Legal Compliance for Foreign Tech Startups in Turkey: Structural Framework

Foreign-founded technology startups operating in Turkey navigate a legal compliance architecture that spans corporate, immigration, data protection, sector-specific regulation, intellectual property, employment, tax, and foreign exchange frameworks, with the specific interaction among these frameworks often producing consequences that no single-framework analysis anticipates. The corporate foundation derives from the Turkish Commercial Code No. 6102 (TTK) operating alongside the Foreign Direct Investment Law No. 4875 of 2003 that establishes the national-treatment principle for foreign investors in Turkey. Immigration pathways for foreign founders operate through the Work Permit for Foreigners Law No. 6735 of 2016 and the Foreigners and International Protection Law No. 6458 of 2013, with specific permit categories and procedures applicable to founders, executives, and key personnel. Data protection obligations flow from the Personal Data Protection Law No. 6698 (KVKK) with Article 9 as reformed by Law No. 7499 in 2024 governing cross-border transfers. Sector-specific regulatory frameworks including the Capital Markets Law No. 6362 (CMB supervision), the Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions Law No. 6493 (CBRT supervision), the Banking Law No. 5411 (BDDK supervision), and sector-specific frameworks for health, education, and transportation apply where startup activities intersect with regulated verticals. Intellectual property protection rests on the Intellectual and Artistic Works Law No. 5846 (FSEK) for software and the Industrial Property Law No. 6769 (SMK) for trademarks, patents, and related rights. Employment obligations flow from the Labor Law No. 4857, the Social Insurance and General Health Insurance Law No. 5510, and the Remote Work Regulation published on March 10, 2021. Tax architecture including transfer pricing under Corporate Tax Law No. 5520 Article 13 affecting related-party pricing. Foreign exchange controls under the Law on the Protection of the Value of the Turkish Currency No. 1567 and the Presidential Decision No. 32 govern capital inflows, currency use in contracts, and capital repatriation. Practice may vary by authority and year, and compliance architecture benefits from integrated analysis across the interacting frameworks rather than framework-by-framework review that misses specific interaction issues. A lawyer in Turkey engaged at the founding stage establishes the compliance foundation that determines the startup's subsequent operational agility across these dimensions.

Foreign founder company formation under TTK No. 6102 and FDI Law No. 4875

A Turkish Law Firm advising foreign founders on company formation works within the framework where the Foreign Direct Investment Law No. 4875 establishes the principle that foreign investors enjoy treatment equal to that of domestic investors (national treatment principle), subject to specific sectoral restrictions applicable to both domestic and foreign participation in regulated industries. The corporate vehicle selection under TTK includes limited liability companies (Ltd. Şti.) with minimum capital requirements, simpler governance, and closely-held structure suitable for early-stage startups with limited shareholder count. Joint stock companies (A.Ş.) provide the corporate architecture supporting multiple share classes, easier equity transfers, board-centered governance, and the corporate form typically required for institutional venture capital investment and public market access. Branch office structures allow foreign parent companies to conduct Turkish operations without establishing a separate Turkish entity, with specific limitations on operational scope and tax treatment. Liaison office structures permit representation and market research activities without commercial operations, suitable for early market-entry before operational commitment. Foreign founder selection between these structures depends on the anticipated funding trajectory, the operational model, the tax optimization considerations, and the integration with any existing home-country corporate structure. For detailed framework on company formation procedural mechanics applicable across corporate forms, readers can consult our company formation guide for Turkey. Practice may vary by authority and year, and foreign founder company formation benefits from integrated analysis across corporate, tax, immigration, and investment dimensions because optimization across any single dimension often produces suboptimal outcomes in others.

Turkish lawyers who coordinate the specific formation mechanics for foreign founders work through the practical procedural elements that require specific attention. Foreign shareholder documentation including incorporation certificates for corporate shareholders, identity documentation for individual shareholders, signature authority documentation, and source of funds documentation typically requires apostille certification (for Apostille Convention countries) or consular legalization (for non-Apostille countries) with sworn Turkish translation. MERSIS (Central Registry of Trade Records) registration captures the corporate structure electronically with the Trade Registry recording the formal registration. Tax identification number (vergi numarası) obtained from the tax office supports all subsequent tax-related obligations. Bank account opening for corporate purposes requires specific documentation with enhanced due diligence applicable to foreign-controlled entities under AML frameworks. MERSIS registration of foreign shareholders generates specific compliance obligations including ultimate beneficial ownership (UBO) disclosure. Initial capital contribution through bank transfer with specific attention to foreign currency declaration under Decision No. 32 for contributions made in foreign currency. Trade Registry Gazette publication formalizes the company's legal existence. Practice may vary by authority and year, and formation procedures for foreign-controlled entities typically require four to eight weeks from initial documentation through completion of banking and tax registrations, with the specific timeline depending on jurisdiction-specific document preparation and apostille procedures.

