Relevant Regulators

The most important regulator for crypto-asset businesses is the Capital Markets Board of Türkiye (CMB/SPK), which licenses and supervises CASPs and regulates their establishment, operation, suspension, custody, capital adequacy, internal systems, audit and related obligations. MASAK, under the Ministry of Treasury and Finance, is the key AML/CFT authority and supervises customer due diligence, suspicious transaction reporting, Travel Rule and risk-based compliance obligations for CASPs.

The Central Bank of the Republic of Türkiye (CBRT/TCMB) is relevant where crypto-assets intersect with payments, e-money, payment institutions and the Digital Turkish Lira; its 2021 regulation continues to prohibit the direct or indirect use of crypto-assets in payments and restricts payment/e-money institutions from intermediating certain crypto-platform flows.

Depending on the business model, the Banking Regulation and Supervision Agency (BRSA/BDDK) may be relevant for banks and bank outsourcing or IT arrangements, while the Turkish Personal Data Protection Authority may be relevant where blockchain products process personal data.

International Alignment

Türkiye has generally acted as a fast follower aligning its domestic framework with international standards, rather than positioning itself as a global rule-setter. The clearest alignment is with the FATF: Türkiye was removed from the FATF’s increased-monitoring list in June 2024, and MASAK’s 2025 crypto guidance and Communiqué No 29 reflect FATF-style AML/CFT expectations, including risk-based controls, enhanced due diligence and Travel Rule implementation. The CMB’s CASP framework also broadly tracks the direction of IOSCO and FSB recommendations by focusing on licensing, custody, governance, conflicts, market integrity, operational controls and investor protection, although Türkiye has not adopted those international frameworks wholesale and areas such as DeFi and stablecoins remain less developed.

On the BIS/CBDC side, the CBRT’s Digital Turkish Lira project reflects international central-bank themes such as privacy, interoperability, “do no harm”, programmable payments, offline payments and cross-border experimentation, but this remains a central bank digital currency R&D track rather than a liberalisation of private crypto-assets for payment use.

How Are Crypto-Assets Characterised/Classified by Regulators in Türkiye?

Turkish law defines crypto-assets broadly as intangible assets that may represent value or rights, are created and stored electronically using distributed ledger technology or similar technology, and are distributed through digital networks. The framework does not yet adopt a detailed MiCA-style taxonomy separating, for example, asset-referenced tokens, e-money tokens and utility tokens. Instead, the regulatory approach is functional: the Capital Markets Law and CMB communiqués define crypto-assets, wallets, custody services, platforms, tokens and crypto-asset service providers, and the regulatory consequences depend mainly on the activity performed and the rights represented by the asset.

Are Crypto-Assets Subject to Existing Regulatory Frameworks in Türkiye, and Is There a Specific Regulatory Framework for Crypto-Assets?

Türkiye has a specific crypto-asset regulatory framework under the Capital Markets Law, as amended by Law No 7518 in 2024, and the CMB’s 2025 secondary legislation. The two principal communiqués are Communiqué III-35/B.1, which governs the establishment, authorisation, operation and suspension of crypto-asset service providers, and Communiqué III-35/B.2, which regulates their services, operating principles, listing rules, settlement, capital and capital adequacy. Crypto-assets and crypto businesses may also be affected by other frameworks, including MASAK AML/CFT rules, the Central Bank payment restriction, data protection law, tax law, and general contract and consumer protection rules.

Which Activities in Crypto-Assets are Regulated in Türkiye?

The regulated perimeter primarily covers CASPs. This includes platforms where one or more of crypto-asset trading, initial sale or distribution, exchange, transfer and related custody activities are carried out, as well as institutions providing crypto-asset custody services and other crypto-asset-related services designated by CMB regulation. In practice, activities such as operating a crypto exchange, receiving and executing customer orders, facilitating transfers, providing custody or private-key management, intermediating initial sales or distributions, and maintaining the related settlement and reconciliation infrastructure require CMB analysis and, where applicable, CMB authorisation. AML obligations supervised by MASAK apply in parallel.

