The blockchain market in Türkiye continued its enormous growth in 2022–23. As shown by the Crypto Market and Investment Report Türkiye 2022 published by Gate.io on 28 October 2022, there are 3,811,882 crypto-asset users in Türkiye, which corresponds to 4.5% of the total population. The 2022 Türkiye Fintech Ecosystem Status Report prepared under the co-ordination of the Presidential Finance Office states that there are 250 payment technology, 92 blockchain and crypto-asset, and 89 banking technology initiatives in Türkiye.

The Directive on Crypto-Assets

Due to the exchange of fiat currencies with cryptocurrencies becoming very popular in the market, and rising cybersecurity problems, legislative efforts needed to be made. Consequently, the Turkish Central Bank (TCB) issued the Directive on Crypto-Assets Not To Be Used In Payments (the “Directive”), which entered into force on 30 April 2021.

The Directive defined “crypto-assets” for the first time in Turkish law as “intangible assets that are virtually created by using distributed ledger technology or a similar technology and distributed over digital networks, but are not qualified as fiat money, deposit money, electronic money, payment instruments, security or another capital market instrument.”

Using crypto-assets as an instrument of payment directly or indirectly was prohibited by the Directive. Also, pursuant to the Directive, services using crypto-assets in payments in a direct or an indirect manner may not be provided (please see 3.4 Use of Digital Assets).

Crypto-Asset Service Providers Guide

In a significant development, by making amendments, the Financial Crimes Investigation Board (FCIB) imposed “know your customer” (KYC) obligations, among others, on crypto-asset service providers. The FCIB also published the Crypto-Asset Service Providers Guide (the “CASP Guide”) in May 2021 (please see 2.1 Regulatory Overview).

Suspicious Transaction Notification Guide

On 18 April 2022, the FCIB published the Suspicious Transaction Notification Guide (the “STN Guide”) that regulates the procedures and principles regarding the reporting of suspicious transactions for crypto-asset service providers. The guide aims to prevent money laundering and terrorist financing activities in the cryptocurrency sector and provides detailed instructions on the information that should be included in the notification (please see 4.3 KYC/AML/Sanctions).

Press Announcement on Digital Turkish Lira Usage

In December 2022, in line with the Turkish Presidency 11th Development Plan (2019–23) and the Medium-Term Programme (MTP) (2023–25) published in the Official Gazette on 4 September 2022, the TCB announced that as the first phase of the Digital Turkish Lira (DTL) Project, the first payment transactions on the Digital Turkish Lira Network were successful and that the pilot implementation tests will continue in the first quarter of 2023. It was also mentioned that throughout 2023 priority will be given to studies on the technological requirements of the Digital Turkish Lira and its economic and legal framework.

Draft Law on Crypto-Assets

Furthermore, there is a draft law that regulates crypto-assets (the “Draft Law”). The Draft Law is expected to bring changes and to clarify at least a few uncertainties faced by practitioners and market users, as well as to provide help in preventing related negative experiences from happening again. It is also expected that the Draft Law will amend the Capital Markets Law (CML) when enacted and that, within the scope of the Draft Law, trading in crypto-assets will only be carried out by platforms eligible for obtaining a licence to be established and to operate, which will be issued by the Capital Markets Board (CMB).

Also, crypto-asset custody services are expected to be provided by banks or other legal entities licensed by the CMB and authorised by the Banking Regulation and Supervision Agency (BRSA), while customers’ cash will be kept in their bank accounts.

The Draft Law is expected to enter into force after the Turkish general election, which took place on 14 May 2023. According to a view accepted by most practitioners of blockchain technologies, the Draft Law carries the potential to be prohibitive and restrictive considering Türkiye’s transaction volume and potential in the market. Still, the Draft Law’s enactment is significant, considering it will be not only Türkiye’s first national legislative effort, but also a legal ground for the concept of crypto-assets. It is predicted that the Draft Law’s enactment will lead to many discussions and subsequently many legislative efforts in various legal fields, including but not limited to capital markets law, commercial law, tax law, civil law, civil procedural law, IT law, IP law, data protection law and crowdfunding regulations. The Draft Law is also expected to authorise one or more regulatory authorities regarding aspects of blockchain technology, with different authorities potentially being authorised to regulate different aspects; if so, this would warrant further changes to the current legislation.

It is speculated that the entry into force of the Draft Law is on hold awaiting the proposal of the effective date of the Regulation on Markets in Crypto-assets (MiCA), which is expected in 2024. Consequently, the Draft Law will help to bring Türkiye into compliance with EU legislation, since the Draft Law shares similarities with the MiCA; though the Draft Law has a narrower scope.

Impacts of the Bankruptcies of FTX and Other Leading Centralised Businesses

According to market news, in its latest filing with the Delaware court, FTX requested to exclude its Turkish units from the bankruptcy process as the debtors did not have sufficient control in Türkiye to fulfil their duties under bankruptcy law. Following this case, on 23 November 2022, the FCIB announced that it had initiated an investigation into FTX. In this announcement, it was stated that the FCIB had filed a criminal complaint with the Istanbul Chief Public Prosecutor’s Office; as a result, a judicial investigation was opened against Samuel Benjamin Bankman-Fried and other related persons as suspects, and a seizure measure was imposed on their assets. In February 2023, the Delaware court approved the removal of FTX Turkish units from the bankruptcy case and found it to be “in the best interests of” FTX and its estate. This incident has led to caution among investors.

In Türkiye, blockchain technology integration projects have accelerated in recent years. New companies are being founded to invest in the blockchain ecosystem and support innovative projects.

Paribu Ventures is one of the companies that was created to support start-ups involved in blockchain-based infrastructure, decentralised finance (DeFi), Web 3.0, gaming and non-fungible token (NFT) ecosystems.

Regarding the use of blockchain technologies in the financial sector, solutions for foreign trade are preferred because of the security, speed and efficiency provided by blockchain technology. Through the use of smart contracts, businesses in the finance sector aim to offer their customers opportunities such as auto-settlement and invoice financing.