An English speaking lawyer in Turkey coordinating the governance and investment-readiness aspects of foreign founder company formation works through the elements that affect the startup's ability to attract subsequent investment and scale operationally. Articles of association drafting addresses the specific governance framework including share classes, preferential rights, board structure, decision-making thresholds, pre-emption rights, and related provisions that shape the corporate governance framework. Founder agreements supplementary to the articles of association address founder-specific matters including vesting schedules, intellectual property contributions, non-compete provisions, and founder-specific exit provisions. Intellectual property contribution documentation where founders contribute pre-existing IP to the company requires specific attention to avoid subsequent ownership disputes — assignment agreements documenting the specific IP transferred, the consideration (including equity received), and the warranties given should be executed at formation rather than retrofitted later. Investor-readiness considerations including the corporate structure's flexibility to accommodate subsequent investment rounds, employee stock option pool creation, and governance modifications affect the startup's agility as it develops. Dual-jurisdiction structures where the Turkish operating entity exists alongside a foreign holding company (typically in Delaware, Cayman, or similar jurisdictions) serve specific funding and exit strategies but introduce substantial tax and operational complexity that requires careful analysis. Practice may vary by authority and year, and formation architecture for foreign founders should be designed with explicit consideration of the anticipated trajectory rather than generic formation that requires subsequent restructuring when funding or operational needs diverge from initial assumptions.

Immigration framework: work permit under Law No. 6735 and residence under Law No. 6458

A lawyer in Turkey coordinating immigration pathways for foreign founders works within the framework where the Work Permit for Foreigners Law No. 6735 governs work authorization and the Foreigners and International Protection Law No. 6458 governs residence permits, with specific permit categories applicable to founders, executives, and key personnel. Work permits for company founders typically arise where the founder holds shareholding in the Turkish company and performs work functions that constitute employment under the Turkish framework. The standard work permit application is submitted through the Ministry of Labor and Social Security with specific documentation requirements including the company's business registration, capital structure, employment need justification, and the founder-applicant's qualifications. Independent work permit (müstakil çalışma izni) applies to specific categories of foreign nationals who can demonstrate sustained economic contribution or other qualifying circumstances. Foreign manager permit (yönetici çalışma izni) under specific frameworks applies to executives and senior managers of companies where the foreign manager's role justifies the specific permit category. Turquoise card (turkuaz kart) under Law No. 6735 provides longer-term work authorization for qualified foreign nationals meeting specific criteria including scientific, cultural, artistic, or sports contributions with economic or strategic significance to Turkey. Practice may vary by authority and year, and work permit pathways for foreign founders benefit from specific analysis of the qualifying framework because different pathways produce substantially different procedural timelines, documentation requirements, and ongoing compliance obligations.

Turkish lawyers who address the specific procedural mechanics of work permit applications for foreign tech founders work through the elements that affect both approval probability and timeline. Application submission through the e-İzin electronic platform operated by the Ministry of Labor and Social Security provides the formal channel for the employer-filed application. The employer company must have been operational with specific financial and operational thresholds that demonstrate genuine business activity — startups at very early stages may face specific challenges meeting these thresholds, with planning requiring specific attention to the sequencing of company formation, operational development, and work permit application. Quota rules under specific frameworks require that Turkish nationals constitute at least five employees per foreign employee on work permit in the same establishment, though specific exemptions apply including for startup founders and specific capital thresholds. Salary thresholds under specific frameworks require minimum compensation levels that may exceed typical early-stage founder compensation, requiring specific attention to the compensation structure. Application documentation including the employment contract, the company's financial statements, the employer's justification for foreign employment, and the applicant's qualifications requires careful preparation. Approval timelines range from several weeks to several months depending on the specific case profile, completeness of documentation, and workload. For detailed framework on work permit procedural elements, readers can consult our work permit guide for foreigners. Practice may vary by authority and year, and work permit applications for foreign founders benefit from specific preparation that anticipates the procedural requirements rather than generic applications that risk rejection or delay based on specific technical issues.

An Istanbul Law Firm coordinating residence permit strategy for foreign founders works through the pathway selection among the residence permit categories under Law No. 6458. Short-term residence permit (kısa dönem ikamet izni) applies to various circumstances including those tied to work permit status, investor status, property ownership, and other specific bases. Work-based residence permit flows from the work permit itself — the work permit automatically supports residence status during the work authorization period, simplifying the residence component of the founder's status. Investor-based residence pathways apply where the foreign national's qualifying investment in Turkey meets specific thresholds under the investment-linked frameworks. Property-based residence where the foreign national has purchased qualifying Turkish real estate provides an alternative pathway independent of work activity. Long-term residence permit (uzun dönem ikamet izni) applies after specific continuous residence periods with specific qualifying conditions. Turkish Citizenship by Investment pathway under the amended Citizenship Law framework provides citizenship-tier solutions for foreign founders meeting specific investment thresholds, with the specific framework requiring current analysis because the qualifying thresholds and frameworks have been subject to periodic revision. Family dependent pathways apply for the founder's spouse and minor children under specific frameworks. For detailed framework on residence permit pathways, readers can consult our residence permit guide for Turkey. Practice may vary by authority and year, and residence permit strategy for foreign founders benefits from integration with work permit planning, investment strategy, and long-term immigration objectives because isolated optimization across these dimensions often produces suboptimal outcomes.