Which Activities and Products in Crypto-Assets are Prohibited in Türkiye?

Holding or trading crypto-assets is not prohibited as such, provided the relevant service provider operates within the applicable regulatory framework. The clearest product-level prohibition remains payments: crypto-assets cannot be used directly or indirectly as a means of payment, and payment and e-money institutions may not intermediate certain fund transfers to or from platforms providing crypto-asset trading, custody, transfer or issuance services. Unauthorised CASP activity is also prohibited, and CASPs must remain within the scope of activities approved by the CMB. These core restrictions are not framed around a retail/professional distinction; they generally apply regardless of whether the end user is a retail or professional client, although additional investor-protection and capital-markets rules may become relevant depending on the product structure.

Are Any New Crypto-Asset Regulations Coming Into Force in Türkiye in the Next 12 Months, and If So What Do They Cover?

As of May 2026, no entirely new standalone crypto-asset statute has been officially announced as coming into force in the next 12 months. The main expected developments are implementation and transition under the existing 2024–2025 framework: authorisation processes, custody arrangements, capital adequacy, information-systems compliance, proof-of-reserves, remote onboarding and AML/Travel Rule compliance. In February 2026, the remote identification and electronic contracting communiqué was amended to include CASPs, and in March 2026 the CMB extended certain deadlines relating to custody agreements and authorisation certificates, indicating that the next phase will focus on operationalising the existing regime rather than replacing it.

Use of a Legal Wrapper

Using a legal wrapper, such as a fund, does not generally take the underlying crypto activity outside the Turkish regulatory perimeter. If the fund, its manager or another group entity provides crypto-asset services in Türkiye – for example, trading-platform, custody, transfer, initial sale/distribution or related intermediation services – the CMB CASP regime must still be considered. A fund wrapper may change the investor-facing product from direct crypto exposure to fund units, but it does not neutralise licensing, custody, AML, disclosure or payment-law restrictions applicable to the underlying activity. This is particularly important because the CMB’s 2025 crypto communiqués regulate CASP establishment, activities, custody, operating principles and capital adequacy, while Turkish investment funds are themselves subject to CMB fund rules, prospectus/disclosure requirements and portfolio-custody arrangements.

Regulatory Consequences for Regulated Firms and Investment Funds

Regulated firms and investment funds with crypto-asset exposure must analyse the exposure through both the crypto-asset framework and the ordinary rules applicable to their regulated status. Portfolio management companies and funds remain subject to CMB approval, disclosure, valuation, custody, risk-management and conduct-of-business expectations; fund assets must be held through authorised portfolio custody arrangements, and fund documents should clearly disclose the investment strategy, risks, portfolio limits, valuation methodology and service providers.

Existing Turkish “blockchain” themed funds generally appear to provide indirect exposure through blockchain-related equities, indices or ETFs rather than direct holding of crypto-assets, which is a safer regulatory model under the current fund framework. Where direct crypto exposure is contemplated, additional issues arise around whether the asset is eligible for the relevant fund type, how it will be valued, where and by whom it will be custodied, whether the counterparty is a CMB-authorised CASP or custodian, and whether the product is suitable for retail investors or only for qualified investors, such as in the case of hedge-type/“serbest” funds.

Is There a Viable Crypto-Asset Issuance/ICO/TGE Industry in Türkiye, and What Are the Requirements to Launch a Crypto-Asset From Türkiye?

Türkiye does not yet have a large standalone ICO/TGE market comparable to earlier offshore token-sale jurisdictions, but token issuance and initial sale/distribution are now expressly contemplated within the CMB-regulated crypto framework. Under Communiqué III-35/B.2, intermediation of the initial sale or distribution of crypto-assets is a regulated activity that may be carried out only by CMB-authorised crypto-asset platforms. The platform must:

• assess the token’s legal nature;
• review the smart contract;
• ensure that minimum listing criteria are met;
• confirm that custody infrastructure can be established; and
• verify compliance with any sector-specific rules if the token represents an asset or right falling within another regulator’s remit.

