Turkey: A Comparison Of The Legal Use Of Electronic Signatures

A Comparison Of The Legal Use Of Electronic Signatures In The U.S.A. And In Turk
Last Updated: 23 July 2013
Article by Darius Alam

In response to the rapid growth of electronic commerce, as well as the wide-spread use of email, fax, and online resources in the negotiation of contracts, the United States Congress enacted ESIGN in 2000 (Electronic Signatures in Global and National Commerce Act, 15 U.S.C. §§ 7001 – 7006, (2012)). The same changes caused the Türkiye Büyük Millet Meclisi (Turkish Parliament) to enact the 'Elektronik İmza Kanunu' (Electronic Signatures Law - EIK) in 2004. See Elektronik İmza Kanunu, Law No: 5070, Published in the Official Gazette on 14 Oct. 2004, No. 253551, adopted 15 Jan. 2004.

Significant differences exist between these two statutes in terms of scope, security, and fields of application. ESIGN in essence provides that electronic signatures and contracts do not fail to meet the requirements of the Statute of Frauds simply by being electronic. EIK on the other hand provides technical specifications, regulations, and guidelines for ensuring the authenticity of electronic signatures. ESIGN follows a barebones approach that relies on existing law to ensure authenticity and security, while EIK follows a technology-specific approach similar to the "Digital Signatures" statutes proposed in the United States in the 1990s.

U.S.A. - ESIGN's Barebones Approach to Electronic Signatures

The purpose of the U.S. Congress in enacting ESIGN was to ensure that contracts would not be unenforceable simply because they were agreed to electronically, not to create new substantive contract law. ESIGN provides, "a signature, contract, or other record relating to such transaction may not be denied legal effect, validity, or enforceability solely because it is in electronic form." 15 U.S.C. § 7001(a)(1).

Under ESIGN, electronic signatures can be used for many agreements entered into electronically or involving negotiation over electronic media, however, there are a variety of exceptions. These exceptions include contracts or records regarding wills, codices, testamentary trusts, divorce or other matters of family law, and those that fall under the Uniform Commercial Code, as in effect in any State, other than sections 1-107 and 1-206 and Articles 2 and 2a. 15 U.S.C. § 7003(a). Further exceptions include court orders and notices, recall or transportation of hazardous products, cancelation or termination of utility services, health insurance and life insurance benefits (excluding annuities), and default, acceleration, repossession, foreclosure, eviction, or the right to cure, under a credit agreement secured by, or rental agreement for, the primary residence of an individual. 15 U.S.C. § 7003(b).

However, while ESIGN provides that signatures are not unenforceable solely on the basis of being electronic, it also provides that there is no requirement that anyone, aside from government agencies, use or accept electronic signatures. 15 U.S.C. § 7001(b)(2). In Prudential Ins. Co. of Am. v. Prusky, the court refused to grant a declaratory judgment stating that an insurer violated ESIGN by refusing to accept premium investment transfers by fax or electronically because of the exception in 15 U.S.C. § 7001(b)(2). See 413 F.Supp.2d 489, 494 (E.D. Pa. 2005). ESIGN further provides that a business acquire consumer consent before it substitutes an electronic notice or transaction for one the law requires to be written. 15 U.S.C. § 7001(c).

ESIGN does not establish extensive security guidelines to ensure that the signature is authentic. Indeed, it goes further and prevents states from "require[-ing], or accord[ing] greater legal status or effect to the implementation or application of a specific technology or technical specification for performing the functions of creating, storing, generating, receiving, communicating, or authenticating electronic records or electronic signatures." 15 U.S.C. § 7001(a)(2)(A)(ii).

Accordingly, by simply providing that electronic communications are a writing for purposes of the Statute of Frauds, ESIGN in effect places the burden on the party accepting the signature to determine whether or not the signature indicates acceptance of the agreement. See Marianne Menna, Comment, From Jamestown to the Silicon Valley, Pioneering a Lawless Frontier: The Electronic Signatures in Global and National Commerce Act, 6 VA. J.L. & TECH. 12, 19 (2001).

However, relevant statutes and common law still apply to electronic signatures under ESIGN. This existing body of law provides the mechanism for ensuring that the electronic signature is a valid expression of assent to the terms of an agreement. ESIGN provides that an electronic signature can satisfy the Statute of Frauds but it does not say that it automatically makes an agreement enforceable. Therefore ESIGN does not, "limit, alter, or otherwise affect any requirement imposed by a statute, regulation, or rule of law relating to the rights and obligations of persons under such statute, regulation, or rule of law other than a requirement that contracts or other records be written, signed, or in non-electronic form." 15 USC § 7001(b)(1).

