Legal Status and Taxation of Cryptocurrency Assets in Turkey: Procedural Framework

Cryptocurrency legal status and taxation in Turkey has undergone substantial transformation through the regulatory architecture developed between 2021 and 2024, with the 2024 amendments representing the most significant framework change. The foundational payment restriction derives from the Central Bank of the Republic of Turkey (TCMB — Türkiye Cumhuriyet Merkez Bankası) Regulation No. 2021/7 (Ödemelerde Kripto Varlıkların Kullanılmamasına Dair Yönetmelik — Regulation on the Non-Use of Crypto Assets in Payments) published in the Official Gazette on 16 April 2021 and effective 30 April 2021, which prohibits direct or indirect use of crypto assets in payments for goods and services. The Capital Markets Law No. 6362 was amended by Law No. 7518 (2 July 2024) to bring crypto asset service providers (kripto varlık hizmet sağlayıcıları — CASPs) under Capital Markets Board (SPK — Sermaye Piyasası Kurulu) oversight, establishing a licensing framework, capital adequacy requirements, operational standards, and ongoing supervision. MASAK (Mali Suçları Araştırma Kurulu — Financial Crimes Investigation Board) framework under Law No. 5549 designated CASPs as obliged entities (yükümlü) effective May 2021, producing AML, KYC, suspicious transaction reporting, and UBO identification obligations. Tax treatment operates under Income Tax Law No. 193 for individual transactions, Corporate Tax Law No. 5520 for corporate operations, and VAT Law No. 3065 with case-specific considerations, while Tax Procedure Law No. 213 governs documentation, audit, voluntary disclosure under Article 371, and penalty reduction under Article 376. KVKK Law No. 6698 as updated through Law No. 7499 of March 2024 governs personal data in crypto operations. Decision No. 32 on Protection of the Value of Turkish Currency addresses the foreign exchange dimension of crypto operations. Practice may vary by authority and year, and crypto compliance benefits from continuous regulatory monitoring because SPK secondary regulations implementing Law 7518 continue to develop through 2024-2025. A lawyer in Turkey coordinating crypto compliance establishes the foundation for lawful operations across the integrated framework.

Classification and legal recognition

A Turkish Law Firm working through the legal classification of crypto assets starts with the 2024 statutory definition. Law No. 7518 of 2 July 2024 added crypto-specific definitions to Capital Markets Law No. 6362: a crypto asset (kripto varlık) is an intangible representation of value or rights that can be transferred, stored, or traded electronically using distributed ledger technology or similar technology. A crypto asset service provider (CASP — kripto varlık hizmet sağlayıcısı) is a legal entity providing one or more crypto asset services, including trading, initial sale or distribution, custody, transfer, or other specified services, as further detailed in SPK secondary regulations. The significance of the 2024 framework is that crypto assets moved from an unregulated grey zone into a defined legal category with identified regulators, identified service-provider obligations, and identified investor-protection mechanisms — but they did not become legal tender and did not acquire payment-instrument status. The payment prohibition under CBRT Regulation 2021/7 remains in force alongside the new capital markets framework; the two regimes coexist, and operations must comply with both.

Turkish lawyers who advise clients on the coexistence of the payment prohibition and the capital markets framework distinguish between use cases carefully. Investment, trading, custody, and transfer of crypto assets as investment assets are lawful when conducted through a licensed CASP under Law 7518 or as self-custody by individual holders. Using crypto as direct payment for goods or services — a shop accepting Bitcoin for coffee, a service provider invoicing in stablecoin, a real estate seller receiving crypto in lieu of Turkish Lira for the property — falls within the CBRT payment prohibition and is unlawful. Intermediated arrangements that effectively function as payment, such as a payment service provider converting crypto to fiat at the point of sale to facilitate merchant acceptance, are also caught by the prohibition. The practical enforcement focal point is the banking system: Turkish banks monitor crypto-related flows under MASAK and CBRT guidance, and patterns consistent with payment-use (particularly merchant-type receipt patterns) attract compliance attention that can result in account restrictions regardless of whether a formal enforcement action follows. For framework on cryptocurrency regulations overview, readers can consult our cryptocurrency regulations overview guide. Practice may vary by authority and year, and classification analysis benefits from ongoing monitoring because secondary regulations implementing Law 7518 continue to develop and refine specific operational boundaries.

An English speaking lawyer in Turkey coordinating multi-regulator mapping addresses the reality that crypto operations interact with several authorities simultaneously. SPK regulates CASP licensing, operational standards, and investor-protection matters. MASAK regulates AML, KYC, suspicious transaction reporting, and UBO identification. The Revenue Administration (Gelir İdaresi Başkanlığı) regulates tax treatment, audit, and enforcement. The Personal Data Protection Authority (KVKK — Kişisel Verileri Koruma Kurulu) regulates personal data processing in crypto operations under Law No. 6698 as updated by Law No. 7499 of March 2024. CBRT retains authority over the payment prohibition and the foreign exchange dimension through Decision No. 32. The Banking Regulation and Supervision Agency (BDDK — Bankacılık Düzenleme ve Denetleme Kurumu) supervises banks' exposure to crypto-related customer activity. Consumer Protection Law No. 6502 applies to consumer-facing crypto services. Each of these authorities has its own licensing, reporting, inspection, and enforcement framework; a single crypto operation can be answerable to several simultaneously. Integrated compliance planning — rather than treating each regulator separately — is what produces durable operational legitimacy. Practice may vary by authority and year, and multi-regulator coordination benefits from upfront mapping because retrofitting compliance across several regulators is substantially harder than designing compliance into the operation from the outset.

