The wiki profiles provide an overview of a country's policy on cybercrime and electronic evidence. Every fiche includes a description of cybercrime policies/strategies, the state of cybercrime legislation, the channels of cooperation, international cooperation and case law.
For more information on a country's legislation, click on the legal profile in each country wiki.
These profiles do not necessarily reflect official positions of the country covered or of the Council of Europe. Please note that any editing is subject to the approval of the supervision team before publication to ensure a quality level of information.
To update/edit information on a country wiki please click on the flag and then edit.
- Cybercrime website
- Contact form
- Template: Mutual Legal Assistance Request for subscriber information (Art. 31 Budapest Convention). Available in Albanian, Bosnian,
Serbian and Turkish
- Template: Data Preservation Request (Articles 29 and 30 Budapest Convention). Available in Albanian, Bosnian,
Serbian and Turkish
Status regarding Budapest ConventionStatus : Party Signed : 10/11/2010 Ratified : 01/01/2015 Declarations and reservations : Declarations and reservations regarding Articles 2, 7, 14/ 3 (b), 22,24/7 (a), 27/2 (c), 29/4th para., 35/1, 40 and 42. See legal profile
The Ministry of Transport and Infrastructure oversees cyber security activities at the strategic level with the National Cyber Security Board and USOM (Ulusal Siber Olaylara Müdahale Merkezi, the Turkish National CERT).
USOM monitors and provides warnings and announcements for cyber security incidents. It also establishes national and international coordination for the prevention of cyber-attacks against critical sectors. Sectoral CERTs are established and specialise in sectors recognised as critical infrastructure, namely transportation, energy, electronic communications, finance, water management, and critical governmental services.
National Cyber Security Strategy and Action Plan 2016-2019 serves as a guideline for all governmental organisations, agencies, officials and legal entities. The Strategy and Action Plan emphasises that cyber security is an inseparable part of national security and call for all administrative and technical precautions to ensure the security of all national entities in cyberspace.
The Government of Turkey has not yet adopted a cybercrime strategy.
On the basis of the 2011/2025 Decision of the Council of Ministers,the Department for Combating Informatics Crimes within the General Directorate of Security had been founded in order to assemble the dispersed structure of the departmental offices and units of the provincial organisation, prevent duplicate investments and to effectively fight cybercrime. The current name of the structure is the Department for Cyber Crimes (approved by the Ministry of Interior on 28 February 2013).
State of cybercrime legislation
Specific provisions related to cybercrime were included in the Turkish Penal Code No. 5237, Criminal Procedure Code No. 5271, Law No. 6706 regarding International Legal Cooperation in Criminal Matters and Law No. 5651 on Regulating Broadcasting in the Internet and Fighting Against Crimes Committed through Internet Broadcasting .
This legislation includes substantive offences, procedural rules and also rules on international cooperation.
The Turkish Penal Code includes the following crimes:
Article 243 - Illegal Access to a Computer Network System
Article 244 - Preventing the Functioning of a System and Deletion, Alteration or Corrupting of Data
Article 245 - Misuse of Bank or Credit cards
Article 245/A - Prohibited devices and programs
Article 246 - Implementation of Security Measures on Legal Entities
Article 103 - Child sexual abuse
Article 226 – Obscenity
Article 228 - Arranging a place or facility for gambling
Article 204 - Counterfeiting official documents
Article 207- Counterfeiting private documents
Article 158/1-f - Computer and communications fraud
Article 142/2.e - Larceny committed by use of data processing systems
Article 245/3 - Counterfeiting
The Law no. 5846 on Intellectual and Artistic Works provides:
Article 71 – (Amended: 23/1/2008-5728/Article 138) - Infringement of Moral, Economic or Related Rights
No preservation powers are provided in the national legislation. However, Article 5 (2) of the Law no. 5651 on regulating broadcasting in the internet and fighting against crimes committed through internet broadcasting requires hosting provider to retain traffic information concerning services it provides for a period of at least one year and not more than two years, and ensure the accuracy, integrity and confidentiality of that information. Article 6 (1) (b requires access provider to retain all traffic data about the services that it provides for the period specified in the regulation which cannot be less than six months and more than two years and to maintain accuracy, integrity and confidentiality of such data
Article 6 of the Law no. 2559 on Police Duties and Powers provides that the police is authorised to access subscriber information of Internet users and make investigations in the cyberspace for identification purposes by a competent public prosecutor for cybercrime. Access providers, hosting providers and content providers shall reveal such data to the relevant law enforcement unit upon request.