Türkiye İş Bankası (İşbank), one of the leading banks in Türkiye, became the first Turkish bank to mediate and provide payment guarantee in foreign trade using blockchain technology. Akbank, another leading Turkish bank, in co-operation with the We.trade platform (which defines itself as the world’s first enterprise-grade blockchain-enabled trade finance platform), provides digital foreign trade products such as bank payment undertaking (BPU), BPU financing, auto-settlement, invoice financing and CRIF, a credit information service, being the first bank to do so.

Ak Yatırım, a wholly owned subsidiary of Akbank, and crypto-asset exchange Stablex, signed a share purchase and subscription agreement for the acquisition of the majority shares of the exchange by Ak Yatırım. It was reported that the agreement was signed on 14 March 2023, and that the transfer will take place if the Competition Board approves the transaction and other prerequisites set out in the agreement are fulfilled. Halkbank, another leading Turkish bank, made its first Metaverse branch available to its customers through the domestic Metaverse GoArt. Customers will create their avatars and log in to the Metaverse branch through the Halkbank portal.

Migros, a Turkish supermarket chain, has provided its customers with a blockchain-based tracking system, which can be accessed via a menu located in the Migros App, allowing customers to track the entire progress of fruit and vegetables through their supply chain. This is a significant implementation since it integrates blockchain into the daily lives of consumers.

As a major development, the 14th Digital Türkiye meeting held at the Presidential Complex announced the implementation of a project to provide citizens with a new option to access e-Government services using digital identities built on a blockchain network. 

In January 2023, Turkish automotive company TOGG announced a partnership with Metaco, a digital asset custody and issuance system provider. TOGG’s mobility platform aims to offer smart contract-powered use cases for users in Türkiye and Europe, including tokenisation of mobility services, assessment of CO2 footprint and NFT ownership. The platform also offers a smart contract management framework that provides end-to-end life cycle management and servicing support for digital assets.

Blockchain technologies are currently quite popular in Türkiye. It is anticipated that future regulations will provide greater clarity for the market.

Since public authorities have so far refrained from making extensive legislative efforts regarding blockchain technology and crypto-assets, legislative developments concerning this subject in Türkiye are limited only to the Directive (please see 3.4 Use of Digital Assets) and the Draft Law (please see 1.1 Evolution of the Blockchain Market). The DeFi environment is not yet explicitly regulated in Turkish law.

A number of big cryptocurrency exchange platforms have been extremely popular over the past few years, and as a result these platforms have gained a considerable amount of users and traction:

• BtcTurk (a Turkish cryptocurrency exchange platform that operates with the Turkish lira, Bitcoin and Tether);
• Binance (the world’s largest cryptocurrency exchange platform);
• Paribu (a Turkish crypto exchange platform which operates with approximately 80 different coins and tokens, including Bitcoin and Ethereum); and
• BiLira (a lira-backed Turkish stablecoin exchange and trading platform).

BiLira is perhaps the most prominent example of DeFi in Türkiye. It is a stablecoin provider pegged to the Turkish lira and can work on ERC-20-compatible wallets as well as on Avalanche wallets. It can perform transactions on Avalanche, Solana, Ethereum, Binance Smart Chain, Algorand and Polygon. It works with several banks operating in traditional finance and can be traded in several exchanges.

In Türkiye, there have been exciting studies on NFTs in the arts, sports, media and entertainment industries.

There are many well-known digital artists creating art through smart contracts, such as Murat Pak and Refik Anadol. According to market news, the period between February 2020 and April 2022 saw the sale of more than 180,300 NFTs, raising a total value of USD394.9 million in just over two years.

Besides artists, there are group projects such as Ninja Squad (which was created by Turkish cryptocurrency trading group Ninja Traders and made nearly 800 ETH in first sales and almost 3,000 ETH trading) and the Fluffy Polar Bears project (which has made over 3,000 ETH trading). Firat NFT is the most well-known Turkish NFT project in the Avalanche network, having made nearly 44,000 AVAX trading.

Other example is the NFT marketing project of Elidor (a Unilever brand) and their advertising project, including the volleyball artist Ebrar Karakurt. The rock band Manga also sold the first NFT concert tickets in Türkiye, which offered reserved VIP seats in the concert area as well as backstage access.

Overall, there are many exciting developments in different sectors, and the use of NFTs in Türkiye is an area of increasing interest and concern for regulators.

As of May 2023, there is no standalone law in Türkiye dedicated to regulating blockchain technology or cryptocurrencies, though the Draft Law and other regulatory efforts are eagerly awaited.

However, there was a negative response to crypto-assets from the TCB, which issued the Directive clearly stating that crypto-assets may not be used as a payment instrument (please see 3.4 Use of Digital Assets). The Directive is significant due to it exclusively concerning crypto-assets, even if it restricts their use.

In an announcement made regarding the CMB’s Decision of 27 September 2018 numbered 47/1102 (the “CMB Announcement”), it was stated that until sub-legislations regarding crowd financing enter into force, the public must disregard possible crypto-asset sales that might occur under the term “crowd financing”; thus, no specific classification was made by the CMB, which has a highly restrictive approach to crypto-asset sales and especially to initial coin offerings (ICOs) (please see 5.1 Initial Coin Offerings).

Despite crowdfunding having been regulated in Turkish law in 2021 with the Crowdfunding Communiqué, crowdfunding’s relation to blockchain technology remains unregulated. Additional codifications might be made in the future, especially as a follow-up to the Draft Law upon its enactment.

A noteworthy “retrofitting” to an existing regulation was made by the FCIB.