Data protection compliance under KVKK No. 6698

A Turkish Law Firm coordinating KVKK compliance for foreign tech startups works through the specific framework that applies where the startup processes personal data, whether in Turkey or through Turkish operations reaching data subjects in Turkey. Data controller and processor analysis identifies the startup's role in specific processing activities — typically as data controller for its customer data, as data processor when handling data for enterprise customers, and potentially as joint controller in specific partnership arrangements. Legal basis analysis under KVKK Article 5 identifies the specific lawful ground supporting each processing activity — explicit consent of the data subject, contract necessity, legal obligation, legitimate interest with proportionality analysis, vital interest, or performance of a task in public interest. Special category data under Article 6 triggers enhanced requirements where the processing involves health data, biometric data, ethnic origin, religious beliefs, or other enumerated categories. Information obligation under Article 10 requires clear privacy notices addressing identity of controller, purposes of processing, recipients, methods and legal basis, and data subject rights. Data subject rights under Article 11 include access, rectification, deletion, objection to automated decisions, and related rights requiring operational infrastructure. VERBIS (Data Controllers Registry) registration where applicable thresholds are met based on employee count, annual balance sheet, processing categories, or data subject categories provides the formal registry of the startup's data controller status. For framework on KVKK audit defense and enforcement procedures specifically relevant to compliance posture, readers can consult our KVKK audit defense guide. Practice may vary by authority and year, and KVKK compliance architecture benefits from privacy-by-design implementation during the startup's technical development rather than retrofit after deployment.

Turkish lawyers who address the specific cross-border data transfer framework applicable to foreign tech startups work within the KVKK Article 9 framework as reformed by Law No. 7499 in 2024 that establishes the three-tier transfer mechanism architecture. Adequacy-based transfers apply where the Personal Data Protection Authority has issued a formal adequacy decision determining that the destination country provides adequate data protection — the Authority has not yet published formal adequacy decisions as of the drafting of this material, with the specific adequacy framework continuing to develop. Appropriate safeguards-based transfers apply where specific mechanisms including standard contractual clauses approved by the Authority, binding corporate rules for intra-group transfers, international agreements, or written undertakings support the transfer with enforceable data subject rights. Standard contractual clause-based transfers require notification to the Authority within five business days of execution through the electronic data transfer module (Veri Aktarım Modülü) established by the July 2024 Regulation. Specific derogations under Article 9/6 apply to enumerated narrow circumstances including explicit consent, contract necessity specific to the transfer context, public interest, legal claims establishment or defense, vital interest protection, and transfers from public registries. Foreign tech startups typically rely heavily on cross-border transfers because cloud infrastructure, analytics providers, payment processors, and communication platforms frequently operate internationally — transfer inventory documenting each flow supports compliant mechanism selection. Practice may vary by authority and year, and cross-border transfer compliance under the reformed framework benefits from systematic analysis rather than piecemeal approach because the interaction among transfer scenarios affects overall compliance posture.

An English speaking lawyer in Turkey coordinating operational KVKK compliance implementation for foreign-founded startups addresses the practical framework that converts legal obligations into operational reality. Privacy notice architecture including layered notices that provide essential information upfront with detailed information available on request supports both compliance and user experience. Consent collection mechanisms where consent is the relied-upon legal basis require specific attention to the affirmative, specific, informed, and unambiguous standard — pre-checked boxes, bundled consents, and opacity in consent collection produce compliance failures. Data subject request handling systems including verification of requesting party identity, response within statutory timeframes, and appropriate record-keeping require operational infrastructure. Vendor management for data processors that handle personal data on the startup's behalf requires specific processor agreements under Article 12 addressing the processing purposes, security measures, processor obligations, and related matters. Security incident response procedures addressing the 72-hour practical notification standard for personal data breaches require specific playbooks developed before incidents occur. Employee training and awareness programs support the culture of compliance that individual policies cannot achieve alone. Representative appointment for foreign entities processing Turkish data subjects' data may be required under specific frameworks where the foreign entity lacks Turkish presence. Practice may vary by authority and year, and operational KVKK compliance for tech startups benefits from specialist guidance because the specific operational patterns that support compliance differ from the paperwork-only approach that creates technical compliance without operational reality.

Sector-specific licensing: fintech, healthtech, and regulated verticals

A lawyer in Turkey analyzing sector-specific licensing for tech startups works through the specific regulatory frameworks that apply where startup activities intersect with regulated sectors, with the specific analysis requiring careful characterization of the startup's activities against the regulatory boundaries. Fintech activities including regulated financial services require CMB licensing under Capital Markets Law No. 6362 for securities-related activities, CBRT licensing under Law No. 6493 for payment services and electronic money issuance, BDDK licensing under Banking Law No. 5411 for banking activities, and CMB licensing under Law No. 7518 (2024 amendment) for crypto-asset service providers (KVHS). Healthtech activities may require Ministry of Health authorization for specific health service delivery, medical device registration, telemedicine authorization under the Regulation on Provision of Remote Health Services published on February 10, 2022, and specific compliance with health data provisions under KVKK Article 6. Edtech activities may require Ministry of National Education authorization for specific educational service delivery. Mobility and transportation tech activities may require Ministry of Transport authorization for specific transportation services or aggregation functions. E-commerce activities operate under the Regulation of Electronic Commerce Law No. 6563 with specific requirements including disclosure obligations, distance contract provisions, and consumer protection alignment. Practice may vary by authority and year, and sector-specific licensing analysis should be completed before operational launch because unlicensed operation of regulated activities produces substantial regulatory consequences including cease orders, fines, and potential personal liability for founders.

