EST · MMXXVI
Home/Jurisdictions/Turkey/Staking service legal framework in Turkey
DeFi, Tokenization & Smart-Contract Law

Staking service legal framework in Turkey

Staking service legal framework in Turkey. Cross-border digital-asset legal counsel for business – licensing, disputes and structuring. Talk to OBOLUS.

Operating a staking service is, on its face, a straightforward product decision: a platform receives digital assets, commits them to a proof-of-stake network, and distributes rewards. In Turkey, that commercial simplicity collides with a regulatory environment that is still consolidating its position on crypto-asset classification, and the legal treatment of a staking operation depends entirely on how the underlying token and the service model are characterized. Mis-classifying a token can convert a product launch into an unregistered securities offering – a risk that Turkish regulators, following the global pattern set by bodies such as ESMA and FATF, are increasingly equipped to pursue. This guide walks through each step of establishing a legally sound staking service in Turkey: the regulatory perimeter, the entity and licensing question, the cross-border banking and tax interaction, and the decision points an operator must resolve before going live.

What Is the Regulatory Perimeter for Staking in Turkey?

Turkey's primary crypto-asset regime is administered by the Capital Markets Board of Turkey (Sermaye Piyasası Kurulu, or SPK), and under the relevant provisions of the Capital Market Law as amended to cover crypto assets, any platform that holds, manages or intermediates crypto assets on behalf of third parties requires a licence from the SPK. Staking as a service – where the platform receives customer assets, controls the validator keys, and collects or distributes rewards – sits squarely within that intermediation perimeter. A staking provider that merely offers software or a non-custodial protocol interface sits in a different position, but the SPK's approach to substance over form means that effective control of assets is the operative test, not the contractual label.

Turkey does not yet operate a passporting system equivalent to the MiCA CASP authorisation that allows a single EU licence to cover the entire European Economic Area. An operator established in an EU jurisdiction under MiCA cannot simply on-board Turkish users without a separate analysis of the SPK's inbound-service rules. That cross-border gap is one of the most common structural problems we see in practice: a platform licensed in Malta or Lithuania assumes its EU authorisation covers a Turkish user base, and it does not.

The FATF Recommendation 15 framework – which Turkey has formally adopted through its own AML/CFT legislation – requires any virtual asset service provider to implement customer due diligence, transaction monitoring, and, above a threshold that varies by instrument and counterparty type, the Travel Rule obligation to pass originator and beneficiary data with transfers. For a staking service, this means that each customer's deposit and each reward distribution is a reportable event under the applicable VASP provisions. Operators that treat staking as a purely technical function and route compliance through a holding company in a lower-scrutiny jurisdiction have consistently found that Turkish regulators pierce that structure when the actual service is delivered to Turkish residents.

To map the Turkish regulatory perimeter against your specific service model, contact OBOLUS at info@oboluslaw.com. The analysis above describes the standard path. Your facts – the asset type, the key-custody model, the user base – change the outcome materially.

How Does Token Classification Affect a Staking Service?

Token classification is the first and most consequential legal question for any staking service operating in Turkey, because the SPK applies a substance-over-label test that looks through the marketing term to the rights the token actually confers on its holder. A utility token, in its strict legal sense, grants access to a defined platform function and nothing more; a token that also carries a right to a share of protocol revenue, a governance vote that influences financial outcomes, or a redemption right against the issuer is likely to be characterized as a capital-markets instrument – and that characterization brings the full weight of securities regulation with it.

For staking specifically, the reward mechanism is the pressure point. If the staking reward is framed as a yield on capital – a return tied to the performance of a pool managed by the platform – the SPK's position is analogous to the analysis applied by the US SEC and CFTC in their own enforcement posture: the investment-of-money-in-a-common-enterprise test may be satisfied, and the token, together with the staking service, may constitute an unregistered offering. The fact that the underlying network is decentralized does not, in current Turkish regulatory practice, remove the operator's liability if the operator is the entity collecting fees and distributing rewards.

This is the myth that costs operators the most runway: a utility label on a whitepaper does not settle the legal classification. The SPK reads the economic substance of the arrangement. We assess classification against the substance of rights, not the marketing label – and in our cross-border practice, we regularly advise clients to restructure reward mechanics before a Turkish launch rather than after a regulatory inquiry has opened.