With the Changes to the Directive on Measures Regarding the Prevention of Laundering Proceeds of Crime and Financing of Terrorism (the “Changes Directive”), which was published in the Official Gazette on 1 May 2021, “crypto-asset service providers” was added to the Directive on Measures Regarding the Prevention of Laundering Proceeds of Crime and Financing of Terrorism (the “AML Directive”). Hence, crypto-asset service platforms have had obligations imposed on them under FCIB regulations regarding taking measures against money laundering and terrorism financing, especially concerning identification within the framework of KYC principles for transactions above a certain amount. This is significant as the FCIB has recognised crypto-asset service providers as a part of the financial system and has regulated them accordingly.

Furthermore, the CASP Guide was published by the FCIB on 4 May 2021, regulating:

• what constitutes money laundering and terrorism financing crimes;
• what the obligations regarding their prevention are;
• the notification procedures to be carried out by cryptocurrency platforms;
• identification requirements; and
• administrative sanctions.

Additionally, the STN Guide was also published by the FCIB (please see 1.1 Evolution of the Blockchain Market). 

While Türkiye has been a member of the Financial Action Task Force (FATF) since 1991, it has not yet implemented standards applicable to the blockchain sector proposed by international bodies since there is no such official standard. This is expected to change once the Draft Law enters into force.

Arguably, the Directive defined crypto-assets in parallel with the FATF’s definition (please see 3.4 Use of Digital Assets), and the liability of crypto-asset service providers brought by the Changes Directive is also compatible with the FATF’s approach (please see 2.1 Regulatory Overview). These and future regulations are expected to be in compliance with the FATF due to Türkiye’s membership. Since the MTP states that crypto-asset trading platforms will be included in the scope of future regulations, changes are expected to be made in line with the FATF’s regulations on virtual asset service providers (VASPs).

Use of blockchain technologies continues to be uncertain due to lack of specific regulations and definitions; this lack causes critical problems regarding attribution of responsibility to institutions. There has not yet been any formal decision as to which regulatory body in Türkiye would oversee regulating the use of blockchain and the businesses or individuals involved in that use.

Since the usage areas of crypto-assets vary, it is expected that the Draft Law will authorise more than one regulatory institution, such as the TCB or the Turkish Ministry of Trade, regarding transactions and the use of blockchain technologies that concern their jurisdictions.

Some institutions have also stated that they consider making regulations regarding blockchain and cryptocurrencies to be beyond the limits of their responsibility. For example, the CMB stated in the CMB Announcement that “many of the practices for raising funds, often using blockchain technology, also known as ‘cryptocurrency sale’ or ‘token sale’, fall outside the regulatory and oversight scope of our board.”

In the CMB Announcement, the CMB also stated that “it shall vary depending on the concrete case whether or not token sale implementations, which have similarities to and differences from public offering and crowd financing activities, will be within the CMB’s regulatory scope”. This vague statement is likely due to the CMB awaiting the Draft Law’s entry into force prior to  any definite assessment.

Thus, it seems regulatory bodies in Türkiye have not changed their already strict approach following the notable bankruptcies in the blockchain sector in 2022. Likewise, in the FCIB’s announcement regarding the investigation related to FTX, the FCIB emphasised that the market should be approached with maximum caution (please see 1.1 Evolution of the Blockchain Market).

There is no self-regulatory organisation operating in the blockchain field in Türkiye. There are also currently no best practice codes regarding the use of blockchain technology. However, the activities of a number of associations and institutions influence the use of blockchain technologies by businesses and individuals, directly or indirectly.

İstanbul Exchange (Borsa İstanbul) Blockchain Project

Türkiye’s first financial blockchain project was developed by the Borsa İstanbul information technologies team and was implemented in September 2018. The project synchronised the information in the customer databases of Borsa İstanbul’s, Takas İstanbul’s and Merkezi Kayıt İstanbul’s electronic applications. In the project – which was prepared in accordance with the KYC concept, adding new customer information to the specified database – changing existing information and document management is carried out over the blockchain network.

Blockchain Research Laboratory

Blockchain Research Laboratory, which was established by the Scientific and Technological Research Council of Turkey (TÜBİTAK) Informatics and Information Security Advanced Technologies Research Centre (Bilgem), is a useful guide to certain aspects of the study of and application trials regarding blockchain in Türkiye, for the purposes of following the academic literature on blockchain and digital money, and contributing, examining and analysing the technological infrastructures in their practical application.

Blockchain Türkiye Platform (BCTR)

BCTR is an independent and non-profit organisation established on the initiative of the Turkish Informatics Foundation that aims to contribute to Türkiye’s blockchain ecosystem by raising awareness, facilitating discussions and publishing reports.

Blockchain Technologies and Innovation Centre (Istanbul BTC)

Together with members from the commercial sector and top NGOs working in the domains of informatics and education, the Istanbul BTC was established on 2 December 2022. The Istanbul BTC is one of the only significant initiatives launched within Turkish universities regarding blockchain technologies. It offers researchers studying in the blockchain field an effective working and production environment.

In April 2021, an important ruling was made regarding the seizure of cryptocurrencies – a very controversial issue. Under Turkish enforcement law, certain conditions must be met in order for a property or right to be seized:

• it must be legally owned by the debtor;
• it must have an economic value;
• it must be convertible into money; and
• the seizure of the property must not be prohibited by law.

In a case within the jurisdiction of the 14th Enforcement Directorate of İstanbul, the creditor’s attorney demanded that the debtor’s accounts in cryptocurrency exchange platforms be seized. As a result of the evaluation made by said enforcement directorate, an enforcement order was sent to the relevant cryptocurrency exchange platforms and the debtor’s accounts on those platforms were seized. Thereafter, the debtor filed a complaint with the İstanbul Enforcement Court (the “Court”), which was later dismissed.

In its final decision, the Court ruled that “as it was understood that such money should also be considered within the scope of commodities and securities, it was accepted to be a kind of digital currency or virtual currency and therefore could be seized”, deciding that seizure of cryptocurrencies is possible.

Following the debtor’s appeal of the verdict, the relevant regional court approved the Court’s decision as the final verdict. While the decision regarding the seizability of cryptocurrencies became definite, neither the Court nor the regional court specified how the seizure should be executed. 