In Sawyer v. Mills, the Supreme Court of Kentucky held that a recording of another party verbally agreeing to the terms of an agreement taken without his notice did not make the agreement enforceable, as surreptitiously recorded audio, even if considered to be an electronic signature under 15 U.S.C. § 7001, is "tantamount to forgery." See 295 S.W.3d 79, 88 (Ky. 2009). In In Re Cafeteria Operators, the court held that while emails could constitute an electronic signature under ESIGN, it was still necessary for them to fulfill the other requirements of contract law, i.e., to indicate willing acceptance of an agreement. See 299 B.R. 411, 417-18 (Bankr. N.D. Tex. 2003). In Cafeteria Operators, the emails did not indicate a "meeting of the minds" and therefore no contract was formed. See 299 B.R. at 418. In Hugh Symons Group, PLC v. Motorola, Inc., the Fifth Circuit Court of Appeals held that while an email could satisfy the requirements of the Statute of Frauds under ESIGN, the email in question did not because it did not express a final agreement but rather an invitation to continue negotiations. See 292 F.3d 466, 469-70 (5th Cir. 2002).

The courts have so far broadly constructed what constitutes an electronic signature under ESIGN. ESIGN states that, "the term 'electronic signature' means an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record." 15 U.S.C. § 7006. In Campbell v. General Dynamics, the First Circuit Court of Appeals held that an email, even one unsigned, could function as an electronic signature for the purposes of ESIGN. See 407 F.3d 546, 556 (1st Cir. 2005). In Specht v. Netscape Communications Corp., the Second Circuit Court of Appeals held that clicking on a "Yes" box indicating acceptance of the license terms in an end user license agreement (EULA) constituted an electronic signature under ESIGN. See 306 F.3d 17, 27 (2d Cir. 2002).

ESIGN is further complicated by the existence of a preemption clause that allows for state legislation to control in certain situations. 15 U.S.C. § 7002(a). This clause contemplates three scenarios: 1) the state has adopted the uniform version of the Uniform Electronic Transactions Act (UETA); 2) the state has adopted a modified version of UETA; and 3) the state has adopted some other electronic signatures legislation. 15 U.S.C. § 7002(a); 15B Am. Jur. 2d Computers and the Internet § 146; Mike Watson, Comment, E-Commerce and E-Law; Is Everything E-Okay? Analysis of the Electronic Signatures in Global and National Commerce Act, 53 BAYLOR L. REV. 803, 839 (2001).

If a state has adopted the uniform version of UETA, then UETA will apply. 15 U.S.C. § 7002(a)(1). This is not problematic, as ESIGN contains the same language and provisions regarding electronic signatures as UETA. See Watson, supra at 838-39.

However, if a state has either adopted a modified version of UETA or different legislation, the test under Section 7002(a)(2) of ESIGN will apply to determine whether the state law is preempted. 15 U.S.C. § 7002(a)(2). The test requires that the state law contain provisions consistent with ESIGN for use of electronic signatures, that the state law contain no requirements for a specific type of technology or security device, and lastly that any State law passed after the adoption of ESIGN reference ESIGN. 15 U.S.C. § 7002(a)(2).

Turkey - EIK's Technology Specific, Security-centered Approach to Electronic Signatures

In contrast to ESIGN, EIK addresses the security of electronic signatures in depth through imposing liability on Digital Certificate Service Providers (hereinafter Providers) and through detailing the technical requirements for an electronic signature to be secure enough to be valid. EIK's focus on security and authentication creates a new framework for electronic signatures rather than relying heavily on existing contract law as ESIGN does. EIK conforms to European standards through Turkish involvement in CEN (European Community For Standardization).

Art. 5 of EIK provides that "a secured electronic signature has the same effect as a handwritten signature." Therefore, agreements signed with non-secured electronic signatures are not enforceable under EIK.

EIK defines a secured electronic signature as, "a signature which a) is connected exclusively to the signatory; b) is generated by a tool to create a secure electronic signature only at the discretion of the signatory; c) allows for the detection of the signatory through a digital certificate; and d) allows for the detection of any subsequent changes to the signed electronic data." EIK Art. 4. EIK also defines a digital certificate as, "an electronic registration linking data of the signatory verifying the signature to the signatory's identification information." EIK Art. 1.