If the token qualifies as, or gives rights equivalent to, a capital markets instrument, ordinary CMB securities rules may also apply, including any future CMB determinations on issuance and electronic record-keeping of capital markets instruments as crypto-assets.

Are There White Paper or Other Disclosure Requirements for Selling a Crypto-Asset Into Türkiye?

Türkiye does not currently have a MiCA-style mandatory crypto White Paper regime for all token sales. Instead, disclosure is mainly channelled through the CMB-regulated platform framework. Platforms must:

• establish written listing and delisting procedures;
• assess factors such as the rights attached to the token, supply, transaction history, security, traceability, manipulation risk, issuer/project-owner background, regulatory status and concentration of ownership; and
• publish their current listed-assets list and listing procedure on their websites.

For NFTs and in-game digital assets traded in a separate market outside the statutory listing regime, platforms must display a specific notice that those assets are outside the Capital Markets Law listing principles and are not subject to CMB supervision. Where a token constitutes or represents a capital markets instrument, standard securities disclosure/prospectus rules may become relevant in addition to the crypto platform rules.

Is There a Framework Dealing With Market Abuse/Insider Trading, and If So What Behaviour Is Prohibited?

Türkiye has a well-established market abuse framework under the Capital Markets Law for traditional capital markets, including insider dealing and market manipulation. Article 106 prohibits trading, amending or cancelling orders on the basis of non-public information capable of affecting the price, value or investment decisions relating to capital markets instruments, where a benefit is obtained. Article 107 prohibits manipulative trading conduct, such as creating a false or misleading impression about prices, price movements, supply or demand, and also prohibits spreading false or misleading information, rumours, comments or reports to influence prices or investor decisions.

For crypto-assets, the 2024 amendments added a more targeted platform-based rule: except for crypto-assets that the CMB considers to be widely traded and priced in foreign markets, Article 104 on market-disruptive actions applies to platform transactions that cannot be explained by a reasonable economic basis and that may undermine the platform’s reliable, transparent and stable operation. Platforms must also establish surveillance systems, detect and prevent disruptive conduct, restrict or close relevant accounts where necessary, and report their findings to the CMB.

How Does the Crypto Market Abuse Framework Differ From That Applied to Traditional Securities?

The traditional securities framework is broader and more settled: insider dealing and market manipulation offences are built around “capital markets instruments”, issuers and price-sensitive non-public information. By contrast, the crypto framework is still narrower and more activity-based. General insider dealing and market manipulation offences should clearly apply where a crypto-asset itself qualifies as, or represents rights specific to, a capital markets instrument; however, they do not automatically map onto every listed crypto-asset in the same way they apply to listed shares or debt instruments.

For other platform-traded crypto-assets, the main express rule is the Article 104-style “market-disruptive actions” regime under Article 35/C, combined with platform surveillance and reporting obligations. As a result, conduct such as wash trading, spoofing, abusive self-trading or unexplained price manipulation on a Turkish platform may be captured, but “trading on inside information” about a token listing, project announcement or protocol event is not yet regulated with the same detailed issuer-focused architecture that applies to traditional securities, unless the asset or transaction falls within the capital markets instrument perimeter.

Notable Enforcement Actions and Consequences

Türkiye’s crypto enforcement has so far focused mainly on bringing the market into the CMB licensing perimeter and blocking unauthorised online activity, rather than on a long history of public sanctions against fully licensed crypto firms, since the regime is still relatively new. The CMB has repeatedly initiated access-blocking procedures for websites found to be providing unauthorised crypto-asset services to Turkish residents or offshore leveraged trading services, including decisions published in 2025 bulletins.

The consequences of non-compliance may include:

• access blocking;
• suspension or restriction of activities;
• removal from transitional lists;
• administrative measures;
• MASAK administrative fines for AML breaches; and
• criminal exposure for unauthorised CASP activity.

