Blockchain 2022

Last Updated May 08, 2022


Law and Practice


YAZICIOGLU Legal is an Istanbul-based boutique technology law firm. The firm has a strong focus on legal matters related to technology, media and telecommunications as well as data protection/cybersecurity. The firm also has significant expertise in cross-border transactions, corporate and commercial matters, intellectual property, regulatory compliance, e-commerce, consumer protection and dispute resolution. The firm has a dedicated team of 12 lawyers working on technology, media telecommunications and data protection/cybersecurity.

The blockchain market in Turkey has maintained its enormous growth in 2021–22; particularly as the use of cryptocurrencies has grown rapidly over the past 12 months. As of November 2021, the transaction volume of the blockchain market is estimated to be more than USD1 billion with over 4 million market users.

The Directive on Crypto-Assets

Due to the exchange of fiat currencies with cryptocurrencies becoming very popular in the market and rising cybersecurity problems, legislative efforts needed to be made. Consequently, the Turkish Central Bank (TCB) issued the Directive on Crypto-Assets Not To Be Used in Payments (the “Directive”), which entered into force on 30 April 2021.

The Directive defined “crypto-assets” for the first time in Turkish law. Crypto-assets were defined in the Directive as “intangible assets that are virtually created by using distributed ledger technology or a similar technology and distributed over digital networks, but are not qualified as fiat money, deposit money, electronic money, payment instrument, security or another capital market instrument.”

Using crypto-assets as an instrument of payment directly or indirectly was prohibited by the Directive. Also, pursuant to the Directive, services towards using crypto-assets in payments in a direct or an indirect manner shall not be provided (for more information please see 3.4 Use of Digital Assets).

Crypto-Asset Service Providers Guide

In a significant development, the Financial Crimes Investigation Board (FCIB), by making amendments, imposed “know your customer” (KYC) obligations, among others, on crypto-asset service providers. The FCIB also published the Crypto-Asset Service Providers Guide (the “Guide”) in May 2021 (for more information on these regulations, please see 2.1 Regulatory Overview).

Thodex Incident

Another noteworthy legal matter is the Thodex fraud case. Thodex, which was the first global cryptocurrency exchange platform in Turkey, had nearly 400,000 members. The CEO of the company has been accused of “qualified theft by fraud” as crypto-assets of platform members were transferred. Although some suspects were arrested, the trial is still pending (for more information, please see 2.5 Judicial Decisions and Litigation).

Turkish Presidency Development Plan

It was revealed that Turkish Presidency has a plan to regulate the financial rights stated under the 11th Development Plan (2019–23) dated 23rd of July 2019, which is still being executed. The TCB’s first blockchain-based digital currency was announced as a part of the Development Plan. However, The TCB’s issuance of the digital currency remains in progress as its R&D studies are still underway (for more information, please see 1.2 Business Models).

Draft Law on Crypto-assets

Furthermore, there is a draft law that regulates crypto-assets (the “Draft Law”). The Draft Law is expected to bring changes and clarify at least a number of uncertainties faced by practitioners and market users, as well as providing help in preventing the aforementioned negative experiences from happening again. It is also expected that the Draft Law will amend the Capital Markets Law (CML) when enacted and that, within the scope of the Draft Law, trading in crypto-assets will only be carried out by platforms eligible to obtain a licence, which will be issued by the Capital Markets Board (CMB), to be established and to operate. Also, crypto-asset custody services are expected to be provided by banks or other legal entities licensed by the CMB and authorised by the Banking Regulation and Supervision Agency (BRSA), while customers’ cash will be kept in their bank accounts.

The Draft Law was expected to enter into force after the Turkish general election, which is planned to take place in 2023. However, the recent Terra Luna incident (for further discussion of which please see 3.3 Stablecoins) is expected to expedite legislative activities. Also, in light of this incident, due to the incredible amount of loss that was suffered by cryptocurrency users, regulatory authorities may adopt a stricter approach regarding legislation and upon the Draft Law entering into force, sub-legislations and other laws with stricter provisions may be enacted.

According to a view accepted by a majority of the practitioners of blockchain technologies, the Draft Law carries the potential to be prohibitive and restrictive considering Turkey’s transaction volume and potential in the market. Still, the Draft Law’s enacting is significant considering it will be, not only Turkey’s first national legislative effort, but also a legal ground for the concept of crypto-assets. It is predicted that the Draft Law’s enacting will lead to many discussions and subsequently many legislative efforts in various legal fields including but not limited to capital markets law, commercial law, tax law, civil law, civil procedural law, IT law, IP law, data protection law and crowdfunding regulations. The Draft Law is also expected to authorise one or more regulatory authorities regarding aspects of the blockchain technology. Different authorities might be authorised to regulate different aspects and if so, this would warrant further changes to the current legislation.

Finally, the Draft Law will provide help in taking steps towards bringing Turkey into compliance with EU legislation since the Draft Law shares similarities with the EU’s Proposal for a Regulation of the European Parliament and of the Council on Markets in Crypto-Assets, and Amending Directive (EU) 2019/1937, although the Draft Law has a narrower scope.

Occupational Standards in the Field of Blockchain Technology 

The Turkish Professional Competency Board has envisioned National Occupational Standards for “blockchain analysts" and “blockchain programmers” by enacting communiques that were published in the Official Gazette in February 2022 and May 2022, respectively. These standards, by stating qualifications, aim to regulate these occupations.

In Turkey, blockchain technology integration projects have accelerated in recent years. New companies are being founded to invest in the blockchain ecosystem and support innovative projects.

Paribu Ventures is one of the companies that was created to support start-ups involved in blockchain-based infrastructure, decentralised finance (DeFi), Web 3.0, gaming and non-fungible tokens (NFT) ecosystems.

