The Cyber Security Law, passed in the General Assembly of the Grand National Assembly of Turkey on March 12th, has officially become law after being published in the Official Gazette. This law prioritizes the use of domestic and national products in efforts to ensure cybersecurity. Personal data and trade secrets obtained within the framework of the specified authorities will be automatically deleted, destroyed, or anonymized once the reasons necessitating access to this data cease to exist. The rules and principles for the implementation of this article will be determined by regulations issued by the President.
Composition of the Cyber Security Council
The law also addresses the composition of the Cyber Security Council, which will include the President, Vice President, Minister of Justice, Minister of Foreign Affairs, Minister of the Interior, Minister of National Defense, Minister of Industry and Technology, Minister of Transport and Infrastructure, Secretary General of the National Security Council, President of the National Intelligence Organization, President of the Defense Industry, and the Cyber Security President. In cases where the President cannot attend, the Vice President will preside over the council. Apart from council members, relevant ministers and individuals may be invited to council meetings based on the agenda’s nature to provide information and opinions. The council may establish commissions and working groups if deemed necessary within the scope of their duties. These commissions and working groups will conduct technical work in areas falling within the council’s jurisdiction and formulate decision proposals.
Expert individuals may also be invited to commission and working group meetings to benefit from their opinions. Individuals who carry out cyber attacks on elements that constitute the national power of the Republic of Turkey in cyberspace, or who store any data obtained as a result of such attacks in cyberspace, will face a prison sentence of 8 to 12 years if their actions do not constitute a more serious offense requiring a different penalty. Those who disseminate, transmit elsewhere, or offer for sale any data obtained as a result of such attacks in cyberspace will face a prison sentence of 10 to 15 years.
Enforcement and Penalties
Individuals who fail to provide the information, documents, software, data, and hardware requested within the scope of the duties and powers of authorized bodies and inspectors authorized by law, excluding public institutions and organizations, or who obstruct the collection of such items, will be sentenced to imprisonment for a period of 1 to 3 years and fined between 500 and 1500 days. Those who fail to fulfill their obligation to keep secrets will face a prison sentence of 4 to 8 years.
The Cyber Security Law aims to protect Turkey’s digital infrastructure and safeguard against cyber threats, ensuring the confidentiality, integrity, and availability of critical information systems. By establishing a framework for cybersecurity measures and regulations, the law seeks to bolster the nation’s defenses against cyber attacks and data breaches, safeguarding national security and economic interests in an increasingly digitalized world. As technology continues to advance and cyber threats evolve, the Cyber Security Law provides a crucial legal foundation for safeguarding Turkey’s digital assets and maintaining cyber resilience in the face of emerging threats.
