secure electronic signatures.
With the advancement of technology, public transactions have been transferred to the electronic environment, and e-signature continues to be valid in a wide range of areas such as e-government applications, Electronic Document Management Systems (EBYS, DYS, etc.), the Electronic Public Procurement Platform (EKAP), UYAP, KEP, e-invoice, the Central Registry System (MERSİS), health applications, electronic payroll submissions for personnel, bank and payment instructions, application processes, e-document and reconciliation processes, and other areas.
8. Areas Where E-Signatures Are Not Valid
Contracts subject to formal requirements, such as real estate sales contracts, cannot be established with a secure e-signature. Similarly, legal transactions subject to special ceremonies, such as marriage contracts, cannot be conducted in this manner. Additionally, a secure e-signature cannot be used to establish a formal will or a handwritten will.
While the initial version of the EİK stipulated that all guarantee contracts could not be executed with a secure e-signature, the EİK was amended by Article 45 of Law No. 6728 dated 15 July 2016, thereby enabling bank guarantee letters to be executed with a secure e-signature. Currently, secure electronic signatures may be used in contracts subject to written form, but they cannot be used in the establishment of contracts subject to formal requirements or in legal transactions requiring special ceremonies. Additionally, guarantee contracts other than bank guarantee letters cannot be established using secure electronic signatures.
Additionally, the Turkish Commercial Code No. 6102, Article 1526, stipulates that bills of exchange, which are commonly encountered in many areas of daily life, cannot be issued with an e-signature. According to the regulation, bills of exchange, promissory notes, cheques, receipts, warrants, and other documents similar to bills of exchange cannot be drawn up with a secure electronic signature. Transactions such as acceptance, endorsement, and transfer on such documents also cannot be performed with a secure e-signature.
9. Advantages of Using E-Signatures
- Legal Security: E-signatures are legal substitutes for handwritten signatures. According to Articles 6/b and c of the EIS, the confidentiality of signature data must be protected and not accessible to third parties. A secure e-signature must be made with a system that prevents the forgery of signatures and protects personal information. Additionally, the signatory must protect their password.[5]
- Data Integrity: A secure e-signature guarantees that the data has not been altered since it was sent. Even the slightest change renders the signature invalid. A secure e-signature encrypts the entire text and ensures that any changes can be easily detected.[6]
- Non-repudiation: Data sent with a secure e-signature cannot be repudiated by either the sender or the recipient. This can be achieved through a number of technical measures. According to Article 7 of the EİK, the tools used to verify a secure e-signature must provide the data used in the verification process to the verifier without any changes. Therefore, if the data we have listed can be verified reliably, the non-repudiation of the signature is also ensured. [7]
- Time Saving: E-signature processes are much faster than physical signature processes and can be completed independently of location. Digital files can be stored more easily, reducing paper waste.
- Low Cost: E-signatures are generally completed much faster and at a lower cost than handwritten signature processes carried out by post. Digitisation optimises contract workflows while reducing printing and postage costs.
[1] )Altınışık, p. 78.
[2] İnci Biçkin, ‘Electronic Signature and Legal Regulations Related to Electronic Signature,’ TBB Journal, Issue 63, 2006.
[3] Kocayusufpașoğlu/Hatemı/Serozan/Arpacı, p. 282; Eren, p. 296 et seq.; Reisoğlu, p. 90.
[4] Yardım, p. 105; Erturgut, p. 67; Örer, p. 86; Özbek, p. 2260; Yılmaz, p. 3476; For a different assessment, see Yardım, p. 115 et seq.; Yardım (Signature Denial), p. 107.
[5] Özbek, p. 2253
[6] RUSSMAAN, p. 346; ORER, p. 50; For technical information on encryption and signature formation, see SÖZER, p. 123 et seq.
[7] İnönü University Law Faculty Journal (İnÜHFD), 12(2): 539-556 (2021), article titled ‘Rights and Obligations of Secure Electronic Signature Holders,’ p. 539.