What Entity and Licensing Structure Does a Staking Service Need?

A staking service targeting Turkish users, or operating Turkish-resident validators, needs to resolve the entity question on two levels: the operating company and the licence or registration that permits the activity. Under the SPK regime, crypto-asset service providers must be incorporated as joint-stock companies (anonim şirket) under Turkish commercial law, must meet minimum capital requirements set by the SPK (which vary by licence category and are subject to update – consult current SPK guidance for the applicable figure), and must maintain their servers and data storage within Turkey or in a jurisdiction approved under the applicable data-sovereignty rules.

For an inbound operator – a business incorporated outside Turkey that wants to serve Turkish users – the structural options are broadly two. First, incorporate a Turkish subsidiary and apply for a SPK licence directly. Second, operate from a regulated foreign jurisdiction and restrict Turkish users contractually, accepting that geo-blocking is an imperfect compliance tool and that regulators are increasingly willing to assert jurisdiction over platforms with material Turkish user bases regardless of where the company is registered.

In our experience, operators who choose the second path and rely on geo-blocking alone tend to discover the limitation when they seek Turkish banking relationships or when a dispute arises involving a Turkish user. A Turkish court or regulator will look at the economic reality of the user relationship, not the terms-of-service disclaimer. The cost of building the correct structure before launch is consistently lower than the cost of remediation after the fact.

The cross-border licensing stack matters here. A business that is already licensed under the MAS Payment Services Act in Singapore, under FINMA in Switzerland, or under VARA in Dubai will find that its existing compliance infrastructure – KYC standards, Travel Rule tooling, AML policies – maps efficiently onto the SPK's expectations. The SPK does not offer a formal equivalence recognition for foreign licences, but a demonstrated compliance history with a Tier 1 regulator shortens the Turkish authorisation process in practice.

What Is the SPK Application Process for a Staking Platform?

The SPK application process for a crypto-asset service provider licence follows a structured path: pre-application consultation, formal application submission, document review and supplemental queries, and authorisation decision. The pre-application phase is not optional formality – it is the stage at which the SPK signals whether the proposed service model and entity structure fall within a licensable category, and operators who skip it frequently receive a formal rejection on structural grounds that could have been resolved earlier.

The core application file typically includes: the articles of association of the Turkish entity; the capital and ownership structure; the business plan and service description (including the staking model, key-custody arrangement, and reward-distribution mechanics); AML/KYC policies and the designated compliance officer's credentials; IT security documentation; and evidence of the minimum capital on deposit. The SPK may request supplemental information, and the overall timeline from submission to authorisation varies – treat it as a matter of months, not weeks, and plan your go-to-market schedule accordingly.

A micro-matter from our practice illustrates the timeline risk. In a recent matter, a European staking platform seeking to on-board Turkish institutional clients submitted its application with a business plan that described the staking service in technical terms but did not address the reward distribution mechanism from a securities-law perspective. The SPK issued a supplemental query within the review period asking the operator to characterize the reward as either a yield instrument or a protocol fee. The delay – measured in additional months – pushed back the platform's Turkish launch by a full quarter. We were engaged to reframe the service description and prepare a classification memorandum; the application was subsequently cleared. That outcome was achievable, but it would have been faster and less expensive if the classification work had been done before the initial submission.

How Does the Cross-Border Tax and Banking Interaction Work?

Turkey taxes crypto-asset income under its income tax legislation, and the classification of staking rewards – as business income, capital gain, or a separate category – turns on the nature of the taxpayer and the legal characterization of the reward. For a Turkish-incorporated operating company, staking rewards received on behalf of clients are generally treated as business income and subject to corporate income tax; for individual users, the treatment varies and is subject to ongoing legislative development. Neither rate nor threshold should be stated here as a fixed figure – they are subject to annual budget legislation and require current advice.

