5651 Compliance Guide
A practical reference for meeting the internet-access logging requirements of Turkish Law 5651.
Scope & Obligations
Law 5651 requires every organisation providing public internet access — hotels, cafés, universities, hospitals and enterprises with guest Wi-Fi — to log user sessions and retain the records for a legally prescribed period. The obligation covers identity verification, session start/end timestamps, source IP, destination and volume. Non-compliance can result in administrative fines and access-point shutdowns.
Logging Requirements
Each session must record the authenticated identity (phone number, TCKN or passport number), the MAC and IP address of the client, the DHCP lease, the NAT translation and the session duration. AnchorSpot captures all required fields at the captive-portal stage and forwards them to AnchorLog. AnchorNAC adds 802.1X identity and VLAN assignment for wired and wireless corporate sessions.
Retention Periods
The BTK mandates a minimum retention period of two years for access logs generated under Law 5651. AnchorLog enforces per-source retention policies and prevents early deletion. After the retention period expires, logs are securely erased with cryptographic key destruction. Retention timers are auditable and tamper-evident within the hash chain.
Chain of Evidence
For logs to be admissible in legal proceedings, their integrity must be provable. AnchorLog's SHA-256 hash chain and RFC 3161 timestamps create an independently verifiable proof that no record has been modified, deleted or inserted after the fact. Courts and the BTK accept this evidence model because the TSA signature is issued by a qualified third-party trust-service provider.
BTK Audit Readiness
During a BTK audit the inspector requests session logs for a specific date range and identity. AnchorLog provides a one-click export that includes the raw logs, the hash chain, TSA tokens and a verification report. The inspector can independently verify integrity using standard OpenSSL commands without access to the SiperOne platform.
Penalties
Failure to comply with Law 5651 logging obligations can result in administrative fines starting from ₺10,000 per violation, temporary or permanent closure of the internet access point, and personal liability for the organisation's legal representative. Maintaining a verifiable, tamper-evident log archive with AnchorLog and AnchorSpot reduces these risks to a minimum.
Ready to get started?
Deploy AnchorSpot, AnchorNAC or AnchorLog in minutes with a free trial — no credit card required.