Tax reporting and treatment

A lawyer in Turkey advising individuals on crypto tax exposure starts with a fundamental reality: Turkey has not yet enacted a crypto-specific tax regime. Law 7518 did not introduce a specific tax code for crypto transactions, and the Revenue Administration continues to apply the general Income Tax Law No. 193 framework by analogy. Individual tax treatment therefore turns on characterization of the activity. Organized, repeated, profit-driven trading activity — running a quasi-business of crypto arbitrage, operating as a day-trader with structured systems — typically rises to commercial enterprise level and is taxed as commercial income (ticari kazanç), requiring book-keeping under Tax Procedure Law No. 213, quarterly provisional tax (geçici vergi) payments, annual declaration, and VAT registration where the taxpayer crosses the relevant threshold. Occasional trading by an individual investor, without the indicia of organized commercial activity, does not produce commercial income and does not clearly fit into any of the enumerated income categories under Article 2 of Income Tax Law — which produces genuine legal ambiguity about whether occasional individual crypto gains are currently taxable at all under Turkish law.

A Turkish Law Firm coordinating corporate crypto taxation works within a framework that is substantially clearer than the individual framework. Under Corporate Tax Law No. 5520, corporations are taxed on all income regardless of source, so crypto-related income — whether from trading, investment, mining, or acceptance in an investment context — flows into corporate taxable income at the applicable corporate rate. Accounting treatment under the Uniform Chart of Accounts and Turkish Financial Reporting Standards depends on the business use: crypto held for trading is typically recorded as inventory under account 153 or a comparable current-asset classification, while crypto held for long-term investment is typically classified as intangible asset or financial asset depending on the specific facts. Valuation at period-end requires a supportable fair-market-value source — typically the closing price on a recognized exchange converted to Turkish Lira at the CBRT-reference or commercial bank rate. VAT treatment has developed through Revenue Administration rulings indicating that pure crypto-to-fiat exchange is generally not treated as a VAT-taxable supply (analogous to foreign currency exchange), while crypto paid for goods or services can give rise to a taxable supply of those underlying goods or services. Corporate Tax Law Article 13 transfer pricing rules apply to related-party crypto transactions, and Article 12 thin capitalization rules apply where related parties fund corporate crypto operations with debt above the 3:1 ratio. For framework on crypto taxation, readers can consult our crypto taxation guide. Practice may vary by authority and year, and corporate crypto taxation benefits from integrated tax-accounting coordination because classification choices at the accounting level propagate into tax outcomes.

Turkish lawyers who address mining, staking, airdrops, and protocol-native income forms work through the framework that characterizes these receipts at the point of receipt. Mining rewards — tokens earned by validating transactions through proof-of-work or similar consensus — are economically akin to compensation for services rendered to the network. Where mining is conducted on an organized basis (dedicated rigs, substantial electricity consumption, systematic pool participation), the resulting income is typically characterized as commercial income, taxable at the fair market value of the mined tokens at the time of receipt, with hardware depreciation, electricity, and operational costs deductible. Staking rewards — tokens earned by locking holdings to secure a proof-of-stake network — face similar characterization issues, though the argument that staking rewards are more akin to yield on a capital asset than compensation for services is available in some configurations. Airdrops received without meaningful economic activity on the recipient's part present an even more ambiguous picture, and Revenue Administration positions on airdrop characterization continue to develop. Documentation discipline is critical regardless of characterization: wallet address tied to the taxpayer, transaction hashes, block timestamps, reward amounts, and Turkish Lira valuations at each receipt are the evidentiary foundation that supports any later tax position. Practice may vary by authority and year, and treatment of protocol-native income benefits from contemporaneous documentation because retrospective reconstruction of mining, staking, or airdrop histories is substantially harder than current recording.

Exchanges, custody services, and MASAK compliance

An Istanbul Law Firm coordinating exchange operations under Law 7518 works through the CASP licensing framework that became operational during 2024-2025. Under the Law 7518 amendments to Capital Markets Law No. 6362, a CASP cannot operate in Turkey without SPK authorization. The licensing application requires detailed corporate documentation (shareholder identification and UBO disclosure, beneficial ownership structure, director and manager fitness), minimum capital adequacy meeting thresholds set by SPK secondary regulations, IT and operational infrastructure documentation, client-asset-segregation architecture, policy manuals covering AML/CFT, complaints handling, business continuity, and cyber incident response, and evidence of qualified personnel. Transition provisions under Law 7518 permitted existing crypto exchanges operating before the effective date to continue operations subject to filing a license application with SPK within the statutory window and to remediate gaps during a transition period. Exchanges that did not file applications or did not meet licensing standards were required to cease operations with respect to Turkish clients. The post-2024 Turkish crypto exchange landscape is therefore narrower and more institutionalized than the pre-2024 landscape, with SPK-licensed CASPs as the lawful operational form.

