Türkiye drafts long-awaited regulations on cryptoassets


On 16 May 2024, the newest version of the highly discussed draft regulations for cryptoassets (Draft) was submitted to the Presidency of the Grand National Assembly of Türkiye.

The Draft proposes regulating certain crypto activities and the cryptoasset service providers (Service Providers) under the Capital Markets Law No. 6362 (Law), specifying that provisions of the Law that does not explicitly refer to Service Providers will not apply to them. According to the explanatory memorandum accompanying the Draft, the regulations emphasise an approach that avoids hindering the development of blockchain technology and aims to regulate cryptoasset exchange activities before the platforms.

Key provisions of the Draft

The Draft details regulations to cover the operations and liabilities of Service Providers, including a licensing requirement, the cryptoasset-related activities considered within the scope of the Law, the transition period for existing Service Providers to comply with the Draft's requirements, and the sanctions to be imposed in cases of noncompliance.

Classification of cryptoassets and applicability of the Capital Markets Law

The explanatory memorandum accompanying the Draft acknowledges various types of cryptoassets and classifies them as follows:

  1. Security cryptoassets: containing rights exclusive to securities;
  2. Electronic money cryptoassets: designed for electronic payments,
  3. Utility cryptoassets: defined as cryptoassets providing access to a service or product, and also include NFTs, as it is stated that utility cryptoassets include cryptoassets that constitute evidence of ownership similar to copyright in respect of photographs, videos, audio, works of art and other similar items,
  4. Cryptoassets that develop distributed ledger technology or similar technological infrastructure and whose value cannot be separated from that technology: recognised as primary cryptoassets, such as Bitcoin and Ethereum.

Apart from the above classification, cryptoassets can also be classified as stable or unstable, depending on whether there is an asset behind the value of a cryptoasset.

When determining the law applicable to a cryptoasset, it will be necessary to evaluate the benefits or rights that the cryptoasset will provide to its purchaser. Using cryptoassets to provide rights that can be granted by capital market instruments, such as offering a cryptoasset in exchange for shareholder rights, will subject that cryptoasset to the Law.

Regardless of their classification, the Law will apply to any cryptoasset traded on an exchange platform and regulating these activities will fall within the scope of the authorities of the Capital Markets Board (CMB).    

The Draft authorises the CMB to determine principles for (i) the issuance of capital markets instruments in the form of cryptoassets; and (ii) the sale and distribution of cryptoassets specified under item (d) above, without applying the provisions of the Law regarding capital markets instruments.

The Law will not apply to the types of cryptoassets not listed above. Other governmental institutions, such as the Central Bank of the Republic of Türkiye and the Ministry of Trade, will be able to regulate these cryptoassets, particularly electronic money and utility tokens.

Requirements for Service Providers

Licensing and membership

  • The Draft requires from Service Providers to obtain a licence from the CMB in order to operate. Service Providers include (i) cryptoasset trading platforms (Platforms), (ii) cryptoasset custody services, and (iii) other entities providing services related to cryptoassets, which will be further specified by future regulations based on the Draft.
  • Furthermore, Service Providers must apply to the Turkish Capital Markets Association to become members. The CMB will cease the activities of any Service Providers that fail to fulfil this membership obligation.

Compliance and governance

  • The Draft establishes principles that the shareholders, directors, representatives of the Service Providers must comply with and stipulates that any share transfers within Service Provider entities must receive permission from the CMB to be valid.  
  • If shareholders of the Service Providers, who possess certain characteristics determined by the Draft, such as holding more than 10% of the shares of a Service Provider entity, no longer comply with the requirements set forth for shareholders under the Draft, they will be required to transfer their shares within six months to persons who fulfil these requirements. Until the transfer occurs, the CMB will determine how and by whom the voting rights of these shares will be exercised.
  • The CMB is authorised to determine additional principles that the Service Providers must follow, including principles regarding share capitals, employees, share transfers, information systems, and technological infrastructures. The Scientific and Technological Research Council of Turkey (TUBITAK) will set the criteria for information systems and technological infrastructures that the Service Providers must adhere to, and compliance with these criteria will be necessary for the CMB to grant licenses to the Service Providers.

Financial obligations

  • Platforms will be required to pay an annual fee of 1% of their total income, excluding interest income, to both the CMB and TUBITAK (each at a rate of 1%), resulting in a total fee of 2%.