Turkish lawyers who coordinate the specific licensing application process for tech startups entering regulated verticals work through the elements that affect both approval probability and timeline. Pre-application regulatory engagement through informal meetings, formal pre-application consultations where available, or specific clarification requests helps confirm the applicable licensing framework and specific application requirements before the formal application commitment. Corporate prerequisites including capital adequacy, governance structures, and operational infrastructure frequently exceed the baseline company formation requirements — specific licensing frameworks require minimum capital levels specific to the license type, specific board composition including independent members in some frameworks, and specific operational infrastructure including systems, personnel, and policies. Application documentation typically spans business plans, operational policies, risk management frameworks, internal control systems, personnel qualifications, technology architecture, and compliance programs. Review timelines vary significantly across frameworks — payment services licensing under Law No. 6493 typically involves multi-month review while some specific activity licenses may complete more rapidly. Pilot or sandbox participation where offered by specific regulators allows market testing with specific constraints before full license commitment. For cross-reference to AI and algorithmic trading startup specific framework that addresses the intersection of technology and regulated financial services, readers can consult our AI and trading startup legal advisory guide. Practice may vary by authority and year, and sector-specific licensing for tech startups benefits from early regulatory engagement because the time investment in regulatory preparation is more than offset by reduced regulatory risk post-launch.

An Istanbul Law Firm coordinating ongoing sector-specific compliance for licensed tech startups works through the specific post-licensing obligations that govern continued regulatory authorization. Reporting obligations including periodic financial reports, operational reports, compliance certifications, and event-based notifications for specific material events require systematic preparation and timely submission. Capital adequacy maintenance under applicable frameworks with specific attention to the ratios, calculation methods, and trigger events that require supervisory notification or action. Personnel qualification maintenance where specific roles require ongoing certification, continuing education, or periodic re-qualification applies to specific regulated positions. Operational compliance including AML/CFT programs under Law No. 5549, customer protection frameworks, data security standards, and sector-specific operational requirements requires ongoing attention. Inspection and audit response whether through routine supervisory inspections, event-triggered inspections, or external audit processes requires prepared response including document retention, personnel availability, and specific response protocols. License modification including expansion of activities, changes in corporate control, and changes in operational model typically requires specific regulatory approval processes. Practice may vary by authority and year, and sector-specific compliance continuity for tech startups benefits from embedded compliance functions rather than periodic external compliance reviews because the day-to-day compliance decisions that shape regulatory posture occur continuously rather than during scheduled review cycles.

Intellectual property and software licensing

A Turkish Law Firm addressing intellectual property architecture for foreign tech startups works through the combined framework under the Intellectual and Artistic Works Law No. 5846 (FSEK) for copyright and the Industrial Property Law No. 6769 (SMK) for trademarks, patents, and related rights. Trademark protection under SMK requires registration with the Turkish Patent and Trademark Office (TÜRKPATENT) with the specific protection arising from registration — priority searches before application reduce the risk of conflicts with earlier marks, classification under the Nice Classification determines the specific goods and services covered, and the registration provides exclusive rights enforceable against infringement. Patent protection under SMK covers technical inventions meeting the novelty, inventive step, and industrial applicability criteria, with software patentability subject to the specific limitations applicable under the European Patent Convention approach that Turkey follows. Utility model protection provides faster, less rigorous protection for specific categories of inventions with shorter protection periods than patents. Industrial design protection under SMK covers specific aesthetic features of products with specific registration and protection mechanics. Copyright protection under FSEK arises automatically upon creation for covered works including literary works, musical works, software (as computer programs), and other enumerated categories, with optional registration through the Ministry of Culture and Tourism providing documentary evidence. For detailed framework on software copyright protection including the specific FSEK framework and enforcement, readers can consult our software copyright guide. Practice may vary by authority and year, and IP architecture for foreign tech startups benefits from integrated analysis addressing the Turkish-specific framework alongside home-country and international IP strategy.

Turkish lawyers who address the specific IP ownership discipline for tech startups work through the chain-of-title issues that frequently surface during investor due diligence or M&A transactions. Employee-created IP under Labor Law provisions and FSEK framework typically belongs to the employer where specific conditions are met — the employment relationship, the IP created within the scope of employment, and appropriate documentation support employer ownership. Contractor-created IP under civil law frameworks does not automatically belong to the commissioning party without specific assignment — generic service contracts often fail to produce effective IP transfer, requiring specific assignment language that addresses the specific IP created. Founder pre-existing IP contributed to the company requires specific assignment documentation to move from personal ownership to corporate ownership, with failure to document these transfers generating specific issues during investor due diligence. Co-founder joint development of IP during company formation requires specific attention to the attribution and ownership of specific contributions, with joint ownership producing complex subsequent management requirements. Open-source license compliance where the startup incorporates open-source components requires specific tracking of licenses, attribution obligations, and derivative work implications — specific licenses including copyleft licenses may affect the startup's ability to distribute proprietary derivatives. Third-party IP use including images, content, and other materials acquired through stock services, public domain, or licensed sources requires specific tracking of the scope of licenses obtained. Practice may vary by authority and year, and IP chain-of-title discipline should be established during company formation and maintained through systematic processes because retroactive cleanup typically requires substantial effort to address gaps.