A Turkish Law Firm advising CASPs on MASAK obligations under Law No. 5549 works through the AML and KYC framework that has applied to crypto platforms since May 2021, when implementing-regulation amendments added CASPs to the list of obliged entities (yükümlü). The core obligations are client identification before establishing the business relationship (Turkish ID for residents, passport plus tax number for non-residents, corporate documentation for legal entities), ongoing Customer Due Diligence (CDD) including source-of-funds documentation where risk indicators warrant, Enhanced Due Diligence (EDD) for higher-risk clients including Politically Exposed Persons (PEPs) and clients from higher-risk jurisdictions under FATF designation, transaction monitoring against suspicious patterns with automated and manual review layers, Suspicious Transaction Reporting (STR — Şüpheli İşlem Bildirimi) to MASAK within the statutory timeframe when thresholds are met, and UBO identification for corporate clients. FATF Recommendation 16 Travel Rule — requiring transmission of originator and beneficiary information between VASPs for qualifying crypto transfers — has been extended to Turkish CASPs through MASAK guidance as the international framework developed. Record retention obligations under Law 5549 require preservation of client-identification records and transaction records for the statutory minimum period, which has historically been eight years for AML records. For framework on crypto exchange licensing, readers can consult our crypto exchange licensing guide. Practice may vary by authority and year, and MASAK compliance benefits from systematic framework design because MASAK enforcement produces administrative fines and potential referral for criminal investigation under Law 5549 framework.

Turkish lawyers who address custody-specific operational standards work through the framework where private-key control produces both the core service offering and the core risk. Cold storage (offline wallets not connected to the internet) is the foundation of secure custody for majority client holdings, with only a limited operational float maintained in hot wallets for daily withdrawal processing. Multi-signature arrangements requiring multiple independent key-holders to authorize withdrawals provide protection against single-key compromise and insider risk; the standard CASP configuration involves threshold signature schemes with geographic distribution of key-holders to reduce concurrent-compromise exposure. Hardware security modules (HSMs) — tamper-resistant physical devices that generate, store, and use cryptographic keys without exposing them to the host system — are standard for institutional-grade custody. Client asset segregation is not a mere accounting principle: under SPK expectations, client crypto assets must be separable from the CASP's own operational assets so that, in CASP insolvency, client assets do not become part of the general bankruptcy estate. Cyber incident response planning — detection, containment, law-enforcement notification, client notification, and recovery coordination — is a licensing requirement, and evidence of tested plans is part of the licensing review. Practice may vary by authority and year, and custody operational standards benefit from integrated legal, technical, and insurance coordination because each dimension alone is insufficient against the full risk spectrum.

Cross-border crypto transfers and treaty considerations

A lawyer in Turkey coordinating cross-border crypto compliance works through the intersection of Decision No. 32, the CBRT payment prohibition, and international tax frameworks. Decision No. 32 on Protection of the Value of Turkish Currency was written for traditional foreign exchange movements and does not have bespoke crypto provisions; whether a cross-border crypto transfer constitutes an FX movement for Decision No. 32 purposes depends on the underlying transaction pattern. A Turkish resident sending crypto from a self-hosted wallet to their own foreign-exchange account for investment purposes sits in a grey zone that does not cleanly match any enumerated FX transaction type. A Turkish resident receiving crypto in exchange for goods or services exported to a foreign counterparty has underlying FX-export economics but transacts through a crypto channel that does not go through the Turkish banking system; this pattern can produce reporting gaps that come to light only during later audit. Conservative practice uses Turkish-licensed CASP conversion to Turkish Lira through a Turkish bank account for the Turkish resident's crypto-denominated inflows, which produces the standard FX-inflow documentation trail that the banking system is built to handle.

A Turkish Law Firm working through double taxation treaty application to crypto income addresses the framework where Turkey's treaty network (covering more than 85 jurisdictions) pre-dates crypto development and therefore does not contain crypto-specific allocation rules. Crypto-income characterization determines which treaty article applies. Trading gains by an individual typically fall within the capital gains article (Article 13 of the OECD Model Convention pattern, reflected with variations in most Turkish treaties), which allocates taxing rights depending on the nature of the asset — alienation of movable property is generally taxed in the state of residence of the alienator, which for Turkish residents means Turkey retains taxing rights on most crypto trading gains regardless of where the exchange is located. Business profits generated through crypto operations fall within the business profits article (Article 7 pattern) with permanent establishment analysis. Royalties and dividends analogies are occasionally asserted for specific token types but are structurally weak. The Multilateral Instrument (MLI) amendments that Turkey has signed affect treaty application on general principal-purpose and treaty-abuse grounds but do not add crypto specificity. For framework on international enforcement of Turkish judgments, readers can consult our international enforcement guide. Practice may vary by authority and year, and treaty application to crypto benefits from conservative characterization because aggressive treaty positions face audit risk without strong legal foundation.

