Draft Law on Measures Concerning AI-Generated Content

On 7 November 2025, a draft law amending the Turkish Penal Code and certain other laws (the “Draft Law”) was submitted to the Grand National Assembly of Türkiye. The Draft Law introduces regulations aimed at addressing the legal and security risks arising from the widespread use of artificial intelligence (“AI”) systems in content generation. The Draft Law, consisting of 11 articles, introduces amendments to various laws to create a coherent legal framework governing AI-based content generation, data use and content liability.

LAW NO 5651 ON INTERNET PUBLICATIONS

A Fundamental Definition Regarding AI Systems

The Draft Law introduces a definition of an artificial intelligence system into Law No 5651 on the Regulation of Publications on the Internet and Combating Crimes Committed Through Such Publications (the “Internet Law”). Accordingly;

Artificial intelligence system means any software, model, algorithm, or programming ensemble that, by processing data with no or limited human intervention, performs specific tasks and autonomously or semi-autonomously generates outputs, makes decisions, provides recommendations, or takes action through machine learning, deep learning, artificial neural networks, algorithms, or similar technological methods.

Regulations on Deepfake and Digital Content Security

The Draft Law introduces explicit obligations concerning deepfake content generated by AI systems. Access to AI-generated content that violates personal rights or poses a threat to public security must be blocked within six hours, with both content providers and AI system developers being held jointly liable for ensuring compliance with this obligation.

Furthermore, all deepfake content must clearly display the statement “Generated by Artificial Intelligence”. A failure to comply with this requirement may result in administrative fines ranging from TRY 500,000 to TRY 5,000,000, imposed by the Information and Communication Technologies Authority (“BTK”).

The Draft Law also extends the scope of online offences subject to access blocking by adding new categories of crimes that may be committed through AI systems. It strengthens the access blocking mechanism and explicitly provides that the relevant provisions of the Turkish Penal Code No. 5237 (“TPC”) will apply to AI-based social network providers as well.

LAW NO 5237 – THE TURKISH PENAL CODE

Perpetrator Rules for the Offence of Insult

Under the TPC, users who direct an artificial intelligence system to commit the offence of insult are considered the principal offenders. Where the design or training of the system facilitates the commission of such an offence, the developer’s liability is increased accordingly.

LAW NO 6698 ON THE PROTECTION OF PERSONAL DATA

Provisions on Data Security

Datasets used for AI training must comply with the principles of anonymity, non-discrimination, and legitimacy. The use of discriminatory datasets is explicitly considered a breach of data security. This approach introduces stricter standards regarding the preparation and supervision of datasets.

LAW NO 5809 ON ELECTRONIC COMMUNICATIONS

Emergency Intervention Authority for BTK

The Draft Law grants BTK the power to issue emergency access blocking orders for AI-generated content that threatens public order or election security. Non-compliance with this obligation may result in administrative penalties of up to TRY 10 million.

LAW NO 7545 ON CYBERSECURITY

New Obligations Regarding Cybersecurity

In order to enhance security in AI systems and prevent manipulative content, service providers are subject to the following additional obligations. A failure to comply with these measures may result in administrative penalties of up to TRY 5 million, and in cases of serious violations that threaten public order, a temporary suspension of operations may be imposed:

1. ensure the transparency and auditability of training datasets;
2. implement content verification mechanisms to prevent false or manipulative information;
3. apply algorithmic controls to reduce the risk of AI hallucinations;
4. develop human review mechanisms for high-risk applications;
5. conduct regular cybersecurity vulnerability tests.

CONCLUSION

The Draft Law constitutes a significant legislative measure in Turkey concerning AI-based content generation, data processing and platform responsibilities. If it is enacted, digital service providers, AI developers and online platforms will be required to reassess their content management, data handling and algorithmic security practices. This may give rise to an extensive compliance agenda for relevant system operators. As amendments may occur during the legislative process, it is advisable to closely monitor developments regarding the final text of the Draft Law and its implementation.