Thodex Controversy

A lawsuit regarding Thodex, Türkiye’s first global cryptocurrency exchange platform that mediates the buying and selling of cryptocurrencies, still attracts attention. In 2021, Thodex caused extreme concern among its users as speculations of fraud arose. It was later revealed that the CEO had fled abroad.

Later, criminal charges were issued against 21 suspects, including the CEO, for several crimes including:

• establishing and managing an illegal organisation for the purpose of committing a crime;
• fraud by using information systems, banks or credit institutions as tools; and
• laundering of assets resulting from crime.

Prosecutors demanded thousands of years of jail time for each suspect, which is obviously a symbolic claim made to emphasise the severity of the crimes.

After the CEO’s capture by Interpol in Albania in August 2022, his extradition to Türkiye was completed by the final decision of the Albanian court. However, no decision has yet been made before the Turkish court.

Cem Karaca’s NFT Portrait Sale

Another noteworthy judicial process was the disagreement regarding the NFT Portrait Sale of Cem Karaca, a famous musician. A preliminary injunction has been sought in the case by Cem Karaca’s heir, who claimed that the portrait of Cem Karaca had been improperly utilised in both physical form and NFT form. As a result, the Istanbul Third Civil Intellectual and Industrial Property Court addressed NFTs for the first time and granted a preliminary injunction relating to NFTs. The relevant regional court also approved this decision. The ruling is noteworthy since it is the first to deal with NFTs in Türkiye and acknowledge that they might be the subject of a preliminary injunction.

Binance TR, a cryptocurrency exchange platform operating in Türkiye, was issued an administrative fine of TRY8 million on the grounds that it violated its obligations as set forth in the AML Directive, since crypto-asset exchange platforms (being crypto-asset service providers) have had obligations imposed on them under FCIB regulations.

In 2022, upon inspection the FCIB issued approximately TRY18.8 million worth of administrative fines to four crypto-asset service providers (BtcTurk, Birci, Paribu and Icrypex) due to failure to comply with the obligations set forth in the Changes Directive and the CASP Guide.

In 2023, the FCIB launched an investigation against eight crypto-asset wallet owners who imitated the social media accounts of non-governmental organisations or official institutions and/or collected donations as though they were the officials of these organisations and institutions after the earthquake disaster in Türkiye.

On 18 September 2019, the Turkish Republic Ministry of Industry and Technology published the 2023 Industry and Technology Strategy (the “2023 Strategy”). The 2023 Strategy states that it aims at establishing a regulatory sandbox to test whether developed blockchain applications are in compliance with the legislation, certificating those enterprises that pass the test and later supporting them in attracting investments.

Also, the Turkish Presidency Strategy and Budget Administration published the 2020 Presidency Annual Programme (the “2020 Annual Programme”). The 2020 Annual Programme consists of appointing a Finance Office to make the regulatory amendments necessary for the fintech ecosystem to thrive. One measure in the 2020 Annual Programme was the establishment of a “technopark” within the body of the İstanbul Finance Centre: the İstanbul Finance and Technology Base.

In this respect, the Law on the Istanbul Finance Centre entered into force on 28 June 2022 and the İstanbul Finance and Technology Base was established on 11 November 2022.

Currently, no tax regime has been adopted or implemented relating to blockchain or cryptocurrencies in Türkiye. Moreover, no official statement on this issue has been published by the tax authorities.

As per Turkish law, regardless of whether an activity is legal or illegal, taxation is possible if income is derived from a taxable activity; though for income to be subject to taxation, it must be within the scope of one of the income elements listed in the tax laws.

The main uncertainty, however, concerns the taxation of earnings and income of natural persons investing in crypto-assets. This depends on whether the trading of crypto-assets is foreign exchange/digital currency trading, securities trading or commodity trading. Since the Income Tax Law does not include a specific legal qualification regarding crypto-assets, such income is not currently subject to income tax. However, it is anticipated that the enactment of the Draft Law will accelerate the process of other legislation and further evaluation regarding taxation.

For the time being, there is no governmental body commissioned or established to carry out studies on the benefits to be gained from the use of blockchain and/or the challenges it may cause.

However, the Blockchain Dictionary was created by the Presidential Digital Transformation Office, which is a governmental body responsible for the transition of public institutions and organisations to the digital environment and for co-ordinating issues such as cybersecurity and artificial intelligence.

In addition, in 2022 the opening meeting was held of the technical co-operation project “End-to-End Design (Inside the Country) of the Export Process with Blockchain Technology”, developed by the European Bank for Reconstruction and Development and the Ministry of Trade, and financed by the Ministry of Treasury and Finance. This project was planned as consisting of two steps. The first would start with the establishment of the demo blockchain network and end with the proof of concept (PoC) after testing, smart contract-writing and interface creation are completed and sample export transactions are made. The second step would primarily consist of educational activities, such as workshops. The project successfully achieved all its objectives and completed.

Currently, there is no regulatory reform body formed under the aegis of the government. However, the Draft Law is a key item on Türkiye’s agenda, and government bodies are presenting their views on it.

In constitutional law, anything that has property value can be included in the right of property. Thus, digital assets can be protected within the framework of the constitutional right of property. However, as a rule, civil law only includes corporeal assets within the scope of property rights. In other words, a crypto-asset, which is a digital record, cannot benefit from the protection regime introduced for property law, right of property and possession.

In addition, since the principle of numerus clausus is valid regarding intellectual property, it is very difficult to subject it to property rights in the classic private law doctrine. For this reason, there are many problems from the perspective of property law and the law of obligations. In this respect, there is no applicable legal regulation (please see 2.1 Regulatory Overview). Therefore, the right to claim against the “issuer” (if any), the right to claim against crypto-asset service providers or the right of ownership on the bearer where there is a cold wallet are possible. However, it is unclear against whom the right to claim will be asserted, especially in public blockchain networks.