Banking for a Turkish crypto-asset service provider is a structural challenge that the SPK licence does not resolve on its own. Turkish commercial banks have applied varying levels of caution to crypto-asset businesses, and a newly licensed staking platform will typically need to demonstrate its SPK authorisation, its AML compliance programme, and its capital adequacy to prospective banking partners before accounts are opened. In our cross-border practice, we regularly advise clients to sequence the banking relationship as a parallel workstream to the licence application, not a sequential one.

For operators with an existing offshore entity – in the BVI, Cayman Islands, or a EU member state – the interplay between the Turkish operating company and the offshore holding structure creates transfer-pricing and beneficial-ownership disclosure obligations. The FATF beneficial ownership standards, which Turkey has implemented in its AML legislation, require the platform to identify and verify the ultimate beneficial owners of the Turkish entity. A structure that obscures ownership through a chain of offshore holding companies will not survive SPK due diligence and may trigger AML referrals independently of the licence review.

VAT treatment of staking fees and rewards is a further open question. Turkey's tax administration has issued general guidance on crypto-asset VAT, but the specific treatment of staking-as-a-service is not yet the subject of a definitive ruling. Operators should seek a formal tax opinion before launching a Turkish staking product, both to establish their filing position and to demonstrate regulatory good faith in the event of a later audit.

What Is the Legal Status of Smart Contracts and DeFi Staking in Turkey?

A smart contract (self-executing code on a blockchain that automates the terms of an agreement) is not recognized as a distinct legal instrument under Turkish contract law as currently codified, but the obligations it encodes are enforceable to the extent they satisfy the general requirements for a valid agreement: offer, acceptance, consideration, and legal capacity of the parties. For a staking service that automates reward distribution through a smart contract, the practical consequence is that the code is the agreement, and any failure in execution – whether from a bug, an oracle manipulation, or an economic attack – will be analyzed under Turkish civil and commercial law as a breach of the underlying service contract, not as a pure technical malfunction.

Liability when a smart contract fails is one of the most actively litigated questions in digital-asset law globally. In the Turkish context, the operator of a staking platform that deploys a smart contract for reward distribution carries the service provider's duty of care toward its customers. A DAO structure does not automatically distribute or eliminate that liability: if a DAO (decentralized autonomous organization) controls the protocol, Turkish courts will look through the governance structure to identify the natural or legal persons who deployed, promoted, and profited from the service. General partners, founding token holders with material governance weight, and entities that marketed the service to Turkish residents are all potential defendants.

Tokenization of staking positions – issuing a liquid staking token (a token representing a beneficial interest in a staked asset pool) – adds another layer. That token may itself be a transferable capital-markets instrument under the SPK regime, requiring its own whitepaper and, potentially, a separate prospectus or offer registration. Operators who launch a liquid staking token without this analysis have, in practice, created two compliance exposures: the staking service and the token offering.

Which Operator Profile Should Choose Which Structure?

The right structural choice for a staking service in Turkey depends on the operator's existing regulatory footprint, user base, and product design. The following decision framework applies to the most common profiles we advise.

Profile A – A global exchange already licensed under MiCA seeking to add Turkish users should incorporate a Turkish subsidiary, apply for a SPK crypto-asset service provider licence, and use its existing MiCA-compliant AML/Travel Rule infrastructure as the baseline for the Turkish application file. The indicative timeline from incorporation to licence grant is a matter of months and depends on the complexity of the service description and the SPK's supplemental query cycle. The key risk is under-estimating the classification analysis required for the staking reward mechanism.

Profile B – A DeFi-native protocol with no existing regulated entity seeks to offer non-custodial staking tooling to Turkish users. The operative question is whether the protocol, in substance, takes custody of assets. If it does not – if the user controls the validator keys and the protocol is purely a software interface – the SPK licence requirement may not apply, but the AML registration obligation under the applicable VASP provisions likely does, because the protocol generates and distributes value on behalf of users. The risk profile here is medium-high: DeFi-native platforms regularly underestimate the reach of the VASP definition.

Profile C – A startup incorporated in a jurisdictions such as BVI or Cayman Islands that has not yet launched and is evaluating Turkey as a primary market should resolve the entity question first: establish the Turkish joint-stock company, run the pre-application consultation with the SPK, and then build the product around the confirmed regulatory perimeter. Attempting to build first and license second is the single most common source of costly structural rework we encounter in our practice.