EIK further requires the presence of a time stamp in the electronic signature. EIK Art. 3, Para. f. A time stamp is defined as, "a registration verified by the digital certificate service provider for the purpose of identifying the time that the electronic data was produced, changed, sent, received or recorded." EIK Art. 3, Para. f.

EIK's system not only provides technical specifications for the enforceability of electronic signatures, but provides a requirement for ensuring the authenticity of the signature through the digital certificate requirement. Digital certificates must themselves reach a minimum level of security and provide for authentication and verification in order to be "qualified digital certificates." Non-qualified digital certificates cannot be used in the electronic signature process, and there are ten conditions for a digital certificate to be a qualified digital certificate. EIK Art. 9. They include that the certificate must contain, "data to verify the signature corresponding to the data generating the signature" (EIK Art. 9, Para. d), "identification information to be able to determine the Signatory" (EIK Art. 9, Para. c), and "identification information for any separate person acting on behalf of the Certificate holder, if necessary" (EIK Art. 9, Para. 5), and the certificate's serial number (EIK Art. 9, Para. f).

The Bilgi Teknolojileri ve İletişim Kurumu (Information and Communications Technologies Authority – BTIK), then called the Telekomünikasyon Kurumu (Telecommunications Authority - TK), the administrative agency empowered to regulate this field under EIK Art. 3, Para. j, issued a regulation in 2007 further defining the technical process for issuance of a valid qualified digital certificate. This regulation, entitled "Nitelikli Elektronik Sertifika, SİL ve OCSP İstek/Cevap Mesajları Profilleri" [Qualified Digital Certificate, SIL (Certificate Cancellation List), and OCSP (Online Certificate Status Protocol) Request/Response Message Profiles], ensures that qualified digital certificates comply with European norms and standards. See Bilgi Teknolojileri ve İletişim Kurumu, Decision No.: 2006/DK-77/207, Date: 18 Apr 2007.

The regulation clarifies that qualified digital certificates comply with ETSI (European Telecommunications Standards Institute) profiles, namely the ETSI TS 101 862 Certificate Profile. BTIK 2006/DK-77/207, Annex, Art. 4. The regulation further provides that, "the keys of certificates given must be compatible with the size of the key and algorithm found in communiqué 3" [a public key authentication protocol]. BTIK 2006/DK-77/207, Annex, Art. 4.1.5.

The public key architecture must comply with the international standard RFC 3739 Internet X.509 Public Key Infrastructure: Qualified Certificates Profile. BTIK 2006/DK-77/207, Annex, Art. 9.[4]. The regulation also provides in-depth technical guidelines for the generation and use of additions to the public key so that modifications will be supported but conform to CEN standards. BTIK 2006/DK-77/207, Annex, Art. 4.2. There are also similar guidelines for the cancellation of an electronic signature, including a requirement for compliance of the cancellation algorithm with CEN standards. BTIK 2006/DK-77/207, Annex, Art. 6; 6.1.2. This regulation not only ensures that Turkish electronic signatures comply with European standards, but provides a high level of security for the digital certificate. BTIK 2006/DK-77/207, Annex, Art. 1; See generally TK 2006/DK-77/207 incl. Annex.

BTIK also issued a 2006 decision further clarifying the security requirements for the electronic signature generation and verification process. BTIK set forth formats that meet the requirements for electronic signatures under EIK in its decision on "Procedures and Basis Regarding the Formats of Secured Electronic Signatures and Applications for Secured Electronic Signature Generation and Verification." Bilgi Teknolojileri ve İletişim Kurumu, Decision No.: 2006/DK-77/353, Date: 01 Jun 2006. BTIK stipulated that Providers should ensure that the electronic signature generation processes and signed electronic data conform to CWA 14170 (Security Requirements for Signature Creation Applications) set forth by CEN within six months. BTIK 2006/DK-77/353, Art. 1. BTIK recommended the ETSI TS 101 733 or ETSI TS 101 901 formats. TK 2006/DK-77/353, Art. 2. This decision keeps electronic signature law in Turkey in compliance with European norms. See BTIK 2006/DK-77/353.

In addition to laying out the technical specifications for a valid electronic signature, EIK imposes liability on Providers. EIK Art. 13. EIK defines 'Providers' broadly as "public institutions and establishments, and natural or private legal persons who provide services related to electronic signatures, time stamps, and digital certificates. EIK Art. 8. Providers are liable to users of digital certificates under existing principles of liability. EIK Art. 13. Providers are also liable to third parties for damages arising from the breach of the provisions of this law. EIK Art. 13.