There is no legal description regarding the characterisation of digital assets under Turkish law. For information on the legal status of digital assets, please see 3.1 Ownership and 5.1 Initial Coin Offerings.

The CMB might accept digital assets as an instrument of investment, and thus as security tokens. The TCB also has intentions to regulate currency tokens.

Since there is currently no clear categorisation, if the Draft Law does not determine a singular regulatory authority for blockchain technologies and multiple regulatory authorities are given such authority, different regulatory bodies may classify digital assets in accordance with their scope of authority.

In Türkiye, there is no established legal regime that regulates stablecoins; no distinction between different stablecoins is made.

Nonetheless, since stablecoins are meant to provide price stability and easy conversion options through backing with reserved assets or through algorithmic trading mechanisms, the use of stablecoin platforms has become widespread in Türkiye (eg, BiLira).

However, a recent development that shocked the world also led to many doubts regarding stablecoins. In 2022, TerraUSD or UST, a stablecoin of the Terra blockchain protocol that is fixed to the US dollar, along with its sister token Luna, completely collapsed, losing approximately 98% of its value in a day, causing a shockwave in the cryptocurrency market; additionally, thousands of people suffered huge monetary losses. Consequently, Terra Luna has been de-listed from a number of exchanges, including Binance, meaning that the token can no longer be purchased, though it can still be sold or have its value transferred. Its fugitive founder was arrested in 2023 and it is anticipated that Terra Luna will disappear in the near future.

These developments have raised serious concerns regarding stablecoins and their possible negative effects on the cryptocurrency market. Nevertheless, it is also expected that these developments will be a catalyst for legislative and regulatory efforts (please see 1.1 Evolution of the Blockchain Market).

It is explicitly envisioned in Article 3/2 of the Directive that crypto-assets may not be used in payments in a direct or indirect way. Article 3/3 of the Directive mandates that services using crypto-assets in payments directly or indirectly may not be provided. This is considered a setback in the integration of crypto-assets into Türkiye’s economy, and it is an indicator of the TCB’s resistance to deeming crypto-assets a valid payment instrument.

With the scope of the Directive being unclear, developments in Türkiye, such as publicly known NFT projects and the activity of DeFi platforms, have shown that use of cryptocurrencies in blockchain-based solutions (eg, NFTs, DeFi) is outside the scope of the Directive.

To date, there are no specific regulations in Turkish law regarding the creation, marketing or sale of NFTs. There is also no generally accepted view on the legal nature of digital assets (please see 3.1 Ownership). Any assessment on this topic must be based on the characteristics of each particular case.

Tax uncertainties regarding the use of cryptocurrencies or blockchain also apply to NFTs (please see 2.8 Tax Regime).

Most exchanges in Türkiye, as in the rest of the world, operate as custodial exchanges. There is not yet a Turkish non-custodial exchange market that leaves the users in full control of their digital assets, although there are a number of foreign non-custodial exchanges that provide services in Türkiye.

Since decentralised exchanges are not obliged to comply with Turkish legislation, they are not required to perform any KYC or AML verification. Pursuant to the Changes Directive, crypto-asset service providers – a term that includes crypto-asset trading (exchange) platforms and platforms that perform NFT supply and trading – are obliged to identify their customers and people who act on behalf of the customers (please see 2.1 Regulatory Overview).

There are exchanges in Türkiye that sell digital asset securities, non-security digital assets and NFTs. However, pursuant to the Directive, it would be against the law to trade securities or NFTs with cryptocurrencies in Türkiye (please see 3.4 Use of Digital Assets).

Despite the fact that there is no explicit regulation regarding cryptocurrency exchanges in Türkiye due to the Directive’s approach (please see 3.4 Use of Digital Assets) – other than crypto-asset service providers having obligations under FCIB regulations (please see 2.1 Regulatory Overview) – in practice, there are a number of cryptocurrency exchange platforms/markets where on-ramp and off-ramp exchanges are continuously made (please see 1.3 Decentralised Finance Environment).

Despite the lack of regulation, there is a system behind cryptocurrency exchanges and people are directly subject to an established exchange platform/market, which provides a level of security.

With the amendments made by the Changes Directive, crypto-asset service providers have had obligations imposed on them by the FCIB (please see 2.1 Regulatory Overview).

While “crypto-asset service provider” is not defined in the legislation, the FATF’s definition can be applied for Türkiye, since Türkiye is a FATF member (please see 2.2 International Standards).

Pursuant to the AML Directive, the obligations imposed on crypto-asset service providers are as follows:

• identification (Article 5 et al);
• identification of those acting on behalf of someone else (Article 14);
• checking the authenticity of the documents used for the purpose of confirming the information received within the scope of identification (Article 15);
• paying special attention to complex and unusually large transactions and transactions that do not seem to have a reasonable legal and economic purpose (Article 18);
• taking necessary measures to obtain sufficient information about the purpose of the requested transaction and keeping the information, documents and records obtained in this context in order for them to be presented to the authorities when requested (Article 18);
• continuous monitoring of the compliance of the transactions performed by customers with their profession, commercial activities, work history, financial situation, risk profile and funding sources within the scope of the continuous business relationship and keeping the information, documents and records about their customers up-to-date (Article 19);
• not establishing a business relationship and not performing the requested transaction when identification cannot be made or sufficient information about the purpose of the business relationship cannot be obtained (Article 22);
• reporting of suspicious transactions – according to Article 27, a suspicious transaction is any transaction involving information, suspicion or any other matter that would lead to suspicion about the assets being obtained illegally, or used for illegal purposes or for acts of terrorism, or by terrorist organisations, terrorists or those who finance terrorism (Article 27 et al);
• issuing a suspicious transaction notification form and delivering it to the FCIB (Article 28); and
• the obligation to notify the FCIB regarding the transactions to which crypto-asset service providers are parties, or which they mediated, exceeding the amount to be determined by the Ministry of Treasury and Finance (Article 32).

