&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">The Presidency of the Republic of Türkiye Digital Transformation Office announced on 4 January 2023 that the Information and Communication Security Compliance and Audit Monitoring System (&lt;/span>&lt;strong>BIGDES&lt;/strong>&lt;span style="font-size: 14px;">) was commissioned.&lt;/span>&lt;/span>&lt;/p>&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">With the implementation of BIGDES, it is aimed to oversee the activities for the Information and Communication Security Guide (&lt;/span>&lt;strong>Guide&lt;/strong>&lt;span style="font-size: 14px;">) compliance process and compliance audit, and the establishment and operation of the Information
Security Management System.&lt;/span>&lt;/span>&lt;/p>&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">In order to ensure the security of the guide’s critical information/data; it determines minimum security measures in terms
of elimination or reduction of security risks, particularly confidentiality, integrity or accessibility of critical information. In
this context, with the implementation of BIGDES, compliance and audit processes with the Guide shall be carried out
through a single system.&lt;/span>&lt;/span>&lt;/p>&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">Institutions and organizations within the scope of the Guide are as follows:&lt;/span>&lt;/span>&lt;/p>&lt;ul style="list-style-type: square;">&lt;li style="margin-left: 20px;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">Institutions and organizations within the state organization,&lt;/span>&lt;/span>&lt;/li>&lt;li style="margin-left: 20px;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">Those who have IT units from enterprises providing critical infrastructure services&lt;/span>&lt;/span>&lt;/li>&lt;li style="margin-left: 20px;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">It covers those who receive data processing services from third parties with contracts.&lt;/span>&lt;/span>&lt;/li>&lt;/ul>&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">In this context, sectors providing critical infrastructure services are included in the “2020-2023 National Cyber Security
Strategy and Action Plan”; electronic communications, energy, water management, critical public services, transportation, banking and finance sectors.&lt;/span>&lt;/p>&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">Institutions and organizations within the scope of the Guide are required to complete until 31 March 2023; then the results need to be uploaded to BIGDES. Authorities determined by institutions and organizations will be able to access
the system with e-Government Gateway authentication.&lt;/span>&lt;/p>&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">You can find the announcement regarding the activation of BIGDES &lt;/span>&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;a href="https://cbddo.gov.tr/duyurular/6578/bilgi-ve-iletisim-guvenligi-uyum-ve-denetim-izleme-sistemi-bigdes-devreye-alindi" target="_blank" rel="nofollow" style="color: rgb(3, 102, 132);">here&lt;/a>&lt;/span>&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;"> (&lt;/span>&lt;em>Only available in Turkish&lt;/em>&lt;span style="font-size: 14px;">).&lt;/span>&lt;/span>&lt;/p>&lt;hr>&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;strong style="box-sizing: border-box; font-weight: bolder; font-size: 14px;">The Turkish version of this article is available on&lt;/strong>&lt;span style="box-sizing: border-box; font-size: 14px;">&nbsp;&lt;/span>&lt;span style="box-sizing: border-box; font-size: 14px;">&lt;a href="https://turkishlawblog.com/insights/detail/dijital-donusum-ofisi-bigdesin-devreye-alindigi-duyurdu" target="_blank" style="box-sizing: border-box; text-decoration: none; background: transparent; color: rgb(3, 102, 132);">Dijital Dönüşüm Ofisi BİGDES’in Devreye Alındığı Duyurdu&lt;/a>&lt;/span>&lt;/span>&lt;/span>&lt;/p>&lt;hr>&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;strong>Tagged with&lt;/strong>: &lt;a href="https://turkishlawblog.com/contributors/detail/gokce" target="_blank" style="color: rgb(1, 101, 131);">Gökçe&lt;/a>, &lt;a href="https://turkishlawblog.com/writer/detail/yagmur-yollu" target="_blank" style="color: rgb(1, 101, 131);">Yağmur Yollu&lt;/a>, &lt;a href="https://turkishlawblog.com/writer/detail/gorkem-gokce" target="_blank" style="color: rgb(1, 101, 131);">Görkem Gökçe&lt;/a>,&nbsp;&lt;/span>&lt;a href="https://turkishlawblog.com/insights/category/technology-telecoms" target="_blank" style="color: rgb(1, 101, 131); font-family: Arial, Helvetica, sans-serif; font-size: 14px;">Technology &amp; Telecoms&lt;/a>&lt;br>&lt;/p>

The Presidency of the Republic of Türkiye Digital Transformation Office announced on 4 January 2023 that the Information and Communication Security Compliance and Audit Monitoring System (BIGDES) was commissioned. With the implementation of BIGDES, it is aimed to oversee the activities for the Information and Communication Security Guide (Guide) compliance process and compliance audit, and the establishment and operation of the Information Security Management System.

Digital Transformation Office Announces the Commissioning of BIGDES

Görkem is a graduate of Uskudar
 American Academy and Istanbul University Law School. As a part of his graduate
 studies, he took commercial law courses at Harvard University, US. After
 working for a reputable Turkish law firm as an intern and Dentons as an
 associate respectively, in 2010, he decided to continue his career through his
 own practice and established Gokce Attorneys at Law which later became <a href="https://turkishlawblog.com/contributors/detail/gokce" target="_blank" style="color: rgb(3, 102, 132);">Gokce Attorney Partnership</a>. Görkem was involved in a variety of international mergers
 and acquisitions, joint venture, private equity, and venture capital and
 project finance transactions as well as privatizations in Turkey. He
 represented local and international clients before Turkish courts on various
 commercial disputes. He has key expertise in technology and internet-based
 businesses. He has also extensive experience in aviation law. Görkem advised
 various multi-national companies. Görkem is a member of the <a name="_Hlk121144153" style="">British – Turkish Lawyers Association </a>and acted as the
 Secretary to the Association between 2008 and 2009. He is also a member of <a name="_Hlk121144174" style="">International Technology Law Association</a>, acts as
 Turkey’s Local Representative. Görkem is the first Associate Member from Turkey
 admitted to the <a name="_Hlk121144198" style="">Esports Bar Association</a> and is the
 founding Chairman of <a name="_Hlk121144226" style="">Turkish Internet and Technology
 Law Association</a>. He is a Supervisory Board member at <a name="_Hlk121144251" style="">Endeavor
 Turkey</a>. He has been giving lectures on administrative law at the Training
 Center of the <a name="_Hlk121144272" style="">Istanbul Bar Association</a> since 2009.
 He is a regular speaker at Turkish law schools.

 

He has key expertise in technology and
 internet-based businesses, he also represents his clients on several complex
 and voluminous commercial disputes. He provides legal consultancy on
 compliance, intellectual property, internet, IT and technology sectors to
 several Turkish and foreign clients.