Regarding the use of blockchain technologies in the financial sector, solutions for foreign trade are preferred because of the security, speed and efficiency provided by blockchain technology. Businesses in the finance sector, by using smart contracts, aim to offer their customers opportunities such as auto-settlement and invoice financing.

Türkiye İş Bankası (İşbank), one of the leading banks in Turkey, became the first Turkish bank to mediate and provide payment guarantee in foreign trade using blockchain technology. Akbank, another leading Turkish bank, in co-operation with the platform, which defines itself as the world’s first enterprise-grade blockchain-enabled trade finance platform, provides digital foreign trade products such as bank payment undertaking (BPU), BPU financing, auto-settlement, invoice financing and CRIF, a credit information service, being the first bank to do so.

Another project in the banking sector that uses blockchain technology is Bir Gram Altın Projesi (BIGA). BIGA was developed by Takasbank, which is authorised to provide cash and securities settlement transactions as the central clearing and settlement institution to İstanbul Exchange (Borsa İstanbul). BIGA aims to create an infrastructure where the physical money is blocked and the dematerialised gold with certain standards can be transferred using blockchain technology.

The TCB has conducted pilot studies on a digital Turkish lira (DTL). A DTL collaboration platform has been established with its technology business partners: ASELSAN (a Turkish defence corporation that carries out R&D as well as manufacturing), HAVELSAN (a Turkish software company that carries out operations regarding the defence industry) and The Scientific and Technological Research Council of Turkey (TÜBİTAK) Information and Information Security Advanced Technologies Research Center (Bilgem). The first phase of these pilot studies will be completed when the prototype of the DTL network is created. Considering that no final decision has yet been taken by the TCB regarding the circulation of a DTL, the results of the first phase have not been announced yet.

Migros, a Turkish supermarket chain, has provided its customers with a blockchain-based tracking system, which can be accessed via a menu located in the Migros App, that allows the customers to track fruits and vegetables’ entire progress through their supply chain. This is a significant implementation since it integrates blockchain into the daily lives of consumers.

Blockchain technologies are currently quite popular in Turkey. It is hoped that future regulations provide greater clarity for the market.

Since public authorities have so far refrained from making extensive legislative efforts regarding blockchain technology and crypto-assets, when it comes to this subject, legislative developments in Turkey are limited only to the Directive (for more information, please see 3.4 Use of Digital Assets) and the Draft Law (for more information, please see 1.1 Evolution of the Blockchain Market). The DeFi environment is not yet explicitly regulated in Turkish law.

Though a number of big cryptocurrency exchange platforms such as BtcTurk (a Turkish cryptocurrency exchange platform that operates with the Turkish lira, bitcoin and tether), Binance (the world’s largest cryptocurrency exchange platform), Paribu (a Turkish crypto exchange platform which operates with approximately 80 different coins and tokens including bitcoin and ethereum), BiLira (a lira-backed Turkish stablecoin exchange and trading platform) have been extremely popular over the past few years and as a result these platforms have gained a considerable amount of users and traction.

Overall, DeFi in Turkey is mainly being shaped by cryptocurrency exchange platforms which have been steadily growing both in size and user numbers.

It should be noted, however, that automated market makers, wallet aggregators, decentralised synthetic investment platforms, decentralised prediction markets, decentralised stablecoins and decentralised lending platforms are still not evident nationwide or even known in Turkey.

In Turkey, there are exciting studies on NFTs in the arts, sports, media, and entertainment industries. Workshops are held to transform artworks into NFTs. There are even institutions that provide consultancy services on this matter. With the “Introduction to NFT” public lecture event hosted by Ankara University’s Faculty of Fine Arts, universities in Turkey also took their first step toward NFTs.

Even though there are many exciting developments in many sectors, unfortunately, the use of NFTs for data storage solutions is still not common in Turkey, probably because the relevant regulations necessary to take further action are still awaited.

As of May 2022, there is no standalone law dedicated to regulating blockchain technology or cryptocurrencies. However, the Draft Law, for more information on which please see 1.1. Evolution of the Blockchain Market (Draft Law on Crypto-assets), as well as other regulatory efforts, are eagerly awaited.

However, there was a negative response to crypto-assets from the TCB, which issued the Directive which clearly stated that crypto-assets shall not be used as a payment instrument (for more information please see 3.4 Use of Digital Assets). The Directive is very significant due to it being exclusively about crypto-assets, even if it is a regulation that restricts their use.

In an announcement that was made upon the CMB’s Decision of 27 September 2018 numbered 47/1102 (the “Announcement”), it was stated that until sub-legislations regarding crowd financing enter into force, the public must disregard possible crypto-asset sales that might occur under the name of crowd financing, thus, no specific classification was made by the CMB, which has a highly restrictive approach to crypto-asset sales and especially initial coin offerings (ICOs); for more information on ICOs, please see 5.1 Initial Coin Offerings.

Despite crowdfunding having been regulated in Turkish law in 2021 with the Crowdfunding Communiqué, crowdfunding’s relation to blockchain technology remains unregulated. Additional codifications might be made in the future, especially as a follow-up to the Draft Law upon its enaction.

A noteworthy “retrofitting” to an existing regulation was made by the FCIB.

With Changes to the Directive on Measures Regarding the Prevention of Laundering Proceeds of Crime and Financing of Terrorism (the “Changes Directive”), which was published in the Official Gazette dated 1 May 2021, “crypto-asset service providers” was added to the Directive on Measures Regarding the Prevention of Laundering Proceeds of Crime and Financing of Terrorism (the “AML Directive”). Hence, crypto-asset service platforms have had obligations imposed on them under FCIB regulations with regard to taking measures against money laundering and terrorism financing, especially – identification within the framework of KYC principles – for transactions above a certain amount. This is significant since the FCIB has recognised crypto-asset service providers as a part of the financial system and regulated them.

