Türkiye enacted a long-anticipated law on blockchain and crypto-assets in 2024, and the law entered into force on 2 July 2024. Through this law, amendments were made to the Capital Markets Law (CML; Law No 6362); new articles were added to the CML, and the Capital Markets Board (CMB) was authorised to regulate and supervise this area via its secondary regulations.

Prominent issues in the field of crypto-assets in Türkiye are as follows:

• qualification conditions, licensing and auditing of crypto-asset service providers (CASPs);
• crypto-asset services, in particular trading and custody services; and
• the tokenisation of real-world assets (RWAs).

Generally, the CML does not cover decentralised exchanges, foreign exchanges meeting certain conditions (eg, having no office in Türkiye, providing services in foreign languages, not targeting residents in Türkiye through local influencers or endorsers), non-fungible tokens (NFTs) or gaming (utility) tokens. The CML aims to ensure that all CASPs, especially crypto-assets exchanges and custodians, comply with high thresholds for financial qualifications and legal liability. This is partly due to the effects of crises, such as those involving FTX and Luna, in the global crypto arena, and the case of Thodex in Türkiye, which can be considered as a local version of FTX.

After the amendments to the CML, the CMB prioritised the matters detailed in the first two points in the foregoing list for secondary regulations. In this context, it started to regulate the transition process in terms of fields of activity, qualification conditions and the licences to be obtained by CASPs according to the various Principal Decisions of 2024.

Finally, the CMB published four communiqués in the Official Gazette dated 13 March 2025. The provisions of these communiqués partly entered into force on 13 and 31 March 2025, and they will be fully in effect from 30 June 2025.

Over the next 12 months, progress towards the establishment of a transition process regarding the matters detailed in the first two points in the foregoing list will be seen in Türkiye, as well as discussions and preparatory work on a detailed secondary regulation regarding the tokenisation of RWAs.

Blockchain is predominantly used for crypto-asset investment and trading in Türkiye. Türkiye has the highest volume of crypto-asset trading in the Middle East and is among the countries with the highest rates of crypto-asset adoption due to its young and technologically proficient population and high inflation.

Another area that has significant potential and attracts attention in Türkiye is the tokenisation of RWAs. For example, The Digital Lira project is being carried out by the Central Bank of the Republic of Türkiye (CBRT) for tokenisation of the Turkish lira.

Other areas where progress is expected are as follows:

• the tokenisation of financial products and capital market instruments;
• the tokenisation of real estate; and
• the tokenisation of precious metals.

Since real estate and gold are important investment tools in Türkiye, as well as globally, it is expected that projects aimed at tokenisation will gain significant momentum in the next one to two years, partly driven by the interest of institutional investors.

Although it is not a hot topic at the moment, it is also expected that artificial intelligence will come to the fore in relation to enterprise blockchain solutions, in parallel with the developments mentioned in the foregoing.

The primary perspective of the CML is that crypto-assets should mainly be stored in cold wallets. Considering that KYC is mandatory for all wallets based on local anti-money laundering (AML) laws and regulations, individuals are considered to own crypto-assets when they are stored in their cold wallets.

In terms of accounts opened on crypto-assets exchanges, even if customers’ crypto-assets are stored in the wallets of crypto-asset exchanges or custodians, since the CML and secondary regulations regulate the separation of funds, all funds and crypto-assets of customers are stored in wallets and bank accounts opened on behalf of customers. Therefore, regardless of the use of private keys and storage (according to the CML), secondary regulations and the agreements signed between customers and CASPs, the owners of the funds and crypto-assets are customers.

Currently, there is no specific block confirmation time limit or “finality criterion” under which a transfer will be considered final. CASPs will be required to ensure that a transaction has been written to the network and is not affected by potential forks, but these matters are left to CASPs’ own risk analyses and procedures.

Digital assets are defined in the CML as crypto-assets – ie, as “intangible assets” that can be created and stored electronically using distributed ledger technology or similar technology, are distributed over digital networks and have value or rights.