 

Görkem is the author of the first book
 on e-sports law in Turkey. Also, his book on space law, namely “Space Law:
 Yesterday, Today, Tomorrow” has recently been published within 2022. Practice Areas &amp; Work Department

Commercial, Corporate and M&amp;A

Fintech

Media &amp; Entertainment

Startup Law &amp; Entrepreneurship

Technology &amp; Telecoms

&nbsp; 

Languages

Turkish

English

&nbsp; 

Memberships

British
 – Turkish Lawyers Association

International
 Technology Law Association

E-Sports
 Bar Association

Turkish
 Internet and Technology Law Association

Endeavor
 Turkey

Istanbul
 Bar Association

European
 Criminal Bar Assocation

European
 Fraud and Compliance Lawyers

International
 Association of Entertainment Lawyers

Gökçe is an independent law firm with
 full-service capacity based in Istanbul. Gökçe offers a broad range of legal
 services with a pragmatic and business-minded approach to meet the needs of its
 diverse client base, ranging from the most reputable international banks to
 rapidly expanding international companies. Since its establishment in 2010,
 Gökçe has been experiencing constant progress. Established mostly with the aim
 to specialize in technology law, Gökçe has garnered a solid reputation for its
 expertise in technology and media. Moreover, Gökçe has become a go-to law firm
 for high-profile commercial disputes.Gökçe is the Turkish representative of
 Interlaw, a highly-ranked international law firm network.Gökçe is also a member of Lawyers
 Associated Worldwide, a global resource of locally respected law firms.As the last groundbreaking progress, the Gökçe team published the first E-Sports Law book in Turkey. Gökçe has bolstered its IP, media and
 entertainment practice in 2021.Main Areas of PracticeTechnology, Media, Communication &amp;
 PrivacyGökçe’s TMC &amp; Privacy team’s
 reputation is built on delivering commercial and practical legal advice to
 clients active in the digital sphere in various industries, ranging from
 multinational Global 2000 enterprises to venture capitals and start-ups. With a
 highly qualified team, Gökçe’s scope of services covers broad range of matters
 including matters of IT law, internet law, cybersecurity law,
 telecommunications law, intellectual property law, consumer law, e-commerce and
 data protection.Team members frequently provide mentoring to
 emerging growth companies at leading start-up incubators and accelerators
 including İTÜ Çekirdek and Endeavor Turkey. Clients such as Hilton, N11, Nimo.tv
 (HUYA), All Stars Music, Eternal Fire, Onedio, Inofab, Evreka, Figopara are all
 widely recognized game changers in their respective industries; and Gram Games
 (a Zynga company), Masomo, Miniclip, and Codeway Games, all prominent actors in
 the e-gaming industry.The TMC &amp; Privacy team is led by Turkish IT and
 Privacy Law “star” <a href="https://turkishlawblog.com/writer/detail/asst-prof-dr-mehmet-bedii-kaya" target="_blank" style="color: rgb(3, 102, 132);">Dr. Bedii Kaya</a>, along with his deep expertise in data
 analysis, data protection, cybersecurity, and internet law.&nbsp;In 2021, Gökçe strengthened its Media, Entertainment, and IP practice with representing and providing legal consultancy to its
 international and domestic clients for their IP-related projects including
 cross-border licensing, IP portfolio management, linear channels and VOD
 platforms, NFT projects, IP/IT related dispute resolutions, due diligence
 processes, merger &amp; acquisitions in media &amp; entertainment sectors, data
 protection requirements in Turkey, local compliances and so on.Corporate, M&amp;A &amp; Venture CapitalCorporate, M&amp;A and Venture Capital
 team focuses on large to middle-market cross-border and domestic corporate
 transactions in various industries. Gökçe advises on a range of corporate
 issues including mergers and acquisitions, joint ventures, venture capital
 transactions, corporate restructurings, spin-offs and corporate governance.
 Clients include Farasis Energy (Ganzhou), Figopara, Gedik Yatırım, hiVC,
 WorleyParsons, and Çelebi Holding. Team members are also highly adept in growth
 investment transactions and represent founder-led technology companies, from the early stage all the way up to growth phase and exit.Gökçe
 advised:<ul style="list-style-type: square;"><li style="margin-left: 20px; text-align: justify;">FIT Solutions (Foriba) founders on the sale of their shares to Sovos, a
 leading global tax compliance and regulatory reporting software company</li><li style="margin-left: 20px; text-align: justify;">Gram Games, a leading Turkish mobile game company on the acquisition by Zynga
 Inc</li><li style="margin-left: 20px; text-align: justify;">Four Mobile (Masomo) in the acquisition by Tencent owned mobile games
 developer Miniclip</li><li style="margin-left: 20px; text-align: justify;">Gameguru on the sale of one of its most downloaded hyper-casual games
 (namely, Slap Kings) to Lion Studios</li><li style="margin-left: 20px; text-align: justify;">HI Venture Capital a licensed venture capital investment company in its
 establishment</li><li style="margin-left: 20px; text-align: justify;">Various emerging growth companies on financings by private equity giants and
 growth/venture capital investors such as EBRD, IFC, Revo Capital, Endeavor, 500
 Startups and Growth Circuit</li><li style="margin-left: 20px; text-align: justify;">Evreka, an outstanding waste collection solutions SaaS company</li><li style="margin-left: 20px; text-align: justify;">Neo Auvra, a pioneering medical health company</li><li style="margin-left: 20px; text-align: justify;">Figopara, a major fintech company acting as intermediary for trade finance
 transactions</li><li style="margin-left: 20px; text-align: justify;">Inofab, an innovative medical device company</li><li style="margin-left: 20px; text-align: justify;">Onedio, a prominent Turkish online content provider</li></ul>Banking &amp; Finance &amp; Capital MarketsGökçe has extensive experience in
 banking &amp; finance and capital markets transactions, particularly in project
 financings.On
 the banking side, Gökçe provides international and local banks with legal
 advice on daily operational issues, multilateral and bilateral institutional
 support, equity fund investment and credit enhancement. On the finance side,
 Gökçe acts for both Turkish and foreign banks in a large spectrum of financing
 transactions, including domestic and cross-border transactions. On the capital
 markets side Gökçe’s practice covers the full range of transactions.Team
 members have represented İş Bankası, Vakıfbank, Ziraat Bankası, OdeaBank, TSKB,
 T-Bank, Fibabanka, Gedik Yatırım, Worldpay, CBH Compagnie Bancaire
 Helvétiqueand Nurol Holding on various project finance and financial
 restructuring transactions including energy sector, infrastructure, real estate
 project financing, acquisition financing and other types of asset financing.Dispute ResolutionGökçe has profound knowledge and
 experience in litigation, especially in commercial and IP-related disputes.
 Gökçe represented N11(Doğuş), NRC International, FIT Solutions, Celebi
 Aviation, BBraun, V-Count, Onedio, Trendbox, ASB Modern, and Seacor Holding on
 various commercial disputes.EmploymentGökçe’s employment team has extensive
 expertise in handling the full spectrum of employment and labour law issues. It
 advises numerous clients including Biopipe, Evreka, Gram Games (a Zynga
 company), Codeway Games, Alba Prestige, Alictus, and various company
 directors/managers on:<ul style="list-style-type: square;"><li style="margin-left: 20px; text-align: justify;">Employment Contracts</li><li style="margin-left: 20px; text-align: justify;">Termination of Employment</li><li style="margin-left: 20px; text-align: justify;">Employment Disputes</li><li style="margin-left: 20px; text-align: justify;">Settlement of Disputes</li><li style="margin-left: 20px; text-align: justify;">Social Security Disputes</li></ul>Debt Recovery &amp; Debt CollectionGökçe has a wide practice of debt
 collection activities including foreclosure proceedings, primarily conducted
 for high-volume commercial receivables of its clients. Gökçe represents Çelebi
 Aviation, Alpla, Seacor Holding, Geniks Kongre, Özak Global, B-Braun.Criminal LawGökçe’s criminal law team represents
 clients in complex criminal law matters in relation to commercial fraud, white
 collar, financial, cyber, reconstruction crimes, and data protection offenses.
 Gökçe’s criminal law clientele includes well-known individuals in Turkey.