Furthermore, the Guide was published by the FCIB on 4 May 2021, regulating what constitutes money laundering and terrorism financing crimes, what the obligations regarding their prevention are, which notification procedures will be carried out by cryptocurrency platforms, identification requirements and administrative sanctions.

While Turkey has been a member of the Financial Action Task Force (FATF) since 1991, it is not possible to say that Turkey’s jurisdiction has yet implemented standards applicable to the blockchain sector proposed by international bodies since there is no official implemented standard. This is expected to change once the Draft Law enters into force.

Bearing this in mind, it can be argued that the Directive defined crypto-assets in parallel to FATF’s definition (for more information on the Directive, please see 3.4 Use of Digital Assets) and the liability brought to crypto-asset service providers with the Changes Directive is also compatible with FATF’s approach (for more information on the Changes Directive please see 2.1 Regulatory Overview). These and future regulations are expected to be in compliance with FATF due to Turkey’s membership.

Use of blockchain technologies continues to be uncertain due to lack of specific regulations and definitions. Furthermore, this lack causes critical problems in attribution of responsibility to institutions. There has not yet been any formal decision as to which regulatory body in Turkey will be in charge of regulating the use of blockchain and overseeing businesses or individuals involved in that use.

Since the usage areasof crypto-assets vary, it is expected that the Draft Law will authorise more than one regulatory institution such as the TCB or the Turkish Ministry of Trade to regulate transactions and the use of blockchain technologies that concern their jurisdiction.

On the other hand, there have also been institutions which have stated that they consider making regulations regarding blockchain and cryptocurrencies to be beyond the limits of their responsibility. For example, the CMB stated in the Announcement that “Many of the practices for raising funds, often using blockchain technology, also known as ‘Cryptocurrency Sale’ or ‘Token Sale’, fall outside the regulatory and oversight scope of our Board.” In addition, it is speculated by some that since cryptocurrencies are not connected to any central system and there is no guarantee in return, their inclusion in the scope of the BRSA legislation will not be possible.

In the Announcement, CMB stated that; ‘it shall vary depending on the concrete case whether or not token sale implementations, which have similarities to and differences from public offering and crowd financing activities, will be within CMB’s regulatory scope’. As can be seen from this Announcement, there is no certainty on CMB’s part. This vague statement is probably because CMB is waiting for the Draft Law to be drafted and enter into force before it makes a definite assessment.

There is no self-regulatory organisation that is operating in the field of blockchain in Turkey. As of now, there are also no best practice codes regarding the use of blockchain technology. However, the activities of a number of associations and institutions influence the use of blockchain technologies by businesses and individuals directly or indirectly.

Borsa İstanbul Blockchain Project

Turkey's first financial blockchain project was developed by the Borsa İstanbul information technologies team and was implemented in September 2018. The project synchronised the information in the customer databases of Borsa İstanbul, Takas İstanbul and Merkezi Kayıt İstanbul's electronic applications. In the project, which was prepared in accordance with the KYC concept, adding new customer information to the specified database, changing existing information and document management will be carried out over the blockchain network.

Blockchain Research Laboratory

Blockchain Research Laboratory, which was established by TÜBİTAK Bilgem, is a useful guide to some aspects of the study of and application trials regarding blockchain in Turkey for the purposes of following the academic literature on blockchain and digital money, contributing, examining and analysing the technological infrastructures in their practical application. Blockchain Workshops (the “Workshops”) can be considered as the most advanced events on this subject. At the Workshops, academics presenting their work on blockchain, international guests who can provide support and guests from important state institutions and organisations discuss what steps Turkey shall take with regard to blockchain.

Blockchain Turkey Platform (BCTR)

BCTR is an independent and non-profit organisation established upon the initiative of the Turkish Informatics Foundation that aims to contribute to Turkey’s blockchain ecosystem by raising awareness, facilitating discussions and publishing reports.

In April 2021, an important ruling was given regarding the seizure of cryptocurrencies, which is a very controversial issue. Under Turkish enforcement law, certain conditions must be met in order for a property or right to be seized. For a property to be seizable, the property must be legally owned by the debtor, the property or right must have an economic value, it must be convertible into money and the seizure of the property must not be prohibited by law.

In a case within the jurisdiction of the 14th Enforcement Directorate of İstanbul the creditor’s attorney demanded that the debtor’s accounts in cryptocurrency exchange platforms be seized. As a result of the evaluation made by the said enforcement directorate, an enforcement order was sent to the relevant cryptocurrency exchange platforms and the debtor’s accounts on those platforms were seized. Thereafter, the debtor, whose cryptocurrency accounts were seized, filed a complaint to the İstanbul Enforcement Court (the “Court”), which was later dismissed.

In its final decision, the Court ruled that “Although the plaintiff had filed the complaint, claiming that cryptocurrencies cannot be seized, the Court has decided to dismiss the complaint, as it was understood that such money should also be considered within the scope of commodities and securities, it was accepted to be a kind of digital currency or virtual currency and therefore could be seized”, deciding that seizure of cryptocurrencies is possible.

Consequent to the dismissal of the Court, the debtor’s attorney appealed the verdict. İstanbul Regional Court of Justice 22nd Civil Chamber (the “Regional Court”), upon further assessment, approved the Court’s decision as the final verdict. While the decision regarding the seizability of cryptocurrencies became definite, neither the Court nor the Regional Court specified how the seizure should be executed. 

Thodex Controversy

Although currently there is no judicial process ongoing directly related to blockchain, a lawsuit regarding Thodex, Turkey's first global cryptocurrency exchange platform that mediates the buying and selling of cryptocurrencies, is attracting attention.

In April 2021, Thodex caused extreme concern among its users as speculation of fraud arose. It was later revealed that the CEO has fled abroad. As of May 2022, he is still sought by Interpol under a Red Notice.

