TR 
EN 
The Ministry of Interior of Turkey has recently issued Regulation on Identity Verification System for National Identity Cards (“Regulation”) which entered into force on October 22, 2020. Accordingly, the electronic identity verification system (“EKDS”) which enables national identity cards to be used in transactions relating to electronic identity verification has been introduced. The Regulation establishes certain provisions relating to the authorized bodies in establishing EKDS and certification process correspondingly.
The General Directorate of Civil Registration and Citizenship (“General Directorate”) is authorized to establish EKDS management infrastructure for inspection, evaluation, and authorization process, with the approval of the Ministry of Interior. The General Directorate announces the names of authorized electronic certification service providers via its official website. Electronic certification service providers are responsible for issuing and granting certain certificates and ensuring security until those certificates are granted.
Further Details on Identity Verification Service Providers
The Regulation requires public or private legal entities intending to become identity verification service provider to meet the following conditions:
– Holding TS EN ISO / IEC 27001 Information Security Management System certificate,
– Documenting its compliance with the standards determined by Turkish Standards Institution (“TSE”) regarding EKDS,
– Signing a letter of undertaking covering the administrative and technical measures to be taken for the security and maintenance of the EKDS.
Applications to become identity verification service provider are finalized by the EKDS Evaluation Commission within three months and submitted to the Ministry of Interior for approval.
It also brings out certain obligations to the identity verification service providers including sharing the list of card access devices approved for verification with the General Directorate, limiting its service with the list shared and drafting annual reports to be submitted to the General Directorate.
Data Localization
Identity verification service providers are required to take necessary measures to store any data and certification of verification and signature regarding EKDS in Turkey. Furthermore, data of verification and signature belonging to identity verification service providers shall remain valid up to ten years.
Ezgi Ceren Aydoğmuş
