Skip to content
Türkiye Today - Politics, Diplomacy, Defense & More News from Turkey

New cybersecurity law to strengthen Türkiye’s digital defense

A computer screen showing lines of code A computer screen showing lines of code (AFP Photo)
By Newsroom
Mar 6, 2025 9:10 AM

Türkiye has passed some of the new cybersecurity laws aimed at fortifying the nation’s digital infrastructure against internal and external threats.

The legislation establishes a legal framework for identifying and mitigating cyber threats, protecting public institutions and private entities, and formulating national cybersecurity strategies.

Recommended

Scope of legislation

The law applies to public institutions, professional organizations with public status, private entities, and non-legal organizations operating in cyberspace.

However, intelligence operations conducted under the Police Duties and Authorities Law, the Coast Guard Command Law, the Gendarmerie Organization, Duties and Authorities Law, the National Intelligence Organization Law, and the Turkish Armed Forces Internal Service Law remain outside its scope.

Key cybersecurity terms such as “hosting,” “cyber event,” “cyber attack,” and “cyber threat intelligence” are officially defined in the legislation.

The law positions cybersecurity as an integral part of national security, emphasizing the protection of critical infrastructure and information systems.

It mandates that cybersecurity efforts be continuous, sustainable and transparent, ensuring accountability at every level.

person using a computer
Backview of person using a computer (Adobe Stock Photo)

Cybersecurity Presidency’s role and responsibilities

The newly established Cybersecurity Presidency will be responsible for:

  • Conducting vulnerability and penetration tests
  • Analyzing cyber risks
  • Gathering, creating, and sharing cyber threat intelligence
  • Identifying and securing critical infrastructure
  • Overseeing risk assessments and security protocols for public institutions and critical infrastructure operators
  • Developing cybersecurity response teams (SOME) and evaluating their readiness through exercises
  • Strengthening coordination with international cybersecurity response teams
  • Promoting national cybersecurity solutions and innovations
person using a computer
Hooded person using a computer (Adobe Stock Photo)

National cybersecurity strategy and implementation

The legislation underscores that cybersecurity strategies will be dynamic, evolving with emerging threats. It prioritizes the development of a qualified workforce in cybersecurity and encourages the adoption of locally developed security solutions.

The Cybersecurity Presidency will also regulate security standards and compliance requirements for cybersecurity professionals, private sector companies, and government agencies.

This includes establishing criteria for cybersecurity products and services, overseeing compliance, and enforcing penalties for non-compliance

Data protection and compliance

The law mandates that cybersecurity-related data, including logs and threat intelligence, be retained for a maximum of two years. Unauthorized entities cannot withhold requested data under existing legal frameworks.

Any collected personal or confidential business data must be deleted, destroyed, or anonymized once its intended use is complete.

New cybersecurity law to strengthen Türkiye's digital defense
Police officer from the Anti-Cyber Crimes Department of the Security Directorate (AA Photo)

Cybersecurity Council and governance

A Cybersecurity Council will be formed, comprising key government officials, including the President, Vice President, Ministers of Justice, Defense, Interior, Foreign Affairs, Industry, and Transportation, as well as the heads of the National Intelligence Organization and Cybersecurity Presidency.

The council will:

  • Set national cybersecurity policies and strategies
  • Define priority areas for cybersecurity investment and human resource development
  • Resolve disputes between government entities related to cybersecurity matters
  • Oversee the implementation of cybersecurity roadmaps

The Cybersecurity Presidency will serve as the secretariat for the council, ensuring seamless execution of decisions.

New cybersecurity law to strengthen Türkiye's digital defense
Turkish Police Special Operations officers along with the Department of Cybercrime officer. (AA Photo)

International coordination and oversight

The Cybersecurity Presidency is empowered to coordinate with international organizations and foreign governments on cybersecurity matters.

It will also oversee third-party security audits for critical infrastructure providers, ensuring compliance with national security standards.

Legal and regulatory enforcement

The Cybersecurity Presidency holds the authority to enforce cybersecurity regulations, including certification, licensing, and security standards for companies providing cybersecurity solutions.

Organizations failing to comply with national cybersecurity directives may face legal penalties and restrictions.

The legislation further stipulates that individuals employed within the Cybersecurity Presidency cannot take positions in cybersecurity-related private sector roles for two years following their departure.

Additionally, all sensitive information acquired during tenure cannot be disclosed unless authorized by law.

New cybersecurity law to strengthen Türkiye's digital defense
A member of the military specialized in cyber defense works on a computer during the 10th International Cybersecurity Forum in Lille, France. (AFP Photo)

Parliamentary proceedings

Following extensive deliberations, the Turkish Parliament approved 13 articles of the law before adjourning.

The next session is scheduled for March 11 at 3 p.m. in local time, when further provisions of the cybersecurity framework will be discussed.

Last Updated:  Mar 6, 2025 9:10 AM