Turkiye: Grand National Assembly adopted Cybersecurity Law (Law No. 7545) including approval requirement for mergers of cybersecurity firms

On 12 March 2025, the Turkish Grand National Assembly adopted the Cybersecurity Law (Law No. 7545). The scope of this Law encompasses public institutions, professional organisations, private entities, and individuals operating within the cyberspace domain, with exceptions for intelligence activities under national security laws. The Law provides definitions, basic principles and responsibilities for cybersecurity, including the protection of critical infrastructure, data security and the role of cybersecurity response team. The Law stipulates that companies involved in the production of cybersecurity products, systems, software, hardware, and services are obligated to notify the Cyber Security Presidency in instances of mergers, divisions, share transfers, or sales. Furthermore, transactions that grant direct or indirect control or decision-making authority over a company to individuals or legal entities are subject to the approval of the Presidency. The Presidency reserves the right to request relevant information and documentation from relevant institutions, and the implementation details will be regulated through procedures and principles published by the Presidency.