In March 2022, criminal charges were issued against 21 suspects, including the CEO, for several crimes including:

  • establishing and managing an illegal organisation for the purpose of committing a crime;
  • fraud by using information systems, banks or credit institutions as tools; and
  • laundering of assets resulting from crime.

Prosecutors are demanding thousands of years of jail time for each suspect, which is obviously a symbolic claim made in order to emphasise the severity of the crimes.

Binance TR, a cryptocurrency exchange platform operating in Turkey, was issued an administrative fine of TRY8 million on the grounds that it violated its obligations set forth in the AML Directive, since crypto-asset exchange platforms, because they are crypto-asset service providers, have had obligations imposed on them under FCIB regulations.

In 2022, upon inspections, the FCIB issued approximately TRY18.8 million worth of administrative fines in total upon four crypto-asset service providers (BtcTurk, Birci, Paribu and Icrypex) due to failure of compliance with the obligations set forth in the Changes Directive and the Guide.

It should be noted that “crypto-assets” were defined for the first time in Turkish law by the Directive. For more information on definition of crypto-assets, please see 1.1 Evolution of the Blockchain Market. Also, in the Directive, the TCB stated that crypto-assets shall not directly or indirectly be used as an instrument of payment and services towards directly or indirectly using crypto-assets in payments shall not be provided (for more information, please see 3.4 Use of Digital Assets).

On 18 September 2019, the Turkish Republic Ministry of Industry and Technology published the 2023 Industry and Technology Strategy (the “2023 Strategy”). The 2023 Strategy states that it aims at establishing a regulatory sandbox in order to test whether developed blockchain applications are in compliance with the legislation and certificating the enterprises that pass the test, later supporting them in attracting investments.

Also, the Turkish Presidency Strategy and Budget Administration published the 2020 Presidency Annual Programme (the “2020 Annual Programme”). The 2020 Annual Programme consists of appointing a Finance Office to make the regulatory amendments necessary for the fintech ecosystem to thrive. Another measure of the 2020 Annual Programme is the establishment of a “technopark” within the body of İstanbul Finance Centre: the İstanbul Finance and Technology Base.

While the İstanbul Finance and Technology Base was expected to be established and opened by the end of the first quarter of 2022, as of June 2022 it has not been established. However, the Law on the Istanbul Finance Centre entered into force on 28 June 2022. This is expected to expedite the establishment process of the Istanbul Finance and Technology Base.

Currently, no tax regime has been adopted or implemented related to blockchain or cryptocurrencies in Turkey. Moreover, no official statement on this issue has been published by the tax authorities.

On the other hand, in accordance with Turkish law, regardless of whether an activity is legal or illegal, taxation is possible if income is derived from a taxable activity. Since no regulation was made regarding cryptocurrencies and they were not defined in the Turkish Tax Law or any other Turkish legislation, it is quite unclear how the income obtained as a result of the trading of cryptocurrencies will be subjected to tax. It is anticipated that the enacting of the Draft Law will accelerate the process of other legislation and further evaluation with regard to taxation.

For the time being, there is no governmental body that has been commissioned or established to carry out studies on the benefits to be gained from the use of blockchain and/or the challenges it may cause.

However, the Blockchain Dictionary was created by the Presidency Digital Transformation Office, which is a governmental body responsible for the transition of public institutions and organisations to the digital environment and for co-ordinating issues such as cybersecurity and artificial intelligence.

In addition, the opening meeting of the technical co-operation project titled “End-to-End Design (Inside the Country) of the Export Process with the Blockchain Technology”, developed by the European Bank for Reconstruction and Development and the Ministry of Trade and financed by the Ministry of Treasury and Finance, was held online on 8 March 2022. This project is planned to consist of two steps, the first of which starts with the establishment of the demo blockchain network and ends with the proof of concept (PoC) after testing, smart contract-writing and interface creation are completed and sample export transactions are made. The second step primarily consists of educational activities such as workshops.

In constitutional law, anything that has property value can be included in the right of property. Thus, digital assets can be protected within the framework of the constitutional right of property. However, as a rule, civil law only includes corporeal assets within the scope of property rights. In other words, a crypto-asset, which is a digital record, cannot benefit from the protection regime introduced for property law, right of property and possession.

In addition, since the principle of numerus clausus is valid with regard to intellectual property, it is very difficult to subject them to property rights in the classic private law doctrine. For this reason, there are many problems from the perspective of property law and the law of obligations. In this respect, there is no legal regulation (for more information, please see 2.1. Regulatory Overview). Therefore, the right to claim against the “issuer” (if there is any), the right to claim against crypto-asset service providers or the right of ownership on the bearer if there is a cold wallet are possible. However, it is unclear against whom the right to claim will be asserted, especially in public blockchain networks.

There is no legal description regarding the characterisation of digital assets under Turkish law. For information on the legal status of digital assets, please see 3.1 Ownership and 5.1 Initial Coin Offerings.

The CMB might accept digital assets as an instrument of investment, thus, as security tokens. Also, the TCB has intentions to regulate currency tokens.

Since there is currently no clear categorisation, if the Draft Law does not determine a singular regulatory authority for blockchain technologies and multiple regulatory authorities are given the authority, different regulatory bodies may classify digital assets in accordance with their scope of authority.

In Turkey, there is no established legal regime that regulates stablecoins; no distinction between different stablecoins is made.

Nonetheless, since stablecoins are meant to provide price stability and easy conversion options via backing with reserved assets or through algorithmic trading mechanisms, the use of stablecoin platforms has become widespread in Turkey (eg, BiLira).

