.jpg)
The rapid development of digital technologies has fundamentally transformed the structure of financial markets, and one of the most prominent outcomes of this transformation has been the emergence of crypto assets. A crypto asset refers to intangible digital assets that can be created and stored electronically using distributed ledger technology or similar technologies, transferred over digital networks, and represent value or rights. Initially introduced merely as a payment tool, these assets have gradually evolved into multifaceted financial instruments, expanding into areas such as investment, fundraising, and digital representation. With the increasing usage of crypto assets and their growing influence on the financial system, the provision of services related to these assets has become an independent field of activity. As a result, organizations that provide crypto services have emerged. The proper governance of these entities is crucial to ensure that crypto assets can be traded, stored, and transferred securely among users. This necessity has highlighted the importance of governmental and regulatory intervention, making legal regulation essential for ensuring transparency and trust in these markets.
The first step taken to regulate this new formation in Turkey was to bring crypto asset service providers under the supervision of the Capital Markets Board (“CMB” or “the Board”) through amendments made to the Capital Markets Law No. 6362 (the “CML”) by Law No. 7518. With the entry into force of Law No. 7518 on 02.07.2024, new concepts such as “crypto asset” and “crypto asset service provider” were incorporated into the scope of the CML. Through this amendment, for the first time, the crypto asset market in Turkey has been brought directly under capital markets legislation, adopting the principle that all institutions operating in this market must be regulated and supervised by the CMB. In particular, Article 35/B of this law introduced a comprehensive licensing and oversight regime for platforms wishing to offer crypto asset services, leaving the determination of operational principles and requirements to the Board’s discretion. Under the CML, providing crypto asset services includes activities such as mediating the purchase and sale of crypto assets, matching orders between users, ensuring the custody of assets in digital environments, carrying out transfer and settlement processes, or offering wallet services on behalf of users. These services are delivered through online digital platforms and entail obligations such as securing user assets, ensuring a transparent transaction infrastructure, and protecting investors. Article 35/B also outlines the framework regarding the establishment and operational requirements of crypto asset service providers. Accordingly, real or legal persons wishing to operate in this field in Turkey must incorporate as a joint-stock company and obtain a license from the CMB. The Board is authorized in both the establishment and licensing phases and sets out the principles that crypto asset service providers must adhere to, along with the supervision mechanisms and capital requirements to which they are subject.
Another significant step regarding crypto asset service providers was taken with the publication of Communiqué No. III-35/B.1 “On the Principles Regarding the Establishment and Operations of Crypto Asset Service Providers” and Communiqué No. III-35/B.2 “On the Working Principles, Internal Control Systems, Information Systems, and Capital Adequacy of Crypto Asset Service Providers” in the Official Gazette dated 13.03.2025 and numbered 32840.
These communiqués comprehensively regulate the establishment, licensing, and operational procedures of crypto asset platforms. While Communiqué No. III-35/B.1 addresses establishment and operational principles, Communiqué No. III-35/B.2 covers working procedures, internal control systems, adequacy of information systems, and capital requirements. The requirements for establishment under these communiqués which play a major role in the regulation of crypto assets under Turkish law are detailed in the following sections.
According to Communique No. III-35/B.1 (“Communique”), crypto asset service providers must obtain a license from the CMB before commencing operations. The establishment requirements are set out in Article 5 of the Communiqué. To obtain authorization from the CMB;
i) The entity must be established as a joint stock company, all of its shares must be registered and the shares must be issued solely in exchange for cash contributions.
ii) The paid-in capital of crypto asset trading platforms must be at least TRY 150,000,000, and that of custody institutions must be at least TRY 500,000,000. The entire capital must be paid in full and in cash, and the company’s equity capital must not fall below these minimum thresholds at any time.
iii) The articles of association must be prepared in accordance with the CML and relevant regulations, and
iv) The company’s field of activity must be limited exclusively to the services authorized by the Board. In addition, the founders must meet the qualifications stipulated by law, and the ownership structure of the company must be transparent.
Throughout the licensing and operational stages, both shareholders and members of the management body of crypto asset service providers must meet specific criteria, as set out in the Communique. These regulations aim to ensure that platforms are built on a foundation of not only financial strength but also sound governance and transparency. Pursuant to Article 6 of the Communiqué, any shareholder whether directly or indirectly holding more than 10% (ten percent) of the company’s capital must possess financial integrity, have not declared bankruptcy or applied for concordat, and must have fulfilled all tax and financial obligations to public institutions. Additionally, even if pardoned, such individuals must not have been convicted of serious crimes such as embezzlement, bribery, or fraud. A transparent and traceable shareholding structure is considered critical for the healthy progress of the application process. Thus, it is expected that shareholders have not only sufficient financial capacity but also personal integrity, professional reputation, and legal suitability to represent the platform.