Although the definitions section of the CML does not separately define crypto-asset types, such as stablecoins, e-money tokens and asset-referenced tokens, some crypto-asset types are detailed by the CML (and covered the secondary regulations of the CMB), as follows:

• security tokens (“the issuance of securities as crypto-assets” and “crypto-assets that provide rights specific to securities”, according to the CML);
• coins produced for reward and incentive purposes on a blockchain, such as BTC, ETH, SOL, ADA and LITE (“crypto-assets created by developing distributed ledger technology or a similar infrastructure, the value of which cannot be separated from this technology”, according to the CML);
• NFTs (“non-fungible and unique assets used to record the representation and ownership of digital assets”, according to The Communiqué on the Principles of Incorporation and Operation of Crypto-Asset Service Providers (“Communiqué III-35/B.2”); and
• gaming (utility) tokens (“assets used only for the purpose of creating or providing various elements in virtual games”, according to Communiqué III-35/B.2).

Crypto-assets sold through ICO, launchpads, liquidity pools or trading listings on crypto-asset exchanges (defined as “platforms” in the CML) are subject to the CML and the relevant secondary regulations thereunder. Separately, crypto-assets that provide rights related to securities within the scope of their design and purpose are considered “securities”. Since neither the CML nor any other law provides a specific definition, a “crypto-asset” is currently defined according to the following criteria:

• it is a security;
• it is subject to the CML and the CMB’s secondary regulations, as an asset that provides rights specific to securities; or
• it is subject to the CML and CMB regulations as an asset sold on a crypto-asset exchange.

A separate law would have to be introduced for crypto-assets to be able to be defined as commodities or other types of assets.

There is not yet any legal or regulatory characterisation relevant to tokenised securities in Türkiye, although tokenised securities are expected to be subject to secondary regulations from the CMB. Firstly, the CMB may issue a communiqué on tokenised capital market instruments that regulates tokenisation platforms, smart contract audits, International Securities Identification Number (ISIN) assignments and the disclosure of on-chain risks.

There is currently no legal definition or categorisation of stablecoins in Türkiye comparable with, for example, “e-money tokens” as defined under the Markets in Crypto-Assets Regulation (MiCA; effective throughout the EU), and it is expected that stablecoins will in future be regulated by payment services legislation under the authority of the CBRT.

Currently, stablecoins are subject to the provisions of the CML and the secondary regulations issued by the CMB within the scope of crypto-assets sold on crypto-asset exchanges.

Concerning other digital assets, please refer to 2.2 Tokenised Securities.

Payments are not allowed to be made with cryptocurrencies in Türkiye under the Regulation on the Non-Use of Crypto-Assets in Payments of the CBRT.

For an asset to be used as valid collateral, it must first be a legally defined asset type. The definition of crypto-assets as “intangible assets” in the CML and the valuation of crypto-assets sold on crypto-asset exchanges are the fundamental conditions that must be fulfilled for crypto-assets to be used as collateral. Legal practice around the use of crypto-assets as collateral is expected to develop as follows.

Rights and Receivables Pledge

Deposit, current (running/open) account, insurance compensation or non-billed receivables can be pledged with:

• a debtor’s declaration of assignment; or
• a notification/bankbook (account statement) proving the creditor’s possession.

Crypto-assets that are not securities can be used as collateral according to valuation-covenant-delivery mechanisms to be determined within the scope of freedom of contract.

Pledge of Securities

According to the CML and Communiqué II-35.1, securities such as registered shares, bonds and investment fund participation shares at the Central Registry Agency can be used as collateral by giving a “blockage/pledge” note to the investment account.

If the CMB issues a similar secondary regulation for crypto-assets that are considered as security (or security tokens), such crypto-assets will also be able to be used as collateral.

There are no specific laws, regulations, binding judicial decisions or recognised interpretations addressing the legal enforceability of private contractual arrangements made in whole or in part utilising agreed-upon computer code that executes across multiple “nodes” on a blockchain-based network.

These types of agreements can in principle be made within the scope of freedom of contract. However, whether the agreements are enforceable according to their subject, purpose and scope should be examined well in advance, on a case-by-case basis, under different applicable legislations.

No response has been provided in this jurisdiction.

Türkiye has not launched a functioning, open regulatory sandbox for crypto-asset projects. The 2025 Presidential Annual Program, published in the Official Gazette on 30 October 2024, explicitly states that a “regulatory and industry sandbox” will be created during 2025.

The Presidential Finance Office’s FinTech Ecosystem Report 2021 proposed locating the sandbox inside the Istanbul Financial Center (IFC). The venue is ready, but the sandbox framework has not been implemented.

