Operating a business in Turkey requires navigating a well-developed but layered legal framework that governs everything from corporate governance and financial reporting to data protection and anti-money laundering obligations. For foreign investors, understanding these laws is not merely a matter of legal diligence but a practical necessity. Non-compliance can result in substantial financial penalties, criminal liability for company directors, and in extreme cases, forced dissolution of the company.
Turkey has modernized its commercial legislation significantly over the past two decades, aligning many provisions with European Union standards. The Turkish Commercial Code was completely overhauled in 2012 to bring corporate governance, accounting, and transparency rules closer to international norms. Subsequent legislation on data protection, anti-money laundering, and competition law has further expanded the compliance obligations that every company operating in Turkey must meet.
This guide provides a detailed overview of the key business laws and compliance requirements that affect foreign-owned companies in Turkey as of 2026. It covers the Turkish Commercial Code, annual filing and reporting obligations, statutory audit requirements, bookkeeping rules, data protection under KVKK, anti-money laundering regulations, and the penalties associated with non-compliance.
The Turkish Commercial Code (TTK)
The Turkish Commercial Code (Turk Ticaret Kanunu, Law No. 6102) is the foundational legislation governing all commercial entities in Turkey. Enacted in 2012, it replaced the previous commercial code from 1956 and introduced sweeping changes to corporate governance, shareholder rights, financial reporting, and transparency standards.
The Turkish Commercial Code applies to all commercial entities operating in Turkey, including foreign-owned Limited Liability Companies and Joint Stock Companies. Ignorance of its provisions is not a defense against penalties, and foreign directors bear the same legal responsibilities as Turkish nationals.
Key Provisions Affecting Foreign Investors
The TTK establishes the legal framework for company formation, governance, and operation. For foreign investors who have already completed company registration in Turkey, the ongoing obligations under the TTK are where compliance becomes a daily operational concern.
Corporate Governance Rules: The TTK requires that companies maintain proper governance structures. For LLCs, this means having at least one manager (mudur) who may also be a shareholder. For Joint Stock Companies, a board of directors with at least one member is mandatory. Directors owe fiduciary duties of care and loyalty to the company and can be held personally liable for breaches.
Shareholder Rights: The code provides extensive protections for minority shareholders, including the right to request information, challenge general assembly resolutions, and petition courts for special audits. These provisions cannot be overridden by articles of association.
Capital Maintenance: Companies must monitor their financial position and take action if net assets fall below certain thresholds relative to share capital. If a company loses half its share capital, the board must convene a general assembly. If two-thirds is lost, the assembly must decide whether to recapitalize or dissolve the company.
Transparency and Disclosure: The TTK requires companies to maintain a website disclosing certain corporate information, including financial statements, general assembly resolutions, and announcements. While enforcement of the website requirement has varied, the legal obligation exists.
Annual Filing and Reporting Requirements
Every company registered in Turkey must comply with a set of annual filing and reporting obligations. Failure to meet these deadlines results in administrative fines and can trigger tax audits.
Financial Statement Preparation
Companies must prepare annual financial statements in accordance with Turkish Accounting Standards (TMS), which are largely aligned with International Financial Reporting Standards (IFRS). For smaller companies not subject to mandatory audit, the Turkish Uniform Chart of Accounts and simplified reporting standards apply.
Financial statements must include a balance sheet, income statement, statement of changes in equity, cash flow statement, and notes to the financial statements. These must be prepared within three months of the fiscal year end.
Annual General Assembly Meeting
Both LLCs and Joint Stock Companies must hold an annual general assembly (ordinary general meeting) within three months of the fiscal year end. For companies following the standard January-to-December fiscal year, this means the meeting must occur by March 31.
The general assembly must approve the annual financial statements, decide on profit distribution, discharge directors from liability for the preceding year, and elect directors if their terms have expired. Minutes of the general assembly must be notarized and filed with the Trade Registry within 15 days.
| Filing Obligation | Deadline | Filed With | Penalty for Late Filing |
|---|---|---|---|
| Annual financial statements | Within 3 months of fiscal year end | Tax office and Trade Registry | 3,500 - 80,000 TRY |
| General assembly minutes | Within 15 days of meeting | Trade Registry | 5,000 - 20,000 TRY |
| Corporate tax return | April 30 (for calendar year companies) | Tax office (e-filing) | Tax penalties + interest |
| Monthly VAT returns | 24th of the following month | Tax office (e-filing) | Tax penalties + interest |
| Withholding tax return | 23rd of the following month | Tax office (e-filing) | Tax penalties + interest |
| Trade Registry Gazette announcements | Various deadlines per event | Trade Registry Gazette | 5,000 - 15,000 TRY |
| VERBIS data controller registration | Within 30 days of qualifying | KVKK Authority | 50,000 - 1,000,000 TRY |
Tax Filing Calendar
Turkey's tax system requires frequent filings throughout the year. The corporate tax return is due by April 30 for companies using a calendar fiscal year. Advance corporate tax payments are made quarterly. Monthly obligations include VAT returns (due by the 24th), withholding tax returns (due by the 23rd), and stamp duty returns where applicable.