A very recent development that shocked the world also led to many doubts regarding stablecoins. TerraUSD or UST, a stablecoin of the Terra blockchain protocol that is fixed to the US dollar, along with its sister token Luna, completely collapsed, losing approximately 98% of its value in the span of a day, causing a shockwave in the cryptocurrency market. Bitcoin and Ether, which are the two biggest cryptocurrencies, also lost value as a result. On top of this, thousands of people suffered huge monetary losses. Consequently, Terra Luna has been de-listed from a number of exchanges including Binance, which means that the token can no longer be purchased, but can still be sold or their value can be transferred. As of now, re-listing is being evaluated by exchanges, some deciding to re-list.

This development has raised serious concerns regarding stablecoins and their possible negative effects on the cryptocurrency market. This incident is also expected to be a catalyst for legislative and regulatory efforts (for more information please see 1.1 Evolution of the Blockchain Market).

It is explicitly envisioned in Article 3/2 of the Directive that crypto-assets shall not be used in payments in a direct or indirect way. Article 3/3 of the Directive mandates that services towards using crypto-assets in payments directly or indirectly shall not be provided. This is considered as a setback in integrating crypto-assets into Turkey’s economy and it is an indicator of the TCB’s resistance to deeming crypto-assets as a valid payment instrument.

As of now, there are no specific regulations in Turkish law with regard to the creation, marketing, or sale of NFTs. There is also not a generally accepted view on the legal nature of digital assets (for more information, please see 3.1 Ownership). Any assessment on this topic must be based on the characteristics of each particular case.

Additionally, it should be noted that the sale of NFTs cannot be conducted using cryptocurrencies due to the Directive (for more information, please see 3.4 Use of Digital Assets).

Most exchanges in Turkey, as in the rest of the world, operate as custodial exchanges. There is not yet a Turkish non-custodial exchange market that leaves the users in full control of their digital assets, although there are a number of foreign non-custodial exchanges that provide services in Turkey.

Since decentralised exchanges do not have the obligation to comply with Turkish legislation, they are not required to do any KYC or AML verification. Pursuant to the Changes Directive, crypto-asset service providers – which is a term that includes crypto-asset trading (exchange) platforms and platforms that perform NFT supply and trading – are obliged to identify their customers and people who act on behalf of the customers (for more information please see 2.1 Regulatory Overview).

There are exchanges in Turkey that sell digital asset securities, non-security digital assets and NFTs. However, pursuant to the Directive, it would be against the law to trade securities or NFTs with cryptocurrencies in Turkey (for more information please see 3.4 Use of Digital Assets).

Additionally, in a statement made in September 2021, the TCB launched an initiative to develop a digital currency prototype application; for more information, please see 1.2 Business Models.

Despite the fact that there is no explicit regulation regarding cryptocurrency exchanges in Turkey due to the Directive’s approach (for more information please see 3.4 Use of Digital Assets) – other than crypto-asset service providers having obligations under FCIB regulations (for more information please see 2.1 Regulatory Overview) – in practice, there are a number of cryptocurrency exchange platforms/markets where on-ramp and off-ramp exchanges are continuously made (for more information on cryptocurrency exchange platforms, please see 1.3 Decentralised Finance Environment).

Although there is a lack of regulation, there is a system behind cryptocurrency exchanges and people are directly subject to an established exchange platform/market, which provides a level of security.

With the amendment made with the Changes Directive, crypto-asset service providers have had had obligations imposed on them by the FCIB (for more information please see 2.1 Regulatory Overview).

While “crypto-asset service provider” is not defined in the legislation, the FATF’s definition can be accepted for Turkey, since Turkey is a FATF member (for more information, please see 2.2 International Standards).

Pursuant to the AML Directive, the obligations that were imposed on crypto-asset service providers are as follows:

  • identification (Article 5 et al);
  • identification of those acting on behalf of someone else (Article 14);
  • checking the authenticity of the documents used for the purpose of confirming the information received within the scope of identification (Article 15);
  • paying special attention to complex and unusually large transactions and transactions that do not seem to have a reasonable legal and economic purpose (Article 18);
  • taking necessary measures to obtain sufficient information about the purpose of the requested transaction and keeping the information, documents and records obtained in this context in order for them to be presented to the authorities when requested (Article 18);
  • continuous monitoring of the compliance of the transactions performed by customers with their profession, commercial activities, work history, financial situation, risk profile and funding sources within the scope of the continuous business relationship and keeping the information, documents and records about their customers up-to-date (Article 19);
  • not establishing a business relationship and not performing the requested transaction when identification cannot be made or sufficient information about the purpose of the business relationship cannot be obtained (Article 22);
  • reporting of suspicious transactions (Article 27 et al) – according to Article 27, a suspicious transaction is any transaction where information, suspicion or any other matter that would lead to suspicion about the assets being obtained illegally, or used for illegal purposes or for acts of terrorism, or by terrorist organisations, terrorists or those who finance terrorism. (Article 27 et al);
  • issuing a suspicious transaction notification form and delivering it to the FCIB (Article 28); and
  • the obligation to notify the FCIB regarding the transactions to which crypto-asset service providers are parties, or which they mediated, exceeding the amount to be determined by the Ministry of Treasury and Finance (Article 32).

There is no regulation in Turkey that regulates markets for digital assets, with regard to permission, capital adequacy, audit, etc. Platforms are generally established as a joint stock company and carry out their activities with their own software and systems.

The only assessment made in this regard is the CMB’s Announcement regarding token sales, which failed to provide any clarity (for more information, please see 2.3 Regulatory Bodies).

As for possible future regulations, it is a possibility that the Draft Law might aim to regulate this market over intermediary service providers.

There is no specific regulation for fraudulent or manipulative practices in the markets for digital assets either. Since the markets provide services in the online environment (the internet), they will primarily be subject to Law No 6563 on Regulation of Electronic Commerce. Additionally, fraudulent activities that have been committed through markets for digital assets are subject to the provisions of the Turkish Penal Code, as can be seen in the Thodex incident (please see 2.5 Judicial Decisions and Litigation for further discussion of this case).

