Cybersecurity Council Meeting Held on 5 May 2026

At the Cybersecurity Council meeting held on 5 May 2026, Türkiye’s cybersecurity policies were addressed within the framework of current risks, global developments, and forward-looking trends. It was once again emphasized that cybersecurity constitutes an integral component of national security, and it was noted that increasing geopolitical tensions have rendered cyber threats more complex and multidimensional.

Key Agenda Items of the Meeting

The main issues highlighted during the meeting included: (i) prioritization of the protection of critical infrastructures, (ii) strengthening the security of digital systems, (iii) enhancing domestic and national technological capacity, and (iv) reinforcing the concepts of data sovereignty and digital sovereignty. In this context, it was clearly underlined that cybersecurity is not merely a technical matter, but also an economic and strategic issue.

Designation of Critical Infrastructure Sectors

Within the scope of the meeting, multiple sectors, including digital infrastructures, energy, finance, healthcare, transportation, and the defence industry were designated as “critical infrastructure.” This approach demonstrates that the sectoral scope of cybersecurity is construed broadly.

Institutional and Operational Approaches

During the meeting, the role of the Cybersecurity Presidency in establishing a proactive security architecture, safeguarding digital assets, and ensuring coordination at the national level was reaffirmed. Furthermore, enhancing inter-institutional coordination and improving preparedness and rapid response capabilities against cyber risks were identified as key operational priorities.

Assessments

The decisions taken at the meeting indicate that Türkiye is moving towards a more centralized, coordinated, and strategic model in the field of cybersecurity. In this regard, considering the broad scope of application of Cybersecurity Law No. 7545, it is assessed that these policies and priorities may affect not only public institutions but also private sector entities operating in critical infrastructure sectors, as well as all natural and legal persons active in cyberspace.

Moreover, the increasing emphasis on data sovereignty and domestic technologies suggests that compliance obligations may intensify, particularly for companies engaged in cross-border data transfers, cloud services, and digital platforms, both in Türkiye and at the international level.