The electronic communications sector is of vital importance today, enabling individuals and institutions to communicate, access information and benefit from various services. Regulations in this sector are constantly updated in line with technological developments and emerging threats. A recent noteworthy development is the amendments made to the Electronic Communications Law No. 5809 ("Law") as of March 12, 2025, which removed some cybersecurity-related regulations from the text of the Law. In this Article, we will assess what these amendments are and what this means for the executive powers in the field of cybersecurity.
What are the Changes?
The following provision (Art.5/h) regulating the duties and powers of the Ministry of Transport in relation to cyber security has been removed:
"To determine policies, strategies and objectives in order to ensure national cyber security, to determine the procedures and principles regarding the provision of cyber security for public institutions and organizations and real and legal persons, to prepare action plans, to ensure the coordination of related activities, to determine critical infrastructures and the institutions and locations they belong to, to establish the necessary response centers, To carry out, commission and encourage studies for the production and development of all kinds of cyber intervention tools and national solutions, to carry out awareness-raising, training and awareness-raising activities on cyber security, to prepare the procedures and principles that real and legal persons operating in the field of cyber security must comply with."
With the regulation made in Article 5/ı of the Law, the establishment and operation of data centers and infrastructures required for the transfer of data has been narrowed in scope and limited to the duties carried out by the Ministry.
Pursuant to the amendment made in Article 6/v of the Law, the duties and responsibilities of the Authority regarding cyber security have been abolished, while the regulations regarding domain names have been preserved. In addition, the Authority's authority to take measures regarding cybersecurity has also been abolished with the removal of the following provision in Article 60/11 of the Law.
Finally, the special provisions on the establishment and operations of the Cyber Security Board, as set out in Additional Article 1 and Additional Article 2 of the Law, were also removed from the Law.
Interpretation of the Amendments
The removal of these cybersecurity regulations from the Electronic Communications Law can be interpreted as a restructuring of powers and responsibilities in the field of cybersecurity. These amendments can be considered as a step towards the delegation of executive authority in the field of cyber security to the Cyber Security Presidency.
The Cybersecurity Law, which entered into force on March 12, 2025, does not yet define what the critical infrastructures and critical public services are under the legal regulations, but it is estimated that the electronic communications sector may be included among them. At the same time, this development shows that a more centralized and specialized approach to cyber security issues has been adopted.