An English speaking lawyer in Turkey coordinating international reporting intersections addresses the several parallel frameworks that can apply to a single Turkish-resident crypto holder. FATCA obligations apply to US persons (citizens, green card holders, certain long-term residents) with foreign financial accounts; Turkish banks and potentially Turkish CASPs report qualifying US-person accounts under the Turkey-US intergovernmental agreement. CRS (Common Reporting Standard), to which Turkey is a participating jurisdiction, produces automatic exchange of financial account information with treaty partners for Turkish-tax-residents with accounts abroad and for foreign-tax-residents with accounts in Turkey. The OECD Crypto-Asset Reporting Framework (CARF) is the crypto-specific extension of CRS, with global implementation rolling out from 2026-2027; Turkish implementation timeline depends on domestic legislation. The EU DAC8 Directive extends automatic exchange specifically to crypto within the EU and with certain non-EU jurisdictions; DAC8 does not directly bind Turkey but affects Turkish-resident holders with EU-exchange accounts and Turkish CASPs with EU clients. Sanctions screening — UN, EU, US OFAC, UK — applies to cross-border crypto transactions, and sanctioned-address screening has become a standard component of CASP compliance programs. Practice may vary by authority and year, and international reporting benefits from coordinated multi-jurisdictional review because reporting obligations overlap and a single transaction can trigger obligations in several frameworks.

Tax enforcement, audits, and penalties

A Turkish Law Firm coordinating tax audit defense for crypto-related matters works through the standard tax audit framework under Tax Procedure Law No. 213. The audit process typically begins with a document demand (bilgi isteme yazısı) under Article 148, requiring the taxpayer to provide specified records within a stated response window. For crypto audits, the demand commonly seeks exchange statements, wallet identifications, transaction logs, source-of-funds documentation for deposits, Turkish Lira conversion methodology, and income declarations for the audited years. Taxpayer responses must be accurate and complete: knowingly incorrect responses under Article 359 (Kaçakçılık Suçları — Tax Evasion Crimes) produce criminal referral with custodial penalties alongside administrative liability. Audit triggers for crypto cases include banking system reporting of crypto-related inflows above thresholds, inconsistency between declared income and observed lifestyle or asset acquisitions, information received from foreign tax authorities under CRS, referrals from other regulatory bodies (MASAK, SPK), and, increasingly, data analytics-driven selection where the Revenue Administration cross-matches data sets to identify undeclared crypto activity. Documentation preparation in advance of audit — contemporaneous records rather than retrospective reconstruction — is the decisive factor in how audits resolve.

Turkish lawyers who address penalty mitigation work through the VUK framework that provides several graduated relief mechanisms. Voluntary disclosure (pişmanlık ve ıslah) under Article 371 allows a taxpayer who has not yet been audited to declare previously undeclared or underdeclared tax with substantially reduced penalties — the principal tax deficiency remains payable with interest, but the tax-loss penalty that would otherwise attach to underdeclaration is typically eliminated. Article 371 is strictly time-sensitive: it is available only before the tax authority has begun audit or investigation with respect to the relevant period, and procedural compliance (complete disclosure, timely payment) is essential. Pre-assessment settlement (tarhiyat öncesi uzlaşma) under VUK Additional Article 11 allows negotiation between the taxpayer and the Settlement Commission before the formal assessment is issued, potentially reducing both the principal and the penalty. Post-assessment settlement (tarhiyat sonrası uzlaşma) under Article 376 supplementary provisions allows similar negotiation after assessment but before the tax court deadline. Penalty reduction under Article 376 proper allows a one-third reduction of tax-loss penalties if the taxpayer pays within the objection period without contesting the assessment; for first-time or irregular procedural violations, different reduction percentages apply. Each of these mechanisms involves trade-offs between certainty and exposure, and the optimal path depends on the strength of the substantive position, the size of the potential liability, and the taxpayer's cash flow constraints. For framework on tax audit defense, readers can consult our tax audit defense guide. Practice may vary by authority and year, and penalty mitigation benefits from early-stage engagement because pre-assessment options are substantially broader than post-assessment options.

An Istanbul Law Firm coordinating judicial review of contested tax assessments addresses the pathway from assessment to Tax Court (Vergi Mahkemesi). Filing to Tax Court proceeds under İYUK No. 2577 (Administrative Procedure Law): the filing period is 30 days from notification of the assessment, shorter than the 60-day general administrative filing period, and the deadline is strictly enforced — a petition filed on day 31 is dismissed on procedural grounds with substantial practical consequences. The Tax Court petition identifies the contested assessment, sets out the factual and legal grounds for challenge, attaches documentary evidence, and requests relief. Interim protection — stay of execution (yürütmenin durdurulması) under İYUK Article 27 — can prevent the tax authority from enforcing collection during litigation, but requires demonstration of the standard conditions (risk of serious and difficult-to-repair harm, apparent unlawfulness of the administrative act). Tax Court proceedings include written submissions, expert reports (bilirkişi raporu) in technically complex cases including crypto matters where blockchain forensics and valuation methodology are disputed, and a merits decision. Appeal to the Regional Administrative Court (Bölge İdare Mahkemesi) lies within 30 days of the Tax Court decision, and further review at the Council of State (Danıştay) is available for qualifying cases. Practice may vary by authority and year, and judicial review benefits from systematic procedural discipline because procedural defects can foreclose substantive claims regardless of merit.

