Turkey AI liability civil courts

Turkey's Parliament Wants an AI Authority Before Its Courts Have an AI Liability Law

TBMM's 923-page AI report proposes new institutions while civil courts still stretch century-old tort rules onto algorithmic harm.

Turkey's AI Governance Gap People of Internet Research · Turkey 923 pages TBMM AI report length Sıra Sayısı 260, filed March 30, 2… Mar 2025 Cybersecurity Law enacted Law No. 7545 created the SBK, now … Sept 2024 AI treaty opened for signature Council of Europe's binding AI con… peopleofinternet.com
Turkey's AI Governance Gap People of Internet Research · Turkey 923 pages TBMM AI report length Mar 2025 Cybersecurity Law enacted Sept 2024 AI treaty opened for signature peopleofinternet.com

Key Takeaways

A 923-page report, one missing chapter

On March 30, 2026, the Turkish Grand National Assembly's AI Research Commission filed its final report — Sıra Sayısı 260, a 923-page document described by policy analysts as the country's most comprehensive institutional treatment of artificial intelligence to date, spanning law, public administration, education, health, defense, data governance, labor markets, and competition policy. On June 22, 2026, Anadolu Agency ran a legal analysis by Çağdaş Çetindemir, drawing on Prof. Dr. Ergin Ergül, that distilled the report's central institutional dilemma: should Turkey build a dedicated AI Authority from scratch, or fold that mandate into the year-old Cybersecurity Presidency (SBK)?

That question matters, but it is arguably the easier of the two the report raises. The harder one — which the institutional debate tends to crowd out — is that Turkey still has no AI-specific civil liability statute. When an algorithmic system causes harm today, a Turkish court has only the tools it already had: the fault-based tort provision in the Code of Obligations (Article 49) and the defective-goods rules in the Consumer Protection Law, No. 6502. Neither was written with autonomous decision-making in mind.

The steelman for a new authority

The case for a purpose-built AI regulator is genuinely strong, and the commission's report makes it well. Cybersecurity and AI governance are adjacent but distinct disciplines — one is about defending systems from intrusion, the other about auditing systems' own decisions for bias, safety, and accountability. A regulator built for the former may lack the technical vocabulary, risk-classification tools, or civil-society legitimacy to do the latter credibly. The EU's AI Act created dedicated national authorities precisely because folding AI oversight into an existing security agency risks treating algorithmic harm as a subset of network defense rather than a governance problem in its own right. Turkish civil-society group Alternatif Bilişim's response to the commission's report pressed this point too, arguing that whatever body emerges needs enforceable mechanisms for identifying and compensating AI-caused damage — not aspirational accountability language.

Build new, or convert the SBK?

The report's counter-consideration, as Çetindemir's analysis lays out, is cost and time: standing up a new regulator from zero carries a heavier institutional burden than repurposing the SBK, which Turkey created just over a year earlier under Cybersecurity Law No. 7545 (enacted March 19, 2025). The analysis is careful to note that SBK's existing statutory powers would have to shape any redesign — you cannot bolt an AI mandate onto an agency without reconciling its founding law first. That is a real constraint, not a rhetorical one, and it is the kind of practical tradeoff regulators in slower-moving democracies rarely have to weigh explicitly.

The treaty Turkey hasn't signed

The report's other headline recommendation is ratifying the Council of Europe's Framework Convention on Artificial Intelligence, opened for signature in Vilnius on September 5, 2024 as the first legally binding international AI treaty. Çetindemir's analysis, citing Ergül, frames ratification as the precondition for everything else: an "international commitment preceding all other reform steps." Turkey, a Council of Europe member, has not yet signed, even as the EU, US, UK, Japan, Canada, and Israel have. Ratifying first has a logic: it locks in human-rights-based guardrails — transparency, risk-tiering, accountability — before domestic institutional fights over who enforces them get resolved, reducing the odds Turkey ends up retrofitting a treaty onto whatever agency wins the turf battle.

Why the liability gap deserves top billing

But institutional architecture and treaty ratification are slower-moving, more visible fights. The civil liability gap is quieter and more urgent, because it is already live in courtrooms. A fault-based tort standard asks a plaintiff to prove negligence or intent — a poor fit for harm caused by a probabilistic model whose developer, deployer, and end user each touched the outcome differently. Product-liability rules under Law 6502 help only when AI is embedded in a physical good sold to a consumer; they say nothing about a standalone software service, a B2B model, or an AI-mediated decision that never involved a purchase at all. Until Turkey legislates a liability framework — whether through a EU AI Liability Directive-style rebuttable presumption, a strict-liability tier for high-risk systems, or simple clarifying amendments to the Code of Obligations — courts will keep improvising, and outcomes will diverge case by case in ways that make Turkey a harder, less predictable market for AI deployment than its regional peers.

The proportionate path

The pro-innovation case here is not "no regulation." It's sequencing. Codifying liability rules is lower-cost and faster than resolving an institutional turf war, and it delivers the thing courts and companies both need most immediately: predictability. Turkey should ratify the Council of Europe convention, take the time it needs on the authority-versus-SBK question, and treat civil liability legislation as the one piece that cannot wait for either.

Sources & Citations

  1. TBMM AI Research Commission final report (Sıra Sayısı 260)
  2. Turkey Cybersecurity Law No. 7545 (mevzuat.gov.tr)
  3. European Commission: signing of Council of Europe AI Framework Convention
  4. Anadolu Agency legal analysis (Çetindemir, citing Prof. Ergül)
  5. Toplum.org.tr analysis of TBMM AI commission report
  6. Alternatif Bilişim response to TBMM AI report