Turkiye: Grand National Assembly adopted Cybersecurity Law including security obligations

On 12 March 2025, the Grand National Assembly adopted the Cybersecurity Law. (Law No. 7545). The Law defines the basic principles, responsibilities and measures for cybersecurity, including the protection of critical infrastructure, data security and the role of cybersecurity response teams (SOME). Organisations are obligated to implement security measures, including the reporting of security incidents, the procurement of certified cybersecurity products, and compliance with inspections and audits. The formulation of policies and determination of strategic priorities is the responsibility of the Cybersecurity Council, which is composed of the President, Vice President, and ministers. In addition, the Law imposes regulations on cybersecurity personnel, including security clearance requirements, mandatory service terms for recipients of state-sponsored training, and restrictions on former employees working in private cybersecurity roles for two years without approval, while also prohibiting the unauthorised disclosure of cybersecurity information. Violations of these provisions are subject to financial penalties and imprisonment. The Law comes into force upon publication.