An English speaking lawyer in Turkey coordinating software licensing and SaaS agreement architecture for foreign tech startups works through the commercial contract framework that governs the startup's customer relationships. Master services agreement (MSA) architecture with specific order forms or service schedules defines the commercial relationship layer covering specific engagements. Service scope definition distinguishes licensed services from separately-commissioned services including customization, integration, training, and consulting. Service level agreements including availability commitments, performance standards, support response times, and remedies structure the quality framework. License scope provisions addressing permitted use, user limitations, geographic scope, and restrictions on specific uses define the commercial boundary. Intellectual property provisions addressing ownership of the platform, customer data, customer-specific customizations, and derivative works establish the IP framework. Data handling provisions addressing the startup's role as data processor, security commitments, data location, retention, and return/destruction at termination address the data protection dimension. Termination provisions including specific termination rights, consequences of termination, and survival provisions structure the lifecycle framework. Limitation of liability and indemnification provisions allocate specific risks between the startup and customer. Turkish-law specific adaptations including governing law, jurisdiction, and specific compliance with Turkish consumer protection (Law No. 6502) for B2C relationships support enforceability. Practice may vary by authority and year, and software licensing architecture benefits from industry-pattern templates adapted to Turkish law because the specific commercial patterns that have developed in SaaS practice produce predictable outcomes that ad hoc drafting typically fails to achieve.

Employment contracts, remote teams, and founder equity

A lawyer in Turkey structuring employment arrangements for tech startups works within the Labor Law No. 4857 framework supplemented by the Social Insurance Law No. 5510 governing SGK registration and contributions, the Remote Work Regulation published on March 10, 2021 governing remote work arrangements, and related labor frameworks. Employment contract drafting addresses essential provisions including job description and scope, compensation structure, working time framework, probationary period if applicable, confidentiality obligations, intellectual property assignment, non-compete provisions where enforceable, and termination framework. Compensation architecture in tech startups frequently combines base salary, performance bonuses tied to specific metrics, and equity-based components through stock options or similar instruments. SGK registration and contribution obligations apply to all employees with specific registration, contribution rates applicable to both employer and employee portions, and specific reporting obligations. Working time regulations including weekly working hour limits, overtime provisions, rest periods, and annual leave provisions apply to all employment relationships with specific variations for specific employment categories. Termination framework including notice periods tied to employment duration, severance pay calculation based on specific formulas, and procedural requirements including written notification requires specific compliance. Practice may vary by authority and year, and employment contract architecture for tech startups benefits from specialized templates adapted to the specific context rather than generic contracts that miss the specific provisions important for technology businesses.

Turkish lawyers who address remote team arrangements specifically for tech startups work through the Remote Work Regulation framework alongside broader considerations affecting cross-border employment. The Remote Work Regulation addresses specific elements including written agreement requirements, equipment and expense provisions, occupational health and safety obligations adapted to remote settings, communication and coordination provisions, and data protection obligations in the remote context. Working time tracking in remote contexts requires specific attention because the flexibility of remote work creates both opportunities and complications for working time compliance. Cross-border employment where the startup employs individuals physically located outside Turkey raises specific complications including whether Turkish labor law applies, how Turkish SGK obligations interact with foreign social security systems, and how Turkish tax obligations affect foreign employees. Employer of Record (EOR) arrangements through specialized providers in the employee's country of residence can provide a structured approach to cross-border employment with the EOR functioning as the formal employer for labor law purposes while the startup directs the work substance — specific attention to misclassification risk where the arrangement could be characterized as direct employment despite the formal EOR structure. Contractor versus employee classification where specific substantive factors including control, economic dependence, exclusivity, and integration with the business determine the actual relationship regardless of the formal agreement title. Practice may vary by authority and year, and remote team arrangements benefit from substance-over-form analysis because courts and regulatory authorities examine the actual relationship rather than the formal characterization when disputes arise.

An Istanbul Law Firm coordinating founder equity arrangements for tech startups works through the specific framework that supports founder incentive alignment while addressing Turkish corporate law requirements. Founder vesting arrangements where founders' equity is subject to forfeiture upon departure before specific vesting milestones require specific drafting within the Turkish corporate framework including appropriate articles of association provisions, founder agreements, and potentially specific share classes. Cliff provisions requiring minimum continuous service before any vesting occurs provide specific protection against short-tenure founder departure. Vesting acceleration triggers including change of control, involuntary termination, and specific other events modify the standard vesting framework in specific scenarios. Employee stock option pool (ESOP) creation typically sized at 10-20% of fully-diluted capital supports employee incentive alignment with specific grant mechanics, vesting, and exercise provisions. Stock appreciation rights (SAR) or phantom equity structures provide equity-like economics without actual share issuance, useful for specific situations where actual share issuance creates complications. Foreign founder equity structure where founders hold through foreign holding companies for tax optimization, asset protection, or other purposes requires specific attention to the interaction with Turkish corporate and tax frameworks. Practice may vary by authority and year, and founder equity structuring for tech startups benefits from specific drafting because subtle differences in specific provisions produce materially different outcomes across the scenarios that equity arrangements must address.