Criminal Procedure Code no. 5271 provides for:
Article 134 - Search and seizure of computer data
Article 135 - Interception of communications
Article 140 - Surveillance with technical means.
The Constitution guarantees a series of fundamental rights and freedoms, among which:
Article 20 - Privacy of private life
Article 21 - Inviolability of the domicile
Article 22 – Freedom and privacy of communication
Article 26 - Freedom of expression
Article 13 of the Constitution provides that fundamental rights and freedoms may be restricted only by law and in conformity with the reasons mentioned in the relevant articles of the Constitution without infringing upon their essence. At the same time, restrictions shall not be contrary to the letter and spirit of the Constitution and the requirements of the democratic order of the society and the secular republic and the principle of proportionality.
Following the principle of protection of fundamental rights and freedoms the criminal legislation provides for safeguards and conditions for application of procedural measures during criminal proceedings. For example, for interception of communications and covert surveillance judicial authorisation is required
Related laws and regulations
Besides an extensive legal framework on technical aspects, there are important acts on this field respecting:
In the Chief Public Prosecutor Office, especially in cities with large population, there is a specialised cybercrime bureau of investigation with specialised prosecutors.
There is no such structure for the courts yet.
The National Cybercrime Department of the Turkish National Police (TNP) investigates cybercrime offences and/or provides forensic expertise in supporting other agencies in the Police and Prosecution in matters where technology is a significant factor to a crime or related evidence.
The telecom companies’ activities are subject to the regulation of Information and Communication Technologies Authority (BTK).
There is also a Personal Data Protection Board (KVKK).
Turkey ratified the European Convention on Mutual Assistance in Criminal Matters, its additional protocols and the European Convention on Extradition.
Turkey cooperates with other countries on the basis of the generic legal framework, the Law no. 6706 on International Legal Cooperation in Criminal Matters.
According to Article 5 of the Law no. 6706 while executing the request for judicial cooperation, the provisions of the Criminal Procedure Code dated 04/12/2004 and numbered 5271 shall be applied in the cases which are not provided for by this Law and the other Laws.
It includes preservation and expedited disclosure of every crime within international cooperation (Article 7), access to computer data within international cooperation (Article 7 and 8), comprising search, seizure and disclosure of data stored in the computer system located in Turkey, when the search and seizure would be admissible in a similar national case and interception of communications within international cooperation (sub para. (a) of the first paragraph for Article 8).
Article 8 allows foreign authorities, without prior request from the Turkish authorities, to access data stored in a computer system located in Turkey, where publicly available or access through a computer system located in its territory, the data stored in Turkey, through legal and voluntary consent of the person legally authorised to disclose them
Competent authorities and channels
Ministry of Justice, Directorate General of Foreign Relations and European Union Affairs is the designated central authority for mutual legal assistance in criminal matters.
The legal competence to commence and direct criminal investigations belongs to the Prosecution Service, with the technical support from the police. It is also the competence of the Prosecution Service to send and to receive international cooperation requests.
In compliance with Article 35 of the Budapest Convention, a 24/7 point of contact was established, since 2011, and it is based in the National Cybercrime Department (TNP). The same structure is used for the G8 network purposes and also for the INTERPOL Network.
The National Cybercrime Department has specific competence in undertaking urgent measures related to expedited preservation of traffic data. It could conduct urgent searches and seizure of data on the basis of a judicial authorisation under Article 134 of Code No. 5271 on “search of computers, computer programs and transcripts, copying and provisional seizure. Besides, local police forces play a significant role in combating cybercrime. They carry out operations and investigate cybercrime at the local level.”
The Criminal General Assembly of the Court of Cassation dated 21.06.2011 and 2010 / 5-187-2011/131 numbered resolution: "The records obtained by the attendant in the same environment with the defendants on the grounds that they wanted to bribe him, it is not appropriate to accept it against the law because it is assessed within the scope of Article 135 of Law No. 5271 and it is carried out without a decision of judge.”
The 23rd Criminal Chamber of the Court of Cassation dated 5.11.2015 and 2015/12208 - 2015/6214 numbered resolution: “According to Article 135 of the Law No. 5271 because the crime of abuse of trust which attributed to other defendant who are determined to communicate with the defendant is not from the catalog crimes listed in Article 135.It will be prohibited according to Article 206 of the CMK there is no material evidence that the defendants committed a crime and that the HTS records could not be sufficient evidence of the conviction.”
*This designation is without prejudice to positions on status, and is in line with UNSC 1244 and the ICJ Opinion on the Kosovo Declaration of Independence.