Cybersecurity 2025

TÜRKIYE Law and Practice Contributed by: Bora Yazıcıoğlu, Kübra İslamoğlu Bayer, Aslı Rabia Savaş and Yağmur Yaren Özdabakoğlu, YAZICIOGLU Legal

grating Public Institutions and Organisations into KamuNet, all public institutions and organisa - tions must utilise the KamuNet network. The Communiqué on KamuNet sets the require - ments for public institutions and organisations integrated into KamuNet, such as having a TS ISO/IEC 27001 certificate for their information security management systems. In addition, it authorises the MTI to determine the public insti - tutions and organisations to be integrated into KamuNet and assess their suitableness before the integration. 1.3 Cybersecurity Regulators Regulators The Cybersecurity Directorate The Directorate has been designated as a gen - eral authority on cybersecurity matters. The main duties and powers of the Directorate are as follows: • conducting operations to increase cyber- resilience (eg, by penetration tests or risk analysis); • determining critical infrastructures; • ensuring keeping of the asset inventory for public institutions and critical infrastructures; • establishing and auditing CERTs; • determining the procedures and principles to be followed by those operating in the field of cybersecurity; • establishing and operating the necessary infrastructure for the cybersecurity of public institutions and critical services, providing secure hosting services, and defining the procedures and principles thereof; • determining the standards for the cybersecu - rity field; • carrying out testing and certification proce - dures for the cybersecurity field;

• conducting cybersecurity audits and impos - ing sanctions; and • determining the technical criteria for the cybersecurity products and services to be used in public institutions and critical infra - structures. However, the Directorate’s duties will continue to be performed by the existing relevant public institutions and organisations until the relevant units within the Directorate are established and become operational. The Ministry of Transport and Infrastructure (the MTI) The Council of Ministers Decision on Cyberse - curity authorises the MTI for the implementa - tion, administration and co-ordination of national cybersecurity actions and preparation and co- ordination of policy, strategy and action plans regarding the governance of national cyberse - curity. MTI oversees and conducts cybersecurity activi - ties at the strategic level through the TR-CERT. The Cybersecurity Act delegates MTI’s cyber - security-related responsibilities to the Directory. The Cybersecurity Board The Cybersecurity Board, presided by the Presi - dent of the Republic of Türkiye, is tasked with: • adopting resolutions regarding cybersecurity policies, strategies, action plans, and other regulatory measures; • adopting resolutions for the implementation of the cybersecurity technology roadmap prepared by the Directorate; • identifying priority areas for incentives in cybersecurity;

300 CHAMBERS.COM

Powered by