Turkiye: Implemented data residency obligation in Turkish Regulation on Information Systems and Electronic Banking Services of Banks

On 1 January 2021, the Turkish Regulation on Information Systems and Electronic Banking Services of Banks entered into force. Article 25 of the Regulation requires banks to maintain their primary and secondary systems within the country. Primary systems encompass infrastructure, hardware, software, and data used to execute banking activities and record information related to a bank's compliance with its legal obligations. Secondary systems are backups to primary systems, to be used during interruption periods. Transactions, payments, and messaging systems should also function without the need of communication or approval from abroad, unless such interaction is required by their nature. The Regulation clarifies that certain functions, like internal messagins services and market monitoring platforms, are not subject to the localisation requirement as long as they do not involve the processing of critical or confidential data.