Gökçe

Managing Partner

Yağmur obtained her law degree as a
high honor student and pursued her master’s degree (LL.M.) on commercial law
and information law in Istanbul University Law School. During her master's
degree, she completed her thesis on “Protection of Websites” – which is the
first academic study in Turkey that approaches the protection of websites in
the scope of intellectual property law.Yağmur’s main areas of expertise are
internet and technology law, electronic commerce law, data security law, and
media and entertainment law. She has advanced her academic and professional
career on information technology law and in the digital world.Yağmur is the senior associate of
<a href="https://turkishlawblog.com/contributors/detail/gokce" target="_blank" style="color: rgb(3, 102, 132);">Gökçe</a>’s TMC &amp; Privacy team. She is also one of the authors of the first book
on e-sports law in Turkey.During her career, Yağmur has
represented many technology-oriented national and multi-national companies and
taken part in projects on everyone’s radar. She has worked in joint projects
with several foreign law firms such as DLA Piper, K&amp;L Gates, Fieldfisher
LLP, Osborne Clarke, and Bristows and has been a team leader in international
data protection compliance projects.Since 2016 January, she has been
working as an associate of TMC &amp; Privacy team. Practice Areas &amp; Work Department

Fintech

Media
 &amp; Entertainment

Startup
 Law &amp; Entrepreneurship

Technology
 &amp; Telecoms

&nbsp; 

Languages

English
 

&nbsp; 

Memberships

Istanbul
 Bar Association

Senior Associate

&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">Elektronik imza (e-imza); başka bir elektronik veriye eklenen veya elektronik veriyle mantıksal bağlantısı olan, kimlik
doğrulaması için kullanılan elektronik veriyi ifade eder. Bu kapsamda e-imza; bir bilginin üçüncü tarafların erişimine kapalı bir ortamda, bütünlüğü bozulmadan ve tarafların kimliklerinin doğrulanması suretiyle iletildiğini gösteren harf, karakter veya sembollerden oluşan bir elektronik veri.&lt;/span>&lt;/p>&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">Günümüz teknolojisinde, dijital ortamlarda gerçekleştirilen işlemlerde kimlik doğrulama amacıyla kullanılan e-imza, dijital sözleşmeler başta olmak üzere pek çok online işlemde güvenliğin ve gizliliğin sağlanması açısından oldukça kritik.
DocuSign, Adobe Acrobat gibi pek çok uygulama e-imza desteğini uzun süredir sunuyor.&lt;/span>&lt;/p>&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">Konuya ilişkin yaşanan son gelişmeyse Google’dan geldi. Google, e-imza teknolojisini ürünlerine entegre etmeye başladı ve Google Workspace’teki e-imza özelliğinin açık beta sürümünü duyurdu. Google tarafından paylaşılan ekran görüntülerinde, Dokümanlar ve Drive kullanıcılarının alıcılardan imza veya paraf isteyebileceğini; imza tarihi bölümünün
otomatik olarak doldurulabileceğini gösteriyor. Aynı zamanda Google, talep edilen imzaların gelip gelmediğini kontrol
etme imkanını da sunuyor. &lt;/span>&lt;/p>&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">Google’ın Türkiye’de ve globalde e-imza mevzuatına nasıl uyum sağlayacağı ve bu yönde hangi adımları atacağı merakla beklenen konular arasında.&lt;/span>&lt;/p>&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">Google tarafından yapılan duyurunun tam metnine &lt;a href="https://workspaceupdates.googleblog.com/2023/08/esignature-google-docs-google-drive.html" target="_blank" rel="nofollow" style="color: rgb(3, 102, 132);">buradan&lt;/a> ulaşabilirsiniz (&lt;em>yalnızca İngilizcesi mevcuttur&lt;/em>).&lt;/span>&lt;/p>

Elektronik imza (e-imza); başka bir elektronik veriye eklenen veya elektronik veriyle mantıksal bağlantısı olan, kimlik doğrulaması için kullanılan elektronik veriyi ifade eder. Bu kapsamda e-imza; bir bilginin üçüncü tarafların erişimine kapalı bir ortamda, bütünlüğü bozulmadan ve tarafların kimliklerinin doğrulanması suretiyle iletildiğini gösteren harf, karakter veya sembollerden oluşan bir elektronik veri.

Google Drive ve Google Dökümanlar’da E-imza Dönemi

&lt;p style="text-align: justify; line-height: 2;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">İş Sağlığı ve Güvenliğine İlişkin İşyeri Tehlike Sınıfları Tebliğinde Değişiklik Yapılmasına Dair Tebliğ (&lt;strong>Değişiklik Tebliğ&lt;/strong>i) 11 Ağustos’ta Resmi Gazete’de yayımlandı. Değişiklik Tebliği ile ilgili düzenlemede yer alan İşyeri Tehlike Sınıfları
Listesi’nde güncelleme gerçekleştirildi.&lt;/span>&lt;/p>&lt;p style="text-align: justify; line-height: 2;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">Yapılan değişiklikler ile fenomenlerin ve vloggerların video içerik yapım ve yayın faaliyetleri “tehlikeli” sınıfına alındı.&lt;/span>&lt;/p>&lt;p style="text-align: justify; line-height: 2;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">Kamuoyuna yansıyan uzman görüşlerinde bu değişikliğin, video yapım ve yayın faaliyetleri gibi uzun süre ekran karşısında kalan kişilerin ergonomik hastalıklara ilişkin risk altında olması sebebiyle yapıldığı belirtiliyor.&lt;/span>&lt;/p>&lt;p style="text-align: justify; line-height: 2;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">Değişiklik Tebliği’nin tam metnine &lt;/span>&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;a href="https://www.resmigazete.gov.tr/eskiler/2023/08/20230811-3.htm" target="_blank" rel="nofollow" style="color: rgb(3, 102, 132);">buradan&lt;/a>&lt;/span>&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;"> ulaşabilirsiniz.&lt;/span>&lt;/p>

