Crypto Law Profile

Turkey Law No. 7518 Amending the Capital Markets Law

Turkey’s Law No. 7518 defines crypto assets and CASPs, gives CMB/SPK licensing and supervisory powers, and sets custody, transfer, transition and penalty rules.

Turkey Effective Amendment Jul 2, 2024
View official text Suggest correction

At a glance

Status In force since July 2, 2024; CMB/SPK implementation is ongoing.
Adoption and effect Adopted June 26, 2024 and effective on publication July 2, 2024.
Primary regulator CMB/SPK has licensing, rulemaking, supervision and enforcement powers.
Covered entities Covers platforms, custody providers and other crypto-asset service providers.

Overview

Turkey Law No. 7518 Amending the Capital Markets Law is Turkey’s core statutory amendment for crypto assets and crypto asset service providers. The Turkish Grand National Assembly adopted the law on June 26, 2024, and it entered into force when published in the Official Gazette on July 2, 2024. The law amends Capital Markets Law No. 6362 and places crypto asset platforms, custody providers and other crypto asset service providers under the rulemaking, authorization and supervisory authority of the Capital Markets Board of Türkiye, commonly referred to as CMB or SPK.

Scope of Turkey’s crypto asset amendment

Law No. 7518 adds statutory definitions for wallets, crypto assets, crypto asset service providers, crypto asset custody services, platforms and TÜBİTAK. The framework defines a crypto asset broadly as an intangible asset created and stored electronically using distributed ledger technology or similar technology, distributed over digital networks and capable of expressing value or rights.

The law’s service-provider perimeter is platform-centered. A platform includes entities where crypto asset trading, initial sale or distribution, exchange, transfer, related custody or other designated activities are carried out. A crypto asset service provider includes platforms, crypto asset custody providers and other entities that may be designated under CMB/SPK rules, including services connected to initial sale or distribution.

Key provisions for crypto asset service providers

The law requires CMB/SPK authorization before a crypto asset service provider can be established or begin operating. CMB/SPK is authorized to set rules on establishment, operating permissions, shareholders, managers, personnel, organization, capital, capital adequacy, obligations, information systems, technology infrastructure, share transfers, permissible activities and temporary or permanent suspension.

  • Technology and controls: Providers must maintain arrangements, measures, internal control units and systems for secure system management. Authorization can depend on compliance with TÜBİTAK criteria for information systems and technological infrastructure.
  • Customer contracts and complaints: Customer agreements may be formed in writing or through CMB/SPK-approved electronic or remote methods. Contract clauses that remove or limit provider responsibility toward customers are invalid, and platforms must maintain internal mechanisms to resolve customer objections and complaints.
  • AML identity and transfer data: Providers must identify customers under Law No. 5549 and related AML legislation. Transfer records must be secure, accessible and traceable, with sender and recipient data transmitted under CMB/SPK and MASAK rules.
  • Listing and market integrity: Platforms must maintain written listing procedures and set order and transaction rules designed to support reliable, transparent, fair and stable trading.

Custody, segregation and customer-asset treatment

The law states that customers’ crypto assets should principally be kept in customers’ own wallets. If customers do not keep assets in their own wallets, custody must be provided by authorized banks approved by the Banking Regulation and Supervision Board or other CMB/SPK-authorized custody institutions, and customer cash must be held at banks.

Customer cash and crypto assets are separate from the provider’s own assets. The law provides that customer assets held by a crypto asset service provider cannot be seized, pledged, included in bankruptcy estate assets or subjected to provisional measures because of the provider’s debts, and the provider’s assets cannot be reached for customer debts. Crypto assets and related cash held at banks are not covered by Turkey’s deposit and participation-fund insurance rules.

Enforcement, transition and implementation status

Law No. 7518 creates enforcement tools for unlawful or unauthorized crypto asset service provider activity, including content removal and access blocking for unauthorized internet activity. Offshore platforms that target Turkey residents can be treated as engaging in unauthorized activity, including where they open a Turkish workplace, operate a Turkish-language website or conduct direct or indirect marketing toward residents in Turkey.

The law also adds criminal offences for unauthorized crypto asset service provider activity and for embezzlement involving crypto asset service providers. Existing providers were given a one-month declaration window from the July 2, 2024 effective date, while offshore providers targeting Turkey residents and Turkish crypto ATMs were given three months to wind down covered activity. CMB/SPK later issued secondary communiqués for establishment, operation, activities and capital adequacy. As of June 5, 2026, the law is in force, with certain CMB/SPK transition timing still subject to implementation adjustments.

