The Cybersecurity Council (“Council”), at its meeting held on 5 May 2026, evaluated current risks related to cybersecurity, international developments, and future trends.
Enhancing cyber resilience and strengthening deterrence capacity were identified among the primary objectives.
In this context, the Council designated critical infrastructure sectors in line with the Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union (“NIS2”).
Although it does not include a classification as detailed as the NIS2, the scope has been expanded compared to previous regulations; the number of sectors considered as critical infrastructure has been increased to 15, and these sectors have been made subject to certain obligations.
The designated critical infrastructure sectors are as follows:
- Digital Infrastructures,
- Digital Services,
- Electronic Communications,
- Energy,
- Finance,
- Food and Agriculture,
- Manufacturing Industry,
- Public Services,
- Media and Crisis Communication,
- Postal and Cargo,
- Healthcare,
- Defence Industry,
- Water Management,
- Transportation,
- Space.
Within the scope of the Council’s statements, cybersecurity governance has gained importance.