MASAK also states that repeated AML non-compliance may ultimately be referred to the relevant authority for activity restriction, suspension or licence cancellation. Overall, enforcement is becoming increasingly active and formal, particularly against unauthorised or cross-border platforms.

Cross-Border Breaches

The CMB’s approach to cross-border crypto activity is territorial and user-targeting based. Offshore platforms may be treated as carrying out unauthorised CASP activity if they target Turkish residents – for example through Turkish-language services, marketing, customer acquisition or other Turkey-facing activities. The CMB has used access-blocking mechanisms under Articles 99/A and 99 of the Capital Markets Law against websites determined to be providing unauthorised services to persons in Türkiye. This means that foreign firms should not assume that being incorporated outside Türkiye avoids Turkish regulation if the commercial reality is that Turkish users are being solicited or served.

Likely Direction Over the Next 12 Months

The regulators’ approach is likely to become stricter in practice, even if the next phase is more about implementation than new primary legislation. The CMB’s 2025 communiqués created the detailed licensing, custody, capital adequacy, internal systems and audit framework for CASPs, and the CMB has continued to manage transition issues, including 2026 extensions relating to custody agreements and authorisation certificates. MASAK also updated its CASP guidance in September 2025, confirming that AML/CFT compliance remains a priority. Accordingly, enforcement is expected to focus on licensing readiness, custody compliance, AML/Travel Rule controls, unauthorised foreign platforms and misleading Turkey-facing marketing.

Triggers for Requiring a Licence

Türkiye does not license the use of blockchain technology as such; the licence trigger is the provision of regulated crypto-asset services. A CMB licence analysis is required where a business operates as a CASP, including as a platform on which crypto-asset purchase and sale, initial sale or distribution, exchange, transfer, related custody or other CMB-designated transactions are carried out, or as a crypto-asset custody service provider. In practice, operating a Turkish-facing exchange, broker-type platform, custody service, wallet/private-key management service, transfer infrastructure or token initial-sale/distribution channel may trigger CMB authorisation, together with MASAK AML/CFT obligations. The core licensing framework is set out in Law No 7518 and the CMB’s 2025 Communiqués III-35/B.1 and III-35/B.2.

Territorial Scope and Offshore Firms

The Turkish regime is aimed not only at entities incorporated in Türkiye but also at services directed at persons resident in Türkiye. Foreign CASPs were required to terminate Türkiye-facing activities by 2 October 2024 if they were conducting activities within the meaning of Article 99/A of the Capital Markets Law. The CMB has also indicated that additional criteria may be used to assess whether activities are directed at Turkish residents.

Conversely, services obtained entirely on a user’s own initiative from an offshore provider, without Türkiye-facing promotion, marketing or solicitation, are generally treated differently from active targeting. A foreign entity is not automatically required to set up in Türkiye merely because a board member is located there, but if management, operations, marketing or customer-facing activity are in substance carried out from or directed at Türkiye, CMB licensing and local establishment issues may arise. To obtain authorisation, a CASP must generally be structured as a Turkish joint-stock company with the governance, capital and organisational requirements prescribed by the CMB.

Grandfathering and Transitional Operation

Because the licensing requirements are new, Türkiye introduced transitional provisions for existing CASPs. Providers operating as of 2 July 2024 that wished to continue were required to submit the prescribed declaration and documents to the CMB by 2 August 2024; those wishing to exit could file a liquidation declaration instead. The CMB’s “Faaliyette Bulunanlar Listesi” is only a temporary public-information list for entities that declared an intention to continue operating, and the CMB expressly states that inclusion on the list does not mean the entity is authorised. Existing providers relying on the transition must still apply for operating permission, comply with the CMB and MASAK framework, and remain subject to restrictions, deadlines and possible removal or enforcement if they fail to meet requirements. In March 2026, the CMB further extended certain deadlines for custody agreements and authorisation certificates, with new timing to be set once CMB-authorised custodians provide services to platforms on a widespread basis.