To the authors’ knowledge, there are no specific regulatory limits on the ability of a crypto-asset exchange to re-hypothecate (on-transfer) the crypto-assets the third parties hold for customers. It is plausible that intermediary service providers might be subject to a number of responsibilities by regulations, if there is a legislative effort.

There is no regulation under Turkish law regarding hot or cold wallet providers.

Due to the crimes committed through the Thodex crypto money exchange platform (for more information on the Thodex case, please see 2.5 Judicial Decisions and Litigation), it was determined that the digital assets transferred to Thodex users’ hot wallets were transferred to different platforms by Thodex officials, and thus, fraud was committed.

While crowdfunding is regulated in Turkish legislation through the Crowdfunding Communiqué, this regulation does not include any provision with regard to cryptocurrencies or blockchain technologies. Hence, initial coin offering (ICOs), thus far, have been neither regulated nor prohibited in Turkish law. However, ICOs are very popular in practice.

The CMB has thus far provided no clear explanation as to the legal nature of crypto-assets (whether or not they are a derivative, capital market instrument, etc), causing uncertainty. However, it must be born in mind that just because the CMB has not regulated this matter before does not mean that it cannot intervene in the future, especially since the Draft Law is likely to grant the CMB regulatory authority.

Where ICOs would fit in Turkish law is controversial because the legal nature of the coins subject to ICO is not definite. Thus, upon assessing pre-existing regulations regarding crowd financing, it depends on whether a coin can be considered as money or not. The Directive complicated the issue, moving crypto-assets further from being in the same legal status as money. 

While there is no explicit regulation, the CMB has showcased its approach to ICOs in the Announcement, deeming ICOs “very high risk and speculative investments” and warning people interested in buying digital assets to be aware of the risks and to carefully examine what is promised in exchange for digital assets.

The risks that were pointed out by CMB in the Announcement are as follows:

  • most ICOs fall outside the scope of regulatory authorities’ purview, and are thus not subject to any regulation or supervision;
  • similar to crypto-money, the value of the tokens that are bought is extremely volatile;
  • collected money may not be used to serve the previously stated purposes;
  • the documents that are provided by the sellers may contain incomplete and deceptive information; and
  • since the projects that attract funds by using methods such as this are usually at a very early stage, it is possible that the project will fail and the investment be completely lost.

It was later stated in the Announcement that every necessary administrative and criminal measure shall be enacted by the CMB in the event that unauthorised activities are carried out under the name of crowd financing before sub-legislations enter into force. Additionally, investors were advised to disregard possible crypto-asset sales that might occur under the name of crowd financing.

As for ICOs being considered as securities or commercial activities, it must be pointed out that the CMB has left this discussion open ended in the Announcement. If the CMB is authorised in the Draft Law, it might make specific regulatory efforts regarding crypto-assets in the future.

At this point, it is safe to say that ICOs do not fall within the category of crowdfunding. This conclusion is drawn from the relevant provisions of the Communiqué on Share-Based Crowdfunding. However, this does not change the crowdfunding-like nature of ICOs. ICOs remain a technological financial solution which do not meet the criteria determined under the legislation for crowdfunding, while having a purpose and logic that has some the property of crowdfunding.

Another important note with regard to ICOs is the prohibitions placed by Article 562 of the Turkish Commercial Law (TCL). This Article prohibits the collection of money from the public with the intention or promise of establishing a company or increasing capital through calling for the public by any means. In case a crypto-asset is provided in return for the money received during an ICO and this is not done for the purpose of establishing a company or increasing capital, the risk of incompliance with the TCL and CML is minimised.

It is also necessary to state that ICOs establish a contractual relationship between the participant and the organisers based on the law of obligations. A White Paper defines and regulates this relationship and provides all information regarding the project and any legal disclaimers or risk notices with regards to the participation in the ICO.

Currently, there is no regulation in Turkish law regarding initial exchange offerings (IEOs). However, it is possible that the Draft Law provides a regulation regarding the institution that will regulate crypto-asset service provider investment consultancy and portfolio management.

Also, in IEOs, the nature and characteristics of the crypto-assets that are being exchanged (eg, payment instrument, stocks, etc) essentially determines the legal status and rules to which the IEO will adhere. The legal nature of crypto-assets and which legal principles and regulations will be applied to them continues to be uncertain. This uncertainty is expected to end once the Draft Law enters into force. However, as of now, there is applicable regulation to neither the legal nature of crypto-assets nor of the IEO process.

There are no regulations that are applicable to distributions of tokens to community members likely to utilise a particular protocol via an airdrop or a similar mechanism that does not necessarily involve token purchase.

As of May 2022, there is no regulation exclusive to crypto-assets in Turkish law that is applicable to investment funds or collective investment schemes that invest in digital assets. It is not impossible, however, that general provisions regarding investment funds can be applicable to crypto-assets.

However, there are developments on this front. For example, İşbank set up a fund called İş Portfolio Blockchain Technologies Composite Fund. At least 80% of this fund’s value is told to continuously go to financial instruments that play a role in research, support and development of blockchain technologies. However, crypto-asset and cryptocurrency market transactions are excluded from the scope of this fund.

Under Turkish law, there are currently no special regulations that apply to broker-dealers or other financial intermediaries that deal in digital assets. However, crypto-asset service providers are expected to be defined as crypto-asset exchange or retention platforms or other institutions that may fall under this category. It is also expected that the Draft Law will finally determine which institution shall be responsible for regulating crypto-assets, which is likely to be the CMB.

Pursuant to the current legislation, the liable parties, within the scope of the principles regarding KYC, are obliged to determine the identities of those who make transactions and those on whose behalf the accounts are transacted before any transaction, whether the transaction is made by them or mediated by them and take other necessary measures.

