Critical turning point in crypto regulations in Turkey: Last day March 31

Source: BTCHaber Original Title: Critical Turn in Turkey’s Crypto Regulations: Deadline March 31 Original Link: The critical phase has begun for crypto asset service providers operating in Turkey to continue their activities without interruption. The deadline for platforms to sign a custody agreement with a custodian institution and to comply with the information system and technological infrastructure criteria published by TÜBİTAK is March 31, 2026.

Critical Compliance Period

The operational procedures and principles for crypto asset service providers, determined by secondary regulations published by the Capital Markets Board (SPK) in March 2025, have entered a critical compliance period in the process of adapting to the legal regulations known publicly as the “crypto law,” which include (KVHS).

The Capital Markets Board (CMB) has announced that the requirement for crypto asset platforms to sign a custody agreement with a custodian institution will be valid for license applications, and the countdown has begun for the March 31, 2026 deadline set for compliance with TÜBİTAK KVHS Information Systems and Technological Infrastructure Criteria.

Custody Institution Agreement

In the Communiqué No. III-35/B.1 on the Principles of Establishment and Operation of Crypto Asset Service Providers, published by the CMB on March 13, it was stated that organizations completing their license applications by June 30 must sign a custody agreement with at least one custodian institution by the end of December 2025 and must implement the necessary technical processes and integrations within the framework of the reconciliation system. This decision was extended to March 31, 2026, with a principle decision published on December 4.

Crypto asset trading platforms are expected to sign custody agreements with custody institutions and submit these agreements to the Capital Markets Board by March 31, 2026.

TÜBİTAK Infrastructure Criteria

The deadline for compliance with TÜBİTAK’s KVHS Information Systems and Technological Infrastructure Criteria was set for March 31, 2026. The criteria stipulate that “for backup and redundancy, primary and secondary (yedek) systems, including secure hardware, software, servers, and similar components used, will be located within Turkey’s borders.”

Abdulkadir Kahraman, General Manager of Paribu Crypto Asset Custody Company Inc., stated that Turkey’s crypto regulation has a very clear approach, equating crypto asset custody with control over private keys. He emphasized that the regulations prohibit the transfer of wallet keys and the software and servers managing these keys outside Turkey. He also highlighted that the custody technology provider must comply with TÜBİTAK criteria and that regulators want to be able to access the entities holding custody if necessary to protect user assets, and to find a legal interlocutor in this process.

“Providing crypto asset custody technology as a service will no longer be sufficient starting March 31. The current operational models of crypto platforms operating in Turkey will be considered non-compliant with TÜBİTAK regulations from March 31,” he said.

Technology Infrastructure Details

The TÜBİTAK Infrastructure Criteria, which aim to strengthen wallet security in crypto asset custody services, are designed to guarantee Turkey’s digital sovereignty in the crypto space. The criteria published in May require that cold wallets be kept completely offline, hot wallet private keys be stored in secure hardware or environments, and key management be performed solely by the relevant KVHS.

Multi-approval systems and threshold cryptography are mandated for transfer operations, along with multi-factor authentication for authorized users, and all transactions must be recorded in an auditable manner. The criteria also specify that information security policies should be established under senior management responsibility, and operational details such as address definitions, key ownership, and transfer limits should be regulated with clear policies.