Status regarding Budapest ConventionStatus : Party Declarations and reservations : Declarations and reservations regarding Articles 2, 7, 14/ 3 (b), 22,24/7 (a), 27/2 (c), 29/4th para., 35/1, 40 and 42. See legal profile
The Ministry of Transport and Infrastructure oversees cyber security activities at the strategic level with the National Cyber Security Board and USOM (Ulusal Siber Olaylara Müdahale Merkezi, the Turkish National CERT).
USOM monitors and provides warnings and announcements for cyber security incidents. It also establishes national and international coordination for the prevention of cyber-attacks against critical sectors. Sectoral CERTs are established and specialise in sectors recognised as critical infrastructure, namely transportation, energy, electronic communications, finance, water management, and critical governmental services.
National Cyber Security Strategy and Action Plan 2020-2023 covers public information systems, information systems belonging to critical infrastructures operated by the public and private sector, small and medium-sized industry, and all the components of cyber space at the national level, including all private and legal persons.
This Strategy identifies a total of eight strategic goals namely:
- Protection of Critical Infrastructures and Increasing Strength
- Improving National Capacity
- Organic Cyber Security Network
- Security of New Generation Technologies
- Combat Against Cyber Crimes
- Development and Promotion of Domestic and National Technologies
- Integration of Cyber Security to National Security
- Enhancing International Cooperation
The Government of Turkey has not yet adopted a cybercrime strategy.
On the basis of the 2011/2025 Decision of the Council of Ministers,the Department for Combating Informatics Crimes within the General Directorate of Security had been founded in order to assemble the dispersed structure of the departmental offices and units of the provincial organisation, prevent duplicate investments and to effectively fight cybercrime. The current name of the structure is the Department for Cybercrime (approved by the Ministry of Interior on 28 February 2013).
State of cybercrime legislation
Specific provisions related to cybercrime were included in the Turkish Penal Code No. 5237, Criminal Procedure Code No. 5271, Law No. 6706 regarding International Legal Cooperation in Criminal Matters and Law No. 5651 on Regulating Broadcasting in the Internet and Fighting Against Crimes Committed through Internet Broadcasting .
This legislation includes substantive offences, procedural rules and also rules on international cooperation.
The Turkish Penal Code includes the following crimes:
Article 243 - Illegal Access to a Computer Network System
Article 244 - Preventing the Functioning of a System and Deletion, Alteration or Corrupting of Data
Article 245 - Misuse of Bank or Credit cards
Article 245/A - Prohibited devices and programs
Article 246 - Implementation of Security Measures on Legal Entities
Article 103 - Child sexual abuse
Article 226 – Obscenity
Article 228 - Arranging a place or facility for gambling
Article 204 - Counterfeiting official documents
Article 207- Counterfeiting private documents
Article 158/1-f - Computer and communications fraud
Article 142/2.e - Larceny committed by use of data processing systems
Article 245/3 - Counterfeiting
The Law no. 5846 on Intellectual and Artistic Works provides:
Article 71 – (Amended: 23/1/2008-5728/Article 138) - Infringement of Moral, Economic or Related Rights
No preservation powers are provided in the national legislation. However, Article 5 (3) of the Law no. 5651 on regulating broadcasting in the internet and fighting against crimes committed through internet broadcasting requires hosting provider to retain traffic information concerning services it provides for the period specified in the regulation which cannot be less than one year and not more than two years. Article 6 (1) (b requires access provider to retain all traffic data about the services that it provides for the period specified in the regulation which cannot be less than six months and more than two years and to maintain accuracy, integrity and confidentiality of such data
Criminal Procedure Code no. 5271 provides for:
Article 134 - Search and seizure of computer data
Article 135 - Interception of communications
Article 140 - Surveillance with technical means.
The Constitution guarantees a series of fundamental rights and freedoms, among which:
Article 20 - Privacy of private life
Article 21 - Inviolability of the domicile
Article 22 – Freedom and privacy of communication
Article 26 - Freedom of expression
Article 13 of the Constitution provides that fundamental rights and freedoms may be restricted only by law and in conformity with the reasons mentioned in the relevant articles of the Constitution without infringing upon their essence. At the same time, restrictions shall not be contrary to the letter and spirit of the Constitution and the requirements of the democratic order of the society and the secular republic and the principle of proportionality.
Following the principle of protection of fundamental rights and freedoms the criminal legislation provides for safeguards and conditions for application of procedural measures during criminal proceedings. For example, for interception of communications and covert surveillance judicial authorisation is required.
Related laws and regulations
Besides an extensive legal framework on technical aspects, there are important acts on this field respecting:
In the Chief Public Prosecutor Office, especially in cities with large population, there is a specialised cybercrime bureau of investigation with specialised prosecutors.
There is no such structure for the courts yet.
The National Cybercrime Department of the Turkish National Police (TNP) investigates cybercrime offences and/or provides forensic expertise in supporting other agencies in the Police and Prosecution in matters where technology is a significant factor to a crime or related evidence.
The telecom companies’ activities are subject to the regulation of Information and Communication Technologies Authority (BTK).
There is also a Personal Data Protection Board (KVKK).
Competent authorities and channels
Ministry of Justice, Directorate General of Foreign Relations and European Union Affairs is the designated central authority for mutual legal assistance in criminal matters.
The legal competence to commence and direct criminal investigations belongs to the Prosecution Service, with the technical support from the police. It is also the competence of the Prosecution Service to send and to receive international cooperation requests.
In compliance with Article 35 of the Budapest Convention, a 24/7 point of contact was established, since 2011, and it is based in the National Cybercrime Department (TNP). The same structure is used for the G8 network purposes and also for the INTERPOL Network.
The National Cybercrime Department has specific competence in undertaking urgent measures related to expedited preservation of traffic data. It could conduct urgent searches and seizure of data on the basis of a judicial authorisation under Article 134 of Code No. 5271 on “search of computers, computer programs and transcripts, copying and provisional seizure. Besides, local police forces play a significant role in combating cybercrime. They carry out operations and investigate cybercrime at the local level.”
Practical guides, templates and best practices
The Criminal General Assembly of the Court of Cassation dated 21.06.2011 and 2010 / 5-187-2011/131 numbered resolution: "The records obtained by the attendant in the same environment with the defendants on the grounds that they wanted to bribe him, it is not appropriate to accept it against the law because it is assessed within the scope of Article 135 of Law No. 5271 and it is carried out without a decision of judge.”
The 23rd Criminal Chamber of the Court of Cassation dated 5.11.2015 and 2015/12208 - 2015/6214 numbered resolution: “According to Article 135 of the Law No. 5271 because the crime of abuse of trust which attributed to other defendant who are determined to communicate with the defendant is not from the catalog crimes listed in Article 135.It will be prohibited according to Article 206 of the CMK there is no material evidence that the defendants committed a crime and that the HTS records could not be sufficient evidence of the conviction.”
These profiles do not necessarily reflect official positions of the States covered or of the Council of Europe.
Are you aware of the latest legislative or policy developments on cybercrime and electronic evidence?
Share this information with us helping to keep this platform up to date.
- Cybercrime website
- Template: Mutual Legal Assistance Request for subscriber information (Art. 31 Budapest Convention). English and bilingual versions available.
- Template: Data Preservation Request (Articles 29 and 30 Budapest Convention). English and bilingual versions available.