In Turkish law, there are no specific laws, regulations or binding judicial decisions that address “smart contracts”.

Smart contracts are pieces of software that are composed of codes, thus they are not actually contracts in a literal sense. Hence, firstly it must be determined if the smart contracts will be subjected to contract law provisions in the first place. If a smart contract is accepted to legally be a contract, then, since there is no special provision, the general provisions of the Turkish Law of Obligations (TLO) may apply. It is currently not possible to evaluate legal enforceability and validity of smart contracts in Turkey, since there is no relevant regulation or case law. 

Though, with regard to Turkish contract law, the points below must be considered.

  • Freedom of contract, which is the right to enter into any contract with any content (apart from a number of limitations such as content that breaches imperative legal rules) with anyone.
  • Freedom of form, which is crucial because if a contract has the written form requirement, computer code will not satisfy that requirement, which may lead to the contract being invalid.
  • As per Law 805 on the Compulsory Use of Turkish in Economic Institutions, contracts made by and between Turkish companies within Turkey must be in Turkish; recently, the Supreme Court has started to apply this law to contracts where a foreign company is entering into a contract with a Turkish company that is within Turkey, which poses a risk.
  • Since transactions made on a blockchain, including smart contracts, cannot be amended, the contract is executed even when it must be accepted as retroactively invalid (eg, error, deception and coercion, where the will to enter into the argument is incapacitated).
  • Certain areas of Turkish law aim to protect, by law, one of the parties to a contract, such as employment law, consumer law and rental law. When the smart contract causes automatic execution or ends the contract, these protective provisions may be disabled and this may contradict with imperative legal rules. Actions that stem from the nature of smart contracts such as automatic execution must not violate legislation.

There is no consensus yet on the liability of developers of blockchain-based networks (“developers”) or the code that runs on these networks.

It is expected that the responsibility for losses or damages that occur due to the blockchain technologies will be assigned to the crypto-asset service providers. Since it is likely that the Draft Law and future regulations will only encompass intermediaries and not the people that program the networks, in that case, programmers or the people that operate the technical aspects may be held liable only if they are also intermediaries.

Regulations in Turkish law regarding product responsibility do not, as of now, encompass the structure and workings of blockchains. It can be argued that this is the reason why there is no specific regulation with respect to this. However, provisions regarding sales contracts, contracts of work, contracts of service or agency contracts as well as recourse provisions might be applicable.

As stated in 6.1 Enforceability, at this point, general provisions may apply. Also, if the parties have a contractual relationship, contractual liability and – if the conditions are met – tort liability provisions can also be applied and the developers may be held liable for damages that were caused by their erroneous or negligent actions or their failure to meet the standard practice and perform their duty to care, on the condition that there is a causal relationship between the damages suffered and these actions/this failure. 

However, the fact that developers hail from all over the world is likely to cause complications around determining the appropriate jurisdiction, the enforcement of rules on people from different jurisdictions and the conflict of laws.

Also, as of now, there is no explicit regulation or decision in Turkey that holds developers responsible for losses that arise through the use of software on the theory that the developers would be considered fiduciaries.

Currently, there are neither regulations nor prohibitions regarding decentralised finance (DeFi) platforms.

Since cryptocurrencies are not accepted as legal tender or as a payment instrument, it is not possible to deem cryptocurrencies as an asset that can be subject to lending in the near future, especially since carrying out credit and lending processes is assigned exclusively to banks and pursuant to the Directive, crypto-assets cannot be used as a payment instrument (for more information please see 3.4 Use of Digital Assets).

In this context, there is currently no official institution that carries out money lending processes with cryptocurrency. Thus, regulations that bind them or their licensing are also non-existent.

According to the Directive, crypto-assets are defined as intangible assets that are created virtually by distributed ledger technology or a similar technology and are distributed over digital networks. However, crypto-assets do not qualify as fiat money, dematerialised money, electronic money, payment instruments, securities or other capital market instruments.

Owing to the Directive, payment service providers cannot develop business models where crypto-assets are directly or indirectly used as a payment instrument or where services are provided for directly or indirectly using crypto-assets as a payment instrument.

Since the use of crypto-assets, even for payments is prohibited, it can be assumed that crypto-assets cannot be used in a security interest transaction.

The Directive prohibits electronic money and payment institutions from intermediating with platforms that provide custody services for crypto-assets or transferring funds from these platforms.

Currently there is no regulation on custodianship for crypto-assets apart from the regulation in the Directive (for more information on the Directive please see 3.4 Use of Digital Assets).

Since Turkish Data Protection Law, numbered 6698, (TDPL) is technology-neutral, it doesn’t include any explicit regulation regarding blockchain technologies. However, the increase in popularity of blockchain technologies and the possibility of the Draft Law introducing specific requirements calls for additional regulatory efforts as well as future amendments of the TDPL.

Even if there’s no explicit regulation in Turkish law regarding the right to be forgotten, as opposed to the EU General Data Protection Regulation (GDPR), the Turkish Personal Data Protection Board (PDPB), the decision-making body of the Turkish Personal Data Protection Authority (PDPA), has mentioned the right to be forgotten in its previous decisions, thus acknowledging this right. The PDPB and PDPA being supportive of the right to be forgotten puts blockchain technologies in a compromising position when it comes to compliance with Turkish data protection law and practices.

Although newer blockchain technologies aim to be more compatible with the right to be forgotten, albeit with the price of a partial compromise of transparency, this right contradicts with conventional and older blockchain technologies and smart contracts. Transactions made on the conventional blockchain technologies, including smart contracts, cannot be amended or in any way changed, which is contradictory to the right to be forgotten, a right that is essentially about erasure of past information. Also, blockchain technologies, being a decentralised environment, are openly accessible, which contradicts data privacy.