Cross-border structuring, transfer pricing, and foreign exchange controls

A Turkish Law Firm coordinating cross-border structuring for foreign-founded tech startups works through the specific framework affecting the interaction between Turkish operations and foreign parent structures, affiliated entities, and commercial counterparties. Intercompany service arrangements where the Turkish entity provides services to foreign affiliates or receives services from foreign affiliates must comply with Corporate Tax Law No. 5520 Article 13 transfer pricing provisions (örtülü kazanç dağıtımı yoluyla vergiden kaçınma) that establish the arm's-length principle requiring related-party transactions to occur at prices that unrelated parties would agree to under comparable circumstances. Intercompany licensing arrangements for intellectual property including royalty payments, cost-sharing arrangements for IP development, and specific IP ownership allocation between affiliates require specific structuring and documentation. Intercompany financing including loans, capital contributions, and guarantees must comply with transfer pricing principles for pricing alongside specific foreign exchange compliance. Management fees and head office charges where foreign parent companies charge Turkish subsidiaries for corporate services require specific substantiation and documentation under the arm's-length standard. Documentation requirements under Turkish transfer pricing framework including master file, local file, and country-by-country reporting where applicable thresholds apply support compliance with documentation obligations. Double taxation treaty (DTT) analysis where Turkey has treaty relationships with over 80 countries affects the specific tax treatment of cross-border payments including dividends, interest, royalties, and capital gains. For broader framework on tax advantages and planning for foreign persons in Turkey, readers can consult our tax advantages guide for foreigners. Practice may vary by authority and year, and cross-border structuring benefits from integrated analysis across Turkish tax, home-country tax, and treaty frameworks.

Turkish lawyers who address the specific foreign exchange compliance framework work within the Law on the Protection of the Value of the Turkish Currency No. 1567 and the Presidential Decision No. 32 (Türk Parasının Kıymetini Koruma Hakkında 32 Sayılı Karar) that governs foreign currency operations. Capital inflow rules affecting foreign currency capital contributions to Turkish entities typically require banking channel processing with specific documentation under the Decision No. 32 framework. Foreign currency denomination of contracts between Turkish parties has been subject to specific restrictions under Decision No. 32 amendments with enumerated exceptions and specific requirements — the specific restrictions have been refined through multiple amendments, with contracts between Turkish residents generally required to be in Turkish Lira unless specific exceptions apply. Dividend repatriation from Turkish entities to foreign shareholders requires tax clearance including withholding tax compliance under domestic law and applicable DTT rates, bank documentation supporting the transfer, and specific Central Bank framework where applicable. Loan repayment where Turkish entities service foreign-currency loans from affiliates or third parties requires specific foreign exchange compliance. Export and import operations have specific foreign exchange compliance frameworks including specific repatriation obligations for export proceeds. Advance payment frameworks for international trade have specific regulatory coverage. Practice may vary by authority and year, and foreign exchange compliance has been subject to frequent regulatory modification with specific amendments affecting previously-standard practices, making current guidance essential rather than reliance on prior understanding.

An English speaking lawyer in Turkey coordinating the integrated tax-and-FX planning for foreign-founded tech startups addresses the specific scenarios where tax efficiency objectives intersect with foreign exchange compliance realities. Holding structure optimization where the Turkish operating entity sits within a foreign holding structure serves specific tax planning objectives but requires careful Turkish-side compliance with transfer pricing, withholding tax, and FX frameworks. IP ownership architecture where intellectual property is owned at a specific layer of the corporate structure affects royalty flows, development cost allocations, and M&A exit tax treatment. Management services arrangements where foreign shareholders or affiliates provide services to the Turkish entity require arm's-length pricing with specific documentation supporting the service substance and value. Dividend strategy including timing of distributions, source country and treaty analysis, and specific withholding tax optimization serves the overall tax efficiency objective. Exit tax planning for the ultimate liquidity event including capital gains tax analysis, withholding treatment on cross-border payments, and structure optimization affects the post-tax proceeds available to foreign founders and investors. Personal tax considerations for foreign founders including Turkish tax residence analysis, dual-jurisdiction personal tax exposure, and treaty coordination affect the after-tax value of founder compensation and equity. Practice may vary by authority and year, and integrated tax-and-FX planning benefits from coordinated Turkish-and-home-country advisor engagement because optimization across either dimension alone typically produces suboptimal outcomes in the other.

