AI laws and regulation in Türkiye

Low.

There is currently no dedicated AI law in force in Türkiye.

Türkiye does not yet have a standalone, comprehensive AI statute. However, AI systems are regulated indirectly through existing legal frameworks, which apply depending on the nature of the activity, the sector involved, and the type of risk addressed.

• Law No. 6698 on the Protection of Personal Data: This law applies indirectly to AI systems only to the extent that they involve the processing of personal data. Where AI systems process personal data - such as through automated analysis, profiling, or decision-making – the law governs lawfulness, data security, and transparency obligations. AI systems that do not process personal data fall outside its scope.
• Law No. 5651 on the Regulation of Publications on the Internet: This law governs online content, content providers, hosting providers, and platform operators. While the law does not distinguish based on the method of content creation, AI-generated or AI-assisted content disseminated online falls within its scope as online content, particularly in relation to content removal, access blocking, and platform compliance obligations. In December 2025, a Draft Law proposing amendments to Law No. 5651 was submitted to Parliament, introducing a mandatory labelling requirement for AI-generated content and linking the dissemination of unlabelled AI-generated content to criminal liability under existing misinformation offences.
• Cybersecurity Law No. 32846: The Cybersecurity Law applies horizontally to all public and private entities operating in cyberspace and regulates the security of information systems and digital infrastructure. While the Law is not AI-specific, it is indirectly relevant to AI systems to the extent they operate on information systems, process data, or are deployed within critical infrastructure sectors, by imposing cybersecurity, incident reporting and compliance obligations based on the digital environment in which such systems function.
• Turkish Criminal Code and Cybercrime Legislation: General criminal law provisions apply to AI-related conduct where existing offences are triggered, including unauthorised access, data misuse, fraud, or the dissemination of misleading information. Liability is assessed under traditional criminal law concepts rather than AI-specific offences, subject to proposed amendments concerning AI-generated content.  In this context, the Draft Law submitted to Parliament in December 2025 proposes to link the dissemination of unlabelled AI-generated content to the offence of “Publicly Disseminating Misleading Information” under Article 217/A of the Turkish Criminal Code. The proposal does not introduce a standalone AI offence but extends the application of existing criminal provisions to AI-generated content, signalling an incremental move toward enforceable accountability for AI misuse in the information and media domain.
• Law No. 6502 on the Protection of Consumers: AI-based products and services offered to consumers would indirectly fall under general consumer protection rules, including product safety, misleading practices, and information obligations.
• Civil and Commercial Law Framework: Liability for damage caused by AI systems may be addressed through general principles of contract law, tort, and product liability under the Turkish Code of Obligations and commercial legislation.
• Sector-Specific Regulations: AI use in regulated sectors such as banking, finance, healthcare, and telecommunications would be subject to the applicable sectoral legislation and regulatory authority oversight, particularly where data security, systemic risk, or public interest concerns arise.

At the policy level, Türkiye has adopted a National Artificial Intelligence Strategy and action plans; however, these instruments constitute soft law, are non-binding in nature, and do not constitute enforceable AI legislation.

Responsibility for AI policy, oversight and enforcement is distributed across multiple public bodies; recent administrative reforms (March–December 2025) reallocated and concentrated many digital-policy and public-sector AI functions in new or re-configured bodies.

• Presidency - Cybersecurity Presidency / Public AI Directorate (Kamu Yapay Zeka Genel Müdürlüğü): Following the abolition of the Presidential Digital Transformation Office (March 2025), cybersecurity and certain digital-policy functions were concentrated in the Cybersecurity Presidency. In December 2025 a Public AI Directorate was established under this structure to coordinate AI across public institutions.
• Ministry of Industry and Technology - Directorate General of National Technology and Artificial Intelligence (Milli Teknoloji ve Yapay Zeka Genel Müdürlüğü): renamed / re-mandated on December 2025 to lead national AI policy implementation, infrastructure (data centres/cloud) and industrial technology measures.
• Sectoral regulators:  Information and Communication Technologies Authority (BTK),  Banking Regulation and Supervision Agency (BDDK), Ministry of Health,  Personal Data Protection Authority (KVKK) and similar authorities continue to exercise sectoral powers (data protection enforcement, financial supervision, health device regulation, platform obligations) over AI use cases within their remit.

• National Artificial Intelligence Strategy (2021–2025):
  Türkiye’s primary national policy document on AI, setting strategic objectives for economic development, human capital, data infrastructure, ethical principles and public-sector adoption. The Strategy is policy-oriented and does not create legally binding obligations.
• National Artificial Intelligence Action Plans (including the 2024–2025 Action Plan): Issued to implement the National AI Strategy, these action plans outline concrete policy measures, institutional responsibilities and timelines for AI-related initiatives in the public and private sectors. They serve an operational and coordinative function rather than a regulatory one.
• Personal Data Protection Authority (KVKK) – Bulletin No. 8: “Overview of Artificial Intelligence”: An official informational bulletin providing a high-level overview of AI technologies and associated personal data protection considerations from the Authority’s perspective. The bulletin is explanatory in nature and does not introduce new legal obligations.
• Personal Data Protection Authority (KVKK) – “Generative Artificial Intelligence and the Protection of Personal Data” Guideline: An official, non-binding guidance document addressing the interaction between generative AI systems and personal data protection law. The guidance explains how existing obligations under Law No. 6698 apply to generative AI use cases, offering interpretative and compliance-oriented direction without creating enforceable rules.