Custody models and legal ownership of digital assets

A lawyer in Turkey coordinating custody-architecture analysis works through the framework where the custody model determines both operational risk and legal ownership characterization. In self-custody, the individual holder retains private keys on personal hardware (hardware wallet devices such as Ledger or Trezor), personal software wallets, or paper backups; legal ownership is direct and there is no intermediary counterparty, but the holder bears complete responsibility for key security. Custodial arrangements through exchanges produce intermediated ownership: the client deposits crypto with the exchange, which pools deposits, and the client holds a contractual claim against the exchange for return of equivalent assets. The legal character of this contractual claim — whether trust (emanet), commingled custody, or debtor-creditor — is not explicitly settled under Turkish law and depends on the specific terms of the exchange's user agreement and the operational practices. The distinction matters decisively in exchange insolvency: if the arrangement is a true trust with segregated assets, client holdings do not enter the bankruptcy estate and are returned to clients; if it is debtor-creditor, client holdings are pooled with other creditor claims and subject to pro-rata distribution. The Law 7518 client-asset-segregation requirements push licensed CASPs toward the trust-like model, but the legal characterization in any specific insolvency remains fact-specific.

Turkish lawyers who address crypto inheritance and succession work through the framework where Turkish succession law applies but crypto-specific technical issues create a practical gap. Succession under Civil Code No. 4721 Articles 495-681 covers all transmissible assets of the deceased, including crypto holdings. Forced heirship provisions (saklı pay) under Articles 505-507 reserve specified shares for descendants, parents, and the surviving spouse; crypto holdings are subject to the same reserved-share calculation as other assets. Testamentary dispositions can direct crypto-specific inheritance, and crypto can be bequeathed as a specific legacy. The practical problem is not legal but technical: if the deceased's private keys are not accessible to the heirs, the crypto is effectively lost — no court order, no inheritance certificate (veraset ilamı), and no bank-account-style recovery procedure can reconstruct a lost private key. Crypto succession planning therefore requires advance arrangements: secure key backup with explicit successor-access mechanisms, multi-signature arrangements where a trusted person holds one key triggered on death verification, institutional custody with identified beneficiaries, or written instructions stored with a notary and accessible to heirs upon production of the veraset ilamı. Inheritance and Transfer Tax Law No. 7338 applies to crypto inheritance; valuation at date of death requires contemporaneous fair-market-value documentation. For framework on cryptocurrency inheritance law, readers can consult our cryptocurrency inheritance law guide. Practice may vary by authority and year, and crypto inheritance benefits from advance planning because posthumous recovery of lost keys is frequently impossible.

An English speaking lawyer in Turkey coordinating corporate and institutional crypto holdings works through the governance framework where corporate crypto operations require structured decision-making. Board approval for material crypto positions reduces later challenge from minority shareholders and creditors, particularly where the crypto position is significant relative to corporate assets. Investment policy statements codifying the corporate approach to crypto — permitted assets, position limits, counterparty standards, custody arrangements, valuation methodology, reporting cadence — convert ad hoc decisions into governed processes. Segregation of duties for transaction authorization, multi-signature requirements for corporate wallets, and formal authorization workflows reduce insider risk and provide the documentary foundation for later audit. Turkish accounting standards-based balance sheet classification depends on the business purpose: inventory for trading operations, intangible assets for strategic holdings. Periodic impairment analysis is required where there is an indication that carrying value exceeds recoverable amount, with fair-market-value benchmarks documented. Financial statement disclosure of material crypto positions supports transparency to shareholders, auditors, and lenders. Corporate treasury operations holding crypto for operational purposes face additional considerations around banking-system integration, covenant compliance with existing credit facilities, and insurance coverage. Practice may vary by authority and year, and corporate crypto management benefits from integrated legal, accounting, and governance coordination because crypto-specific considerations interact with general corporate governance frameworks.

ICOs, token sales, and evolving legislative framework

A Turkish Law Firm structuring token sales under the Law 7518 framework starts with functional classification of the token. The analytical question is not the label the issuer applies but the economic substance: what does the holder acquire, and what does the holder reasonably expect in return. A token that confers profit-participation rights, that references an issuer's business performance, that is marketed on the basis of appreciation potential from issuer efforts, or that has features economically equivalent to equity or debt instruments is likely to be characterized as a security or a security-equivalent within the SPK framework, triggering public-offering rules including prospectus requirements, investor suitability standards, and ongoing reporting. A token that functions as access to a platform service (paying for computation, storage, or protocol functionality), that is consumed in use, that does not carry profit expectations tied to issuer efforts, and that is not marketed on investment terms is more likely to fall within the utility classification and, depending on the specific use case, may be subject to CASP regulation rather than public-offering regulation. Governance tokens conferring voting rights in decentralized protocols occupy an intermediate position, and non-fungible tokens (NFTs) representing unique assets require case-specific analysis depending on whether the NFT is marketed for its collectible or artistic qualities or for investment return.

