A Draft Bill on Artificial Intelligence Systems has been submitted to the Turkish Grand National Assembly (“TGNA”)

The new draft bill submitted to the TGNA aims to clarify the legal framework for artificial intelligence applications and introduces new regulations addressing data security and violations of personal rights.

A definition of “Artificial Intelligence System” is being added

The concept of an artificial intelligence system, defined as “a software, model, algorithm, or set of programming that performs specific tasks without human intervention or with limited human intervention”, which will determine the scope of related obligations, is being incorporated into the legislation.

Access to Deepfake content will be blocked within six hours

It will become mandatory to remove and block access, within six hours, to deepfake content generated by artificial intelligence systems that violate personal rights or pose a threat to public security.

Content providers and system developers will be jointly liable of this obligation.

A tagging requirement is being introduced

Any visual, audio or textual deepfake content generated by artificial intelligence will be required to include the statement of “Generated by Artificial Intelligence.”

Failure to include this statement may lead to an administrative fine ranging from TL 500,000 to TL 5 million.

In cases of systematic violations, access will be blocked, and a criminal complaint may be filed with the prosecutor.

Principle of data security and a prohibition on discrimination with respect to personal data, are introduced

Under the new provision to be added to the Personal Data Protection Law, datasets used in artificial intelligence applications will be required to comply with the principles of anonymity, non-discrimination, and legitimacy.

The use of discriminatory data sets will be considered a violation of data security.

Emergency access blocking authority granted to the Information and Communication Technologies Authority (“ICTA”)

The ICTA is granted emergency intervention authority against artificial intelligence content that threatens public order or election security.

Those who act in violation of this provision may face an administrative fine up to TL 10 million.

Cybersecurity obligations are being expanded

Service providers of artificial intelligence systems will be required to:

• Ensure the transparency and audit of training datasets,
• Establish verification mechanisms to prevent the generation of false or manipulative information,
• Implement algorithmic controls to reduce the risk of hallucinations,
• Develop human-approved oversight mechanisms for high-risk applications, and
• Conduct regular cybersecurity vulnerability tests.

Failure to comply with these obligations may result in an administrative fine of up to TL 5 million or the suspension of operations.

Criminal liability is being expanded

Under a provision proposed to be added to the Turkish Criminal Code, a user who directs an artificial intelligence system to commit a crime is considered the “perpetrator”; if the design or training of the system makes such an act possible, the penalty to be imposed on the developer will be increased by half.