e-Correspondence Project is the system that provides the flow of official documents between public institutions and organizations. The system allows the digital creation of documents in the sending institution and opening them in the receiving institution. The package that contains the official letter to be transmitted between the institutions is called the e-Correspondence Package (ECP). ECP allows one or more components to be signed with a single digital signature process.

With the action of establishing Joint Services No. 73 in the Action Plan of the Supplementary of the Information Society Strategy, which was implemented with the decision of the High Planning Council dated 2006/38, it was envisaged to make improvements in the public institutions and organizations in order to conduct some activities jointly in the electronic environment. Within the scope of the e- Correspondence Project with the “Regulation on the Procedures and Principles to be applied in Official Correspondences” published in the Official Gazette numbered 2020/31151, It is required that the public institutions and organizations that will conduct their official correspondence in electronic environment to comply with the “ ECP 2.0 e-Correspondence Technical Guide”.

Within the scope of the Project, the format of the e-Correspondence Package which will carry the official letter between institutions has been determined and the package structure has been formed. Detailed information about the package structure is provided in the “ ECP 2.0 e-Correspondence Technical Guide” published by Presidency of Republic of Turkey Digital Transformation Office.

The Digital Signature Conformity Assessment of the ECP software of the public institutions and organizations consists of checking the compliance of the digital signature mechanism of the ECP software with the international standards, the signature profiles published by Information and Communication Technologies Authority (ICTA) and the e-Correspondence Technical Guide.

Signed documents in the ECP applications must be created in accordance with P4, which has a long-term validity, stated in the "Digital Signature Usage Profiles Guide" published by ICTA. In addition, the format of the Electronic Signature and Paraph Electronic Signature components within package is must be P4 CAdES X-Long attached defined in ETSI TS 101 733. As for Electronic Seal, it must be the type of P4 CAdES-A attached defined in ETSI TS 101 733.

In the assessment of ECP software, the following standards mentioned in the electronic signature legislation are taken as reference:

• CWA 14170: Security Requirements for Signature Creation Applications
• CWA 14171: Procedures for Electronic Signature Verification
• ETSI TS 101 733: CMS Advanced Electronic Signatures (CAdES)
• ETSI TS 119 101: Policy and Security Requirements for Applications for Signature Creation and Signature Validation

The compliance of the following parts of the ECP software with the relevant standards are assessed:

• Digital signature formats created by the application
• Digital signature creation mechanism of the application
• Digital signature validation mechanism of the application
• Digital signature archiving mechanism of the application
• Signing and validation interface of the application

The institutions that would like to receive ECP Conformity Assessment service from Kamu SM can apply for the service after completing the requirements specified in the Preparation section. Detailed information about the application process can be found here.

ECP validation test procedures and packages can be accessed here.