Turkish lawyers who address token sale execution work through structural options that distribute risk between issuer, investors, and infrastructure. Public offering of security tokens through SPK-approved prospectus and a licensed intermediary is the formal pathway for security-classified tokens, requiring substantial disclosure, financial audit, and ongoing compliance. Private placement to qualified investors (nitelikli yatırımcı — sophisticated investors meeting specified thresholds under SPK regulations) permits reduced disclosure under the private-placement framework in exchange for narrower distribution. Pre-launch structures such as SAFT (Simple Agreement for Future Tokens) provide a contractual commitment to deliver tokens upon protocol launch in exchange for investment today; SAFT-style arrangements are common in the international market but their Turkish legal characterization and enforceability require careful drafting. Foreign structuring where the issuance entity is established in a more crypto-permissive jurisdiction and Turkish investors are excluded from the offering is feasible but requires discipline: Turkish investor exclusion must be genuine (not just a formal disclaimer), Turkish marketing channels must not be used, and the issuer must be able to demonstrate that any Turkish-resident participation was incidental and against the issuer's control measures. Whitepaper quality has become a practical litmus test for seriousness — detailed technical specification, honest risk disclosure, transparent team identification, specific use-of-proceeds allocation, and realistic roadmap signal issuer legitimacy in ways that generic marketing materials do not. For framework on crypto compliance under the 2024-2025 CMB architecture, readers can consult our crypto compliance 2024-2025 guide. Practice may vary by authority and year, and token sale structuring benefits from integrated legal, tax, and operational planning because launch errors produce persistent downstream consequences.

An Istanbul Law Firm monitoring ongoing regulatory evolution addresses the reality that the 2024 framework continues to develop through secondary regulations and international alignment. SPK secondary regulations implementing Law 7518 have been issued in phases during 2024 and 2025, covering detailed licensing procedures, operational requirements, capital adequacy specifications, client-asset-segregation mechanics, and supervisory framework. Further refinement is anticipated as the SPK accumulates supervisory experience with the licensed CASP population. Turkey's FATF engagement produces alignment pressure with evolving international AML standards; the Travel Rule extension to crypto has been implemented domestically following the FATF Recommendation 16 framework, and further adjustments may follow as FATF guidance develops. The EU MiCA (Markets in Crypto-Assets) Regulation, fully effective for CASPs from 30 December 2024, is not directly binding on Turkey but influences regulatory thinking and affects Turkish entities operating with EU clients or through EU infrastructure. The OECD CARF rollout starting from 2026-2027 will require Turkish domestic implementation decisions on crypto-specific automatic information exchange. IOSCO guidance on crypto asset regulation shapes SPK thinking through the international securities-regulator network. Tracking regulatory developments in crypto is therefore not a one-time compliance exercise but a continuous process, and operations designed for flexibility — rather than locked to a specific regulatory snapshot — are better positioned for the regulatory path ahead. Practice may vary by authority and year, and regulatory monitoring benefits from systematic tracking because the change pace in crypto substantially exceeds traditional regulatory areas.

Dispute resolution and crypto asset recovery

A lawyer in Turkey coordinating crypto dispute characterization works through the categorization that channels each dispute into the appropriate procedural pathway. Contract-based disputes — exchange terms-of-service violations, custody contract breaches, unfulfilled trading obligations — fall under Code of Obligations No. 6098 with forum determined by the contract or by general jurisdictional rules. Consumer-framing disputes — an individual user against a consumer-facing exchange — fall under Consumer Protection Law No. 6502, channeling the dispute to the tüketici hakem heyeti (consumer arbitration committee) for lower-value claims or the tüketici mahkemesi (consumer court) for higher-value claims. Tort-based claims — fraud under TCK No. 5237 Article 158 (qualified fraud with enhanced penalties where committed through internet or banking systems), negligence claims against custody providers, conversion claims where assets are wrongfully held — proceed through TBK tort framework and general civil courts. Cybercrime-based claims — hacking under TCK Articles 243-246 covering unauthorized access to information systems, data theft, and damage to information systems — produce criminal complaints to the prosecutor's office with parallel civil recovery available. The categorization is not merely labels: it determines competent forum, applicable procedural framework, available interim measures, burden of proof distribution, and enforcement mechanisms.

A Turkish Law Firm coordinating asset tracing and recovery works through the framework that combines blockchain transparency with traditional legal remedies. Blockchain forensic analysis — transaction tracing through public ledger data, wallet clustering to link addresses to single actors, identification of exchange deposit addresses through known-entity labeling — can establish asset movement patterns that are substantially more transparent than traditional financial tracing. The evidentiary value of forensic analysis in Turkish courts depends on presentation quality: expert-prepared reports explaining methodology, documentary support for entity attribution, and chain-of-custody for the underlying data produce admissible evidence, while raw wallet-screenshot evidence is typically insufficient. Cooperation with Turkish-licensed CASPs under the Law 7518 framework is materially stronger than pre-2024 cooperation: licensed CASPs are obliged to respond to court orders, prosecutorial requests, and MASAK requests with specified timelines, making account-level identification, freezing, and information disclosure operationally achievable when assets pass through licensed Turkish infrastructure. Provisional measures under HMK No. 6100 Articles 389-399 permit interim freezing of identified wallets or exchange accounts where the standard conditions (likelihood of success, risk of irreparable harm) are met; ihtiyati haciz (provisional attachment) under İİK No. 2004 Article 257 and following provides the monetary-claim-specific analogue. Cross-border recovery is substantially more difficult: assets that move to foreign exchanges or self-custody in uncooperative jurisdictions rapidly become practically unrecoverable, which makes speed of intervention the decisive variable in recovery outcomes. For framework on digital evidence admissibility, readers can consult our digital evidence admissibility guide. Practice may vary by authority and year, and asset tracing benefits from immediate action because dissipation windows are short.