Exit strategy, post-launch compliance, and ongoing governance

A lawyer in Turkey coordinating exit strategy preparation for foreign-founded tech startups works through the specific elements that support multiple exit pathway optionality as the startup develops. Strategic acquisition by larger technology companies, financial services institutions, or foreign acquirers represents the most common successful exit for tech startups, with the acquirer's due diligence examining corporate records, IP ownership, regulatory compliance, customer relationships, technology architecture, team, and financial records. Financial investor exits through secondary sales to later-stage funds become possible as the startup's valuation and investor profile support such transactions. IPO pathways through the Turkish market under CMB framework or international markets depending on the startup's scale and investor composition require substantial multi-year preparation. Management buyouts or founder buybacks represent less common but possible pathways in specific circumstances. Preparation activities supporting exit optionality include maintaining clean corporate records with complete ownership history, cap table discipline with documented share issuances and option grants, IP ownership verification including employee and contractor assignments, regulatory compliance documentation, and financial records including statutory audits where appropriate. Cross-border exit structuring for foreign-controlled startups addresses how the foreign ownership interacts with the exit structure, with specific attention to withholding taxes, treaty benefits, and home-country tax implications. For detailed framework on share purchase agreement structure and specific risk allocation, readers can consult our share purchase agreement guide. Practice may vary by authority and year, and exit preparation benefits from sustained investment over the startup's growth phases rather than concentrated effort only when specific exit opportunities materialize.

Turkish lawyers who address post-launch compliance maintenance work through the specific ongoing obligations that govern the startup's continued operation across the multiple regulatory frameworks applicable. Corporate compliance including annual general meetings, board meetings with specific documentation, capital maintenance tests, financial statement preparation and filing, trade registry updates for specific corporate events, and MERSIS updates support the core corporate compliance posture. Tax compliance including corporate income tax, VAT, withholding taxes, stamp duty, and specific sector taxes with the applicable filing schedules and payment obligations requires systematic attention. Employment compliance including SGK registrations, payroll compliance, labor law compliance for specific categories, occupational health and safety compliance, and ongoing attention to employment framework changes requires sustained engagement. KVKK compliance continuity including VERBIS updates, privacy notice maintenance, data subject request handling, cross-border transfer compliance, and security maintenance supports the data protection posture. Sector-specific compliance where licensing frameworks apply including reporting obligations, capital maintenance, personnel qualifications, and ongoing supervisory relationships. Intellectual property maintenance including trademark renewals, patent annuity payments, and specific IP portfolio management. Working with specific advisors including accountants, tax advisors, payroll processors, and legal counsel supports the operational compliance architecture. Practice may vary by authority and year, and post-launch compliance benefits from systematic calendaring and responsibility allocation because the compound effect of missed compliance deadlines can produce substantial cumulative consequences even where individual items are minor.

An Istanbul Law Firm coordinating specific compliance categories that commonly produce disputes for foreign-founded startups addresses the framework where early attention prevents costly remediation. Employment misclassification risk where contractors, advisors, or international team members could be characterized as employees produces specific exposure including unpaid SGK contributions, back taxes, and potential back-pay obligations — systematic classification discipline and documentation supports defensibility. Undocumented or informal employment arrangements where appropriate documentation was not executed at engagement creates specific exposure that compounds over time — systematic onboarding discipline and documentation remediation addresses this risk. Transfer pricing documentation gaps where intercompany transactions lack adequate documentation may support tax authority challenges with significant financial consequences — prospective documentation discipline and periodic review support defensibility. IP ownership gaps where specific IP transfers were not documented create specific issues during investor due diligence or M&A that can delay or reduce exit value — systematic IP documentation discipline supports value preservation. Regulatory licensing exposure where activities that should have been licensed have operated without authorization creates specific exposure — prospective regulatory analysis before launching new activities prevents this exposure. For framework on employment compliance issues specifically including undocumented employment remediation, readers can consult our undocumented employment guide. Practice may vary by authority and year, and compliance categories producing common disputes benefit from systematic attention because the same issues recur across multiple startups and produce predictable consequences when not addressed.

Author: Mirkan Topcu is an attorney registered with the Istanbul Bar Association (Istanbul 1st Bar), Bar Registration No: 67874. His practice focuses on cross-border and high-stakes matters where evidence discipline, procedural accuracy, and risk control are decisive, with particular concentration on foreign tech startup operations in Turkey including corporate formation under TTK No. 6102 and FDI Law No. 4875, immigration pathways under Work Permit Law No. 6735 and Foreigners Law No. 6458, data protection compliance under KVKK No. 6698 including cross-border transfers under Article 9 as reformed by Law No. 7499, sector-specific licensing across CMB, CBRT, BDDK, and sector-specific regulators, intellectual property architecture under FSEK No. 5846 and SMK No. 6769, employment contracts and remote team arrangements under Labor Law No. 4857, cross-border structuring with transfer pricing under Corporate Tax Law No. 5520 Article 13, foreign exchange compliance under Law No. 1567 and Decision No. 32, and exit strategy coordination including M&A and IPO pathways.