To obtain authorisation as a CASP in Türkiye, an applicant must proceed through the CMB process under Communiqués III-35/B.1 and III-35/B.2. The applicant must generally be established as a Turkish joint-stock company, and have registered shares issued for cash, fully paid-up capital and shareholders/founders satisfying fit-and-proper conditions, with a transparent ownership structure and articles of association limited to CMB-authorised crypto-asset activities. The process is effectively two-stage:

• the founders apply to the CMB for establishment permission with the articles and supporting documents; and
• after establishment permission, the provider must apply for an operating licence within six months, failing which the right to obtain the licence lapses unless the CMB grants an extension.

Before granting operating permission, the CMB must be satisfied that the applicant has the required organisation, personnel, systems and controls, and it may request additional information, independent audit, rating or information-systems review, including with TÜBİTAK and other public bodies.

The substance requirements are significant. The provider must establish service units, internal audit, internal control and risk-management functions, written policies including conflict-of-interest procedures, complaint-handling mechanisms, price-surveillance systems for platforms, MKK technical integration, information-security infrastructure compliant with the CMB information-systems rules and TÜBİTAK infrastructure criteria, and custody/private-key infrastructure where relevant.

Senior management is also regulated: the general manager and deputy general managers must have at least seven years’ professional experience in financial markets, IT, information technologies or fintech; the general manager must be full-time, resident in Türkiye and employed exclusively for that role; and CMB approval is required for general manager and deputy general manager appointments. Personnel and managers must generally meet education and integrity standards, and the board must have at least three members, with a majority being four-year university graduates.

Prudentially, platforms and custodians must meet minimum capital, own-funds, capital-adequacy, liquidity and reporting requirements. For 2026, the minimum establishment capital has been updated to TRY250 million (approximately USD5.49 million as of May 2026) for crypto-asset platforms and TRY630 million (approximately USD13.82 million as of May 2026) for crypto-asset custody institutions, following the CMB’s annual revaluation of the monetary thresholds under Communiqué III-35/B.2. These amounts are capable of being re-determined by the CMB by reference to the annual revaluation rate.

Own funds must not fall below the applicable minimum capital, platforms must satisfy a capital-adequacy base requirement linked to risk exposure and recent operating expenses, total liabilities may not exceed three times the capital-adequacy base, and platforms must keep customer crypto-assets mainly with authorised custodians, subject to custody limits and a liquid-reserve obligation.

Banks wishing to provide crypto-asset custody are subject to modified requirements and also need the Banking Regulation and Supervision Agency’s favourable preliminary view and activity-expansion approval.

In Türkiye, acquisitions of licensed CASPs are subject to CMB change-of-control approval under Communiqué III-35/B.1. Prior CMB permission is required for direct or indirect acquisitions that result in a person becoming a shareholder with 10% or more of the capital or voting rights, and for transactions causing an existing shareholder’s direct or indirect holding to exceed or fall below the 10%, 20%, 33% or 50% thresholds. The same approval logic applies where share transfers at the level of a legal-entity shareholder result in an indirect change at those thresholds or a change in control over the CASP.

Transfers of privileged shares giving management or voting influence should also be treated as approval-sensitive even if the numerical thresholds are not crossed. The acquirer and any new qualifying shareholders must satisfy the fit-and-proper requirements applicable to CASP founders and shareholders, including integrity, financial soundness, transparency of ownership and absence of disqualifying regulatory or criminal history. The CMB’s review is therefore not limited to the share purchase itself; it also covers the suitability of the post-acquisition ownership and control structure. Transactions completed without the required CMB approval may be ineffective for regulatory purposes and may expose the parties and the target CASP to supervisory measures.

A Turkish CASP licence cannot be passported into other jurisdictions and does not create automatic market-access rights abroad. The CMB licence is a domestic authorisation under Türkiye’s Capital Markets Law and the CMB’s 2025 CASP communiqués, and its effect is limited to carrying out authorised activities within the Turkish regulatory perimeter. In particular, it does not give access to the EU’s MiCA passporting regime, which is available only within the EU framework for CASPs authorised by an EU national competent authority.