Turkish lawyers who address smart contract and DeFi-specific disputes work through the framework where code-based execution interacts with traditional contract doctrine. Smart contract disputes present the question of how a Turkish court interprets automated execution that produces an outcome different from party expectations. The "code is law" position — that the code's execution is the contract — is not aligned with Turkish TBK doctrine, which interprets contracts based on the parties' true intent (gerçek irade) under TBK Article 19, with formal expression as evidence of but not conclusive of intent. A smart contract that executes contrary to a party's reasonable expectations because of a coding error, an oracle failure, or a manipulation attack can therefore be the subject of rescission (iptal), rectification (tashih), or damages claims despite the code's mechanical execution. DeFi protocols without identifiable counterparties present harder problems: traditional litigation requires a defendant, and purely decentralized protocols may not provide one. Practical approaches target front-end interface providers, protocol developers, or governance-token-holders who functionally control the protocol. Rug pulls — project teams abandoning after fundraising with misappropriated funds — produce parallel criminal (TCK Article 158) and civil claims, with cross-border perpetrators frequently requiring mutual legal assistance treaty coordination for any realistic enforcement. Arbitration clauses in crypto service contracts can provide structured dispute resolution, but consumer-protection doctrine may limit enforceability against individual users under Consumer Protection Law framework. Practice may vary by authority and year, and smart contract dispute resolution benefits from drafting-stage attention because post-execution options are narrower where contractual ambiguity exists.

Author: Mirkan Topcu is an attorney registered with the Istanbul Bar Association (Istanbul 1st Bar), Bar Registration No: 67874. His practice focuses on cross-border and high-stakes matters where evidence discipline, procedural accuracy, and risk control are decisive, with particular concentration on cryptocurrency legal status and taxation including Capital Markets Law No. 6362 as amended by Law No. 7518 of 2 July 2024 bringing crypto asset service providers (CASPs) under SPK oversight with licensing, capital adequacy, operational standards, and supervisory framework, Central Bank Regulation No. 2021/7 (16 April 2021 Official Gazette, effective 30 April 2021) prohibiting crypto assets in payments for goods and services, MASAK Law No. 5549 with CASPs as obliged entities effective May 2021 producing AML, KYC, suspicious transaction reporting, and UBO identification obligations including FATF Recommendation 16 Travel Rule implementation, Income Tax Law No. 193 individual crypto taxation including commercial income characterization issues, Corporate Tax Law No. 5520 corporate crypto taxation including Article 12 thin capitalization and Article 13 transfer pricing, VAT Law No. 3065 crypto VAT treatment distinguishing crypto-to-fiat from crypto-for-goods supplies, Tax Procedure Law No. 213 including Article 148 document demand, Article 359 criminal referral for tax evasion crimes, Article 371 voluntary disclosure (pişmanlık), Article 376 penalty reduction, and Additional Article 11 pre-assessment settlement, Decision No. 32 on Protection of the Value of Turkish Currency, KVKK Law No. 6698 as updated through Law No. 7499 of March 2024, Civil Code No. 4721 Articles 495-681 inheritance framework with Articles 505-507 forced heirship, Inheritance and Transfer Tax Law No. 7338, Consumer Protection Law No. 6502, TCK No. 5237 Article 158 qualified fraud and Articles 243-246 cybercrime framework, HMK No. 6100 Articles 389-399 provisional measures, İİK No. 2004 Article 257 and following provisional attachment, İYUK No. 2577 administrative procedure for tax disputes with 30-day Tax Court filing period and Article 27 stay of execution, MÖHUK No. 5718 private international law, Arbitration Law No. 4686, and international frameworks including FATF Recommendation 16, OECD CARF, EU MiCA Regulation, EU DAC8 Directive, FATCA, CRS, and IOSCO crypto guidance.

He advises individuals and companies across Capital Markets and Crypto Assets (including CASP licensing under Law 7518, token sales structuring, and securities classification analysis), Anti-Money Laundering and Compliance, Tax Law (including crypto tax planning and audit defense), Data Protection and Privacy, Commercial and Corporate Law, Foreign Investment, Intellectual Property, Arbitration and Dispute Resolution, Enforcement and Insolvency, International Tax, Foreigners Law, Citizenship and Immigration, Real Estate, Sports Law, Health Law, and Criminal Law. He regularly supports individual crypto holders on tax reporting structuring and documentation discipline, exchanges on CASP licensing and ongoing MASAK compliance, custody service providers on operational and regulatory architecture, token issuers on securities classification analysis and token sale structuring, cross-border crypto operators on regulatory mapping, taxpayers on audit defense and penalty mitigation through Article 371 voluntary disclosure or uzlaşma settlement, crypto dispute parties on claim characterization and asset recovery strategy through blockchain forensics and provisional measures, and business crypto treasury operators on governance and accounting coordination.