He advises individuals and companies across Technology Law, Commercial and Corporate Law, Commercial Contracts, Foreign Investment, Data Protection and Privacy, Intellectual Property, Arbitration and Dispute Resolution, Enforcement and Insolvency, Citizenship and Immigration (including Turkish Citizenship by Investment), Real Estate (including acquisitions and rental disputes), International Tax, International Trade, Foreigners Law, Sports Law, Health Law, and Criminal Law. He regularly supports foreign founders and venture capital investors on company formation strategy with specific attention to investor-readiness, immigration pathway selection between work permit categories and residence permit options, KVKK compliance architecture including cross-border transfer mechanisms, sector-specific licensing strategy where regulated activities are involved, intellectual property protection and chain-of-title discipline, employment framework design including remote team arrangements, cross-border structuring with integrated tax and FX analysis, and exit strategy coordination from due diligence preparation through post-closing integration.

Education: Istanbul University Faculty of Law (2018); Galatasaray University, LL.M. (2022). LinkedIn: Profile. Istanbul Bar Association: Official website.

Frequently asked questions

1. Can foreign founders own 100% of a Turkish tech startup? Yes. The Foreign Direct Investment Law No. 4875 establishes the national treatment principle permitting foreign investors equal participation to domestic investors, with specific sectoral restrictions applicable equally to foreign and domestic investors in regulated industries.
2. What corporate form should a foreign founder choose? Limited liability companies (Ltd. Şti.) suit early-stage startups with simple governance needs, while joint stock companies (A.Ş.) support multiple share classes, sophisticated capital structures, and institutional investor preferences. Selection should reflect anticipated funding trajectory.
3. Do foreign founders need a work permit to work at their Turkish company? Yes, where the founder performs work functions. Work permits under Law No. 6735 apply, with specific categories including standard work permit, independent work permit for qualifying circumstances, foreign manager permit, and Turquoise card for qualified nationals.
4. How does residence permit interact with work permit? Work permits automatically support residence status during the work authorization period, simplifying the residence component. Alternative residence pathways include investment-based, property-based, and long-term residence with specific qualifying conditions under Law No. 6458.
5. What are the main KVKK obligations for tech startups? Legal basis analysis, privacy notices under Article 10, data subject rights handling under Article 11, VERBIS registration where thresholds are met, cross-border transfer compliance under Article 9, vendor management through processor agreements, and incident response capabilities comprise the core framework.
6. How does cross-border data transfer work after the 2024 reform? Law No. 7499 amended KVKK Article 9 establishing three-tier architecture: adequacy decisions, appropriate safeguards through standard contractual clauses and binding corporate rules, and specific derogations. Standard contract transfers require five-business-day notification through the Authority's electronic module.
7. What sector-specific licenses might a tech startup need? Fintech activities may require CMB licensing under Law No. 6362 or CBRT licensing under Law No. 6493 depending on the specific activity. Crypto-asset services fall under Law No. 7518 2024 reform. Healthtech may require Ministry of Health authorization. Each sector has specific licensing mechanics.
8. How is software protected under Turkish law? Software copyright protection under FSEK No. 5846 arises automatically upon creation. Optional registration through the Ministry of Culture and Tourism provides documentary evidence. Patent protection under SMK No. 6769 may apply to specific technical inventions with technical effect beyond the software itself.
9. What are the main transfer pricing obligations? Corporate Tax Law No. 5520 Article 13 establishes the arm's-length principle for related-party transactions. Documentation requirements include master file, local file, and country-by-country reporting where thresholds apply. Royalties, management fees, intercompany services, and financing require specific attention.
10. Can contracts between Turkish parties be in foreign currency? Generally restricted under Decision No. 32 with enumerated exceptions. The specific restrictions have been modified through multiple amendments. Contracts between Turkish residents typically require Turkish Lira denomination unless specific exceptions apply, with current guidance essential.
11. What governs dividend repatriation to foreign shareholders? Dividend repatriation requires withholding tax compliance under domestic law and applicable DTT rates, bank documentation supporting the transfer, and specific foreign exchange framework under Decision No. 32. Treaty analysis is important because Turkey has DTTs with over 80 countries.
12. How are remote teams structured for foreign tech startups? Employment of Turkish residents follows Labor Law No. 4857 and Remote Work Regulation framework. Cross-border employment may use Employer of Record (EOR) arrangements in the employee's country, contractor arrangements with misclassification risk attention, or specific local employment. Substance-over-form analysis applies.
13. What IP issues arise in investor due diligence? Employee-created IP assignment, contractor IP transfers, founder pre-existing IP contributions, open-source license compliance, and third-party IP use documentation commonly produce due diligence issues. Systematic IP chain-of-title discipline during company operations supports efficient due diligence.
14. What are typical exit pathways for foreign-founded Turkish tech startups? Strategic acquisition by domestic or foreign acquirers represents the most common pathway. Secondary sales to later-stage investors, IPO through Turkish or international markets, and management buyouts provide alternative pathways. Cross-border exit structuring affects tax outcomes significantly.
15. How does ER&GUN&ER Law Firm structure foreign tech startup engagements? Engagements begin with integrated assessment of corporate, immigration, data protection, sector-specific, IP, employment, cross-border, and exit dimensions, translated into formation strategy, immigration planning, compliance architecture, commercial contracting framework, and ongoing governance supporting the startup's evolution toward eventual exit events.