Türkiye’s regulation of crypto-asset activities has unfolded step by step. Presidential Decree No 3941 brought CASPs within the scope of Türkiye’s AML/CTF framework under MASAK. MASAK has since issued detailed guidance on customer due diligence, record-keeping and Travel Rule compliance, updating those rules in mid-2024 to add sector-specific “red flags” and an online portal for reporting suspicious transactions – all in line with Recommendation 15 for Virtual Asset Service Providers (VASPs) of the Financial Action Task Force (FATF).

In 2024, the amended CML became effective. It introduces prudential capital requirements, custody safeguards and full Travel Rule obligations – features designed to reflect FATF Recommendation 15 and to bring Türkiye in closer alignment with the EU’s MiCA framework.

Apart from AML efforts, the CBRT continues to participate in Bank for International Settlements (BIS) projects on tokenisation and central bank digital currencies (CBDCs), aligning its Digital Turkish Lira pilot with BIS standards on interoperability and resilience. The CBRT’s Digital Lira R&D and proof-of-reserves auditing are closely aligned with BIS recommendations on resilience and transparency, forming a regulatory framework that reflects the standards expected of a modern VASP regime.

The CMB is the regulatory body with powers to regulate and supervise capital markets. Crypto-assets and CASPs are defined and positioned under the capital markets legislation of the CML and the secondary regulations of the CMB, and the CMB is at the forefront when it comes to regulating digital assets, blockchain and CASPs. The CMB’s approach is to apply the existing capital market regulations and best practices to crypto-assets (defined in the CML as “intangible assets”) and CASPs, and it tends to treat crypto-assets as a new sub-class of capital market instruments while regulating CASPs under the rules and mechanisms established for intermediary institutions in capital markets. The overall legislative approach is to raise the financial and legal bars for CASPs, to eventually eliminate any potential threat to the overall finance sector and investors.

BRSA

The BRSA is the regulatory body with powers to regulate and supervise the banking sector. Custodians of crypto-assets are determined in the CML as banks and other institutions that may be licensed by the CMB in the future. it is desirable for banks to be the primary custodians of crypto-assets, and the communiqués of the CMB mandate that banks that wish to provide crypto-asset custody services must seek pre-approval from the BRSA. As the crypto-asset sector evolves, the BRSA is expected to take on more roles related to the use and function of crypto-assets in the course of business of banks and other financial institutions.

MASAK

MASAK is the body authorised for regulating, implementing and overseeing the AML/CTF laws and regulations. MASAK’s approach has been to fully implement the FATF recommendations at the local level via its secondary regulations. Through various amendments to the AML/CTF regulations, MASAK had fulfilled all parts of its CASP and crypto-asset regulation agenda, and it has also started to oversee the implementation of these regulations by CASPs.

CBRT

The CBRT has powers to regulate payments, payment services and e-money institutions via its secondary regulations. In 2021, the CBRT issued the “Regulation on the Disuse of Crypto-Assets in Payments”, which bars the use of crypto-assets to pay for goods and services and forbids payment or e-money institutions from routing funds to crypto platforms. The bank stated that crypto’s extreme volatility, irrevocable transactions and vulnerability to crime could cause “irreparable” losses for users, justifying a preventive ban. Seeking a sovereign alternative, the CBRT created the Digital Turkish Lira Collaboration Platform on 15 September 2021 with leading tech partners to explore a CBDC. According to the bank’s 2023 annual report and recent policy blog, pilots will be expanded in 2024–26, covering offline testing and programmable and cross-border functions as a complement to instant payment systems before any issuance decision is made. The CBRT maintains a stance of “cautious innovation”, prohibiting the use of private crypto for payments, supporting stricter market supervision and dedicating resources to its own Digital Lira.

There are no self-regulatory organisations that perform regulatory or quasi-regulatory roles with respect to businesses or individuals using blockchain in Türkiye.

Türkiye has relied on focused task forces inside existing institutions rather than creating a separate blockchain agency. Their cumulative work has already produced a national strategy, a CBDC roadmap, detailed AML rules and – as of 2024–25 – a dedicated licensing regime under the CMB.

