According to Decision No. 2018/DK-YED/27, the emergency call (eCall) in vehicles, along with servers that provide the communication system allowing for value-added services, are to be located in Türkiye, and personal data in such systems cannot be transferred abroad without explicit consent. To achieve this, it is mandatory for the SIM cards, electronic SIMs (eSIMs) or modules having SIM card properties to be procured from operators licensed to provide mobile electronic communication in Türkiye or to be programmable to allow them to be controlled by such operators.
With Decision No. 2019/DK-TED/053, the localization requirements are no longer limited to eCall services only, encompassing all eSIM applications. Moreover, all infrastructure, system and storage units, including equipment and software related to the eSIM platform in GSMA standards, shall be established in Türkiye by a licensed local operator (or by a third party to be appointed by such local operators, but liability remaining with the local operator). The decision also states that all data should be kept within Turkish borders. Moreover, where the devices manufactured to be used in Türkiye or imported to the country have remotely programmable SIM (eUICC, eSIM/embedded SIM etc.) technologies, their relevant modules are expected to be programmable only by local mobile operators and only local mobile operator profiles may be installed.

Banking Law No. 5411 (only available in Turkish) foresees specific rules for cross-border transfers of customer data. Conditions regarding the cross-border transfer of customer data set forth under the Banking Law should take precedence over conditions set forth under the Data Protection Law. The Banking Law stipulates that even if the explicit consent of the customer is obtained pursuant to the Data Protection Law for cross-border transfers or transfers of customer data to third parties located in Türkiye, the customer data should not be shared with and transferred to third parties located in Türkiye or outside Türkiye without the customers' instructions or requests (Art. 73).
Furthermore, under the Banking Law, the Banking Regulation and Supervision Authority is authorised to prohibit the sharing or transfer of customer data or bank secrets with third parties located outside Türkiye, as well as to make decisions regarding keeping information systems used by banks and their backups locally due to evaluations regarding economic security.

In July 2020, the Law on Regulating Broadcasting in the Internet and Fighting against Crimes Committed through Internet Broadcasting was amended. The amendments define the term "social network provider", oblige them to appoint a local representative, set out procedures for content removal, request reports every six months, and require user data to be stored within Türkiye.
In September 2020, the Information and Communication Technologies Authority (ICTA) published a secondary regulation called "Social Network Provider Procedures and Principles", which clarifies the amendments applicable to social network providers. The amendments entered into force in October 2020.
Under the law, domestic or foreign social network providers that have more than one million daily accesses to their services from Türkiye are obligated to store user data within the country (supplementary Art. 4). ICTA's secondary regulation (Art. 12) indicates that social network providers must prioritize storing users' basic information and the information required by ICTA within Türkiye, and the measures must be reported every six months.

Art. 23 of Law No. 6493 requires that "the system operator, payment institution and electronic money institution shall be required to keep all the documents and records related to the matters within the scope of this Law for at least ten years within the country, in a secure and accessible manner". As a result, the information systems have to be located in the country. The article also specifies that "the information systems and their substitutes, which are used by system operator to carry out its activities shall also be kept within the country".

Art. 5.2 of the Regulation on the Processing of Personal Data and the Protection of Confidentiality in the Electronic Communications Sector prohibits the cross-border transfer of traffic and location data due to national security reasons. Traffic data is defined in Art. 4 as any data processed for communication or invoicing in an electronic communication network, for example, the parties in phone calls or the duration of the call, and location data is the specific data that determines the geographical location of the device belonging to the public electronic communication service user and processed in/through the electronic communication network.

In July 2020, the Law on Regulating Broadcasting in the Internet and Fighting against Crimes Committed through Internet Broadcasting was amended. The amendments define the term "social network provider", oblige them to appoint a local representative, set out procedures for content removal, request reports every six months, and require user data to be stored within Türkiye.
In September 2020, the Information and Communication Technologies Authority (ICTA) published a secondary regulation called "Social Network Provider Procedures and Principles", which clarifies the amendments applicable to social network providers. The amendments entered into force in October 2020.
Under the law, domestic or foreign social network providers that have more than one million daily accesses to their services from Türkiye are obligated to store user data within the country (supplementary Art. 4). ICTA's secondary regulation (Art. 12) indicates that social network providers must prioritize storing users' basic information and the information required by ICTA within Türkiye, and the measures must be reported every six months.

According to Decision No. 2018/DK-YED/27, the emergency call (eCall) in vehicles, along with servers that provide the communication system allowing for value-added services, are to be located in Türkiye, and personal data in such systems cannot be transferred abroad without explicit consent. To achieve this, it is mandatory for the SIM cards, electronic SIMs (eSIMs) or modules having SIM card properties to be procured from operators licensed to provide mobile electronic communication in Türkiye or to be programmable to allow them to be controlled by such operators.
With Decision No. 2019/DK-TED/053, the localization requirements are no longer limited to eCall services only, encompassing all eSIM applications. Moreover, all infrastructure, system and storage units, including equipment and software related to the eSIM platform in GSMA standards, shall be established in Türkiye by a licensed local operator (or by a third party to be appointed by such local operators, but liability remaining with the local operator). The decision also states that all data should be kept within Turkish borders. Moreover, where the devices manufactured to be used in Türkiye or imported to the country have remotely programmable SIM (eUICC, eSIM/embedded SIM etc.) technologies, their relevant modules are expected to be programmable only by local mobile operators and only local mobile operator profiles may be installed.

According to Electronic Communication Law No. 5809, the executive authority for the supervision and administration of services in the telecommunications sector in Türkiye is the Information and Communication Technologies Authority. It is reported that the Information and Communication Technologies Authority is independent from the government in the decision-making process.

Türkiye does not mandate functional separation for operators with significant market power (SMP) in the telecom market. However, accounting separation is required. SMP operators having accounting separation obligations in relevant markets prepare accounting separation reports annually.

Türkiye has only partially appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

According to Electronic Communication Law No. 5809, the executive authority for the supervision and administration of services in the telecommunications sector in Türkiye is the Information and Communication Technologies Authority. It is reported that the Information and Communication Technologies Authority is independent from the government in the decision-making process.

Türkiye has only partially appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.

Art. 23 of Law No. 6493 requires that "the system operator, payment institution and electronic money institution shall be required to keep all the documents and records related to the matters within the scope of this Law for at least ten years within the country, in a secure and accessible manner". As a result, the information systems have to be located in the country. The article also specifies that "the information systems and their substitutes, which are used by system operator to carry out its activities shall also be kept within the country".

It is reported that passive infrastructure sharing in Türkiye to deliver telecom services to end users is mandated, and it is practiced in the mobile sector and in the fixed sector based on commercial agreements.

Turk Telecom (the incumbent) was privatized in 2005. However, at the moment, 25% of the share of the Turk Telecom belongs to Republic of Türkiye Ministry of Treasury and Finance, and 5% belongs to Türkiye Wealth Fund, which is a sovereign wealth fund owned by the Government of Türkiye. It is reported that Turk Telecom has de facto monopoly over network access services that are essential for service providers in different segments of the market.