Cybersecurity 2025

TÜRKIYE Law and Practice Contributed by: Bora Yazıcıoğlu, Kübra İslamoğlu Bayer, Aslı Rabia Savaş and Yağmur Yaren Özdabakoğlu, YAZICIOGLU Legal

• strengthening the national cybersecurity infra - structure; • enacting and implementing procedures and principles on the establishment of an informa - tion security system in critical infrastructures; • introducing cybersecurity standards in the required fields; • improving the domestic cybersecurity eco - system, spreading national solutions, and boosting competitiveness on an international scale; • supporting the global competitiveness of domestic solutions; • developing test infrastructures for cybersecu - rity; • increasing the use of domestic cybersecurity products, primarily in public institutions; • raising cybersecurity awareness and training a competent workforce and making new busi - ness models for maintaining the same; • building programmes aimed at cybersecurity training and bettering career opportunities; and • improving the content, quality, and environ - ment for training personnel fit for the sectoral needs. The Medium-Term Program (2025–2027) Medium-Term Program provides the following policy objectives: • utilising digital technologies to the fullest extent to strengthen nationwide cybersecurity through comprehensive policies, enhance the efficiency of public administration, and develop public services; • enacting dedicated legislation on cybersecu - rity and the necessary secondary regulations in compliance with the EU acquis (the collec - tion of common rights and obligations that constitute the body of EU law, incorporated

into the legal systems of EU member states – according to the official website of the EU); • implementing public–university–private sector co-operation programmes to train qualified personnel in strategic fields, including cyber - security; and • taking measures to increase the level of resil - ience in payment and electronic institutions’ cybersecurity. The Presidency Program for 2025 Lastly, the Presidency Program for 2025 sets out more specific plans that are based upon the six objectives set out in the NCS 2024, including: • legislative works in line with the EU legal framework (eg, the EU’s NIS2 Directive and the EU Cyber Resilience Act); • review of critical infrastructure sectors; • awareness-raising activities for the public; and • cybersecurity training for public servants. 1.2 Cybersecurity Laws There have been significant developments in cybersecurity legislation of Türkiye recently. On 19 March 2025, the Cybersecurity Act was published in the official gazette and entered into force. According to the Cybersecurity Act, secondary regulations will be made within one year. Until then, current regulations that are not contrary to the Cybersecurity Act will continue to be in force. General Regulations The Constitution of the Turkish Republic (the “Constitution” ) The Constitution does not directly set out any provision on cybersecurity. However, as cyber - security is an umbrella term also covering data protection – whether it is personal or non-per - sonal data – it can be considered that cyberse -

296 CHAMBERS.COM

Powered by