New Turkish AI Law on the horizon


On 24 June 2024, a long-awaited Draft Artificial Intelligence Law (Draft AI Law) was submitted to Türkiye’s Grand National Assembly.

The Draft AI Law reflects Türkiye’s objective of harmonising its regulations with international standards in the field of Artificial Intelligence (AI) as set down in Türkiye’s National Artificial Intelligence Strategy for the years 2021-2025, published by the Digital Transformation Office. (Türkiye closely monitors legal developments in a global scale, with particular attention to the EU, including initiatives like the EU AI Act, and frequently utilises these frameworks as models for its own national legislation).

Until a specific AI law is enacted, AI related legal issues could be resolved by reference to existing laws such as Personal Data Protection Law No. 6698, Labour Law No. 4857, Consumer Protection Law No. 6502, and the general principles of law. Indeed, following the issuance of Circular No. 2021/18 related to the National Artificial Intelligence Strategy published in the Official Gazette on 20 August 2021, the Personal Data Protection Board issued a guideline on data security in the field of AI. This guideline shares recommendations for protecting personal data within the context of the Personal Data Protection Law No. 6698. Accelerated developments and the widespread integration of artificial intelligence across various areas of life necessitates the formation of comprehensive legal frameworks to regulate the use of these technologies, leading to the drafting of Türkiye’s first AI legislation.

Purpose and scope of the Draft AI Law

The purpose of Türkiye’s Draft AI Law is to ensure the safe, ethical, and fair use of AI technologies with the aim of protecting personal data and privacy rights and establishing a regulatory framework for the development and use of AI systems. The legislation applies to providers, users, importers, suppliers, and distributors of AI systems, as well as individuals affected by these systems.

The following terms have been defined under the Draft AI Law:

  • Artificial Intelligence: Computer-based systems capable of performing human-like cognitive functions, such as learning, reasoning, problem-solving, perception, and language understanding.
  • Provider: Individuals or legal entities that develop, produce, and market AI systems.
  • Supplier/User: Individuals or legal entities that distribute AI systems for commercial purposes or use them in their operations.
  • Importer: Individuals or legal entities that import AI systems from abroad.
  • Distributor: Individuals or legal entities that market and sell AI systems.
  • AI Operators: Refers collectively to providers, suppliers, users, importers, and distributors.

Fundamental principles

The development, use, and distribution of AI systems must comply with the principles set out below:

  • Safety: AI systems must operate safely and not harm users.
  • Transparency: Clear and understandable information on how AI systems operate must be provided.
  • Fairness: AI systems must not discriminate and must make fair decisions.
  • Accountability: Parties responsible for the outcomes of AI system usage must be identified and held accountable.
  • Privacy: Necessary measures must be taken to protect personal data and ensure privacy.

Risk management and assessment

Risk assessments must be conducted during the development and use of AI systems, and special measures must be taken for high-risk systems. High-risk AI systems must be registered with the relevant regulatory authorities and subjected to conformity assessments. It is significant to note that the term “high-risk AI systems” has not yet been defined under the Draft AI Law. However, it is anticipated that the Draft AI Law will be further elaborated upon through secondary legislation once it comes into force and will likely be harmonized with the provisions of the EU AI Act.

Compliance and supervision

AI operators must comply with the provisions of the Draft AI Law and relevant regulations. Supervisory authorities are empowered to inspect AI systems for compliance with the Draft AI Law and identify violations.

Violations and penalties

AI operators who violate the provisions of the Draft AI Law may be subject to the following sanctions: 

  • A fine of TRY 35 million or a fine up to 7% of annual turnover in the event of prohibited AI applications.
  • A fine of TRY 15 million or a fine up to 3% of annual turnover in the event of breach of obligations.
  • A fine of TRY 7.5 million or a fine up to 1.5% of annual turnover in the event of providing false information.


This new Draft AI Law is a significant step towards international harmonisation by establishing a legal framework for AI and shares similar objectives with the EU AI Act. Both the Draft AI Law and the EU AI Act aim to ensure the safe, ethical, and fair use of AI technologies, protecting personal data and privacy, and setting a regulatory framework for AI systems. They share common principles such as safety, transparency, fairness, accountability, and privacy.

There are, however, some differences, such as in-scope definitions which could be further developed. For instance, certain essential concepts like “risk” and “reasonably foreseeable misuse” are not explicitly defined. Additionally, the Turkish law focuses on local AI operators (i.e. providers, distributors, users, importers) while the EU AI Act classifies AI systems by risk levels and mandates human oversight. The EU AI Act has a broader application, including a more detailed risk management framework.

In this context, we believe that the definitions provided in the Draft AI Law could benefit from more detail to reflect the current state of AI technologies, similar to the EU AI Act’s approach, which includes considerations for AI’s autonomy and unpredictability. The responsibilities and liabilities of the actors defined in the Draft AI Law would be also regulated separately in secondary legislation once the Draft AI Law enters into force.

For more information on the Draft AI Law and its impact on your company or business, contact your CMS client partner or CMS experts: [email protected], [email protected],  [email protected] and [email protected].