For a comprehensive overview of corporate tax rates and obligations, see our guide to Turkey's corporate tax framework.
Statutory Audit Requirements
Turkey employs a tiered audit system based on company size and sector. Not every company is required to undergo a statutory audit, but the thresholds are set by the Council of Ministers and updated periodically.
Size-Based Audit Thresholds
Companies that exceed at least two of the following three criteria for two consecutive years are subject to mandatory independent audit:
| Criterion | Threshold (2026) |
|---|---|
| Total assets | 75,000,000 TRY |
| Annual net revenue | 150,000,000 TRY |
| Average number of employees | 150 |
Companies below these thresholds are not required to undergo a statutory audit but must still prepare financial statements and maintain proper books. Companies in regulated sectors (banking, insurance, capital markets) are always subject to mandatory audit regardless of size.
Foreign investors should be aware that audit thresholds are reviewed annually by the Council of Ministers and can be lowered. Companies approaching the thresholds should plan for potential audit obligations in advance, as the cost and administrative burden of a first-time audit can be significant.
The Public Oversight Authority (KGK)
The Public Oversight, Accounting and Auditing Standards Authority (KGK, Kamu Gozetimi, Muhasebe ve Denetim Standartlari Kurumu) is the regulatory body responsible for audit standards, auditor licensing, and oversight. Only auditors and audit firms registered with the KGK can conduct statutory audits. The KGK also sets Turkish Accounting Standards and Turkish Auditing Standards.
Audit Costs
Statutory audit costs vary based on company size, complexity, and the audit firm engaged. For mid-sized companies, annual audit fees typically range from 50,000 to 200,000 TRY. Companies using one of the Big Four audit firms should expect higher fees, often starting at 150,000 TRY for straightforward engagements.
Bookkeeping and Record-Keeping Rules
Turkey imposes detailed bookkeeping requirements on all commercial entities. These requirements are not optional, and violations carry substantial penalties.
Mandatory Books
Under the TTK and the Tax Procedure Law (Vergi Usul Kanunu, Law No. 213), companies must maintain the following books:
- Journal (Yevmiye Defteri): Records all transactions chronologically
- General Ledger (Defteri Kebir): Records transactions by account
- Inventory Book (Envanter Defteri): Annual inventory of all assets and liabilities
- Share Ledger (Pay Defteri): Records shareholder information and share transfers (for LLCs and Joint Stock Companies)
- General Assembly Minutes Book: Records of all general assembly decisions
- Board of Directors Minutes Book: Records of board decisions (Joint Stock Companies only)
All mandatory books must be certified (notarized) before the beginning of each fiscal year. Opening certifications are done at a notary public, and closing certifications must be completed by June 30 of the following year for the journal, and by March 31 for the inventory book.
Electronic Bookkeeping (e-Defter)
Turkey has progressively expanded mandatory electronic bookkeeping. The e-Defter system requires qualifying companies to maintain their journal and general ledger electronically using approved software. The electronic records are digitally signed and submitted to the Revenue Administration (GIB) monthly. Companies subject to e-Defter requirements must also use the e-Invoice (e-Fatura) system.
The transition to electronic bookkeeping has been one of Turkey's most significant compliance modernizations. Companies that fail to adopt e-Defter when required face penalties starting at 12,000 TRY per book, and their paper-based records may be deemed legally invalid. Your certified accountant should handle this transition, but directors remain personally responsible for compliance.
Retention Period
All commercial books, financial records, correspondence, invoices, and supporting documents must be retained for a minimum of 10 years from the end of the relevant fiscal year. This applies to both physical and electronic records. The retention obligation survives company dissolution.
KVKK: Turkey's Data Protection Law
The Personal Data Protection Law (Kisisel Verilerin Korunmasi Kanunu, KVKK, Law No. 6698) came into force in 2016, establishing Turkey's comprehensive data protection framework. It is modeled on the EU's General Data Protection Regulation (GDPR) and applies to all natural and legal persons who process personal data in Turkey.
Key Obligations Under KVKK
Data Controller Registration (VERBIS): Companies that process personal data must register with the Data Controllers Registry (Veri Sorumluları Sicili, VERBIS). Registration requires disclosing the categories of data processed, the purposes of processing, data retention periods, and any cross-border data transfers.