İş Sağlığı ve Güvenliğine İlişkin İşyeri Tehlike Sınıfları Tebliğinde Değişiklik Yapılmasına Dair Tebliğ (Değişiklik Tebliği) 11 Ağustos’ta Resmi Gazete’de yayımlandı. Değişiklik Tebliği ile ilgili düzenlemede yer alan İşyeri Tehlike Sınıfları Listesi’nde güncelleme gerçekleştirildi.

Fenomenlerin ve Vloggerların Faaliyetleri Tehlikeli Sınıfa Alındı

&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">Bilindiği üzere Türkiye Cumhuriyeti Merkez Bankası (&lt;/span>&lt;strong style="font-size: 14px;">TCMB&lt;/strong>&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">),
Ödeme ve Elektronik Para Kuruluşlarına Topluluk Bulutu Hizmeti Sunan Dış Hizmet
Sağlayıcılara İlişkin Rehber’in ilk sürümünü Temmuz 2022’de yayımlamıştı. Ardından,
24 Nisan 2023’te Rehber’de değişiklikler yapılmış (&lt;/span>&lt;strong style="font-size: 14px;">Rehber 1.1&lt;/strong>&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">), dış
hizmet sağlayıcılarda aranan uygunluk şartlarına ve gözetimlerine yönelik yeni
düzenlemeler getirilmişti. Rehber 1.1’deki değişikliklere ilişkin yazımıza &lt;/span>&lt;span style="font-size: 14px;">&lt;a href="https://turkishlawblog.com/insights/detail/topluluk-bulutu-hizmeti-sunan-hizmet-saglayicilara-iliskin-rehber-guncellendi" target="_blank" style="color: rgb(3, 102, 132);">buradan&lt;/a>&lt;/span>&lt;span style="font-size: 14px;"> ulaşabilirsiniz.&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/p>&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">Gelinen aşamada, TCMB tarafından Rehber 1.1 güncellendi ve
4 Eylül 2023 tarihinde yeni sürüm yayımlandı (&lt;/span>&lt;strong>Rehber 1.2&lt;/strong>&lt;span style="font-size: 14px;">). &lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/p>&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">Rehber 1.2 kapsamındaki değişiklikleri aşağıda sizler için
derledik:&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/p>&lt;ul style="list-style-type: square;">&lt;li style="margin-left: 20px; text-align: justify;">&lt;h2>&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;strong style="">Topluluk
bulutu hizmeti sunmak isteyen dış hizmet sağlayıcının istihdam etmesi gereken
yetkin personel sayısı artırıldı.&lt;/strong>&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/h2>&lt;/li>&lt;/ul>&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">Operasyon/izleme ekibi, altyapı ekibi ve bilgi güvenliği
ekiplerinde benzer alanlarda asgari 7 yıl tecrübe kriterini sağlayan istihdam
edilecek personel sayısı Rehber 1.1’de 1 kişiyken, Rehber 1.2’de 2 kişiye
çıkartıldı.&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/p>&lt;ul style="list-style-type: square;">&lt;li style="margin-left: 20px; text-align: justify;">&lt;h2>&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;strong style="">Kendisine ait veri merkezi
sahipliği bulunmayan dış hizmet sağlayıcılar için ek koşul getirildi.&lt;/strong>&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/h2>&lt;/li>&lt;/ul>&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">Topluluk bulutu hizmeti sunmak isteyen dış hizmet
sağlayıcının kendisine ait veri merkezi sahipliği yoksa, birincil ve ikincil
merkezlere yönelik Rehber 1.2’deki veri merkezi standartlarını taşıyan dış
hizmet sağlayıcılardan sadece donanım barındırma veya dedike donanım
hizmetlerini almalıdır.&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/p>&lt;ul style="list-style-type: square;">&lt;li style="margin-left: 20px; text-align: justify;">&lt;h2>&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;strong style="">İkincil
veri merkeziyle ilgili veri merkezi standartlarına ilişkin sertifika
şartlarında değişiklik yapıldı.&lt;/strong>&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/h2>&lt;/li>&lt;/ul>&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">Rehber 1.1’de dış hizmet sağlayıcının; ikincil merkeze ait
Kullanılabilirlik Sınıfı, Koruma Sınıfı ve Enerji Ayrıntı Seviyesi en az 3 olan
TSE TS EN 50600 veri merkezi operasyon belgesi yoksa, bu sertifikaları
karşılayacak gereksinimleri sağlamış olması gerekiyordu.&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/p>&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">Rehber 1.2 uyarınca dış hizmet sağlayıcının, ikincil
merkeze ait Kullanılabilirlik Sınıfı, Koruma Sınıfı ve Enerji Ayrıntı Seviyesi
en az 3 olan TSE TS EN 50600 veri merkezi operasyon belgesi yoksa Tier 3 veya
Tier 4 veri merkezi altyapı sertifikasının olması yeterli. Ancak her iki
sertifikanın da bulunmaması halinde, Kullanılabilirlik Sınıfı, Koruma Sınıfı ve
Enerji Ayrıntı Seviyesi en az 3 olan TSE TS EN 50600 veri merkezi operasyon
belgesinin alınması gerekiyor.&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/p>&lt;ul style="list-style-type: square;">&lt;li style="margin-left: 20px; text-align: justify;">&lt;h2>&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;strong style="">Topluluk bulutu hizmetine
ilişkin sertifikaların, Uluslararası Akreditasyon Forumu (IAF) üyesi bir
belgelendirme kuruluşundan alınma şartı, Türk Akreditasyon Kurumu (TÜRKAK)
tarafından akredite edilmiş belgelendirme kuruluşu olarak değiştirildi.&lt;/strong>&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/h2>&lt;/li>&lt;/ul>&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">Rehber 1.2 uyarınca aşağıdaki sertifikaların, TÜRKAK
tarafından akredite edilmiş belgelendirme kuruluşundan alınması gerekiyor:&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/p>&lt;ul style="list-style-type: square;">&lt;li style="margin-left: 40px; text-align: justify; line-height: 2;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">TS
ISO/IEC 27001 Bilgi Güvenliği Yönetim Sistemi sertifikası&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/li>&lt;li style="margin-left: 40px; text-align: justify; line-height: 2;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">TS
EN ISO 22301 İş Sürekliliği Yönetimi sertifikası&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/li>&lt;li style="margin-left: 40px; text-align: justify; line-height: 2;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">TS
ISO/IEC 20000-1 Bilgi Teknolojisi Hizmet Yönetim Sistemi sertifikası&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/li>&lt;li style="margin-left: 40px; text-align: justify; line-height: 2;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">TS
ISO/IEC 27017 Bulut Hizmetlerinde Bilgi Güvenliği Yönetim Sistemi sertifikası&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/li>&lt;li style="margin-left: 40px; text-align: justify; line-height: 2;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">TS
ISO/IEC 27701 Kişisel Verilerin Yönetim Sistemi sertifikası&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/li>&lt;li style="margin-left: 20px; text-align: justify;">&lt;h2>&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;strong style="">Uygunluk başvurusu sürecine
ilişkin iletişim kanalı oluşturuldu.&lt;/strong>&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/h2>&lt;/li>&lt;/ul>&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">Rehber 1.2’de, dış hizmet sağlayıcıların sürece ilişkin
bilgi almak istemeleri halinde&nbsp;&lt;/span>&lt;span style="color: rgb(3, 102, 132);">toplulukbulutuiletisim@tcmb.gov.tr&lt;/span>&lt;span style="font-size: 14px;">&nbsp;e-posta adresiyle
iletişime geçebilecekleri düzenlendi.&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/p>&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">Rehber 1.2’de “Rehberin Uygulanması” başlığı altında, birincil
merkez için Tier sertifikasının olması şartıyla dış hizmet sağlayıcılara
uygunluk verilebileceği ancak bu dış hizmet sağlayıcıların&nbsp;31 Aralık 2024
tarihine kadar&nbsp;Rehber 1.2’ye uyumlu hale gelmekle yükümlü oldukları ifade
ediliyor.&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/p>&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">Halihazırda, TCMB tarafından topluluk bulutu hizmeti
sunabilmesi için uygunluk verilen dış hizmet sağlayıcıların ve henüz
başvurusunu yapmamış firmaların 31 Aralık 2024 tarihine kadar Rehber 1.2’ye uyumlu
hale gelmesi gerekiyor.&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/p>&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">TCMB tarafından yayımlanan Rehber 1.2’nin tam metnine &lt;/span>&lt;span style="font-size: 14px;">&lt;a href="https://www.tcmb.gov.tr/wps/wcm/connect/18a7267a-8937-4f56-bfa7-7dbc0e09abb1/Topluluk+Bulutu+Uygunluk+Rehberi+4092023.pdf?MOD=AJPERES&amp;CACHEID=ROOTWORKSPACE-18a7267a-8937-4f56-bfa7-7dbc0e09abb1-oFwAQML" target="_blank" rel="nofollow" style="color: rgb(3, 102, 132);">buradan&lt;/a>&lt;/span>&lt;span style="font-size: 14px;"> ulaşabilirsiniz.&lt;/span>&lt;span style="font-size: 14px;">&nbsp;&nbsp;&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/p>