Education: Istanbul University Faculty of Law (2018); Galatasaray University, LL.M. (2022). LinkedIn: Profile. Istanbul Bar Association: Official website.

Frequently asked questions

1. Is cryptocurrency legal in Turkey? Crypto assets are legal for holding, investment, and trading through licensed CASPs but prohibited as a payment method for goods and services under Central Bank Regulation No. 2021/7 effective 30 April 2021. Investment and trading operations fall under Capital Markets Board oversight following Law No. 7518 of 2 July 2024.
2. What is Law No. 7518 and how does it affect crypto? Law No. 7518 of 2 July 2024 amended Capital Markets Law No. 6362 to bring crypto asset service providers (CASPs) under SPK licensing, capital adequacy, operational standards, and supervisory framework. Secondary regulations implementing the law have been issued in phases during 2024-2025.
3. What does the CBRT payment prohibition cover? Central Bank Regulation No. 2021/7 prohibits direct or indirect use of crypto assets as payment for goods and services, including through payment service providers facilitating crypto-to-fiat conversion at point of sale. Investment, holding, and trading activities remain lawful.
4. Are crypto exchanges subject to AML obligations? Yes. CASPs became MASAK obliged entities (yükümlü) effective May 2021 under Law No. 5549, with obligations covering KYC, enhanced due diligence for higher-risk clients, suspicious transaction reporting (STR), transaction monitoring, UBO identification, and Travel Rule compliance following FATF Recommendation 16.
5. How are individual crypto profits taxed? Turkey has not enacted a crypto-specific tax regime. Organized trading activity is typically taxed as commercial income under Income Tax Law No. 193. Occasional trading by individual investors faces genuine characterization ambiguity because the activity does not clearly fit into the enumerated income categories under Article 2.
6. How are corporate crypto operations taxed? Corporate crypto operations fall under Corporate Tax Law No. 5520 corporate tax framework with VAT treatment under Law No. 3065, transfer pricing under Article 13, and thin capitalization under Article 12 for related-party debt above 3:1 ratio. Accounting treatment depends on business use.
7. What are the VAT implications of crypto? Revenue Administration guidance has indicated that pure crypto-to-fiat exchange is generally not a VAT-taxable supply (analogous to foreign currency exchange). Crypto paid for goods or services can give rise to a VAT-taxable supply of the underlying goods or services. Case-specific analysis is required.
8. How are mining and staking taxed? Mining rewards conducted on organized scale typically produce commercial income at fair market value at receipt, with hardware, electricity, and operational costs deductible. Staking and airdrop characterization is more contested. Contemporaneous documentation of receipts and valuations is essential.
9. What records must be maintained for crypto tax compliance? Transaction timestamps, counterparty identification, volumes, prices, wallet addresses, transaction hashes, Turkish Lira conversion calculations with documented source rates, and platform documentation. Tax Procedure Law No. 213 applies with retention obligations and e-fatura integration for qualifying scenarios.
10. What happens if crypto tax is not declared? Administrative fines under Tax Procedure Law, interest on deficiencies, and potential criminal referral under Article 359 for serious violations including concealment. Voluntary disclosure (pişmanlık) under Article 371 provides reduced penalties if filed before audit initiation. Article 376 provides further penalty reduction for timely payment without contest.
11. Can I inherit cryptocurrency under Turkish law? Yes. Crypto assets are inheritable under Civil Code Articles 495-681 with forced heirship under Articles 505-507. The practical challenge is posthumous private key access — lost keys without backup produce permanent asset loss. Succession planning through secure key backup, multi-signature arrangements, or institutional custody is essential.
12. Are ICOs regulated in Turkey? Token sales face functional classification analysis. Security-classified tokens fall under SPK public-offering framework with prospectus and disclosure obligations. Utility tokens fall outside securities regulation but within CASP regulation where issued through a CASP. Governance tokens and NFTs require case-specific analysis.
13. What happens if my crypto is hacked? Response combines criminal complaint under TCK Articles 243-246 cybercrime provisions, provisional measures under HMK Articles 389-399 for wallet or account freezing where assets can be located, blockchain forensic analysis for tracing, cooperation with licensed Turkish CASPs under Law 7518 framework, and civil recovery alongside criminal prosecution.
14. How are cross-border crypto transfers regulated? Cross-border analysis combines Decision No. 32 FX considerations, double taxation treaty application (typically capital gains article for individual trading), FATCA and CRS reporting where applicable, the developing CARF framework, and sanctions screening. Case-specific analysis is required because frameworks interact.
15. How does ER&GUN&ER Law Firm structure crypto engagements? Engagements begin with integrated regulatory classification under Law 7518, CASP licensing where applicable, MASAK compliance program design, tax characterization and reporting, cross-border coordination, and dispute resolution architecture, translated into licensing applications, compliance programs, tax planning, documentation systems, and litigation representation when disputes emerge.