In 2019, the Ministry of Industry and Technology and the Presidential Digital Transformation Office (DTO) created the National Blockchain Infrastructure working group while drafting the 2023 Industry and Technology Strategy, outlining priority public sector pilots (in relation to land registry, customs and diplomas), recommending an open-source national blockchain network and a “test-bed” for private sector use cases and highlighting the need for uniform technical standards and interoperability across agencies.

In 2021–24, MASAK created the Crypto-Asset Service Providers Task Force, which classified CASPs as “high risk” for AML/CFT purposes; issued a suspicious transaction reporting guide (updated in 2024) with detailed red flags and mandatory STR timelines; and imposed KYC, record-keeping and on-chain tracing obligations.

In 2022, a multi-agency pilot began on CBDC, with the CBRT creating the Digital Turkish Lira Collaboration Platform. Initial closed-loop tests (December 2022) proved that distributed ledger-based instant payments work, with no performance bottleneck being observed. The pilot has been extended to selected banks and fintechs, with legal studies showing that digital ID integration is critical before retail roll-out.

In 2023, the Presidential Finance Office created the FinTech and Sandbox Steering Group within the IFC, which recommended a regulatory sandbox for blockchain/fintech products such that agencies can observe the results of live testing before licensing. The sandbox is being incorporated into the IFC’s legal framework. There are no public results as yet, but the mandate was published in the 2021 FinTech Ecosystem Report.

Crypto-Assets Accepted as Inheritable Property

The regional appellate court quashed a first-instance refusal to inventory a deceased person’s e-mails, social media and crypto wallet holdings in an estate inventory action. It held that the “digital estate” cannot be ignored merely because Turkish law lacks an explicit definition thereof, and that crypto-assets therefore fall within the full/universal succession rule in Article 599 of the Turkish Civil Code. In practice, the decision obliges probate judges to trace and safeguard private keys and exchange accounts alongside traditional assets.

First Injunction Against an NFT

In the “Cem Karaca portrait” case, the court accepted an injunction blocking the sale of an unauthorised portrait minted and listed on OpenSea as an NFT, in addition to Turkish-wide access bans to the offending URLs. The court treated the NFT as a “format” capable of infringing personality rights under Article 24 of the Turkish Civil Code and portrait rights under Article 86 of the Law on Intellectual and Artistic Works, showing that existing IP/personality provisions can be enforced irrespective of the token being located on a foreign marketplace.

Procedural Law Cases

A first-instance court dismissed a crypto-asset purchase dispute because of lack of jurisdiction, reasoning that a retail investor remains the “consumer” even when buying tokens for investment; the competent forum is therefore the Consumer Court, not the Commercial Court.

In a damages suit arising from a collapsed local exchange, the regional appellate court found that crypto-asset trading is neither an “absolute” nor a “relative” commercial matter, as set forth under Article 4 of the Turkish Commercial Code; therefore, the correct forum is the General Civil Court.

Digital Asset Crime and Exchange Liability: the Thodex Case

The criminal court sentenced the founder of the Thodex crypto-asset exchange and two relatives to 11,196 years’ imprisonment and fines of TRY26.6 billion for fraud, money-laundering and organised crime offences, after finding that the platform sold non-existent crypto-assets and siphoned client funds to cold wallets. The regional appellate court later upheld the core fraud and laundering counts but quashed the organised crime conviction, ordering a retrial on that point while keeping the defendants in custody on the fraud counts. This case demonstrates that the general provisions of the Turkish Penal Code, the MASAK rules and the Banking Law are sufficiently elastic to capture large-scale exchange fraud even in the absence of bespoke criminal legislation.

The most significant enforcement actions Turkish authorities have taken so far against actors in the crypto-asset ecosystem are detailed in the following.

MASAK: The First Administrative Fine

After inspecting Binance TR’s transaction monitoring and customer identification systems, MASAK imposed the statutory maximum administrative fine of TRY8 million (approximately USD750,000 at the time) for breaches of the Law on Prevention of Laundering Proceeds of Crime.

Digital Asset Crime and Exchange Liability: the Thodex Case

The criminal court sentenced the founder of the Thodex crypto-asset exchange and two relatives to 11,196 years’ imprisonment and fines of TRY26.6 billion for fraud, money-laundering and organised-crime offences, after finding that the platform sold non-existent crypto-assets and siphoned client funds to cold wallets. The regional appellate court later upheld the core fraud and laundering counts but quashed the organised crime conviction, ordering a retrial on that point while keeping the defendants in custody on the fraud counts.