Foreign Providers can also provide digital certificates for use in Turkey, however, liability then extends to the Providers in Turkey who accept such digital certificates. EIK Art. 14. EIK provides, "Where digital certificates given by a digital certificate service provider situated in a foreign country are accepted by a digital certificate service provider in Turkey, said digital certificates are considered qualified digital certificates. The digital certificate service provider in Turkey is liable for losses arising as a result of using these digital certificates." EIK Art. 14. Providers must also take out insurance policies against damages arising from the law, or to fulfill their obligations under the law. EIK Art. 13.

Aside from EIK, the Turkish Government has put in place e-Devlet (e-State), a web-based service that allows citizens to access necessary data, documents, and records and report issues and submit documents securely online. This platform functions as a sort of electronic signature for the purposes of dealing with government organizations (similar to the functions contemplated in ESIGN in 15 U.S.C. § 7001(b)(2)). See 15 U.S.C. § 7001(b)(2); Elektronik Haberleşme Kanunu (Electronic Communications Law - EHK), Law No.: 5809, Art. 67, Para. b, Published in the Official Gazette on 10 Nov 2008, Adopted on 5 Nov 2008; Bakanlar Kurulu Kararı (Decision of the Council of Ministers - BKK), e-Devlet Kapısının Kurulması, İşletmesi ve Yönetilmesine İlişkin Karar (Decision Regarding the Establishment, Operation, and Management of the E-State Portal), Decision No.: 2006/10316, Date: 24 March 2006.

The authority to establish e-Devlet was given in EHK, and provides that a level of security be established for accessing these services through provision of an electronic identification number, used in conjunction with the official identification number. See "e-Devlet," https://giris.turkiye.gov.tr/Giris/, Accessed on 09 Jul 2013.

The system is run by the state-owned company Türksat Uydu Haberleşme Kablo TV ve İşletme, A.Ş. (Turksat), which is responsible for maintaining adequate security. See "e-Devlet," https://giris.turkiye.gov.tr/Giris/, Accessed on 09 Jul 2013; T.C. Başbakanlık (Office of the Prime Minister of the Republic of Turkey), E-Devlet ve Bilgi Toplumu Kanun Tasarısı Taslağı (Proposed Legislation for the Law for E-Devlet and Information Society) Art. 20 "Identity Verification and Authorization."

In their decision establishing and providing for e-Devlet, the Council of Ministers stated that the security of the system is a goal of the project. BKK 2006/10316. The system also allows for the use of an electronic signature for use of government services and information in accordance with EIK. See "e-Devlet," https://giris.turkiye.gov.tr/Giris/, Accessed on 09 Jul 2013.


Perhaps because of its more detailed and technical nature and the imposition of liability on Providers, EIK allows for electronic signatures in far more areas than ESIGN does. EIK allows for secured electronic signatures to have the same effect as written signatures in all areas except for surety agreements and in those relatively few legal transactions subject to an official form or some other essential formality that has to take place on paper (e.g., incorporation of a company). EIK Art. 5. However, the ability to use electronic signatures in more applications under EIK comes with greater costs, both monetary and regulatory, to ensure the security and authenticity of the electronic signature.

ESIGN, on the other hand, makes contract formation through electronic media easier in the areas in which it is allowed. Because of the courts' broad construction of the definition of an electronic signature, as well as the broad statutory language, it allows contracts to be formed electronically through emails, electronic forms, and even audio recordings. There is no need for a separate technological system to create and verify an electronic signature as in EIK. This is in line with how people use modern technology, where an email or clicking a box is often an assent to the terms of the agreement. However, it is conceivable that relying on the existing body of contract law could result in comparatively more litigation than under EIK, where it is clear whether or not an electronic signature satisfies the detailed technical requirements.

Furthermore, the barebones approach of ESIGN leaves many areas of law where electronic signatures would not be enforceable. Both systems allow for the use of electronic signatures in online government services. See 15 U.S.C. § 7001(b)(2); EHK Art. 67, Para. b.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Some comments from our readers…
“The articles are extremely timely and highly applicable”
“I often find critical information not available elsewhere”
“As in-house counsel, Mondaq’s service is of great value”

Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement

Mondaq.com (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of www.mondaq.com

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about Mondaq.com’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.


Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.


Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to unsubscribe@mondaq.com with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.


A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.


If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.


This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to webmaster@mondaq.com.

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to EditorialAdvisor@mondaq.com.

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at enquiries@mondaq.com.

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at problems@mondaq.com and we will use commercially reasonable efforts to determine and correct the problem promptly.