Cybersecurity 2025

TÜRKIYE Law and Practice Contributed by: Bora Yazıcıoğlu, Kübra İslamoğlu Bayer, Aslı Rabia Savaş and Yağmur Yaren Özdabakoğlu, YAZICIOGLU Legal

The Law on Regulation of Publications via the Internet and Combating Crimes Committed by Means of Such Publications No 5651 (the “Internet Law” ) The Internet Law aims to regulate the obligations and responsibilities of content providers, hosting providers, internet service providers, social net - work providers, and access providers to combat crimes committed via the internet. The Internet Law directs the Turkish Informa - tion and Communication Technologies Author - ity (the ICTA) to establish co-ordination between the relevant public institutions, law enforcement agencies, above-mentioned providers and other related institutions and organisations to ensure the safe use of the internet, raise public aware - ness, and carry out necessary activities (eg, taking necessary measures within the scope of national cybersecurity policies). However, according to the Cybersecurity Act, the ICTA will no longer be able to carry out these duties when the Directorate’s organisation is completed. The Law on Electronic Communication No 5809 (the “E-Communication Law” ) Information security is among the basic princi - ples in the E-Communication Law, which pro - vides the main framework for network secu - rity, the confidentiality of communication, and personal data protection. Detailed provisions concerning each may be found under several secondary pieces of legislation enacted based thereon. While the ICTA is the authorised regulatory body in the e-communications sector, its authority in cybersecurity measures has now been trans - ferred to the Directorate. However, the ICTA will continue to exercise these powers until the latter becomes operational.

curity is partly and indirectly covered by Article 20(3) of the Constitution, which provides for the right to protection of personal data. Furthermore, Article 22 recognises freedom of communication as an individual right to any person. The Cybersecurity Act The Cybersecurity Act provides a dedicated legal framework for the responsibilities of insti - tutions and persons who operate in cyberspace and the powers and duties of the recently estab - lished Cybersecurity Directorate ( “Directorate” ). It also establishes the Cybersecurity Board and determines its duties. Additionally, certain actions are now criminal - ised, such as: • failure to provide information, documents and data to the Directorate’s audit personnel; • distributing, sharing or selling leaked data; and • creating and disseminating false content regarding data breaches in cyberspace, with the intent to incite anxiety, fear and panic among the public or to target institutions or individuals. There are also specific requirements for com - panies producing cybersecurity products and services. For more information on the Cybersecurity Act, see 1.3 Cybersecurity Regulators , 2.1 Scope of Critical Infrastructure Cybersecurity Regu- lation , 2.2 Critical Infrastructure Cybersecurity Requirements , 4.1 Cyber-Resilience Legisla- tion , 4.2 Key Obligations Under Legislation , and 5.1 Key Cybersecurity Certification Leg - islation .

297 CHAMBERS.COM

Powered by