Key provisions

Crypto asset and CASP definitions

Adds definitions for wallet, crypto asset, crypto asset service provider, custody service, platform and TÜBİTAK to Capital Markets Law No. 6362.

Regulatory perimeter Jul 2, 2024 Source

CMB/SPK authorization requirement

Requires CMB/SPK permission before CASPs may be established or begin operating, with activities limited to those determined by the regulator.

Licensing Jul 2, 2024 Source

Governance, capital and technology rules

Authorizes CMB/SPK to set rules for ownership, managers, personnel, organization, capital adequacy, information systems and technology infrastructure.

Cybersecurity Jul 2, 2024 Source

Customer contracts and complaints

Allows written or approved electronic customer contracts, voids clauses limiting provider responsibility, and requires internal complaint mechanisms.

Consumer protection Jul 2, 2024 Source

Customer identity and transfer records

Requires customer identification under AML law and secure, accessible, traceable records for crypto transfers and fund-transfer accounts.

AML/CFT Jul 2, 2024 Source

Listing and market-integrity controls

Requires written listing procedures and platform controls for reliable, transparent, fair and stable trading and prevention of market-disruptive acts.

Market abuse Jul 2, 2024 Source

Custody and client-asset segregation

Requires customer assets and provider assets to be kept separate and directs custody to approved banks or authorized custody institutions where customers do not self-custody.

Custody Jul 2, 2024 Source

Offshore and unauthorized activity controls

Treats offshore platforms targeting Turkey residents as unauthorized activity and authorizes access-blocking and content-removal measures.

Enforcement Jul 2, 2024 Source

Criminal penalties and embezzlement rules

Adds offences for unauthorized CASP activity and embezzlement involving CASP managers, personnel or controlling persons, with imprisonment and fines.

Enforcement Jul 2, 2024 Source

Transition and secondary regulations

Sets transition duties for existing CASPs, offshore providers and crypto ATMs, and directs CMB/SPK to issue secondary regulations.

Licensing Jul 2, 2024 Source

Timeline

  1. TBMM adopts Law No. 7518

    The Turkish Grand National Assembly adopted the amendment during the 28th term, 2nd legislative year.

    Passed Source

  2. Published and enters into force

    Law No. 7518 was published in the Official Gazette and entered into force on publication.

    In force Source

  3. Existing-provider declaration deadline

    Existing CASPs had one month from effectiveness to declare authorization intent or liquidation.

    Effective Source

  4. Offshore and ATM wind-down deadline

    Offshore CASPs targeting Turkey residents and Turkish crypto ATMs had a three-month wind-down period.

    Effective Source

  5. Secondary CMB/SPK communiqués published

    CMB/SPK communiqués III-35/B.1 and III-35/B.2 set establishment, operation, activity and capital rules.

    Published Source

  6. CMB/SPK extends certain transition timing

    Decision 18/617 extended certain custody-contract and authorization-certificate timing for CASPs.

    Published Source

Who it affects

Actors

Banking Regulation and Supervision Agency, Capital Markets Board of Türkiye, MASAK, TÜBİTAK, Turkish Grand National Assembly

Asset classes

Crypto assets, Tokenized capital market instruments

Official sources

TBMM Law No. 7518 record Turkish Grand National Assembly Legislative record Jun 26, 2024 Turkish High Official Gazette text of Law No. 7518 Official Gazette of Türkiye Law text Jul 2, 2024 Turkish High CMB/SPK July 2024 CASP announcement Capital Markets Board of Türkiye Regulator announcement Jul 2, 2024 Turkish High CMB/SPK Communiqué III-35/B.1 Capital Markets Board of Türkiye Communiqué Mar 13, 2025 Turkish High CMB/SPK Communiqué III-35/B.2 Capital Markets Board of Türkiye Communiqué Mar 13, 2025 Turkish High CMB/SPK Decision 18/617 transition extension Capital Markets Board of Türkiye Regulator decision Mar 26, 2026 Turkish High

Editorial note

This profile treats Law No. 7518 as Turkey’s statutory crypto-asset amendment to Capital Markets Law No. 6362. CMB/SPK secondary communiqués and 2026 transition decisions should be tracked as implementation materials rather than as separate amendments to the law text.