Electronic Signature Regimes An Assessment of the EU and Turkey, Practical Differences and Implications

In an era of accelerating digital transformation, the role of electronic signatures in contractual relations has significantly expanded. However, the recognition and regulation of electronic signatures vary across different legal systems. As a result, there are notable divergences between the European Union (“EU”) and Turkey with respect to the types of electronic signatures and their corresponding legal effects.

This Client Alert aims to shed light on these differences from both a regulatory and practical perspective and highlights key considerations, particularly in relation to sector-specific practices.

1.     Types of Electronic Signatures in the European Union – The eIDAS Regulation

With the objective of ensuring the cross-border validity and security of digital services and transactions, EU introduced the Regulation No. 910/2014, commonly known as the eIDAS Regulation, which entered into force on 23 July 2014. This Regulation constituted a comprehensive legal framework governing electronic identification and trust services across the EU.

The eIDAS Regulation aimed to facilitate the functioning of the European Digital Single Market by ensuring the recognition of electronic signatures, electronic seals, timestamps, and other secure digital tools, particularly in the context of public services and private sector applications. As of 2024, the system has been further expanded with the adoption of the eIDAS 2.0 reform package by the European Commission, which introduces the European Digital Identity Wallet—a mechanism designed to ensure the portability of digital identities at an individual level.

The Regulation classifies electronic signatures into three distinct categories:

1.1 .    Simple Electronic Signature:

A Simple Electronic Signature (SES) refers to electronic data that is logically associated with other electronic data and used by the signatory to sign. It generally comprises of any form of electronic authentication that identifies the signatory, such as ticking a checkbox in an online form, replying to an email with consent or inserting a scanned image of a handwritten signature into a document.
While SES may be admissible as evidence in legal proceedings, its evidentiary weight and legal reliability are often questioned due to the relatively low level of security and authentication involved. Consequently, its enforceability may vary depending on the context and the requirements of applicable national laws.

1.2.     Advanced Electronic Signature:

An Advanced Electronic Signature (AdES) is an electronic signature that is uniquely linked to and capable of identifying the signatory, which is created using electronic signature creation data that the signatory can use under its sole control, and is linked to the signed data in such a way that any subsequent change in the data is detectable.
Although AdES incorporates enhanced security mechanisms, it does not have the same legal effect as a handwritten signature under the eIDAS Regulation unless it is supported by a qualified certificate. In technical terms, AdES is typically created using software solutions based on digital certificates and is often used in transactions requiring a medium level of assurance.

Pursuant to the eIDAS Regulation, an Advanced Electronic Signature must meet the following four cumulative criteria:

• It must be uniquely linked to the signatory;
• It must be capable of identifying the signatory;
• It must be created using electronic signature creation data that is under the sole control of the signatory;
• It must be linked to the data signed therewith in such a way that any subsequent change in the data is detectable.

1.3     Qualified Electronic Signature:

The third and most secure type of electronic signature is the Qualified Electronic Signature (QES). This type of signature can only be created using a Qualified Electronic Signature Certificate issued by a Qualified Trust Service Provider (QTSP) recognized under the eIDAS framework, and must be generated through a Qualified Signature Creation Device (QSCD). Pursuant to Article 25(2) of the eIDAS Regulation, a Qualified Electronic Signature has the same legal effect as a handwritten signature across all Member States of the EU. Accordingly, QES is typically used in formal legal transactions and declarations submitted to public authorities.

Due to its enhanced identity verification features and the highest level of security assurance, the Qualified Electronic Signature is particularly preferred in sensitive and high-risk transactions.

2.     eIDAS 2.0 and the European Digital Identity Wallet

With the enactment of the eIDAS 2.0 framework, a more user-centric and mobile-compatible transformation in digital identity and electronic signature practice has been introduced. In this context, the concept of the European Digital Identity Wallet has been incorporated into the legal system. This digital wallet allows individuals to securely store and manage official documents—such as identity cards, driver’s licenses, academic diplomas, and social security information—in a digital environment, share them with authorized institutions, and execute electronic signatures directly through mobile devices.

Furthermore, eIDAS 2.0 strengthens the legal and technical framework governing remote identity verification systems and facilitates the creation of qualified electronic signatures via mobile platforms. The Regulation also mandates that both public authorities and private entities recognize and accept user identities verified through digital wallets, thereby ensuring a high level of trust and security in digital transactions.

3.     Electronic Signature Regime in Turkey – Law No. 5070 on Electronic Signatures

In Turkey, the legal framework for electronic signatures is governed by Law No. 5070 on Electronic Signatures (“Law No. 5070”), which was published in the Official Gazette dated 23 January 2004 and numbered 25355. This Law exclusively recognizes secure electronic signatures—equivalent to QES under the eIDAS Regulation—but does not provide for a tiered classification of electronic signatures found under eIDAS.

In this regard, it can be said that the Turkish legal regime mirrors the structure of the former EU Electronic Signatures Directive (1999/93/EC), which preceded the eIDAS Regulation.

In addition to the primary legislation, the “Regulation on the Procedures and Principles Regarding the Implementation of the Electronic Signature Law” and various secondary regulations issued by the Information and Communication Technologies Authority (“ICTA”) also constitute important elements of the regulatory framework in Turkey.

