Turkiye: Adopted data residency obligation in Turkish Regulation on Information Systems and Electronic Banking Services of Banks

On 20 June 2020, Turkiye's Banking Regulation and Supervision Agency adopted the Regulation on Information Systems and Electronic Banking Services of Banks. Article 25 of the Regulation requires banks to maintain their primary and secondary systems within the country. Primary systems encompass infrastructure, hardware, software, and data used to execute banking activities and record information related to a bank's compliance with its legal obligations. Secondary systems are backups to primary systems, to be used during interruption periods. Transactions, payments, and messaging systems should also function without the need of communication or approval from abroad, unless such interaction is required by their nature. The Regulation clarifies that certain functions, like internal messagins services and market monitoring platforms, are not subject to the localisation requirement as long as they do not involve the processing of critical or confidential data. The localisation provisions enter into force on 1 January 2021.