Regulations for foreign platforms

The Draft underlines that engaging in activities directed at residents in Türkiye by Platforms based abroad is considered an unauthorised cryptoasset service provision. Establishing a website in the Turkish language and conducting promotional and marketing activities related to the services for residents in Türkiye are considered activities directed at residents in Türkiye.

Platforms based abroad will be required to terminate their activities directed at residents in Türkiye within three months following the effective date of the Draft. These Platforms must obtain a licence from the CMB to continue their services to Turkish residents.  

Transaction regulations and client protection

According to the Draft, the CMB is authorised to determine the procedures and principles for trading, initial offering or distribution, exchange, transfer and custody of cryptoassets on the Platforms. Regarding agreements between the Service Providers and clients, which must be in written form, the Draft stipulates that any contractual terms removing or limiting the liability of the Service Providers to their clients are invalid. The CMB will have the authority to determine the organisation, scope, amendments, fees and expenses, expiry and termination of agreements between the Service Providers and their clients, as well as the minimum requirements that must be included in these agreements.

Strikingly, the Draft reserves the provisions of the currency control laws for all types of transactions made with cryptoassets. It is currently unclear how this regulation will influence practice.

The Draft also provides regulations related to the storage and recording of clients’ wallets and assets, measures that must be taken for safe transactions, and prohibits attachment, pledge, or interim measures over clients’ assets related to the debts of the Service Providers. Additionally, it states that the CMB will issue regulations regarding investment advisory and portfolio management for cryptoassets.

Measures and sanctions for unauthorised activities

  • The provisions of the Law regulating inspections to monitor compliance with the capital markets legislation will apply to the Service Providers.
  • Financial audits and independent audits of information systems of the Service Providers will be carried out by independent audit institutions. The CMB, in cooperation with TUBITAK or other public institutions, may establish additional principles regarding information systems audits.
  • Individuals and individual representatives of entities who conduct unauthorised cryptoasset service activities will be subject to imprisonment for three to five years and a judicial fine ranging between TRY 500,000 to TRY 5 million.
  • If a Service Provider fails to meet their transfer obligations or if their financial structure weakens, the CBM will be able to take various measures, up to and including the withdrawal of the licences of the Service Provider.
  • In response to certain unauthorised activities on the Internet, the CMB will be able to decide to block access to the offending site or to remove the content.
  • The provisions of the Law regulating measures to be taken by the CMB, as well as imprisonment and monetary fines to be imposed, in the event of performing unlawful activities, providing unauthorised activities or making unauthorised announcements or advertisements related to these activities, will apply to the Service Providers.
  • The Draft specifies that the Service Providers and their personnel are liable for damages resulting from unlawful activities and failures to fulfil payment or deliver cryptoassets, detailing the extent of their liability.
  • The Draft regulates embezzlement committed by board members, personnel, and individual shareholders of the Service Providers, providing details and consequences for committing this offence.

Transition period for existing Service Providers

Service Providers operating when the Draft enters into force must declare to the CMB within one month from the effective date of the Draft that either:

  • They undertake to apply to the CMB to obtain a licence by fulfilling the requirements to be determined by the secondary legislation of the Draft; or
  • They will take a liquidation resolution within three months, ensuring that no losses will be incurred by their clients and will not accept new clients during the liquidation period.

For operations commencing after the Draft comes into force, a declaration must be submitted to the CMB stating that the requirements to be determined by the secondary legislation of the Draft will be met and an application will be made to obtain a licence.

Applications made to the CMB will be announced on the website of the CMB.

Upon the publication of the secondary regulations of the Draft, the CMB may set a deadline for the completion of the authorisation procedures of the applicant entities and may request the entities that fail to obtain an authorisation certificate within this period to terminate their activities. The Draft grants the CMB the power to extend the deadlines.

In the event of failing to fulfil declaration obligations and apply to the CMB, sanctions set forth for unauthorised activities, as detailed above, may be imposed.


The submission of the newest version of the draft regulations for cryptoassets represents a pivotal move towards establishing a comprehensive legal framework for cryptoassets and cryptoasset service providers. However, further insight is needed and appears to be forthcoming as the Draft designates the CMB to address unresolved issues through secondary regulations.

For more information on the draft regulations and the use of cryptoassets in Türkiye, contact your CMS client partner or CMS experts: [email protected] and [email protected]