A Turkish licence may nevertheless be helpful in practice as evidence of regulatory substance, governance, custody arrangements, AML controls and operational readiness when applying elsewhere, but the firm would still need to comply with the target jurisdiction’s own licensing, registration, local substance, marketing, AML, consumer-protection and prudential requirements. Conversely, a foreign licence does not by itself allow a firm to serve Turkish residents if the activity falls within Türkiye’s CASP perimeter; Türkiye-facing services may require local CMB authorisation and compliance with Turkish rules.

Cross-Border Sale of Blockchain and Crypto-Asset Services Into Türkiye

Cross-border marketing of crypto-asset services into Türkiye is restricted where the activity falls within the Turkish CASP perimeter. A foreign platform may be treated as carrying out unauthorised CASP activity if it provides services to persons resident in Türkiye or offers a prohibited crypto-asset activity to Turkish residents. The legislation and CMB guidance treat factors such as opening a workplace in Türkiye, operating a Turkish-language website, or conducting direct or Turkey-intermediated promotion and marketing for crypto-asset services as indicators that the activity is directed at Türkiye. Such firms may therefore need CMB authorisation rather than simply relying on an offshore licence. There is no general pre-approval requirement for each advertisement, nor a MiCA-style universal White Paper approval regime, but CMB-authorised platforms must comply with listing, customer disclosure, record-keeping and conduct rules, and unauthorised Turkey-facing services may be subject to access blocking and other sanctions.

Exemptions and Reverse Solicitation

Türkiye does not have a broad statutory passporting or marketing exemption for foreign crypto firms. However, the framework recognises a distinction between active targeting of Turkish residents and services accessed by users on their own initiative. In practical terms, a narrow reverse-solicitation analysis may be available where the foreign provider does not maintain a Turkish presence, Turkish-language targeting, Turkish marketing campaign, local introducer network or other conduct showing active solicitation of Turkish residents. This should be applied cautiously: the CMB may determine additional criteria for when an activity is deemed Türkiye-facing, and the use of Turkish-language interfaces, local campaigns, referral arrangements or Turkey-specific onboarding would materially weaken any reverse-solicitation argument.

Marketing Requirements for Digital Assets

CMB-authorised CASPs are subject to bespoke advertising, announcement, publication, promotion and disclosure rules. Marketing must be objective and must not be false, misleading or exploit customers’ lack of knowledge or experience. CASPs may not:

• promise guaranteed returns or protection from losses;
• suggest that customers will always profit;
• imply that transactions are risk-free, guaranteed, officially secured or require no expertise;
• use unsupported claims that unfairly promote the provider;
• refer to specific price targets; or
• use sensitive religious, cultural or social themes.

Certain promotional campaigns are also prohibited, including high-value reward campaigns, referral-benefit schemes, campaigns with unforeseeable costs, or promotions that direct customers towards investing in one or more crypto-assets. These specific CMB rules apply alongside Türkiye’s general advertising regime, which covers consumer-facing commercial advertisements and unfair commercial practices and is designed to prevent misleading advertising and protect consumers.

External firms cannot generally use a white-label structure to sell crypto-asset services into Türkiye merely by relying on another entity’s CMB licence. The Turkish regime licenses the entity that actually provides crypto-asset services to Turkish customers, and the 2025 CMB communiqués regulate CASP establishment, operation, custody, capital adequacy and service provision on an entity-specific basis. A licensed Turkish CASP may use third-party technology or infrastructure providers, including white-label software, but the licensed CASP must remain the contracting, customer-facing and responsible regulated entity, and must retain control over compliance, custody, AML, outsourcing risk, information systems, records and customer disclosures.

If the external firm markets under its own brand, onboards Turkish users, executes or intermediates trades, provides custody/wallet services, or otherwise appears to provide regulated crypto-asset services in Türkiye, it may itself be treated as carrying out unauthorised CASP activity. The same risk applies to offshore firms targeting Turkish residents through Turkish-language services, local promotion or other Türkiye-facing activity.