According to the STN Guide and Law No 5549 Regarding the Prevention of Laundering Proceeds of Crime (the “AML Law”), failure to retain suspicious transaction report forms and their annexes for a period of eight years, as well as failure to submit them to the FCIB and/or audit personnel, may result in imprisonment from one to three years and a judicial fine of up to five thousand days and security measures for legal entities.

Pursuant to the AML Law, the same sanctions apply to:

• disclosure of suspicious transaction reports submitted to the FCIB to any person, except audit personnel and courts during trial; and
• not providing information, documents and records requested by the FCIB and audit personnel fully and accurately, besides all the necessary information and passwords for accessing them or making them readable, and not providing the necessary convenience.

Pursuant to the AML Law and the AML Directive, the FCIB may impose administrative fines on crypto-asset service providers who violate their obligations. Moreover, if they fail to comply with the obligation to create the necessary systems and measures:

• the relevant institution may be notified to take measures to suspend, restrict or cancel their activity permit if the deficiencies are not corrected according to the notifications; and
• administrative fines may be imposed on the responsible board member or, if not present, on the senior manager who violates these obligations.

Also, the FCIB may file a criminal complaint to the Prosecutor’s Office regarding the crimes listed in the Turkish Penal Code (for an example related to this, please see 1.1 Evolution of the Blockchain Market).

There is no regulation in Türkiye on markets for digital assets, regarding permission, capital adequacy, audit, etc. Platforms are generally established as joint stock companies and carry out their activities with their own software and systems.

The only assessment made in this regard is the CMB Announcement concerning token sales, which failed to provide any clarity (please see 2.3 Regulatory Bodies).

Regarding possible future regulations, the Draft Law might aim to regulate this market over intermediary service providers.

The FCIB’s STN Guide regulates the procedures and principles regarding suspicious transactions reporting for crypto-asset service providers. Additionally, since the markets provide services in the online environment, they will primarily be subject to Law No 6563 on Regulation of Electronic Commerce. Fraudulent activities committed through markets for digital assets are also subject to the provisions of the Turkish Penal Code.

To the authors’ knowledge, there are no specific regulatory limits on the ability of a crypto-asset exchange to re-hypothecate (on-transfer) the crypto-assets that third parties hold for customers. It is plausible that intermediary service providers might be subject to a number of responsibilities by regulations, if there is a legislative effort.

There is no regulation under Turkish law regarding hot or cold wallet providers.

Due to the crimes committed through the Thodex crypto money exchange platform (please see 2.5 Judicial Decisions and Litigation), it was determined that the digital assets transferred to Thodex users’ hot wallets were transferred to different platforms by Thodex officials, and thus fraud was committed.

While crowdfunding is regulated in Turkish legislation through the Crowdfunding Communiqué, this regulation does not include any provision regarding cryptocurrencies or blockchain technologies. Hence, initial coin offerings (ICOs) have thus far been neither regulated nor prohibited in Turkish law. However, ICOs are very popular in practice.

The CMB has not yet provided a clear explanation as to the legal nature of crypto-assets (ie, whether or not they are a derivative, capital market instrument, etc), which has caused uncertainty. However, the CMB may intervene in the future, especially since the Draft Law is likely to grant the CMB regulatory authority.

Where ICOs would fit in Turkish law is controversial because the legal nature of the coins subject to ICOs is not definite. Thus, upon assessing pre-existing regulations regarding crowd financing, this issue depends on whether a coin can be considered as money. The Directive has complicated the issue, moving crypto-assets further from the same legal status as money. 

While there is no explicit regulation, the CMB has showcased its approach to ICOs in the CMB Announcement, deeming ICOs “very high risk and speculative investments” and warning people interested in buying digital assets to be aware of the risks and to carefully examine what is promised in exchange for digital assets.

The risks pointed out by the CMB in the CMB Announcement are as follows:

• most ICOs fall outside the scope of regulatory authorities’ purview, and are thus not subject to any regulation or supervision;
• similar to crypto money, the value of the tokens that are bought is extremely volatile;
• collected money may not be used to serve the previously stated purposes;
• the documents that are provided by the sellers may contain incomplete and deceptive information; and
• since the projects that attract funds by using methods such as this are usually at a very early stage, it is possible that the project will fail and the investment be completely lost.

It was later stated in the CMB Announcement that every necessary administrative and criminal measure shall be enacted by the CMB where unauthorised activities are carried out under the term “crowd financing” before sub-legislation enters into force. Additionally, investors were advised to disregard possible crypto-asset sales that might occur under the term “crowd financing”.

Regarding ICOs being considered as securities or commercial activities, it should be noted that the CMB left this discussion open-ended in the CMB Announcement. If the CMB is authorised in the Draft Law, it might make specific regulatory efforts regarding crypto-assets in the future.

At this point, it is safe to say that ICOs do not fall within the category of crowdfunding. This conclusion is drawn from the relevant provisions of the Communiqué on Share-Based Crowdfunding. However, this does not change the crowdfunding-like nature of ICOs. ICOs remain a technological financial solution that does not meet the criteria determined under the legislation for crowdfunding, while having a purpose and logic that shares some properties with crowdfunding.

Another important note regarding ICOs concerns the prohibitions of Article 562 of the Turkish Commercial Law (TCL). This Article prohibits the collection of money from the public with the intention or promise of establishing a company or increasing capital through calling for the public by any means. Where a crypto-asset is provided in return for the money received during an ICO and this is not done for the purpose of establishing a company or increasing capital, the risk of non-compliance with the TCL and CML is minimised.

It should also be stated that ICOs establish a contractual relationship between the participant and the organisers based on the Turkish Law of Obligations. A White Paper defines and regulates this relationship and provides all information regarding the project and any legal disclaimers or risk notices with regards to the participation in the ICO.

Currently, there is no regulation in Turkish law regarding initial exchange offerings (IEOs). However, the Draft Law may provide regulation regarding the institution that will oversee crypto-asset service provider investment consultancy and portfolio management.