3.1     Secure Electronic Signature

Pursuant to Article 4 of Law No. 5070, a Secure Electronic Signature is defined as an electronic signature that:

• Is exclusively linked to the signatory,
• Is created using a secure electronic signature creation device that is solely under the control of the signatory,
• Is based on a qualified electronic certificate that enables the verification of the identity of the signatory, and
• Enables the detection of any subsequent alteration to the signed electronic data.

Under Law No. 5070, legal transactions that are required by law to be executed in an official form or subject to a specific formality—such as bank letters of guarantee and surety bonds issued by insurance companies—may not be executed using a secure electronic signature.

Electronic signatures may only be generated using certificates issued by Electronic Certificate Service Providers (ECSPs) that are authorized by the Information and Communication Technologies Authority.

3.2.    Electronic Certificate Service Providers

Article 8 of Law No. 5070 defines an Electronic Certificate Service Provider as a public institution or organization, or a natural or private legal person, that provides services related to electronic certificates, timestamps, and electronic signatures.

Technically, electronic signatures created with ICTA-approved qualified certificates meet the criteria of a Qualified Electronic Signature under the eIDAS framework. As such, they carry the same legal effect as handwritten signatures and are deemed valid legally valid, subject to certain limitations.

The principal ECSPs authorized in Turkey are listes under ICTA’s official website.

 3.3 .    Mobile Electronic Signature

A mobile electronic signature can be defined as an electronic signature created using a mobile device. The sole distinction between a mobile electronic signature and an electronic signature lies in the utilization of a SIM card, embedded within a mobile device, as the means of generating electronic signature. As the legislation pertaining to electronic signatures also encompasses mobile electronic signatures, a mobile electronic signature enjoys the same legal validity as a secure electronic signature in the electronic environment.

3.4.     Status of Other Types of Signatures under eIDAS in Turkish Law

Since Simple Electronic Signatures and Advanced Electronic Signatures are not separately defined under Turkish legislation, these types of signatures are not considered secure electronic signatures within the meaning of Law No. 5070. Accordingly, their relevance lies not in their legal validity per se, but rather in their treatment under the rules of evidence.

For example, signatures affixed using foreign-origin electronic signature services such as DocuSign are not regarded as “secure electronic signatures” under Turkish law, and thus do not constitute valid electronic signatures within the scope of Law No. 5070. As a result, documents signed via DocuSign are not deemed equivalent to wet-ink signed documents (hard copy instruments) before Turkish courts and may not carry the same evidentiary weight.

Electronic signatures generated through third-party digital signature solutions such as DocuSign are therefore treated, under Turkish procedural law, as Simple Electronic Signatures, the evidentiary value of which is subject to the discretion of the judge.

4.     Sectoral Practices and Click-Through Models 

4.1.   Contract Formation through Click-Through Mechanisms

Under Turkish law, pursuant to the principle of freedom of contract, agreements may be validly concluded through any method that reflects the clear and mutual intention of the parties. Particularly in certain regulated sectors, distance contracts may be formed via electronic means. In this model, the user indicates acceptance of a contract or document by clicking a button labeled, for instance, “I Accept,” “Confirm,” or “Proceed.” In other words, the declaration of intent is made unilaterally via a click, without the need for a physical or qualified digital signature.

The following sectors illustrate the use of such mechanisms:

• Banking Sector: In accordance with the regulations of the Banking Regulation and Supervision Agency (BDDK), contract formation through digital banking channels is permitted using secure identity verification methods.
• Capital Markets: The Capital Markets Board (SPK) regulations allow for the execution of investment services agreements in digital environments.
• Financial Institutions / Fintech Companies: In digital client onboarding processes, contracts may be validly established through click-through methods, provided that applicable identification requirements are met.
• Telecommunications Sector: The ICTA recognizes the legal validity of signatures captured via specially equipped tablets. Online subscription agreements may be concluded through secure identity authentication processes.

5.     Legal Implications of Electronic Signatures – Validity and Evidentiary Value 

5.1.   Validity in Terms of Contract Formation

Under the Turkish Code of Obligations, the principle of freedom of contract prevails. Accordingly, contracts executed by means of electronic signatures are, in principle, considered legally valid for all transactions that are not subject to a formal written form requirement under the law.

5.2.        Evidentiary Value 

5.2.1.     Secure Electronic Signature (Qualified Electronic Signature):

Pursuant to Article 205 of the Turkish Code of Civil Procedure (HMK), documents signed with a secure electronic signature qualify as written private documents and constitute full evidence in legal proceedings without the need for notarization.
A document signed with a secure electronic signature has the same legal effect and evidentiary value as a wet-ink signature.

5.2.2.     Other Electronic Signatures / Click-Through Methods:

Under Turkish law, electronic signatures other than secure electronic signatures—such as simple or advanced electronic signatures, including click-through acceptances—may be admissible as evidence, particularly where the identity of the signatory can be established and the transaction record is securely maintained. However, pursuant to Article 202 of the Turkish Code of Civil Procedure, such signatures are generally regarded initial proof. They may be used as evidence, but if explicitly contested by the counterparty, additional supporting evidence (e.g., witness testimony, system logs, digital records) will be required to substantiate the claim.

In the EU, the signatures mentioned in the above paragraph are typically categorized as Simple Electronic Signatures under the eIDAS Regulation. Nevertheless, for transactions requiring high security, Advanced Electronic Signatures or Qualified Electronic Signatures are preferred due to their enhanced legal certainty and security standards.