If your profile does not fit neatly into one of these categories, write to us at info@oboluslaw.com or message t.me/oboluslaw. A prior attempt at licensing that stalled, or a banking relationship that closed unexpectedly, often has a structural explanation that a second review can surface.

Self-Assessment Checklist Before Launching a Staking Service in Turkey

Before committing to a Turkish staking product, an operator should work through the following questions. Each unresolved item is a potential point of regulatory exposure.

  • Has the platform obtained a written token-classification opinion under the SPK regime for each asset it proposes to stake?
  • Has the reward-distribution mechanism been characterized as business income, yield, or protocol fee – and has that characterization been documented in the application file?
  • Is the operating entity a Turkish joint-stock company with the minimum capital on deposit and a Turkey-resident compliance officer?
  • Has the AML/KYC programme been mapped against the FATF Recommendation 15 requirements and the Travel Rule obligations applicable to staking deposits and reward distributions?
  • Has the tax treatment of staking rewards – for the platform and for Turkish-resident users – been confirmed by a current tax opinion?
  • If the staking service uses a smart contract for reward distribution, has a code audit been conducted and has the liability allocation between the platform and the user been documented in the terms of service?
  • If the platform issues a liquid staking token, has that token been analyzed as a potential capital-markets instrument requiring a separate SPK authorization or whitepaper?
  • Has the banking relationship been initiated in parallel with the licence application, not sequentially?

A "no" answer to any item on this list does not mean the project cannot proceed. It means the item needs a defined resolution path before the Turkish launch.

Related at OBOLUS

FAQ

Can a DeFi protocol be regulated?

Yes. Regulators including Turkey's SPK and global bodies such as FATF apply a substance test: if a DeFi protocol, in practice, takes custody of assets, distributes returns, or intermediates transactions on behalf of users, it falls within the VASP perimeter regardless of its technical architecture. The degree of decentralization affects the analysis but does not automatically exempt the protocol from licensing or AML registration requirements. Founders, deployers, and significant governance-token holders can each attract personal regulatory exposure.

What legal wrapper suits a DAO?

No single wrapper is universal. A DAO that operates a commercial staking service needs a legal entity that can hold assets, enter contracts, and bear liability – a Turkish joint-stock company, a Cayman Islands foundation, or a Marshall Islands LLC are among the structures used in practice, each with different governance, tax, and regulatory implications. The choice depends on where the DAO's economic activity is centered, where its users are located, and which regulators are most likely to assert jurisdiction. A structure that works for a US-focused DAO may create SPK exposure for a Turkish one.

Who is liable when a smart contract fails?

Under Turkish civil and commercial law, liability follows the service relationship: the entity that deployed the contract, promoted the service, and collected fees from users is the most likely defendant. A smart contract failure is analyzed as a breach of the underlying service agreement, not a purely technical event. Decentralized governance does not extinguish liability if a natural or legal person can be identified as the effective operator. Code audits, documented risk disclosures in the terms of service, and a clear liability allocation between platform and user are the primary mitigation tools.

OBOLUS is an independent digital-asset law boutique acting only for businesses. We advise exchanges, custodians, token issuers and funds on licensing across 70+ jurisdictions, on disputes and on-chain asset recovery across 25+ forums, and on the tax, banking and compliance that sit around them. Digital assets are the whole of our practice. We assess token classification against the substance of rights, not the marketing label, and we structure licensing, banking and tax as one mandate rather than three disconnected workstreams. To discuss your situation, contact info@oboluslaw.com.

By Roman Levitt, Technology & DeFi Counsel – specializing in smart-contract liability, DeFi protocol regulation, and token classification across the major licensing jurisdictions including Turkey.

This publication is general information about the law and does not constitute legal advice. It is not a substitute for advice tailored to your circumstances. OBOLUS accepts no liability for action taken or not taken on the basis of this material. For advice on your situation, contact info@oboluslaw.com.

Tell us the task — we'll map your options in 30 minutes.

Fixed-fee packages with defined scope and SLAs. The first call is free and under NDA. Business clients only.

Map your optionsinfo@oboluslaw.com · t.me/oboluslaw · reply < 2 hours