Cybersecurity export controls introduced in Türkiye
Police officer from the Anti-Cyber Crimes Department of the Security Directorate. (AA Photo)
The Turkish government has proposed new legislation to regulate the export of locally developed cybersecurity products, even when produced by private companies.
The move is part of a broader strategy to safeguard Türkiye’s cybersecurity and ensure that critical technologies remain under national control as Ankara recently announced its Presidency of Cybersecurity.
The proposed regulation, set to be legislated in the coming days by Turkish Parliament, will empower the Cybersecurity Directorate to oversee the export of cybersecurity software and hardware developed with public funding.
Exports will require prior approval from the agency.
Protecting Türkiye’s cyber sovereignty
Ali Ozkaya, ruling Justice and Development (AK Party)’s Member of Parliament from Afyonkarahisar and the first signatory of the legislative proposal, outlined the reasoning behind the regulation.
“As a state, we face significant difficulties in acquiring such products from many countries, especially in Europe and the U.S., where exports are often subject to strict quotas and limitations.
For this reason, we are introducing restrictions that require government approval for the sale of locally developed products,” Ozkaya said.
He emphasized that ongoing sales contracts would not be affected by the regulation but that future agreements must comply with the new rules.
Ozkaya added, “Once this law is enacted, all entities producing cybersecurity technologies, including companies, foundations, and associations, must adhere to it. Those failing to comply may face penalties, including deregistration or closure.”
Ensuring public sector security
Yusuf Tancan, Deputy Head of the Presidential Digital Transformation Office, highlighted the potential risks of unregulated sales. “An accredited product can later change ownership and be sold to a foreign firm, creating a security risk. This is addressed in the proposed law,” Tancan stated.
He also noted that public sector organizations would only be allowed to use cybersecurity products certified by the Cybersecurity Presidency.
“Particularly for products developed with public support, the transfer or sale abroad is subject to approval to ensure the protection of national interests,” Tancan added.
Penalties for non-compliance
The draft law introduces strict penalties for violations. Organizations found exporting cybersecurity products without approval could face legal action, including closure for foundations and associations, or removal from trade registries for companies.
Ozkaya underlined the importance of these measures, asserting that they aim to ensure the security of Türkiye’s “cyber homeland” and protect against potential threats.
