Turkiye: Grand National Assembly adopted Cybersecurity Law (Law No. 7545) including establishment of Cybersecurity Authority

On 12 March 2025, the Turkish Grand National Assembly adopted the Cybersecurity Law including establishment of Cybersecurity Authority. The scope of this Law includes public institutions, professional organisations, private entities, and individuals operating in the cyberspace domain, with exceptions for intelligence activities under national security laws. The Law provides definitions, basic principles and responsibilities for cybersecurity, including protecting critical infrastructure, data security and the role of cybersecurity response teams. The Law establishes a Cybersecurity Authority responsible for conducting risk assessments, overseeing cybersecurity incident response teams, and setting cybersecurity standards, certifications, and audits. The Authority is further empowered to enforce security measures, conduct cybersecurity audits, and impose sanctions for non-compliance. The Authority's duties also include identifying and categorising critical infrastructure sectors, collecting and analysing data on cyber incidents, regulating cybersecurity service providers, and cooperating with international cybersecurity bodies. The Cybersecurity Council, composed of the president, vice president and ministers, is responsible for formulating cybersecurity policy and determining strategic priorities.