There are also other data privacy issues around blockchain technologies, such as lack of a person or institution to extend requests regarding deletion of data or the right to be forgotten in public blockchain networks and the impossibility of deletion or amendment in private blockchain networks.

Firstly, whether the data that is within the blockchain network qualifies as “personal data” must be evaluated. Currently, there is no definite answer to this question. However, the PDPB frequently references EU law and the GDPR in its decisions. Also, Turkish data protection law is developing in compliance with the EU perspective. Thus, it is possible that the PDPB will adopt a similar approach to that taken in the Court of Justice of the EU’s Breyer decision, finding that data is still considered to be personal data even if legal means (seeking further information from third parties) are required in order to make a person “identifiable”.

The TDPL and its secondary legislation do not provide specific rules regarding which regulations may apply to the use of blockchain-based products or services. However, the TDPL’s regulations regarding taking the necessary technical and organisational measures and the measures that were stated in the PDPA’s Guideline on Personal Data Protection (Technical and Organisational Measures) dated 2018 might be applicable.

Blockchain technology, being a decentralised system, does not have a central control body and consequently, there is no central person or authority that regulates and oversees data protection in blockchain technology. This brings up issues regarding enforcement, jurisdiction and conflict of laws as well as making it nearly impossible to assess data subjects’ requests and complaints. 

How the personal data protection provisions may apply to blockchain technologies may depend on the blockchain being public or private. While there is an issuer that may be accepted as a data controller in private blockchain networks, in public blockchain networks, who will be deemed to be the data controller and data processor is much more complicated.

International Data Transfers

Blockchain products’ personal data being retained on the cloud calls for strict measures to be taken as well as bringing to the surface discussions regarding international data transfer.

In this regard, international data transfer is a very problematic topic in Turkish data protection law and the PDPB has previously imposed administrative fines upon data controllers with regard to this. One of the main problems that causes international personal data transfer to be problematic is relying on explicit consent, which is risky because it may be withdrawn at any moment and it is considered to be invalid if it is stated as a prerequisite for provision of services. Even when the processing is not based on explicit consent, an undertaking or if the transfer is being made within a multinational company, binding corporate rules (BCR) must be submitted for the PDPB’s approval. Also, it must be noted that GDPR narrowly interprets “legitimate interest”.

In a blockchain environment, meeting the criteria explained above may not be entirely possible since it is not clear whether explicit consent will be obtained or not, and if explicit consent is to be obtained, who will obtain it. If explicit consent will not be obtained and an undertaking will be signed, who the signees will be and with which title they will sign the undertaking are also unsolved issues.

There are not any specific provisions or prohibitions regarding cryptocurrency mining. Mining cryptocurrencies by using “proof of work” consensus protocols to validate block transactions is also not prohibited.

Staking as a service or SAAS businesses are neither regulated nor prohibited in Turkish legislation.

In Turkey, decentralised autonomous organisations (DAOs) are not regulated. In fact, the idea behind DAOs may be aimed at sparing these organisations from government regulations and bodies. Still, experiences show that AML regulations are needed in order to prevent cybersecurity incidents such as the notable DAO hack that occurred in 2016 in the USA.

DAOs are controlled by a group of members with no central government structures. These anti-centralising and libertarian structures with no leadership eliminate the traditional legal entity elements as everything is fully transparent and public with the rules encoded through the smart contracts on the blockchain, also helping individuals and groups to easily organise under a DAO.

DAOs are expected to be regulated in Turkish legislation in sub-legislation that will be drafted in accordance with the Draft Law upon it entering into force (for more information please see 1.1 Evolution of the Blockchain Market). Regulatory authorities may have a stricter approach towards DAOs due to the DAO-hacking incident in 2016 and the allegations made against Toby Hoenisch.

Whether or not DAOs can even be accepted as a company is also a significant issue. No clear explanation or assessment has been made thus far from the point of view of corporate law doctrine, in addition to the lack of regulation. While corporate law doctrine’s assessments are anticipated, it is a possibility that, TCL provisions may be applied, even if partially. In that case, the Turkish Ministry of Commerce, the CMB or the BRSA may have the authority to regulate DAOs.

It could be said that smart contracts are the backbone of a DAO in terms of running the organisation’s self-rule mechanism. Rules of DAOs and the administration of financial resources are determined within the framework of that specific smart contract.

The codes of a DAO can only be changed upon a voting process. Governance processes in DAOs are typically on-chain as they require governance tokens from the members to propose and vote on decisions. Voting participation thresholds vary from DAO to DAO. This threshold can be openly seen through the DAOs’ White Papers or their open-source protocol codes.

It is also not possible for members to spend or share resources without the approval of the other members.

There is no example of engagement between DAOs and native legal entities in Turkey. Using a legal entity structure under a DAO may, however, help in reducing the cybersecurity risks. From a legal standpoint, traditional legal entities may affect the DAO’s basic values, and liabilities regulated in the relevant applicable law may be brought to the forefront again.


NidaKule – Goztepe
Merdivenköy Mahallesi Bora Sokak No: 1
Kat:7 34732 Kadıköy

+90 216 468 88 50

+90 216 468 88 01
Author Business Card

Law and Practice


YAZICIOGLU Legal is an Istanbul-based boutique technology law firm. The firm has a strong focus on legal matters related to technology, media and telecommunications as well as data protection/cybersecurity. The firm also has significant expertise in cross-border transactions, corporate and commercial matters, intellectual property, regulatory compliance, e-commerce, consumer protection and dispute resolution. The firm has a dedicated team of 12 lawyers working on technology, media telecommunications and data protection/cybersecurity.

Compare law and practice by selecting locations and topic(s)


Select Topic(s)

loading ...

Please select at least one chapter and one topic to use the compare functionality.