Bilindiği üzere Türkiye Cumhuriyeti Merkez Bankası (TCMB), Ödeme ve Elektronik Para Kuruluşlarına Topluluk Bulutu Hizmeti Sunan Dış Hizmet Sağlayıcılara İlişkin Rehber’in ilk sürümünü Temmuz 2022’de yayımlamıştı. Ardından, 24 Nisan 2023’te Rehber’de değişiklikler yapılmış (Rehber 1.1), dış hizmet sağlayıcılarda aranan uygunluk şartlarına ve gözetimlerine yönelik yeni düzenlemeler getirilmişti.

TCMB’den Güncelleme: Topluluk Bulutu Hizmeti Sunan Hizmet Sağlayıcılara İlişkin Rehber 1.2

&lt;p class="MsoNormal" style="margin: 0px 0px 11px; font-family: Calibri, sans-serif; text-align: justify; font-size: 15px;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">As known, the Central Bank of the Republic of Turkey (&lt;/span>&lt;strong style="font-size: 14px;">TCMB&lt;/strong>&lt;span style="font-size: 14px;">)
        published the first version of the Guidelines on External Service Providers Providing
        Community Cloud Services to Payment and Electronic Money Institutions in July
        2022. Following this, amendments were made to the Guidelines on 24 April 2023 (&lt;/span>&lt;strong style="font-size: 14px;">Guideline
            1.1&lt;/strong>&lt;span style="font-size: 14px;">) and changes were made to the eligibility requirements and oversight of
        external service providers.&lt;/span>&lt;/span>&lt;/p>&lt;p class="MsoNormal" style="margin: 0px 0px 11px; font-family: Calibri, sans-serif; text-align: justify; font-size: 15px;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">You can reach the article on the amendments to
        Guideline 1.1 &lt;/span>&lt;a href="https://turkishlawblog.com/insights/detail/guideline-for-service-providers-offering-community-cloud-services-is-updated" style="color: rgb(3, 102, 132); text-decoration: underline;" target="_blank" rel="nofollow">here&lt;/a>&lt;span style="font-size: 14px;">.&lt;/span>&lt;/span>&lt;/p>



&lt;p class="MsoNormal" style="margin: 0px 0px 11px; font-family: Calibri, sans-serif; text-align: justify; font-size: 15px;">&lt;span lang="TR" style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">As a recent development, TCMB updated Guideline 1.1 and
        published the new version on 4 September 2023 (&lt;strong>Guideline 1.2&lt;/strong>).&lt;/span>&lt;/p>



&lt;p class="MsoNormal" style="margin: 0px 0px 11px; font-family: Calibri, sans-serif; text-align: justify; font-size: 15px;">&lt;span lang="TR" style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">We compiled the changes within the scope of Guideline 1.2
        below:&lt;/span>&lt;/p>



&lt;ul style="list-style-type: square;">&lt;li style="margin-left: 20px; text-align: justify;">&lt;h2>&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;strong style="">The number of competent
            personnel required to be employed by an outsourced service provider wishing to
            offer community cloud services was increased.&lt;/strong>&lt;/span>&lt;/h2>&lt;/li>&lt;/ul>



&lt;p class="MsoNormal" style="margin: 0px 0px 11px -3px; font-family: Calibri, sans-serif; text-align: justify; font-size: 15px;">&lt;span lang="TR" style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">The number of personnel to be employed
        in the operation/monitoring team, infrastructure team and information security
        teams who have at least 7 years of experience in similar fields was increased
        from 1 person in Guideline 1.1 to 2 people in Guideline 1.2.&lt;/span>&lt;/p>



