Regulation Amending the Regulation regarding the Procedures and Principles on Implementation of the Law on the Electronic Signature (“Amendment Regulation”) issued by the Information and Technologies Authority (“ICTA”) has been published on 15 October 2021, in Official Gazette numbered 31629 and entered into force of even date. The amendment regulation aims to regulate the procedures and principles regarding the installation of qualified electronic certificates to the identity card.
Notable provisions of the Amendment Regulation include:
- Amendment Regulation was amended in line with Regulation on Republic of Turkey Identity Card Electronic Identity Verification System (“Identity Verification Regulation”) which was published in Official Gazette dated 22 October 2020 and numbered 31282.
- According to the provisions of the Identity Verification Regulation, if the identity of the person is verified electronically, the condition of being present in person may not be required.
- Amendment Regulation provides new provisions on the process of qualified electronic certificate installation to the identity cards as well as their renewal and annulation.
- As per the Amendment Regulation, the electronic certificate service provider (“ECSP”) is entitled to remotely install qualified electronic certificates or different electronic certificates using similar infrastructures in identity cards. Accordingly, ECSP should take all necessary software and hardware measures to ensure secure communication and to prevent private keys from leaving the device and data leakage. It should be ensured that all components used during secure communication are kept within the borders of the Republic of Turkey.
- ECSP is entitled to make an application to obtain a role and to secure the communication certificate.
- ECSP is obliged to provide necessary information and documentation to the ICTA about the card access device to be used while remotely installing, renewing or annulling qualified electronic certificates in identity cards.
- ECSP is obliged to store all data related to remote qualified electronic certificate management through identity cards, including information on the timing of these transactions and the appointed personnel, for a minimum of 20 years by ensuring the security, confidentiality and integrity.
The full text of the Amendment Regulation is available at this link. (Only available in Turkish)
