A New Era For Cybersecurity In Türkiye: Appointment Of First Head Of Cybersecurity Announced

October 2025 – On 24 October 2025, Ümit Önal was appointed as the head of Türkiye's Cybersecurity Presidency, pursuant to Articles 2 and 3 of Presidential Decree No. 3, as published in the Official Gazette No. 33057.

What regulations have been in place so far?

Türkiye's primary cybersecurity framework is established under Law No. 7545 on Cybersecurity ("Cybersecurity Law"), which sets out the key principles and obligations in the field of cybersecurity.

The Cybersecurity Law, effective since 19 March 2025, established the Cybersecurity Presidency (in Turkish: Siber Güvenlik Başkanlığı) as an independent authority to oversee the implementation of national cybersecurity policy. However, until this appointment, the Cybersecurity Presidency had not been formally led. Under the Presidential Decree on the Cybersecurity Presidency ("Presidential Decree No.177"), the Cybersecurity Presidency is defined as an autonomous body responsible for:

• implementing national cybersecurity strategies,
• coordinating cyber defence efforts,
• issuing secondary regulations; and
• ensuring compliance.

What are the Duties and Powers of the Cybersecurity Presidency?

The Cybersecurity Presidency is empowered to oversee the cybersecurity activities of all institutions, organisations, and individuals within the scope of the Cybersecurity Law. It is also responsible for establishing Cyber Incident Response Teams (SOME) and enhancing their operational maturity, organising national and sectoral cybersecurity exercises, and ensuring effective international coordination in the field of cybersecurity.

Approval from the Cybersecurity Presidency is required for the export of cybersecurity products, systems, software, hardware, and services.

i. The primary responsibilities of the Cybersecurity Presidency include:

• Strengthening critical infrastructure and information systems against cyberattacks;
• Detecting and mitigating cyberattacks effectively;
• Setting cybersecurity standards and conducting testing, certification;
• Authorising and auditing cybersecurity software, hardware, and services for public and critical infrastructure sectors.

ii. The key powers of the Cybersecurity Presidency include:

• Providing on-site or remote incident response support to affected institutions and tracing, analysing, and documenting cyber incidents;
• Collecting and analysing log data and sharing reports with the competent authorities;
• Authorising and supervising independent cybersecurity auditors and audit firms;
• Engaging in international cooperation and coordination in the field of cybersecurity.

What This Means for Businesses

The appointment of Türkiye's first head of Cybersecurity marks an important milestone in the country's cybersecurity governance framework. It is expected to accelerate the development of secondary regulations under the Cybersecurity Law.

Organisations operating in Türkiye should closely follow upcoming regulatory developments and ensure compliance with new cybersecurity obligations.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.