TİTCK
Turkey — TİTCK
Medical Devices Regulation (mirrors EU MDR) + KVKK overlay
Authority
Turkish Medicines and Medical Devices Agency
Enforced
Jun 2021
Legal framework
TİTCK MDR Regulation + KVKK + ÜTS device tracking system
Scope
All medical devices marketed in Türkiye; rules mirror EU MDR with national overlays.
Pre-market
EU MDR-equivalent technical documentation, ÜTS registration, Notified Body conformity assessment for higher classes.
Post-market
Vigilance via TÜFAM; ÜTS UDI tracking; KVKK breach notifications.
SBOM
RecommendedMirrors EU expectations; will follow CRA timeline through equivalence.
Vulnerability disclosure
USOM (National Cyber Incident Response Center) coordination encouraged.
Penalty
Market removal; KVKK fines; criminal liability under cybercrime statutes.
Unique requirements
- 01Turkish Authorised Representative
- 02Turkish-language IFU and labelling
- 03ÜTS UDI registration
Highlights
- De-facto EU MDR equivalence
- ÜTS national device tracking mandatory
- KVKK aligns closely with GDPR
Aligns with
Timeline
-
Jun 2021
MDR regulation enters force
-
2024
ÜTS tightening for software devices
Key documents
Related markets
Frequently asked about Turkey
Is SBOM required for medical devices in Turkey?
Recommended. Mirrors EU expectations; will follow CRA timeline through equivalence.
What does TİTCK require for pre-market cybersecurity?
EU MDR-equivalent technical documentation, ÜTS registration, Notified Body conformity assessment for higher classes.
What are the post-market cybersecurity obligations under TİTCK?
Vigilance via TÜFAM; ÜTS UDI tracking; KVKK breach notifications.
What is the penalty for non-compliance with TİTCK cybersecurity rules?
Market removal; KVKK fines; criminal liability under cybercrime statutes.
How much of my FDA cybersecurity package is reusable in Turkey?
Roughly 55% — an editorial estimate based on overlapping evidence requirements (threat model, SBOM, security risk assessment, pen-test report).