Consent Requirements: Processing personal data generally requires the explicit consent of the data subject, unless one of the statutory exceptions applies (contractual necessity, legal obligation, vital interests, legitimate interests). Consent must be freely given, specific, informed, and unambiguous.
Data Subject Rights: Individuals have the right to know whether their data is processed, request correction of inaccurate data, request deletion or destruction of data, object to automated decision-making, and claim compensation for damages arising from unlawful processing.
Cross-Border Data Transfers: Transferring personal data outside Turkey requires either the data subject's explicit consent or a finding by the KVKK Board that the recipient country provides adequate protection. In the absence of an adequacy decision, companies can use binding corporate rules or contractual safeguards approved by the Board.
Data Security: Companies must implement appropriate technical and organizational measures to prevent unlawful processing, unauthorized access, and data loss. Data breaches must be reported to the KVKK Board within 72 hours of discovery.
KVKK Penalties
| Violation | Penalty Range (TRY) |
|---|---|
| Failure to inform data subjects | 15,000 - 1,000,000 |
| Failure to ensure data security | 40,000 - 3,000,000 |
| Failure to comply with Board decisions | 75,000 - 3,000,000 |
| Failure to register with VERBIS | 50,000 - 1,000,000 |
| Unlawful processing of personal data | Criminal prosecution (1-4.5 years imprisonment) |
For companies that also handle EU residents' data, KVKK compliance does not replace GDPR obligations. The two frameworks are similar but not identical, and companies may need to maintain parallel compliance programs.
Anti-Money Laundering (AML) Regulations
Turkey's anti-money laundering framework is governed by Law No. 5549 on the Prevention of Laundering Proceeds of Crime and Financing of Terrorism, along with its implementing regulations. Turkey is a member of the Financial Action Task Force (FATF) and has been subject to periodic evaluations of its AML regime.
Obligations for Companies
While AML obligations primarily target financial institutions and designated non-financial businesses, all companies in Turkey must be aware of and comply with certain requirements:
Customer Due Diligence: Companies engaged in transactions exceeding prescribed thresholds must verify the identity of counterparties. This is particularly relevant for companies in real estate, precious metals, accounting, and legal services.
Suspicious Transaction Reporting: Companies must report suspicious transactions to the Financial Crimes Investigation Board (MASAK, Mali Sucları Arastirma Kurulu). Failure to report is a criminal offense.
Record Keeping: All transaction records, customer identification documents, and correspondence must be retained for a minimum of 8 years.
Beneficial Ownership: Companies must maintain accurate records of their beneficial owners and make this information available to authorities upon request. Recent amendments have strengthened beneficial ownership transparency requirements in line with FATF recommendations.
MASAK and Enforcement
MASAK is Turkey's financial intelligence unit and the primary enforcement body for AML regulations. It has the authority to conduct inspections, freeze assets, and refer cases for criminal prosecution. MASAK coordinates with Turkish banks, the Revenue Administration, and international counterparts.
Companies that fail to comply with AML obligations face administrative fines, criminal prosecution, and potential sanctions. For foreign-owned businesses, AML non-compliance can also trigger complications with banking relationships, as Turkish banks conduct their own due diligence on corporate clients.
Competition Law
The Competition Board (Rekabet Kurumu) enforces Turkey's competition law (Law No. 4054), which prohibits anti-competitive agreements, abuse of dominant position, and mergers and acquisitions that significantly lessen competition. Companies entering the Turkish market should be aware of several key provisions.
Merger Control: Transactions exceeding certain turnover thresholds require prior approval from the Competition Board. As of 2026, transactions where the Turkish turnover of the target exceeds 750,000,000 TRY, or the combined Turkish turnover of the parties exceeds 3,000,000,000 TRY, require notification. Failing to notify a qualifying transaction is a serious violation.
Anti-Competitive Agreements: Agreements between competitors that fix prices, allocate markets, or restrict output are strictly prohibited. Vertical agreements (between suppliers and distributors) may benefit from block exemptions but must be analyzed on a case-by-case basis.
Penalties: The Competition Board can impose fines of up to 10% of annual gross revenue for anti-competitive conduct. Individual fines for managers and employees involved in cartel behavior can reach 5% of the fine imposed on the company.
Consumer Protection
The Consumer Protection Law (Law No. 6502) applies to all businesses selling goods or services to consumers in Turkey. Key requirements include clear pricing, warranty obligations (minimum 2 years for goods), a 14-day right of withdrawal for distance sales, and restrictions on unfair contract terms. Companies operating e-commerce businesses must also comply with the E-Commerce Law (Law No. 6563), which imposes additional disclosure and consent requirements.
