Cyber ​​Security Law Becomes Law: New Obligations for Companies and Individuals

Cyber ​​Security Board and Presidency Authorized
With the Cyber ​​Security Law accepted by the Turkish Grand National Assembly, new regulations came into force to ensure Türkiye's digital security. While the powers of the Cyber ​​Security Presidency, established in January, were expanded, the Cyber ​​Security Board affiliated to the Presidency was established.
 
This board will have the authority to determine strategies, conduct audits and create security policies to protect Türkiye against cyber threats. In addition, local and national solutions will be encouraged to protect critical infrastructures.
 
New Obligations for Companies and Individuals
The new law covers public and private sector organizations and individuals operating in the digital environment. Accordingly:
 
    Companies will be responsible for identifying and reporting cybersecurity vulnerabilities.
    Only authorized cybersecurity products can be used for public and critical infrastructures.
    Institutions and companies will be required to submit the requested cybersecurity data to the Cybersecurity Presidency in a timely and complete manner.
 
Heavy Fines and Prison Penalties Are Coming
The law provides for severe penalties for companies and individuals that fail to fulfill their cybersecurity obligations:
 
    Companies that create security vulnerabilities will be fined up to 10 million TL.
    Those who spread false data leak news will be sentenced to 2 to 5 years in prison.
    Those who shared previously leaked data were sentenced to 3 to 5 years in prison.
    Those who attack Türkiye's cyber infrastructure will face 8 to 15 years in prison.
 
Cyber ​​Incident Response Team (SOME) to be Established
In order to combat cyber attacks more effectively, a Cyber ​​Incident Response Team (SOME) will be established. This team will detect cyber threats, intervene, and conduct international collaborations. In addition, cyber security drills will be organized for public institutions and critical infrastructures.
 
Cyber ​​Security Presidency Will Be Able to Access Company Data
According to the law, the Cyber ​​Security Presidency will be able to access the information systems of companies and individuals in order to prevent security risks and integrate the necessary software and hardware products into the systems. In addition, the obtained data will be stored for a maximum of two years and will be destroyed at the end of the specified period.
 
The new regulation aims to raise cyber security standards in Türkiye and create a stronger infrastructure against digital threats.
 
 
 
Source: CUMHA - CUMHURS NEWS AGENCY