Article 14 of the Communiqué lays out special qualifications for general managers and their deputies. Those appointed to these roles must have at least seven years of professional experience in financial markets, information technology, or financial technologies, as well as the necessary integrity and reputation for the position. Additionally, the general manager must reside in Turkey and work full-time in the role.
Regulations regarding members of the board of directors are set out in Article 15 of the Communique. According to this article, the board must consist of at least three members, and the majority of them must have completed undergraduate education. As with shareholders, board members must not have been convicted of certain crimes specified in Article 6.
To be authorized to operate in Turkey, crypto asset trading platforms must be incorporated as joint-stock companies. According to Article 7 of the Communiqué, it is mandatory for such companies to include the phrase “crypto asset trading platform” in their trade name. Furthermore, they must meet the minimum paid in capital requirement of 150 million Turkish Lira. All company shares must be registered and issued exclusively in exchange for cash contributions; contributions in kind are not accepted. These structural conditions aim not only to establish a sound corporate framework but also to ensure investor protection, promote transaction transparency, and support overall market stability.
Obtaining an establishment license alone is not sufficient for crypto asset service providers to commence operations; they must also complete the activity license process. According to Article 9 of the Communiqué, in addition to maintaining the establishment requirements, the provider must fulfill several organizational and technical obligations.
These include full and cash payment of the minimum capital, establishment of an adequate organizational structure, implementation of effective internal control, risk management, and information security systems. The adequacy and compliance of the organizational structure is subject to the supervision and approval of the CMB, pursuant to Article 9 of the Communiqué No. III-35/B.1. According to Article 14 of Communiqué No. III-35/B.1, general managers and their deputies are required to have at least seven years of professional experience in financial markets, financial technologies, or information technologies, and must possess the necessary professional competence, reputation, and integrity. The general manager must reside in Turkey and work full-time in this role. However, there is no requirement to be a Turkish citizen. According to Article 13, all staff members must have the qualifications appropriate to their assigned roles, including relevant education, experience, and technical skills, and must meet the standards of honesty and reliability. Furthermore, platforms are required to establish information security systems that comply with TÜBİTAK criteria, implement a price monitoring mechanism, and create complaint resolution systems for customer disputes.
According to Article 17 of Communiqué No. III-35/B.1, once the establishment license which permits the legal incorporation of the company has been granted, crypto asset service providers are required to apply for an activity license within 6 (six) months in order to begin their operations. The activity license, distinct from the establishment license, signifies that the platform has fulfilled all operational, technical, and organizational requirements set by the CMB. Failure to submit the application within this period results in the expiration of the right to obtain the license, unless an extension of up to one (1) year is granted by the Board. Without the activity license and the official certificate of authorization, the platform is not permitted to operate.The application must be submitted with complete documentation and in full compliance with technical and regulatory standards. Applications that fail to meet the criteria will not be evaluated. In this respect, the proper preparation and completeness of the submission is crucial to passing the Board’s suitability assessment.
From a financial perspective, crypto asset service providers are required to maintain capital adequacy not only at the time of establishment but also throughout their operational lifespan. In addition to the minimum capital requirements, a certain portion of the equity must be held as free and cash-equivalent assets that can be pledged as collateral.
Moreover, these platforms must undergo annual independent audits, which can only be conducted by audit firms authorized and listed by the CMB. This measure is aimed at ensuring transparency, financial soundness, and investor protection.
In the CMB’s announcement dated 02.07.2024, existing businesses already offering crypto asset services prior to the new regulations were granted a transition period. These businesses are required to apply to the Board and submit the necessary documents within three months of the announcement. Platforms that fail to apply within this period or do not meet the necessary requirements will not be allowed to continue their operations.
The new regulatory frame framework introduced for the crypto asset market fills a significant legal gap by aiming to ensure market integrity, investor protection, and financial stability. However, these regulations do not merely grant operating licenses to platforms, they also impose a series of comprehensive and ongoing obligations. Among the core requirements are the establishment of internal control mechanisms, implementation of TÜBİTAK approved information security infrastructures, transparent and traceable record-keeping of all transactions, and the segregation of customer assets from those of the platform itself. These elements collectively form the foundation of the compliance obligations imposed on service providers.
Accordingly, entrepreneurs who wish to establish a digital crypto asset trading platform in Turkey must possess not only strong financial capital, but also robust governance structures, advanced technical infrastructure, legal compliance awareness, and institutional capacity. Full compliance with all relevant regulations throughout the establishment and operational processes is critical for obtaining the necessary authorizations and ensuring sustainable operations.
In conclusion, any party intending to operate in this field must strictly adhere to the provisions of the Capital Markets Law No. 6362, Law No. 7518, and the regulations outlined in Communiqués No. III-35/B.1 and III-35/B.2 issued by the CMB. Every stage of the process from incorporation to licensing and day to day operations is subject to detailed legal oversight to protect investors and sustain trust in the market.
