Turkiye: Cybersecurity Law including security obligations was introduced to the Grand National Assembly

On 10 January 2025, the Cybersecurity Law (Law No. 7545) was introduced to the Grand National Assembly. The Law would define the basic principles, responsibilities and measures for cybersecurity, including the protection of critical infrastructure, data security and the role of cybersecurity response teams (SOME). Organisations would be obligated to implement security measures, including the reporting of security incidents, the procurement of certified cybersecurity products, and compliance with inspections and audits. The formulation of policies and determination of strategic priorities would be the responsibility of the Cybersecurity Council, which is composed of the President, Vice President, and ministers. In addition, the Law would impose regulations on cybersecurity personnel, including security clearance requirements, mandatory service terms for recipients of state-sponsored training, and restrictions on former employees working in private cybersecurity roles for two years without approval, while also prohibiting the unauthorised disclosure of cybersecurity information. Violations of these provisions would be subject to financial penalties and imprisonment. The Law comes into force upon publication.