- in Turkey
- within International Law and Wealth Management topic(s)
The Cybersecurity Council (the “Council”), chaired by the President of Türkiye and composed of the relevant ministries, held its first meeting on 5 May 2026. The Council operates alongside the Presidency of Cybersecurity (the “Presidency”), established pursuant to the Presidential Decree on the Presidency of Cybersecurity published in the Official Gazette dated 8 January 2025 and numbered 32776. The duties and powers of the Presidency are regulated under the Cybersecurity Law No. 7545 (the “Law”).
During the meeting, data “sovereignty” and cybersecurity were emphasized as integral components of national sovereignty. In this context, strengthening Türkiye’s position in the increasingly competitive global cybersecurity landscape was identified as a strategic priority. The Council also highlighted the importance of using domestic and national technologies, particularly within critical infrastructures, and stated that the development and use of local technological capabilities in critical sectors would be encouraged.
Under the Law, “critical infrastructure” refers to infrastructure hosting information systems which may lead to loss of life, large-scale economic damage, security vulnerabilities or disruption of public order where the confidentiality, integrity or availability of processed data or information is compromised. The Presidency is responsible for increasing the cyber resilience of critical infrastructures and preventing cyberattacks and system vulnerabilities that may result in data breaches. While the Council is authorized to determine the critical infrastructure sectors, the Presidency is further authorized to identify the relevant critical infrastructures, their affiliated institutions and their locations.
Previously, under the “National Cybersecurity Strategy and 2013–2014 Action Plan” published in the Official Gazette dated 20 June 2013 and numbered 28683, the critical infrastructure sectors were limited to electronic communications, energy, banking and finance, critical public services, transportation and water management. Following the meeting held on 5 May 2026, the following sectors were designated as critical infrastructure sectors:
- Digital Infrastructures
- Digital Services
- Electronic Communications
- Energy
- Finance
- Food and Agriculture
- Manufacturing Industry
- Public Services
- Media and Crisis Communication
- Postal and Cargo Services
- Healthcare
- Defence Industry
- Water Management
- Transportation
- Space
The Presidency is expected to introduce secondary legislation further clarifying the scope of the critical infrastructure sectors, the relevant institutions, applicable technical criteria and notification procedures. Following the publication of such secondary legislation, further compliance processes and regulatory obligations are expected to arise for both public and private sector stakeholders operating within the scope of the Law.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