Türkiye’s National Artificial Intelligence Strategy (2021–2025) articulates ethical, human-centric and trustworthy AI values that are broadly consistent with internationally recognised AI principles. While the Strategy mentions international organisations, specific international AI standards or guidelines (such as the OECD AI Principles), and emphasises international cooperation, it does not formally adopt specific international AI frameworks.

Türkiye has actively engages in various international and regional initiatives concerning AI. 

This includes:

• G20: Türkiye is an active participant in G20 meetings. In 2014, it assumed the G20 Presidency and hosted the Leaders' Summit. At the 2023 New Delhi Summit, Türkiye delivered speeches on topics including "Digital Government - Trustworthiness", "Online Information Integrity and Trust in the Digital Economy" and "Artificial Intelligence for Sustainable Development and Reducing Inequalities".
• Global Partnership on Artificial Intelligence (“GPAI”):
  Türkiye has been a member of the GPAI since November 22, 2022. GPAI is a multi-stakeholder initiative aimed at bridging the gap between theory and practice in the field of artificial intelligence by supporting the latest research and applications on AI-related priorities. Through its membership in GPAI, Türkiye contributes to international cooperation on the ethical and responsible development and use of artificial intelligence, adding value to global efforts. Additionally, Türkiye adopts trustworthy AI principles and shares multidisciplinary research in this field.
• Organisation for Economic Co-operation and Development (“OECD”):
  Türkiye is one of the 20 founding members of the OECD. The OECD’s core principles focus on assisting governments in ensuring prosperity through cooperation in areas such as economic growth, trade and investment, technology, innovation, entrepreneurship, and development. In this context, Türkiye adopts the OECD AI policy and collaborates with other members on the use of AI in healthcare, education, and research. As of March 28, 2023, the OECD has officially opened a centre in Türkiye.
• ISO/IEC JTC 1/SC 42 Committee: 
  Türkiye is a member of the joint technical committee of the International Organization for Standardization (“ISO”) and the International Electrotechnical Commission (“IEC”), known as the ISO/IEC JTC 1/SC 42 Committee. This committee is responsible for the international standardization of AI. It works on AI trustworthiness, use cases and applications, governance impacts of AI, AI system testing, and ethical and societal concerns related to AI.

The Draft AI Law, proposed in June 2024, is currently under commission review and has not yet been adopted.  The Draft AI Law is Türkiye's first AI regulation attempt. The purpose of the proposed Draft AI Law is to ensure the safe, ethical, and fair use of AI technologies with the aim of protecting personal data and privacy rights and establishing a regulatory framework for the development and use of AI systems. The legislation applies to providers, users, importers, suppliers, and distributors of AI systems, as well as individuals affected by these systems. Risk assessments must be conducted during the development and use of AI systems, and special measures must be taken for high-risk systems. High-risk AI systems must be registered with the relevant regulatory authorities and will be subject to conformity assessments.

For context, under Turkish law, the legislative process consists of three main stages. First, a proposed law is introduced to the Turkish Grand National Assembly as a bill or proposal. It then undergoes a detailed review by the relevant commissions, during which experts and stakeholders may be consulted. Finally, the bill is debated and, if approved, adopted by the General Assembly.

However, the legislative process for the Draft AI Law has been progressing slowly, primarily because the political party that introduced the Draft AI Law holds a limited number of seats in parliament. This has prolonged the review period, and there is a possibility that the Draft AI Law may not pass in its current form.

The Draft AI Law’s alignment with the EU AI Act in terms of common principles such as safety, transparency, fairness, accountability and privacy, suggests that it may be supplemented by secondary regulations and harmonized with the EU AI Act’s provisions, if adopted by the General Assembly.

• CMS Artificial Intelligence Law-Now New Turkish AI Law on the horizon
• CMS Cybersecurity Law- Now Türkiye adopts first Cybersecurity Law
• National Artificial Intelligence Strategy 2021–2025 National  Artificial Intelligence Strategy 2021-2025
• National Artificial Intelligence 2024–2025 Action Plan UlusalYapayZekaStratejisi2024-2025EylemPlani.pdf
• Ministry of Industry and Technology - Directorate General of National Technology and Artificial Intelligence (Milli Teknoloji ve Yapay Zeka Genel Müdürlüğü) Millî Teknoloji ve Yapay Zekâ Genel Müdürlüğü | T.C. Sanayi ve Teknoloji Bakanlığı