Is DeFi Permitted in Türkiye?

Türkiye does not have a bespoke DeFi regime and does not expressly prohibit individuals from interacting with decentralised protocols on their own initiative. However, the analysis changes if there is an identifiable person or entity operating a front-end, arranging access, marketing to Turkish residents, holding client assets, executing orders, providing custody, facilitating transfers or otherwise carrying on crypto-asset services as a business. In that case, the activity may fall within the CMB CASP perimeter, which covers order execution, settlement, transfer, custody, initial sale/distribution intermediation, investment advice and other CMB-designated services. The CMB rules also expressly capture peer-to-peer digital marketplace operation as platform activity, while offshore services accessed solely on a Turkish user’s own initiative and without Türkiye-facing marketing are treated as outside the communiqué’s scope.

Can CeFi Firms Utilise DeFi When Providing Products or Services Into Türkiye?

A Turkish CeFi platform cannot assume that DeFi may be used freely behind the scenes or as a customer product. A licensed platform may only conduct authorised activities and must comply with custody, customer-asset segregation, MKK reconciliation, AML/CFT, disclosure, information-systems and risk-management requirements. Some blockchain-native operations are contemplated: for example, where the structure of a network requires crypto-assets to be locked, platforms may conduct lock-up and return-in-kind transactions at the customer’s request under the customer framework agreement.

However, many common DeFi products would raise serious regulatory issues: listed crypto-assets on platforms may not be traded with leverage, made subject to derivatives, margin lending, short sale or lending/borrowing transactions, and customer portfolio management by the platform is prohibited. DeFi use would therefore need to be assessed case by case, particularly for custody/control of private keys, smart-contract risk, counterparty anonymity, sanctions and Travel Rule compliance, asset eligibility, customer disclosures, and whether the arrangement amounts to an unauthorised lending, derivative, portfolio-management or payment product.

Common DeFi Structures

Türkiye does not have a recognised decentralised autonomous organisation (DAO) legal form or a dedicated DeFi wrapper. A genuinely decentralised protocol accessed by users on their own initiative may not have a Turkish corporate vehicle at all, but any identifiable operator, front-end provider, treasury manager, developer company or marketing entity creates a potential regulatory and liability touchpoint.

In practice, where a Turkish legal wrapper is used, projects generally look to ordinary Turkish structures such as a joint-stock company, limited liability company, co-operative, association or foundation depending on whether the activity is commercial, governance-oriented, community-based or non-profit. However, a structure that provides regulated crypto-asset services must generally use the CMB-authorised crypto-asset service provider model; under the CMB framework, crypto-asset platforms and custody providers are regulated entities, and platform activity includes crypto-asset purchase and sale, initial sale or distribution, exchange, transfer and related custody operations.

Turkish law also does not give DAOs separate legal personality; if participants organise around a common economic purpose without using a recognised legal form, ordinary partnership analysis and associated liability risks may arise under general obligations law.

Set-Up Requirements

There is no simple “DeFi set-up” registration in Türkiye. If the structure is only developing open-source software or conducting non-regulated research, ordinary company, tax, employment, IP and data-protection requirements may be sufficient. If, however, the structure provides Turkish-facing crypto-asset services, it must be assessed under the CMB CASP regime. A regulated CASP must generally be established as a Turkish joint-stock company, with registered shares issued for cash, fully paid-up capital, transparent ownership, fit-and-proper founders and shareholders, CMB establishment and operating permissions, internal control, internal audit, risk management, information systems, custody and record-keeping arrangements.

For 2026, the minimum establishment capital is TRY250 million for crypto-asset platforms and TRY630 million for crypto-asset custody institutions, following the CMB’s annual revaluation of the monetary thresholds. These substance, capital, custody, AML and governance requirements are difficult to reconcile with a fully decentralised DAO, so Türkiye-facing DeFi structures usually need either to remain genuinely non-custodial and non-solicited or to operate through a compliant regulated entity.

