Twitter Logo Youtube Circle Icon LinkedIn Icon

The Legal 500 Hall of Fame Icon The Legal 500 Hall of Fame highlights individuals who have received constant praise by their clients for continued excellence. The Hall of Fame highlights, to clients, the law firm partners who are at the pinnacle of the profession. In Europe, Middle East and Africa, the criteria for entry is to have been recognised by The Legal 500 as one of the elite leading lawyers for seven consecutive years. These partners are highlighted below and throughout the editorial.
Click here for more details

Turkey > Legal Developments > Law firm and leading lawyer rankings

Editorial

Presidential Circular on Information and Communication Security Measures

Presidential Circular on Information and Communication Security Measures ("Circular") is published in the Official Gazette of July 6, 2019. The aim of the Circular is reducing of security risks and governing measures to be taken to ensure safety of information which is critical to national security and public order.

The Circular imposes several security obligations on public institutions regarding (i) storage and transfer of critical information (i.e. health, contact and biometric information), confidential information and corporate information, (ii) cyber threat notifications and (iii) industrial check systems.

According to the Circular, "Information and Communication Security Guidelines" ("Guidelines") will be prepared and published by the Presidency's Digital Transformation Office ("Office") in light of the national and international standards on information security on the Office's website at www.cbddo.gov.tr.

All public institutions and operators providing critical infrastructure services will be obliged to (i) comply with the procedures and rules in the Guidelines when setting up new information systems and (ii) review and revise the existing systems to ensure compliance with the Guideline.

The Circular also obliges public institutions to set up internal reviewing mechanisms and examine compliance with the Guidelines at least once a year. Public institutions will be reporting the examination results and corrective and preventative actions taken by the relevant institution to the Office.

While the Circular generally imposes information security obligations on public institutions, the following measures listed in the Circular and which are new to this regulatory landscape can be relevant for the providers of cloud services and electronic communication services:

- Information pertaining to public institutions shall not be stored in cloud services. The exception to this is the storage on relevant institutions' private systems or on the systems provided by local service providers which are under the control of the relevant public institution.

- Authorized electronic communication service providers (operators) are obliged to set up internet exchange points in Turkey. According to the Circular, measures will be taken in order to prevent the cross-border transmission of domestic communication traffic which needs to be exchanged domestically.  

Authors: G├Ânen├ž G├╝rkaynak Esq., Ceren Y─▒ld─▒z, Burak Ye┼čilaltay and Ekin Ince, ELIG G├╝rkaynak Attorneys-at-Law

(First published by Mondaq on July 9, 2019)