&lt;ul style="list-style-type: square;">&lt;li style="margin-left: 20px; text-align: justify;">&lt;h2>&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;strong style="">Additional
            requirement introduced for external service providers that do not have their
            own data center ownership.&lt;/strong>&lt;/span>&lt;/h2>&lt;/li>&lt;/ul>



&lt;p class="MsoNormal" style="margin: 0px 0px 11px -3px; font-family: Calibri, sans-serif; text-align: justify; font-size: 15px;">&lt;span lang="TR" style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">In case the external service provider
        that wants to offer community cloud service does not have its own data center
        ownership, it should only obtain hardware hosting or dedicated hardware
        services from external service providers that meet the data center standards in
        Guideline 1.2 for primary and secondary centers.&lt;/span>&lt;/p>



&lt;ul style="list-style-type: square;">&lt;li style="margin-left: 20px; text-align: justify;">&lt;h2>&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;strong style="">Amendments
            were made to the certification requirements for data center standards related
            to the secondary data center.&lt;/strong>&lt;/span>&lt;/h2>&lt;/li>&lt;/ul>



&lt;p class="MsoNormal" style="margin: 0px 0px 11px -3px; font-family: Calibri, sans-serif; text-align: justify; font-size: 15px;">&lt;span lang="TR" style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">In Guideline 1.1, if the outsourced
        service provider did not have a TSE TS EN 50600 data center operation
        certificate with an Availability Class, Protection Class and Energy Detail
        Level of at least 3 for the secondary center, it was required to have met the
        requirements to meet these certifications.&lt;/span>&lt;/p>

&lt;p class="MsoNormal" style="margin: 0px 0px 11px -3px; font-family: Calibri, sans-serif; text-align: justify; font-size: 15px;">&lt;span lang="TR" style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">As per Guideline 1.2, if the external
        service provider does not have a TSE TS EN 50600 data center operation
        certificate with an Availability Class, Protection Class and Energy Detail
        Level of at least 3 for the secondary center, it is sufficient to have a Tier 3
        or Tier 4 data center infrastructure certificate. However, in the absence of
        both certificates, a TSE TS EN 50600 data center operation certificate with an
        Availability Class, Protection Class and Energy Detail Level of at least 3 must
        be obtained.&lt;/span>&lt;/p>&lt;ul style="list-style-type: square;">&lt;li style="margin-left: 20px; text-align: justify;">&lt;h2>&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;strong style="">The requirement for community
            cloud service certificates to be obtained from a certification body that is a
            member of the International Accreditation Forum (IAF) was changed to a
            certification body accredited by the Turkish Accreditation Agency (TURKAK).&lt;/strong>&lt;/span>&lt;/h2>&lt;/li>&lt;/ul>









&lt;p class="MsoNormal" style="margin: 0px 0px 11px -3px; font-family: Calibri, sans-serif; text-align: justify; font-size: 15px;">&lt;span lang="TR" style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">According to Guideline 1.2, the
        following certificates must be obtained from a certification body accredited by
        TURKAK: &lt;/span>&lt;/p>



&lt;ul style="list-style-type: circle;">&lt;li style="margin-left: 40px; text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">TS
        ISO/IEC 27001 Information Security Management System certificate&lt;/span>&lt;/li>&lt;li style="margin-left: 40px; text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">TS
        EN ISO 22301 Business Continuity Management certificate&lt;/span>&lt;/li>&lt;li style="margin-left: 40px; text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">TS
        ISO/IEC 20000-1 Information Technology Service Management System certificate&lt;/span>&lt;/li>&lt;li style="margin-left: 40px; text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">TS
        ISO/IEC 27017 Information Security Management System for Cloud Services
        certificate&lt;/span>&lt;/li>&lt;li style="margin-left: 40px; text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">TS
        ISO/IEC 27701 Personal Data Management System certificate&lt;/span>&lt;/li>&lt;/ul>&lt;h2>&lt;ul style="list-style-type: square;">&lt;li style="margin-left: 20px; text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;strong style="">A communication channel for the
            eligibility application process was established.&lt;/strong>&lt;/span>&lt;/li>&lt;/ul>&lt;/h2>















&lt;p class="MsoNormal" style="margin-top: 0px; margin-right: 0px; margin-bottom: 11px; font-family: Calibri, sans-serif; text-align: justify; font-size: 15px;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">In Guideline 1.2, it is regulated that external service
        providers can contact &lt;/span>&lt;a href="mailto:toplulukbulutuiletisim@tcmb.gov.tr" style="color: rgb(3, 102, 132); text-decoration: underline;" target="_blank" rel="nofollow">toplulukbulutuiletisim@tcmb.gov.tr&lt;/a>&lt;span style="font-size: 14px;"> e-mail address in case they
        require information about the process.&lt;/span>&lt;/span>&lt;/p>



&lt;p class="MsoNormal" style="margin-top: 0px; margin-right: 0px; margin-bottom: 11px; font-family: Calibri, sans-serif; text-align: justify; font-size: 15px;">&lt;span lang="TR" style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">Under the heading "Implementation
        of the Guidelines" in Guideline 1.2, it is stated that external service
        providers may be granted eligibility provided that they have a Tier certificate
        for the primary center, but that these external service providers are obliged
        to comply with Guideline 1.2 until 31 December 2024.&lt;/span>&lt;/p>



&lt;p class="MsoNormal" style="margin: 0px 0px 11px -3px; font-family: Calibri, sans-serif; text-align: justify; font-size: 15px;">&lt;span lang="TR" style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">In addition, outsourced service
        providers that have already been granted eligibility by TCMB to offer community
        cloud services, as well as firms that have not yet applied, must comply with
        Guideline 1.2 until 31 December 2024.&lt;/span>&lt;/p>



&lt;p style="">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span lang="TR" style="font-size: 14px; line-height: 107%;">You can reach the full
    text of Guideline 1.2 published by the TCMB &lt;/span>&lt;span lang="TR" style="line-height: 107%; font-size: 15px;">&lt;a href="https://www.tcmb.gov.tr/wps/wcm/connect/18a7267a-8937-4f56-bfa7-7dbc0e09abb1/Topluluk+Bulutu+Uygunluk+Rehberi+4092023.pdf?MOD=AJPERES&amp;CACHEID=ROOTWORKSPACE-18a7267a-8937-4f56-bfa7-7dbc0e09abb1-oFwAQML" style="color: rgb(3, 102, 132); text-decoration: underline; font-size: 14px;" target="_blank" rel="nofollow">here&lt;/a>&lt;span style="font-size: 15px;">&nbsp;&lt;/span>&lt;/span>&lt;span lang="TR" style="font-size: 14px; line-height: 107%; color: black; background: white;">(&lt;em>only available in
            Turkish&lt;/em>)&lt;/span>&lt;/span>&lt;span lang="TR" style="line-height: 107%; font-family: Arial, Helvetica, sans-serif; font-size: 14px;">.&lt;/span>&lt;/p>

As known, the Central Bank of the Republic of Turkey (TCMB) published the first version of the Guidelines on External Service Providers Providing         Community Cloud Services to Payment and Electronic Money Institutions in July         2022. Following this, amendments were made to the Guidelines on 24 April 2023 (Guideline             1.1) and changes were made to the eligibility requirements and oversight of external service providers.