In Türkiye, courts and regulators have not yet developed a DeFi-specific liability doctrine, and there do not appear to be any major published enforcement actions specifically concerning harm caused by DeFi. Liability is therefore assessed under general legal principles and the new crypto-asset framework. Where a protocol is genuinely decentralised and accessed by users on their own initiative, identifying a liable person may be difficult. However, if there is an identifiable front-end operator, developer company, management team, marketer, custodian or other intermediary targeting Türkiye or controlling user assets, that person may be exposed to contractual liability, tort liability, unjust enrichment, consumer or investor protection claims, capital markets rules or AML obligations. Article 49 of the Turkish Code of Obligations provides the general basis for tort liability where a person unlawfully and culpably causes damage to another, while Article 50 places the burden of proving damage and fault on the claimant.

From a regulatory perspective, the key issue is not whether a project describes itself as “decentralised” but whether there is an identifiable person carrying out regulated crypto-asset services or targeting Turkish users. The CMB’s 2025 CASP framework regulates establishment, operation, suspension of activities, custody and supervision of CASPs, and the CMB has also used access-blocking mechanisms against websites providing unauthorised crypto-asset services to persons in Türkiye.  Accordingly, the main liability risk for DeFi in Türkiye is likely to arise where identifiable actors facilitate access, market the protocol, control assets or maintain a commercial relationship with Turkish users, rather than from the existence of a decentralised protocol alone.

Payments in crypto-assets are not permitted in Türkiye. The Central Bank of the Republic of Türkiye’s 2021 Regulation on the Disuse of Crypto Assets in Payments remains in force and prohibits crypto-assets from being used directly or indirectly as a means of payment. The regulation also prevents payment service providers from developing business models in which crypto-assets are used directly or indirectly in payment services or e-money issuance, and restricts payment and e-money institutions from intermediating fund transfers to or from platforms providing crypto-asset trading, custody, transfer or issuance services. This does not prohibit holding, trading, transferring or custody of crypto-assets as such, which are now dealt with separately under the Capital Markets Board’s CASP regime; however, crypto-assets, including stablecoins, should not be structured as merchant payment, checkout, payment-settlement or e-money-like products in Türkiye.

In Türkiye, tokenised assets and real-world assets (RWAs) tokens are not regulated by treating the blockchain wrapper as replacing the legal nature of the underlying asset. The starting point is substance over form: if a token represents a share, debt instrument, fund unit, derivative, receivable, commodity, real estate interest or other regulated right, the ordinary rules applicable to that underlying asset must still be considered, and the crypto-asset layer may add CMB CASP rules on listing, trading, custody, transfer, initial sale/distribution, disclosure, market integrity and AML.

Turkish law defines crypto-assets broadly as intangible assets that may represent value or rights and that are created, stored and distributed electronically through distributed-ledger or similar technology; however, it does not create a separate, fully developed RWA regime. The 2024 amendments to the Capital Markets Law also empower the CMB to determine principles for issuing capital markets instruments as crypto-assets and, where necessary, to require integration between crypto-asset electronic records and the Central Securities Depository of Türkiye system.

Accordingly, tokenised securities are expected to remain closest to their non-blockchain equivalents: if the token gives rights comparable to a capital markets instrument, securities-law rules on issuance, offering, prospectus/disclosure, custody, trading venue, investor protection and record-keeping may apply, in addition to any crypto platform requirements. The CMB has also taken a cautious approach pending further secondary rules: commentary on the CMB’s 2024 principle decision notes that, before specific CMB rules on capital-markets-instrument tokenisation are issued, crypto-assets based on capital markets instruments, indices, baskets, precious metals or similar underlying assets cannot simply be issued and listed on platforms as if they were ordinary exchange-traded crypto-assets. For non-security RWAs, such as commodities, agricultural products, real estate-linked rights or other contractual claims, tokenisation does not remove the need to comply with property, contract, consumer, tax, commodity-market, land registry, warehouse receipt, licensing or sector-specific rules that would apply to the non-tokenised asset.