TÜRKIYE Law and Practice Contributed by: Bora Yazıcıoğlu, Kübra İslamoğlu Bayer, Aslı Rabia Savaş and Yağmur Yaren Özdabakoğlu, YAZICIOGLU Legal
National Cyber Incidents Response Centre (the TR-CERT) In 2013, the TR-CERT was established under ICTA to identify emerging threats, take measures to reduce and eliminate the effects of possible attacks and incidents on national cyberspace and share them with the relevant actors. TR-CERT oversees the management of response to cybersecurity incidents from the beginning until the resolution. It co-ordinates with CERTs who are required to report cybersecurity events to the TR-CERT. TR-CERT also carries out awareness-raising and guidance activities to increase the awareness of public institutions and organisations against cyber-attacks. Cyber Incidents Response Teams (CERTs) Sectoral CERTs Sectoral CERTs are established under: • the regulatory and supervisory bodies; or • the relevant ministries of critical sectors, which are: (a) the Ministry of Interior; (b) the Ministry of Justice; (c) the Ministry of Treasury and Finance; (d) the Ministry of Environment, Urbanisation and Climate Change; (e) the Ministry of Labour and Social Secu - rity; (f) the Ministry of Agriculture and Forestry; and (g) the Ministry of Health. Sectoral CERTs are responsible for co-ordina - tion, regulation and supervision of cybersecurity in their respective critical sectors. They act in
• adopting resolutions for the development of human resources in the cybersecurity field; • determining critical infrastructure sectors; and • resolving the disputes between the Directo - rate and public institutions. The Information and Communication Technologies Authority (the ICTA) ICTA is an independent administrative institution and has administrative and financial autonomy. In addition to its regulatory role in telecommu - nications, ICTA closely monitors cybersecurity incidents through publicly available and private forums and mediums. ICTA also audits and warns private companies concerning specific cybersecurity threats and technical vulnerabili - ties. The Cybersecurity Act annuls the provisions granting the ICTA general cybersecurity-related powers and limits its duties to the data sys - tems within its own competency. However, ICTA will continue carrying out its duties for the time being. According to the Cybersecurity Act, when the Directorate’s organisation becomes fully operational, ICTA will transfer to the Direc - torate all its assets that are exclusively used for national cybersecurity activities. The Digital Transformation Office (the DTO) The DTO has played an active role in cyberse - curity, big data, artificial intelligence, and digital transformation since its establishment in 2018. The DTO was abolished with a Presidency Decree on 28 March 2025 and its cybersecurity- related duties and assets have been transferred to the Directorate.
301 CHAMBERS.COM
Powered by FlippingBook