Update from the TCMB: Guidance 1.2 for Service Providers Offering Community Cloud Services 

&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">25 Ağustos’ta Bilgi Teknolojileri ve İletişim Kurulu’nun (&lt;/span>&lt;strong style="font-size: 14px;">BTK&lt;/strong>&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">)
“a.tr Yapısındaki Alan Adlarının Tahsisine İlişkin Usul ve Esaslar” ile “a.tr
Yapısındaki Alan Adlarının Ücretleri” hakkındaki kararı (&lt;/span>&lt;strong>Karar&lt;/strong>&lt;span style="font-size: 14px;">)
yayımlanmıştı. Kararın temel önemi, “a.tr” benzeri bir alan adı kullanılmak
istenirse buna artık BTK tarafından (belirli kriterlere göre) imkân tanınacak
olması.&lt;/span>&lt;/span>&lt;/span>&lt;/p>&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">Karar, “a.tr” yapısındaki alan adlarının tahsis işlemlerini
ve sürece ilişkin uygulanacak usul ve esasları düzenliyor.&lt;/span>&lt;/span>&lt;/span>&lt;/p>&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">Halihazırda “gov.tr, com.tr, org.tr” vb. yapıdaki alan
adlarının tahsisi gerçekleştirilebiliyordu. Bundan sonraki süreçte bu yapıdaki
alan adlarına ek olarak “&lt;/span>&lt;strong>a.tr&lt;/strong>&lt;span style="font-size: 14px;">” (örneğin google.tr) yapısındaki
alan adlarının da tahsisi gerçekleşebilecek.&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/p>&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">Bu kapsamda; Karar uyarınca, “a.tr” yapısındaki alan
adlarının tahsisine ilişkin önemli düzenlemeleri aşağıda özetledik.&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/p>&lt;ul style="list-style-type: square;">&lt;li style="margin-left: 20px; text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">Karar’la “.tr” uzantılı alan
adlarının tahsisinde &lt;/span>&lt;strong>önceliklendirme sırası&lt;/strong>&lt;span style="font-size: 14px;"> belirlendi. Önceliklendirme
esnasında üç farklı kategoride tahsis süreçleri yürütülecek. Bu kategoriler şu
şekilde:&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/li>&lt;/ul>&lt;p style="text-align: justify; margin-left: 40px;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;strong>1. Kategori:&lt;/strong>&lt;span style="font-size: 14px;"> İlk tahsis işlemlerinde
sırasıyla, kamu kurum ve kuruluşları ile sermayesinin yarısından fazlası kamuya
ait kuruluşların yürürlük tarihinde tahsisli olan alan adlarına öncelik
verilecek. BTK’nın internet sitesinde sürecin tamamlandığına ilişkin duyuru yapılmasının
ardından 2. kategori kapsamındaki tahsis&nbsp;işlemlerine&nbsp;geçiş yapılacak.&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/p>&lt;p style="text-align: justify; margin-left: 40px;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;strong>2. Kategori: &lt;/strong>&lt;span style="font-size: 14px;">“org.tr” uzantılı alan adlarına
sahip kamu kurumu niteliğinde olan meslek kuruluşlarına, kamuya yararlı
dernekler ve vakıflar ile işçi ve işveren meslek kuruluşlarına öncelik
verilecek. BTK’nın internet sitesinde sürecin tamamlandığına ilişkin duyuru yapılmasının
ardından 3. kategori kapsamındaki tahsis&nbsp;işlemlerine&nbsp;geçiş yapılacak.&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/p>&lt;p style="text-align: justify; margin-left: 40px;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;strong style="font-size: 14px;">3. Kategori:&lt;/strong>&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;"> Bu kategoride, uzantı bazlı alan
adı sahiplerine öncelik tanınıyor. &lt;/span>&lt;strong>“kep.tr”, “av.tr”, “dr.tr”, “com.tr”,
“org.tr”, “net.tr”, “gen.tr”, “web.tr”, “name.tr”, “info.tr”, “tv.tr”,
“bbs.tr”, “tel.tr”&lt;/strong>&lt;span style="font-size: 14px;"> uzantılı alan adlarına sahip olanlara öncelik verilecek.&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/p>&lt;ul style="list-style-type: square;">&lt;li style="margin-left: 20px; text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">Talep toplama süresi, BTK’nın
internet sitesinde uzantı bazlı alan adı sahipliği önceliği uygulanacağına
ilişkin duyurunun yapılmasından itibaren &lt;/span>&lt;strong style="">3 ay&lt;/strong>&lt;span style="font-size: 14px;"> olacak ve başvurular talep
toplama sürecinde yapılacak.&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/li>&lt;li style="margin-left: 20px; text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">
Yukarıdaki kategorilere ilişkin
tahsis süreçlerinin tamamlanmasından sonra, “a.tr” yapısındaki alan adları için
“ilk gelen ilk alır” kuralı uygulanacak.&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/li>&lt;/ul>&lt;p style="text-align: justify;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">&lt;span style="font-size: 14px;">“a.tr” yapısındaki alan adlarının tahsisine
ilişkin&nbsp; usul ve esaslar, 14.09.2023 tarihinden itibaren yürürlüğe
girdi. Yukarıda bahsettiğimiz
duyurular henüz yayımlanmamakla birlikte, BTK’nın
yakın zamanda konuya ilişkin bir duyuru veya açıklama yapması
bekleniyor. Zamanlamalar duyurularla belirlendiği için konuya ilişkin gelişmelerin
takip edilmesi kritik.&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/span>&lt;/p>

25 Ağustos’ta Bilgi Teknolojileri ve İletişim Kurulu’nun (BTK) “a.tr Yapısındaki Alan Adlarının Tahsisine İlişkin Usul ve Esaslar” ile “a.tr Yapısındaki Alan Adlarının Ücretleri” hakkındaki kararı (Karar) yayımlanmıştı. Kararın temel önemi, “a.tr” benzeri bir alan adı kullanılmak istenirse buna artık BTK tarafından (belirli kriterlere göre) imkân tanınacak olması.

