Cybersecurity Law

Executive Summary

The Cybersecurity Law (“Law”) entered into force upon its publication in the Official Gazette on March 19, 2025. With this Law:

The Cybersecurity Presidency has been established to oversee audits, certification, authorization, and accreditation processes, ensuring that cybersecurity products and services comply with regulations. Cybersecurity incidents must be reported to the Presidency as soon as possible.

The Presidency will have the authority to audit companies within the scope of its inspection powers. Companies must keep relevant devices accessible for inspection and prepare the information and documents requested by the Presidency.

Cybersecurity products, systems, and services to be used in critical infrastructure must be obtained from cybersecurity experts, manufacturers, or companies authorized and certified by the Presidency.

The use of software, hardware, products, and services that may impact cybersecurity in the IT systems of critical infrastructures must receive approval from the Presidency.