- with Inhouse Counsel
- with readers working within the Pharmaceuticals & BioTech industries
May 2026 – The Turkish Cybersecurity Board (the “Board”), established under the Cybersecurity Law, held its first meeting on 5 May 2026. Following the meeting, the Board published an official statement outlining the Board’s initial priorities and strategic cybersecurity agenda.
The meeting reflects Türkiye’s intention to adopt a more centralised and strategic cybersecurity governance framework, with a particular focus on critical infrastructure protection, cyber resilience, and data sovereignty.
Key Outcomes of the Meeting
Designation of Critical Infrastructure Sectors: One of the most significant outcomes of the meeting was the designation of the following sectors:
|
Critical Infrastructure Sectors |
||
|
Digital Infrastructure |
Finance |
Media and Crisis Communication |
|
Digital Services |
Food and Agriculture |
Postal and Cargo Services |
|
Electronic Communications |
Manufacturing Industry |
Healthcare |
|
Energy |
Public Services |
Defence Industry |
|
Water Management |
Transportation |
Space |
The designation of these sectors is expected to serve as the foundation for future secondary legislation and technical implementation requirements applicable to organisations operating in these areas.
Strategic Cybersecurity Priorities
The Board also identified several strategic priorities for Türkiye’s national cybersecurity framework:
|
Strategic Priority |
Focus Area |
|
Institutional Coordination |
Strengthening coordination mechanisms among public institutions and relevant stakeholders |
|
Domestic Capacity Building |
Increasing domestic and sustainable capabilities in critical sectors |
|
Cyber Resilience |
Enhancing preparedness against cyber risks and improving rapid adaptation capabilities |
|
Data Sovereignty |
Reinforcing Türkiye’s digital sovereignty approach and strategic control over data |
|
National Security Integration |
Positioning cybersecurity as an integral component of national security |
The statement further emphasises that increasing geopolitical tensions, regional conflicts, and global technological competition are contributing to increasingly sophisticated and multidimensional cyber threats.
Accordingly, organisations operating in affected sectors should closely monitor upcoming secondary legislation and assess the adequacy of their existing cybersecurity and operational resilience frameworks.
We will continue to monitor further legislative and regulatory developments and share additional updates as they become available.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
[View Source]
