Review of Turkey's Draft Artificial Intelligence Law

Introduction

On June 25, 2024, the Turkish Grand National Assembly (TBMM) introduced a draft law (“Draft Law” or “Draft”) regulating artificial intelligence (“AI”) technology. The Draft Law aims to ensure that AI technologies are used safely, ethically and equitably while safeguarding personal data and privacy rights. This legislative effort aligns with global concerns about the misuse of AI and sets a regulatory framework covering AI developers, distributors, users and importers in Turkey. However, a closer look shows that while the Draft has some strong points, there are also areas where it does not quite measure up to international best practices.

Purpose and Scope

The Draft Law’s primary objective is to create a regulatory environment for AI systems, ensuring they are developed and used responsibly. It targets stakeholders, including developers, users, importers and distributors, clarifying their rights and responsibilities. The Draft emphasizes principles such as security, transparency, fairness, accountability and privacy. These principles are vital for building public trust and increasing the acceptance of AI technologies.

Risk Assessment and Compliance Mechanisms

The Draft Law mandates a risk assessment process and introduces compliance mechanisms, especially for high-risk AI systems such as those used in healthcare, transportation, and law enforcement. It calls for AI systems to undergo registration and conformity assessments before and during use, ensuring their reliability and safety.

Penalties for Non-Compliance

The Draft Law outlines several penalties for non-compliance, targeting different types of violations to ensure that AI operators adhere to the regulations.

◼AI operators using banned AI applications that pose threats to public safety, privacy, or justice may face fines of up to TRY 35 million or 7% of their annual revenue.

◼AI operators who fail to comply with the law’s requirements—such as ensuring the safety, ethics and fairness of their AI systems—can be fined up to TRY 15 million or 3% of their annual revenue.

◼If AI operators supply false information during inspections or when submitting compliance documentation, they may be fined up to TRY 7.5 million or 1.5% of their annual revenue.

Comparison with Global Standards

While the Draft Law demonstrates a proactive approach, several elements highlight gaps and opportunities for improvement when compared to practices in the EU, the US, and other jurisdictions:

1. Lack of Specificity in High-Risk AI Classification

The Draft mentions "high-risk" AI systems but lacks clear criteria for this classification. This creates ambiguity for stakeholders, as it remains unclear which AI applications fall under this category and the specific compliance measures required for each.

In contrast, the EU AI Act provides an explicit categorization of high-risk AI, including systems used in critical infrastructure (e.g., energy, water), educational systems determining access or qualification (e.g., scoring exams), law enforcement, and biometric identification systems. The EU also provides a clear set of rules for each high-risk category, offering a structured approach that Turkey’s Draft could adopt to enhance clarity and predictability for businesses and developers.

2. Insufficient Provisions for AI Development and Innovation

The Draft Law focuses heavily on regulation and compliance but does not adequately address fostering innovation or providing incentives for AI research and development. In comparison, the US AI framework not only establishes guidelines for responsible AI but also includes measures that promote innovation, such as grants, tax benefits for AI research, and public-private partnerships designed to accelerate AI development. The US strategy shows a balanced approach where regulatory oversight coexists with incentives, fostering an ecosystem where AI can grow responsibly. For Turkey to become competitive on the global stage, integrating similar innovation-focused provisions could be essential.

3. Privacy and Data Protection Concerns

Although the Draft emphasizes personal data protection, it does not align fully with globally recognized standards such as the EU’s GDPR. For example, GDPR includes comprehensive rights for individuals against automated decision-making and profiling, ensuring transparency and control over personal data use. It mandates that individuals must be informed about automated decision processes that significantly affect them and allows them to challenge or request human intervention in such decisions.

Turkey’s draft could enhance its privacy protections by incorporating similar provisions, explicitly granting individuals the right to know when AI influences decisions about them and providing mechanisms for redress. This alignment would not only strengthen individual rights but also facilitate cross-border data flows and compliance for Turkish businesses operating in international markets.

4. Absence of an Independent Regulatory Authority

The Draft Law places oversight responsibilities with existing regulatory bodies, but it does not propose setting up an independent authority specifically for AI regulation. This could lead to challenges in maintaining the necessary expertise or impartiality, especially if AI oversight becomes just one of many duties for these agencies. In contrast, the UK’s approach proposes setting up an independent authority specifically tasked with regulating AI. This body would not only ensure compliance but also support ethical AI development and coordinate with international regulators. By creating a specialized entity, the UK aims to build public confidence, providing a clear and focused point of expertise. If Turkey were to follow a similar path, it could improve both the efficiency and credibility of its AI regulatory efforts.

5. Transparency and Accountability Mechanisms

Although the Draft Law highlights the importance of transparency, it does not lay out specific guidelines for how AI operators should document their decision-making processes or implement transparency in practice. This lack of detail may leave operators unsure about the extent of documentation or the type of information they need to disclose.

In contrast, the EU AI Act sets clear requirements for high-risk AI systems, mandating thorough records of development stages, risk assessments and post-deployment monitoring. Such measures allow authorities and stakeholders to track AI decision-making, ensuring accountability and effective oversight. By adopting similar standards, Turkey's draft could provide clearer expectations, detailing what information must be documented and how it should be made accessible to both regulators and the public.

Conclusion

The Draft Law highlights Turkey’s goal of aligning with international standards in AI regulation, but there’s a noticeable gap between intention and action. To truly compete on the global stage and crease an environment where AI can grow responsibly, Turkey needs to do more than just express alignment—it must actually adopt and implement the proven practices seen in jurisdictions like the EU, US, and UK.

These regions seem to have developed rules that clearly define what high-risk AI is, how to assess its risks and how to ensure stakeholders comply. They also manage to support AI development by offering benefits and incentives. If Turkey wants to stay competitive, the Draft could be adjusted to include clearer instructions, like how to identify high-risk AI systems, make processes more transparent and set up an independent body dedicated to overseeing these technologies. Adding in some encouragement for AI research and development would also help create a balanced system that supports growth while keeping things in check.

While the Draft is a good start, Turkey needs to take stronger, more concrete steps to actually meet global standards. Without making these changes, there is a risk that the law will just become another compliance burden instead of being something that supports AI development and keeps Turkey competitive internationally.