Also, in IEOs, the nature and characteristics of the crypto-assets being exchanged (eg, payment instrument, stocks, etc) essentially determines the legal status and rules to which the IEO will adhere. The legal nature of crypto-assets, and which legal principles and regulations will be applied to them, continues to be uncertain. This uncertainty is expected to end once the Draft Law enters into force.

There are no regulations applicable to distributions of tokens to community members likely to utilise a particular protocol via an airdrop or a similar mechanism that does not necessarily involve token purchase.

As of May 2023, there is no regulation exclusive to crypto-assets in Turkish law applicable to investment funds or collective investment schemes that invest in digital assets. It is not impossible, however, for general provisions regarding investment funds to be applicable to crypto-assets.

There are some developments on this front. For example, İşbank has set up a fund called İş Portfolio Blockchain Technologies Composite Fund, and Yapı Kredi has set up Yapı Kredi Portfolio Blockchain Technologies Composite Fund/FTBC1. At least 80% of this fund’s value continuously goes to financial instruments that play a role in research, support and development of blockchain technologies. However, crypto-asset and cryptocurrency market transactions are excluded from the scope of this fund.

There are currently no special regulations that apply to broker-dealers or other financial intermediaries that deal in digital assets in Türkiye. However, crypto-asset service providers are expected to be defined as crypto-asset exchange or retention platforms, or as other institutions that may fall under this category. The Draft Law is also expected to finally determine which institution shall be responsible for regulating crypto-assets, and this is likely to be the CMB.

Pursuant to the current legislation, the liable parties, within the scope of the principles regarding KYC, are obliged to determine the identities of those who make transactions and those on whose behalf the accounts are transacted before any transaction, whether the transaction is made by them or mediated by them, and to take other necessary measures.

In Turkish law, there are no specific laws, regulations or binding judicial decisions that address “smart contracts”.

Smart contracts are pieces of software composed of codes; thus, they are not actually contracts in a literal sense. If a smart contract is accepted as legally being a contract, then, since there is no special provision, the general provisions of the Turkish Law of Obligations (TLO) may apply. It is currently not possible to evaluate legal enforceability and validity of smart contracts in Türkiye since there is no relevant regulation or case law. 

However, with regard to Turkish contract law, the points below must be considered.

• Freedom of contract, which is the right to enter into any contract with any content (apart from for a number of limitations such as regards content that breaches imperative legal rules) with anyone.
• Freedom of form, which is crucial because if a contract has the written form requirement, computer code will not satisfy that requirement, which may lead to the contract being invalid.
• As per Law 805 on the Compulsory Use of Turkish in Economic Institutions, contracts made by and between Turkish companies within Türkiye must be in Turkish; recently, the Supreme Court has started to apply this law to contracts where a foreign company is entering into a contract with a Turkish company that is within Türkiye, which poses a risk.
• Since transactions made on a blockchain, including via smart contracts, cannot be amended, the contract is executed even when it must be accepted as retroactively invalid (eg, error, deception and coercion, where the will to enter into the argument is incapacitated).
• Certain areas of Turkish law aim to protect, by law, one of the parties to a contract, such as employment law, consumer law and rental law. When the smart contract causes automatic execution or ends the contract, these protective provisions may be disabled and this may contradict imperative legal rules. Actions that stem from the nature of smart contracts such as automatic execution must not violate legislation.

As a new development, TOGG offers a smart contract management framework (please see 1.2 Business Models).

There is no consensus yet on the liability of developers of blockchain-based networks (“developers”) or the code that runs on these networks.

It is expected that the responsibility for losses or damages that occur due to blockchain technologies will be assigned to the crypto-asset service providers. Since it is likely that the Draft Law and future regulations will only encompass intermediaries and not the people that program the networks, in such case programmers or the people that operate the technical aspects may be held liable only if they are also intermediaries.

To date, there is no specific product responsibility regulation in Turkish law regarding blockchain. However, provisions regarding sales contracts, contracts of work, contracts of service or agency contracts, and recourse provisions might be applicable.

As stated in 6.1 Enforceability, currently general provisions may apply. Additionally, if the parties have a contractual relationship, contractual liability and – if the conditions are met – tortious liability provisions can also be applied, and the developers may be held liable for damages that were caused by their erroneous or negligent actions or their failure to meet the standard practice and perform their duty of care, on the condition that there is a causal relationship between the damages suffered and such actions/failure. 

However, the fact that developers hail from all over the world is likely to cause complications when determining the appropriate jurisdiction, the enforcement of rules on people from different jurisdictions and the conflict of laws.

In addition, there is currently no explicit regulation or decision in Türkiye that holds developers responsible for losses that arise through the use of software, with the theory being that the developers would be considered fiduciaries.

Currently, there are neither regulations nor prohibitions regarding decentralised finance (DeFi) platforms.

Since cryptocurrencies are not accepted as legal tender or as a payment instrument, it is not possible to deem cryptocurrencies as an asset that can be subject to lending in the near future, especially since carrying out credit and lending processes is assigned exclusively to banks and, pursuant to the Directive, crypto-assets cannot be used as a payment instrument (please see 3.4 Use of Digital Assets).

In this context, there is currently no official institution that carries out money lending processes with cryptocurrency. Thus, regulations that bind them or their licensing are also non-existent.

According to the Directive, crypto-assets are defined as intangible assets that are created virtually by distributed ledger technology or a similar technology and that are distributed over digital networks. However, crypto-assets do not qualify as fiat money, dematerialised money, electronic money, payment instruments, securities or other capital market instruments.

Owing to the Directive, payment service providers cannot develop business models where crypto-assets are directly or indirectly used as a payment instrument or where services are directly or indirectly provided using crypto-assets as a payment instrument.

Since the use of crypto-assets, even for payments, is prohibited, it can be assumed that crypto-assets cannot be used in a pledge or security interest transaction.

The Directive prohibits electronic money and payment institutions from intermediating with platforms that provide custody services for crypto-assets or from transferring funds from these platforms.