Early Exchange Collapse: Vebitcoin

Only days after Thodex imploded, the crypto-asset exchange Vebitcoin halted withdrawals. Prosecutors in the city of Mugla ordered the arrest of four senior staff, seized exchange accounts and opened a fraud investigation. The twin collapses prompted the government to accelerate both the introduction of the MASAK guidelines (May 2021) and the amendments to the CML.

Large-Scale Cybercrime Sweeps: Operation CyberEye

The Interior Ministry’s cyber-crime unit led a 21-city raid of the operators of the pseudo-exchange Smart Trade Coin in 2024; 127 suspects were detained for running a multilevel scheme that promised “zero-risk high returns”, and authorities froze or seized real estate, vehicles and digital wallets worth TRY1 billion.

The CMB Blocks Unlicensed Exchanges

The CMB blocked 22 foreign exchanges, including MEXC and HTX, in 2024. After the CML brought CASPs under the CMB’s powers, the CMB gave offshore platforms until 2 October 2024 to either incorporate a Turkish entity and seek authorisation or to wind down. When the aforementioned 22 exchanges ignored the deadline, the CMB obtained nationwide access bans and had their domains delisted by ISPs, effectively cutting them off from Turkish users.

The tax regime in Türkiye still contains no bespoke provisions for crypto-assets. During 2024–25, the Treasury and Finance Ministry floated a 0.03% transaction levy on trades in shares and crypto-assets as part of a broader revenue package, but Parliament has not enacted it and the government signalled it might narrow or shelve the idea.

Türkiye has endorsed the OECD Crypto-Asset Reporting Framework but has not issued implementing rules or timelines.

Dedicated ESG disclosure rules on digital-asset businesses have not yet been imposed in Türkiye, but the general sustainable finance architecture captures CASPs and token issuers whenever they meet the relevant size or listing tests: large undertakings (total assets ≥ TRY500 million, net sales revenue ≥ TRY1 billion and ≥ 250 employees – any two for two consecutive years) must publish sustainability reports consistent with Turkish Sustainability Reporting Standards (TSRS) 1 and 2 (the verbatim Turkish translations of International Financial Reporting Standards (IFRS) S1 and S2).

Overview

Türkiye has chosen not to carve out a space for blockchain or crypto-assets under its privacy framework; instead, the Law on the Protection of Personal Data (Law No 6698) of the Turkish Data Protection Authority (Kişisel Verileri Koruma Kurumu; KVKK) applies by default, as Communiqué III-35/B.1 makes explicit.

There is an inherent conflict between blockchain and the rights to erasure and to be forgotten (Articles 7 and 11 of the KVKK, respectively) due to the following features of blockchain:

• blocks are immutable;
• data cannot be physically deleted;
• historical blocks cannot be rewritten;
• full-ledger replication means every node stores every datum; and
• nodes usually sit in multiple jurisdictions.

However, there may be various mitigation actions, such as storing only hashed pointers on-chain and keeping raw personal data in an off-chain database that can be deleted or encrypted. Destroying the off-chain key can satisfy KVKK’s “irreversible” deletion test.

Until bespoke technical solutions or legislative tweaks emerge, compliant Web3 design in Türkiye will hinge on “keeping personal data off-chain, encrypting what must stay on-chain, and planning robust cross-border transfer mechanisms”.

Cross-border replication of personal data on public chains must meet the KVKK’s cross-border transfer regime (adequacy decisions, binding corporate rules, or the local data protection authority’s standard contractual clauses).

Communiqué III-35/B.1

Communiqué III-35/B.1 expressly incorporates KVKK duties into the crypto-asset regulatory framework and puts CASPs on the hook for the way they collect, secure, use and disclose personal data.

CASPs must ensure the security of all customer information, in accordance with Article 12/5 – Conflict of Interest Policy, and comply with the KVKK when customer data are shared with any third parties (Article 12/5 – Marketing & Disclosure). These obligations mean that Communiqué III-35/B.1 embeds KVKK’s security and confidentiality duties (adequate technical/organisational measures, access controls and encryption) into the CMB licensing test, and necessitates that written data sharing agreements (including processor clauses and transfer mechanisms) and clear consent records are in place before promotional collaborations or cloud outsourcing is permitted.