.tr Yapısındaki Alan Adlarında Yeni Dönem

&lt;p class="MsoNormal" style="margin: 0px; font-family: Calibri, sans-serif; text-align: justify; font-size: 15px;">&lt;span lang="EN-US" style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">Turkish Information
        Technologies and Communication Authority (&lt;strong style="">ITCA&lt;/strong>) published a decision
        regarding the “Principles and Procedures for Allocation of Domain Names in the 'a.tr'
        Structure” and the “Fees for Domain Names in the 'a.tr' Structure.” (&lt;strong style="">Decision&lt;/strong>)
        on 25 August 2023. The key importance of Decision is that ITCA will now allow
        the allocation of domain names similar to “a.tr” under certain criteria.&lt;/span>&lt;/p>

&lt;p class="MsoNormal" style="margin: 0px; font-family: Calibri, sans-serif; text-align: justify; font-size: 15px;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&nbsp;&lt;br>&lt;/span>&lt;/p>

&lt;p class="MsoNormal" style="margin: 0px; font-family: Calibri, sans-serif; text-align: justify; font-size: 15px;">&lt;span lang="EN-US" style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">Decision
        regulates the allocation procedures for domain names in the “a.tr” structure
        and the rules and procedures that will apply to the process. &lt;/span>&lt;/p>

&lt;p class="MsoNormal" style="margin: 0px; font-family: Calibri, sans-serif; text-align: justify; font-size: 15px;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&nbsp;&lt;br>&lt;/span>&lt;/p>

&lt;p class="MsoNormal" style="margin: 0px; font-family: Calibri, sans-serif; text-align: justify; font-size: 15px;">&lt;span lang="EN-US" style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">Currently,
        domain names in structures like “gov.tr”, “com.tr”, “org.tr”, etc., can be
        allocated. In addition to domain names in this structure, domain names in the “a.tr”
        structure &lt;em>(e.g., google.tr)&lt;/em> will also be allocatable in the near future.&lt;/span>&lt;/p>

&lt;p class="MsoNormal" style="margin: 0px; font-family: Calibri, sans-serif; text-align: justify; font-size: 15px;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&nbsp;&lt;br>&lt;/span>&lt;/p>

&lt;p class="MsoNormal" style="margin: 0px; font-family: Calibri, sans-serif; text-align: justify; font-size: 15px;">&lt;span lang="EN-US" style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">We have
        summarized significant aspects related to the allocation of domain names in the
        “a.tr” structure according to Decision:&lt;/span>&lt;/p>&lt;p class="MsoNormal" style="margin: 0px; font-family: Calibri, sans-serif; text-align: justify; font-size: 15px;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;br>&lt;/span>&lt;/p>&lt;ul style="list-style-type: square;">&lt;li style="margin-left: 20px; text-align: justify; line-height: 2;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">The
        decision establishes a prioritization order for the allocation of domain names
        with the '.tr' extension. During prioritization, allocation processes will be conducted
        in three different categories as follows:&lt;/span>&lt;/li>&lt;/ul>







&lt;p class="MsoNormal" style="margin: 0px 0px 0px 60px; font-family: Calibri, sans-serif; text-align: justify; font-size: 15px; line-height: 1;">&lt;br>&lt;/p>&lt;p class="MsoNormal" style="margin: 0px 0px 0px 60px; font-family: Calibri, sans-serif; text-align: justify; font-size: 15px; line-height: 2;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;strong>1&lt;sup>st&lt;/sup>
            Category:&lt;/strong> In the initial allocation processes, domain names
        allocated to public institutions and organizations and entities whose capital
        is more than half publicly owned as of the effective date will be prioritized.
        After ITCA announces the completion of this process on its website, allocation
        processes for the second category will begin.&lt;/span>&lt;/p>



&lt;p class="MsoNormal" style="margin: 0px 0px 0px 60px; font-family: Calibri, sans-serif; text-align: justify; font-size: 15px; line-height: 2;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;strong>2&lt;sup>nd&lt;/sup>
            Category:&lt;/strong> Public-interest professional organizations with
        'org.tr' domain names, public benefit associations and foundations, and worker
        and employer professional organizations will be prioritized. After ITCA announces
        the completion of this process on its website, allocation processes for the
        third category will begin.&lt;/span>&lt;/p>



&lt;p class="MsoNormal" style="margin: 0px 0px 0px 60px; font-family: Calibri, sans-serif; text-align: justify; font-size: 15px; line-height: 2;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">&lt;strong>3&lt;sup>rd&lt;/sup>
            Category:&lt;/strong> In this category, priority will be given to domain
        name owners based on extensions. Those who own domain names with extensions
        such as &lt;strong>'kep.tr,' 'av.tr,' 'dr.tr,' 'com.tr,' 'org.tr,' 'net.tr,' 'gen.tr,'
            'web.tr,' 'name.tr,' 'info.tr,' 'tv.tr,' 'bbs.tr,'&lt;/strong> and &lt;strong>'tel.tr.'&lt;/strong>
        will be prioritized.&lt;/span>&lt;/p>&lt;p class="MsoNormal" style="margin: 0px 0px 0px 60px; font-family: Calibri, sans-serif; text-align: justify; font-size: 15px; line-height: 1;">&lt;br>&lt;/p>



&lt;ul style="list-style-type: square;">&lt;li style="margin-left: 20px; text-align: justify; line-height: 2;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">The
        application collection period will be &lt;strong>three months&lt;/strong> from the date of
        ITCA's announcement regarding the prioritization of domain name ownership based
        on extensions on its website, and applications will be submitted during this
        period.&lt;/span>&lt;/li>&lt;li style="margin-left: 20px; text-align: justify; line-height: 2;">&lt;span style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">After
        the completion of the allocation processes for the aforementioned categories,
        the “first-come, first-served” rule will apply to domain names in the 'a.tr'
        structure.&lt;/span>&lt;/li>&lt;/ul>







&lt;p style="text-align: justify;">&lt;span lang="EN-US" style="font-family: Arial, Helvetica, sans-serif; font-size: 14px;">The
    rules and procedures for the allocation of domain names in the 'a.tr' structure
    came into effect on 14 September 2023. Although the mentioned announcements
    have not yet been published, it is expected that ITCA will make a statement or
    announcement on the subject in the near future. It is important to monitor the developments
    since the timing is determined by said announcements.&lt;/span>&lt;/p>

Turkish Information         Technologies and Communication Authority (ITCA) published a decision         regarding the “Principles and Procedures for Allocation of Domain Names in the 'a.tr'         Structure” and the “Fees for Domain Names in the 'a.tr' Structure.” (Decision)         on 25 August 2023. The key importance of Decision is that ITCA will now allow         the allocation of domain names similar to “a.tr” under certain criteria.

Digital Transformation Office Announces the Commissioning of BIGDES

Popular Articles on Technology & Telecoms

Latest Insights from Gökçe

Digital Transformation Office Announces the Commissioning of BIGDES

Popular Articles on Technology & Telecoms

Latest Insights from Gökçe

Subscribe to our newsletter