Legislation

The Constitution of the Republic of Turkey, Law No. 5809 on Electronic Communications, Privilege Agreements signed with operators, and authorization regulations include various obligations related to network and information security. However, matters concerning communications and network security are primarily regulated in the Regulation on Network and Information Security in the Electronic Communications Sector, which was published in the Official Gazette dated 13/07/2014 and numbered 29059 and entered into force.

The aforementioned Regulation sets forth the procedures and principles that operators must comply with to ensure network and information security, and does not cover matters related to the processing of personal data and the protection of privacy. Within the scope of the Regulation, certain obligations regarding network and information security (set forth in the third section of the Regulation) are imposed on all operators, while certain additional obligations (set forth in the fourth section of the Regulation) are imposed on operators holding specific authorization types [Infrastructure operation service, Various telecommunications services (privilege agreement), GMPCS mobile phone service, GSM/IMT-2000/UMTS (privilege agreement), GSM 1800 mobile phone service in air vehicles, Internet service provision, Fixed telephone service, Virtual mobile network service, Satellite communication service, Satellite and cable TV services (assignment agreement)] whose annual net sales are at or above the value determined by the Authority Decision. The aforementioned annual net sales amount was set at 10 Million TL by Authority Decision dated 01/09/2014 and numbered 2014/DK-BTD/438, and additionally, GMPCS operators with subscribers have been made subject to these additional obligations regardless of their net sales.