In a decisive move to strengthen its defenses against cyber threats, Türkiye has established a dedicated Cybersecurity Administration. Officially announced in the Presidential Decree on the Cybersecurity Administration, published in the Official Gazette on January 8, 2025, this new government body will operate as a specially budgeted institution based in Ankara, directly affiliated with the Presidency. Its primary mission will be to implement the decisions of the Cybersecurity Council.
Leadership and Structure
The Cybersecurity Council, chaired by President Recep Tayyip Erdoğan, will include key ministers from Interior, Justice, Defense, Transportation and Infrastructure, and Industry and Technology. This high-level representation underscores the strategic importance of cybersecurity to national security.
The establishment of the Cybersecurity Administration marks a significant milestone aimed at shaping comprehensive cybersecurity policies, fostering inter-agency coordination, and enhancing Türkiye’s cyber resilience and deterrence capabilities.
Building on the National Roadmap
In 2024, the Turkish government introduced a cybersecurity roadmap designed to protect the nation’s information infrastructure and improve preparedness against evolving cyber threats. The Cybersecurity Administration will play a pivotal role in implementing this strategic vision, aligning its efforts with best practices observed in Europe and the United States.
The Administration will be supported by advanced cyber intelligence centers and cyber incident response units, ensuring it is equipped to handle modern challenges effectively.
Collaboration and Data Protection
The Cybersecurity Administration is expected to work closely with the Personal Data Protection Authority, operating under Türkiye's Data Protection Law No. 6698. This collaboration will be particularly crucial in processes such as breach notifications, where the Administration’s powers and responsibilities are expected to increase over time.
Cybersecurity Law on the Way!
Following the announcement of the Cybersecurity Administration, the draft Cybersecurity Law (the “Proposal”) was submitted to the National Defense Commission, which serves as the primary committee for the proposal in the Grand National Assembly of Türkiye. The first session, held on January 15, 2025, was attended by public institutions, international technology investment companies, and members of the press.
The proposal has been approved by the committee, but for it to become law, it must be voted on in the General Assembly, approved by the President, and published in the Official Gazette.
The draft introduces significant regulations, including:
- Defining fundamental principles of cybersecurity,
- Reactivating the Cybersecurity Council,
- Establishing a legal basis for the Cybersecurity Administration,
- Introducing new offenses in the field of cybersecurity, and
- Imposing administrative fines for cybersecurity violations.
Recent developments demonstrate that steps to safeguard Türkiye's "cyber homeland" are becoming increasingly concrete and serious.
If the Cybersecurity Law is adopted, the new offenses and administrative fines it introduces are expected to spark considerable debate.
We will continue to keep you updated on developments.