Penalties and Enforcement Overview
Turkey's enforcement of business law compliance has become increasingly aggressive in recent years, driven by digitalization of government records, cross-referencing between agencies, and automated audit selection algorithms. Foreign-owned companies do not receive more lenient treatment; if anything, they may attract additional scrutiny during their first years of operation.
The penalty framework across Turkish business law is designed to be proportional but substantial enough to deter non-compliance. Directors can face personal liability for company violations, including criminal liability for certain offenses under the TTK, KVKK, AML laws, and tax laws. This personal liability extends to foreign directors regardless of their country of residence.
Companies should maintain an annual compliance calendar, engage qualified legal counsel familiar with foreign-owned businesses, and ensure that their certified accountant is current with all regulatory changes. For newly established companies, the first 12 months are critical, as many compliance obligations have specific deadlines that begin running from the date of incorporation.
Practical Compliance Recommendations
Engage a certified public accountant (SMMM) from day one. Your accountant handles tax filings, social security reporting, e-Defter and e-Fatura compliance, and annual financial statements. Choose a firm with experience serving foreign-owned companies. For information on the full cost of doing business in Turkey, see our guide to startup costs.
Appoint a KVKK-responsible officer. Even if your company is small, designate someone responsible for data protection compliance, VERBIS registration, and responding to data subject requests.
Conduct an annual compliance review. At least once per year, review your company's compliance with all applicable laws, including TTK governance requirements, tax filings, KVKK obligations, and AML record-keeping. Document this review.
Understand your corporate structure's specific obligations. The compliance requirements for an LLC differ from those of a Joint Stock Company. If you are unsure which structure best fits your business, review our comparison of LLC vs Joint Stock Company structures.
Plan for regulatory changes. Turkish business law evolves frequently, with annual updates to tax rates, audit thresholds, minimum wage levels, and data protection guidance. Subscribe to updates from the Revenue Administration, KVKK Board, and KGK to stay informed.
Consider tax incentives and special zones. Turkey offers various tax incentives for foreign investors, particularly in technology development zones, free zones, and organized industrial zones. These incentives can significantly reduce your tax burden but come with their own compliance requirements. See our guides to tax incentives for foreign investors and Turkey's free zones.
Conclusion
Turkey's business law framework is comprehensive, increasingly well-enforced, and largely aligned with international standards. For foreign investors, compliance is not an afterthought but a core operational requirement from the moment of incorporation. The key legislation affecting daily operations includes the Turkish Commercial Code, tax laws, KVKK data protection rules, and AML regulations. Annual obligations include financial statement preparation, general assembly meetings, tax filings, and data protection compliance.
The cost of non-compliance in Turkey is significant, ranging from administrative fines in the tens of thousands of TRY to criminal liability for directors. However, with proper professional support from a certified accountant and legal counsel, meeting these obligations is straightforward. Foreign investors who build compliance into their operational framework from the start will find Turkey to be a well-regulated, predictable, and rewarding market in which to do business.
Frequently Asked Questions
What are the main business laws governing companies in Turkey?
The primary legislation is the Turkish Commercial Code (TTK, Law No. 6102), which governs company formation, governance, financial reporting, and dissolution. Additional key laws include the Turkish Code of Obligations (Law No. 6098), the Capital Markets Law (Law No. 6362), the KVKK data protection law (Law No. 6698), the Anti-Money Laundering Law (Law No. 5549), and various tax laws administered by the Revenue Administration. Together, these statutes create the legal framework for all commercial activities in Turkey.
What is KVKK and does it apply to foreign-owned companies in Turkey?
KVKK (Kisisel Verilerin Korunmasi Kanunu) is Turkey's Personal Data Protection Law, enacted in 2016 and modeled on the EU's GDPR. It applies to all companies operating in Turkey regardless of ownership structure, including foreign-owned entities. Companies must register with the Data Controllers Registry (VERBIS), appoint a data controller, obtain explicit consent for data processing, and implement technical and organizational security measures. Non-compliance can result in administrative fines ranging from 50,000 TRY to 5,000,000 TRY.
Are foreign-owned companies in Turkey subject to statutory audits?
Not all companies require a statutory audit. Turkey applies size-based thresholds to determine audit obligations. Companies exceeding specific criteria in total assets, net revenue, and employee count must undergo an independent audit by a licensed auditor registered with the Public Oversight Authority (KGK). Most small and medium-sized foreign-owned LLCs fall below these thresholds but must still maintain proper books and file annual financial statements. Joint Stock Companies in regulated sectors such as banking and insurance are always subject to mandatory audits.