Currently, there is no regulation on custodianship for crypto-assets apart from the regulation in the Directive (please see 3.4 Use of Digital Assets).

The Turkish Data Protection Law, numbered 6698 (TDPL), doesn’t include any explicit regulation regarding blockchain technologies. However, the popularity of blockchain technologies and the possibility of the Draft Law introducing specific requirements calls for additional regulatory efforts, including amendments of the TDPL, should be noted.

Even with no explicit regulation in Turkish law regarding the right to be forgotten, compared to the EU General Data Protection Regulation (GDPR), the Turkish Personal Data Protection Board (PDPB) (the decision-making body of the Turkish Personal Data Protection Authority (PDPA)) has mentioned this right in its previous decisions and thus acknowledged it. The PDPB and PDPA being supportive of this right puts blockchain technologies in a compromising position when it comes to compliance with Turkish data protection law and practices.

Although newer blockchain technologies aim to be more compatible with the right to be forgotten, this right contradicts conventional and older blockchain technologies and smart contracts. Transactions made on conventional blockchain technologies, including smart contracts, cannot be amended or in any way changed, which is contradictory to this right – a right that is essentially about erasure of past information. In addition, blockchain technologies (being a decentralised environment) are openly accessible, which contradicts data privacy.

There are also other data privacy issues concerning blockchain technologies, such as lack of a person or institution to extend requests regarding deletion of data, or the right to be forgotten in public blockchain networks and the impossibility of deletion or amendment in private blockchain networks.

Whether the data within the blockchain network qualifies as “personal data” must be evaluated. Currently, there is no definite answer to this question. However, the PDPB frequently references EU law and the GDPR in its decisions, and Turkish data protection law is developing in compliance with the EU perspective. Thus, it is possible that the PDPB will adopt a similar approach to that taken in the Court of Justice of the EU’s Breyer decision, finding that data is still considered to be personal data even if legal means (seeking further information from third parties) are required in order to make a person “identifiable”.

The TDPL and its secondary legislation do not provide specific rules regarding which regulations may apply to the use of blockchain-based products/services. However, the TDPL’s regulations regarding taking the necessary technical and organisational measures and the measures stated in the PDPA’s Guideline on Personal Data Protection (Technical and Organisational Measures) might be applicable.

Blockchain technology, being a decentralised system, does not have a central control body, and consequently there is no central person or authority that regulates and oversees data protection in blockchain technology. This creates issues regarding enforcement, jurisdiction and conflicts of laws, as well as makes it nearly impossible to assess data subjects’ requests and complaints. 

How the personal data protection provisions may apply to blockchain technologies may depend on the blockchain being public or private. While there is an issuer that may be accepted as a data controller in private blockchain networks, in public blockchain networks, who will be deemed to be the data controller and the data processor is much more complicated.

International Data Transfers

Blockchain products’ personal data being retained on the Cloud calls for strict measures to be taken, including bringing to the surface discussions regarding international data transfer.

As such, international data transfer is a problematic topic in Turkish data protection law and the PDPB has previously imposed administrative fines on data controllers in this regard. One of the main problems is the reliance on explicit consent, which is risky as it may be withdrawn at any moment, and is considered to be invalid if it is stated as a prerequisite for provision of services. Even where the processing is not based on explicit consent, an undertaking, or where the transfer is being made within a multinational company, binding corporate rules (BCR) must be submitted for the PDPB’s approval. Also, it must be noted that the GDPR narrowly interprets “legitimate interest”.

In a blockchain environment, meeting the criteria explained above may not be entirely possible since it is not clear whether explicit consent will be obtained or not, and if explicit consent is to be obtained, who will obtain it. If explicit consent will not be obtained and an undertaking will be signed, who the signees will be and with which title they will sign the undertaking are also unresolved issues.

There are no specific provisions or prohibitions regarding cryptocurrency mining. Mining cryptocurrencies by using “proof of work” consensus protocols to validate block transactions is also not prohibited.

Staking as a service or SAAS businesses are neither regulated nor prohibited in Turkish legislation.

In Türkiye, DAOs are not regulated. In fact, the idea behind DAOs may be aimed at sparing these organisations from government regulations and bodies.

DAOs are controlled by a group of members with no central government structures. These anti-centralising and libertarian structures with no leadership eliminate the traditional legal entity elements, as everything is fully transparent and public, with the rules encoded through the smart contracts on the blockchain, helping individuals and groups to easily organise under a DAO.

DAOs are expected to be regulated in sub-legislation that will be drafted in accordance with the Draft Law upon its entry into force (please see 1.1 Evolution of the Blockchain Market). Regulatory authorities may have a stricter approach towards DAOs due to the DAO-hacking incident in 2016 and the allegations made against Toby Hoenisch.

Whether or not DAOs can even be accepted as a company is also a significant issue. In addition to the lack of regulation, no clear explanation or assessment has been made thus far from the point of view of the corporate law doctrine. While the corporate law doctrine’s assessments are anticipated, it is possible that TCL provisions may be applied, even if partially. In that case, the Turkish Ministry of Commerce, the CMB or the BRSA may have the authority to regulate DAOs.

It could be said that smart contracts are the backbone of a DAO in terms of running the organisation’s self-rule mechanism. Rules of DAOs and the administration of financial resources are determined within the framework of that specific smart contract.

The codes of a DAO can only be changed through a voting process. Governance processes in DAOs are typically on-chain as they require governance tokens from the members to propose and vote on decisions. Voting participation thresholds vary from one DAO to another. This threshold can be openly seen through the DAOs’ White Papers or their open-source protocol codes.

It is also not possible for members to spend or share resources without the approval of the other members.

There is no example of engagement between DAOs and native legal entities in Türkiye. Using a legal entity structure under a DAO may, however, help in reducing the cybersecurity risks. From a legal standpoint, traditional legal entities may affect the DAO’s basic values, and liabilities regulated in the relevant applicable law may be brought to the forefront again.