1. https://www.resmigazete.gov.tr/eskiler/2024/07/20240702-1.htm
2. https://www.spk.gov.tr
3. https://www.resmigazete.gov.tr/eskiler/2025/03/20250313-5.htm
4. https://www.resmigazete.gov.tr/eskiler/2025/03/20250313-6.htm5. https://bilgem.tubitak.gov.tr/kvhs/
For any questions regarding this article, you may contact the contributors or reach out to info@npartners.com.tr
| Nazlı Özkul | Beliz Deveci | Elif Tanyeri |
| Partner | Legal Intern | Associate |
| T: +90 533 413 75 03 | T: +90 544 103 46 06 | T: +90 533 600 11 05 |
| nazli@npartners.com.tr | beliz@npartners.com.tr | elif@npartners.com.tr |
On this website, device information and personal data are processed through the use of cookies and similar technologies. This processing serves purposes such as content delivery, integration of external services and third-party components, statistical analysis and measurement, personalized advertising, and social media features. Depending on the type of processing, data may be shared with and processed by third parties. Your consent is entirely optional, not required for the use of our website.
Your personal data is protected by N Partners ("COMPANY" or "N Partners") as the data controller, and safeguarding the privacy of visitors to our website (www.npartners.com.tr) is one of our fundamental principles. This Cookie Usage Policy (“Policy”) explains the types of cookies used and the conditions under which they are utilized for all our website visitors and users.
Cookies are small text files stored on your computer or mobile device by the websites you visit through your browser or network server.
They are generally used to provide you with a personalized experience during your use of the website, improve the services offered, and enhance your user experience. They can contribute to ease of use when navigating the site. If you prefer not to use cookies, you can delete or block cookies through your browser settings. However, please be aware that this may affect your experience on our website. Unless you change your cookie settings, we will assume that you accept the use of cookies on this site.
Depending on their type, cookies collect data regarding your browsing and usage preferences on the device you use to access the website. This includes information such as the pages you access, the services and products you view, your selected language, and other preferences.
Cookies are small text files stored on your device or network server by websites you visit through your browsers. These small text files, which include your language preferences and other settings, help remember your choices for future visits and allow us to make improvements to our services. Thus, you can enjoy a better and more personalized experience during your next visit.
The main purposes of using cookies on our website are listed below:
Session cookies ensure the proper functioning of the website during your visit. They are used for purposes such as ensuring the security and continuity of both our websites and your visit. Session cookies are temporary and are deleted once you close your browser or leave our website.
Persistent cookies are used to remember your preferences and are stored on your device through browsers. These cookies remain stored even after you close your browser or restart your computer and are kept until deleted through your browser settings.
Some types of persistent cookies can be used to offer you personalized recommendations based on your usage purposes on the Website.
Thanks to persistent cookies, if you revisit our Website with the same device, it can be determined whether a cookie created by our Website exists, and, if so, the content provided to you can be tailored accordingly for a better service experience.
Mandatory cookies are essential for the proper functioning of the website you visit. The purpose of these cookies is to enable the Website to function and to provide necessary services. For example, they allow access to secure areas, use of features, and navigation within the site.
Analytical cookies collect information about how the website is used, the frequency and number of visits, and show how visitors navigate to the site. These cookies aim to improve the Website’s operation by enhancing performance and determining general trends. They do not contain data that can identify visitors. For example, they show the number of error messages or the most visited pages.
Functional cookies remember the choices you make within the site for future visits. Their purpose is to provide convenience to visitors. For instance, they prevent users from re-entering their passwords each time they visit different pages on the site.
Targeting/advertising cookies measure the effectiveness of ads presented to visitors and calculate the number of times ads are displayed. These cookies aim to deliver personalized advertisements tailored to visitors' interests.
Similarly, they help detect visitors’ interests based on their browsing behaviors and ensure appropriate content is presented. For example, they prevent the repeated display of an ad in a short period.
You can change your preferences regarding the use of cookies, or block or delete cookies altogether by adjusting your browser settings.
Most browsers offer options to accept or reject cookies, accept only certain types of cookies, or notify you when a website wants to store cookies on your device.
It is also possible to delete previously stored cookies through your browser.
If you disable or reject cookies, some features and services on the Website may not function properly, and you may need to manually adjust some preferences, as we may not be able to recognize or associate your account.
You can change your browser settings by clicking the relevant link in the table below:
The Website Privacy Policy is dated 10/10/2024. If any parts of the Policy are renewed, the effective date will be updated accordingly. The Privacy Policy is published on the Organization’s website (www.npartners.com.tr) and made available to data subjects upon request.
Company Name: N Partners
Address: Tesvikiye Mah. Sakayik Sk. No:42 D:6 Sisli/Istanbul - Turkey
Phone: +90 507 604 2325
Email: info@npartners.com.tr
Website: www.npartners.com.tr
